npm - @attested-intelligence/aga-verify - Versions diffs - 1.0.0 → 2.0.0 - Mend

@attested-intelligence/aga-verify 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/example-bundle.json CHANGED Viewed

@@ -1,284 +1,112 @@
 {
-  "artifact": {
-    "schema_version": "1.0.0",
-    "protocol_version": "1.0.0",
-    "subject_identifier": {
-      "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
-      "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
-    },
-    "policy_reference": "c5090e8677afc35133da645aa2aecdcd36cd67184dfcfe031f1c55d5d1294020",
-    "policy_version": 4,
-    "sealed_hash": "1dd8ed34d6cd1c1c5cec647d26cc4c3676d7796a729376bb3fcf26b2a6edba33",
-    "seal_salt": "910887666ac8dc2b7db5695fd0186b4e",
-    "issued_timestamp": "2026-06-02T08:30:36.164Z",
-    "effective_timestamp": "2026-06-02T08:30:36.164Z",
-    "expiration_timestamp": null,
-    "issuer_identifier": "ac92dd48402bf3255177df55198c449dc61e36c97a3ed62e81462e72f741b311",
-    "enforcement_parameters": {
-      "measurement_cadence_ms": 200,
-      "ttl_seconds": 3600,
-      "enforcement_triggers": [
-        "QUARANTINE",
-        "TERMINATE",
-        "SAFE_STATE"
-      ],
-      "re_attestation_required": true,
-      "measurement_types": [
-        "EXECUTABLE_IMAGE",
-        "LOADED_MODULES",
-        "CONFIG_MANIFEST"
-      ],
-      "behavioral_baseline": {
-        "permitted_tools": [
-          "web_search",
-          "code_execute",
-          "file_read",
-          "summarize"
-        ],
-        "forbidden_sequences": [
-          [
-            "file_read",
-            "web_search",
-            "code_execute"
-          ]
-        ],
-        "rate_limits": {
-          "web_search": 20,
-          "code_execute": 10,
-          "file_read": 30,
-          "summarize": 50
-        }
-      }
-    },
-    "disclosure_policy": {
-      "claims_taxonomy": [
-        {
-          "claim_id": "agent.model_weights_hash",
-          "sensitivity": "S4_CRITICAL",
-          "substitutes": [
-            "agent.model_family",
-            "agent.model_generation"
-          ],
-          "inference_risks": [],
-          "permitted_modes": []
-        },
-        {
-          "claim_id": "agent.model_family",
-          "sensitivity": "S2_MODERATE",
-          "substitutes": [
-            "agent.model_generation"
-          ],
-          "inference_risks": [],
-          "permitted_modes": [
-            "REVEAL_MIN",
-            "REVEAL_FULL"
-          ]
-        },
-        {
-          "claim_id": "agent.model_generation",
-          "sensitivity": "S1_LOW",
-          "substitutes": [],
-          "inference_risks": [],
-          "permitted_modes": [
-            "PROOF_ONLY",
-            "REVEAL_MIN",
-            "REVEAL_FULL"
-          ]
-        }
-      ],
-      "substitution_rules": []
-    },
-    "evidence_commitments": [
-      {
-        "commitment": "3a7cafa939fa3732b4d36875b8909b467a2d063ce01c617b1f491983f9b8de71",
-        "salt": "eb5050aaff095529b52e03f920f32736",
-        "label": "model_card"
-      },
-      {
-        "commitment": "8f6a61abea33aca30d67af6fee22780ac2b689058882f70f8723c9f37d8da8bd",
-        "salt": "edba40897cd4d45923f00891c11d7746",
-        "label": "scope_approval"
-      }
-    ],
-    "signature": "X9IEtvUlU8AUixd/ZTbWqUGFhfqEbeQKYZy3/nzKhbj43uYS678X8BV+7hrd26Ts1m2hbUa+JHPAqzgj+z5YDg=="
-  },
+  "schema_version": "2.0",
+  "bundle_id": "bundle-3",
+  "algorithm": "Ed25519-SHA256-JCS",
+  "generated_at": "2026-06-03T00:00:00.000Z",
+  "gateway_id": "aga-demo-001",
+  "public_key": "ea4a6c63e29c520abef5507b132ec5f9954776aebebe7b92421eea691446d22c",
+  "policy_reference": "0e705e25519d3a1bf3aa09fa39498cd6d15bf6dca45d290514f9f6b2a6d321bf",
   "receipts": [
     {
-      "receipt_id": "c77294b7-567f-4019-bc82-1db8f8b41a36",
-      "subject_identifier": {
-        "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
-        "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
-      },
-      "artifact_reference": "c801497e4020ea3913e94541c2c869fac9422735686a6d3c4b75c4298145b237",
-      "current_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
-      "sealed_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
-      "drift_detected": false,
-      "drift_description": null,
-      "enforcement_action": null,
-      "measurement_type": "EXECUTABLE_IMAGE",
-      "timestamp": "2026-06-02T08:30:36.178Z",
-      "sequence_number": 0,
-      "previous_leaf_hash": "dea5872156dd67a5cf43b9124ce0e8d0d33090a4186a98f573c55666ea172739",
-      "portal_signature": "TaIz2Tb0TCE34lKD0UKdTqpQzThourYzGZHhpVPajy6C2bBA3oJsbE9BpZhx3utm62O1erKYOlT/WWUAVCGjDg=="
+      "receipt_id": "00000000-0000-4000-8000-000000000000",
+      "receipt_version": "1.0",
+      "algorithm": "Ed25519-SHA256-JCS",
+      "timestamp": "2026-06-03T00:00:00.000Z",
+      "request_id": "1",
+      "method": "tools/call",
+      "tool_name": "search_web",
+      "decision": "PERMITTED",
+      "reason": "tool permitted by allowlist",
+      "policy_reference": "0e705e25519d3a1bf3aa09fa39498cd6d15bf6dca45d290514f9f6b2a6d321bf",
+      "arguments_hash": "58ca0b73a694d65862346563961f7fcb8ec85cb3e2f5ddc9a26f744de8df1cb4",
+      "previous_receipt_hash": "",
+      "gateway_id": "aga-demo-001",
+      "public_key": "ea4a6c63e29c520abef5507b132ec5f9954776aebebe7b92421eea691446d22c",
+      "signature": "273e86ed174ec648d879d26752e93269366acd432657556b81632a9d1829665db49f7b01c8e6ddabbcbdca417ff67703428cac73d08c8ad4fdf732167a5c1805"
     },
     {
-      "receipt_id": "a5900acb-2d66-4235-9347-d7da49d8dc0b",
-      "subject_identifier": {
-        "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
-        "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
-      },
-      "artifact_reference": "c801497e4020ea3913e94541c2c869fac9422735686a6d3c4b75c4298145b237",
-      "current_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
-      "sealed_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
-      "drift_detected": false,
-      "drift_description": null,
-      "enforcement_action": null,
-      "measurement_type": "EXECUTABLE_IMAGE",
-      "timestamp": "2026-06-02T08:30:36.180Z",
-      "sequence_number": 1,
-      "previous_leaf_hash": "5ed1a416eb4c97b358cfceb1b3a0a662a698f1be2425b0063f546e4a2402f398",
-      "portal_signature": "lAhEHV/upEaWALRHCaqVc+thPmKdHHlGDGiFYvdv1TTtGzZLQ8S5Zjgm3jqGVactI+ntlwIbdNp6qhOY+CFkBA=="
+      "receipt_id": "00000000-0000-4000-8000-000000000001",
+      "receipt_version": "1.0",
+      "algorithm": "Ed25519-SHA256-JCS",
+      "timestamp": "2026-06-03T00:00:01.000Z",
+      "request_id": "2",
+      "method": "tools/call",
+      "tool_name": "read_file",
+      "decision": "PERMITTED",
+      "reason": "tool permitted by allowlist",
+      "policy_reference": "0e705e25519d3a1bf3aa09fa39498cd6d15bf6dca45d290514f9f6b2a6d321bf",
+      "arguments_hash": "4c1b0a036eba1702197bd43e33f54e63c515654a47e0ecc343ef7be90532cc8b",
+      "previous_receipt_hash": "3fffdf530d3c702b177f883c14061a4820bfc43ce65728f5ade6c547b1cb3c29",
+      "gateway_id": "aga-demo-001",
+      "public_key": "ea4a6c63e29c520abef5507b132ec5f9954776aebebe7b92421eea691446d22c",
+      "signature": "bd06955845f5fc4ffb509c8e4050b52df25c18ed20108cc87ea6160b2e807e9394930537c62ec892c270208efd67da689f91198f57758ad86ab2e0a3d7db9802"
     },
     {
-      "receipt_id": "e06a3914-392b-4b6d-870b-48d9058cde2c",
-      "subject_identifier": {
-        "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
-        "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
-      },
-      "artifact_reference": "c801497e4020ea3913e94541c2c869fac9422735686a6d3c4b75c4298145b237",
-      "current_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
-      "sealed_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
-      "drift_detected": false,
-      "drift_description": null,
-      "enforcement_action": null,
-      "measurement_type": "EXECUTABLE_IMAGE",
-      "timestamp": "2026-06-02T08:30:36.182Z",
-      "sequence_number": 2,
-      "previous_leaf_hash": "893cefa6bddc9c8a40c6655e938f912cec5daef0f6a9074bd4d27ca09ad4af9c",
-      "portal_signature": "HGpzkE4CK1QNXngHafIe4sr7ydqs7ZY0ZD7+me8vPw4RxtqBMAWfi200A9dC5OvDcN4zwZcwWF51oqBNk1l2Cw=="
-    },
-    {
-      "receipt_id": "0040e0cc-e560-4014-86d0-1b294f3d4b4c",
-      "subject_identifier": {
-        "bytes_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3",
-        "metadata_hash": "88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63"
-      },
-      "artifact_reference": "c801497e4020ea3913e94541c2c869fac9422735686a6d3c4b75c4298145b237",
-      "current_hash": "950e5c3896a95e42d179500a6b61543f707285b8ee889327eb1be92daeec7f60",
-      "sealed_hash": "d75f39ce7c674f6e63ed0d36113262a5b3411c7974c4962f8a4b545996edd7d3||88fa13c6d55d6642c88dc4cc49ed53be26bafd26a3d67fdfd0b70c8ee39dbd63",
-      "drift_detected": true,
-      "drift_description": "Behavioral drift: forbidden tool sequence (data exfiltration pattern)",
-      "enforcement_action": "TERMINATE",
-      "measurement_type": "EXECUTABLE_IMAGE",
-      "timestamp": "2026-06-02T08:30:36.192Z",
-      "sequence_number": 3,
-      "previous_leaf_hash": "838f59b7c940b3061018f6c70c13c2e2ef17554659fb48dafd33af267d5d2026",
-      "portal_signature": "vMEgOydXm63Hgwm4+A75VKYsJ0BceNfR/juEEXmQh9/KmXpVDlTuXoHi3EHOUOv/t8Qey7rxfuldAq8hp+FkCA=="
+      "receipt_id": "00000000-0000-4000-8000-000000000002",
+      "receipt_version": "1.0",
+      "algorithm": "Ed25519-SHA256-JCS",
+      "timestamp": "2026-06-03T00:00:02.000Z",
+      "request_id": "3",
+      "method": "tools/call",
+      "tool_name": "execute_command",
+      "decision": "DENIED",
+      "reason": "tool explicitly disallowed by policy",
+      "policy_reference": "0e705e25519d3a1bf3aa09fa39498cd6d15bf6dca45d290514f9f6b2a6d321bf",
+      "arguments_hash": "c11ec0d6ae74adee183197ff8c6905ec89d4c306a04044cfcc8a9e763a1d4a91",
+      "previous_receipt_hash": "a5fdaf85e232c7b598a9725913765145be18279a110676278030d0c080896e38",
+      "gateway_id": "aga-demo-001",
+      "public_key": "ea4a6c63e29c520abef5507b132ec5f9954776aebebe7b92421eea691446d22c",
+      "signature": "dbb3070095e3d1428183b6a3a083b58f85274c16e8654834bbff0c20c6e096d6fae4782382a07265a585b0a1f71c45e6877816314df0a2999ef645ae31d60502"
     }
   ],
+  "merkle_root": "223f04ffb656eb972d66f5c6843005b4d61d3a67aa06fa78ff9d8586df2c8639",
   "merkle_proofs": [
     {
-      "leafHash": "5ed1a416eb4c97b358cfceb1b3a0a662a698f1be2425b0063f546e4a2402f398",
-      "leafIndex": 2,
+      "leaf_hash": "3fffdf530d3c702b177f883c14061a4820bfc43ce65728f5ade6c547b1cb3c29",
+      "leaf_index": 0,
       "siblings": [
-        {
-          "hash": "893cefa6bddc9c8a40c6655e938f912cec5daef0f6a9074bd4d27ca09ad4af9c",
-          "position": "right"
-        },
-        {
-          "hash": "db44e24f99b8086c7194eabcd240ef2b38f9d1214d49cc31337c45462a494082",
-          "position": "left"
-        },
-        {
-          "hash": "0463d91f9baebddee57414e78c8d22507a9d33a0ce5a7bfa882e2ccb4c98a13c",
-          "position": "right"
-        },
-        {
-          "hash": "71b83667104222412e522e83ce89978fbde04d0c02eabf0e1e759aadbde0dac2",
-          "position": "right"
-        }
+        "a5fdaf85e232c7b598a9725913765145be18279a110676278030d0c080896e38",
+        "64e41466ac4f38c588ef8e4f1848681863a42472453ac2c4cdb950c11430d606"
       ],
-      "root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9"
-    },
-    {
-      "leafHash": "893cefa6bddc9c8a40c6655e938f912cec5daef0f6a9074bd4d27ca09ad4af9c",
-      "leafIndex": 3,
-      "siblings": [
-        {
-          "hash": "5ed1a416eb4c97b358cfceb1b3a0a662a698f1be2425b0063f546e4a2402f398",
-          "position": "left"
-        },
-        {
-          "hash": "db44e24f99b8086c7194eabcd240ef2b38f9d1214d49cc31337c45462a494082",
-          "position": "left"
-        },
-        {
-          "hash": "0463d91f9baebddee57414e78c8d22507a9d33a0ce5a7bfa882e2ccb4c98a13c",
-          "position": "right"
-        },
-        {
-          "hash": "71b83667104222412e522e83ce89978fbde04d0c02eabf0e1e759aadbde0dac2",
-          "position": "right"
-        }
+      "directions": [
+        "right",
+        "right"
       ],
-      "root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9"
+      "merkle_root": "223f04ffb656eb972d66f5c6843005b4d61d3a67aa06fa78ff9d8586df2c8639"
     },
     {
-      "leafHash": "56bda530fe8e6813c6fef0577596c9f35aa21f8f90d6f8593d3831b39e565fc3",
-      "leafIndex": 4,
+      "leaf_hash": "a5fdaf85e232c7b598a9725913765145be18279a110676278030d0c080896e38",
+      "leaf_index": 1,
       "siblings": [
-        {
-          "hash": "6f98d48d7117d51064d72ff13c2c84d379c906f540e370d01e1759e957653788",
-          "position": "right"
-        },
-        {
-          "hash": "74d7296252184052fcf08c23c6c60ef6efd34c86e743c441886c3f44fbd3ef28",
-          "position": "right"
-        },
-        {
-          "hash": "36a5c22125121fb0f9c7645f06454c48151970c297942e9025d2e8a0d0bc2a2b",
-          "position": "left"
-        },
-        {
-          "hash": "71b83667104222412e522e83ce89978fbde04d0c02eabf0e1e759aadbde0dac2",
-          "position": "right"
-        }
+        "3fffdf530d3c702b177f883c14061a4820bfc43ce65728f5ade6c547b1cb3c29",
+        "64e41466ac4f38c588ef8e4f1848681863a42472453ac2c4cdb950c11430d606"
+      ],
+      "directions": [
+        "left",
+        "right"
       ],
-      "root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9"
+      "merkle_root": "223f04ffb656eb972d66f5c6843005b4d61d3a67aa06fa78ff9d8586df2c8639"
     },
     {
-      "leafHash": "13d4765f15b72d5e4192fc6f3c2efcc2d46b00df515d86a23b4c38c896a415b3",
-      "leafIndex": 9,
+      "leaf_hash": "64e41466ac4f38c588ef8e4f1848681863a42472453ac2c4cdb950c11430d606",
+      "leaf_index": 2,
       "siblings": [
-        {
-          "hash": "838f59b7c940b3061018f6c70c13c2e2ef17554659fb48dafd33af267d5d2026",
-          "position": "left"
-        },
-        {
-          "hash": "69479007abe86c6e09f6453dfa2762996a3cdc10b9df03e31b477958898877c8",
-          "position": "right"
-        },
-        {
-          "hash": "1b19cbeb9a5ecdb1c209447c9292a00d8699a18211fa3a97d0dc9776f9c64575",
-          "position": "right"
-        },
-        {
-          "hash": "e9599515a3379cc1ae106b51c80424db87db3c8ee57855f282843afdc12eda40",
-          "position": "left"
-        }
+        "d7cb3da29b56ae335f8609bb9cb09a69442265ee1ff33840f151b709ad5f5ad5"
+      ],
+      "directions": [
+        "left"
       ],
-      "root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9"
+      "merkle_root": "223f04ffb656eb972d66f5c6843005b4d61d3a67aa06fa78ff9d8586df2c8639"
     }
   ],
-  "checkpoint_reference": {
-    "merkle_root": "e1cc28411c41f749ab3ff8160c465bca538d3c1c0883eac56c3821ff1c7574c9",
-    "batch_start_sequence": 0,
-    "batch_end_sequence": 9,
-    "anchor_network": "local",
-    "transaction_id": "local:04bb72ce-9af3-4406-95c9-0ad269d87696",
-    "timestamp": "2026-06-02T08:30:36.195Z"
+  "checkpoint": {
+    "algorithm": "Ed25519-SHA256-JCS",
+    "gateway_id": "aga-demo-001",
+    "generated_at": "2026-06-03T00:00:00.000Z",
+    "head_leaf_hash": "64e41466ac4f38c588ef8e4f1848681863a42472453ac2c4cdb950c11430d606",
+    "leaf_count": 3,
+    "merkle_root": "223f04ffb656eb972d66f5c6843005b4d61d3a67aa06fa78ff9d8586df2c8639",
+    "signature": "01aa24ce48683393bbf517826773494c03f2e3ea96230e5f628de49f94319587e9a0dfe6be34b8693c0f45db23e34de0d8ef8be13f8b42e12fb6883337233907"
   },
-  "public_key": "6a65398e54dcecb4a8a3a38d351ce4ba947bae215a78d38a259959d609abd4fe",
-  "verification_tier": "GOLD",
-  "bundle_signature": "O6erEOh0UwH9vIEpkrdRKJl3wYb6d8RlS30I4jXeV+aKQOFSaOHuc4JF1KM73pLcGpqEv5c3slDxEs4loinMCg=="
+  "offline_capable": true
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@attested-intelligence/aga-verify",
-  "version": "1.0.0",
-  "description": "Standalone, AGA-independent verifier for AGA Evidence Bundles (Ed25519 + SHA-256 via @noble; zero AGA imports).",
+  "version": "2.0.0",
+  "description": "Standalone, dependency-free verifier for canonical AGA SEP Evidence Bundles (Ed25519 + SHA-256 via Node's built-in crypto; zero AGA imports, zero third-party deps).",
   "type": "module",
   "license": "MIT",
   "author": "Attested Intelligence Holdings LLC",
@@ -33,10 +33,7 @@
     "test": "vitest run",
     "prepublishOnly": "node build.mjs && vitest run"
   },
-  "dependencies": {
-    "@noble/ed25519": "^2.1.0",
-    "@noble/hashes": "^1.7.0"
-  },
+  "dependencies": {},
   "devDependencies": {
     "esbuild": "^0.27.4",
     "tsx": "^4.19.0",