@axtary/cli 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +122 -12
- package/dist/bin.js +10 -0
- package/dist/bin.js.map +1 -1
- package/dist/claude-code-hook.d.ts +20 -0
- package/dist/claude-code-hook.d.ts.map +1 -1
- package/dist/claude-code-hook.js +114 -34
- package/dist/claude-code-hook.js.map +1 -1
- package/dist/codex-hook.d.ts +48 -0
- package/dist/codex-hook.d.ts.map +1 -0
- package/dist/codex-hook.js +259 -0
- package/dist/codex-hook.js.map +1 -0
- package/dist/credentials.d.ts +101 -0
- package/dist/credentials.d.ts.map +1 -0
- package/dist/credentials.js +277 -0
- package/dist/credentials.js.map +1 -0
- package/dist/cursor-hook.d.ts +51 -0
- package/dist/cursor-hook.d.ts.map +1 -0
- package/dist/cursor-hook.js +214 -0
- package/dist/cursor-hook.js.map +1 -0
- package/dist/hook-install.d.ts +21 -0
- package/dist/hook-install.d.ts.map +1 -0
- package/dist/hook-install.js +179 -0
- package/dist/hook-install.js.map +1 -0
- package/dist/index.d.ts +768 -7
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6132 -1050
- package/dist/index.js.map +1 -1
- package/dist/mcp-fs-normalize.d.ts +18 -0
- package/dist/mcp-fs-normalize.d.ts.map +1 -0
- package/dist/mcp-fs-normalize.js +39 -0
- package/dist/mcp-fs-normalize.js.map +1 -0
- package/dist/mcp-oauth.d.ts +67 -0
- package/dist/mcp-oauth.d.ts.map +1 -0
- package/dist/mcp-oauth.js +242 -0
- package/dist/mcp-oauth.js.map +1 -0
- package/dist/oauth.d.ts +90 -0
- package/dist/oauth.d.ts.map +1 -0
- package/dist/oauth.js +339 -0
- package/dist/oauth.js.map +1 -0
- package/dist/render.d.ts +103 -0
- package/dist/render.d.ts.map +1 -0
- package/dist/render.js +172 -0
- package/dist/render.js.map +1 -0
- package/dist/shell-file-normalize.d.ts +21 -0
- package/dist/shell-file-normalize.d.ts.map +1 -0
- package/dist/shell-file-normalize.js +269 -0
- package/dist/shell-file-normalize.js.map +1 -0
- package/package.json +14 -9
package/dist/index.d.ts
CHANGED
|
@@ -1,24 +1,58 @@
|
|
|
1
|
-
import { type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
|
|
2
|
-
import { type FakeAdapterState } from "@axtary/adapters";
|
|
3
|
-
import { type LedgerExport, type LedgerExportFormat, type LedgerSyncResult } from "@axtary/ledger";
|
|
4
|
-
import { type
|
|
1
|
+
import { LocalCaepMappingStore, issuerJwks, type SsfSubjectIdentifier, type ActionPassRevocation, type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
|
|
2
|
+
import { type FakeAdapterState, type PostgresQueryClient } from "@axtary/adapters";
|
|
3
|
+
import { type LedgerAttestationBundle, type LedgerConsistencyProof, type LedgerExport, type LedgerExportFormat, type OtelTraceExportResult, type ForensicReport, type LedgerInclusionProof, type LedgerSyncResult, type ProofVerificationResult, type VerifyLedgerAttestationResult } from "@axtary/ledger";
|
|
4
|
+
import { type McpConformanceReceipt, type McpChainVerdict, type McpPinReconcileEntry, type McpSignedDefinitionVerification } from "@axtary/mcp";
|
|
5
|
+
import { type PolicyConfig, type PolicyFixtureResult as PolicyTemplateFixtureResult, type PolicyTemplate, type PolicySimulation } from "@axtary/policy";
|
|
5
6
|
import { type ProxyHandleResult } from "@axtary/proxy";
|
|
7
|
+
import { type CredentialMetadata, type CredentialStore } from "./credentials.js";
|
|
8
|
+
export { HOOK_INSTALL_SCHEMA_VERSION, installRuntimeHook, type HookInstallRuntime, type HookInstallResult, } from "./hook-install.js";
|
|
6
9
|
export { CLAUDE_CODE_HOOK_SCHEMA_VERSION, normalizeClaudeCodeToolCall, parseClaudeCodeHookPayload, runClaudeCodeHook, type ClaudeCodeHookPayload, type ClaudeCodeHookRunInput, type ClaudeCodeHookRunResult, } from "./claude-code-hook.js";
|
|
10
|
+
export { CURSOR_HOOK_SCHEMA_VERSION, normalizeCursorToolCall, parseCursorHookPayload, runCursorHook, type CursorHookPayload, type CursorHookRunInput, type CursorHookRunResult, } from "./cursor-hook.js";
|
|
11
|
+
export { CODEX_HOOK_SCHEMA_VERSION, classifyShellCommand, normalizeCodexToolCall, parseCodexHookPayload, runCodexHook, type CodexHookPayload, type CodexHookRunInput, type CodexHookRunResult, } from "./codex-hook.js";
|
|
7
12
|
export declare const DEMO_SCHEMA_VERSION = "axtary.demo.v0";
|
|
13
|
+
export declare const TEMPLATE_DEMO_SCHEMA_VERSION = "axtary.template_demo.v0";
|
|
8
14
|
export declare const POLICY_TEST_SCHEMA_VERSION = "axtary.policy_test.v0";
|
|
15
|
+
export declare const POLICY_HARNESS_SCHEMA_VERSION = "axtary.policy_harness.v0";
|
|
16
|
+
export declare const POLICY_SIMULATE_RUN_SCHEMA_VERSION = "axtary.policy_simulate_run.v0";
|
|
9
17
|
export declare const LOCAL_PROXY_SCHEMA_VERSION = "axtary.local_proxy.v0";
|
|
10
18
|
export declare const LEDGER_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_export_run.v0";
|
|
11
19
|
export declare const LEDGER_SYNC_RUN_SCHEMA_VERSION = "axtary.ledger_sync_run.v0";
|
|
20
|
+
export declare const LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_otel_export_run.v0";
|
|
21
|
+
export declare const LEDGER_ATTEST_RUN_SCHEMA_VERSION = "axtary.ledger_attest_run.v0";
|
|
22
|
+
export declare const LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_verify_export_run.v0";
|
|
23
|
+
export declare const LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION = "axtary.ledger_prove_inclusion_run.v0";
|
|
24
|
+
export declare const LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION = "axtary.ledger_prove_consistency_run.v0";
|
|
25
|
+
export declare const LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION = "axtary.ledger_verify_proof_run.v0";
|
|
26
|
+
export declare const LEDGER_FORENSICS_RUN_SCHEMA_VERSION = "axtary.ledger_forensics_run.v0";
|
|
27
|
+
export declare const ATTESTATION_KEY_SCHEMA_VERSION = "axtary.attestation_key.v0";
|
|
12
28
|
export declare const CONNECTOR_DOCTOR_SCHEMA_VERSION = "axtary.connector_doctor.v0";
|
|
13
29
|
export declare const REAL_WORKFLOW_RUN_SCHEMA_VERSION = "axtary.real_workflow_run.v0";
|
|
30
|
+
export declare const CONNECT_RUN_SCHEMA_VERSION = "axtary.connect_run.v0";
|
|
31
|
+
export declare const CONNECTIONS_SCHEMA_VERSION = "axtary.connections.v0";
|
|
32
|
+
export declare const ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION = "axtary.actionpass_revocation_run.v0";
|
|
33
|
+
export declare const DEFAULT_ACTIONPASS_TRUST_STORE_PATH = ".axtary/actionpass-trust-store.json";
|
|
34
|
+
export declare const DEFAULT_DPOP_REPLAY_STORE_PATH = ".axtary/dpop-replay-store.jsonl";
|
|
35
|
+
export declare const ACTIONPASS_STATUS_RUN_SCHEMA_VERSION = "axtary.actionpass_status_run.v0";
|
|
36
|
+
export declare const CAEP_MAPPING_RUN_SCHEMA_VERSION = "axtary.caep_mapping_run.v0";
|
|
14
37
|
export type DemoRunInput = {
|
|
15
38
|
configPath?: string;
|
|
16
39
|
ledgerPath?: string;
|
|
40
|
+
trustStorePath?: string;
|
|
41
|
+
dpopReplayStorePath?: string;
|
|
42
|
+
statusListUri?: string;
|
|
17
43
|
cwd?: string;
|
|
18
44
|
};
|
|
45
|
+
export type TemplateDemoRunInput = {
|
|
46
|
+
configPath?: string;
|
|
47
|
+
cwd?: string;
|
|
48
|
+
templateId: string;
|
|
49
|
+
};
|
|
19
50
|
export type ProxyServerInput = DemoRunInput & {
|
|
20
51
|
host?: string;
|
|
21
52
|
port?: number;
|
|
53
|
+
otlpEndpoint?: string;
|
|
54
|
+
otlpServiceName?: string;
|
|
55
|
+
otlpTimeoutMs?: number;
|
|
22
56
|
};
|
|
23
57
|
export type ProxyServerHandle = {
|
|
24
58
|
schemaVersion: typeof LOCAL_PROXY_SCHEMA_VERSION;
|
|
@@ -26,14 +60,33 @@ export type ProxyServerHandle = {
|
|
|
26
60
|
host: string;
|
|
27
61
|
port: number;
|
|
28
62
|
ledgerPath: string;
|
|
63
|
+
trustStorePath: string;
|
|
64
|
+
dpopReplayStorePath: string;
|
|
65
|
+
issuerKeyringPath: string;
|
|
66
|
+
statusStorePath: string;
|
|
67
|
+
statusListUri: string;
|
|
68
|
+
caep: {
|
|
69
|
+
enabled: boolean;
|
|
70
|
+
mappingPath: string;
|
|
71
|
+
replayPath: string;
|
|
72
|
+
issuer: string | null;
|
|
73
|
+
};
|
|
74
|
+
otel: {
|
|
75
|
+
enabled: boolean;
|
|
76
|
+
endpoint: string | null;
|
|
77
|
+
serviceName: string | null;
|
|
78
|
+
};
|
|
29
79
|
adapters: FakeAdapterState;
|
|
30
80
|
adapterModes: {
|
|
31
|
-
github: "fake" | "rest";
|
|
81
|
+
github: "fake" | "rest" | "app";
|
|
32
82
|
slack: "fake" | "web";
|
|
33
83
|
linear: "fake" | "graphql";
|
|
84
|
+
jira: "fake" | "rest";
|
|
34
85
|
aws: "off" | "rest";
|
|
35
86
|
gcp: "off" | "rest";
|
|
36
87
|
docs: "off" | "local";
|
|
88
|
+
postgres: "off" | "postgres";
|
|
89
|
+
drive: "off" | "rest";
|
|
37
90
|
mcp: "fixture";
|
|
38
91
|
};
|
|
39
92
|
close: () => Promise<void>;
|
|
@@ -70,6 +123,45 @@ export type PolicyTestRunResult = {
|
|
|
70
123
|
failed: number;
|
|
71
124
|
results: PolicyFixtureResult[];
|
|
72
125
|
};
|
|
126
|
+
export type PolicySimulateRunInput = {
|
|
127
|
+
actionPath: string;
|
|
128
|
+
configPath?: string;
|
|
129
|
+
cwd?: string;
|
|
130
|
+
};
|
|
131
|
+
export type PolicySimulateRunResult = {
|
|
132
|
+
schemaVersion: typeof POLICY_SIMULATE_RUN_SCHEMA_VERSION;
|
|
133
|
+
config: {
|
|
134
|
+
filePath: string | null;
|
|
135
|
+
policyVersion: string;
|
|
136
|
+
};
|
|
137
|
+
actionPath: string;
|
|
138
|
+
simulation: PolicySimulation;
|
|
139
|
+
};
|
|
140
|
+
export type PolicyHarnessRunInput = {
|
|
141
|
+
harnessPath: string;
|
|
142
|
+
configPath?: string;
|
|
143
|
+
cwd?: string;
|
|
144
|
+
};
|
|
145
|
+
export type PolicyHarnessRunResult = {
|
|
146
|
+
schemaVersion: typeof POLICY_HARNESS_SCHEMA_VERSION;
|
|
147
|
+
config: {
|
|
148
|
+
filePath: string | null;
|
|
149
|
+
policyVersion: string;
|
|
150
|
+
};
|
|
151
|
+
harnessPath: string;
|
|
152
|
+
passed: boolean;
|
|
153
|
+
total: number;
|
|
154
|
+
failed: number;
|
|
155
|
+
results: Array<{
|
|
156
|
+
name: string;
|
|
157
|
+
passed: boolean;
|
|
158
|
+
expectedDecision: string;
|
|
159
|
+
actualDecision: string;
|
|
160
|
+
expectedRule: string | null;
|
|
161
|
+
actualRule: string | null;
|
|
162
|
+
actualReasons: string[];
|
|
163
|
+
}>;
|
|
164
|
+
};
|
|
73
165
|
export type DemoActionResult = {
|
|
74
166
|
name: string;
|
|
75
167
|
tool: string;
|
|
@@ -94,8 +186,12 @@ export type DemoRunResult = {
|
|
|
94
186
|
github: "fake";
|
|
95
187
|
slack: "fake";
|
|
96
188
|
linear: "fake";
|
|
189
|
+
jira: "fake";
|
|
97
190
|
aws: "off";
|
|
98
191
|
gcp: "off";
|
|
192
|
+
docs: "local";
|
|
193
|
+
postgres: "off";
|
|
194
|
+
drive: "off";
|
|
99
195
|
mcp: "fixture";
|
|
100
196
|
};
|
|
101
197
|
ledger: {
|
|
@@ -105,6 +201,23 @@ export type DemoRunResult = {
|
|
|
105
201
|
failure: string | null;
|
|
106
202
|
};
|
|
107
203
|
};
|
|
204
|
+
export type TemplateDemoRunResult = {
|
|
205
|
+
schemaVersion: typeof TEMPLATE_DEMO_SCHEMA_VERSION;
|
|
206
|
+
template: {
|
|
207
|
+
id: string;
|
|
208
|
+
name: string;
|
|
209
|
+
decisionModel: PolicyTemplate["decisionModel"];
|
|
210
|
+
};
|
|
211
|
+
config: {
|
|
212
|
+
filePath: string | null;
|
|
213
|
+
policyVersion: string;
|
|
214
|
+
};
|
|
215
|
+
mode: "policy_only";
|
|
216
|
+
passed: boolean;
|
|
217
|
+
total: number;
|
|
218
|
+
failed: number;
|
|
219
|
+
results: PolicyTemplateFixtureResult[];
|
|
220
|
+
};
|
|
108
221
|
export type CliIo = {
|
|
109
222
|
stdout?: (text: string) => void;
|
|
110
223
|
stderr?: (text: string) => void;
|
|
@@ -115,10 +228,11 @@ export declare function authorizeDecisionHints(decision: PolicyDecision, policy:
|
|
|
115
228
|
type SmokeTestInput = DemoRunInput & {
|
|
116
229
|
env?: Record<string, string | undefined>;
|
|
117
230
|
fetch?: typeof fetch;
|
|
231
|
+
store?: CredentialStore;
|
|
118
232
|
};
|
|
119
233
|
type ConnectorDoctorInput = SmokeTestInput;
|
|
120
234
|
export type ConnectorDoctorProviderStatus = {
|
|
121
|
-
provider: "github" | "slack" | "linear" | "aws" | "gcp" | "docs";
|
|
235
|
+
provider: "github" | "slack" | "linear" | "jira" | "aws" | "gcp" | "docs" | "drive" | "postgres";
|
|
122
236
|
mode: string;
|
|
123
237
|
status: "ready" | "missing" | "failed" | "skipped";
|
|
124
238
|
capability: "real-write" | "read-only" | "local-read" | "fake" | "off";
|
|
@@ -138,6 +252,37 @@ export type ConnectorDoctorResult = {
|
|
|
138
252
|
status: "ready" | "needs_setup";
|
|
139
253
|
providers: ConnectorDoctorProviderStatus[];
|
|
140
254
|
};
|
|
255
|
+
export declare const POLICY_PARITY_SCHEMA_VERSION = "axtary.policy_parity.v0";
|
|
256
|
+
export type PolicyParityRunInput = {
|
|
257
|
+
configPath?: string;
|
|
258
|
+
cwd?: string;
|
|
259
|
+
fixturesPath?: string;
|
|
260
|
+
cedarPath?: string;
|
|
261
|
+
regoWasmPath?: string;
|
|
262
|
+
};
|
|
263
|
+
export type PolicyParityFixtureResult = {
|
|
264
|
+
id: string;
|
|
265
|
+
passed: boolean;
|
|
266
|
+
expected: {
|
|
267
|
+
decision: string;
|
|
268
|
+
reasons: string[];
|
|
269
|
+
};
|
|
270
|
+
engines: Record<string, {
|
|
271
|
+
decision: string;
|
|
272
|
+
reasons: string[];
|
|
273
|
+
}>;
|
|
274
|
+
};
|
|
275
|
+
export type PolicyParityRunResult = {
|
|
276
|
+
schemaVersion: typeof POLICY_PARITY_SCHEMA_VERSION;
|
|
277
|
+
engines: string[];
|
|
278
|
+
fixturesPath: string;
|
|
279
|
+
cedarPath: string;
|
|
280
|
+
regoWasmPath: string;
|
|
281
|
+
passed: boolean;
|
|
282
|
+
total: number;
|
|
283
|
+
failed: number;
|
|
284
|
+
results: PolicyParityFixtureResult[];
|
|
285
|
+
};
|
|
141
286
|
export type LedgerExportRunInput = DemoRunInput & {
|
|
142
287
|
from?: string;
|
|
143
288
|
to?: string;
|
|
@@ -173,6 +318,22 @@ export type LedgerSyncRunResult = {
|
|
|
173
318
|
endpoint: string;
|
|
174
319
|
sync: LedgerSyncResult;
|
|
175
320
|
};
|
|
321
|
+
export type LedgerOtelExportRunInput = LedgerExportRunInput & {
|
|
322
|
+
endpoint: string;
|
|
323
|
+
serviceName?: string;
|
|
324
|
+
timeoutMs?: number;
|
|
325
|
+
fetch?: typeof fetch;
|
|
326
|
+
};
|
|
327
|
+
export type LedgerOtelExportRunResult = {
|
|
328
|
+
schemaVersion: typeof LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION;
|
|
329
|
+
config: {
|
|
330
|
+
filePath: string | null;
|
|
331
|
+
tenant: string;
|
|
332
|
+
};
|
|
333
|
+
ledgerPath: string;
|
|
334
|
+
endpoint: string;
|
|
335
|
+
export: OtelTraceExportResult;
|
|
336
|
+
};
|
|
176
337
|
export type RealWorkflowRunInput = DemoRunInput & {
|
|
177
338
|
env?: Record<string, string | undefined>;
|
|
178
339
|
fetch?: typeof fetch;
|
|
@@ -186,7 +347,26 @@ export type RealWorkflowRunInput = DemoRunInput & {
|
|
|
186
347
|
prTitle?: string;
|
|
187
348
|
approvedBy?: string;
|
|
188
349
|
approveStepUp?: boolean;
|
|
350
|
+
hostedApproval?: boolean;
|
|
351
|
+
approvalEndpoint?: string;
|
|
352
|
+
approvalTokenEnv?: string;
|
|
353
|
+
approvalPollIntervalSeconds?: number;
|
|
354
|
+
approvalTimeoutSeconds?: number;
|
|
355
|
+
onApprovalPending?: (info: {
|
|
356
|
+
requestId: string;
|
|
357
|
+
endpoint: string;
|
|
358
|
+
}) => void;
|
|
359
|
+
store?: CredentialStore;
|
|
189
360
|
tamper?: boolean;
|
|
361
|
+
checkName?: string;
|
|
362
|
+
reviewLine?: number;
|
|
363
|
+
databaseResource?: string;
|
|
364
|
+
sqlStatement?: string;
|
|
365
|
+
sqlParameters?: JsonValue[];
|
|
366
|
+
maxRows?: number;
|
|
367
|
+
postgresClientFactory?: (connectionString: string) => PostgresQueryClient;
|
|
368
|
+
driveFileId?: string;
|
|
369
|
+
maxReadBytes?: number;
|
|
190
370
|
};
|
|
191
371
|
export type RealWorkflowTamperEvidence = {
|
|
192
372
|
step: string;
|
|
@@ -194,6 +374,14 @@ export type RealWorkflowTamperEvidence = {
|
|
|
194
374
|
mutation: string;
|
|
195
375
|
approvedPayloadHash: string;
|
|
196
376
|
attemptedPayloadHash: string;
|
|
377
|
+
/**
|
|
378
|
+
* Whether the tamper step actually ran. A prior step failing (e.g. a
|
|
379
|
+
* GitHub branch collision on re-run) aborts the workflow before the Slack
|
|
380
|
+
* step, leaving the tamper unexercised. This must be distinguished from a
|
|
381
|
+
* step that ran and was not blocked, so a benign prior failure can never
|
|
382
|
+
* be misreported as "the tampered payload executed".
|
|
383
|
+
*/
|
|
384
|
+
reached: boolean;
|
|
197
385
|
blocked: boolean;
|
|
198
386
|
blockReasons: string[];
|
|
199
387
|
};
|
|
@@ -240,48 +428,621 @@ export type RealWorkflowRunResult = {
|
|
|
240
428
|
};
|
|
241
429
|
export declare function startProxyServer(input?: ProxyServerInput): Promise<ProxyServerHandle>;
|
|
242
430
|
export declare const INIT_SCHEMA_VERSION = "axtary.init.v0";
|
|
243
|
-
export declare const INIT_CONFIG_TEMPLATE:
|
|
431
|
+
export declare const INIT_CONFIG_TEMPLATE = "schemaVersion: axtary.config.v0\nissuer: https://local.axtary.dev\ntenant: org:local\nledger:\n path: .axtary/actions.jsonl\nruntime:\n allowUnsignedExecution: false\n handlerTimeoutMs: 10000\n status:\n enabled: true\n keyringPath: .axtary/keys/actionpass-issuer-keyring.json\n storePath: .axtary/actionpass-status.json\n ttlSeconds: 60\n expiresInSeconds: 120\n caep:\n enabled: false\n mappingPath: .axtary/caep-mappings.json\n replayPath: .axtary/ssf-replay.json\nadapters:\n # Start in fake mode: deterministic local adapters, no credentials needed.\n # Switch a provider to its real mode (rest/web/graphql) once its env token is set.\n github:\n mode: fake\n tokenEnv: GITHUB_TOKEN\n apiBaseUrl: https://api.github.com\n userAgent: axtary-local-proxy\n slack:\n mode: fake\n tokenEnv: SLACK_BOT_TOKEN\n apiBaseUrl: https://slack.com/api\n linear:\n mode: fake\n tokenEnv: LINEAR_API_KEY\n apiUrl: https://api.linear.app/graphql\n docs:\n mode: local\n # Local docs the agent may search. `axtary init` creates the docs/ root;\n # add or remove roots to match your project.\n roots:\n - docs\npolicy:\n version: \"starter-v0\"\n github:\n pullRequests:\n requiredBaseBranch: main\n maxFilesChanged: 12\n denyPathPrefixes:\n - .env\n - secrets/\n stepUpPathPrefixes:\n - infra/prod/\n - billing/\n - auth/\n requiresTests: true\n contents:\n denyReadPathPrefixes:\n - .env\n - secrets/\n - infra/prod/\n slack:\n messages:\n allowedChannels:\n - \"#axtary-dev\"\n stepUpExternalRecipients: true\ndemo:\n scenario: coding-agent\n";
|
|
244
432
|
export type InitRunInput = {
|
|
245
433
|
cwd?: string;
|
|
246
434
|
configPath?: string;
|
|
247
435
|
force?: boolean;
|
|
436
|
+
templateId?: string;
|
|
248
437
|
};
|
|
249
438
|
export type InitRunResult = {
|
|
250
439
|
schemaVersion: typeof INIT_SCHEMA_VERSION;
|
|
251
440
|
status: "created" | "exists";
|
|
252
441
|
configPath: string;
|
|
442
|
+
templateId: string | null;
|
|
443
|
+
policyTestPath: string | null;
|
|
253
444
|
};
|
|
254
445
|
export declare function runInit(input?: InitRunInput): Promise<InitRunResult>;
|
|
255
446
|
export declare function formatInitResult(result: InitRunResult): string;
|
|
256
447
|
export declare const MCP_SERVE_SCHEMA_VERSION = "axtary.mcp_serve.v0";
|
|
448
|
+
export declare const MCP_CONFORMANCE_RUN_SCHEMA_VERSION = "axtary.mcp_conformance_run.v0";
|
|
257
449
|
export type McpServeInput = {
|
|
258
450
|
configPath?: string;
|
|
259
451
|
cwd?: string;
|
|
260
452
|
ledgerPath?: string;
|
|
453
|
+
trustStorePath?: string;
|
|
454
|
+
dpopReplayStorePath?: string;
|
|
455
|
+
pinsPath?: string;
|
|
456
|
+
/**
|
|
457
|
+
* When true, a tool with no existing pin is quarantined until reviewed
|
|
458
|
+
* instead of trusted-on-first-use. Drift is always quarantined regardless.
|
|
459
|
+
*/
|
|
460
|
+
strict?: boolean;
|
|
261
461
|
wrap?: string;
|
|
462
|
+
wrapUrl?: string;
|
|
463
|
+
headers?: Record<string, string>;
|
|
464
|
+
oauth?: boolean;
|
|
465
|
+
oauthStore?: CredentialStore;
|
|
466
|
+
oauthFetch?: typeof fetch;
|
|
262
467
|
owner?: string;
|
|
263
468
|
input?: NodeJS.ReadableStream;
|
|
264
469
|
output?: NodeJS.WritableStream;
|
|
265
470
|
log?: (text: string) => void;
|
|
266
471
|
};
|
|
472
|
+
export type McpServeQuarantine = {
|
|
473
|
+
serverIdentity: string;
|
|
474
|
+
toolName: string;
|
|
475
|
+
reason: "definition_drifted" | "unpinned_strict";
|
|
476
|
+
discoveredHash: string;
|
|
477
|
+
pinnedHash: string | null;
|
|
478
|
+
};
|
|
267
479
|
export type McpServeHandle = {
|
|
268
480
|
schemaVersion: typeof MCP_SERVE_SCHEMA_VERSION;
|
|
269
481
|
ledgerPath: string;
|
|
482
|
+
trustStorePath: string;
|
|
483
|
+
dpopReplayStorePath: string;
|
|
484
|
+
pinsPath: string;
|
|
270
485
|
tools: Array<{
|
|
271
486
|
name: string;
|
|
272
487
|
serverIdentity: string;
|
|
273
488
|
definitionHash: string;
|
|
274
489
|
}>;
|
|
490
|
+
provenance: {
|
|
491
|
+
pinned: number;
|
|
492
|
+
pinnedOnFirstUse: number;
|
|
493
|
+
quarantined: McpServeQuarantine[];
|
|
494
|
+
};
|
|
275
495
|
done: Promise<void>;
|
|
276
496
|
close: () => Promise<void>;
|
|
277
497
|
};
|
|
278
498
|
export declare function startMcpServe(input?: McpServeInput): Promise<McpServeHandle>;
|
|
499
|
+
export declare function resolveActionPassTrustStorePath(cwd: string, trustStorePath?: string): string;
|
|
500
|
+
export declare function resolveDpopReplayStorePath(cwd: string, dpopReplayStorePath?: string): string;
|
|
501
|
+
export type McpWrapTarget = {
|
|
502
|
+
/** stdio command line (whitespace-split, no shell quoting). */
|
|
503
|
+
wrap?: string;
|
|
504
|
+
/** Streamable HTTP MCP endpoint URL. */
|
|
505
|
+
wrapUrl?: string;
|
|
506
|
+
/** Extra HTTP headers (e.g. Authorization) for the HTTP transport. */
|
|
507
|
+
headers?: Record<string, string>;
|
|
508
|
+
/**
|
|
509
|
+
* Resolve the upstream bearer from the local OAuth broker for this remote MCP
|
|
510
|
+
* server (RFC 9728/8707 session created by `axtary mcp login`). The token is
|
|
511
|
+
* injected only into the upstream request header — never persisted to pins,
|
|
512
|
+
* ledger, or status. Requires `wrapUrl`.
|
|
513
|
+
*/
|
|
514
|
+
oauth?: boolean;
|
|
515
|
+
/** Credential store + fetch overrides for OAuth bearer resolution (tests). */
|
|
516
|
+
oauthStore?: CredentialStore;
|
|
517
|
+
oauthFetch?: typeof fetch;
|
|
518
|
+
};
|
|
519
|
+
export declare const MCP_PINS_REPORT_SCHEMA_VERSION = "axtary.mcp_pins_report.v0";
|
|
520
|
+
export declare const MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION = "axtary.mcp_publisher_trust_report.v0";
|
|
521
|
+
export declare const MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION = "axtary.mcp_signed_definition_verify.v0";
|
|
522
|
+
export type McpPublisherTrustResult = {
|
|
523
|
+
schemaVersion: typeof MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION;
|
|
524
|
+
trustPath: string;
|
|
525
|
+
registered: string | null;
|
|
526
|
+
publishers: Array<{
|
|
527
|
+
publisher: string;
|
|
528
|
+
keys: Array<{
|
|
529
|
+
kid: string;
|
|
530
|
+
alg: string;
|
|
531
|
+
kty: string;
|
|
532
|
+
crv: string;
|
|
533
|
+
}>;
|
|
534
|
+
}>;
|
|
535
|
+
};
|
|
536
|
+
export declare function runMcpTrustPublisher(input: {
|
|
537
|
+
publisher: string;
|
|
538
|
+
jwksPath: string;
|
|
539
|
+
trustPath?: string;
|
|
540
|
+
cwd?: string;
|
|
541
|
+
}): Promise<McpPublisherTrustResult>;
|
|
542
|
+
export declare function runMcpPublishers(input?: {
|
|
543
|
+
trustPath?: string;
|
|
544
|
+
cwd?: string;
|
|
545
|
+
}): Promise<McpPublisherTrustResult>;
|
|
546
|
+
export declare function formatMcpPublishers(result: McpPublisherTrustResult): string;
|
|
547
|
+
export type McpSignedDefinitionVerifyResult = {
|
|
548
|
+
schemaVersion: typeof MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION;
|
|
549
|
+
trustPath: string;
|
|
550
|
+
definitionPath: string;
|
|
551
|
+
statementPath: string;
|
|
552
|
+
verification: McpSignedDefinitionVerification;
|
|
553
|
+
};
|
|
554
|
+
export declare function runMcpVerifyDefinition(input: {
|
|
555
|
+
definitionPath: string;
|
|
556
|
+
statementPath: string;
|
|
557
|
+
publisher: string;
|
|
558
|
+
trustPath?: string;
|
|
559
|
+
cwd?: string;
|
|
560
|
+
}): Promise<McpSignedDefinitionVerifyResult>;
|
|
561
|
+
export declare function formatMcpVerifyDefinition(result: McpSignedDefinitionVerifyResult): string;
|
|
562
|
+
export type McpPinsResult = {
|
|
563
|
+
schemaVersion: typeof MCP_PINS_REPORT_SCHEMA_VERSION;
|
|
564
|
+
pinsPath: string;
|
|
565
|
+
servers: Array<{
|
|
566
|
+
serverIdentity: string;
|
|
567
|
+
serverVersion: string | null;
|
|
568
|
+
tools: Array<{
|
|
569
|
+
toolName: string;
|
|
570
|
+
definitionHash: string;
|
|
571
|
+
schemaVersion: string;
|
|
572
|
+
pinnedAt: string;
|
|
573
|
+
publisher: string | null;
|
|
574
|
+
kid: string | null;
|
|
575
|
+
semver: string | null;
|
|
576
|
+
priorDefinitionHash: string | null;
|
|
577
|
+
}>;
|
|
578
|
+
}>;
|
|
579
|
+
};
|
|
580
|
+
export declare function runMcpPins(input: {
|
|
581
|
+
configPath?: string;
|
|
582
|
+
pinsPath?: string;
|
|
583
|
+
cwd?: string;
|
|
584
|
+
}): Promise<McpPinsResult>;
|
|
585
|
+
export declare function formatMcpPins(result: McpPinsResult): string;
|
|
586
|
+
export declare const MCP_REVIEW_SCHEMA_VERSION = "axtary.mcp_review.v0";
|
|
587
|
+
export type McpPublisherEvidence = {
|
|
588
|
+
trust: "verified" | "unsigned" | "untrusted" | "invalid";
|
|
589
|
+
publisher: string | null;
|
|
590
|
+
kid: string | null;
|
|
591
|
+
semver: string | null;
|
|
592
|
+
priorDefinitionHash: string | null;
|
|
593
|
+
chainVerdict: McpChainVerdict | null;
|
|
594
|
+
reason: string | null;
|
|
595
|
+
};
|
|
596
|
+
export type McpReviewEntry = McpPinReconcileEntry & {
|
|
597
|
+
publisherEvidence: McpPublisherEvidence;
|
|
598
|
+
};
|
|
599
|
+
export type McpReviewResult = {
|
|
600
|
+
schemaVersion: typeof MCP_REVIEW_SCHEMA_VERSION;
|
|
601
|
+
pinsPath: string;
|
|
602
|
+
trustPath: string;
|
|
603
|
+
signedDefinitionsPath: string;
|
|
604
|
+
accepted: boolean;
|
|
605
|
+
pinned: number;
|
|
606
|
+
pending: McpReviewEntry[];
|
|
607
|
+
tools: McpReviewEntry[];
|
|
608
|
+
};
|
|
609
|
+
export declare function runMcpReview(input: {
|
|
610
|
+
configPath?: string;
|
|
611
|
+
pinsPath?: string;
|
|
612
|
+
wrap?: string;
|
|
613
|
+
wrapUrl?: string;
|
|
614
|
+
headers?: Record<string, string>;
|
|
615
|
+
oauth?: boolean;
|
|
616
|
+
oauthStore?: CredentialStore;
|
|
617
|
+
oauthFetch?: typeof fetch;
|
|
618
|
+
publisherTrustPath?: string;
|
|
619
|
+
signedDefinitionsPath?: string;
|
|
620
|
+
accept?: boolean;
|
|
621
|
+
cwd?: string;
|
|
622
|
+
}): Promise<McpReviewResult>;
|
|
623
|
+
export declare function formatMcpReview(result: McpReviewResult): string;
|
|
624
|
+
export type McpConformanceRunInput = McpWrapTarget & {
|
|
625
|
+
configPath?: string;
|
|
626
|
+
pinsPath?: string;
|
|
627
|
+
ledgerPath?: string;
|
|
628
|
+
statusPath?: string;
|
|
629
|
+
attestationPath?: string;
|
|
630
|
+
keyPath?: string;
|
|
631
|
+
publisherTrustPath?: string;
|
|
632
|
+
signedDefinitionsPath?: string;
|
|
633
|
+
toolName: string;
|
|
634
|
+
arguments: Record<string, JsonValue>;
|
|
635
|
+
accept?: boolean;
|
|
636
|
+
owner?: string;
|
|
637
|
+
cwd?: string;
|
|
638
|
+
};
|
|
639
|
+
export type McpConformanceRunResult = {
|
|
640
|
+
schemaVersion: typeof MCP_CONFORMANCE_RUN_SCHEMA_VERSION;
|
|
641
|
+
pinsPath: string;
|
|
642
|
+
ledgerPath: string;
|
|
643
|
+
statusPath: string;
|
|
644
|
+
receipt: McpConformanceReceipt;
|
|
645
|
+
};
|
|
646
|
+
/**
|
|
647
|
+
* Exercise one explicitly selected live tool through the complete governed MCP
|
|
648
|
+
* path and persist a compact, secret-free receipt for operator surfaces.
|
|
649
|
+
*/
|
|
650
|
+
export declare function runMcpConformance(input: McpConformanceRunInput): Promise<McpConformanceRunResult>;
|
|
651
|
+
export declare function formatMcpConformance(result: McpConformanceRunResult): string;
|
|
652
|
+
export declare const MCP_DRIFT_DEMO_SCHEMA_VERSION = "axtary.mcp_drift_demo.v0";
|
|
653
|
+
export type McpDriftDemoPhase = {
|
|
654
|
+
isError: boolean;
|
|
655
|
+
text: string;
|
|
656
|
+
};
|
|
657
|
+
export type McpDriftDemoResult = {
|
|
658
|
+
schemaVersion: typeof MCP_DRIFT_DEMO_SCHEMA_VERSION;
|
|
659
|
+
tool: {
|
|
660
|
+
serverIdentity: string;
|
|
661
|
+
name: string;
|
|
662
|
+
};
|
|
663
|
+
approved: {
|
|
664
|
+
definitionHash: string;
|
|
665
|
+
description: string;
|
|
666
|
+
};
|
|
667
|
+
mutated: {
|
|
668
|
+
definitionHash: string;
|
|
669
|
+
description: string;
|
|
670
|
+
injectedInstruction: string;
|
|
671
|
+
};
|
|
672
|
+
phases: {
|
|
673
|
+
approvedCall: McpDriftDemoPhase;
|
|
674
|
+
driftedCall: McpDriftDemoPhase;
|
|
675
|
+
};
|
|
676
|
+
blocked: boolean;
|
|
677
|
+
blockReasons: string[];
|
|
678
|
+
mutatedInvokerCalled: boolean;
|
|
679
|
+
ledger: {
|
|
680
|
+
path: string;
|
|
681
|
+
valid: boolean;
|
|
682
|
+
records: Array<{
|
|
683
|
+
decision: string;
|
|
684
|
+
reasons: string[];
|
|
685
|
+
definitionHash: string | null;
|
|
686
|
+
}>;
|
|
687
|
+
};
|
|
688
|
+
};
|
|
689
|
+
/**
|
|
690
|
+
* The tool-poisoning counter, reproducible in one command: a wrapped MCP tool
|
|
691
|
+
* executes at its reviewed definition hash, then the definition mutates (a
|
|
692
|
+
* hidden instruction lands in the description) and the identical call is
|
|
693
|
+
* denied before the invoker runs — both hashes end up in the ledger.
|
|
694
|
+
*/
|
|
695
|
+
export declare function runMcpDriftDemo(input?: DemoRunInput): Promise<McpDriftDemoResult>;
|
|
279
696
|
export declare function runDemo(input?: DemoRunInput): Promise<DemoRunResult>;
|
|
697
|
+
export declare function runTemplateDemo(input: TemplateDemoRunInput): Promise<TemplateDemoRunResult>;
|
|
280
698
|
export declare function runSmokeTest(input?: SmokeTestInput, io?: CliIo): Promise<number>;
|
|
281
699
|
export declare function runConnectorDoctor(input?: ConnectorDoctorInput): Promise<ConnectorDoctorResult>;
|
|
282
700
|
export declare function runTestPolicy(input: PolicyTestRunInput): Promise<PolicyTestRunResult>;
|
|
701
|
+
export declare function runPolicySimulate(input: PolicySimulateRunInput): Promise<PolicySimulateRunResult>;
|
|
702
|
+
export declare function runPolicyHarness(input: PolicyHarnessRunInput): Promise<PolicyHarnessRunResult>;
|
|
703
|
+
/**
|
|
704
|
+
* Three-engine parity: evaluates every shared fixture through the native
|
|
705
|
+
* evaluator, the Cedar policy set, and the compiled Rego bundle, and reports
|
|
706
|
+
* whether decisions and reason sets agree. Cedar/Rego run via optional wasm
|
|
707
|
+
* engines (repo devDependencies) loaded through @axtary/policy/parity.
|
|
708
|
+
*/
|
|
709
|
+
export declare function runPolicyParity(input?: PolicyParityRunInput): Promise<PolicyParityRunResult>;
|
|
283
710
|
export declare function runLedgerExport(input?: LedgerExportRunInput): Promise<LedgerExportRunResult>;
|
|
284
711
|
export declare function runLedgerSync(input: LedgerSyncRunInput): Promise<LedgerSyncRunResult>;
|
|
712
|
+
export declare function runLedgerOtelExport(input: LedgerOtelExportRunInput): Promise<LedgerOtelExportRunResult>;
|
|
713
|
+
export type LedgerAttestRunInput = LedgerExportRunInput & {
|
|
714
|
+
/** Where to persist the local attestation key (defaults beside the ledger). */
|
|
715
|
+
keyPath?: string;
|
|
716
|
+
};
|
|
717
|
+
export type LedgerAttestRunResult = {
|
|
718
|
+
schemaVersion: typeof LEDGER_ATTEST_RUN_SCHEMA_VERSION;
|
|
719
|
+
config: {
|
|
720
|
+
filePath: string | null;
|
|
721
|
+
tenant: string;
|
|
722
|
+
};
|
|
723
|
+
ledgerPath: string;
|
|
724
|
+
keyPath: string;
|
|
725
|
+
keyId: string;
|
|
726
|
+
outputPath: string | null;
|
|
727
|
+
bundle: LedgerAttestationBundle;
|
|
728
|
+
};
|
|
729
|
+
export type LedgerVerifyExportRunInput = {
|
|
730
|
+
bundlePath: string;
|
|
731
|
+
issuer?: string;
|
|
732
|
+
cwd?: string;
|
|
733
|
+
json?: boolean;
|
|
734
|
+
};
|
|
735
|
+
export type LedgerVerifyExportRunResult = {
|
|
736
|
+
schemaVersion: typeof LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION;
|
|
737
|
+
bundlePath: string;
|
|
738
|
+
result: VerifyLedgerAttestationResult;
|
|
739
|
+
};
|
|
740
|
+
/**
|
|
741
|
+
* `axtary attest-ledger` — export the verified ledger and emit a signed,
|
|
742
|
+
* self-contained attestation bundle (export + JWS token + public key) that any
|
|
743
|
+
* third party can verify offline with only a JOSE library.
|
|
744
|
+
*/
|
|
745
|
+
export declare function runLedgerAttest(input?: LedgerAttestRunInput): Promise<LedgerAttestRunResult>;
|
|
746
|
+
/**
|
|
747
|
+
* `axtary verify-export` — the standalone verifier. Reads an attestation bundle
|
|
748
|
+
* and confirms the signature, the canonical export digest, and the record chain
|
|
749
|
+
* using only the bundle's embedded public key.
|
|
750
|
+
*/
|
|
751
|
+
export declare function runLedgerVerifyExport(input: LedgerVerifyExportRunInput): Promise<LedgerVerifyExportRunResult>;
|
|
752
|
+
export type LedgerProveInclusionRunInput = {
|
|
753
|
+
bundlePath: string;
|
|
754
|
+
recordId?: string;
|
|
755
|
+
index?: number;
|
|
756
|
+
outputPath?: string;
|
|
757
|
+
cwd?: string;
|
|
758
|
+
json?: boolean;
|
|
759
|
+
};
|
|
760
|
+
export type LedgerProveInclusionRunResult = {
|
|
761
|
+
schemaVersion: typeof LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION;
|
|
762
|
+
bundlePath: string;
|
|
763
|
+
outputPath: string | null;
|
|
764
|
+
proof: LedgerInclusionProof;
|
|
765
|
+
};
|
|
766
|
+
/**
|
|
767
|
+
* `axtary prove-inclusion` — emit an RFC 6962 inclusion proof for one record in
|
|
768
|
+
* an attestation bundle. The proof's `merkleRoot` matches the bundle's signed
|
|
769
|
+
* tree head, so a third party can verify it against the signed attestation.
|
|
770
|
+
*/
|
|
771
|
+
export declare function runLedgerProveInclusion(input: LedgerProveInclusionRunInput): Promise<LedgerProveInclusionRunResult>;
|
|
772
|
+
export type LedgerProveConsistencyRunInput = {
|
|
773
|
+
firstBundlePath: string;
|
|
774
|
+
secondBundlePath: string;
|
|
775
|
+
outputPath?: string;
|
|
776
|
+
cwd?: string;
|
|
777
|
+
json?: boolean;
|
|
778
|
+
};
|
|
779
|
+
export type LedgerProveConsistencyRunResult = {
|
|
780
|
+
schemaVersion: typeof LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION;
|
|
781
|
+
firstBundlePath: string;
|
|
782
|
+
secondBundlePath: string;
|
|
783
|
+
outputPath: string | null;
|
|
784
|
+
proof: LedgerConsistencyProof;
|
|
785
|
+
};
|
|
786
|
+
/**
|
|
787
|
+
* `axtary prove-consistency` — emit an RFC 6962 consistency proof showing the
|
|
788
|
+
* second attestation's log append-only-extends the first. The proof binds both
|
|
789
|
+
* bundles' signed tree-head roots.
|
|
790
|
+
*/
|
|
791
|
+
export declare function runLedgerProveConsistency(input: LedgerProveConsistencyRunInput): Promise<LedgerProveConsistencyRunResult>;
|
|
792
|
+
export type LedgerVerifyProofRunInput = {
|
|
793
|
+
proofPath: string;
|
|
794
|
+
bundlePath?: string;
|
|
795
|
+
firstBundlePath?: string;
|
|
796
|
+
secondBundlePath?: string;
|
|
797
|
+
issuer?: string;
|
|
798
|
+
cwd?: string;
|
|
799
|
+
json?: boolean;
|
|
800
|
+
};
|
|
801
|
+
export type LedgerVerifyProofRunResult = {
|
|
802
|
+
schemaVersion: typeof LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION;
|
|
803
|
+
proofType: "inclusion" | "consistency";
|
|
804
|
+
attestationValid: boolean;
|
|
805
|
+
proofResult: ProofVerificationResult;
|
|
806
|
+
valid: boolean;
|
|
807
|
+
};
|
|
808
|
+
/**
|
|
809
|
+
* `axtary verify-proof` — the standalone proof verifier. It re-verifies the
|
|
810
|
+
* signed tree head(s) from the bundle(s), then binds the inclusion/consistency
|
|
811
|
+
* proof to those signed roots, failing closed on any mismatch.
|
|
812
|
+
*/
|
|
813
|
+
export declare function runLedgerVerifyProof(input: LedgerVerifyProofRunInput): Promise<LedgerVerifyProofRunResult>;
|
|
814
|
+
export type LedgerForensicsRunInput = {
|
|
815
|
+
bundlePath?: string;
|
|
816
|
+
ledgerPath?: string;
|
|
817
|
+
configPath?: string;
|
|
818
|
+
cwd?: string;
|
|
819
|
+
json?: boolean;
|
|
820
|
+
};
|
|
821
|
+
export type LedgerForensicsRunResult = {
|
|
822
|
+
schemaVersion: typeof LEDGER_FORENSICS_RUN_SCHEMA_VERSION;
|
|
823
|
+
source: string;
|
|
824
|
+
evidence: "verified_attestation_bundle" | "verified_local_ledger";
|
|
825
|
+
report: ForensicReport;
|
|
826
|
+
};
|
|
827
|
+
/**
|
|
828
|
+
* `axtary forensics` — offline reconstruction of a delegation+execution incident
|
|
829
|
+
* from the ledger alone, asserting attenuation / reconstructibility / cascade
|
|
830
|
+
* containment. Reads an attestation bundle when given (so analysis runs over
|
|
831
|
+
* attested evidence), otherwise the local ledger.
|
|
832
|
+
*/
|
|
833
|
+
export declare function runLedgerForensics(input: LedgerForensicsRunInput): Promise<LedgerForensicsRunResult>;
|
|
834
|
+
export type ConnectRunInput = {
|
|
835
|
+
provider: string;
|
|
836
|
+
clientId?: string;
|
|
837
|
+
clientIdEnv?: string;
|
|
838
|
+
clientSecretEnv?: string;
|
|
839
|
+
redirectPort?: number;
|
|
840
|
+
redirectUri?: string;
|
|
841
|
+
cloudId?: string;
|
|
842
|
+
json?: boolean;
|
|
843
|
+
env?: Record<string, string | undefined>;
|
|
844
|
+
fetch?: typeof fetch;
|
|
845
|
+
store?: CredentialStore;
|
|
846
|
+
openBrowser?: (url: string) => void | Promise<void>;
|
|
847
|
+
onListening?: (port: number) => void;
|
|
848
|
+
stdout?: (text: string) => void;
|
|
849
|
+
};
|
|
850
|
+
export type ConnectRunResult = {
|
|
851
|
+
schemaVersion: typeof CONNECT_RUN_SCHEMA_VERSION;
|
|
852
|
+
provider: string;
|
|
853
|
+
account: string | null;
|
|
854
|
+
scopes: string[];
|
|
855
|
+
expiresAt: string | null;
|
|
856
|
+
secretBackend: "keychain" | "file";
|
|
857
|
+
context?: Record<string, string>;
|
|
858
|
+
};
|
|
859
|
+
/**
|
|
860
|
+
* `axtary connect <provider>` — local-loopback OAuth so a customer clicks
|
|
861
|
+
* "Allow" in the browser instead of hand-pasting a bot token. The customer
|
|
862
|
+
* brings their own OAuth app (client id/secret stay in local env, never reach
|
|
863
|
+
* Axtary); the obtained token is stored in the local credential broker (OS
|
|
864
|
+
* keychain or a 0600 file), never echoed.
|
|
865
|
+
*/
|
|
866
|
+
export declare function runConnect(input: ConnectRunInput): Promise<ConnectRunResult>;
|
|
867
|
+
export declare function runDisconnect(input: {
|
|
868
|
+
provider: string;
|
|
869
|
+
store?: CredentialStore;
|
|
870
|
+
}): Promise<{
|
|
871
|
+
provider: string;
|
|
872
|
+
removed: boolean;
|
|
873
|
+
}>;
|
|
874
|
+
export type ConnectionsRunResult = {
|
|
875
|
+
schemaVersion: typeof CONNECTIONS_SCHEMA_VERSION;
|
|
876
|
+
connections: CredentialMetadata[];
|
|
877
|
+
};
|
|
878
|
+
export declare function runConnections(input?: {
|
|
879
|
+
store?: CredentialStore;
|
|
880
|
+
}): Promise<ConnectionsRunResult>;
|
|
881
|
+
export type ActionPassRevokeRunInput = {
|
|
882
|
+
passId: string;
|
|
883
|
+
trustStorePath?: string;
|
|
884
|
+
statusStorePath?: string;
|
|
885
|
+
ledgerPath?: string;
|
|
886
|
+
configPath?: string;
|
|
887
|
+
cwd?: string;
|
|
888
|
+
revokedBy?: string;
|
|
889
|
+
reason?: string;
|
|
890
|
+
revokedAt?: Date;
|
|
891
|
+
};
|
|
892
|
+
export type ActionPassRevokeRunResult = {
|
|
893
|
+
schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
|
|
894
|
+
trustStorePath: string;
|
|
895
|
+
revocation: ActionPassRevocation;
|
|
896
|
+
statusStorePath: string | null;
|
|
897
|
+
ledgerPath: string | null;
|
|
898
|
+
ledgerEventId: string | null;
|
|
899
|
+
};
|
|
900
|
+
export declare function runActionPassRevoke(input: ActionPassRevokeRunInput): Promise<ActionPassRevokeRunResult>;
|
|
901
|
+
export declare function runActionPassRevocations(input?: {
|
|
902
|
+
trustStorePath?: string;
|
|
903
|
+
cwd?: string;
|
|
904
|
+
}): Promise<{
|
|
905
|
+
schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
|
|
906
|
+
trustStorePath: string;
|
|
907
|
+
revocations: ActionPassRevocation[];
|
|
908
|
+
}>;
|
|
909
|
+
export declare function runIssuerKeyring(input?: {
|
|
910
|
+
keyringPath?: string;
|
|
911
|
+
cwd?: string;
|
|
912
|
+
rotate?: boolean;
|
|
913
|
+
retireAfterSeconds?: number;
|
|
914
|
+
}): Promise<{
|
|
915
|
+
schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
|
|
916
|
+
keyringPath: string;
|
|
917
|
+
activeKid: string;
|
|
918
|
+
keys: Array<{
|
|
919
|
+
kid: string;
|
|
920
|
+
status: "active" | "retired";
|
|
921
|
+
createdAt: string;
|
|
922
|
+
retireAfter: string | null;
|
|
923
|
+
}>;
|
|
924
|
+
jwks: ReturnType<typeof issuerJwks>;
|
|
925
|
+
}>;
|
|
926
|
+
export declare function runActionPassStatus(input?: {
|
|
927
|
+
statusStorePath?: string;
|
|
928
|
+
cwd?: string;
|
|
929
|
+
}): Promise<{
|
|
930
|
+
schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
|
|
931
|
+
statusStorePath: string;
|
|
932
|
+
uri: string;
|
|
933
|
+
entries: Array<{
|
|
934
|
+
passId: string;
|
|
935
|
+
index: number;
|
|
936
|
+
status: number;
|
|
937
|
+
updatedAt: string;
|
|
938
|
+
}>;
|
|
939
|
+
}>;
|
|
940
|
+
export declare function runCaepMap(input: {
|
|
941
|
+
issuer: string;
|
|
942
|
+
subject: SsfSubjectIdentifier;
|
|
943
|
+
rootPassIds: string[];
|
|
944
|
+
mappingPath?: string;
|
|
945
|
+
cwd?: string;
|
|
946
|
+
}): Promise<{
|
|
947
|
+
schemaVersion: typeof CAEP_MAPPING_RUN_SCHEMA_VERSION;
|
|
948
|
+
mappingPath: string;
|
|
949
|
+
mapping: Awaited<ReturnType<LocalCaepMappingStore["put"]>>;
|
|
950
|
+
}>;
|
|
285
951
|
export declare function runRealWorkflow(input?: RealWorkflowRunInput): Promise<RealWorkflowRunResult>;
|
|
952
|
+
export declare const GITHUB_DEPTH_RUN_SCHEMA_VERSION = "axtary.github_depth_run.v0";
|
|
953
|
+
export type GitHubDepthRunResult = {
|
|
954
|
+
schemaVersion: typeof GITHUB_DEPTH_RUN_SCHEMA_VERSION;
|
|
955
|
+
workflow: "github-depth";
|
|
956
|
+
config: {
|
|
957
|
+
filePath: string | null;
|
|
958
|
+
tenant: string;
|
|
959
|
+
};
|
|
960
|
+
ledgerPath: string;
|
|
961
|
+
status: "completed" | "blocked" | "failed";
|
|
962
|
+
requiredModes: {
|
|
963
|
+
github: "app";
|
|
964
|
+
};
|
|
965
|
+
inputs: {
|
|
966
|
+
repoResource: string;
|
|
967
|
+
issueKey: string;
|
|
968
|
+
baseBranch: string;
|
|
969
|
+
headBranch: string;
|
|
970
|
+
prTitle: string;
|
|
971
|
+
checkName: string;
|
|
972
|
+
reviewLine: number;
|
|
973
|
+
};
|
|
974
|
+
target: {
|
|
975
|
+
pullNumber: number;
|
|
976
|
+
headSha: string;
|
|
977
|
+
path: string;
|
|
978
|
+
line: number;
|
|
979
|
+
} | null;
|
|
980
|
+
steps: RealWorkflowStepResult[];
|
|
981
|
+
ledger: DemoRunResult["ledger"];
|
|
982
|
+
};
|
|
983
|
+
/**
|
|
984
|
+
* GitHub-only depth proof: open a draft PR in the sandbox repo, then exercise
|
|
985
|
+
* the three M7.3 write tools against that PR — an inline review comment, a check
|
|
986
|
+
* run on its head commit, and a conversation comment — each governed by policy,
|
|
987
|
+
* payload-bound by an ActionPass, and written to the ledger as a decision +
|
|
988
|
+
* execution-outcome pair. Requires only the GitHub credential.
|
|
989
|
+
*/
|
|
990
|
+
export declare function runGitHubDepthWorkflow(input?: RealWorkflowRunInput): Promise<GitHubDepthRunResult>;
|
|
991
|
+
export declare const POSTGRES_READ_RUN_SCHEMA_VERSION = "axtary.postgres_read_run.v0";
|
|
992
|
+
export type PostgresReadRunResult = {
|
|
993
|
+
schemaVersion: typeof POSTGRES_READ_RUN_SCHEMA_VERSION;
|
|
994
|
+
workflow: "postgres-read";
|
|
995
|
+
config: {
|
|
996
|
+
filePath: string | null;
|
|
997
|
+
tenant: string;
|
|
998
|
+
};
|
|
999
|
+
ledgerPath: string;
|
|
1000
|
+
status: "completed" | "blocked" | "failed";
|
|
1001
|
+
requiredModes: {
|
|
1002
|
+
postgres: "postgres";
|
|
1003
|
+
};
|
|
1004
|
+
inputs: {
|
|
1005
|
+
databaseResource: string;
|
|
1006
|
+
statementHash: string | null;
|
|
1007
|
+
predicateHash: string | null;
|
|
1008
|
+
tables: string[];
|
|
1009
|
+
parameterCount: number;
|
|
1010
|
+
parameterHash: string;
|
|
1011
|
+
maxRows: number;
|
|
1012
|
+
};
|
|
1013
|
+
step: RealWorkflowStepResult;
|
|
1014
|
+
ledger: DemoRunResult["ledger"];
|
|
1015
|
+
};
|
|
1016
|
+
export declare function runPostgresReadWorkflow(input?: RealWorkflowRunInput): Promise<PostgresReadRunResult>;
|
|
1017
|
+
export declare const DRIVE_READ_RUN_SCHEMA_VERSION = "axtary.drive_read_run.v0";
|
|
1018
|
+
export type DriveReadRunResult = {
|
|
1019
|
+
schemaVersion: typeof DRIVE_READ_RUN_SCHEMA_VERSION;
|
|
1020
|
+
workflow: "drive-read";
|
|
1021
|
+
config: {
|
|
1022
|
+
filePath: string | null;
|
|
1023
|
+
tenant: string;
|
|
1024
|
+
};
|
|
1025
|
+
ledgerPath: string;
|
|
1026
|
+
status: "completed" | "blocked" | "failed";
|
|
1027
|
+
requiredModes: {
|
|
1028
|
+
drive: "rest";
|
|
1029
|
+
};
|
|
1030
|
+
inputs: {
|
|
1031
|
+
fileId: string;
|
|
1032
|
+
resource: string;
|
|
1033
|
+
maxBytes: number;
|
|
1034
|
+
source: "argument" | "picker_context" | "config";
|
|
1035
|
+
};
|
|
1036
|
+
step: RealWorkflowStepResult;
|
|
1037
|
+
ledger: DemoRunResult["ledger"];
|
|
1038
|
+
};
|
|
1039
|
+
export declare function runDriveReadWorkflow(input?: RealWorkflowRunInput): Promise<DriveReadRunResult>;
|
|
286
1040
|
export declare function runAxtaryCli(argv?: string[], io?: CliIo): Promise<number>;
|
|
1041
|
+
/**
|
|
1042
|
+
* The tamper-outcome line, with the three states kept distinct: blocked
|
|
1043
|
+
* (the win), not-blocked (a real security failure), and not-reached (a prior
|
|
1044
|
+
* step failed before Slack, so the tamper was never exercised — must never be
|
|
1045
|
+
* reported as the tampered payload executing).
|
|
1046
|
+
*/
|
|
1047
|
+
export declare function tamperOutcomeLine(tamper: RealWorkflowTamperEvidence): string;
|
|
287
1048
|
//# sourceMappingURL=index.d.ts.map
|