npm - @longarc/mdash - Versions diffs - 3.0.0 - Mend

@longarc/mdash 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/README.md +278 -0
package/dist/checkpoint/engine.d.ts +208 -0
package/dist/checkpoint/engine.d.ts.map +1 -0
package/dist/checkpoint/engine.js +369 -0
package/dist/checkpoint/engine.js.map +1 -0
package/dist/context/engine.d.ts +197 -0
package/dist/context/engine.d.ts.map +1 -0
package/dist/context/engine.js +392 -0
package/dist/context/engine.js.map +1 -0
package/dist/core/commitment.d.ts +154 -0
package/dist/core/commitment.d.ts.map +1 -0
package/dist/core/commitment.js +305 -0
package/dist/core/commitment.js.map +1 -0
package/dist/core/crypto.d.ts +100 -0
package/dist/core/crypto.d.ts.map +1 -0
package/dist/core/crypto.js +243 -0
package/dist/core/crypto.js.map +1 -0
package/dist/index.d.ts +121 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +234 -0
package/dist/index.js.map +1 -0
package/dist/mcca/engine.d.ts +260 -0
package/dist/mcca/engine.d.ts.map +1 -0
package/dist/mcca/engine.js +518 -0
package/dist/mcca/engine.js.map +1 -0
package/dist/physics/engine.d.ts +165 -0
package/dist/physics/engine.d.ts.map +1 -0
package/dist/physics/engine.js +371 -0
package/dist/physics/engine.js.map +1 -0
package/dist/tee/engine.d.ts +285 -0
package/dist/tee/engine.d.ts.map +1 -0
package/dist/tee/engine.js +505 -0
package/dist/tee/engine.js.map +1 -0
package/dist/warrant/engine.d.ts +195 -0
package/dist/warrant/engine.d.ts.map +1 -0
package/dist/warrant/engine.js +409 -0
package/dist/warrant/engine.js.map +1 -0
package/dist/zk/engine.d.ts +243 -0
package/dist/zk/engine.d.ts.map +1 -0
package/dist/zk/engine.js +489 -0
package/dist/zk/engine.js.map +1 -0
package/package.json +25 -0
package/src/__tests__/phase1.test.ts +1120 -0
package/src/__tests__/phase2-4.test.ts +898 -0
package/src/checkpoint/engine.ts +532 -0
package/src/context/engine.ts +598 -0
package/src/core/commitment.ts +438 -0
package/src/core/crypto.ts +304 -0
package/src/index.ts +320 -0
package/src/mcca/engine.ts +778 -0
package/src/physics/engine.ts +563 -0
package/src/tee/engine.ts +810 -0
package/src/warrant/engine.ts +625 -0
package/src/zk/engine.ts +730 -0
package/tsconfig.json +21 -0

package/dist/tee/engine.d.ts ADDED Viewed

@@ -0,0 +1,285 @@
+/**
+ * mdash v3.0 - L2 TEE Attestation Layer
+ *
+ * Hardware-rooted attestation for real-time compliance.
+ * Handles 99% of attestation needs with <10ms latency.
+ *
+ * Supported TEE Platforms:
+ * - AWS Nitro Enclaves (primary)
+ * - Intel SGX (secondary)
+ * - Simulated mode (development/testing)
+ *
+ * Architecture:
+ * - L1 provides instant commitment (<1ms)
+ * - L2 adds hardware attestation (<10ms)
+ * - L3 provides ZK proofs for disputes (async)
+ *
+ * @version 3.0.0
+ */
+import { Hash, Seal, Timestamp } from '../core/crypto.js';
+import { CommitmentEngine, Commitment } from '../core/commitment.js';
+export type TEEPlatform = 'nitro' | 'sgx' | 'simulated';
+export type AttestationStatus = 'pending' | 'attesting' | 'verified' | 'failed' | 'expired';
+/**
+ * Platform Capability Matrix
+ *
+ * | Feature           | Nitro | SGX  | Simulated |
+ * |-------------------|-------|------|-----------|
+ * | Memory encryption | ✓     | ✓    | ✗         |
+ * | Remote attestation| ✓     | ✓    | Simulated |
+ * | Key sealing       | ✓     | ✓    | HMAC      |
+ * | PCR support       | ✓     | ✗    | Simulated |
+ * | Quote generation  | ✗     | ✓    | Simulated |
+ */
+export interface PlatformCapabilities {
+    memoryEncryption: boolean;
+    remoteAttestation: boolean;
+    keySealing: boolean;
+    pcrSupport: boolean;
+    quoteGeneration: boolean;
+    maxEnclaveSize: number;
+}
+export declare const PLATFORM_CAPABILITIES: Record<TEEPlatform, PlatformCapabilities>;
+/**
+ * AWS Nitro Attestation Document (NSM format)
+ * Based on AWS Nitro Enclaves attestation spec
+ */
+export interface NitroAttestationDocument {
+    /** Module ID (enclave image hash) */
+    module_id: string;
+    /** UNIX timestamp of document creation */
+    timestamp: number;
+    /** Digest algorithm (SHA384) */
+    digest: 'SHA384';
+    /** PCR values (0-15) */
+    pcrs: Record<number, string>;
+    /** Certificate chain */
+    certificate: string;
+    /** CA bundle hash */
+    cabundle: string[];
+    /** Public key (optional, for encrypted response) */
+    public_key?: string;
+    /** User data (up to 512 bytes) */
+    user_data?: string;
+    /** Nonce (up to 512 bytes) */
+    nonce?: string;
+}
+/**
+ * Intel SGX Quote
+ */
+export interface SGXQuote {
+    /** ECDSA-256 signature over report body */
+    signature: string;
+    /** ISV enclave report */
+    report_body: {
+        /** MRENCLAVE - enclave measurement */
+        mr_enclave: string;
+        /** MRSIGNER - signer measurement */
+        mr_signer: string;
+        /** ISV product ID */
+        isv_prod_id: number;
+        /** ISV security version */
+        isv_svn: number;
+        /** Report data (64 bytes user data) */
+        report_data: string;
+        /** Attributes (debug, mode64bit, etc) */
+        attributes: string;
+    };
+    /** QE (Quoting Enclave) certification data */
+    qe_certification: {
+        type: number;
+        data: string;
+    };
+}
+/**
+ * Unified Attestation Document
+ * Works across all platforms
+ */
+export interface AttestationDocument {
+    /** Document ID */
+    id: string;
+    /** Platform that generated this document */
+    platform: TEEPlatform;
+    /** Timestamp of attestation */
+    timestamp: Timestamp;
+    /** Enclave measurement hash */
+    measurement: Hash;
+    /** Data being attested */
+    attested_data: Hash;
+    /** Platform-specific attestation */
+    platform_attestation: NitroAttestationDocument | SGXQuote | SimulatedAttestation;
+    /** L1 commitment reference */
+    commitment_id: string;
+    /** Attestation status */
+    status: AttestationStatus;
+    /** Expiry time */
+    expires_at: Timestamp;
+    /** HMAC seal over document */
+    seal: Seal;
+}
+/**
+ * Simulated attestation (dev/test)
+ */
+export interface SimulatedAttestation {
+    type: 'simulated';
+    measurement_hash: string;
+    nonce: string;
+    simulated_pcrs: Record<number, string>;
+    signature: string;
+}
+export interface TEEConfig {
+    /** Platform to use */
+    platform: TEEPlatform;
+    /** Attestation document TTL (ms) */
+    attestationTTL: number;
+    /** Enable caching */
+    enableCache: boolean;
+    /** Cache TTL (ms) */
+    cacheTTL: number;
+    /** Max attestations per second */
+    rateLimit: number;
+    /** AWS Nitro specific */
+    nitro?: {
+        /** PCRs to include */
+        pcrs: number[];
+        /** NSM device path */
+        nsmDevice: string;
+    };
+    /** Intel SGX specific */
+    sgx?: {
+        /** SPID for attestation service */
+        spid: string;
+        /** API key for IAS */
+        iasApiKey: string;
+        /** Use DCAP (Data Center Attestation Primitives) */
+        useDCAP: boolean;
+    };
+}
+export declare class TEEAttestationEngine {
+    private key;
+    private config;
+    private commitmentEngine;
+    private cache;
+    private documents;
+    private requestCount;
+    private requestWindowStart;
+    private metrics;
+    constructor(commitmentEngine: CommitmentEngine, config?: Partial<TEEConfig>);
+    /**
+     * Initialize the TEE engine
+     */
+    initialize(sealKey: string): Promise<void>;
+    /**
+     * Initialize AWS Nitro Enclaves
+     */
+    private initializeNitro;
+    /**
+     * Initialize Intel SGX
+     */
+    private initializeSGX;
+    /**
+     * Attest data with hardware TEE
+     * Target: <10ms latency
+     *
+     * @param data - Data to attest
+     * @param commitmentId - L1 commitment reference
+     * @returns Attestation document
+     */
+    attest(data: unknown, commitmentId: string): Promise<AttestationDocument>;
+    /**
+     * AWS Nitro Enclaves attestation
+     */
+    private attestNitro;
+    /**
+     * Intel SGX attestation
+     */
+    private attestSGX;
+    /**
+     * Simulated attestation (development/testing)
+     */
+    private attestSimulated;
+    /**
+     * Verify an attestation document
+     */
+    verify(document: AttestationDocument): Promise<{
+        valid: boolean;
+        errors: string[];
+    }>;
+    /**
+     * Get attestation document by ID
+     */
+    get(id: string): AttestationDocument | null;
+    /**
+     * Rate limiting check
+     */
+    private checkRateLimit;
+    /**
+     * Get platform capabilities
+     */
+    getCapabilities(): PlatformCapabilities;
+    /**
+     * Get engine statistics
+     */
+    getStats(): {
+        platform: TEEPlatform;
+        attestations: number;
+        cacheHits: number;
+        cacheMisses: number;
+        failures: number;
+        avgLatencyMs: number;
+        cacheStats: {
+            size: number;
+            hitRate: number;
+        };
+    };
+}
+/**
+ * Verifies attestation documents from external sources
+ * Used for cross-enclave or remote attestation scenarios
+ */
+export declare class TEEVerifier {
+    private trustedMeasurements;
+    private trustedSigners;
+    /**
+     * Add a trusted enclave measurement
+     */
+    trustMeasurement(measurement: Hash): void;
+    /**
+     * Add a trusted signer (for SGX)
+     */
+    trustSigner(signer: Hash): void;
+    /**
+     * Verify remote attestation
+     */
+    verifyRemote(document: AttestationDocument): Promise<{
+        trusted: boolean;
+        reasons: string[];
+    }>;
+}
+/**
+ * Bridges L1 commitments with L2 attestations
+ * Ensures cryptographic continuity between layers
+ */
+export declare class AttestationBridge {
+    private teeEngine;
+    private commitmentEngine;
+    constructor(teeEngine: TEEAttestationEngine, commitmentEngine: CommitmentEngine);
+    /**
+     * Commit and attest in one operation
+     * Returns both L1 seal and L2 attestation
+     */
+    commitAndAttest(data: unknown, operationId: string): Promise<{
+        commitment: Commitment;
+        attestation: AttestationDocument;
+    }>;
+    /**
+     * Verify both layers
+     */
+    verifyBoth(commitment: Commitment, attestation: AttestationDocument): Promise<{
+        l1Valid: boolean;
+        l2Valid: boolean;
+        crossLayerValid: boolean;
+        errors: string[];
+    }>;
+}
+//# sourceMappingURL=engine.d.ts.map

package/dist/tee/engine.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/tee/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EACL,IAAI,EACJ,IAAI,EACJ,SAAS,EAMV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAMrE,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,KAAK,GAAG,WAAW,CAAC;AAExD,MAAM,MAAM,iBAAiB,GACzB,SAAS,GACT,WAAW,GACX,UAAU,GACV,QAAQ,GACR,SAAS,CAAC;AAEd;;;;;;;;;;GAUG;AACH,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,WAAW,EAAE,oBAAoB,CAyB3E,CAAC;AAMF;;;GAGG;AACH,MAAM,WAAW,wBAAwB;IACvC,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,gCAAgC;IAChC,MAAM,EAAE,QAAQ,CAAC;IACjB,wBAAwB;IACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,wBAAwB;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,oDAAoD;IACpD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,WAAW,EAAE;QACX,sCAAsC;QACtC,UAAU,EAAE,MAAM,CAAC;QACnB,oCAAoC;QACpC,SAAS,EAAE,MAAM,CAAC;QAClB,qBAAqB;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,2BAA2B;QAC3B,OAAO,EAAE,MAAM,CAAC;QAChB,uCAAuC;QACvC,WAAW,EAAE,MAAM,CAAC;QACpB,yCAAyC;QACzC,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,8CAA8C;IAC9C,gBAAgB,EAAE;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,kBAAkB;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,4CAA4C;IAC5C,QAAQ,EAAE,WAAW,CAAC;IACtB,+BAA+B;IAC/B,SAAS,EAAE,SAAS,CAAC;IACrB,+BAA+B;IAC/B,WAAW,EAAE,IAAI,CAAC;IAClB,0BAA0B;IAC1B,aAAa,EAAE,IAAI,CAAC;IACpB,oCAAoC;IACpC,oBAAoB,EAAE,wBAAwB,GAAG,QAAQ,GAAG,oBAAoB,CAAC;IACjF,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,yBAAyB;IACzB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,kBAAkB;IAClB,UAAU,EAAE,SAAS,CAAC;IACtB,8BAA8B;IAC9B,IAAI,EAAE,IAAI,CAAC;CACZ;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,WAAW,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,SAAS,EAAE,MAAM,CAAC;CACnB;AAMD,MAAM,WAAW,SAAS;IACxB,sBAAsB;IACtB,QAAQ,EAAE,WAAW,CAAC;IACtB,oCAAoC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,qBAAqB;IACrB,WAAW,EAAE,OAAO,CAAC;IACrB,qBAAqB;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,KAAK,CAAC,EAAE;QACN,sBAAsB;QACtB,IAAI,EAAE,MAAM,EAAE,CAAC;QACf,sBAAsB;QACtB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,yBAAyB;IACzB,GAAG,CAAC,EAAE;QACJ,mCAAmC;QACnC,IAAI,EAAE,MAAM,CAAC;QACb,sBAAsB;QACtB,SAAS,EAAE,MAAM,CAAC;QAClB,oDAAoD;QACpD,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;CACH;AAsED,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,GAAG,CAA0B;IACrC,OAAO,CAAC,MAAM,CAAY;IAC1B,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,KAAK,CAAmB;IAChC,OAAO,CAAC,SAAS,CAA+C;IAGhE,OAAO,CAAC,YAAY,CAAa;IACjC,OAAO,CAAC,kBAAkB,CAAsB;IAGhD,OAAO,CAAC,OAAO,CAMb;gBAEU,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,GAAE,OAAO,CAAC,SAAS,CAAM;IAM/E;;OAEG;IACG,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWhD;;OAEG;YACW,eAAe;IAQ7B;;OAEG;YACW,aAAa;IAQ3B;;;;;;;OAOG;IACG,MAAM,CACV,IAAI,EAAE,OAAO,EACb,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,mBAAmB,CAAC;IA6F/B;;OAEG;YACW,WAAW;IAmCzB;;OAEG;YACW,SAAS;IAmCvB;;OAEG;YACW,eAAe;IA2B7B;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,mBAAmB,GAAG,OAAO,CAAC;QACnD,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;IA6CF;;OAEG;IACH,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,mBAAmB,GAAG,IAAI;IAI3C;;OAEG;IACH,OAAO,CAAC,cAAc;IAgBtB;;OAEG;IACH,eAAe,IAAI,oBAAoB;IAIvC;;OAEG;IACH,QAAQ,IAAI;QACV,QAAQ,EAAE,WAAW,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC;KAC/C;CAaF;AAMD;;;GAGG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,mBAAmB,CAAwB;IACnD,OAAO,CAAC,cAAc,CAAwB;IAE9C;;OAEG;IACH,gBAAgB,CAAC,WAAW,EAAE,IAAI,GAAG,IAAI;IAIzC;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,IAAI,GAAG,IAAI;IAI/B;;OAEG;IACG,YAAY,CAAC,QAAQ,EAAE,mBAAmB,GAAG,OAAO,CAAC;QACzD,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;CA0BH;AAMD;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,gBAAgB,CAAmB;gBAE/B,SAAS,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,gBAAgB;IAK/E;;;OAGG;IACG,eAAe,CACnB,IAAI,EAAE,OAAO,EACb,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;QACT,UAAU,EAAE,UAAU,CAAC;QACvB,WAAW,EAAE,mBAAmB,CAAC;KAClC,CAAC;IAaF;;OAEG;IACG,UAAU,CACd,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,mBAAmB,GAC/B,OAAO,CAAC;QACT,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,OAAO,CAAC;QACjB,eAAe,EAAE,OAAO,CAAC;QACzB,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;CA4BH"}