@continuonai/rcan-ts 1.2.1 → 1.2.3

package/dist/browser.d.mts

@@ -102,7 +102,7 @@ declare enum MessageType {
 /** §8.5 — Sender Type and Service Identity */
 type SenderType = "robot" | "human" | "cloud_function" | "system";
 /** §12 — Command Delegation and Chain of Custody */
-interface DelegationHop {
+interface DelegationHop$1 {
     issuerRuri: string;
     humanSubject: string;
     timestamp: string;
@@ -139,7 +139,7 @@ interface RCANMessageData {
     /** v1.5: GAP-09 key id */
     keyId?: string;
     /** v1.5: GAP-01 delegation chain */
-    delegationChain?: DelegationHop[];
+    delegationChain?: DelegationHop$1[];
     /** v1.5: GAP-13 fleet group */
     groupId?: string;
     /** v1.5: GAP-11 QoS level */
@@ -161,6 +161,11 @@ interface RCANMessageData {
     attestationRef?: string;
     /** v2.2: ML-DSA-65 post-quantum signature block (field 16, FIPS 204). Hybrid mode alongside Ed25519. */
     pqSig?: PQSignatureBlock | undefined;
+    /** v2.2 snake_case envelope aliases (spec §3.2) */
+    firmware_hash?: string;
+    attestation_ref?: string;
+    pq_sig?: string;
+    pq_alg?: string;
     [key: string]: unknown;
 }
 declare class RCANMessageError extends Error {
@@ -181,7 +186,7 @@ declare class RCANMessage {
     readonly senderType: SenderType | undefined;
     readonly cloudProvider: string | undefined;
     readonly keyId: string | undefined;
-    readonly delegationChain: DelegationHop[] | undefined;
+    readonly delegationChain: DelegationHop$1[] | undefined;
     readonly groupId: string | undefined;
     readonly qos: number | undefined;
     readonly presenceVerified: boolean | undefined;
@@ -220,7 +225,7 @@ declare function makeCloudRelayMessage(base: RCANMessage, provider: string): RCA
 /**
  * §12 — Add a delegation hop to a message.
  */
-declare function addDelegationHop(msg: RCANMessage, hop: DelegationHop): RCANMessage;
+declare function addDelegationHop(msg: RCANMessage, hop: DelegationHop$1): RCANMessage;
 /**
  * §12 — Validate a delegation chain (structure only; signature verification
  * requires crypto module).
@@ -229,7 +234,7 @@ declare function addDelegationHop(msg: RCANMessage, hop: DelegationHop): RCANMes
  *  - Max depth 4 hops
  *  - Each hop must have issuerRuri, humanSubject, timestamp, scope, signature
  */
-declare function validateDelegationChain(chain: DelegationHop[]): {
+declare function validateDelegationChain$1(chain: DelegationHop$1[]): {
     valid: boolean;
     reason: string;
 };
@@ -750,14 +755,14 @@ interface TransparencyMessage {
     timestamp_ms: number;
     message_id: string;
     /** v1.5 GAP-22: third-party control chain */
-    delegation_chain?: DelegationHop[];
+    delegation_chain?: DelegationHop$1[];
 }
 /**
  * Build a TRANSPARENCY message for EU AI Act Article 13 compliance.
  *
  * v1.5 (GAP-22): includes delegation_chain when available.
  */
-declare function makeTransparencyMessage(ruri: string, disclosure: string, delegationChain?: DelegationHop[]): TransparencyMessage;
+declare function makeTransparencyMessage(ruri: string, disclosure: string, delegationChain?: DelegationHop$1[]): TransparencyMessage;
 
 /**
  * RCAN Protocol Version — single source of truth.
@@ -766,9 +771,9 @@ declare function makeTransparencyMessage(ruri: string, disclosure: string, deleg
  * §3.5 — Protocol Version Compatibility
  */
 /** The RCAN spec version this SDK implements. */
-declare const SPEC_VERSION = "2.2.0";
+declare const SPEC_VERSION = "2.2.1";
 /** The SDK release version. */
-declare const SDK_VERSION = "1.2.1";
+declare const SDK_VERSION = "1.2.2";
 /**
  * Validate version compatibility.
  *
@@ -1466,7 +1471,7 @@ declare enum MediaEncoding {
     BASE64 = "base64",
     REF = "ref"
 }
-interface MediaChunk {
+interface MediaChunk$1 {
     chunkId: string;
     mimeType: string;
     encoding: MediaEncoding;
@@ -1479,7 +1484,7 @@ interface StreamChunk {
     streamId: string;
     chunkIndex: number;
     isFinal: boolean;
-    chunk: MediaChunk;
+    chunk: MediaChunk$1;
 }
 /**
  * Attach inline (base64-encoded) media to a message.
@@ -1914,6 +1919,77 @@ declare const addPQSignature: typeof signMessage;
 /** @deprecated Use verifyMessage() — Ed25519 is removed in RCAN v2.2 */
 declare function verifyPQSignature(msg: RCANMessage, trustedKeys: MLDSAKeyPair[], _requirePQ?: boolean): Promise<void>;
 
+/**
+ * rcan/mcp.ts — MCP integration types for RCAN v2.2 §22
+ *
+ * Provider-agnostic: LoA is tied to the token, not the model or AI provider.
+ */
+/** LoA → RCAN command scopes mapping (§22.4) */
+declare const LOA_TO_SCOPES: Record<number, string[]>;
+/** Required LoA for each MCP tool (§22.3) */
+declare const TOOL_LOA_REQUIREMENTS: Record<string, number>;
+/** MCP client entry stored in the RCAN yaml mcp_clients: block */
+interface McpClientConfig {
+    name: string;
+    token_hash: string;
+    loa: number;
+}
+/** Full MCP server configuration extracted from the RCAN yaml */
+interface McpServerConfig {
+    rrn: string;
+    clients: McpClientConfig[];
+}
+/** Check if a client's LoA satisfies a tool's requirement */
+declare function clientAllowsTool(client: McpClientConfig, toolName: string): boolean;
+/** Tool call result shapes */
+interface RobotStatusResult {
+    rrn: string;
+    status: Record<string, unknown>;
+}
+interface FleetListResult {
+    fleet: Record<string, unknown>[];
+}
+interface RrfLookupResult {
+    entity_id: string;
+    record: Record<string, unknown>;
+}
+interface RobotCommandResult {
+    rrn: string;
+    instruction: string;
+    scope: string;
+    result: Record<string, unknown>;
+}
+interface ComplianceReportResult {
+    rrn: string;
+    compliance: Record<string, unknown>;
+}
+
+/**
+ * RCAN v2.2 Delegation and Media envelope types.
+ * Spec: https://robotregistryfoundation.org/docs/mcp/
+ */
+/** A single hop in a v2.2 delegation chain. */
+interface DelegationHop {
+    robot_rrn: string;
+    scope: string;
+    issued_at: string;
+    expires_at: string;
+    sig?: string;
+}
+/** An inline or by-reference media attachment for v2.2 messages. */
+interface MediaChunk {
+    chunk_id: string;
+    mime_type: string;
+    size_bytes: number;
+    hash_sha256: string;
+    data?: string;
+    ref_url?: string;
+}
+declare function validateDelegationChain(chain: DelegationHop[]): void;
+declare function verifyMediaChunkHash(chunk: MediaChunk): void;
+type V22DelegationHop = DelegationHop;
+type V22MediaChunk = MediaChunk;
+
 /**
  * rcan-ts — Official TypeScript SDK for RCAN v1.6
  * Robot Communication and Accountability Network
@@ -1926,4 +2002,4 @@ declare const VERSION = "0.6.0";
 /** @deprecated Use SPEC_VERSION from ./version instead */
 declare const RCAN_VERSION = "1.6";
 
-export { AUTHORITY_ERROR_CODES, type ApprovalStatus, AuditChain, AuditError, type AuditExportRequest, type AuthorityAccessPayload, type AuthorityAccessPayloadWire, type AuthorityDataCategory, type AuthorityResponseData, type AuthorityResponsePayload, COMPETITION_SCOPE_LEVEL, CONTRIBUTE_SCOPE_LEVEL, type CachedKey, type ChainVerifyResult, ClockDriftError, type ClockSyncStatus, CommitmentRecord, type CommitmentRecordData, type CommitmentRecordJSON, type CompetitionBadge, type CompetitionEnter, type CompetitionFormat, type CompetitionScore, type ComputeResource, ConfidenceGate, type ConsentRequestParams, type ConsentResponseParams, type ConsentType, type ContributeCancel, type ContributeRequest, type ContributeResult, DEFAULT_LOA_POLICY, DataCategory, type DelegationHop, FIRMWARE_MANIFEST_PATH, FaultCode, type FaultReportParams, type FaultSeverity, type FederationSyncPayload, FederationSyncType, type FirmwareComponent, FirmwareIntegrityError, type FirmwareManifest, type FirmwareManifestWire, GateError, HiTLGate, type IdentityRecord, type JWKEntry, type JWKSDocument, KeyStore, LevelOfAssurance, type ListResult, type LoaPolicy, M2MAuthError, type M2MPeerClaims, type M2MTrustedClaims, M2M_TRUSTED_ISSUER, MLDSAKeyPair, type MLDSAKeyPairData, type MediaChunk, MediaEncoding, MessageType, NodeClient, type OfflineCommandResult, OfflineModeManager, type OfflineState, PRODUCTION_LOA_POLICY, type PendingApproval, type PersonalResearchResult, QoSAckTimeoutError, QoSLevel, QoSManager, type QoSResult, type QoSSendOptions, RCANAddressError, type RCANAgentConfig, type RCANConfig, RCANConfigAuthorizationError, RCANDelegationChainError, RCANError, RCANGateError, RCANMessage, type RCANMessageData, type RCANMessageEnvelope, RCANMessageError, type RCANMetadata, RCANNodeError, RCANNodeNotFoundError, RCANNodeSyncError, RCANNodeTrustError, RCANRegistryError, type RCANRegistryNode, RCANReplayAttackError, type RCANResolveResult, RCANSignatureError, RCANValidationError, RCANVersionIncompatibleError, RCAN_VERSION, ROLE_JWT_LEVEL, RRF_REVOCATION_CACHE_TTL_MS, RRF_REVOCATION_URL, type RegistrationResult, RegistryClient, type RegistryIdentity, RegistryTier, ReplayCache, type ReplayCheckResult, type ReplayableMessage, type ResearchMetrics, RevocationCache$1 as RevocationCache, type RevocationStatus, type RevocationStatusValue, type Robot, type RobotRegistration, RobotURI, RobotURIError, type RobotURIOptions, Role, type RunType, SAFETY_MESSAGE_TYPE, SCOPE_MIN_ROLE, SDK_VERSION, SPEC_VERSION, type SafetyEvent, type SafetyMessage, type ScopeValidationResult, type SeasonStanding, type SenderType, type SignatureBlock, type StandingEntry, type StreamChunk, type TrainingConsentRequestParams, type TransparencyMessage, TransportEncoding, TransportError, TrustAnchorCache, VERSION, type ValidationResult, type WorkUnitStatus, addDelegationHop, addMediaInline, addMediaRef, addPQSignature, assertClockSynced, authorityAccessFromWire, authorityAccessToWire, canonicalManifestJson, checkClockSync, checkRevocation, decodeBleFrames, decodeCompact, decodeMinimal, encodeBleFrames, encodeCompact, encodeMinimal, extractIdentityFromJwt, extractLoaFromJwt, extractRoleFromJwt, fetchCanonicalSchema, fetchRRFRevocations, isAuthorityRequestValid, isM2mTrustedRevoked, isPreemptedBy, isSafetyMessage, makeCloudRelayMessage, makeCompetitionEnter, makeCompetitionScore, makeConfigUpdate, makeConsentDeny, makeConsentGrant, makeConsentRequest, makeContributeCancel, makeContributeRequest, makeContributeResult, makeEstopMessage, makeEstopWithQoS, makeFaultReport, makeFederationSync, makeKeyRotationMessage, makePersonalResearchResult, makeResumeMessage, makeRevocationBroadcast, makeSeasonStanding, makeStopMessage, makeStreamChunk, makeTrainingConsentDeny, makeTrainingConsentGrant, makeTrainingConsentRequest, makeTrainingDataMessage, makeTransparencyMessage, manifestFromWire, manifestToWire, parseM2mPeerToken, parseM2mTrustedToken, roleFromJwtLevel, selectTransport, signMessage, validateAuthorityAccess, validateCompetitionScope, validateConfig, validateConfigAgainstSchema, validateConfigUpdate, validateConsentMessage, validateContributeScope, validateCrossRegistryCommand, validateDelegationChain, validateLoaForScope, validateManifest, validateMediaChunks, validateMessage, validateNodeAgainstSchema, validateReplay, validateRoleForScope, validateSafetyMessage, validateTrainingDataMessage, validateURI, validateVersionCompat, verifyM2mTrustedToken, verifyM2mTrustedTokenClaims, verifyMessage, verifyPQSignature };
+export { AUTHORITY_ERROR_CODES, type ApprovalStatus, AuditChain, AuditError, type AuditExportRequest, type AuthorityAccessPayload, type AuthorityAccessPayloadWire, type AuthorityDataCategory, type AuthorityResponseData, type AuthorityResponsePayload, COMPETITION_SCOPE_LEVEL, CONTRIBUTE_SCOPE_LEVEL, type CachedKey, type ChainVerifyResult, ClockDriftError, type ClockSyncStatus, CommitmentRecord, type CommitmentRecordData, type CommitmentRecordJSON, type CompetitionBadge, type CompetitionEnter, type CompetitionFormat, type CompetitionScore, type ComplianceReportResult, type ComputeResource, ConfidenceGate, type ConsentRequestParams, type ConsentResponseParams, type ConsentType, type ContributeCancel, type ContributeRequest, type ContributeResult, DEFAULT_LOA_POLICY, DataCategory, type DelegationHop$1 as DelegationHop, FIRMWARE_MANIFEST_PATH, FaultCode, type FaultReportParams, type FaultSeverity, type FederationSyncPayload, FederationSyncType, type FirmwareComponent, FirmwareIntegrityError, type FirmwareManifest, type FirmwareManifestWire, type FleetListResult, GateError, HiTLGate, type IdentityRecord, type JWKEntry, type JWKSDocument, KeyStore, LOA_TO_SCOPES, LevelOfAssurance, type ListResult, type LoaPolicy, M2MAuthError, type M2MPeerClaims, type M2MTrustedClaims, M2M_TRUSTED_ISSUER, MLDSAKeyPair, type MLDSAKeyPairData, type McpClientConfig, type McpServerConfig, type MediaChunk$1 as MediaChunk, MediaEncoding, MessageType, NodeClient, type OfflineCommandResult, OfflineModeManager, type OfflineState, PRODUCTION_LOA_POLICY, type PendingApproval, type PersonalResearchResult, QoSAckTimeoutError, QoSLevel, QoSManager, type QoSResult, type QoSSendOptions, RCANAddressError, type RCANAgentConfig, type RCANConfig, RCANConfigAuthorizationError, RCANDelegationChainError, RCANError, RCANGateError, RCANMessage, type RCANMessageData, type RCANMessageEnvelope, RCANMessageError, type RCANMetadata, RCANNodeError, RCANNodeNotFoundError, RCANNodeSyncError, RCANNodeTrustError, RCANRegistryError, type RCANRegistryNode, RCANReplayAttackError, type RCANResolveResult, RCANSignatureError, RCANValidationError, RCANVersionIncompatibleError, RCAN_VERSION, ROLE_JWT_LEVEL, RRF_REVOCATION_CACHE_TTL_MS, RRF_REVOCATION_URL, type RegistrationResult, RegistryClient, type RegistryIdentity, RegistryTier, ReplayCache, type ReplayCheckResult, type ReplayableMessage, type ResearchMetrics, RevocationCache$1 as RevocationCache, type RevocationStatus, type RevocationStatusValue, type Robot, type RobotCommandResult, type RobotRegistration, type RobotStatusResult, RobotURI, RobotURIError, type RobotURIOptions, Role, type RrfLookupResult, type RunType, SAFETY_MESSAGE_TYPE, SCOPE_MIN_ROLE, SDK_VERSION, SPEC_VERSION, type SafetyEvent, type SafetyMessage, type ScopeValidationResult, type SeasonStanding, type SenderType, type SignatureBlock, type StandingEntry, type StreamChunk, TOOL_LOA_REQUIREMENTS, type TrainingConsentRequestParams, type TransparencyMessage, TransportEncoding, TransportError, TrustAnchorCache, type V22DelegationHop, type V22MediaChunk, VERSION, type ValidationResult, type WorkUnitStatus, addDelegationHop, addMediaInline, addMediaRef, addPQSignature, assertClockSynced, authorityAccessFromWire, authorityAccessToWire, canonicalManifestJson, checkClockSync, checkRevocation, clientAllowsTool, decodeBleFrames, decodeCompact, decodeMinimal, encodeBleFrames, encodeCompact, encodeMinimal, extractIdentityFromJwt, extractLoaFromJwt, extractRoleFromJwt, fetchCanonicalSchema, fetchRRFRevocations, isAuthorityRequestValid, isM2mTrustedRevoked, isPreemptedBy, isSafetyMessage, makeCloudRelayMessage, makeCompetitionEnter, makeCompetitionScore, makeConfigUpdate, makeConsentDeny, makeConsentGrant, makeConsentRequest, makeContributeCancel, makeContributeRequest, makeContributeResult, makeEstopMessage, makeEstopWithQoS, makeFaultReport, makeFederationSync, makeKeyRotationMessage, makePersonalResearchResult, makeResumeMessage, makeRevocationBroadcast, makeSeasonStanding, makeStopMessage, makeStreamChunk, makeTrainingConsentDeny, makeTrainingConsentGrant, makeTrainingConsentRequest, makeTrainingDataMessage, makeTransparencyMessage, manifestFromWire, manifestToWire, parseM2mPeerToken, parseM2mTrustedToken, roleFromJwtLevel, selectTransport, signMessage, validateAuthorityAccess, validateCompetitionScope, validateConfig, validateConfigAgainstSchema, validateConfigUpdate, validateConsentMessage, validateContributeScope, validateCrossRegistryCommand, validateDelegationChain$1 as validateDelegationChain, validateLoaForScope, validateManifest, validateMediaChunks, validateMessage, validateNodeAgainstSchema, validateReplay, validateRoleForScope, validateSafetyMessage, validateTrainingDataMessage, validateURI, validateDelegationChain as validateV22DelegationChain, validateVersionCompat, verifyM2mTrustedToken, verifyM2mTrustedTokenClaims, verifyMessage, verifyPQSignature, verifyMediaChunkHash as verifyV22MediaChunkHash };

package/dist/browser.mjs

@@ -99,8 +99,8 @@ var RobotURI = class _RobotURI {
 };
 
 // src/version.ts
-var SPEC_VERSION = "2.2.0";
-var SDK_VERSION = "1.2.1";
+var SPEC_VERSION = "2.2.1";
+var SDK_VERSION = "1.2.2";
 function validateVersionCompat(incomingVersion, localVersion = SPEC_VERSION) {
   const parseParts = (v) => {
     const parts = v.split(".");
@@ -3229,6 +3229,66 @@ async function verifyPQSignature(msg, trustedKeys, _requirePQ = true) {
   return verifyMessage(msg, trustedKeys);
 }
 
+// src/mcp.ts
+var LOA_TO_SCOPES = {
+  0: ["discover", "status", "transparency"],
+  1: ["chat", "control", "system"],
+  3: ["system", "safety"]
+};
+var TOOL_LOA_REQUIREMENTS = {
+  // Tier 0 — read
+  robot_ping: 0,
+  robot_status: 0,
+  robot_telemetry: 0,
+  fleet_list: 0,
+  rrf_lookup: 0,
+  compliance_report: 0,
+  // Tier 1 — operate
+  robot_command: 1,
+  harness_get: 1,
+  research_run: 1,
+  contribute_toggle: 1,
+  components_list: 1,
+  // Tier 3 — admin
+  harness_set: 3,
+  system_upgrade: 3,
+  loa_enable: 3
+};
+function clientAllowsTool(client, toolName) {
+  const required = TOOL_LOA_REQUIREMENTS[toolName] ?? 99;
+  return client.loa >= required;
+}
+
+// src/delegation.ts
+var MAX_DELEGATION_DEPTH = 3;
+function validateDelegationChain2(chain) {
+  if (chain.length > MAX_DELEGATION_DEPTH) {
+    throw new Error(
+      `RCAN: delegation chain max depth is ${MAX_DELEGATION_DEPTH}, got ${chain.length}`
+    );
+  }
+}
+var _hashImpl;
+function verifyMediaChunkHash(chunk) {
+  if (!chunk.data) return;
+  let actual;
+  if (_hashImpl) {
+    actual = _hashImpl(chunk.data);
+  } else {
+    try {
+      const m = typeof __require !== "undefined" ? __require : null;
+      if (!m) return;
+      const { createHash } = m("node:crypto");
+      actual = "sha256:" + createHash("sha256").update(chunk.data).digest("hex");
+    } catch {
+      return;
+    }
+  }
+  if (actual !== chunk.hash_sha256) {
+    throw new Error(`MediaChunk hash mismatch: expected ${chunk.hash_sha256}, got ${actual}`);
+  }
+}
+
 // src/index.ts
 var VERSION = "0.6.0";
 var RCAN_VERSION = "1.6";
@@ -3250,6 +3310,7 @@ export {
   GateError,
   HiTLGate,
   KeyStore,
+  LOA_TO_SCOPES,
   LevelOfAssurance,
   M2MAuthError,
   M2M_TRUSTED_ISSUER,
@@ -3293,6 +3354,7 @@ export {
   SCOPE_MIN_ROLE,
   SDK_VERSION,
   SPEC_VERSION,
+  TOOL_LOA_REQUIREMENTS,
   TransportEncoding,
   TransportError,
   TrustAnchorCache,
@@ -3307,6 +3369,7 @@ export {
   canonicalManifestJson,
   checkClockSync,
   checkRevocation,
+  clientAllowsTool,
   decodeBleFrames,
   decodeCompact,
   decodeMinimal,
@@ -3374,10 +3437,12 @@ export {
   validateSafetyMessage,
   validateTrainingDataMessage,
   validateURI,
+  validateDelegationChain2 as validateV22DelegationChain,
   validateVersionCompat,
   verifyM2mTrustedToken,
   verifyM2mTrustedTokenClaims,
   verifyMessage,
-  verifyPQSignature
+  verifyPQSignature,
+  verifyMediaChunkHash as verifyV22MediaChunkHash
 };
 //# sourceMappingURL=browser.mjs.map