@axtary/cli 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/README.md +122 -12
  2. package/dist/bin.js +10 -0
  3. package/dist/bin.js.map +1 -1
  4. package/dist/claude-code-hook.d.ts +20 -0
  5. package/dist/claude-code-hook.d.ts.map +1 -1
  6. package/dist/claude-code-hook.js +114 -34
  7. package/dist/claude-code-hook.js.map +1 -1
  8. package/dist/codex-hook.d.ts +48 -0
  9. package/dist/codex-hook.d.ts.map +1 -0
  10. package/dist/codex-hook.js +259 -0
  11. package/dist/codex-hook.js.map +1 -0
  12. package/dist/credentials.d.ts +101 -0
  13. package/dist/credentials.d.ts.map +1 -0
  14. package/dist/credentials.js +277 -0
  15. package/dist/credentials.js.map +1 -0
  16. package/dist/cursor-hook.d.ts +51 -0
  17. package/dist/cursor-hook.d.ts.map +1 -0
  18. package/dist/cursor-hook.js +214 -0
  19. package/dist/cursor-hook.js.map +1 -0
  20. package/dist/hook-install.d.ts +21 -0
  21. package/dist/hook-install.d.ts.map +1 -0
  22. package/dist/hook-install.js +179 -0
  23. package/dist/hook-install.js.map +1 -0
  24. package/dist/index.d.ts +768 -7
  25. package/dist/index.d.ts.map +1 -1
  26. package/dist/index.js +6132 -1050
  27. package/dist/index.js.map +1 -1
  28. package/dist/mcp-fs-normalize.d.ts +18 -0
  29. package/dist/mcp-fs-normalize.d.ts.map +1 -0
  30. package/dist/mcp-fs-normalize.js +39 -0
  31. package/dist/mcp-fs-normalize.js.map +1 -0
  32. package/dist/mcp-oauth.d.ts +67 -0
  33. package/dist/mcp-oauth.d.ts.map +1 -0
  34. package/dist/mcp-oauth.js +242 -0
  35. package/dist/mcp-oauth.js.map +1 -0
  36. package/dist/oauth.d.ts +90 -0
  37. package/dist/oauth.d.ts.map +1 -0
  38. package/dist/oauth.js +339 -0
  39. package/dist/oauth.js.map +1 -0
  40. package/dist/render.d.ts +103 -0
  41. package/dist/render.d.ts.map +1 -0
  42. package/dist/render.js +172 -0
  43. package/dist/render.js.map +1 -0
  44. package/dist/shell-file-normalize.d.ts +21 -0
  45. package/dist/shell-file-normalize.d.ts.map +1 -0
  46. package/dist/shell-file-normalize.js +269 -0
  47. package/dist/shell-file-normalize.js.map +1 -0
  48. package/package.json +14 -9
package/dist/index.d.ts CHANGED
@@ -1,24 +1,58 @@
1
- import { type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
2
- import { type FakeAdapterState } from "@axtary/adapters";
3
- import { type LedgerExport, type LedgerExportFormat, type LedgerSyncResult } from "@axtary/ledger";
4
- import { type PolicyConfig } from "@axtary/policy";
1
+ import { LocalCaepMappingStore, issuerJwks, type SsfSubjectIdentifier, type ActionPassRevocation, type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
2
+ import { type FakeAdapterState, type PostgresQueryClient } from "@axtary/adapters";
3
+ import { type LedgerAttestationBundle, type LedgerConsistencyProof, type LedgerExport, type LedgerExportFormat, type OtelTraceExportResult, type ForensicReport, type LedgerInclusionProof, type LedgerSyncResult, type ProofVerificationResult, type VerifyLedgerAttestationResult } from "@axtary/ledger";
4
+ import { type McpConformanceReceipt, type McpChainVerdict, type McpPinReconcileEntry, type McpSignedDefinitionVerification } from "@axtary/mcp";
5
+ import { type PolicyConfig, type PolicyFixtureResult as PolicyTemplateFixtureResult, type PolicyTemplate, type PolicySimulation } from "@axtary/policy";
5
6
  import { type ProxyHandleResult } from "@axtary/proxy";
7
+ import { type CredentialMetadata, type CredentialStore } from "./credentials.js";
8
+ export { HOOK_INSTALL_SCHEMA_VERSION, installRuntimeHook, type HookInstallRuntime, type HookInstallResult, } from "./hook-install.js";
6
9
  export { CLAUDE_CODE_HOOK_SCHEMA_VERSION, normalizeClaudeCodeToolCall, parseClaudeCodeHookPayload, runClaudeCodeHook, type ClaudeCodeHookPayload, type ClaudeCodeHookRunInput, type ClaudeCodeHookRunResult, } from "./claude-code-hook.js";
10
+ export { CURSOR_HOOK_SCHEMA_VERSION, normalizeCursorToolCall, parseCursorHookPayload, runCursorHook, type CursorHookPayload, type CursorHookRunInput, type CursorHookRunResult, } from "./cursor-hook.js";
11
+ export { CODEX_HOOK_SCHEMA_VERSION, classifyShellCommand, normalizeCodexToolCall, parseCodexHookPayload, runCodexHook, type CodexHookPayload, type CodexHookRunInput, type CodexHookRunResult, } from "./codex-hook.js";
7
12
  export declare const DEMO_SCHEMA_VERSION = "axtary.demo.v0";
13
+ export declare const TEMPLATE_DEMO_SCHEMA_VERSION = "axtary.template_demo.v0";
8
14
  export declare const POLICY_TEST_SCHEMA_VERSION = "axtary.policy_test.v0";
15
+ export declare const POLICY_HARNESS_SCHEMA_VERSION = "axtary.policy_harness.v0";
16
+ export declare const POLICY_SIMULATE_RUN_SCHEMA_VERSION = "axtary.policy_simulate_run.v0";
9
17
  export declare const LOCAL_PROXY_SCHEMA_VERSION = "axtary.local_proxy.v0";
10
18
  export declare const LEDGER_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_export_run.v0";
11
19
  export declare const LEDGER_SYNC_RUN_SCHEMA_VERSION = "axtary.ledger_sync_run.v0";
20
+ export declare const LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_otel_export_run.v0";
21
+ export declare const LEDGER_ATTEST_RUN_SCHEMA_VERSION = "axtary.ledger_attest_run.v0";
22
+ export declare const LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_verify_export_run.v0";
23
+ export declare const LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION = "axtary.ledger_prove_inclusion_run.v0";
24
+ export declare const LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION = "axtary.ledger_prove_consistency_run.v0";
25
+ export declare const LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION = "axtary.ledger_verify_proof_run.v0";
26
+ export declare const LEDGER_FORENSICS_RUN_SCHEMA_VERSION = "axtary.ledger_forensics_run.v0";
27
+ export declare const ATTESTATION_KEY_SCHEMA_VERSION = "axtary.attestation_key.v0";
12
28
  export declare const CONNECTOR_DOCTOR_SCHEMA_VERSION = "axtary.connector_doctor.v0";
13
29
  export declare const REAL_WORKFLOW_RUN_SCHEMA_VERSION = "axtary.real_workflow_run.v0";
30
+ export declare const CONNECT_RUN_SCHEMA_VERSION = "axtary.connect_run.v0";
31
+ export declare const CONNECTIONS_SCHEMA_VERSION = "axtary.connections.v0";
32
+ export declare const ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION = "axtary.actionpass_revocation_run.v0";
33
+ export declare const DEFAULT_ACTIONPASS_TRUST_STORE_PATH = ".axtary/actionpass-trust-store.json";
34
+ export declare const DEFAULT_DPOP_REPLAY_STORE_PATH = ".axtary/dpop-replay-store.jsonl";
35
+ export declare const ACTIONPASS_STATUS_RUN_SCHEMA_VERSION = "axtary.actionpass_status_run.v0";
36
+ export declare const CAEP_MAPPING_RUN_SCHEMA_VERSION = "axtary.caep_mapping_run.v0";
14
37
  export type DemoRunInput = {
15
38
  configPath?: string;
16
39
  ledgerPath?: string;
40
+ trustStorePath?: string;
41
+ dpopReplayStorePath?: string;
42
+ statusListUri?: string;
17
43
  cwd?: string;
18
44
  };
45
+ export type TemplateDemoRunInput = {
46
+ configPath?: string;
47
+ cwd?: string;
48
+ templateId: string;
49
+ };
19
50
  export type ProxyServerInput = DemoRunInput & {
20
51
  host?: string;
21
52
  port?: number;
53
+ otlpEndpoint?: string;
54
+ otlpServiceName?: string;
55
+ otlpTimeoutMs?: number;
22
56
  };
23
57
  export type ProxyServerHandle = {
24
58
  schemaVersion: typeof LOCAL_PROXY_SCHEMA_VERSION;
@@ -26,14 +60,33 @@ export type ProxyServerHandle = {
26
60
  host: string;
27
61
  port: number;
28
62
  ledgerPath: string;
63
+ trustStorePath: string;
64
+ dpopReplayStorePath: string;
65
+ issuerKeyringPath: string;
66
+ statusStorePath: string;
67
+ statusListUri: string;
68
+ caep: {
69
+ enabled: boolean;
70
+ mappingPath: string;
71
+ replayPath: string;
72
+ issuer: string | null;
73
+ };
74
+ otel: {
75
+ enabled: boolean;
76
+ endpoint: string | null;
77
+ serviceName: string | null;
78
+ };
29
79
  adapters: FakeAdapterState;
30
80
  adapterModes: {
31
- github: "fake" | "rest";
81
+ github: "fake" | "rest" | "app";
32
82
  slack: "fake" | "web";
33
83
  linear: "fake" | "graphql";
84
+ jira: "fake" | "rest";
34
85
  aws: "off" | "rest";
35
86
  gcp: "off" | "rest";
36
87
  docs: "off" | "local";
88
+ postgres: "off" | "postgres";
89
+ drive: "off" | "rest";
37
90
  mcp: "fixture";
38
91
  };
39
92
  close: () => Promise<void>;
@@ -70,6 +123,45 @@ export type PolicyTestRunResult = {
70
123
  failed: number;
71
124
  results: PolicyFixtureResult[];
72
125
  };
126
+ export type PolicySimulateRunInput = {
127
+ actionPath: string;
128
+ configPath?: string;
129
+ cwd?: string;
130
+ };
131
+ export type PolicySimulateRunResult = {
132
+ schemaVersion: typeof POLICY_SIMULATE_RUN_SCHEMA_VERSION;
133
+ config: {
134
+ filePath: string | null;
135
+ policyVersion: string;
136
+ };
137
+ actionPath: string;
138
+ simulation: PolicySimulation;
139
+ };
140
+ export type PolicyHarnessRunInput = {
141
+ harnessPath: string;
142
+ configPath?: string;
143
+ cwd?: string;
144
+ };
145
+ export type PolicyHarnessRunResult = {
146
+ schemaVersion: typeof POLICY_HARNESS_SCHEMA_VERSION;
147
+ config: {
148
+ filePath: string | null;
149
+ policyVersion: string;
150
+ };
151
+ harnessPath: string;
152
+ passed: boolean;
153
+ total: number;
154
+ failed: number;
155
+ results: Array<{
156
+ name: string;
157
+ passed: boolean;
158
+ expectedDecision: string;
159
+ actualDecision: string;
160
+ expectedRule: string | null;
161
+ actualRule: string | null;
162
+ actualReasons: string[];
163
+ }>;
164
+ };
73
165
  export type DemoActionResult = {
74
166
  name: string;
75
167
  tool: string;
@@ -94,8 +186,12 @@ export type DemoRunResult = {
94
186
  github: "fake";
95
187
  slack: "fake";
96
188
  linear: "fake";
189
+ jira: "fake";
97
190
  aws: "off";
98
191
  gcp: "off";
192
+ docs: "local";
193
+ postgres: "off";
194
+ drive: "off";
99
195
  mcp: "fixture";
100
196
  };
101
197
  ledger: {
@@ -105,6 +201,23 @@ export type DemoRunResult = {
105
201
  failure: string | null;
106
202
  };
107
203
  };
204
+ export type TemplateDemoRunResult = {
205
+ schemaVersion: typeof TEMPLATE_DEMO_SCHEMA_VERSION;
206
+ template: {
207
+ id: string;
208
+ name: string;
209
+ decisionModel: PolicyTemplate["decisionModel"];
210
+ };
211
+ config: {
212
+ filePath: string | null;
213
+ policyVersion: string;
214
+ };
215
+ mode: "policy_only";
216
+ passed: boolean;
217
+ total: number;
218
+ failed: number;
219
+ results: PolicyTemplateFixtureResult[];
220
+ };
108
221
  export type CliIo = {
109
222
  stdout?: (text: string) => void;
110
223
  stderr?: (text: string) => void;
@@ -115,10 +228,11 @@ export declare function authorizeDecisionHints(decision: PolicyDecision, policy:
115
228
  type SmokeTestInput = DemoRunInput & {
116
229
  env?: Record<string, string | undefined>;
117
230
  fetch?: typeof fetch;
231
+ store?: CredentialStore;
118
232
  };
119
233
  type ConnectorDoctorInput = SmokeTestInput;
120
234
  export type ConnectorDoctorProviderStatus = {
121
- provider: "github" | "slack" | "linear" | "aws" | "gcp" | "docs";
235
+ provider: "github" | "slack" | "linear" | "jira" | "aws" | "gcp" | "docs" | "drive" | "postgres";
122
236
  mode: string;
123
237
  status: "ready" | "missing" | "failed" | "skipped";
124
238
  capability: "real-write" | "read-only" | "local-read" | "fake" | "off";
@@ -138,6 +252,37 @@ export type ConnectorDoctorResult = {
138
252
  status: "ready" | "needs_setup";
139
253
  providers: ConnectorDoctorProviderStatus[];
140
254
  };
255
+ export declare const POLICY_PARITY_SCHEMA_VERSION = "axtary.policy_parity.v0";
256
+ export type PolicyParityRunInput = {
257
+ configPath?: string;
258
+ cwd?: string;
259
+ fixturesPath?: string;
260
+ cedarPath?: string;
261
+ regoWasmPath?: string;
262
+ };
263
+ export type PolicyParityFixtureResult = {
264
+ id: string;
265
+ passed: boolean;
266
+ expected: {
267
+ decision: string;
268
+ reasons: string[];
269
+ };
270
+ engines: Record<string, {
271
+ decision: string;
272
+ reasons: string[];
273
+ }>;
274
+ };
275
+ export type PolicyParityRunResult = {
276
+ schemaVersion: typeof POLICY_PARITY_SCHEMA_VERSION;
277
+ engines: string[];
278
+ fixturesPath: string;
279
+ cedarPath: string;
280
+ regoWasmPath: string;
281
+ passed: boolean;
282
+ total: number;
283
+ failed: number;
284
+ results: PolicyParityFixtureResult[];
285
+ };
141
286
  export type LedgerExportRunInput = DemoRunInput & {
142
287
  from?: string;
143
288
  to?: string;
@@ -173,6 +318,22 @@ export type LedgerSyncRunResult = {
173
318
  endpoint: string;
174
319
  sync: LedgerSyncResult;
175
320
  };
321
+ export type LedgerOtelExportRunInput = LedgerExportRunInput & {
322
+ endpoint: string;
323
+ serviceName?: string;
324
+ timeoutMs?: number;
325
+ fetch?: typeof fetch;
326
+ };
327
+ export type LedgerOtelExportRunResult = {
328
+ schemaVersion: typeof LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION;
329
+ config: {
330
+ filePath: string | null;
331
+ tenant: string;
332
+ };
333
+ ledgerPath: string;
334
+ endpoint: string;
335
+ export: OtelTraceExportResult;
336
+ };
176
337
  export type RealWorkflowRunInput = DemoRunInput & {
177
338
  env?: Record<string, string | undefined>;
178
339
  fetch?: typeof fetch;
@@ -186,7 +347,26 @@ export type RealWorkflowRunInput = DemoRunInput & {
186
347
  prTitle?: string;
187
348
  approvedBy?: string;
188
349
  approveStepUp?: boolean;
350
+ hostedApproval?: boolean;
351
+ approvalEndpoint?: string;
352
+ approvalTokenEnv?: string;
353
+ approvalPollIntervalSeconds?: number;
354
+ approvalTimeoutSeconds?: number;
355
+ onApprovalPending?: (info: {
356
+ requestId: string;
357
+ endpoint: string;
358
+ }) => void;
359
+ store?: CredentialStore;
189
360
  tamper?: boolean;
361
+ checkName?: string;
362
+ reviewLine?: number;
363
+ databaseResource?: string;
364
+ sqlStatement?: string;
365
+ sqlParameters?: JsonValue[];
366
+ maxRows?: number;
367
+ postgresClientFactory?: (connectionString: string) => PostgresQueryClient;
368
+ driveFileId?: string;
369
+ maxReadBytes?: number;
190
370
  };
191
371
  export type RealWorkflowTamperEvidence = {
192
372
  step: string;
@@ -194,6 +374,14 @@ export type RealWorkflowTamperEvidence = {
194
374
  mutation: string;
195
375
  approvedPayloadHash: string;
196
376
  attemptedPayloadHash: string;
377
+ /**
378
+ * Whether the tamper step actually ran. A prior step failing (e.g. a
379
+ * GitHub branch collision on re-run) aborts the workflow before the Slack
380
+ * step, leaving the tamper unexercised. This must be distinguished from a
381
+ * step that ran and was not blocked, so a benign prior failure can never
382
+ * be misreported as "the tampered payload executed".
383
+ */
384
+ reached: boolean;
197
385
  blocked: boolean;
198
386
  blockReasons: string[];
199
387
  };
@@ -240,48 +428,621 @@ export type RealWorkflowRunResult = {
240
428
  };
241
429
  export declare function startProxyServer(input?: ProxyServerInput): Promise<ProxyServerHandle>;
242
430
  export declare const INIT_SCHEMA_VERSION = "axtary.init.v0";
243
- export declare const INIT_CONFIG_TEMPLATE: string;
431
+ export declare const INIT_CONFIG_TEMPLATE = "schemaVersion: axtary.config.v0\nissuer: https://local.axtary.dev\ntenant: org:local\nledger:\n path: .axtary/actions.jsonl\nruntime:\n allowUnsignedExecution: false\n handlerTimeoutMs: 10000\n status:\n enabled: true\n keyringPath: .axtary/keys/actionpass-issuer-keyring.json\n storePath: .axtary/actionpass-status.json\n ttlSeconds: 60\n expiresInSeconds: 120\n caep:\n enabled: false\n mappingPath: .axtary/caep-mappings.json\n replayPath: .axtary/ssf-replay.json\nadapters:\n # Start in fake mode: deterministic local adapters, no credentials needed.\n # Switch a provider to its real mode (rest/web/graphql) once its env token is set.\n github:\n mode: fake\n tokenEnv: GITHUB_TOKEN\n apiBaseUrl: https://api.github.com\n userAgent: axtary-local-proxy\n slack:\n mode: fake\n tokenEnv: SLACK_BOT_TOKEN\n apiBaseUrl: https://slack.com/api\n linear:\n mode: fake\n tokenEnv: LINEAR_API_KEY\n apiUrl: https://api.linear.app/graphql\n docs:\n mode: local\n # Local docs the agent may search. `axtary init` creates the docs/ root;\n # add or remove roots to match your project.\n roots:\n - docs\npolicy:\n version: \"starter-v0\"\n github:\n pullRequests:\n requiredBaseBranch: main\n maxFilesChanged: 12\n denyPathPrefixes:\n - .env\n - secrets/\n stepUpPathPrefixes:\n - infra/prod/\n - billing/\n - auth/\n requiresTests: true\n contents:\n denyReadPathPrefixes:\n - .env\n - secrets/\n - infra/prod/\n slack:\n messages:\n allowedChannels:\n - \"#axtary-dev\"\n stepUpExternalRecipients: true\ndemo:\n scenario: coding-agent\n";
244
432
  export type InitRunInput = {
245
433
  cwd?: string;
246
434
  configPath?: string;
247
435
  force?: boolean;
436
+ templateId?: string;
248
437
  };
249
438
  export type InitRunResult = {
250
439
  schemaVersion: typeof INIT_SCHEMA_VERSION;
251
440
  status: "created" | "exists";
252
441
  configPath: string;
442
+ templateId: string | null;
443
+ policyTestPath: string | null;
253
444
  };
254
445
  export declare function runInit(input?: InitRunInput): Promise<InitRunResult>;
255
446
  export declare function formatInitResult(result: InitRunResult): string;
256
447
  export declare const MCP_SERVE_SCHEMA_VERSION = "axtary.mcp_serve.v0";
448
+ export declare const MCP_CONFORMANCE_RUN_SCHEMA_VERSION = "axtary.mcp_conformance_run.v0";
257
449
  export type McpServeInput = {
258
450
  configPath?: string;
259
451
  cwd?: string;
260
452
  ledgerPath?: string;
453
+ trustStorePath?: string;
454
+ dpopReplayStorePath?: string;
455
+ pinsPath?: string;
456
+ /**
457
+ * When true, a tool with no existing pin is quarantined until reviewed
458
+ * instead of trusted-on-first-use. Drift is always quarantined regardless.
459
+ */
460
+ strict?: boolean;
261
461
  wrap?: string;
462
+ wrapUrl?: string;
463
+ headers?: Record<string, string>;
464
+ oauth?: boolean;
465
+ oauthStore?: CredentialStore;
466
+ oauthFetch?: typeof fetch;
262
467
  owner?: string;
263
468
  input?: NodeJS.ReadableStream;
264
469
  output?: NodeJS.WritableStream;
265
470
  log?: (text: string) => void;
266
471
  };
472
+ export type McpServeQuarantine = {
473
+ serverIdentity: string;
474
+ toolName: string;
475
+ reason: "definition_drifted" | "unpinned_strict";
476
+ discoveredHash: string;
477
+ pinnedHash: string | null;
478
+ };
267
479
  export type McpServeHandle = {
268
480
  schemaVersion: typeof MCP_SERVE_SCHEMA_VERSION;
269
481
  ledgerPath: string;
482
+ trustStorePath: string;
483
+ dpopReplayStorePath: string;
484
+ pinsPath: string;
270
485
  tools: Array<{
271
486
  name: string;
272
487
  serverIdentity: string;
273
488
  definitionHash: string;
274
489
  }>;
490
+ provenance: {
491
+ pinned: number;
492
+ pinnedOnFirstUse: number;
493
+ quarantined: McpServeQuarantine[];
494
+ };
275
495
  done: Promise<void>;
276
496
  close: () => Promise<void>;
277
497
  };
278
498
  export declare function startMcpServe(input?: McpServeInput): Promise<McpServeHandle>;
499
+ export declare function resolveActionPassTrustStorePath(cwd: string, trustStorePath?: string): string;
500
+ export declare function resolveDpopReplayStorePath(cwd: string, dpopReplayStorePath?: string): string;
501
+ export type McpWrapTarget = {
502
+ /** stdio command line (whitespace-split, no shell quoting). */
503
+ wrap?: string;
504
+ /** Streamable HTTP MCP endpoint URL. */
505
+ wrapUrl?: string;
506
+ /** Extra HTTP headers (e.g. Authorization) for the HTTP transport. */
507
+ headers?: Record<string, string>;
508
+ /**
509
+ * Resolve the upstream bearer from the local OAuth broker for this remote MCP
510
+ * server (RFC 9728/8707 session created by `axtary mcp login`). The token is
511
+ * injected only into the upstream request header — never persisted to pins,
512
+ * ledger, or status. Requires `wrapUrl`.
513
+ */
514
+ oauth?: boolean;
515
+ /** Credential store + fetch overrides for OAuth bearer resolution (tests). */
516
+ oauthStore?: CredentialStore;
517
+ oauthFetch?: typeof fetch;
518
+ };
519
+ export declare const MCP_PINS_REPORT_SCHEMA_VERSION = "axtary.mcp_pins_report.v0";
520
+ export declare const MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION = "axtary.mcp_publisher_trust_report.v0";
521
+ export declare const MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION = "axtary.mcp_signed_definition_verify.v0";
522
+ export type McpPublisherTrustResult = {
523
+ schemaVersion: typeof MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION;
524
+ trustPath: string;
525
+ registered: string | null;
526
+ publishers: Array<{
527
+ publisher: string;
528
+ keys: Array<{
529
+ kid: string;
530
+ alg: string;
531
+ kty: string;
532
+ crv: string;
533
+ }>;
534
+ }>;
535
+ };
536
+ export declare function runMcpTrustPublisher(input: {
537
+ publisher: string;
538
+ jwksPath: string;
539
+ trustPath?: string;
540
+ cwd?: string;
541
+ }): Promise<McpPublisherTrustResult>;
542
+ export declare function runMcpPublishers(input?: {
543
+ trustPath?: string;
544
+ cwd?: string;
545
+ }): Promise<McpPublisherTrustResult>;
546
+ export declare function formatMcpPublishers(result: McpPublisherTrustResult): string;
547
+ export type McpSignedDefinitionVerifyResult = {
548
+ schemaVersion: typeof MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION;
549
+ trustPath: string;
550
+ definitionPath: string;
551
+ statementPath: string;
552
+ verification: McpSignedDefinitionVerification;
553
+ };
554
+ export declare function runMcpVerifyDefinition(input: {
555
+ definitionPath: string;
556
+ statementPath: string;
557
+ publisher: string;
558
+ trustPath?: string;
559
+ cwd?: string;
560
+ }): Promise<McpSignedDefinitionVerifyResult>;
561
+ export declare function formatMcpVerifyDefinition(result: McpSignedDefinitionVerifyResult): string;
562
+ export type McpPinsResult = {
563
+ schemaVersion: typeof MCP_PINS_REPORT_SCHEMA_VERSION;
564
+ pinsPath: string;
565
+ servers: Array<{
566
+ serverIdentity: string;
567
+ serverVersion: string | null;
568
+ tools: Array<{
569
+ toolName: string;
570
+ definitionHash: string;
571
+ schemaVersion: string;
572
+ pinnedAt: string;
573
+ publisher: string | null;
574
+ kid: string | null;
575
+ semver: string | null;
576
+ priorDefinitionHash: string | null;
577
+ }>;
578
+ }>;
579
+ };
580
+ export declare function runMcpPins(input: {
581
+ configPath?: string;
582
+ pinsPath?: string;
583
+ cwd?: string;
584
+ }): Promise<McpPinsResult>;
585
+ export declare function formatMcpPins(result: McpPinsResult): string;
586
+ export declare const MCP_REVIEW_SCHEMA_VERSION = "axtary.mcp_review.v0";
587
+ export type McpPublisherEvidence = {
588
+ trust: "verified" | "unsigned" | "untrusted" | "invalid";
589
+ publisher: string | null;
590
+ kid: string | null;
591
+ semver: string | null;
592
+ priorDefinitionHash: string | null;
593
+ chainVerdict: McpChainVerdict | null;
594
+ reason: string | null;
595
+ };
596
+ export type McpReviewEntry = McpPinReconcileEntry & {
597
+ publisherEvidence: McpPublisherEvidence;
598
+ };
599
+ export type McpReviewResult = {
600
+ schemaVersion: typeof MCP_REVIEW_SCHEMA_VERSION;
601
+ pinsPath: string;
602
+ trustPath: string;
603
+ signedDefinitionsPath: string;
604
+ accepted: boolean;
605
+ pinned: number;
606
+ pending: McpReviewEntry[];
607
+ tools: McpReviewEntry[];
608
+ };
609
+ export declare function runMcpReview(input: {
610
+ configPath?: string;
611
+ pinsPath?: string;
612
+ wrap?: string;
613
+ wrapUrl?: string;
614
+ headers?: Record<string, string>;
615
+ oauth?: boolean;
616
+ oauthStore?: CredentialStore;
617
+ oauthFetch?: typeof fetch;
618
+ publisherTrustPath?: string;
619
+ signedDefinitionsPath?: string;
620
+ accept?: boolean;
621
+ cwd?: string;
622
+ }): Promise<McpReviewResult>;
623
+ export declare function formatMcpReview(result: McpReviewResult): string;
624
+ export type McpConformanceRunInput = McpWrapTarget & {
625
+ configPath?: string;
626
+ pinsPath?: string;
627
+ ledgerPath?: string;
628
+ statusPath?: string;
629
+ attestationPath?: string;
630
+ keyPath?: string;
631
+ publisherTrustPath?: string;
632
+ signedDefinitionsPath?: string;
633
+ toolName: string;
634
+ arguments: Record<string, JsonValue>;
635
+ accept?: boolean;
636
+ owner?: string;
637
+ cwd?: string;
638
+ };
639
+ export type McpConformanceRunResult = {
640
+ schemaVersion: typeof MCP_CONFORMANCE_RUN_SCHEMA_VERSION;
641
+ pinsPath: string;
642
+ ledgerPath: string;
643
+ statusPath: string;
644
+ receipt: McpConformanceReceipt;
645
+ };
646
+ /**
647
+ * Exercise one explicitly selected live tool through the complete governed MCP
648
+ * path and persist a compact, secret-free receipt for operator surfaces.
649
+ */
650
+ export declare function runMcpConformance(input: McpConformanceRunInput): Promise<McpConformanceRunResult>;
651
+ export declare function formatMcpConformance(result: McpConformanceRunResult): string;
652
+ export declare const MCP_DRIFT_DEMO_SCHEMA_VERSION = "axtary.mcp_drift_demo.v0";
653
+ export type McpDriftDemoPhase = {
654
+ isError: boolean;
655
+ text: string;
656
+ };
657
+ export type McpDriftDemoResult = {
658
+ schemaVersion: typeof MCP_DRIFT_DEMO_SCHEMA_VERSION;
659
+ tool: {
660
+ serverIdentity: string;
661
+ name: string;
662
+ };
663
+ approved: {
664
+ definitionHash: string;
665
+ description: string;
666
+ };
667
+ mutated: {
668
+ definitionHash: string;
669
+ description: string;
670
+ injectedInstruction: string;
671
+ };
672
+ phases: {
673
+ approvedCall: McpDriftDemoPhase;
674
+ driftedCall: McpDriftDemoPhase;
675
+ };
676
+ blocked: boolean;
677
+ blockReasons: string[];
678
+ mutatedInvokerCalled: boolean;
679
+ ledger: {
680
+ path: string;
681
+ valid: boolean;
682
+ records: Array<{
683
+ decision: string;
684
+ reasons: string[];
685
+ definitionHash: string | null;
686
+ }>;
687
+ };
688
+ };
689
+ /**
690
+ * The tool-poisoning counter, reproducible in one command: a wrapped MCP tool
691
+ * executes at its reviewed definition hash, then the definition mutates (a
692
+ * hidden instruction lands in the description) and the identical call is
693
+ * denied before the invoker runs — both hashes end up in the ledger.
694
+ */
695
+ export declare function runMcpDriftDemo(input?: DemoRunInput): Promise<McpDriftDemoResult>;
279
696
  export declare function runDemo(input?: DemoRunInput): Promise<DemoRunResult>;
697
+ export declare function runTemplateDemo(input: TemplateDemoRunInput): Promise<TemplateDemoRunResult>;
280
698
  export declare function runSmokeTest(input?: SmokeTestInput, io?: CliIo): Promise<number>;
281
699
  export declare function runConnectorDoctor(input?: ConnectorDoctorInput): Promise<ConnectorDoctorResult>;
282
700
  export declare function runTestPolicy(input: PolicyTestRunInput): Promise<PolicyTestRunResult>;
701
+ export declare function runPolicySimulate(input: PolicySimulateRunInput): Promise<PolicySimulateRunResult>;
702
+ export declare function runPolicyHarness(input: PolicyHarnessRunInput): Promise<PolicyHarnessRunResult>;
703
+ /**
704
+ * Three-engine parity: evaluates every shared fixture through the native
705
+ * evaluator, the Cedar policy set, and the compiled Rego bundle, and reports
706
+ * whether decisions and reason sets agree. Cedar/Rego run via optional wasm
707
+ * engines (repo devDependencies) loaded through @axtary/policy/parity.
708
+ */
709
+ export declare function runPolicyParity(input?: PolicyParityRunInput): Promise<PolicyParityRunResult>;
283
710
  export declare function runLedgerExport(input?: LedgerExportRunInput): Promise<LedgerExportRunResult>;
284
711
  export declare function runLedgerSync(input: LedgerSyncRunInput): Promise<LedgerSyncRunResult>;
712
+ export declare function runLedgerOtelExport(input: LedgerOtelExportRunInput): Promise<LedgerOtelExportRunResult>;
713
+ export type LedgerAttestRunInput = LedgerExportRunInput & {
714
+ /** Where to persist the local attestation key (defaults beside the ledger). */
715
+ keyPath?: string;
716
+ };
717
+ export type LedgerAttestRunResult = {
718
+ schemaVersion: typeof LEDGER_ATTEST_RUN_SCHEMA_VERSION;
719
+ config: {
720
+ filePath: string | null;
721
+ tenant: string;
722
+ };
723
+ ledgerPath: string;
724
+ keyPath: string;
725
+ keyId: string;
726
+ outputPath: string | null;
727
+ bundle: LedgerAttestationBundle;
728
+ };
729
+ export type LedgerVerifyExportRunInput = {
730
+ bundlePath: string;
731
+ issuer?: string;
732
+ cwd?: string;
733
+ json?: boolean;
734
+ };
735
+ export type LedgerVerifyExportRunResult = {
736
+ schemaVersion: typeof LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION;
737
+ bundlePath: string;
738
+ result: VerifyLedgerAttestationResult;
739
+ };
740
+ /**
741
+ * `axtary attest-ledger` — export the verified ledger and emit a signed,
742
+ * self-contained attestation bundle (export + JWS token + public key) that any
743
+ * third party can verify offline with only a JOSE library.
744
+ */
745
+ export declare function runLedgerAttest(input?: LedgerAttestRunInput): Promise<LedgerAttestRunResult>;
746
+ /**
747
+ * `axtary verify-export` — the standalone verifier. Reads an attestation bundle
748
+ * and confirms the signature, the canonical export digest, and the record chain
749
+ * using only the bundle's embedded public key.
750
+ */
751
+ export declare function runLedgerVerifyExport(input: LedgerVerifyExportRunInput): Promise<LedgerVerifyExportRunResult>;
752
+ export type LedgerProveInclusionRunInput = {
753
+ bundlePath: string;
754
+ recordId?: string;
755
+ index?: number;
756
+ outputPath?: string;
757
+ cwd?: string;
758
+ json?: boolean;
759
+ };
760
+ export type LedgerProveInclusionRunResult = {
761
+ schemaVersion: typeof LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION;
762
+ bundlePath: string;
763
+ outputPath: string | null;
764
+ proof: LedgerInclusionProof;
765
+ };
766
+ /**
767
+ * `axtary prove-inclusion` — emit an RFC 6962 inclusion proof for one record in
768
+ * an attestation bundle. The proof's `merkleRoot` matches the bundle's signed
769
+ * tree head, so a third party can verify it against the signed attestation.
770
+ */
771
+ export declare function runLedgerProveInclusion(input: LedgerProveInclusionRunInput): Promise<LedgerProveInclusionRunResult>;
772
+ export type LedgerProveConsistencyRunInput = {
773
+ firstBundlePath: string;
774
+ secondBundlePath: string;
775
+ outputPath?: string;
776
+ cwd?: string;
777
+ json?: boolean;
778
+ };
779
+ export type LedgerProveConsistencyRunResult = {
780
+ schemaVersion: typeof LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION;
781
+ firstBundlePath: string;
782
+ secondBundlePath: string;
783
+ outputPath: string | null;
784
+ proof: LedgerConsistencyProof;
785
+ };
786
+ /**
787
+ * `axtary prove-consistency` — emit an RFC 6962 consistency proof showing the
788
+ * second attestation's log append-only-extends the first. The proof binds both
789
+ * bundles' signed tree-head roots.
790
+ */
791
+ export declare function runLedgerProveConsistency(input: LedgerProveConsistencyRunInput): Promise<LedgerProveConsistencyRunResult>;
792
+ export type LedgerVerifyProofRunInput = {
793
+ proofPath: string;
794
+ bundlePath?: string;
795
+ firstBundlePath?: string;
796
+ secondBundlePath?: string;
797
+ issuer?: string;
798
+ cwd?: string;
799
+ json?: boolean;
800
+ };
801
+ export type LedgerVerifyProofRunResult = {
802
+ schemaVersion: typeof LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION;
803
+ proofType: "inclusion" | "consistency";
804
+ attestationValid: boolean;
805
+ proofResult: ProofVerificationResult;
806
+ valid: boolean;
807
+ };
808
+ /**
809
+ * `axtary verify-proof` — the standalone proof verifier. It re-verifies the
810
+ * signed tree head(s) from the bundle(s), then binds the inclusion/consistency
811
+ * proof to those signed roots, failing closed on any mismatch.
812
+ */
813
+ export declare function runLedgerVerifyProof(input: LedgerVerifyProofRunInput): Promise<LedgerVerifyProofRunResult>;
814
+ export type LedgerForensicsRunInput = {
815
+ bundlePath?: string;
816
+ ledgerPath?: string;
817
+ configPath?: string;
818
+ cwd?: string;
819
+ json?: boolean;
820
+ };
821
+ export type LedgerForensicsRunResult = {
822
+ schemaVersion: typeof LEDGER_FORENSICS_RUN_SCHEMA_VERSION;
823
+ source: string;
824
+ evidence: "verified_attestation_bundle" | "verified_local_ledger";
825
+ report: ForensicReport;
826
+ };
827
+ /**
828
+ * `axtary forensics` — offline reconstruction of a delegation+execution incident
829
+ * from the ledger alone, asserting attenuation / reconstructibility / cascade
830
+ * containment. Reads an attestation bundle when given (so analysis runs over
831
+ * attested evidence), otherwise the local ledger.
832
+ */
833
+ export declare function runLedgerForensics(input: LedgerForensicsRunInput): Promise<LedgerForensicsRunResult>;
834
+ export type ConnectRunInput = {
835
+ provider: string;
836
+ clientId?: string;
837
+ clientIdEnv?: string;
838
+ clientSecretEnv?: string;
839
+ redirectPort?: number;
840
+ redirectUri?: string;
841
+ cloudId?: string;
842
+ json?: boolean;
843
+ env?: Record<string, string | undefined>;
844
+ fetch?: typeof fetch;
845
+ store?: CredentialStore;
846
+ openBrowser?: (url: string) => void | Promise<void>;
847
+ onListening?: (port: number) => void;
848
+ stdout?: (text: string) => void;
849
+ };
850
+ export type ConnectRunResult = {
851
+ schemaVersion: typeof CONNECT_RUN_SCHEMA_VERSION;
852
+ provider: string;
853
+ account: string | null;
854
+ scopes: string[];
855
+ expiresAt: string | null;
856
+ secretBackend: "keychain" | "file";
857
+ context?: Record<string, string>;
858
+ };
859
+ /**
860
+ * `axtary connect <provider>` — local-loopback OAuth so a customer clicks
861
+ * "Allow" in the browser instead of hand-pasting a bot token. The customer
862
+ * brings their own OAuth app (client id/secret stay in local env, never reach
863
+ * Axtary); the obtained token is stored in the local credential broker (OS
864
+ * keychain or a 0600 file), never echoed.
865
+ */
866
+ export declare function runConnect(input: ConnectRunInput): Promise<ConnectRunResult>;
867
+ export declare function runDisconnect(input: {
868
+ provider: string;
869
+ store?: CredentialStore;
870
+ }): Promise<{
871
+ provider: string;
872
+ removed: boolean;
873
+ }>;
874
+ export type ConnectionsRunResult = {
875
+ schemaVersion: typeof CONNECTIONS_SCHEMA_VERSION;
876
+ connections: CredentialMetadata[];
877
+ };
878
+ export declare function runConnections(input?: {
879
+ store?: CredentialStore;
880
+ }): Promise<ConnectionsRunResult>;
881
+ export type ActionPassRevokeRunInput = {
882
+ passId: string;
883
+ trustStorePath?: string;
884
+ statusStorePath?: string;
885
+ ledgerPath?: string;
886
+ configPath?: string;
887
+ cwd?: string;
888
+ revokedBy?: string;
889
+ reason?: string;
890
+ revokedAt?: Date;
891
+ };
892
+ export type ActionPassRevokeRunResult = {
893
+ schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
894
+ trustStorePath: string;
895
+ revocation: ActionPassRevocation;
896
+ statusStorePath: string | null;
897
+ ledgerPath: string | null;
898
+ ledgerEventId: string | null;
899
+ };
900
+ export declare function runActionPassRevoke(input: ActionPassRevokeRunInput): Promise<ActionPassRevokeRunResult>;
901
+ export declare function runActionPassRevocations(input?: {
902
+ trustStorePath?: string;
903
+ cwd?: string;
904
+ }): Promise<{
905
+ schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
906
+ trustStorePath: string;
907
+ revocations: ActionPassRevocation[];
908
+ }>;
909
+ export declare function runIssuerKeyring(input?: {
910
+ keyringPath?: string;
911
+ cwd?: string;
912
+ rotate?: boolean;
913
+ retireAfterSeconds?: number;
914
+ }): Promise<{
915
+ schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
916
+ keyringPath: string;
917
+ activeKid: string;
918
+ keys: Array<{
919
+ kid: string;
920
+ status: "active" | "retired";
921
+ createdAt: string;
922
+ retireAfter: string | null;
923
+ }>;
924
+ jwks: ReturnType<typeof issuerJwks>;
925
+ }>;
926
+ export declare function runActionPassStatus(input?: {
927
+ statusStorePath?: string;
928
+ cwd?: string;
929
+ }): Promise<{
930
+ schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
931
+ statusStorePath: string;
932
+ uri: string;
933
+ entries: Array<{
934
+ passId: string;
935
+ index: number;
936
+ status: number;
937
+ updatedAt: string;
938
+ }>;
939
+ }>;
940
+ export declare function runCaepMap(input: {
941
+ issuer: string;
942
+ subject: SsfSubjectIdentifier;
943
+ rootPassIds: string[];
944
+ mappingPath?: string;
945
+ cwd?: string;
946
+ }): Promise<{
947
+ schemaVersion: typeof CAEP_MAPPING_RUN_SCHEMA_VERSION;
948
+ mappingPath: string;
949
+ mapping: Awaited<ReturnType<LocalCaepMappingStore["put"]>>;
950
+ }>;
285
951
  export declare function runRealWorkflow(input?: RealWorkflowRunInput): Promise<RealWorkflowRunResult>;
952
+ export declare const GITHUB_DEPTH_RUN_SCHEMA_VERSION = "axtary.github_depth_run.v0";
953
+ export type GitHubDepthRunResult = {
954
+ schemaVersion: typeof GITHUB_DEPTH_RUN_SCHEMA_VERSION;
955
+ workflow: "github-depth";
956
+ config: {
957
+ filePath: string | null;
958
+ tenant: string;
959
+ };
960
+ ledgerPath: string;
961
+ status: "completed" | "blocked" | "failed";
962
+ requiredModes: {
963
+ github: "app";
964
+ };
965
+ inputs: {
966
+ repoResource: string;
967
+ issueKey: string;
968
+ baseBranch: string;
969
+ headBranch: string;
970
+ prTitle: string;
971
+ checkName: string;
972
+ reviewLine: number;
973
+ };
974
+ target: {
975
+ pullNumber: number;
976
+ headSha: string;
977
+ path: string;
978
+ line: number;
979
+ } | null;
980
+ steps: RealWorkflowStepResult[];
981
+ ledger: DemoRunResult["ledger"];
982
+ };
983
+ /**
984
+ * GitHub-only depth proof: open a draft PR in the sandbox repo, then exercise
985
+ * the three M7.3 write tools against that PR — an inline review comment, a check
986
+ * run on its head commit, and a conversation comment — each governed by policy,
987
+ * payload-bound by an ActionPass, and written to the ledger as a decision +
988
+ * execution-outcome pair. Requires only the GitHub credential.
989
+ */
990
+ export declare function runGitHubDepthWorkflow(input?: RealWorkflowRunInput): Promise<GitHubDepthRunResult>;
991
+ export declare const POSTGRES_READ_RUN_SCHEMA_VERSION = "axtary.postgres_read_run.v0";
992
+ export type PostgresReadRunResult = {
993
+ schemaVersion: typeof POSTGRES_READ_RUN_SCHEMA_VERSION;
994
+ workflow: "postgres-read";
995
+ config: {
996
+ filePath: string | null;
997
+ tenant: string;
998
+ };
999
+ ledgerPath: string;
1000
+ status: "completed" | "blocked" | "failed";
1001
+ requiredModes: {
1002
+ postgres: "postgres";
1003
+ };
1004
+ inputs: {
1005
+ databaseResource: string;
1006
+ statementHash: string | null;
1007
+ predicateHash: string | null;
1008
+ tables: string[];
1009
+ parameterCount: number;
1010
+ parameterHash: string;
1011
+ maxRows: number;
1012
+ };
1013
+ step: RealWorkflowStepResult;
1014
+ ledger: DemoRunResult["ledger"];
1015
+ };
1016
+ export declare function runPostgresReadWorkflow(input?: RealWorkflowRunInput): Promise<PostgresReadRunResult>;
1017
+ export declare const DRIVE_READ_RUN_SCHEMA_VERSION = "axtary.drive_read_run.v0";
1018
+ export type DriveReadRunResult = {
1019
+ schemaVersion: typeof DRIVE_READ_RUN_SCHEMA_VERSION;
1020
+ workflow: "drive-read";
1021
+ config: {
1022
+ filePath: string | null;
1023
+ tenant: string;
1024
+ };
1025
+ ledgerPath: string;
1026
+ status: "completed" | "blocked" | "failed";
1027
+ requiredModes: {
1028
+ drive: "rest";
1029
+ };
1030
+ inputs: {
1031
+ fileId: string;
1032
+ resource: string;
1033
+ maxBytes: number;
1034
+ source: "argument" | "picker_context" | "config";
1035
+ };
1036
+ step: RealWorkflowStepResult;
1037
+ ledger: DemoRunResult["ledger"];
1038
+ };
1039
+ export declare function runDriveReadWorkflow(input?: RealWorkflowRunInput): Promise<DriveReadRunResult>;
286
1040
  export declare function runAxtaryCli(argv?: string[], io?: CliIo): Promise<number>;
1041
+ /**
1042
+ * The tamper-outcome line, with the three states kept distinct: blocked
1043
+ * (the win), not-blocked (a real security failure), and not-reached (a prior
1044
+ * step failed before Slack, so the tamper was never exercised — must never be
1045
+ * reported as the tampered payload executing).
1046
+ */
1047
+ export declare function tamperOutcomeLine(tamper: RealWorkflowTamperEvidence): string;
287
1048
  //# sourceMappingURL=index.d.ts.map