@axtary/cli 0.1.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +135 -12
- package/dist/bin.js +10 -0
- package/dist/bin.js.map +1 -1
- package/dist/claude-code-hook.d.ts +20 -0
- package/dist/claude-code-hook.d.ts.map +1 -1
- package/dist/claude-code-hook.js +114 -34
- package/dist/claude-code-hook.js.map +1 -1
- package/dist/codex-hook.d.ts +48 -0
- package/dist/codex-hook.d.ts.map +1 -0
- package/dist/codex-hook.js +259 -0
- package/dist/codex-hook.js.map +1 -0
- package/dist/credentials.d.ts +101 -0
- package/dist/credentials.d.ts.map +1 -0
- package/dist/credentials.js +277 -0
- package/dist/credentials.js.map +1 -0
- package/dist/cursor-hook.d.ts +51 -0
- package/dist/cursor-hook.d.ts.map +1 -0
- package/dist/cursor-hook.js +214 -0
- package/dist/cursor-hook.js.map +1 -0
- package/dist/hook-install.d.ts +21 -0
- package/dist/hook-install.d.ts.map +1 -0
- package/dist/hook-install.js +179 -0
- package/dist/hook-install.js.map +1 -0
- package/dist/index.d.ts +877 -8
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6592 -1048
- package/dist/index.js.map +1 -1
- package/dist/mcp-fs-normalize.d.ts +18 -0
- package/dist/mcp-fs-normalize.d.ts.map +1 -0
- package/dist/mcp-fs-normalize.js +39 -0
- package/dist/mcp-fs-normalize.js.map +1 -0
- package/dist/mcp-oauth.d.ts +67 -0
- package/dist/mcp-oauth.d.ts.map +1 -0
- package/dist/mcp-oauth.js +242 -0
- package/dist/mcp-oauth.js.map +1 -0
- package/dist/oauth.d.ts +90 -0
- package/dist/oauth.d.ts.map +1 -0
- package/dist/oauth.js +339 -0
- package/dist/oauth.js.map +1 -0
- package/dist/render.d.ts +103 -0
- package/dist/render.d.ts.map +1 -0
- package/dist/render.js +172 -0
- package/dist/render.js.map +1 -0
- package/dist/shell-file-normalize.d.ts +21 -0
- package/dist/shell-file-normalize.d.ts.map +1 -0
- package/dist/shell-file-normalize.js +269 -0
- package/dist/shell-file-normalize.js.map +1 -0
- package/package.json +14 -9
package/dist/index.d.ts
CHANGED
|
@@ -1,24 +1,60 @@
|
|
|
1
|
-
import { type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
|
|
2
|
-
import { type FakeAdapterState } from "@axtary/adapters";
|
|
3
|
-
import { type LedgerExport, type LedgerExportFormat, type LedgerSyncResult } from "@axtary/ledger";
|
|
4
|
-
import { type
|
|
1
|
+
import { LocalCaepMappingStore, issuerJwks, type SsfSubjectIdentifier, type ActionPassRevocation, type JsonValue, type AxtaryDecision, type PolicyDecision } from "@axtary/actionpass";
|
|
2
|
+
import { type FakeAdapterState, type PostgresQueryClient } from "@axtary/adapters";
|
|
3
|
+
import { type LedgerAttestationBundle, type LedgerConsistencyProof, type LedgerEquivalenceReport, type LedgerExport, type LedgerExportFormat, type OtelTraceExportResult, type ForensicReport, type LedgerInclusionProof, type LedgerSyncResult, type ProofVerificationResult, type VerifyLedgerAttestationResult } from "@axtary/ledger";
|
|
4
|
+
import { type McpConformanceReceipt, type McpChainVerdict, type McpPinReconcileEntry, type McpSignedDefinitionVerification } from "@axtary/mcp";
|
|
5
|
+
import { type PolicyConfig, type PolicyFixtureResult as PolicyTemplateFixtureResult, type PolicyTemplate, type PolicySimulation } from "@axtary/policy";
|
|
6
|
+
import { type AcsInterventionPoint } from "@axtary/policy/acs";
|
|
5
7
|
import { type ProxyHandleResult } from "@axtary/proxy";
|
|
8
|
+
import { type CredentialMetadata, type CredentialStore } from "./credentials.js";
|
|
9
|
+
export { HOOK_INSTALL_SCHEMA_VERSION, installRuntimeHook, type HookInstallRuntime, type HookInstallResult, } from "./hook-install.js";
|
|
6
10
|
export { CLAUDE_CODE_HOOK_SCHEMA_VERSION, normalizeClaudeCodeToolCall, parseClaudeCodeHookPayload, runClaudeCodeHook, type ClaudeCodeHookPayload, type ClaudeCodeHookRunInput, type ClaudeCodeHookRunResult, } from "./claude-code-hook.js";
|
|
11
|
+
export { CURSOR_HOOK_SCHEMA_VERSION, normalizeCursorToolCall, parseCursorHookPayload, runCursorHook, type CursorHookPayload, type CursorHookRunInput, type CursorHookRunResult, } from "./cursor-hook.js";
|
|
12
|
+
export { CODEX_HOOK_SCHEMA_VERSION, classifyShellCommand, normalizeCodexToolCall, parseCodexHookPayload, runCodexHook, type CodexHookPayload, type CodexHookRunInput, type CodexHookRunResult, } from "./codex-hook.js";
|
|
7
13
|
export declare const DEMO_SCHEMA_VERSION = "axtary.demo.v0";
|
|
14
|
+
export declare const TEMPLATE_DEMO_SCHEMA_VERSION = "axtary.template_demo.v0";
|
|
8
15
|
export declare const POLICY_TEST_SCHEMA_VERSION = "axtary.policy_test.v0";
|
|
16
|
+
export declare const POLICY_HARNESS_SCHEMA_VERSION = "axtary.policy_harness.v0";
|
|
17
|
+
export declare const POLICY_SIMULATE_RUN_SCHEMA_VERSION = "axtary.policy_simulate_run.v0";
|
|
9
18
|
export declare const LOCAL_PROXY_SCHEMA_VERSION = "axtary.local_proxy.v0";
|
|
10
19
|
export declare const LEDGER_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_export_run.v0";
|
|
11
20
|
export declare const LEDGER_SYNC_RUN_SCHEMA_VERSION = "axtary.ledger_sync_run.v0";
|
|
21
|
+
export declare const LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_otel_export_run.v0";
|
|
22
|
+
export declare const LEDGER_ATTEST_RUN_SCHEMA_VERSION = "axtary.ledger_attest_run.v0";
|
|
23
|
+
export declare const LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION = "axtary.ledger_verify_export_run.v0";
|
|
24
|
+
export declare const LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION = "axtary.ledger_prove_inclusion_run.v0";
|
|
25
|
+
export declare const LEDGER_PROVE_EQUIVALENCE_RUN_SCHEMA_VERSION = "axtary.ledger_prove_equivalence_run.v0";
|
|
26
|
+
export declare const LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION = "axtary.ledger_prove_consistency_run.v0";
|
|
27
|
+
export declare const LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION = "axtary.ledger_verify_proof_run.v0";
|
|
28
|
+
export declare const LEDGER_FORENSICS_RUN_SCHEMA_VERSION = "axtary.ledger_forensics_run.v0";
|
|
29
|
+
export declare const ATTESTATION_KEY_SCHEMA_VERSION = "axtary.attestation_key.v0";
|
|
12
30
|
export declare const CONNECTOR_DOCTOR_SCHEMA_VERSION = "axtary.connector_doctor.v0";
|
|
13
31
|
export declare const REAL_WORKFLOW_RUN_SCHEMA_VERSION = "axtary.real_workflow_run.v0";
|
|
32
|
+
export declare const CONNECT_RUN_SCHEMA_VERSION = "axtary.connect_run.v0";
|
|
33
|
+
export declare const CONNECTIONS_SCHEMA_VERSION = "axtary.connections.v0";
|
|
34
|
+
export declare const ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION = "axtary.actionpass_revocation_run.v0";
|
|
35
|
+
export declare const DEFAULT_ACTIONPASS_TRUST_STORE_PATH = ".axtary/actionpass-trust-store.json";
|
|
36
|
+
export declare const DEFAULT_DPOP_REPLAY_STORE_PATH = ".axtary/dpop-replay-store.jsonl";
|
|
37
|
+
export declare const ACTIONPASS_STATUS_RUN_SCHEMA_VERSION = "axtary.actionpass_status_run.v0";
|
|
38
|
+
export declare const CAEP_MAPPING_RUN_SCHEMA_VERSION = "axtary.caep_mapping_run.v0";
|
|
14
39
|
export type DemoRunInput = {
|
|
15
40
|
configPath?: string;
|
|
16
41
|
ledgerPath?: string;
|
|
42
|
+
trustStorePath?: string;
|
|
43
|
+
dpopReplayStorePath?: string;
|
|
44
|
+
statusListUri?: string;
|
|
17
45
|
cwd?: string;
|
|
18
46
|
};
|
|
47
|
+
export type TemplateDemoRunInput = {
|
|
48
|
+
configPath?: string;
|
|
49
|
+
cwd?: string;
|
|
50
|
+
templateId: string;
|
|
51
|
+
};
|
|
19
52
|
export type ProxyServerInput = DemoRunInput & {
|
|
20
53
|
host?: string;
|
|
21
54
|
port?: number;
|
|
55
|
+
otlpEndpoint?: string;
|
|
56
|
+
otlpServiceName?: string;
|
|
57
|
+
otlpTimeoutMs?: number;
|
|
22
58
|
};
|
|
23
59
|
export type ProxyServerHandle = {
|
|
24
60
|
schemaVersion: typeof LOCAL_PROXY_SCHEMA_VERSION;
|
|
@@ -26,14 +62,33 @@ export type ProxyServerHandle = {
|
|
|
26
62
|
host: string;
|
|
27
63
|
port: number;
|
|
28
64
|
ledgerPath: string;
|
|
65
|
+
trustStorePath: string;
|
|
66
|
+
dpopReplayStorePath: string;
|
|
67
|
+
issuerKeyringPath: string;
|
|
68
|
+
statusStorePath: string;
|
|
69
|
+
statusListUri: string;
|
|
70
|
+
caep: {
|
|
71
|
+
enabled: boolean;
|
|
72
|
+
mappingPath: string;
|
|
73
|
+
replayPath: string;
|
|
74
|
+
issuer: string | null;
|
|
75
|
+
};
|
|
76
|
+
otel: {
|
|
77
|
+
enabled: boolean;
|
|
78
|
+
endpoint: string | null;
|
|
79
|
+
serviceName: string | null;
|
|
80
|
+
};
|
|
29
81
|
adapters: FakeAdapterState;
|
|
30
82
|
adapterModes: {
|
|
31
|
-
github: "fake" | "rest";
|
|
83
|
+
github: "fake" | "rest" | "app";
|
|
32
84
|
slack: "fake" | "web";
|
|
33
85
|
linear: "fake" | "graphql";
|
|
86
|
+
jira: "fake" | "rest";
|
|
34
87
|
aws: "off" | "rest";
|
|
35
88
|
gcp: "off" | "rest";
|
|
36
89
|
docs: "off" | "local";
|
|
90
|
+
postgres: "off" | "postgres";
|
|
91
|
+
drive: "off" | "rest";
|
|
37
92
|
mcp: "fixture";
|
|
38
93
|
};
|
|
39
94
|
close: () => Promise<void>;
|
|
@@ -70,6 +125,45 @@ export type PolicyTestRunResult = {
|
|
|
70
125
|
failed: number;
|
|
71
126
|
results: PolicyFixtureResult[];
|
|
72
127
|
};
|
|
128
|
+
export type PolicySimulateRunInput = {
|
|
129
|
+
actionPath: string;
|
|
130
|
+
configPath?: string;
|
|
131
|
+
cwd?: string;
|
|
132
|
+
};
|
|
133
|
+
export type PolicySimulateRunResult = {
|
|
134
|
+
schemaVersion: typeof POLICY_SIMULATE_RUN_SCHEMA_VERSION;
|
|
135
|
+
config: {
|
|
136
|
+
filePath: string | null;
|
|
137
|
+
policyVersion: string;
|
|
138
|
+
};
|
|
139
|
+
actionPath: string;
|
|
140
|
+
simulation: PolicySimulation;
|
|
141
|
+
};
|
|
142
|
+
export type PolicyHarnessRunInput = {
|
|
143
|
+
harnessPath: string;
|
|
144
|
+
configPath?: string;
|
|
145
|
+
cwd?: string;
|
|
146
|
+
};
|
|
147
|
+
export type PolicyHarnessRunResult = {
|
|
148
|
+
schemaVersion: typeof POLICY_HARNESS_SCHEMA_VERSION;
|
|
149
|
+
config: {
|
|
150
|
+
filePath: string | null;
|
|
151
|
+
policyVersion: string;
|
|
152
|
+
};
|
|
153
|
+
harnessPath: string;
|
|
154
|
+
passed: boolean;
|
|
155
|
+
total: number;
|
|
156
|
+
failed: number;
|
|
157
|
+
results: Array<{
|
|
158
|
+
name: string;
|
|
159
|
+
passed: boolean;
|
|
160
|
+
expectedDecision: string;
|
|
161
|
+
actualDecision: string;
|
|
162
|
+
expectedRule: string | null;
|
|
163
|
+
actualRule: string | null;
|
|
164
|
+
actualReasons: string[];
|
|
165
|
+
}>;
|
|
166
|
+
};
|
|
73
167
|
export type DemoActionResult = {
|
|
74
168
|
name: string;
|
|
75
169
|
tool: string;
|
|
@@ -94,8 +188,12 @@ export type DemoRunResult = {
|
|
|
94
188
|
github: "fake";
|
|
95
189
|
slack: "fake";
|
|
96
190
|
linear: "fake";
|
|
191
|
+
jira: "fake";
|
|
97
192
|
aws: "off";
|
|
98
193
|
gcp: "off";
|
|
194
|
+
docs: "local";
|
|
195
|
+
postgres: "off";
|
|
196
|
+
drive: "off";
|
|
99
197
|
mcp: "fixture";
|
|
100
198
|
};
|
|
101
199
|
ledger: {
|
|
@@ -105,6 +203,23 @@ export type DemoRunResult = {
|
|
|
105
203
|
failure: string | null;
|
|
106
204
|
};
|
|
107
205
|
};
|
|
206
|
+
export type TemplateDemoRunResult = {
|
|
207
|
+
schemaVersion: typeof TEMPLATE_DEMO_SCHEMA_VERSION;
|
|
208
|
+
template: {
|
|
209
|
+
id: string;
|
|
210
|
+
name: string;
|
|
211
|
+
decisionModel: PolicyTemplate["decisionModel"];
|
|
212
|
+
};
|
|
213
|
+
config: {
|
|
214
|
+
filePath: string | null;
|
|
215
|
+
policyVersion: string;
|
|
216
|
+
};
|
|
217
|
+
mode: "policy_only";
|
|
218
|
+
passed: boolean;
|
|
219
|
+
total: number;
|
|
220
|
+
failed: number;
|
|
221
|
+
results: PolicyTemplateFixtureResult[];
|
|
222
|
+
};
|
|
108
223
|
export type CliIo = {
|
|
109
224
|
stdout?: (text: string) => void;
|
|
110
225
|
stderr?: (text: string) => void;
|
|
@@ -115,10 +230,11 @@ export declare function authorizeDecisionHints(decision: PolicyDecision, policy:
|
|
|
115
230
|
type SmokeTestInput = DemoRunInput & {
|
|
116
231
|
env?: Record<string, string | undefined>;
|
|
117
232
|
fetch?: typeof fetch;
|
|
233
|
+
store?: CredentialStore;
|
|
118
234
|
};
|
|
119
235
|
type ConnectorDoctorInput = SmokeTestInput;
|
|
120
236
|
export type ConnectorDoctorProviderStatus = {
|
|
121
|
-
provider: "github" | "slack" | "linear" | "aws" | "gcp" | "docs";
|
|
237
|
+
provider: "github" | "slack" | "linear" | "jira" | "aws" | "gcp" | "docs" | "drive" | "postgres";
|
|
122
238
|
mode: string;
|
|
123
239
|
status: "ready" | "missing" | "failed" | "skipped";
|
|
124
240
|
capability: "real-write" | "read-only" | "local-read" | "fake" | "off";
|
|
@@ -138,6 +254,74 @@ export type ConnectorDoctorResult = {
|
|
|
138
254
|
status: "ready" | "needs_setup";
|
|
139
255
|
providers: ConnectorDoctorProviderStatus[];
|
|
140
256
|
};
|
|
257
|
+
export declare const POLICY_PARITY_SCHEMA_VERSION = "axtary.policy_parity.v0";
|
|
258
|
+
export declare const ACS_CONFORMANCE_SCHEMA_VERSION = "axtary.acs_conformance.v0";
|
|
259
|
+
export type PolicyParityRunInput = {
|
|
260
|
+
configPath?: string;
|
|
261
|
+
cwd?: string;
|
|
262
|
+
fixturesPath?: string;
|
|
263
|
+
cedarPath?: string;
|
|
264
|
+
regoWasmPath?: string;
|
|
265
|
+
};
|
|
266
|
+
export type PolicyParityFixtureResult = {
|
|
267
|
+
id: string;
|
|
268
|
+
passed: boolean;
|
|
269
|
+
expected: {
|
|
270
|
+
decision: string;
|
|
271
|
+
reasons: string[];
|
|
272
|
+
};
|
|
273
|
+
engines: Record<string, {
|
|
274
|
+
decision: string;
|
|
275
|
+
reasons: string[];
|
|
276
|
+
}>;
|
|
277
|
+
};
|
|
278
|
+
export type PolicyParityRunResult = {
|
|
279
|
+
schemaVersion: typeof POLICY_PARITY_SCHEMA_VERSION;
|
|
280
|
+
engines: string[];
|
|
281
|
+
fixturesPath: string;
|
|
282
|
+
cedarPath: string;
|
|
283
|
+
regoWasmPath: string;
|
|
284
|
+
agentCore: {
|
|
285
|
+
schemaVersion: string;
|
|
286
|
+
status: "offline_mapping";
|
|
287
|
+
gatewayResource: string;
|
|
288
|
+
fixtureCount: number;
|
|
289
|
+
sample: JsonValue | null;
|
|
290
|
+
};
|
|
291
|
+
passed: boolean;
|
|
292
|
+
total: number;
|
|
293
|
+
failed: number;
|
|
294
|
+
results: PolicyParityFixtureResult[];
|
|
295
|
+
};
|
|
296
|
+
export type AcsConformanceVectorResult = {
|
|
297
|
+
id: string;
|
|
298
|
+
interventionPoint: AcsInterventionPoint;
|
|
299
|
+
expectedVerdict: string;
|
|
300
|
+
actualVerdict: string;
|
|
301
|
+
expectedProxyStatus: string;
|
|
302
|
+
actualProxyStatus: string | null;
|
|
303
|
+
passed: boolean;
|
|
304
|
+
reasons: string[];
|
|
305
|
+
actionHash: string | null;
|
|
306
|
+
payloadHash: string | null;
|
|
307
|
+
actionPassId: string | null;
|
|
308
|
+
ledgerLine: number | null;
|
|
309
|
+
executionLedgerLine: number | null;
|
|
310
|
+
};
|
|
311
|
+
export type AcsConformanceRunInput = {
|
|
312
|
+
configPath?: string;
|
|
313
|
+
cwd?: string;
|
|
314
|
+
ledgerPath?: string;
|
|
315
|
+
};
|
|
316
|
+
export type AcsConformanceRunResult = {
|
|
317
|
+
schemaVersion: typeof ACS_CONFORMANCE_SCHEMA_VERSION;
|
|
318
|
+
manifestVersion: string;
|
|
319
|
+
ledgerPath: string;
|
|
320
|
+
passed: boolean;
|
|
321
|
+
total: number;
|
|
322
|
+
failed: number;
|
|
323
|
+
vectors: AcsConformanceVectorResult[];
|
|
324
|
+
};
|
|
141
325
|
export type LedgerExportRunInput = DemoRunInput & {
|
|
142
326
|
from?: string;
|
|
143
327
|
to?: string;
|
|
@@ -173,6 +357,22 @@ export type LedgerSyncRunResult = {
|
|
|
173
357
|
endpoint: string;
|
|
174
358
|
sync: LedgerSyncResult;
|
|
175
359
|
};
|
|
360
|
+
export type LedgerOtelExportRunInput = LedgerExportRunInput & {
|
|
361
|
+
endpoint: string;
|
|
362
|
+
serviceName?: string;
|
|
363
|
+
timeoutMs?: number;
|
|
364
|
+
fetch?: typeof fetch;
|
|
365
|
+
};
|
|
366
|
+
export type LedgerOtelExportRunResult = {
|
|
367
|
+
schemaVersion: typeof LEDGER_OTEL_EXPORT_RUN_SCHEMA_VERSION;
|
|
368
|
+
config: {
|
|
369
|
+
filePath: string | null;
|
|
370
|
+
tenant: string;
|
|
371
|
+
};
|
|
372
|
+
ledgerPath: string;
|
|
373
|
+
endpoint: string;
|
|
374
|
+
export: OtelTraceExportResult;
|
|
375
|
+
};
|
|
176
376
|
export type RealWorkflowRunInput = DemoRunInput & {
|
|
177
377
|
env?: Record<string, string | undefined>;
|
|
178
378
|
fetch?: typeof fetch;
|
|
@@ -186,7 +386,26 @@ export type RealWorkflowRunInput = DemoRunInput & {
|
|
|
186
386
|
prTitle?: string;
|
|
187
387
|
approvedBy?: string;
|
|
188
388
|
approveStepUp?: boolean;
|
|
389
|
+
hostedApproval?: boolean;
|
|
390
|
+
approvalEndpoint?: string;
|
|
391
|
+
approvalTokenEnv?: string;
|
|
392
|
+
approvalPollIntervalSeconds?: number;
|
|
393
|
+
approvalTimeoutSeconds?: number;
|
|
394
|
+
onApprovalPending?: (info: {
|
|
395
|
+
requestId: string;
|
|
396
|
+
endpoint: string;
|
|
397
|
+
}) => void;
|
|
398
|
+
store?: CredentialStore;
|
|
189
399
|
tamper?: boolean;
|
|
400
|
+
checkName?: string;
|
|
401
|
+
reviewLine?: number;
|
|
402
|
+
databaseResource?: string;
|
|
403
|
+
sqlStatement?: string;
|
|
404
|
+
sqlParameters?: JsonValue[];
|
|
405
|
+
maxRows?: number;
|
|
406
|
+
postgresClientFactory?: (connectionString: string) => PostgresQueryClient;
|
|
407
|
+
driveFileId?: string;
|
|
408
|
+
maxReadBytes?: number;
|
|
190
409
|
};
|
|
191
410
|
export type RealWorkflowTamperEvidence = {
|
|
192
411
|
step: string;
|
|
@@ -194,6 +413,29 @@ export type RealWorkflowTamperEvidence = {
|
|
|
194
413
|
mutation: string;
|
|
195
414
|
approvedPayloadHash: string;
|
|
196
415
|
attemptedPayloadHash: string;
|
|
416
|
+
/**
|
|
417
|
+
* The scoped-authority contrast: the agent still held a valid, exact-payload
|
|
418
|
+
* human approval for this tool + resource when it attempted the mutated
|
|
419
|
+
* payload. `scopeUnchanged` is computed by comparing the approved and
|
|
420
|
+
* attempted actions' tool + resource — when true, an authorizer that checks
|
|
421
|
+
* scope alone (a held, valid scoped token) would still authorize the call,
|
|
422
|
+
* and only the payload-hash binding caught the swap.
|
|
423
|
+
*/
|
|
424
|
+
scopedAuthority: {
|
|
425
|
+
tool: string;
|
|
426
|
+
resource: string;
|
|
427
|
+
approvedBy: string;
|
|
428
|
+
artifactId: string;
|
|
429
|
+
scopeUnchanged: boolean;
|
|
430
|
+
};
|
|
431
|
+
/**
|
|
432
|
+
* Whether the tamper step actually ran. A prior step failing (e.g. a
|
|
433
|
+
* GitHub branch collision on re-run) aborts the workflow before the Slack
|
|
434
|
+
* step, leaving the tamper unexercised. This must be distinguished from a
|
|
435
|
+
* step that ran and was not blocked, so a benign prior failure can never
|
|
436
|
+
* be misreported as "the tampered payload executed".
|
|
437
|
+
*/
|
|
438
|
+
reached: boolean;
|
|
197
439
|
blocked: boolean;
|
|
198
440
|
blockReasons: string[];
|
|
199
441
|
};
|
|
@@ -240,48 +482,675 @@ export type RealWorkflowRunResult = {
|
|
|
240
482
|
};
|
|
241
483
|
export declare function startProxyServer(input?: ProxyServerInput): Promise<ProxyServerHandle>;
|
|
242
484
|
export declare const INIT_SCHEMA_VERSION = "axtary.init.v0";
|
|
243
|
-
export declare const INIT_CONFIG_TEMPLATE:
|
|
485
|
+
export declare const INIT_CONFIG_TEMPLATE = "schemaVersion: axtary.config.v0\nissuer: https://local.axtary.dev\ntenant: org:local\nledger:\n path: .axtary/actions.jsonl\nruntime:\n allowUnsignedExecution: false\n handlerTimeoutMs: 10000\n status:\n enabled: true\n keyringPath: .axtary/keys/actionpass-issuer-keyring.json\n storePath: .axtary/actionpass-status.json\n ttlSeconds: 60\n expiresInSeconds: 120\n caep:\n enabled: false\n mappingPath: .axtary/caep-mappings.json\n replayPath: .axtary/ssf-replay.json\nadapters:\n # Start in fake mode: deterministic local adapters, no credentials needed.\n # Switch a provider to its real mode (rest/web/graphql) once its env token is set.\n github:\n mode: fake\n tokenEnv: GITHUB_TOKEN\n apiBaseUrl: https://api.github.com\n userAgent: axtary-local-proxy\n slack:\n mode: fake\n tokenEnv: SLACK_BOT_TOKEN\n apiBaseUrl: https://slack.com/api\n linear:\n mode: fake\n tokenEnv: LINEAR_API_KEY\n apiUrl: https://api.linear.app/graphql\n docs:\n mode: local\n # Local docs the agent may search. `axtary init` creates the docs/ root;\n # add or remove roots to match your project.\n roots:\n - docs\npolicy:\n version: \"starter-v0\"\n github:\n pullRequests:\n requiredBaseBranch: main\n maxFilesChanged: 12\n denyPathPrefixes:\n - .env\n - secrets/\n stepUpPathPrefixes:\n - infra/prod/\n - billing/\n - auth/\n requiresTests: true\n contents:\n denyReadPathPrefixes:\n - .env\n - secrets/\n - infra/prod/\n slack:\n messages:\n allowedChannels:\n - \"#axtary-dev\"\n stepUpExternalRecipients: true\ndemo:\n scenario: coding-agent\n";
|
|
244
486
|
export type InitRunInput = {
|
|
245
487
|
cwd?: string;
|
|
246
488
|
configPath?: string;
|
|
247
489
|
force?: boolean;
|
|
490
|
+
templateId?: string;
|
|
248
491
|
};
|
|
249
492
|
export type InitRunResult = {
|
|
250
493
|
schemaVersion: typeof INIT_SCHEMA_VERSION;
|
|
251
494
|
status: "created" | "exists";
|
|
252
495
|
configPath: string;
|
|
496
|
+
templateId: string | null;
|
|
497
|
+
policyTestPath: string | null;
|
|
253
498
|
};
|
|
254
499
|
export declare function runInit(input?: InitRunInput): Promise<InitRunResult>;
|
|
255
500
|
export declare function formatInitResult(result: InitRunResult): string;
|
|
256
501
|
export declare const MCP_SERVE_SCHEMA_VERSION = "axtary.mcp_serve.v0";
|
|
502
|
+
export declare const MCP_CONFORMANCE_RUN_SCHEMA_VERSION = "axtary.mcp_conformance_run.v0";
|
|
257
503
|
export type McpServeInput = {
|
|
258
504
|
configPath?: string;
|
|
259
505
|
cwd?: string;
|
|
260
506
|
ledgerPath?: string;
|
|
507
|
+
trustStorePath?: string;
|
|
508
|
+
dpopReplayStorePath?: string;
|
|
509
|
+
pinsPath?: string;
|
|
510
|
+
/**
|
|
511
|
+
* When true, a tool with no existing pin is quarantined until reviewed
|
|
512
|
+
* instead of trusted-on-first-use. Drift is always quarantined regardless.
|
|
513
|
+
*/
|
|
514
|
+
strict?: boolean;
|
|
261
515
|
wrap?: string;
|
|
516
|
+
wrapUrl?: string;
|
|
517
|
+
headers?: Record<string, string>;
|
|
518
|
+
oauth?: boolean;
|
|
519
|
+
oauthStore?: CredentialStore;
|
|
520
|
+
oauthFetch?: typeof fetch;
|
|
262
521
|
owner?: string;
|
|
263
522
|
input?: NodeJS.ReadableStream;
|
|
264
523
|
output?: NodeJS.WritableStream;
|
|
265
524
|
log?: (text: string) => void;
|
|
266
525
|
};
|
|
526
|
+
export type McpServeQuarantine = {
|
|
527
|
+
serverIdentity: string;
|
|
528
|
+
toolName: string;
|
|
529
|
+
reason: "definition_drifted" | "unpinned_strict";
|
|
530
|
+
discoveredHash: string;
|
|
531
|
+
pinnedHash: string | null;
|
|
532
|
+
};
|
|
267
533
|
export type McpServeHandle = {
|
|
268
534
|
schemaVersion: typeof MCP_SERVE_SCHEMA_VERSION;
|
|
269
535
|
ledgerPath: string;
|
|
536
|
+
trustStorePath: string;
|
|
537
|
+
dpopReplayStorePath: string;
|
|
538
|
+
pinsPath: string;
|
|
270
539
|
tools: Array<{
|
|
271
540
|
name: string;
|
|
272
541
|
serverIdentity: string;
|
|
273
542
|
definitionHash: string;
|
|
274
543
|
}>;
|
|
544
|
+
provenance: {
|
|
545
|
+
pinned: number;
|
|
546
|
+
pinnedOnFirstUse: number;
|
|
547
|
+
quarantined: McpServeQuarantine[];
|
|
548
|
+
};
|
|
275
549
|
done: Promise<void>;
|
|
276
550
|
close: () => Promise<void>;
|
|
277
551
|
};
|
|
278
552
|
export declare function startMcpServe(input?: McpServeInput): Promise<McpServeHandle>;
|
|
279
|
-
export declare function
|
|
553
|
+
export declare function resolveActionPassTrustStorePath(cwd: string, trustStorePath?: string): string;
|
|
554
|
+
export declare function resolveDpopReplayStorePath(cwd: string, dpopReplayStorePath?: string): string;
|
|
555
|
+
export type McpWrapTarget = {
|
|
556
|
+
/** stdio command line (whitespace-split, no shell quoting). */
|
|
557
|
+
wrap?: string;
|
|
558
|
+
/** Streamable HTTP MCP endpoint URL. */
|
|
559
|
+
wrapUrl?: string;
|
|
560
|
+
/** Extra HTTP headers (e.g. Authorization) for the HTTP transport. */
|
|
561
|
+
headers?: Record<string, string>;
|
|
562
|
+
/**
|
|
563
|
+
* Resolve the upstream bearer from the local OAuth broker for this remote MCP
|
|
564
|
+
* server (RFC 9728/8707 session created by `axtary mcp login`). The token is
|
|
565
|
+
* injected only into the upstream request header — never persisted to pins,
|
|
566
|
+
* ledger, or status. Requires `wrapUrl`.
|
|
567
|
+
*/
|
|
568
|
+
oauth?: boolean;
|
|
569
|
+
/** Credential store + fetch overrides for OAuth bearer resolution (tests). */
|
|
570
|
+
oauthStore?: CredentialStore;
|
|
571
|
+
oauthFetch?: typeof fetch;
|
|
572
|
+
};
|
|
573
|
+
export declare const MCP_PINS_REPORT_SCHEMA_VERSION = "axtary.mcp_pins_report.v0";
|
|
574
|
+
export declare const MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION = "axtary.mcp_publisher_trust_report.v0";
|
|
575
|
+
export declare const MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION = "axtary.mcp_signed_definition_verify.v0";
|
|
576
|
+
export type McpPublisherTrustResult = {
|
|
577
|
+
schemaVersion: typeof MCP_PUBLISHER_TRUST_REPORT_SCHEMA_VERSION;
|
|
578
|
+
trustPath: string;
|
|
579
|
+
registered: string | null;
|
|
580
|
+
publishers: Array<{
|
|
581
|
+
publisher: string;
|
|
582
|
+
keys: Array<{
|
|
583
|
+
kid: string;
|
|
584
|
+
alg: string;
|
|
585
|
+
kty: string;
|
|
586
|
+
crv: string;
|
|
587
|
+
}>;
|
|
588
|
+
}>;
|
|
589
|
+
};
|
|
590
|
+
export declare function runMcpTrustPublisher(input: {
|
|
591
|
+
publisher: string;
|
|
592
|
+
jwksPath: string;
|
|
593
|
+
trustPath?: string;
|
|
594
|
+
cwd?: string;
|
|
595
|
+
}): Promise<McpPublisherTrustResult>;
|
|
596
|
+
export declare function runMcpPublishers(input?: {
|
|
597
|
+
trustPath?: string;
|
|
598
|
+
cwd?: string;
|
|
599
|
+
}): Promise<McpPublisherTrustResult>;
|
|
600
|
+
export declare function formatMcpPublishers(result: McpPublisherTrustResult): string;
|
|
601
|
+
export type McpSignedDefinitionVerifyResult = {
|
|
602
|
+
schemaVersion: typeof MCP_SIGNED_DEFINITION_VERIFY_SCHEMA_VERSION;
|
|
603
|
+
trustPath: string;
|
|
604
|
+
definitionPath: string;
|
|
605
|
+
statementPath: string;
|
|
606
|
+
verification: McpSignedDefinitionVerification;
|
|
607
|
+
};
|
|
608
|
+
export declare function runMcpVerifyDefinition(input: {
|
|
609
|
+
definitionPath: string;
|
|
610
|
+
statementPath: string;
|
|
611
|
+
publisher: string;
|
|
612
|
+
trustPath?: string;
|
|
613
|
+
cwd?: string;
|
|
614
|
+
}): Promise<McpSignedDefinitionVerifyResult>;
|
|
615
|
+
export declare function formatMcpVerifyDefinition(result: McpSignedDefinitionVerifyResult): string;
|
|
616
|
+
export type McpPinsResult = {
|
|
617
|
+
schemaVersion: typeof MCP_PINS_REPORT_SCHEMA_VERSION;
|
|
618
|
+
pinsPath: string;
|
|
619
|
+
servers: Array<{
|
|
620
|
+
serverIdentity: string;
|
|
621
|
+
serverVersion: string | null;
|
|
622
|
+
tools: Array<{
|
|
623
|
+
toolName: string;
|
|
624
|
+
definitionHash: string;
|
|
625
|
+
schemaVersion: string;
|
|
626
|
+
pinnedAt: string;
|
|
627
|
+
publisher: string | null;
|
|
628
|
+
kid: string | null;
|
|
629
|
+
semver: string | null;
|
|
630
|
+
priorDefinitionHash: string | null;
|
|
631
|
+
}>;
|
|
632
|
+
}>;
|
|
633
|
+
};
|
|
634
|
+
export declare function runMcpPins(input: {
|
|
635
|
+
configPath?: string;
|
|
636
|
+
pinsPath?: string;
|
|
637
|
+
cwd?: string;
|
|
638
|
+
}): Promise<McpPinsResult>;
|
|
639
|
+
export declare function formatMcpPins(result: McpPinsResult): string;
|
|
640
|
+
export declare const MCP_REVIEW_SCHEMA_VERSION = "axtary.mcp_review.v0";
|
|
641
|
+
export type McpPublisherEvidence = {
|
|
642
|
+
trust: "verified" | "unsigned" | "untrusted" | "invalid";
|
|
643
|
+
publisher: string | null;
|
|
644
|
+
kid: string | null;
|
|
645
|
+
semver: string | null;
|
|
646
|
+
priorDefinitionHash: string | null;
|
|
647
|
+
chainVerdict: McpChainVerdict | null;
|
|
648
|
+
reason: string | null;
|
|
649
|
+
};
|
|
650
|
+
export type McpReviewEntry = McpPinReconcileEntry & {
|
|
651
|
+
publisherEvidence: McpPublisherEvidence;
|
|
652
|
+
};
|
|
653
|
+
export type McpReviewResult = {
|
|
654
|
+
schemaVersion: typeof MCP_REVIEW_SCHEMA_VERSION;
|
|
655
|
+
pinsPath: string;
|
|
656
|
+
trustPath: string;
|
|
657
|
+
signedDefinitionsPath: string;
|
|
658
|
+
accepted: boolean;
|
|
659
|
+
pinned: number;
|
|
660
|
+
pending: McpReviewEntry[];
|
|
661
|
+
tools: McpReviewEntry[];
|
|
662
|
+
};
|
|
663
|
+
export declare function runMcpReview(input: {
|
|
664
|
+
configPath?: string;
|
|
665
|
+
pinsPath?: string;
|
|
666
|
+
wrap?: string;
|
|
667
|
+
wrapUrl?: string;
|
|
668
|
+
headers?: Record<string, string>;
|
|
669
|
+
oauth?: boolean;
|
|
670
|
+
oauthStore?: CredentialStore;
|
|
671
|
+
oauthFetch?: typeof fetch;
|
|
672
|
+
publisherTrustPath?: string;
|
|
673
|
+
signedDefinitionsPath?: string;
|
|
674
|
+
accept?: boolean;
|
|
675
|
+
cwd?: string;
|
|
676
|
+
}): Promise<McpReviewResult>;
|
|
677
|
+
export declare function formatMcpReview(result: McpReviewResult): string;
|
|
678
|
+
export type McpConformanceRunInput = McpWrapTarget & {
|
|
679
|
+
configPath?: string;
|
|
680
|
+
pinsPath?: string;
|
|
681
|
+
ledgerPath?: string;
|
|
682
|
+
statusPath?: string;
|
|
683
|
+
attestationPath?: string;
|
|
684
|
+
keyPath?: string;
|
|
685
|
+
publisherTrustPath?: string;
|
|
686
|
+
signedDefinitionsPath?: string;
|
|
687
|
+
toolName: string;
|
|
688
|
+
arguments: Record<string, JsonValue>;
|
|
689
|
+
accept?: boolean;
|
|
690
|
+
owner?: string;
|
|
691
|
+
cwd?: string;
|
|
692
|
+
};
|
|
693
|
+
export type McpConformanceRunResult = {
|
|
694
|
+
schemaVersion: typeof MCP_CONFORMANCE_RUN_SCHEMA_VERSION;
|
|
695
|
+
pinsPath: string;
|
|
696
|
+
ledgerPath: string;
|
|
697
|
+
statusPath: string;
|
|
698
|
+
receipt: McpConformanceReceipt;
|
|
699
|
+
};
|
|
700
|
+
/**
|
|
701
|
+
* Exercise one explicitly selected live tool through the complete governed MCP
|
|
702
|
+
* path and persist a compact, secret-free receipt for operator surfaces.
|
|
703
|
+
*/
|
|
704
|
+
export declare function runMcpConformance(input: McpConformanceRunInput): Promise<McpConformanceRunResult>;
|
|
705
|
+
export declare function formatMcpConformance(result: McpConformanceRunResult): string;
|
|
706
|
+
export declare const MCP_DRIFT_DEMO_SCHEMA_VERSION = "axtary.mcp_drift_demo.v0";
|
|
707
|
+
export type McpDriftDemoPhase = {
|
|
708
|
+
isError: boolean;
|
|
709
|
+
text: string;
|
|
710
|
+
};
|
|
711
|
+
export type McpDriftDemoResult = {
|
|
712
|
+
schemaVersion: typeof MCP_DRIFT_DEMO_SCHEMA_VERSION;
|
|
713
|
+
tool: {
|
|
714
|
+
serverIdentity: string;
|
|
715
|
+
name: string;
|
|
716
|
+
};
|
|
717
|
+
approved: {
|
|
718
|
+
definitionHash: string;
|
|
719
|
+
description: string;
|
|
720
|
+
};
|
|
721
|
+
mutated: {
|
|
722
|
+
definitionHash: string;
|
|
723
|
+
description: string;
|
|
724
|
+
injectedInstruction: string;
|
|
725
|
+
};
|
|
726
|
+
phases: {
|
|
727
|
+
approvedCall: McpDriftDemoPhase;
|
|
728
|
+
driftedCall: McpDriftDemoPhase;
|
|
729
|
+
};
|
|
730
|
+
blocked: boolean;
|
|
731
|
+
blockReasons: string[];
|
|
732
|
+
mutatedInvokerCalled: boolean;
|
|
733
|
+
ledger: {
|
|
734
|
+
path: string;
|
|
735
|
+
valid: boolean;
|
|
736
|
+
records: Array<{
|
|
737
|
+
decision: string;
|
|
738
|
+
reasons: string[];
|
|
739
|
+
definitionHash: string | null;
|
|
740
|
+
}>;
|
|
741
|
+
};
|
|
742
|
+
};
|
|
743
|
+
/**
|
|
744
|
+
* The tool-poisoning counter, reproducible in one command: a wrapped MCP tool
|
|
745
|
+
* executes at its reviewed definition hash, then the definition mutates (a
|
|
746
|
+
* hidden instruction lands in the description) and the identical call is
|
|
747
|
+
* denied before the invoker runs — both hashes end up in the ledger.
|
|
748
|
+
*/
|
|
749
|
+
export declare function runMcpDriftDemo(input?: DemoRunInput): Promise<McpDriftDemoResult>;
|
|
750
|
+
export declare function runDemo(input?: DemoRunInput & {
|
|
751
|
+
approveStepUp?: boolean;
|
|
752
|
+
approvedBy?: string;
|
|
753
|
+
}): Promise<DemoRunResult>;
|
|
754
|
+
export declare function runTemplateDemo(input: TemplateDemoRunInput): Promise<TemplateDemoRunResult>;
|
|
280
755
|
export declare function runSmokeTest(input?: SmokeTestInput, io?: CliIo): Promise<number>;
|
|
281
756
|
export declare function runConnectorDoctor(input?: ConnectorDoctorInput): Promise<ConnectorDoctorResult>;
|
|
282
757
|
export declare function runTestPolicy(input: PolicyTestRunInput): Promise<PolicyTestRunResult>;
|
|
758
|
+
export declare function runPolicySimulate(input: PolicySimulateRunInput): Promise<PolicySimulateRunResult>;
|
|
759
|
+
export declare function runPolicyHarness(input: PolicyHarnessRunInput): Promise<PolicyHarnessRunResult>;
|
|
760
|
+
/**
|
|
761
|
+
* Three-engine parity: evaluates every shared fixture through the native
|
|
762
|
+
* evaluator, the Cedar policy set, and the compiled Rego bundle, and reports
|
|
763
|
+
* whether decisions and reason sets agree. Cedar/Rego run via optional wasm
|
|
764
|
+
* engines (repo devDependencies) loaded through @axtary/policy/parity.
|
|
765
|
+
*/
|
|
766
|
+
export declare function runPolicyParity(input?: PolicyParityRunInput): Promise<PolicyParityRunResult>;
|
|
767
|
+
export declare function runAcsConformance(input?: AcsConformanceRunInput): Promise<AcsConformanceRunResult>;
|
|
283
768
|
export declare function runLedgerExport(input?: LedgerExportRunInput): Promise<LedgerExportRunResult>;
|
|
284
769
|
export declare function runLedgerSync(input: LedgerSyncRunInput): Promise<LedgerSyncRunResult>;
|
|
770
|
+
export declare function runLedgerOtelExport(input: LedgerOtelExportRunInput): Promise<LedgerOtelExportRunResult>;
|
|
771
|
+
export type LedgerAttestRunInput = LedgerExportRunInput & {
|
|
772
|
+
/** Where to persist the local attestation key (defaults beside the ledger). */
|
|
773
|
+
keyPath?: string;
|
|
774
|
+
};
|
|
775
|
+
export type LedgerAttestRunResult = {
|
|
776
|
+
schemaVersion: typeof LEDGER_ATTEST_RUN_SCHEMA_VERSION;
|
|
777
|
+
config: {
|
|
778
|
+
filePath: string | null;
|
|
779
|
+
tenant: string;
|
|
780
|
+
};
|
|
781
|
+
ledgerPath: string;
|
|
782
|
+
keyPath: string;
|
|
783
|
+
keyId: string;
|
|
784
|
+
outputPath: string | null;
|
|
785
|
+
bundle: LedgerAttestationBundle;
|
|
786
|
+
};
|
|
787
|
+
export type LedgerVerifyExportRunInput = {
|
|
788
|
+
bundlePath: string;
|
|
789
|
+
issuer?: string;
|
|
790
|
+
cwd?: string;
|
|
791
|
+
json?: boolean;
|
|
792
|
+
};
|
|
793
|
+
export type LedgerVerifyExportRunResult = {
|
|
794
|
+
schemaVersion: typeof LEDGER_VERIFY_EXPORT_RUN_SCHEMA_VERSION;
|
|
795
|
+
bundlePath: string;
|
|
796
|
+
result: VerifyLedgerAttestationResult;
|
|
797
|
+
/**
|
|
798
|
+
* Approval↔execution equivalence summary over the verified export's
|
|
799
|
+
* execution records; null when the bundle did not verify. Verification
|
|
800
|
+
* itself already fails closed on any failed pair, so a valid result can
|
|
801
|
+
* only contain proved and unproven entries.
|
|
802
|
+
*/
|
|
803
|
+
equivalence: LedgerEquivalenceReport | null;
|
|
804
|
+
};
|
|
805
|
+
/**
|
|
806
|
+
* `axtary attest-ledger` — export the verified ledger and emit a signed,
|
|
807
|
+
* self-contained attestation bundle (export + JWS token + public key) that any
|
|
808
|
+
* third party can verify offline with only a JOSE library.
|
|
809
|
+
*/
|
|
810
|
+
export declare function runLedgerAttest(input?: LedgerAttestRunInput): Promise<LedgerAttestRunResult>;
|
|
811
|
+
/**
|
|
812
|
+
* `axtary verify-export` — the standalone verifier. Reads an attestation bundle
|
|
813
|
+
* and confirms the signature, the canonical export digest, and the record chain
|
|
814
|
+
* using only the bundle's embedded public key.
|
|
815
|
+
*/
|
|
816
|
+
export declare function runLedgerVerifyExport(input: LedgerVerifyExportRunInput): Promise<LedgerVerifyExportRunResult>;
|
|
817
|
+
export type LedgerProveEquivalenceRunInput = {
|
|
818
|
+
configPath?: string;
|
|
819
|
+
ledgerPath?: string;
|
|
820
|
+
cwd?: string;
|
|
821
|
+
from?: string;
|
|
822
|
+
to?: string;
|
|
823
|
+
decisions?: AxtaryDecision[];
|
|
824
|
+
outputPath?: string;
|
|
825
|
+
};
|
|
826
|
+
export type LedgerProveEquivalenceRunResult = {
|
|
827
|
+
schemaVersion: typeof LEDGER_PROVE_EQUIVALENCE_RUN_SCHEMA_VERSION;
|
|
828
|
+
config: {
|
|
829
|
+
filePath: string | null;
|
|
830
|
+
tenant: string;
|
|
831
|
+
};
|
|
832
|
+
ledgerPath: string;
|
|
833
|
+
outputPath: string | null;
|
|
834
|
+
report: LedgerEquivalenceReport;
|
|
835
|
+
};
|
|
836
|
+
/**
|
|
837
|
+
* `axtary prove-equivalence` — the queryable, exportable approval↔execution
|
|
838
|
+
* equivalence proof. Reads the ledger through the fail-closed export path
|
|
839
|
+
* (a tampered chain refuses to export at all), then reports, per execution
|
|
840
|
+
* record, the approved payload hash, the executed payload hash, and whether
|
|
841
|
+
* they are equal. Executions without approval evidence report `unproven`,
|
|
842
|
+
* never fake-proved.
|
|
843
|
+
*/
|
|
844
|
+
export declare function runLedgerProveEquivalence(input?: LedgerProveEquivalenceRunInput): Promise<LedgerProveEquivalenceRunResult>;
|
|
845
|
+
export type LedgerProveInclusionRunInput = {
|
|
846
|
+
bundlePath: string;
|
|
847
|
+
recordId?: string;
|
|
848
|
+
index?: number;
|
|
849
|
+
outputPath?: string;
|
|
850
|
+
cwd?: string;
|
|
851
|
+
json?: boolean;
|
|
852
|
+
};
|
|
853
|
+
export type LedgerProveInclusionRunResult = {
|
|
854
|
+
schemaVersion: typeof LEDGER_PROVE_INCLUSION_RUN_SCHEMA_VERSION;
|
|
855
|
+
bundlePath: string;
|
|
856
|
+
outputPath: string | null;
|
|
857
|
+
proof: LedgerInclusionProof;
|
|
858
|
+
};
|
|
859
|
+
/**
|
|
860
|
+
* `axtary prove-inclusion` — emit an RFC 6962 inclusion proof for one record in
|
|
861
|
+
* an attestation bundle. The proof's `merkleRoot` matches the bundle's signed
|
|
862
|
+
* tree head, so a third party can verify it against the signed attestation.
|
|
863
|
+
*/
|
|
864
|
+
export declare function runLedgerProveInclusion(input: LedgerProveInclusionRunInput): Promise<LedgerProveInclusionRunResult>;
|
|
865
|
+
export type LedgerProveConsistencyRunInput = {
|
|
866
|
+
firstBundlePath: string;
|
|
867
|
+
secondBundlePath: string;
|
|
868
|
+
outputPath?: string;
|
|
869
|
+
cwd?: string;
|
|
870
|
+
json?: boolean;
|
|
871
|
+
};
|
|
872
|
+
export type LedgerProveConsistencyRunResult = {
|
|
873
|
+
schemaVersion: typeof LEDGER_PROVE_CONSISTENCY_RUN_SCHEMA_VERSION;
|
|
874
|
+
firstBundlePath: string;
|
|
875
|
+
secondBundlePath: string;
|
|
876
|
+
outputPath: string | null;
|
|
877
|
+
proof: LedgerConsistencyProof;
|
|
878
|
+
};
|
|
879
|
+
/**
|
|
880
|
+
* `axtary prove-consistency` — emit an RFC 6962 consistency proof showing the
|
|
881
|
+
* second attestation's log append-only-extends the first. The proof binds both
|
|
882
|
+
* bundles' signed tree-head roots.
|
|
883
|
+
*/
|
|
884
|
+
export declare function runLedgerProveConsistency(input: LedgerProveConsistencyRunInput): Promise<LedgerProveConsistencyRunResult>;
|
|
885
|
+
export type LedgerVerifyProofRunInput = {
|
|
886
|
+
proofPath: string;
|
|
887
|
+
bundlePath?: string;
|
|
888
|
+
firstBundlePath?: string;
|
|
889
|
+
secondBundlePath?: string;
|
|
890
|
+
issuer?: string;
|
|
891
|
+
cwd?: string;
|
|
892
|
+
json?: boolean;
|
|
893
|
+
};
|
|
894
|
+
export type LedgerVerifyProofRunResult = {
|
|
895
|
+
schemaVersion: typeof LEDGER_VERIFY_PROOF_RUN_SCHEMA_VERSION;
|
|
896
|
+
proofType: "inclusion" | "consistency";
|
|
897
|
+
attestationValid: boolean;
|
|
898
|
+
proofResult: ProofVerificationResult;
|
|
899
|
+
valid: boolean;
|
|
900
|
+
};
|
|
901
|
+
/**
|
|
902
|
+
* `axtary verify-proof` — the standalone proof verifier. It re-verifies the
|
|
903
|
+
* signed tree head(s) from the bundle(s), then binds the inclusion/consistency
|
|
904
|
+
* proof to those signed roots, failing closed on any mismatch.
|
|
905
|
+
*/
|
|
906
|
+
export declare function runLedgerVerifyProof(input: LedgerVerifyProofRunInput): Promise<LedgerVerifyProofRunResult>;
|
|
907
|
+
export type LedgerForensicsRunInput = {
|
|
908
|
+
bundlePath?: string;
|
|
909
|
+
ledgerPath?: string;
|
|
910
|
+
configPath?: string;
|
|
911
|
+
cwd?: string;
|
|
912
|
+
json?: boolean;
|
|
913
|
+
};
|
|
914
|
+
export type LedgerForensicsRunResult = {
|
|
915
|
+
schemaVersion: typeof LEDGER_FORENSICS_RUN_SCHEMA_VERSION;
|
|
916
|
+
source: string;
|
|
917
|
+
evidence: "verified_attestation_bundle" | "verified_local_ledger";
|
|
918
|
+
report: ForensicReport;
|
|
919
|
+
};
|
|
920
|
+
/**
|
|
921
|
+
* `axtary forensics` — offline reconstruction of a delegation+execution incident
|
|
922
|
+
* from the ledger alone, asserting attenuation / reconstructibility / cascade
|
|
923
|
+
* containment. Reads an attestation bundle when given (so analysis runs over
|
|
924
|
+
* attested evidence), otherwise the local ledger.
|
|
925
|
+
*/
|
|
926
|
+
export declare function runLedgerForensics(input: LedgerForensicsRunInput): Promise<LedgerForensicsRunResult>;
|
|
927
|
+
export type ConnectRunInput = {
|
|
928
|
+
provider: string;
|
|
929
|
+
clientId?: string;
|
|
930
|
+
clientIdEnv?: string;
|
|
931
|
+
clientSecretEnv?: string;
|
|
932
|
+
redirectPort?: number;
|
|
933
|
+
redirectUri?: string;
|
|
934
|
+
cloudId?: string;
|
|
935
|
+
json?: boolean;
|
|
936
|
+
env?: Record<string, string | undefined>;
|
|
937
|
+
fetch?: typeof fetch;
|
|
938
|
+
store?: CredentialStore;
|
|
939
|
+
openBrowser?: (url: string) => void | Promise<void>;
|
|
940
|
+
onListening?: (port: number) => void;
|
|
941
|
+
stdout?: (text: string) => void;
|
|
942
|
+
};
|
|
943
|
+
export type ConnectRunResult = {
|
|
944
|
+
schemaVersion: typeof CONNECT_RUN_SCHEMA_VERSION;
|
|
945
|
+
provider: string;
|
|
946
|
+
account: string | null;
|
|
947
|
+
scopes: string[];
|
|
948
|
+
expiresAt: string | null;
|
|
949
|
+
secretBackend: "keychain" | "file";
|
|
950
|
+
context?: Record<string, string>;
|
|
951
|
+
};
|
|
952
|
+
/**
|
|
953
|
+
* `axtary connect <provider>` — local-loopback OAuth so a customer clicks
|
|
954
|
+
* "Allow" in the browser instead of hand-pasting a bot token. The customer
|
|
955
|
+
* brings their own OAuth app (client id/secret stay in local env, never reach
|
|
956
|
+
* Axtary); the obtained token is stored in the local credential broker (OS
|
|
957
|
+
* keychain or a 0600 file), never echoed.
|
|
958
|
+
*/
|
|
959
|
+
export declare function runConnect(input: ConnectRunInput): Promise<ConnectRunResult>;
|
|
960
|
+
export declare function runDisconnect(input: {
|
|
961
|
+
provider: string;
|
|
962
|
+
store?: CredentialStore;
|
|
963
|
+
}): Promise<{
|
|
964
|
+
provider: string;
|
|
965
|
+
removed: boolean;
|
|
966
|
+
}>;
|
|
967
|
+
export type ConnectionsRunResult = {
|
|
968
|
+
schemaVersion: typeof CONNECTIONS_SCHEMA_VERSION;
|
|
969
|
+
connections: CredentialMetadata[];
|
|
970
|
+
};
|
|
971
|
+
export declare function runConnections(input?: {
|
|
972
|
+
store?: CredentialStore;
|
|
973
|
+
}): Promise<ConnectionsRunResult>;
|
|
974
|
+
export type ActionPassRevokeRunInput = {
|
|
975
|
+
passId: string;
|
|
976
|
+
trustStorePath?: string;
|
|
977
|
+
statusStorePath?: string;
|
|
978
|
+
ledgerPath?: string;
|
|
979
|
+
configPath?: string;
|
|
980
|
+
cwd?: string;
|
|
981
|
+
revokedBy?: string;
|
|
982
|
+
reason?: string;
|
|
983
|
+
revokedAt?: Date;
|
|
984
|
+
};
|
|
985
|
+
export type ActionPassRevokeRunResult = {
|
|
986
|
+
schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
|
|
987
|
+
trustStorePath: string;
|
|
988
|
+
revocation: ActionPassRevocation;
|
|
989
|
+
statusStorePath: string | null;
|
|
990
|
+
ledgerPath: string | null;
|
|
991
|
+
ledgerEventId: string | null;
|
|
992
|
+
};
|
|
993
|
+
export declare function runActionPassRevoke(input: ActionPassRevokeRunInput): Promise<ActionPassRevokeRunResult>;
|
|
994
|
+
export declare function runActionPassRevocations(input?: {
|
|
995
|
+
trustStorePath?: string;
|
|
996
|
+
cwd?: string;
|
|
997
|
+
}): Promise<{
|
|
998
|
+
schemaVersion: typeof ACTIONPASS_REVOCATION_RUN_SCHEMA_VERSION;
|
|
999
|
+
trustStorePath: string;
|
|
1000
|
+
revocations: ActionPassRevocation[];
|
|
1001
|
+
}>;
|
|
1002
|
+
export declare function runIssuerKeyring(input?: {
|
|
1003
|
+
keyringPath?: string;
|
|
1004
|
+
cwd?: string;
|
|
1005
|
+
rotate?: boolean;
|
|
1006
|
+
retireAfterSeconds?: number;
|
|
1007
|
+
}): Promise<{
|
|
1008
|
+
schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
|
|
1009
|
+
keyringPath: string;
|
|
1010
|
+
activeKid: string;
|
|
1011
|
+
keys: Array<{
|
|
1012
|
+
kid: string;
|
|
1013
|
+
status: "active" | "retired";
|
|
1014
|
+
createdAt: string;
|
|
1015
|
+
retireAfter: string | null;
|
|
1016
|
+
}>;
|
|
1017
|
+
jwks: ReturnType<typeof issuerJwks>;
|
|
1018
|
+
}>;
|
|
1019
|
+
export declare function runActionPassStatus(input?: {
|
|
1020
|
+
statusStorePath?: string;
|
|
1021
|
+
cwd?: string;
|
|
1022
|
+
}): Promise<{
|
|
1023
|
+
schemaVersion: typeof ACTIONPASS_STATUS_RUN_SCHEMA_VERSION;
|
|
1024
|
+
statusStorePath: string;
|
|
1025
|
+
uri: string;
|
|
1026
|
+
entries: Array<{
|
|
1027
|
+
passId: string;
|
|
1028
|
+
index: number;
|
|
1029
|
+
status: number;
|
|
1030
|
+
updatedAt: string;
|
|
1031
|
+
}>;
|
|
1032
|
+
}>;
|
|
1033
|
+
export declare function runCaepMap(input: {
|
|
1034
|
+
issuer: string;
|
|
1035
|
+
subject: SsfSubjectIdentifier;
|
|
1036
|
+
rootPassIds: string[];
|
|
1037
|
+
mappingPath?: string;
|
|
1038
|
+
cwd?: string;
|
|
1039
|
+
}): Promise<{
|
|
1040
|
+
schemaVersion: typeof CAEP_MAPPING_RUN_SCHEMA_VERSION;
|
|
1041
|
+
mappingPath: string;
|
|
1042
|
+
mapping: Awaited<ReturnType<LocalCaepMappingStore["put"]>>;
|
|
1043
|
+
}>;
|
|
285
1044
|
export declare function runRealWorkflow(input?: RealWorkflowRunInput): Promise<RealWorkflowRunResult>;
|
|
1045
|
+
export declare const GITHUB_DEPTH_RUN_SCHEMA_VERSION = "axtary.github_depth_run.v0";
|
|
1046
|
+
export type GitHubDepthRunResult = {
|
|
1047
|
+
schemaVersion: typeof GITHUB_DEPTH_RUN_SCHEMA_VERSION;
|
|
1048
|
+
workflow: "github-depth";
|
|
1049
|
+
config: {
|
|
1050
|
+
filePath: string | null;
|
|
1051
|
+
tenant: string;
|
|
1052
|
+
};
|
|
1053
|
+
ledgerPath: string;
|
|
1054
|
+
status: "completed" | "blocked" | "failed";
|
|
1055
|
+
requiredModes: {
|
|
1056
|
+
github: "app";
|
|
1057
|
+
};
|
|
1058
|
+
inputs: {
|
|
1059
|
+
repoResource: string;
|
|
1060
|
+
issueKey: string;
|
|
1061
|
+
baseBranch: string;
|
|
1062
|
+
headBranch: string;
|
|
1063
|
+
prTitle: string;
|
|
1064
|
+
checkName: string;
|
|
1065
|
+
reviewLine: number;
|
|
1066
|
+
};
|
|
1067
|
+
target: {
|
|
1068
|
+
pullNumber: number;
|
|
1069
|
+
headSha: string;
|
|
1070
|
+
path: string;
|
|
1071
|
+
line: number;
|
|
1072
|
+
} | null;
|
|
1073
|
+
steps: RealWorkflowStepResult[];
|
|
1074
|
+
ledger: DemoRunResult["ledger"];
|
|
1075
|
+
};
|
|
1076
|
+
/**
|
|
1077
|
+
* GitHub-only depth proof: open a draft PR in the sandbox repo, then exercise
|
|
1078
|
+
* the three M7.3 write tools against that PR — an inline review comment, a check
|
|
1079
|
+
* run on its head commit, and a conversation comment — each governed by policy,
|
|
1080
|
+
* payload-bound by an ActionPass, and written to the ledger as a decision +
|
|
1081
|
+
* execution-outcome pair. Requires only the GitHub credential.
|
|
1082
|
+
*/
|
|
1083
|
+
export declare function runGitHubDepthWorkflow(input?: RealWorkflowRunInput): Promise<GitHubDepthRunResult>;
|
|
1084
|
+
export declare const POSTGRES_READ_RUN_SCHEMA_VERSION = "axtary.postgres_read_run.v0";
|
|
1085
|
+
export type PostgresReadRunResult = {
|
|
1086
|
+
schemaVersion: typeof POSTGRES_READ_RUN_SCHEMA_VERSION;
|
|
1087
|
+
workflow: "postgres-read";
|
|
1088
|
+
config: {
|
|
1089
|
+
filePath: string | null;
|
|
1090
|
+
tenant: string;
|
|
1091
|
+
};
|
|
1092
|
+
ledgerPath: string;
|
|
1093
|
+
status: "completed" | "blocked" | "failed";
|
|
1094
|
+
requiredModes: {
|
|
1095
|
+
postgres: "postgres";
|
|
1096
|
+
};
|
|
1097
|
+
inputs: {
|
|
1098
|
+
databaseResource: string;
|
|
1099
|
+
statementHash: string | null;
|
|
1100
|
+
predicateHash: string | null;
|
|
1101
|
+
tables: string[];
|
|
1102
|
+
parameterCount: number;
|
|
1103
|
+
parameterHash: string;
|
|
1104
|
+
maxRows: number;
|
|
1105
|
+
};
|
|
1106
|
+
step: RealWorkflowStepResult;
|
|
1107
|
+
ledger: DemoRunResult["ledger"];
|
|
1108
|
+
};
|
|
1109
|
+
export declare function runPostgresReadWorkflow(input?: RealWorkflowRunInput): Promise<PostgresReadRunResult>;
|
|
1110
|
+
export declare const DRIVE_READ_RUN_SCHEMA_VERSION = "axtary.drive_read_run.v0";
|
|
1111
|
+
export type DriveReadRunResult = {
|
|
1112
|
+
schemaVersion: typeof DRIVE_READ_RUN_SCHEMA_VERSION;
|
|
1113
|
+
workflow: "drive-read";
|
|
1114
|
+
config: {
|
|
1115
|
+
filePath: string | null;
|
|
1116
|
+
tenant: string;
|
|
1117
|
+
};
|
|
1118
|
+
ledgerPath: string;
|
|
1119
|
+
status: "completed" | "blocked" | "failed";
|
|
1120
|
+
requiredModes: {
|
|
1121
|
+
drive: "rest";
|
|
1122
|
+
};
|
|
1123
|
+
inputs: {
|
|
1124
|
+
fileId: string;
|
|
1125
|
+
resource: string;
|
|
1126
|
+
maxBytes: number;
|
|
1127
|
+
source: "argument" | "picker_context" | "config";
|
|
1128
|
+
};
|
|
1129
|
+
step: RealWorkflowStepResult;
|
|
1130
|
+
ledger: DemoRunResult["ledger"];
|
|
1131
|
+
};
|
|
1132
|
+
export declare function runDriveReadWorkflow(input?: RealWorkflowRunInput): Promise<DriveReadRunResult>;
|
|
286
1133
|
export declare function runAxtaryCli(argv?: string[], io?: CliIo): Promise<number>;
|
|
1134
|
+
/**
|
|
1135
|
+
* One line summarizing the approval↔execution equivalence over a set of
|
|
1136
|
+
* execution records. Verification fails closed on any failed pair, so a
|
|
1137
|
+
* summary rendered for a VALID export can only contain proved + unproven.
|
|
1138
|
+
*/
|
|
1139
|
+
export declare function equivalenceSummaryLine(report: LedgerEquivalenceReport): string;
|
|
1140
|
+
/**
|
|
1141
|
+
* The tamper-outcome line, with the three states kept distinct: blocked
|
|
1142
|
+
* (the win), not-blocked (a real security failure), and not-reached (a prior
|
|
1143
|
+
* step failed before Slack, so the tamper was never exercised — must never be
|
|
1144
|
+
* reported as the tampered payload executing).
|
|
1145
|
+
*/
|
|
1146
|
+
/**
|
|
1147
|
+
* The scoped-authority contrast line — the differentiation beat spelled out:
|
|
1148
|
+
* the agent still held a valid, exact-payload human approval whose tool +
|
|
1149
|
+
* resource scope matched the attempted call, so an authorizer that checks
|
|
1150
|
+
* scope alone would have let the swapped payload through. Only claim that
|
|
1151
|
+
* when `scopeUnchanged` was actually computed true; otherwise state the
|
|
1152
|
+
* scope changed too, which any authorizer should reject.
|
|
1153
|
+
*/
|
|
1154
|
+
export declare function scopedAuthorityLine(authority: RealWorkflowTamperEvidence["scopedAuthority"]): string;
|
|
1155
|
+
export declare function tamperOutcomeLine(tamper: RealWorkflowTamperEvidence): string;
|
|
287
1156
|
//# sourceMappingURL=index.d.ts.map
|