@attested-intelligence/aga-mcp-server 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/DEPLOYMENT.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # AGA MCP Server — Deployment & Hardening Guide
2
2
 
3
- Practical guidance for running `@attested-intelligence/aga-mcp-server` (3.0.1) in a defensible configuration. Scope is the **MCP server boundary** — see `THREAT_BOUNDARY.md` for the full claim/limitation surface this guide operationalizes.
3
+ Practical guidance for running `@attested-intelligence/aga-mcp-server` (3.x, the current release) in a defensible configuration. Scope is the **MCP server boundary** — see `THREAT_BOUNDARY.md` for the full claim/limitation surface this guide operationalizes.
4
4
 
5
5
  The hardened posture in one line: **stdio upstream + a persisted, well-protected gateway key + network isolation + verifiers that pin the gateway key.**
6
6
 
package/README.md CHANGED
@@ -5,7 +5,6 @@ Cryptographic runtime governance for AI agents and autonomous systems.
5
5
  [![npm](https://img.shields.io/npm/v/@attested-intelligence/aga-mcp-server)](https://www.npmjs.com/package/@attested-intelligence/aga-mcp-server)
6
6
  [![PyPI](https://img.shields.io/pypi/v/aga-governance)](https://pypi.org/project/aga-governance/)
7
7
  [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
8
- [![release](https://img.shields.io/badge/release-3.2.0-brightgreen)](https://www.npmjs.com/package/@attested-intelligence/aga-mcp-server)
9
8
  [![npm provenance](https://img.shields.io/badge/npm-SLSA%20provenance-brightgreen)](https://www.npmjs.com/package/@attested-intelligence/aga-mcp-server)
10
9
 
11
10
  > **Status: 3.2.0 (published to npm with SLSA build provenance).** The server tools and the `aga-proxy` emit the **canonical SEP evidence bundle**, verifiable offline by the published `@attested-intelligence/aga-verify` and the reference verifier `aga-receipt-spec/verify/verify-sep.mjs`. **As of 3.2.0 the verifier is algorithm-agile and ships a post-quantum profile:** v1 `Ed25519-SHA256-JCS` (the default the gateway emits) and v2 `ML-DSA-65+Ed25519-SHA256-JCS` (a NIST FIPS-204 ML-DSA-65 + RFC-8032 Ed25519 **composite**, both must verify), selected per-bundle by the `algorithm` field with a `VERIFIED / FAILED / UNSUPPORTED_PROFILE` trichotomy. Pre-3.0 releases (a legacy continuity-chain bundle that does *not* verify under the SEP verifier) are deprecated; use `^3.0.0`. Claim scope and residual attack surface are documented honestly in `THREAT_BOUNDARY.md`.
@@ -106,7 +105,7 @@ node aga-receipt-spec/verify/verify-sep.mjs evidence-bundle.json --pubkey <gatew
106
105
 
107
106
  The published `@attested-intelligence/aga-verify` CLI mirrors this reference (**2.0.0**, published on npm; the older forgeable 1.0.0 is deprecated). Without `--pubkey` you get an **integrity-only** result (`issuerVerified=false`); pin the key to also prove *who* issued it — see `THREAT_BOUNDARY.md` §3.7. A hosted browser verifier is linked under [Links](#links).
108
107
 
109
- The reference §6 algorithm is implemented in **three languages** — JavaScript (`aga-receipt-spec/verify/verify-sep.mjs`), Go (`verify.go`, stdlib `crypto/ed25519`), and Python (`verify.py`, pure-stdlib RFC-8032 Ed25519) — and a cross-stack harness (`npm run conformance:cross-stack`) proves all three, plus the in-server engine and `aga-verify`, render **identical verdicts** on the canonical vectors (valid, adversarial, and every small-order forgery). The **v2 composite** profile (`ML-DSA-65+Ed25519-SHA256-JCS`) is held to the same bar by a second harness (`npm run conformance:cross-stack-v2`): a `@noble`/JavaScript engine and a CIRCL/Go oracle — two genuinely independent toolchains — render identical verdicts on the pinned v2 corpus, and a v1-only verifier returns `UNSUPPORTED_PROFILE` (exit 3) on a v2 bundle rather than a misleading FAILED.
108
+ The reference §6 algorithm is implemented in **three languages** — JavaScript (`aga-receipt-spec/verify/verify-sep.mjs`), Go (`verify.go`, stdlib `crypto/ed25519`), and Python (`verify.py`, pure-stdlib RFC-8032 Ed25519) — and a cross-stack harness (`npm run conformance:cross-stack`) proves all three, plus the in-server engine and `aga-verify`, render **identical verdicts** on the canonical vectors (valid, adversarial, and every small-order forgery). The **v2 composite** profile (`ML-DSA-65+Ed25519-SHA256-JCS`) is held to the same bar by a second harness (`npm run conformance:cross-stack-v2`): a `@noble`/JavaScript engine and a CIRCL/Go oracle — two genuinely independent toolchains — render identical verdicts on the pinned v2 corpus, and the **reference** v1 verifier (`verify-sep.mjs`/`verify.py`/`verify.go`) returns `UNSUPPORTED_PROFILE` (exit 3) on a v2 bundle — signalling "profile not implemented" rather than a misleading "invalid". *(The published `aga-verify` CLI does not implement this profile trichotomy: on a v2 bundle it returns FAILED (exit 1). Use exit 3 as the unsupported-profile signal only with the reference verifiers.)*
110
109
 
111
110
  ## How It Works
112
111
 
@@ -205,14 +204,14 @@ with AgentSession(gateway_id="my-gateway") as session:
205
204
 
206
205
  Automated tests across TypeScript and Python, plus a conformance corpus:
207
206
 
208
- - **TypeScript MCP server:** 297 tests (vitest), including provable-denial and behavioral-monitor regressions
207
+ - **TypeScript MCP server:** 370 tests (vitest), including provable-denial and behavioral-monitor regressions
209
208
  - **SEP conformance corpus:** `npm run test:conformance` (valid → VERIFIED, negatives → FAILED)
210
- - **Python companion SDK:** the separately-published `aga-governance` PyPI package (pytest)
209
+ - **Python companion SDK:** the separately-published `aga-governance` PyPI package (install + smoke-checked here; its full pytest suite runs from the source tree)
211
210
 
212
211
  ```bash
213
212
  npm test # TypeScript tests (vitest)
214
213
  npm run test:conformance # SEP conformance corpus
215
- pip install aga-governance && python -m pytest --pyargs aga # Python companion tests
214
+ pip install aga-governance && python -c "import aga; print(aga.__version__)" # Python SDK smoke check
216
215
  ```
217
216
 
218
217
  ## Benchmarks
@@ -230,7 +229,7 @@ src/
230
229
  middleware/ # Governance PEP wrapper (records a signed PERMITTED/DENIED receipt per governed call)
231
230
  independent-verifier/ # @attested-intelligence/aga-verify — standalone SEP verifier, zero AGA imports
232
231
  scenarios/ # Demo scenarios (SCADA, autonomous vehicle, AI agent) — emit SEP bundles
233
- tests/ # TypeScript test suite (297 tests)
232
+ tests/ # TypeScript test suite (370 tests)
234
233
  ```
235
234
 
236
235
  ## Links
@@ -1,6 +1,6 @@
1
1
  # AGA MCP Server — Threat Boundary & Bypass Surface (honest audit)
2
2
 
3
- **Scope:** `@attested-intelligence/aga-mcp-server` 3.0.1 (npm `latest`). Written for Sprint 3 CP3.
3
+ **Scope:** `@attested-intelligence/aga-mcp-server` 3.x (the current release; see the version badge / `package.json`). Originally written for Sprint 3 CP3.
4
4
  **Stance:** defensibility through honesty. This documents what the package **does** guarantee, what it **does not**, and the **residual attack surface** that remains by design or is deferred. Per the project discipline: better a precisely-stated boundary than an overclaim.
5
5
 
6
6
  ---
@@ -50,7 +50,7 @@ Claim scope is **integrity-of-present-receipts, NOT non-omission**: a PASS prove
50
50
  5. **Storage durability (Sprint 5).** Default storage is in-memory → the live chain is lost on **process restart**. The cryptographic record survives via the **exported signed bundle**; durable cross-restart retention needs the SQLite/persistent backend (Sprint 5). The raw quarantine forensic buffer is in-memory by design (only the `arguments_hash` commitment is signed — privacy-preserving and sufficient to *prove* a capture).
51
51
  6. **Out of scope entirely (not what AGA does).** AGA does not prevent: model jailbreaks, model-weight theft, credential compromise, or infrastructure compromise. It provides *accountability and provenance* for governed decisions, not prevention of those classes. If an attacker holds the gateway signing key, they can author receipts — protect the key (Sprint 4).
52
52
  7. **Verifier-UX / unpinned consumers (NEW — CP3 A5).** A consumer that verifies a bundle **without pinning** the gateway key gets an integrity-only `VERIFIED` with `issuerVerified=false` — *even on a forged, attacker-signed, denial-free bundle*. This is correct (integrity-of-present-receipts ≠ provenance, and the result object/CLI say so explicitly), but a UI that shows a bare "VERIFIED" without prominently propagating `issuerVerified=false` could mislead a non-expert. → Downstream consumers (esp. the website demo) MUST pin the gateway key and never present an unpinned PASS as proof of *who* issued the bundle. **Mitigated in 3.0:** the verify result now carries a prominent `summary` — `VERIFIED (provenance verified …)` vs `VERIFIED (integrity only — NOT provenance …)` — surfaced by `verify_bundle_offline` and the reference/`aga-verify` CLIs; key-pinning ergonomics are in `DEPLOYMENT.md` §2. Consumers must still pin.
53
- 8. **Cross-stack verifier conformance (CLOSED — 2026-06-07).** Earlier in the 3.0 hardening only `src/sep/verify.ts` carried the full strict floor; the reference `verify-sep.mjs`, the published `aga-verify`, Go, and Python lagged. **That asymmetry is now closed.** All six verifiers — engine (`src/sep`), reference (`verify-sep.mjs`), `aga-verify`, Go (`verify.go`), and Python (audited library + pure-stdlib) — apply the identical strict floor and return **byte-identical verdicts**. The shared floor: strict field allowlist; `envelope_consistency` (binds the unsigned `gateway_id`/`merkle_root`/`generated_at` to the signed/recomputed values); checkpoint-algorithm binding; lexicographic-string canonicalization with RFC-8785 integral-number normalization; complete small-order/non-canonical-key rejection; **one library-free canonical-timestamp rule** (exact `.sssZ` UTC form via an ASCII regex + integer-arithmetic calendar + lexicographic ordering — no native date parser); merkle-direction-token strictness (`left`/`right` only, length-matched); unpaired-UTF-16-surrogate rejection; depth-bounded never-throw; and whole-document parse (trailing content rejected). Verified by `npm run conformance:cross-stack` — six verifiers agree on every case in the committed corpus (56 cases incl. raw-byte/file-parse, incl. an uppercase-Merkle-sibling cross-stack case), confirmed across multiple rounds of independent blind differential re-audit. See `fixtures/cross-stack/README.md`. **Residual (by design, not a divergence):** the bundle envelope still carries four *unsigned* metadata fields with no signed counterpart — `bundle_id`, `schema_version`, `policy_reference`, `offline_capable`. They are informational and are **not** security-identity fields (the identity fields `gateway_id`/`merkle_root`/`generated_at` ARE bound); a relying party must still trust only signed/verified values and pin the gateway key (§3.7). Of the four, **`policy_reference` is the only identity-grade one** — but the governing policy IS captured and cryptographically verified inside **every signed receipt's own `policy_reference` field** (one of the 15 signed fields), so the unsigned *envelope* `policy_reference` is only a convenience mirror, not the source of truth. Binding the envelope copy is a recommended near-term (3.1) format revision; a coordinated verifier-output flag that marks these four envelope fields as unsigned/not-verified is a recommended enhancement, deliberately deferred here to avoid adding an untested cross-language output surface immediately after the cross-stack-consistency campaign (the verdict surface already attests only the steps it runs, and never claims these fields). One further residual is **unreachable by construction:** SEP signed fields are strings plus the single integer `leaf_count` (the emit guard `assertSignedReceiptFieldsAreStrings` forbids any other number in a signed field), so a verifier's canonicalization of a *non-integer / exponential* number placed in a signed field — which no conformant gateway can emit — is intentionally left unspecified and MAY differ across language stdlibs; it cannot affect any bundle a conformant gateway produces. Reachable string content is fully cross-stack-consistent (an exhaustive 0..0x10FFFF code-point sweep confirms the only ever-divergent characters, `U+2028`/`U+2029`, are normalized identically by every verifier).
53
+ 8. **Cross-stack verifier conformance (CLOSED — 2026-06-07).** Earlier in the 3.0 hardening only `src/sep/verify.ts` carried the full strict floor; the reference `verify-sep.mjs`, the published `aga-verify`, Go, and Python lagged. **That asymmetry is now closed.** All six verifiers — engine (`src/sep`), reference (`verify-sep.mjs`), `aga-verify`, Go (`verify.go`), and Python (audited library + pure-stdlib) — apply the identical strict floor and return **byte-identical verdicts**. The shared floor: strict field allowlist; `envelope_consistency` (binds the unsigned `gateway_id`/`merkle_root`/`generated_at` to the signed/recomputed values); checkpoint-algorithm binding; lexicographic-string canonicalization with RFC-8785 integral-number normalization; complete small-order/non-canonical-key rejection; **one library-free canonical-timestamp rule** (exact `.sssZ` UTC form via an ASCII regex + integer-arithmetic calendar + lexicographic ordering — no native date parser); merkle-direction-token strictness (`left`/`right` only, length-matched); unpaired-UTF-16-surrogate rejection; depth-bounded never-throw; and whole-document parse (trailing content rejected). Verified by `npm run conformance:cross-stack` — six verifiers agree on every case in the committed corpus (57 cases incl. raw-byte/file-parse, incl. an uppercase-Merkle-sibling cross-stack case), confirmed across multiple rounds of independent blind differential re-audit. See `fixtures/cross-stack/README.md`. **Residual (by design, not a divergence):** the bundle envelope still carries four *unsigned* metadata fields with no signed counterpart — `bundle_id`, `schema_version`, `policy_reference`, `offline_capable`. They are informational and are **not** security-identity fields (the identity fields `gateway_id`/`merkle_root`/`generated_at` ARE bound); a relying party must still trust only signed/verified values and pin the gateway key (§3.7). Of the four, **`policy_reference` is the only identity-grade one** — but the governing policy IS captured and cryptographically verified inside **every signed receipt's own `policy_reference` field** (one of the 15 signed fields), so the unsigned *envelope* `policy_reference` is only a convenience mirror, not the source of truth. Binding the envelope copy is a recommended near-term (3.1) format revision; a coordinated verifier-output flag that marks these four envelope fields as unsigned/not-verified is a recommended enhancement, deliberately deferred here to avoid adding an untested cross-language output surface immediately after the cross-stack-consistency campaign (the verdict surface already attests only the steps it runs, and never claims these fields). One further residual is **unreachable by construction:** SEP signed fields are strings plus the single integer `leaf_count` (the emit guard `assertSignedReceiptFieldsAreStrings` forbids any other number in a signed field), so a verifier's canonicalization of a *non-integer / exponential* number placed in a signed field — which no conformant gateway can emit — is intentionally left unspecified and MAY differ across language stdlibs; it cannot affect any bundle a conformant gateway produces. Reachable string content is fully cross-stack-consistent (an exhaustive 0..0x10FFFF code-point sweep confirms the only ever-divergent characters, `U+2028`/`U+2029`, are normalized identically by every verifier).
54
54
 
55
55
  ---
56
56
 
@@ -1 +1 @@
1
- {"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../../src/proxy/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AA6B/D,wBAAgB,eAAe,IAAI,IAAI,CAEtC;AAID,wBAAgB,SAAS,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAwB3C;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAOxE;AAyCD,wBAAgB,QAAQ,CACtB,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,gBAAgB,CAqDlB"}
1
+ {"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../../src/proxy/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAgC/D,wBAAgB,eAAe,IAAI,IAAI,CAEtC;AAID,wBAAgB,SAAS,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAwB3C;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAOxE;AAyCD,wBAAgB,QAAQ,CACtB,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,gBAAgB,CAqDlB"}
@@ -5,9 +5,12 @@
5
5
  * Copyright (c) 2026 Attested Intelligence Holdings LLC
6
6
  * SPDX-License-Identifier: MIT
7
7
  */
8
+ import { performance } from 'node:perf_hooks';
8
9
  const rateLimits = new Map();
9
10
  function checkRateLimit(toolName, maxPerMinute) {
10
- const now = Date.now();
11
+ // Monotonic basis: a wall-clock adjustment (NTP step, DST, manual/container clock change) must not perturb
12
+ // the rate-limit window. performance.now() is monotonic and immune to such skew, unlike Date.now().
13
+ const now = performance.now();
11
14
  const cutoff = now - 60_000;
12
15
  let window = rateLimits.get(toolName);
13
16
  if (!window) {
@@ -1 +1 @@
1
- {"version":3,"file":"evaluator.js","sourceRoot":"","sources":["../../src/proxy/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAUH,MAAM,UAAU,GAAG,IAAI,GAAG,EAAsB,CAAC;AAEjD,SAAS,cAAc,CAAC,QAAgB,EAAE,YAAoB;IAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC;IAE5B,IAAI,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC5B,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,wBAAwB;IACxB,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;IAE9D,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,YAAY;QAAE,OAAO,KAAK,CAAC;IAE3D,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,UAAU,CAAC,KAAK,EAAE,CAAC;AACrB,CAAC;AAED,qDAAqD;AAErD,MAAM,UAAU,SAAS,CAAC,CAAS;IACjC,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC1B,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE3B,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,KAAK,GAAG;YAAE,SAAS;QACxC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAClE,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjB,CAAC;iBAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACrB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,MAAM,KAAK,EAAE;QAAE,MAAM,GAAG,GAAG,CAAC;IAChC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAc,EAAE,SAAiB;IAC7D,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;IAE5C,IAAI,cAAc,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IAChD,MAAM,eAAe,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,GAAG,GAAG,CAAC;IACpF,OAAO,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAA0D,EAC1D,IAA8B;IAE9B,IAAI,CAAC,UAAU,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAC5E,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,EAAE,GAAG,CAAC,EAAE,CAAC;gBAChD,OAAO,SAAS,GAAG,6BAA6B,UAAU,CAAC,WAAW,GAAG,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAC1B,UAA0C,EAC1C,IAA8B;IAE9B,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,MAAM;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,KAAK,MAAM,CAAC,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,SAAS;QACtC,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;YACjD,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,0CAA0C,OAAO,GAAG,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+DAA+D;AAE/D,MAAM,UAAU,QAAQ,CACtB,MAAkB,EAClB,QAAgB,EAChB,IAA8B;IAE9B,MAAM,IAAI,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAE/D,iCAAiC;IACjC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACjC,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC9D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;IACpF,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QACtE,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;QAC3E,CAAC;QAED,mBAAmB;QACnB,IAAI,UAAU,CAAC,oBAAoB,EAAE,CAAC;YACpC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC/D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,UAAU,CAAC,oBAAoB,MAAM,EAAE,CAAC;YAC5G,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,oBAAoB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QACzD,CAAC;QACD,MAAM,aAAa,GAAG,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC5D,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;YAC3B,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QAC5D,CAAC;QACD,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IAC3E,CAAC;IAED,gBAAgB;IAChB,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACtC,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IACxE,CAAC;IAED,kEAAkE;IAClE,IAAI,UAAU,EAAE,oBAAoB,EAAE,CAAC;QACrC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC/D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,UAAU,CAAC,oBAAoB,MAAM,EAAE,CAAC;QAC5G,CAAC;IACH,CAAC;IAED,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;AAC/D,CAAC"}
1
+ {"version":3,"file":"evaluator.js","sourceRoot":"","sources":["../../src/proxy/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAQ9C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAsB,CAAC;AAEjD,SAAS,cAAc,CAAC,QAAgB,EAAE,YAAoB;IAC5D,2GAA2G;IAC3G,oGAAoG;IACpG,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC;IAE5B,IAAI,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC5B,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,wBAAwB;IACxB,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;IAE9D,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,YAAY;QAAE,OAAO,KAAK,CAAC;IAE3D,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,UAAU,CAAC,KAAK,EAAE,CAAC;AACrB,CAAC;AAED,qDAAqD;AAErD,MAAM,UAAU,SAAS,CAAC,CAAS;IACjC,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC1B,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE3B,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,KAAK,GAAG;YAAE,SAAS;QACxC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAClE,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjB,CAAC;iBAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACrB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,MAAM,KAAK,EAAE;QAAE,MAAM,GAAG,GAAG,CAAC;IAChC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAc,EAAE,SAAiB;IAC7D,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;IAE5C,IAAI,cAAc,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IAChD,MAAM,eAAe,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,GAAG,GAAG,CAAC;IACpF,OAAO,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAA0D,EAC1D,IAA8B;IAE9B,IAAI,CAAC,UAAU,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAC5E,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,EAAE,GAAG,CAAC,EAAE,CAAC;gBAChD,OAAO,SAAS,GAAG,6BAA6B,UAAU,CAAC,WAAW,GAAG,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAC1B,UAA0C,EAC1C,IAA8B;IAE9B,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,MAAM;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,KAAK,MAAM,CAAC,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,SAAS;QACtC,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;YACjD,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,0CAA0C,OAAO,GAAG,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+DAA+D;AAE/D,MAAM,UAAU,QAAQ,CACtB,MAAkB,EAClB,QAAgB,EAChB,IAA8B;IAE9B,MAAM,IAAI,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAE/D,iCAAiC;IACjC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACjC,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC9D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;IACpF,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QACtE,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;QAC3E,CAAC;QAED,mBAAmB;QACnB,IAAI,UAAU,CAAC,oBAAoB,EAAE,CAAC;YACpC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC/D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,UAAU,CAAC,oBAAoB,MAAM,EAAE,CAAC;YAC5G,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,oBAAoB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;QACzD,CAAC;QACD,MAAM,aAAa,GAAG,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC5D,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;YAC3B,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QAC5D,CAAC;QACD,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IAC3E,CAAC;IAED,gBAAgB;IAChB,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACtC,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IACxE,CAAC;IAED,kEAAkE;IAClE,IAAI,UAAU,EAAE,oBAAoB,EAAE,CAAC;QACrC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC/D,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,UAAU,CAAC,oBAAoB,MAAM,EAAE,CAAC;QAC5G,CAAC;IACH,CAAC;IAED,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;AAC/D,CAAC"}
@@ -20,6 +20,7 @@ import { type SepReceipt, type SepBundle, type MerkleProof } from '../sep/index.
20
20
  export type GovernanceReceipt = SepReceipt;
21
21
  export type EvidenceBundle = SepBundle;
22
22
  export type { MerkleProof };
23
+ export declare const MAX_MESSAGE_BYTES: number;
23
24
  /** Benign MCP protocol methods forwarded WITHOUT a passthrough receipt (no side effects). */
24
25
  export declare const DEFAULT_PASSTHROUGH_EXCLUDE: string[];
25
26
  export interface ProxyServerOptions {
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAe,KAAK,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,OAAO,EAEW,KAAK,UAAU,EAAE,KAAK,SAAS,EAAE,KAAK,WAAW,EAClE,MAAM,iBAAiB,CAAC;AAGzB,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC;AAC3C,MAAM,MAAM,cAAc,GAAG,SAAS,CAAC;AACvC,YAAY,EAAE,WAAW,EAAE,CAAC;AAI5B,6FAA6F;AAC7F,eAAO,MAAM,2BAA2B,UAIvC,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8GAA8G;IAC9G,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,oHAAoH;IACpH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,qBAAa,eAAgB,SAAQ,YAAY;IAC/C,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,MAAM,CAA4B;IAG1C,OAAO,CAAC,MAAM,CAAY;IAE1B,OAAO,CAAC,GAAG,CAAa;IAGxB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,eAAe,CAA4B;IACnD,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,kBAAkB,CAAc;IACxC,OAAO,CAAC,WAAW,CAAc;IAEjC,OAAO,CAAC,UAAU,CAAc;IAGhC,OAAO,CAAC,KAAK,CAAyD;gBAE1D,OAAO,GAAE,kBAAuB;IAetC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAiCtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB3B,OAAO,CAAC,gBAAgB;YAoBV,aAAa;YA+Db,iBAAiB;IAkG/B,mFAAmF;IACnF,OAAO,CAAC,eAAe;YA2BT,WAAW;IAoBzB,OAAO,CAAC,OAAO;IAQT,YAAY,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAQxD,+FAA+F;IAC/F,YAAY,IAAI,SAAS;IAIzB,SAAS;;;;;;;;;;;IAWT,YAAY,IAAI,MAAM;IACtB,WAAW,IAAI,UAAU,EAAE;CAC5B"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAe,KAAK,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,OAAO,EAEW,KAAK,UAAU,EAAE,KAAK,SAAS,EAAE,KAAK,WAAW,EAClE,MAAM,iBAAiB,CAAC;AAGzB,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC;AAC3C,MAAM,MAAM,cAAc,GAAG,SAAS,CAAC;AACvC,YAAY,EAAE,WAAW,EAAE,CAAC;AAK5B,eAAO,MAAM,iBAAiB,QAAkB,CAAC;AAIjD,6FAA6F;AAC7F,eAAO,MAAM,2BAA2B,UAIvC,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8GAA8G;IAC9G,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,oHAAoH;IACpH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,qBAAa,eAAgB,SAAQ,YAAY;IAC/C,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,MAAM,CAA4B;IAG1C,OAAO,CAAC,MAAM,CAAY;IAE1B,OAAO,CAAC,GAAG,CAAa;IAGxB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,eAAe,CAA4B;IACnD,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,kBAAkB,CAAc;IACxC,OAAO,CAAC,WAAW,CAAc;IAEjC,OAAO,CAAC,UAAU,CAAc;IAGhC,OAAO,CAAC,KAAK,CAAyD;gBAE1D,OAAO,GAAE,kBAAuB;IAetC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAiCtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB3B,OAAO,CAAC,gBAAgB;YA4BV,aAAa;YA+Db,iBAAiB;IAkG/B,mFAAmF;IACnF,OAAO,CAAC,eAAe;YA2BT,WAAW;IAoBzB,OAAO,CAAC,OAAO;IAaT,YAAY,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAQxD,+FAA+F;IAC/F,YAAY,IAAI,SAAS;IAIzB,SAAS;;;;;;;;;;;IAWT,YAAY,IAAI,MAAM;IACtB,WAAW,IAAI,UAAU,EAAE;CAC5B"}
@@ -21,7 +21,11 @@ import { PERMISSIVE } from './profiles.js';
21
21
  // ONE canonical evidence engine (src/sep, node:crypto). The proxy no longer carries a
22
22
  // parallel receipt/Merkle/canonical/@noble implementation; it records governed decisions
23
23
  // through a SepGateway and exports the canonical SEP bundle, verified by the one verifier.
24
- import { SepGateway, generateSigner, sha256Hex, canonicalize, safeArgumentsHash, } from '../sep/index.js';
24
+ import { SepGateway, generateSigner, derivePolicyReference, safeArgumentsHash, } from '../sep/index.js';
25
+ // Upper bound on a single newline-delimited JSON-RPC message (and the incomplete-line buffer). A client
26
+ // streaming bytes with no newline must not grow the buffer without limit (memory-exhaustion DoS). Legit
27
+ // messages are far below this; the stdio bridge applies the same bound on the downstream side.
28
+ export const MAX_MESSAGE_BYTES = 8 * 1024 * 1024;
25
29
  // ── Proxy options ───────────────────────────────────────────
26
30
  /** Benign MCP protocol methods forwarded WITHOUT a passthrough receipt (no side effects). */
27
31
  export const DEFAULT_PASSTHROUGH_EXCLUDE = [
@@ -64,7 +68,7 @@ export class GovernanceProxy extends EventEmitter {
64
68
  async start() {
65
69
  if (this.started)
66
70
  throw new Error('Proxy already running');
67
- this.policyHash = sha256Hex(canonicalize(this.policy));
71
+ this.policyHash = derivePolicyReference(this.policy);
68
72
  this.sep.setPolicyReference(this.policyHash);
69
73
  // Start downstream bridge if configured
70
74
  if (this.upstreamOptions) {
@@ -110,6 +114,14 @@ export class GovernanceProxy extends EventEmitter {
110
114
  let buffer = '';
111
115
  socket.on('data', (chunk) => {
112
116
  buffer += chunk.toString();
117
+ // Fail-closed on a flood with no line terminator: bound the incomplete-line buffer so a client cannot
118
+ // exhaust memory by streaming bytes without a newline. Reject and close rather than keep accumulating.
119
+ if (buffer.length > MAX_MESSAGE_BYTES) {
120
+ this.respond(socket, { jsonrpc: '2.0', error: { code: -32600, message: 'Message too large' }, id: null });
121
+ buffer = '';
122
+ socket.destroy();
123
+ return;
124
+ }
113
125
  const lines = buffer.split('\n');
114
126
  buffer = lines.pop() || '';
115
127
  for (const line of lines) {
@@ -302,14 +314,20 @@ export class GovernanceProxy extends EventEmitter {
302
314
  }
303
315
  // ── Response helper ────────────────────────────────────────
304
316
  respond(socket, msg) {
305
- if (!socket.destroyed) {
306
- socket.write(JSON.stringify(msg) + '\n');
317
+ if (socket.destroyed)
318
+ return;
319
+ const ok = socket.write(JSON.stringify(msg) + '\n');
320
+ // Backpressure: a client that does not read its responses must not grow the outbound buffer without
321
+ // bound (slow-reader memory-exhaustion DoS). If the socket's write buffer is backed up past the cap,
322
+ // drop the connection rather than accumulate.
323
+ if (!ok && socket.writableLength > MAX_MESSAGE_BYTES) {
324
+ socket.destroy();
307
325
  }
308
326
  }
309
327
  // ── Public API ─────────────────────────────────────────────
310
328
  async switchPolicy(newPolicy) {
311
329
  this.policy = newPolicy;
312
- this.policyHash = sha256Hex(canonicalize(newPolicy));
330
+ this.policyHash = derivePolicyReference(newPolicy);
313
331
  this.sep.setPolicyReference(this.policyHash);
314
332
  resetRateLimits();
315
333
  this.emit('policy_switched');
@@ -1 +1 @@
1
- {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAA2B,MAAM,mBAAmB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C,sFAAsF;AACtF,yFAAyF;AACzF,2FAA2F;AAC3F,OAAO,EACL,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,iBAAiB,GAEvE,MAAM,iBAAiB,CAAC;AAOzB,+DAA+D;AAE/D,6FAA6F;AAC7F,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,YAAY,EAAE,aAAa,EAAE,MAAM;IACnC,YAAY,EAAE,cAAc,EAAE,gBAAgB,EAAE,0BAA0B;IAC1E,kBAAkB,EAAE,qBAAqB;CAC1C,CAAC;AAcF,MAAM,OAAO,eAAgB,SAAQ,YAAY;IACvC,MAAM,GAAsB,IAAI,CAAC;IACjC,MAAM,GAAuB,IAAI,CAAC;IAE1C,iEAAiE;IACzD,MAAM,CAAY;IAC1B,yFAAyF;IACjF,GAAG,CAAa;IAExB,QAAQ;IACA,MAAM,CAAa;IACnB,IAAI,CAAS;IACb,OAAO,GAAG,KAAK,CAAC;IAChB,eAAe,CAA4B;IAC3C,WAAW,CAAgB;IAC3B,SAAS,CAAS;IAClB,kBAAkB,CAAc;IAChC,WAAW,CAAc;IAEzB,UAAU,GAAW,EAAE,CAAC;IAEhC,QAAQ;IACA,KAAK,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAEtE,YAAY,UAA8B,EAAE;QAC1C,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,KAAK,CAAC;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;QAC3C,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;QAC/C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,WAAW,CAAC;QAClD,IAAI,CAAC,kBAAkB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,IAAI,2BAA2B,CAAC,CAAC;QAC7F,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC,MAAM,CAAC;QACtC,IAAI,CAAC,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,8DAA8D;IAE9D,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAE3D,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE7C,wCAAwC;QACxC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpD,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC1B,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;YAC1D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,IAAI,IAAI,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gMAAgM,CAAC,CAAC;QACzN,CAAC;QAED,mBAAmB;QACnB,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1E,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC,MAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YAChD,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACjD,eAAe,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAE1B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;gBAClC,IAAI,CAAC,MAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IAED,8DAA8D;IAEtD,gBAAgB,CAAC,MAAkB;QACzC,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YAE3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO;oBAAE,SAAS;gBACvB,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBAChD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,GAAG,IAAI,CAAC,CAAC;gBACvE,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAA6B,CAAC,CAAC,CAAC;IAC1D,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,GAAW,EAAE,MAAkB;QACzD,IAAI,MAA+B,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACpG,OAAO;QACT,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YAC7B,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,sCAAsC,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7H,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAI,MAAM,CAAC,EAA6B,IAAI,IAAI,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,CAAC,MAA4B,CAAC;QAEnD,0FAA0F;QAC1F,0FAA0F;QAC1F,kGAAkG;QAClG,gGAAgG;QAChG,sFAAsF;QACtF,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YAC5B,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;YACvB,MAAM,UAAU,GAAG,MAAM,CAAC,MAA6C,CAAC;YACxE,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,QAAQ,EAAE,sCAAsC,CAAC,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;gBACrI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,4BAA4B,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;gBACzL,OAAO;YACT,CAAC;YACD,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACtF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,WAAW,EAAE,oCAAoC,CAAC,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;YACxH,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAChD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACjC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;wBACnB,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,GAAG,EAAE,EAAE;wBAC5D,EAAE,EAAE,SAAS;qBACd,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5B,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,wBAAwB,EAAE;oBAC1D,EAAE,EAAE,SAAS;iBACd,CAAC,CAAC;YACL,CAAC;YACD,OAAO;QACT,CAAC;QAED,oCAAoC;QACpC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1D,CAAC;IAED,8DAA8D;IAEtD,KAAK,CAAC,iBAAiB,CAC7B,MAA+B,EAC/B,MAAkB,EAClB,SAAiC;QAEjC,MAAM,MAAM,GAAG,MAAM,CAAC,MAA6C,CAAC;QACpE,MAAM,QAAQ,GAAG,MAAM,EAAE,IAA0B,CAAC;QACpD,MAAM,QAAQ,GAAG,MAAM,EAAE,SAAgD,CAAC;QAE1E,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAEnB,4BAA4B;QAC5B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,QAAQ,EAAE,0CAA0C,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YAC5H,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,mBAAmB;oBAC5B,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;iBAC7D;gBACD,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,yFAAyF;QACzF,2FAA2F;QAC3F,6DAA6D;QAC7D,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,kFAAkF,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;YAC3L,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,0CAA0C,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE;gBAC1I,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,QAAQ,EACR,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,EACzC,QAAQ,CAAC,MAAM,EACf,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,QAAQ,CACT,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,gBAAgB,QAAQ,CAAC,MAAM,EAAE;oBAC1C,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE;iBACtF;gBACD,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QAEvB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACjC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,GAAG,EAAE,EAAE;oBAC5D,EAAE,EAAE,SAAS;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,iDAAiD;YACjD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE;oBACN,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;iBACvH;gBACD,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gEAAgE;IAEhE,mFAAmF;IAC3E,eAAe,CACrB,QAAgB,EAChB,QAAgC,EAChC,MAAc,EACd,SAAiC,EACjC,QAA6C,EAC7C,SAAiB,YAAY,EAC7B,gBAAyB;QAEzB,sFAAsF;QACtF,4FAA4F;QAC5F,4FAA4F;QAC5F,8FAA8F;QAC9F,MAAM,aAAa,GAAG,gBAAgB,IAAI,iBAAiB,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC;QAC3E,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;YACrB,SAAS,EAAE,QAAQ;YACnB,QAAQ;YACR,MAAM;YACN,UAAU,EAAE,SAAS;YACrB,MAAM;YACN,aAAa;YACb,gBAAgB,EAAE,IAAI,CAAC,UAAU;SAClC,CAAC,CAAC;IACL,CAAC;IAED,8DAA8D;IAEtD,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,MAAkB,EAAE,SAAiC;QAC3F,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,WAAY,EAAE;gBAC1C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI;aACL,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAA+B,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,wBAAwB,GAAG,EAAE,EAAE;gBAC/D,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,8DAA8D;IAEtD,OAAO,CAAC,MAAkB,EAAE,GAA4B;QAC9D,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,8DAA8D;IAE9D,KAAK,CAAC,YAAY,CAAC,SAAqB;QACtC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7C,eAAe,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC/B,CAAC;IAED,+FAA+F;IAC/F,YAAY;QACV,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;IACjC,CAAC;IAED,SAAS;QACP,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK;YAC7B,GAAG,IAAI,CAAC,KAAK;YACb,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACrC,CAAC;IACJ,CAAC;IAED,YAAY,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;IAC3D,WAAW,KAAmB,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC;CACpE"}
1
+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/proxy/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAA2B,MAAM,mBAAmB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C,sFAAsF;AACtF,yFAAyF;AACzF,2FAA2F;AAC3F,OAAO,EACL,UAAU,EAAE,cAAc,EAAE,qBAAqB,EAAE,iBAAiB,GAErE,MAAM,iBAAiB,CAAC;AAOzB,wGAAwG;AACxG,wGAAwG;AACxG,+FAA+F;AAC/F,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAEjD,+DAA+D;AAE/D,6FAA6F;AAC7F,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,YAAY,EAAE,aAAa,EAAE,MAAM;IACnC,YAAY,EAAE,cAAc,EAAE,gBAAgB,EAAE,0BAA0B;IAC1E,kBAAkB,EAAE,qBAAqB;CAC1C,CAAC;AAcF,MAAM,OAAO,eAAgB,SAAQ,YAAY;IACvC,MAAM,GAAsB,IAAI,CAAC;IACjC,MAAM,GAAuB,IAAI,CAAC;IAE1C,iEAAiE;IACzD,MAAM,CAAY;IAC1B,yFAAyF;IACjF,GAAG,CAAa;IAExB,QAAQ;IACA,MAAM,CAAa;IACnB,IAAI,CAAS;IACb,OAAO,GAAG,KAAK,CAAC;IAChB,eAAe,CAA4B;IAC3C,WAAW,CAAgB;IAC3B,SAAS,CAAS;IAClB,kBAAkB,CAAc;IAChC,WAAW,CAAc;IAEzB,UAAU,GAAW,EAAE,CAAC;IAEhC,QAAQ;IACA,KAAK,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAEtE,YAAY,UAA8B,EAAE;QAC1C,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,KAAK,CAAC;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;QAC3C,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;QAC/C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,WAAW,CAAC;QAClD,IAAI,CAAC,kBAAkB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,IAAI,2BAA2B,CAAC,CAAC;QAC7F,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC,MAAM,CAAC;QACtC,IAAI,CAAC,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,8DAA8D;IAE9D,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAE3D,IAAI,CAAC,UAAU,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE7C,wCAAwC;QACxC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpD,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC1B,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;YAC1D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,IAAI,IAAI,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gMAAgM,CAAC,CAAC;QACzN,CAAC;QAED,mBAAmB;QACnB,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1E,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,IAAI,CAAC,MAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YAChD,IAAI,CAAC,MAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACjD,eAAe,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAE1B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;gBAClC,IAAI,CAAC,MAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IAED,8DAA8D;IAEtD,gBAAgB,CAAC,MAAkB;QACzC,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,sGAAsG;YACtG,uGAAuG;YACvG,IAAI,MAAM,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;gBACtC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,mBAAmB,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC1G,MAAM,GAAG,EAAE,CAAC;gBACZ,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO;YACT,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YAE3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO;oBAAE,SAAS;gBACvB,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBAChD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,GAAG,IAAI,CAAC,CAAC;gBACvE,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAA6B,CAAC,CAAC,CAAC;IAC1D,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,GAAW,EAAE,MAAkB;QACzD,IAAI,MAA+B,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACpG,OAAO;QACT,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YAC7B,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,sCAAsC,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7H,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAI,MAAM,CAAC,EAA6B,IAAI,IAAI,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,CAAC,MAA4B,CAAC;QAEnD,0FAA0F;QAC1F,0FAA0F;QAC1F,kGAAkG;QAClG,gGAAgG;QAChG,sFAAsF;QACtF,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YAC5B,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;YACvB,MAAM,UAAU,GAAG,MAAM,CAAC,MAA6C,CAAC;YACxE,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,QAAQ,EAAE,sCAAsC,CAAC,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;gBACrI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,4BAA4B,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;gBACzL,OAAO;YACT,CAAC;YACD,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACtF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,WAAW,EAAE,oCAAoC,CAAC,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;YACxH,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAChD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACjC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;wBACnB,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,GAAG,EAAE,EAAE;wBAC5D,EAAE,EAAE,SAAS;qBACd,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5B,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,wBAAwB,EAAE;oBAC1D,EAAE,EAAE,SAAS;iBACd,CAAC,CAAC;YACL,CAAC;YACD,OAAO;QACT,CAAC;QAED,oCAAoC;QACpC,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1D,CAAC;IAED,8DAA8D;IAEtD,KAAK,CAAC,iBAAiB,CAC7B,MAA+B,EAC/B,MAAkB,EAClB,SAAiC;QAEjC,MAAM,MAAM,GAAG,MAAM,CAAC,MAA6C,CAAC;QACpE,MAAM,QAAQ,GAAG,MAAM,EAAE,IAA0B,CAAC;QACpD,MAAM,QAAQ,GAAG,MAAM,EAAE,SAAgD,CAAC;QAE1E,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAEnB,4BAA4B;QAC5B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,QAAQ,EAAE,0CAA0C,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YAC5H,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,mBAAmB;oBAC5B,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;iBAC7D;gBACD,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,yFAAyF;QACzF,2FAA2F;QAC3F,6DAA6D;QAC7D,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,kFAAkF,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;YAC3L,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,0CAA0C,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE;gBAC1I,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAClC,QAAQ,EACR,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,EACzC,QAAQ,CAAC,MAAM,EACf,SAAS,EACT,QAAQ,EACR,YAAY,EACZ,QAAQ,CACT,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,gBAAgB,QAAQ,CAAC,MAAM,EAAE;oBAC1C,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE;iBACtF;gBACD,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QAEvB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACjC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,qBAAqB,GAAG,EAAE,EAAE;oBAC5D,EAAE,EAAE,SAAS;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,iDAAiD;YACjD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE;oBACN,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;iBACvH;gBACD,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gEAAgE;IAEhE,mFAAmF;IAC3E,eAAe,CACrB,QAAgB,EAChB,QAAgC,EAChC,MAAc,EACd,SAAiC,EACjC,QAA6C,EAC7C,SAAiB,YAAY,EAC7B,gBAAyB;QAEzB,sFAAsF;QACtF,4FAA4F;QAC5F,4FAA4F;QAC5F,8FAA8F;QAC9F,MAAM,aAAa,GAAG,gBAAgB,IAAI,iBAAiB,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC;QAC3E,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;YACrB,SAAS,EAAE,QAAQ;YACnB,QAAQ;YACR,MAAM;YACN,UAAU,EAAE,SAAS;YACrB,MAAM;YACN,aAAa;YACb,gBAAgB,EAAE,IAAI,CAAC,UAAU;SAClC,CAAC,CAAC;IACL,CAAC;IAED,8DAA8D;IAEtD,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,MAAkB,EAAE,SAAiC;QAC3F,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,WAAY,EAAE;gBAC1C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI;aACL,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAA+B,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,wBAAwB,GAAG,EAAE,EAAE;gBAC/D,EAAE,EAAE,SAAS;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,8DAA8D;IAEtD,OAAO,CAAC,MAAkB,EAAE,GAA4B;QAC9D,IAAI,MAAM,CAAC,SAAS;YAAE,OAAO;QAC7B,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QACpD,oGAAoG;QACpG,qGAAqG;QACrG,8CAA8C;QAC9C,IAAI,CAAC,EAAE,IAAI,MAAM,CAAC,cAAc,GAAG,iBAAiB,EAAE,CAAC;YACrD,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,CAAC;IACH,CAAC;IAED,8DAA8D;IAE9D,KAAK,CAAC,YAAY,CAAC,SAAqB;QACtC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,IAAI,CAAC,UAAU,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;QACnD,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7C,eAAe,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC/B,CAAC;IAED,+FAA+F;IAC/F,YAAY;QACV,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;IACjC,CAAC;IAED,SAAS;QACP,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK;YAC7B,GAAG,IAAI,CAAC,KAAK;YACb,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACrC,CAAC;IACJ,CAAC;IAED,YAAY,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;IAC3D,WAAW,KAAmB,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC;CACpE"}
@@ -1 +1 @@
1
- {"version":3,"file":"stdio-bridge.d.ts","sourceRoot":"","sources":["../../src/proxy/stdio-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;GAGG;AACH,qBAAa,WAAY,SAAQ,YAAY;IAS/B,OAAO,CAAC,OAAO;IAR3B,OAAO,CAAC,KAAK,CAA6B;IAC1C,OAAO,CAAC,MAAM,CAAM;IACpB,OAAO,CAAC,eAAe,CAIlB;gBAEe,OAAO,EAAE,kBAAkB;IAIzC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA+B5B,OAAO,CAAC,aAAa;IAkBrB,OAAO,CAAC,aAAa;IAiBrB;;OAEG;IACG,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAwBlG;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAOzC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAmB3B,IAAI,OAAO,IAAI,OAAO,CAErB;IAED,OAAO,CAAC,gBAAgB;CAOzB"}
1
+ {"version":3,"file":"stdio-bridge.d.ts","sourceRoot":"","sources":["../../src/proxy/stdio-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAMD;;;GAGG;AACH,qBAAa,WAAY,SAAQ,YAAY;IAS/B,OAAO,CAAC,OAAO;IAR3B,OAAO,CAAC,KAAK,CAA6B;IAC1C,OAAO,CAAC,MAAM,CAAM;IACpB,OAAO,CAAC,eAAe,CAIlB;gBAEe,OAAO,EAAE,kBAAkB;IAIzC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA+B5B,OAAO,CAAC,aAAa;IAyBrB,OAAO,CAAC,aAAa;IAiBrB;;OAEG;IACG,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAwBlG;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAOzC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAmB3B,IAAI,OAAO,IAAI,OAAO,CAErB;IAED,OAAO,CAAC,gBAAgB;CAOzB"}
@@ -8,6 +8,9 @@
8
8
  */
9
9
  import { spawn } from 'node:child_process';
10
10
  import { EventEmitter } from 'node:events';
11
+ // Mirror of server.ts MAX_MESSAGE_BYTES (kept local to avoid a server<->bridge circular import). Bounds the
12
+ // downstream incomplete-line buffer so a misbehaving child cannot exhaust the proxy's memory.
13
+ const MAX_MESSAGE_BYTES = 8 * 1024 * 1024;
11
14
  /**
12
15
  * Bridges JSON-RPC messages to/from a child process via stdio.
13
16
  * Handles newline-delimited JSON framing.
@@ -47,6 +50,13 @@ export class StdioBridge extends EventEmitter {
47
50
  });
48
51
  }
49
52
  processBuffer() {
53
+ // Bound the downstream incomplete-line buffer (a child flooding without a newline must not grow it
54
+ // unboundedly). Drop the buffer and continue rather than accumulate.
55
+ if (this.buffer.length > MAX_MESSAGE_BYTES) {
56
+ process.stderr.write('[aga-proxy] downstream message exceeded the size bound; dropping the buffer\n');
57
+ this.buffer = '';
58
+ return;
59
+ }
50
60
  const lines = this.buffer.split('\n');
51
61
  // Keep the last (possibly incomplete) line in the buffer
52
62
  this.buffer = lines.pop() || '';
@@ -1 +1 @@
1
- {"version":3,"file":"stdio-bridge.js","sourceRoot":"","sources":["../../src/proxy/stdio-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAS3C;;;GAGG;AACH,MAAM,OAAO,WAAY,SAAQ,YAAY;IASvB;IARZ,KAAK,GAAwB,IAAI,CAAC;IAClC,MAAM,GAAG,EAAE,CAAC;IACZ,eAAe,GAAG,IAAI,GAAG,EAI7B,CAAC;IAEL,YAAoB,OAA2B;QAC7C,KAAK,EAAE,CAAC;QADU,YAAO,GAAP,OAAO,CAAoB;IAE/C,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAEtD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;YAChC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE;YAC/B,GAAG;YACH,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC9C,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC9C,oDAAoD;YACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YAChC,IAAI,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,mCAAmC,IAAI,WAAW,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACxB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,yDAAyD;QACzD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;gBAC3D,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,GAA4B;QAChD,8DAA8D;QAC9D,IAAI,IAAI,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,GAAG,IAAI,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC;YACvD,MAAM,EAAE,GAAG,GAAG,CAAC,EAAqB,CAAC;YACrC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7C,IAAI,OAAO,EAAE,CAAC;gBACZ,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAChC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;YACD,OAAO;QACT,CAAC;QAED,kFAAkF;QAClF,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAgC,EAAE,SAAS,GAAG,MAAM;QAC7D,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,EAAE,GAAG,OAAO,CAAC,EAAiC,CAAC;QAErD,0CAA0C;QAC1C,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;YACvD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,OAAO,CAA0B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC9D,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAChC,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,EAAE,EAAE,CAAC,CAAC,CAAC;YACrE,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACzD,IAAI,CAAC,KAAM,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAgC;QACtC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3B,oCAAoC;YACpC,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;gBAChC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;oBAC5B,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;oBAC5B,OAAO,EAAE,CAAC;gBACZ,CAAC,EAAE,IAAI,CAAC,CAAC;gBACT,IAAI,CAAC,KAAM,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;oBAC1B,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI,CAAC;IAC7D,CAAC;IAEO,gBAAgB,CAAC,GAAU;QACjC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACjD,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC5B,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;IAC/B,CAAC;CACF"}
1
+ {"version":3,"file":"stdio-bridge.js","sourceRoot":"","sources":["../../src/proxy/stdio-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAS3C,4GAA4G;AAC5G,8FAA8F;AAC9F,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAE1C;;;GAGG;AACH,MAAM,OAAO,WAAY,SAAQ,YAAY;IASvB;IARZ,KAAK,GAAwB,IAAI,CAAC;IAClC,MAAM,GAAG,EAAE,CAAC;IACZ,eAAe,GAAG,IAAI,GAAG,EAI7B,CAAC;IAEL,YAAoB,OAA2B;QAC7C,KAAK,EAAE,CAAC;QADU,YAAO,GAAP,OAAO,CAAoB;IAE/C,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAEtD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;YAChC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE;YAC/B,GAAG;YACH,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC9C,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC9C,oDAAoD;YACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YAChC,IAAI,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,mCAAmC,IAAI,WAAW,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACxB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa;QACnB,mGAAmG;QACnG,qEAAqE;QACrE,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;YAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+EAA+E,CAAC,CAAC;YACtG,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,yDAAyD;QACzD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;gBAC3D,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,GAA4B;QAChD,8DAA8D;QAC9D,IAAI,IAAI,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,GAAG,IAAI,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC;YACvD,MAAM,EAAE,GAAG,GAAG,CAAC,EAAqB,CAAC;YACrC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7C,IAAI,OAAO,EAAE,CAAC;gBACZ,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAChC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;YACD,OAAO;QACT,CAAC;QAED,kFAAkF;QAClF,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAgC,EAAE,SAAS,GAAG,MAAM;QAC7D,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,EAAE,GAAG,OAAO,CAAC,EAAiC,CAAC;QAErD,0CAA0C;QAC1C,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;YACvD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,OAAO,CAA0B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC9D,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAChC,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,EAAE,EAAE,CAAC,CAAC,CAAC;YACrE,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACzD,IAAI,CAAC,KAAM,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAgC;QACtC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3B,oCAAoC;YACpC,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE;gBAChC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;oBAC5B,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;oBAC5B,OAAO,EAAE,CAAC;gBACZ,CAAC,EAAE,IAAI,CAAC,CAAC;gBACT,IAAI,CAAC,KAAM,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;oBAC1B,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI,CAAC;IAC7D,CAAC;IAEO,gBAAgB,CAAC,GAAU;QACjC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACjD,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC5B,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;IAC/B,CAAC;CACF"}
@@ -11,6 +11,7 @@ export { SEP_ALGORITHM, SEP_RECEIPT_VERSION, SEP_RECEIPT_FIELDS, buildReceipt, l
11
11
  export { buildCheckpoint, type SignedCheckpoint } from './checkpoint.js';
12
12
  export { SepGateway, type SepBundle, type SepGatewayOptions, type RecordInput } from './bundle.js';
13
13
  export { verifySepBundle, type SepVerificationResult, type VerifyStep, type VerifyOptions } from './verify.js';
14
+ export { derivePolicyReference } from './policy-ref.js';
14
15
  export { verifyHybrid, verifyHybridBytes, signHybrid, signHybridBytes, hybridSignerFromSeeds, generateHybridSigner, generateHybridKeypair, hybridKeypairFromSeeds, encodeComposite, decodeComposite, type HybridSecretKey, } from './hybrid.js';
15
16
  export { ALG_ED25519, ALG_HYBRID, REGISTERED_PROFILES, ALL_PROFILES, isRegisteredProfile, validPublicKeyForProfile, verifyForProfile, } from './profiles.js';
16
17
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sep/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,iBAAiB,EAAE,2BAA2B,EAAE,KAAK,UAAU,EAAE,KAAK,YAAY,EAAE,KAAK,QAAQ,EAAE,MAAM,cAAc,CAAC;AAChO,OAAO,EAAE,eAAe,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAE,KAAK,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AACnG,OAAO,EAAE,eAAe,EAAE,KAAK,qBAAqB,EAAE,KAAK,UAAU,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAC/G,OAAO,EACL,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,eAAe,EAC5D,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,sBAAsB,EAC1F,eAAe,EAAE,eAAe,EAAE,KAAK,eAAe,GACvD,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,YAAY,EAC1D,mBAAmB,EAAE,wBAAwB,EAAE,gBAAgB,GAChE,MAAM,eAAe,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sep/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,iBAAiB,EAAE,2BAA2B,EAAE,KAAK,UAAU,EAAE,KAAK,YAAY,EAAE,KAAK,QAAQ,EAAE,MAAM,cAAc,CAAC;AAChO,OAAO,EAAE,eAAe,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAE,KAAK,iBAAiB,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AACnG,OAAO,EAAE,eAAe,EAAE,KAAK,qBAAqB,EAAE,KAAK,UAAU,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAC/G,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,eAAe,EAC5D,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,sBAAsB,EAC1F,eAAe,EAAE,eAAe,EAAE,KAAK,eAAe,GACvD,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,YAAY,EAC1D,mBAAmB,EAAE,wBAAwB,EAAE,gBAAgB,GAChE,MAAM,eAAe,CAAC"}
package/dist/sep/index.js CHANGED
@@ -11,6 +11,7 @@ export { SEP_ALGORITHM, SEP_RECEIPT_VERSION, SEP_RECEIPT_FIELDS, buildReceipt, l
11
11
  export { buildCheckpoint } from './checkpoint.js';
12
12
  export { SepGateway } from './bundle.js';
13
13
  export { verifySepBundle } from './verify.js';
14
+ export { derivePolicyReference } from './policy-ref.js';
14
15
  export { verifyHybrid, verifyHybridBytes, signHybrid, signHybridBytes, hybridSignerFromSeeds, generateHybridSigner, generateHybridKeypair, hybridKeypairFromSeeds, encodeComposite, decodeComposite, } from './hybrid.js';
15
16
  export { ALG_ED25519, ALG_HYBRID, REGISTERED_PROFILES, ALL_PROFILES, isRegisteredProfile, validPublicKeyForProfile, verifyForProfile, } from './profiles.js';
16
17
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sep/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,EAAkB,MAAM,aAAa,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAoB,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,iBAAiB,EAAE,2BAA2B,EAAqD,MAAM,cAAc,CAAC;AAChO,OAAO,EAAE,eAAe,EAAyB,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,UAAU,EAA4D,MAAM,aAAa,CAAC;AACnG,OAAO,EAAE,eAAe,EAAmE,MAAM,aAAa,CAAC;AAC/G,OAAO,EACL,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,eAAe,EAC5D,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,sBAAsB,EAC1F,eAAe,EAAE,eAAe,GACjC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,YAAY,EAC1D,mBAAmB,EAAE,wBAAwB,EAAE,gBAAgB,GAChE,MAAM,eAAe,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sep/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,YAAY,EAAE,mCAAmC,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,EAAkB,MAAM,aAAa,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAoB,MAAM,aAAa,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,iBAAiB,EAAE,2BAA2B,EAAqD,MAAM,cAAc,CAAC;AAChO,OAAO,EAAE,eAAe,EAAyB,MAAM,iBAAiB,CAAC;AACzE,OAAO,EAAE,UAAU,EAA4D,MAAM,aAAa,CAAC;AACnG,OAAO,EAAE,eAAe,EAAmE,MAAM,aAAa,CAAC;AAC/G,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,eAAe,EAC5D,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,sBAAsB,EAC1F,eAAe,EAAE,eAAe,GACjC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,YAAY,EAC1D,mBAAmB,EAAE,wBAAwB,EAAE,gBAAgB,GAChE,MAAM,eAAe,CAAC"}
@@ -0,0 +1,8 @@
1
+ /**
2
+ * The canonical reference for a policy (or any config object) bound into evidence: the SHA-256 of its
3
+ * canonical form. This is the SINGLE source of the value the governance gateway records as
4
+ * `policy_reference`. The gateway and any external consumer (e.g. the enterprise policy tooling) both call
5
+ * this one function, so the gateway's binding and a consumer's computed reference cannot drift.
6
+ */
7
+ export declare function derivePolicyReference(policy: unknown): string;
8
+ //# sourceMappingURL=policy-ref.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy-ref.d.ts","sourceRoot":"","sources":["../../src/sep/policy-ref.ts"],"names":[],"mappings":"AAKA;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,CAE7D"}
@@ -0,0 +1,14 @@
1
+ // Copyright (c) 2026 Attested Intelligence Holdings LLC
2
+ // SPDX-License-Identifier: MIT
3
+ import { canonicalize } from './canonical.js';
4
+ import { sha256Hex } from './crypto.js';
5
+ /**
6
+ * The canonical reference for a policy (or any config object) bound into evidence: the SHA-256 of its
7
+ * canonical form. This is the SINGLE source of the value the governance gateway records as
8
+ * `policy_reference`. The gateway and any external consumer (e.g. the enterprise policy tooling) both call
9
+ * this one function, so the gateway's binding and a consumer's computed reference cannot drift.
10
+ */
11
+ export function derivePolicyReference(policy) {
12
+ return sha256Hex(canonicalize(policy));
13
+ }
14
+ //# sourceMappingURL=policy-ref.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy-ref.js","sourceRoot":"","sources":["../../src/sep/policy-ref.ts"],"names":[],"mappings":"AAAA,wDAAwD;AACxD,+BAA+B;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAe;IACnD,OAAO,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;AACzC,CAAC"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@attested-intelligence/aga-mcp-server",
3
- "version": "3.2.0",
4
- "description": "MCP server for cryptographic AI agent governance. Seal policy artifacts, enforce at runtime, prove with signed receipts and offline-verifiable evidence bundles.",
3
+ "version": "3.3.0",
4
+ "description": "MCP governance proxy and evidence engine for AI agent tool calls: evaluate each call against a sealed policy, permit or deny it at the proxy boundary, and prove every decision with signed, offline-verifiable evidence bundles.",
5
5
  "author": "Attested Intelligence Holdings LLC",
6
6
  "license": "MIT",
7
7
  "homepage": "https://attestedintelligence.com/technology",
@@ -15,6 +15,21 @@
15
15
  "type": "module",
16
16
  "main": "dist/index.js",
17
17
  "types": "dist/index.d.ts",
18
+ "exports": {
19
+ ".": {
20
+ "types": "./dist/index.d.ts",
21
+ "default": "./dist/index.js"
22
+ },
23
+ "./verify": {
24
+ "types": "./dist/sep/verify.d.ts",
25
+ "default": "./dist/sep/verify.js"
26
+ },
27
+ "./sep": {
28
+ "types": "./dist/sep/index.d.ts",
29
+ "default": "./dist/sep/index.js"
30
+ },
31
+ "./package.json": "./package.json"
32
+ },
18
33
  "files": [
19
34
  "dist/",
20
35
  "README.md",
@@ -51,7 +66,7 @@
51
66
  "prepublishOnly": "npm run build && npm run test && npm run test:conformance && npm run check:pack"
52
67
  },
53
68
  "dependencies": {
54
- "@modelcontextprotocol/sdk": "^1.12.0",
69
+ "@modelcontextprotocol/sdk": "^1.29.0",
55
70
  "@noble/ed25519": "2.1.0",
56
71
  "@noble/hashes": "1.6.1",
57
72
  "@noble/post-quantum": "0.6.1",
@@ -61,6 +76,9 @@
61
76
  "optionalDependencies": {
62
77
  "better-sqlite3": "^11.7.0"
63
78
  },
79
+ "overrides": {
80
+ "hono": ">=4.12.25"
81
+ },
64
82
  "devDependencies": {
65
83
  "@types/better-sqlite3": "^7.6.12",
66
84
  "@types/node": "^22.10.0",
@@ -81,8 +99,7 @@
81
99
  "agentic-ai",
82
100
  "attestation",
83
101
  "governance",
84
- "cryptographic-enforcement",
85
- "runtime-integrity",
102
+ "policy-proxy",
86
103
  "evidence-bundles",
87
104
  "ed25519",
88
105
  "policy-artifacts",