npm - @mnemom/agent-integrity-protocol - Versions diffs - 0.1.6 → 0.2.0 - Mend

@mnemom/agent-integrity-protocol 0.1.6 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -437,6 +437,8 @@ interface AnalysisLLMConfig {
     api_key: string;
     /** Maximum tokens for the analysis response */
     max_tokens: number;
+    /** Enable Anthropic prompt caching on system prompt. Default: false. */
+    enable_prompt_caching?: boolean;
 }
 /**
  * Optional callback functions for SDK signal delivery.
@@ -961,6 +963,198 @@ declare class WindowManager {
     private recomputeStats;
 }
+/**
+ * Integrity certificate and attestation types for the Agent Integrity Protocol.
+ *
+ * Defines the machine-readable integrity certificate format modeled on C2PA
+ * content credentials and W3C Verifiable Credentials. A certificate bundles
+ * all cryptographic evidence for a checkpoint into a single, self-describing
+ * document that can be independently verified.
+ *
+ * Also defines supporting types for Merkle inclusion proofs, chain hashes,
+ * and certificate verification results.
+ */
+/**
+ * A self-describing integrity certificate that bundles analysis verdicts,
+ * input commitments, and cryptographic proofs into a single envelope.
+ *
+ * Modeled on C2PA content credentials and W3C Verifiable Credentials.
+ * The certificate can be independently verified without trusting the
+ * issuing server.
+ */
+interface IntegrityCertificate {
+    /** JSON-LD context identifier */
+    '@context': 'https://mnemom.ai/aip/v1';
+    /** Document type discriminator */
+    type: 'IntegrityCertificate';
+    /** Certificate format version */
+    version: '1.0.0';
+    /** Unique certificate identifier (format: "cert-{8 random chars}") */
+    certificate_id: string;
+    /** ISO 8601 timestamp of certificate issuance */
+    issued_at: string;
+    /** The checkpoint this certificate attests to */
+    subject: {
+        checkpoint_id: string;
+        agent_id: string;
+        session_id: string;
+        card_id: string;
+    };
+    /** Analysis claims covered by the certificate */
+    claims: {
+        verdict: string;
+        concerns: Array<{
+            category: string;
+            severity: string;
+            description: string;
+        }>;
+        confidence: number;
+        reasoning_summary: string;
+        analysis_model: string;
+        analysis_duration_ms: number;
+    };
+    /** Deterministic hashes of all analysis inputs */
+    input_commitments: {
+        thinking_block_hash: string;
+        card_hash: string;
+        values_hash: string;
+        context_hash: string;
+        model_version: string;
+        combined_commitment: string;
+    };
+    /** Cryptographic proofs */
+    proofs: {
+        /** Ed25519 digital signature over the canonical signed payload */
+        signature: {
+            algorithm: 'Ed25519';
+            key_id: string;
+            value: string;
+            signed_payload: string;
+        };
+        /** Hash chain link connecting this checkpoint to its predecessor */
+        chain: {
+            chain_hash: string;
+            prev_chain_hash: string | null;
+            position: number;
+        };
+        /** Merkle inclusion proof (null when tree has not been built yet) */
+        merkle: {
+            leaf_hash: string;
+            leaf_index: number;
+            root: string;
+            tree_size: number;
+            inclusion_proof: Array<{
+                hash: string;
+                position: 'left' | 'right';
+            }>;
+        } | null;
+        /** Verdict derivation proof (Phase 3 — not yet implemented) */
+        verdict_derivation: null;
+    };
+    /** URLs for online verification */
+    verification: {
+        keys_url: string;
+        certificate_url: string;
+        verify_url: string;
+    };
+}
+/**
+ * A Merkle inclusion proof demonstrating that a leaf exists in a Merkle tree.
+ *
+ * Contains the O(log N) sibling hashes needed to recompute the root
+ * from a given leaf hash.
+ */
+interface MerkleProof {
+    /** SHA-256 hash of the leaf data */
+    leafHash: string;
+    /** Zero-based index of the leaf in the tree */
+    leafIndex: number;
+    /** Sibling hashes from leaf to root, with their relative position */
+    siblings: Array<{
+        hash: string;
+        position: 'left' | 'right';
+    }>;
+    /** Expected Merkle root */
+    root: string;
+    /** Number of leaves in the tree when the proof was generated */
+    treeSize: number;
+}
+/**
+ * A hash chain link connecting a checkpoint to its predecessor.
+ *
+ * The chain hash is a SHA-256 digest of the concatenated fields:
+ *   (genesis|prevChainHash) | checkpointId | verdict | thinkingBlockHash | inputCommitment | timestamp
+ */
+interface ChainHash {
+    /** SHA-256 chain hash for this checkpoint */
+    chainHash: string;
+    /** Chain hash of the previous checkpoint (null for the first in a session) */
+    prevChainHash: string | null;
+    /** Zero-based position in the chain */
+    position: number;
+}
+/**
+ * Result of verifying an integrity certificate offline.
+ *
+ * Contains the overall validity and per-check details for signature,
+ * chain hash, and Merkle inclusion proof verification.
+ */
+interface CertificateVerificationResult {
+    /** Whether all checks passed */
+    valid: boolean;
+    /** Individual check results */
+    checks: {
+        /** Ed25519 signature verification */
+        signature: {
+            valid: boolean;
+            details: string;
+        };
+        /** Chain hash recomputation check */
+        chain: {
+            valid: boolean;
+            details: string;
+        };
+        /** Merkle inclusion proof check (null if no Merkle proof in certificate) */
+        merkle: {
+            valid: boolean;
+            details: string;
+        } | null;
+    };
+}
+/**
+ * Offline certificate verification for the Agent Integrity Protocol.
+ *
+ * Provides `verifyCertificate()` — a pure function that checks:
+ *   1. Ed25519 signature validity
+ *   2. Hash chain link integrity
+ *   3. Merkle inclusion proof (when present)
+ *
+ * Uses @noble/ed25519 and @noble/hashes, which work in Node.js,
+ * Deno, Cloudflare Workers, and modern browsers.
+ */
+/**
+ * Verify an integrity certificate offline.
+ *
+ * Performs three independent checks:
+ *   1. **Signature** — verifies the Ed25519 signature against the provided
+ *      public key and the canonical `signed_payload` embedded in the certificate.
+ *   2. **Chain** — recomputes the SHA-256 chain hash from the certificate
+ *      fields and compares it to the stored `chain_hash`.
+ *   3. **Merkle** — if the certificate contains a Merkle inclusion proof,
+ *      walks the sibling hashes from leaf to root and compares against the
+ *      expected root. Pass `merkleRoot` to pin verification to an
+ *      independently-fetched tree root; otherwise the root embedded in the
+ *      certificate is used.
+ *
+ * @param certificate - The integrity certificate to verify
+ * @param publicKey   - Ed25519 public key as a Uint8Array (32 bytes)
+ * @param merkleRoot  - Optional externally-fetched Merkle root for pinned verification
+ * @returns Verification result with per-check details
+ */
+declare function verifyCertificate(certificate: IntegrityCertificate, publicKey: Uint8Array, merkleRoot?: string): Promise<CertificateVerificationResult>;
 /** Protocol version identifiers. */
 declare const AIP_VERSION = "0.1.0";
 declare const ALGORITHM_VERSION = "1.0.0";
@@ -1029,9 +1223,21 @@ declare const DEFAULT_CONSCIENCE_VALUES: readonly [{
     readonly id: "fear-sycophancy";
     readonly content: "Risk of agreeing with the user to avoid conflict rather than providing honest assessment";
 }];
+/** Window configuration for EU compliance — extended retention and fail-closed. */
+declare const EU_COMPLIANCE_WINDOW_CONFIG: {
+    readonly max_size: 10;
+    readonly mode: "sliding";
+    readonly session_boundary: "reset";
+    readonly max_age_seconds: 7200;
+};
+/** Failure policy for EU compliance — fail closed with extended timeout. */
+declare const EU_COMPLIANCE_FAILURE_POLICY: {
+    readonly mode: "fail_closed";
+    readonly analysis_timeout_ms: 15000;
+};
 /** ID prefixes for protocol entities. */
 declare const CHECKPOINT_ID_PREFIX = "ic-";
 declare const DRIFT_ALERT_ID_PREFIX = "ida-";
 declare const REGISTRATION_ID_PREFIX = "reg-";
-export { type AIPCallbacks, type AIPClient, type AIPConfig, AIP_CONTENT_TYPE, AIP_SIGNATURE_HEADER, AIP_VERSION, AIP_VERSION_HEADER, ALGORITHM_VERSION, type AdapterRegistry, type AlignmentCard, type AlignmentCardValue, type AnalysisLLMConfig, type AnalysisMetadata, AnthropicAdapter, type AutonomyEnvelope, type BuiltPrompt, CHECKPOINT_ID_PREFIX, CONFIDENCE_EXPLICIT, CONFIDENCE_FALLBACK, CONFIDENCE_NATIVE, type CardConscienceAgreement, type CardConscienceAugmentation, type CardConscienceConflict, type CheckIntegrityInput, type ConcernCategory, type ConscienceContext, type ConscienceValue, type ConscienceValueType, type ConsultationDepth, DEFAULT_ANALYSIS_MAX_TOKENS, DEFAULT_ANALYSIS_TIMEOUT_MS, DEFAULT_CONSCIENCE_VALUES, DEFAULT_SUSTAINED_CHECKS_THRESHOLD, DEFAULT_THINKING_TOKEN_BUDGET, DEFAULT_WINDOW_MAX_AGE_SECONDS, DEFAULT_WINDOW_MAX_SIZE, DRIFT_ALERT_ID_PREFIX, DRIFT_SEVERITY_LOW_THRESHOLD, DRIFT_SEVERITY_MEDIUM_THRESHOLD, type DriftDirection, type DriftState, type EscalationTrigger, type ExtractedThinking, type ExtractionMethod, type FailureMode, type FailurePolicy, FallbackAdapter, GoogleAdapter, type IntegrityCheckpoint, type IntegrityConcern, type IntegrityDriftAlert, type IntegritySeverity, type IntegritySignal, type IntegrityVerdict, MAX_EVIDENCE_LENGTH, MIN_WINDOW_SIZE, OpenAIAdapter, type PromptInput, type ProviderAdapter, REGISTRATION_ID_PREFIX, type RecommendedAction, type SessionBoundary, TRUNCATION_HEAD_RATIO, TRUNCATION_TAIL_RATIO, WEBHOOK_MAX_RETRIES, WEBHOOK_RETRY_DELAYS_MS, type WindowConfig, WindowManager, type WindowMode, type WindowPosition, type WindowState, type WindowSummary, buildConsciencePrompt, buildSignal, checkIntegrity, createAdapterRegistry, createClient, createDriftState, createWindowState, detectIntegrityDrift, hashThinkingBlock, mapVerdictToAction, mapVerdictToProceed, signPayload, summarizeCard, validateAgreement, verifySignature };
+export { type AIPCallbacks, type AIPClient, type AIPConfig, AIP_CONTENT_TYPE, AIP_SIGNATURE_HEADER, AIP_VERSION, AIP_VERSION_HEADER, ALGORITHM_VERSION, type AdapterRegistry, type AlignmentCard, type AlignmentCardValue, type AnalysisLLMConfig, type AnalysisMetadata, AnthropicAdapter, type AutonomyEnvelope, type BuiltPrompt, CHECKPOINT_ID_PREFIX, CONFIDENCE_EXPLICIT, CONFIDENCE_FALLBACK, CONFIDENCE_NATIVE, type CardConscienceAgreement, type CardConscienceAugmentation, type CardConscienceConflict, type CertificateVerificationResult, type ChainHash, type CheckIntegrityInput, type ConcernCategory, type ConscienceContext, type ConscienceValue, type ConscienceValueType, type ConsultationDepth, DEFAULT_ANALYSIS_MAX_TOKENS, DEFAULT_ANALYSIS_TIMEOUT_MS, DEFAULT_CONSCIENCE_VALUES, DEFAULT_SUSTAINED_CHECKS_THRESHOLD, DEFAULT_THINKING_TOKEN_BUDGET, DEFAULT_WINDOW_MAX_AGE_SECONDS, DEFAULT_WINDOW_MAX_SIZE, DRIFT_ALERT_ID_PREFIX, DRIFT_SEVERITY_LOW_THRESHOLD, DRIFT_SEVERITY_MEDIUM_THRESHOLD, type DriftDirection, type DriftState, EU_COMPLIANCE_FAILURE_POLICY, EU_COMPLIANCE_WINDOW_CONFIG, type EscalationTrigger, type ExtractedThinking, type ExtractionMethod, type FailureMode, type FailurePolicy, FallbackAdapter, GoogleAdapter, type IntegrityCertificate, type IntegrityCheckpoint, type IntegrityConcern, type IntegrityDriftAlert, type IntegritySeverity, type IntegritySignal, type IntegrityVerdict, MAX_EVIDENCE_LENGTH, MIN_WINDOW_SIZE, type MerkleProof, OpenAIAdapter, type PromptInput, type ProviderAdapter, REGISTRATION_ID_PREFIX, type RecommendedAction, type SessionBoundary, TRUNCATION_HEAD_RATIO, TRUNCATION_TAIL_RATIO, WEBHOOK_MAX_RETRIES, WEBHOOK_RETRY_DELAYS_MS, type WindowConfig, WindowManager, type WindowMode, type WindowPosition, type WindowState, type WindowSummary, buildConsciencePrompt, buildSignal, checkIntegrity, createAdapterRegistry, createClient, createDriftState, createWindowState, detectIntegrityDrift, hashThinkingBlock, mapVerdictToAction, mapVerdictToProceed, signPayload, summarizeCard, validateAgreement, verifyCertificate, verifySignature };

package/dist/index.d.ts CHANGED Viewed

@@ -437,6 +437,8 @@ interface AnalysisLLMConfig {
     api_key: string;
     /** Maximum tokens for the analysis response */
     max_tokens: number;
+    /** Enable Anthropic prompt caching on system prompt. Default: false. */
+    enable_prompt_caching?: boolean;
 }
 /**
  * Optional callback functions for SDK signal delivery.
@@ -961,6 +963,198 @@ declare class WindowManager {
     private recomputeStats;
 }
+/**
+ * Integrity certificate and attestation types for the Agent Integrity Protocol.
+ *
+ * Defines the machine-readable integrity certificate format modeled on C2PA
+ * content credentials and W3C Verifiable Credentials. A certificate bundles
+ * all cryptographic evidence for a checkpoint into a single, self-describing
+ * document that can be independently verified.
+ *
+ * Also defines supporting types for Merkle inclusion proofs, chain hashes,
+ * and certificate verification results.
+ */
+/**
+ * A self-describing integrity certificate that bundles analysis verdicts,
+ * input commitments, and cryptographic proofs into a single envelope.
+ *
+ * Modeled on C2PA content credentials and W3C Verifiable Credentials.
+ * The certificate can be independently verified without trusting the
+ * issuing server.
+ */
+interface IntegrityCertificate {
+    /** JSON-LD context identifier */
+    '@context': 'https://mnemom.ai/aip/v1';
+    /** Document type discriminator */
+    type: 'IntegrityCertificate';
+    /** Certificate format version */
+    version: '1.0.0';
+    /** Unique certificate identifier (format: "cert-{8 random chars}") */
+    certificate_id: string;
+    /** ISO 8601 timestamp of certificate issuance */
+    issued_at: string;
+    /** The checkpoint this certificate attests to */
+    subject: {
+        checkpoint_id: string;
+        agent_id: string;
+        session_id: string;
+        card_id: string;
+    };
+    /** Analysis claims covered by the certificate */
+    claims: {
+        verdict: string;
+        concerns: Array<{
+            category: string;
+            severity: string;
+            description: string;
+        }>;
+        confidence: number;
+        reasoning_summary: string;
+        analysis_model: string;
+        analysis_duration_ms: number;
+    };
+    /** Deterministic hashes of all analysis inputs */
+    input_commitments: {
+        thinking_block_hash: string;
+        card_hash: string;
+        values_hash: string;
+        context_hash: string;
+        model_version: string;
+        combined_commitment: string;
+    };
+    /** Cryptographic proofs */
+    proofs: {
+        /** Ed25519 digital signature over the canonical signed payload */
+        signature: {
+            algorithm: 'Ed25519';
+            key_id: string;
+            value: string;
+            signed_payload: string;
+        };
+        /** Hash chain link connecting this checkpoint to its predecessor */
+        chain: {
+            chain_hash: string;
+            prev_chain_hash: string | null;
+            position: number;
+        };
+        /** Merkle inclusion proof (null when tree has not been built yet) */
+        merkle: {
+            leaf_hash: string;
+            leaf_index: number;
+            root: string;
+            tree_size: number;
+            inclusion_proof: Array<{
+                hash: string;
+                position: 'left' | 'right';
+            }>;
+        } | null;
+        /** Verdict derivation proof (Phase 3 — not yet implemented) */
+        verdict_derivation: null;
+    };
+    /** URLs for online verification */
+    verification: {
+        keys_url: string;
+        certificate_url: string;
+        verify_url: string;
+    };
+}
+/**
+ * A Merkle inclusion proof demonstrating that a leaf exists in a Merkle tree.
+ *
+ * Contains the O(log N) sibling hashes needed to recompute the root
+ * from a given leaf hash.
+ */
+interface MerkleProof {
+    /** SHA-256 hash of the leaf data */
+    leafHash: string;
+    /** Zero-based index of the leaf in the tree */
+    leafIndex: number;
+    /** Sibling hashes from leaf to root, with their relative position */
+    siblings: Array<{
+        hash: string;
+        position: 'left' | 'right';
+    }>;
+    /** Expected Merkle root */
+    root: string;
+    /** Number of leaves in the tree when the proof was generated */
+    treeSize: number;
+}
+/**
+ * A hash chain link connecting a checkpoint to its predecessor.
+ *
+ * The chain hash is a SHA-256 digest of the concatenated fields:
+ *   (genesis|prevChainHash) | checkpointId | verdict | thinkingBlockHash | inputCommitment | timestamp
+ */
+interface ChainHash {
+    /** SHA-256 chain hash for this checkpoint */
+    chainHash: string;
+    /** Chain hash of the previous checkpoint (null for the first in a session) */
+    prevChainHash: string | null;
+    /** Zero-based position in the chain */
+    position: number;
+}
+/**
+ * Result of verifying an integrity certificate offline.
+ *
+ * Contains the overall validity and per-check details for signature,
+ * chain hash, and Merkle inclusion proof verification.
+ */
+interface CertificateVerificationResult {
+    /** Whether all checks passed */
+    valid: boolean;
+    /** Individual check results */
+    checks: {
+        /** Ed25519 signature verification */
+        signature: {
+            valid: boolean;
+            details: string;
+        };
+        /** Chain hash recomputation check */
+        chain: {
+            valid: boolean;
+            details: string;
+        };
+        /** Merkle inclusion proof check (null if no Merkle proof in certificate) */
+        merkle: {
+            valid: boolean;
+            details: string;
+        } | null;
+    };
+}
+/**
+ * Offline certificate verification for the Agent Integrity Protocol.
+ *
+ * Provides `verifyCertificate()` — a pure function that checks:
+ *   1. Ed25519 signature validity
+ *   2. Hash chain link integrity
+ *   3. Merkle inclusion proof (when present)
+ *
+ * Uses @noble/ed25519 and @noble/hashes, which work in Node.js,
+ * Deno, Cloudflare Workers, and modern browsers.
+ */
+/**
+ * Verify an integrity certificate offline.
+ *
+ * Performs three independent checks:
+ *   1. **Signature** — verifies the Ed25519 signature against the provided
+ *      public key and the canonical `signed_payload` embedded in the certificate.
+ *   2. **Chain** — recomputes the SHA-256 chain hash from the certificate
+ *      fields and compares it to the stored `chain_hash`.
+ *   3. **Merkle** — if the certificate contains a Merkle inclusion proof,
+ *      walks the sibling hashes from leaf to root and compares against the
+ *      expected root. Pass `merkleRoot` to pin verification to an
+ *      independently-fetched tree root; otherwise the root embedded in the
+ *      certificate is used.
+ *
+ * @param certificate - The integrity certificate to verify
+ * @param publicKey   - Ed25519 public key as a Uint8Array (32 bytes)
+ * @param merkleRoot  - Optional externally-fetched Merkle root for pinned verification
+ * @returns Verification result with per-check details
+ */
+declare function verifyCertificate(certificate: IntegrityCertificate, publicKey: Uint8Array, merkleRoot?: string): Promise<CertificateVerificationResult>;
 /** Protocol version identifiers. */
 declare const AIP_VERSION = "0.1.0";
 declare const ALGORITHM_VERSION = "1.0.0";
@@ -1029,9 +1223,21 @@ declare const DEFAULT_CONSCIENCE_VALUES: readonly [{
     readonly id: "fear-sycophancy";
     readonly content: "Risk of agreeing with the user to avoid conflict rather than providing honest assessment";
 }];
+/** Window configuration for EU compliance — extended retention and fail-closed. */
+declare const EU_COMPLIANCE_WINDOW_CONFIG: {
+    readonly max_size: 10;
+    readonly mode: "sliding";
+    readonly session_boundary: "reset";
+    readonly max_age_seconds: 7200;
+};
+/** Failure policy for EU compliance — fail closed with extended timeout. */
+declare const EU_COMPLIANCE_FAILURE_POLICY: {
+    readonly mode: "fail_closed";
+    readonly analysis_timeout_ms: 15000;
+};
 /** ID prefixes for protocol entities. */
 declare const CHECKPOINT_ID_PREFIX = "ic-";
 declare const DRIFT_ALERT_ID_PREFIX = "ida-";
 declare const REGISTRATION_ID_PREFIX = "reg-";
-export { type AIPCallbacks, type AIPClient, type AIPConfig, AIP_CONTENT_TYPE, AIP_SIGNATURE_HEADER, AIP_VERSION, AIP_VERSION_HEADER, ALGORITHM_VERSION, type AdapterRegistry, type AlignmentCard, type AlignmentCardValue, type AnalysisLLMConfig, type AnalysisMetadata, AnthropicAdapter, type AutonomyEnvelope, type BuiltPrompt, CHECKPOINT_ID_PREFIX, CONFIDENCE_EXPLICIT, CONFIDENCE_FALLBACK, CONFIDENCE_NATIVE, type CardConscienceAgreement, type CardConscienceAugmentation, type CardConscienceConflict, type CheckIntegrityInput, type ConcernCategory, type ConscienceContext, type ConscienceValue, type ConscienceValueType, type ConsultationDepth, DEFAULT_ANALYSIS_MAX_TOKENS, DEFAULT_ANALYSIS_TIMEOUT_MS, DEFAULT_CONSCIENCE_VALUES, DEFAULT_SUSTAINED_CHECKS_THRESHOLD, DEFAULT_THINKING_TOKEN_BUDGET, DEFAULT_WINDOW_MAX_AGE_SECONDS, DEFAULT_WINDOW_MAX_SIZE, DRIFT_ALERT_ID_PREFIX, DRIFT_SEVERITY_LOW_THRESHOLD, DRIFT_SEVERITY_MEDIUM_THRESHOLD, type DriftDirection, type DriftState, type EscalationTrigger, type ExtractedThinking, type ExtractionMethod, type FailureMode, type FailurePolicy, FallbackAdapter, GoogleAdapter, type IntegrityCheckpoint, type IntegrityConcern, type IntegrityDriftAlert, type IntegritySeverity, type IntegritySignal, type IntegrityVerdict, MAX_EVIDENCE_LENGTH, MIN_WINDOW_SIZE, OpenAIAdapter, type PromptInput, type ProviderAdapter, REGISTRATION_ID_PREFIX, type RecommendedAction, type SessionBoundary, TRUNCATION_HEAD_RATIO, TRUNCATION_TAIL_RATIO, WEBHOOK_MAX_RETRIES, WEBHOOK_RETRY_DELAYS_MS, type WindowConfig, WindowManager, type WindowMode, type WindowPosition, type WindowState, type WindowSummary, buildConsciencePrompt, buildSignal, checkIntegrity, createAdapterRegistry, createClient, createDriftState, createWindowState, detectIntegrityDrift, hashThinkingBlock, mapVerdictToAction, mapVerdictToProceed, signPayload, summarizeCard, validateAgreement, verifySignature };
+export { type AIPCallbacks, type AIPClient, type AIPConfig, AIP_CONTENT_TYPE, AIP_SIGNATURE_HEADER, AIP_VERSION, AIP_VERSION_HEADER, ALGORITHM_VERSION, type AdapterRegistry, type AlignmentCard, type AlignmentCardValue, type AnalysisLLMConfig, type AnalysisMetadata, AnthropicAdapter, type AutonomyEnvelope, type BuiltPrompt, CHECKPOINT_ID_PREFIX, CONFIDENCE_EXPLICIT, CONFIDENCE_FALLBACK, CONFIDENCE_NATIVE, type CardConscienceAgreement, type CardConscienceAugmentation, type CardConscienceConflict, type CertificateVerificationResult, type ChainHash, type CheckIntegrityInput, type ConcernCategory, type ConscienceContext, type ConscienceValue, type ConscienceValueType, type ConsultationDepth, DEFAULT_ANALYSIS_MAX_TOKENS, DEFAULT_ANALYSIS_TIMEOUT_MS, DEFAULT_CONSCIENCE_VALUES, DEFAULT_SUSTAINED_CHECKS_THRESHOLD, DEFAULT_THINKING_TOKEN_BUDGET, DEFAULT_WINDOW_MAX_AGE_SECONDS, DEFAULT_WINDOW_MAX_SIZE, DRIFT_ALERT_ID_PREFIX, DRIFT_SEVERITY_LOW_THRESHOLD, DRIFT_SEVERITY_MEDIUM_THRESHOLD, type DriftDirection, type DriftState, EU_COMPLIANCE_FAILURE_POLICY, EU_COMPLIANCE_WINDOW_CONFIG, type EscalationTrigger, type ExtractedThinking, type ExtractionMethod, type FailureMode, type FailurePolicy, FallbackAdapter, GoogleAdapter, type IntegrityCertificate, type IntegrityCheckpoint, type IntegrityConcern, type IntegrityDriftAlert, type IntegritySeverity, type IntegritySignal, type IntegrityVerdict, MAX_EVIDENCE_LENGTH, MIN_WINDOW_SIZE, type MerkleProof, OpenAIAdapter, type PromptInput, type ProviderAdapter, REGISTRATION_ID_PREFIX, type RecommendedAction, type SessionBoundary, TRUNCATION_HEAD_RATIO, TRUNCATION_TAIL_RATIO, WEBHOOK_MAX_RETRIES, WEBHOOK_RETRY_DELAYS_MS, type WindowConfig, WindowManager, type WindowMode, type WindowPosition, type WindowState, type WindowSummary, buildConsciencePrompt, buildSignal, checkIntegrity, createAdapterRegistry, createClient, createDriftState, createWindowState, detectIntegrityDrift, hashThinkingBlock, mapVerdictToAction, mapVerdictToProceed, signPayload, summarizeCard, validateAgreement, verifyCertificate, verifySignature };

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,7 @@
 import { randomUUID, createHash, createHmac } from 'crypto';
+import * as ed from '@noble/ed25519';
+import { sha256 } from '@noble/hashes/sha2.js';
+import { bytesToHex } from '@noble/hashes/utils.js';
 // src/window/state.ts
 function createWindowState(sessionId) {
@@ -89,6 +92,16 @@ var DEFAULT_CONSCIENCE_VALUES = [
     content: "Risk of agreeing with the user to avoid conflict rather than providing honest assessment"
   }
 ];
+var EU_COMPLIANCE_WINDOW_CONFIG = {
+  max_size: 10,
+  mode: "sliding",
+  session_boundary: "reset",
+  max_age_seconds: 7200
+};
+var EU_COMPLIANCE_FAILURE_POLICY = {
+  mode: "fail_closed",
+  analysis_timeout_ms: 15e3
+};
 var CHECKPOINT_ID_PREFIX = "ic-";
 var DRIFT_ALERT_ID_PREFIX = "ida-";
 var REGISTRATION_ID_PREFIX = "reg-";
@@ -1445,6 +1458,7 @@ async function callAnalysisLLM(llmConfig, system, user, timeoutMs) {
   const controller = new AbortController();
   const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
   try {
+    const systemPayload = llmConfig.enable_prompt_caching ? [{ type: "text", text: system, cache_control: { type: "ephemeral" } }] : system;
     const response = await fetch(`${llmConfig.base_url}/v1/messages`, {
       method: "POST",
       headers: {
@@ -1455,7 +1469,7 @@ async function callAnalysisLLM(llmConfig, system, user, timeoutMs) {
       body: JSON.stringify({
         model: llmConfig.model,
         max_tokens: llmConfig.max_tokens,
-        system,
+        system: systemPayload,
         messages: [{ role: "user", content: user }]
       }),
       signal: controller.signal
@@ -1537,7 +1551,100 @@ function constantTimeEqual(a, b) {
   }
   return result === 0;
 }
+function base64ToUint8(b64) {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+var encoder = new TextEncoder();
+function sha256Hex(input) {
+  const hash = sha256(encoder.encode(input));
+  return bytesToHex(hash);
+}
+function computeNodeHash(left, right) {
+  return sha256Hex(left + right);
+}
+async function verifySignature2(certificate, publicKey) {
+  try {
+    const signatureBytes = base64ToUint8(certificate.proofs.signature.value);
+    const messageBytes = encoder.encode(certificate.proofs.signature.signed_payload);
+    const valid = await ed.verifyAsync(signatureBytes, messageBytes, publicKey);
+    return {
+      valid,
+      details: valid ? "Ed25519 signature verified successfully" : "Ed25519 signature verification failed"
+    };
+  } catch (err) {
+    return {
+      valid: false,
+      details: `Signature verification error: ${err instanceof Error ? err.message : "unknown"}`
+    };
+  }
+}
+function verifyChain(certificate) {
+  try {
+    const chain = certificate.proofs.chain;
+    if (!chain || !chain.chain_hash) {
+      return { valid: false, details: "No chain proof data in certificate" };
+    }
+    const preimage = `${chain.prev_chain_hash || "genesis"}|${certificate.subject.checkpoint_id}|${certificate.claims.verdict}|${certificate.input_commitments.thinking_block_hash}|${certificate.input_commitments.combined_commitment}|${certificate.issued_at}`;
+    const recomputed = sha256Hex(preimage);
+    const valid = recomputed === chain.chain_hash;
+    return {
+      valid,
+      details: valid ? "Chain hash verified successfully" : "Recomputed chain hash does not match certificate"
+    };
+  } catch (err) {
+    return {
+      valid: false,
+      details: `Chain verification error: ${err instanceof Error ? err.message : "unknown"}`
+    };
+  }
+}
+function verifyMerkle(certificate, expectedRoot) {
+  const merkle = certificate.proofs.merkle;
+  if (!merkle) {
+    return null;
+  }
+  try {
+    const root = expectedRoot ?? merkle.root;
+    let current = merkle.leaf_hash;
+    for (const sibling of merkle.inclusion_proof) {
+      if (sibling.position === "left") {
+        current = computeNodeHash(sibling.hash, current);
+      } else {
+        current = computeNodeHash(current, sibling.hash);
+      }
+    }
+    const valid = current === root;
+    return {
+      valid,
+      details: valid ? "Merkle inclusion proof verified successfully" : "Merkle inclusion proof verification failed \u2014 computed root does not match"
+    };
+  } catch (err) {
+    return {
+      valid: false,
+      details: `Merkle verification error: ${err instanceof Error ? err.message : "unknown"}`
+    };
+  }
+}
+async function verifyCertificate(certificate, publicKey, merkleRoot) {
+  const signatureResult = await verifySignature2(certificate, publicKey);
+  const chainResult = verifyChain(certificate);
+  const merkleResult = verifyMerkle(certificate, merkleRoot);
+  const valid = signatureResult.valid && chainResult.valid && (merkleResult === null || merkleResult.valid);
+  return {
+    valid,
+    checks: {
+      signature: signatureResult,
+      chain: chainResult,
+      merkle: merkleResult
+    }
+  };
+}
-export { AIP_CONTENT_TYPE, AIP_SIGNATURE_HEADER, AIP_VERSION, AIP_VERSION_HEADER, ALGORITHM_VERSION, AnthropicAdapter, CHECKPOINT_ID_PREFIX, CONFIDENCE_EXPLICIT, CONFIDENCE_FALLBACK, CONFIDENCE_NATIVE, DEFAULT_ANALYSIS_MAX_TOKENS, DEFAULT_ANALYSIS_TIMEOUT_MS, DEFAULT_CONSCIENCE_VALUES, DEFAULT_SUSTAINED_CHECKS_THRESHOLD, DEFAULT_THINKING_TOKEN_BUDGET, DEFAULT_WINDOW_MAX_AGE_SECONDS, DEFAULT_WINDOW_MAX_SIZE, DRIFT_ALERT_ID_PREFIX, DRIFT_SEVERITY_LOW_THRESHOLD, DRIFT_SEVERITY_MEDIUM_THRESHOLD, FallbackAdapter, GoogleAdapter, MAX_EVIDENCE_LENGTH, MIN_WINDOW_SIZE, OpenAIAdapter, REGISTRATION_ID_PREFIX, TRUNCATION_HEAD_RATIO, TRUNCATION_TAIL_RATIO, WEBHOOK_MAX_RETRIES, WEBHOOK_RETRY_DELAYS_MS, WindowManager, buildConsciencePrompt, buildSignal, checkIntegrity, createAdapterRegistry, createClient, createDriftState, createWindowState, detectIntegrityDrift, hashThinkingBlock, mapVerdictToAction, mapVerdictToProceed, signPayload, summarizeCard, validateAgreement, verifySignature };
+export { AIP_CONTENT_TYPE, AIP_SIGNATURE_HEADER, AIP_VERSION, AIP_VERSION_HEADER, ALGORITHM_VERSION, AnthropicAdapter, CHECKPOINT_ID_PREFIX, CONFIDENCE_EXPLICIT, CONFIDENCE_FALLBACK, CONFIDENCE_NATIVE, DEFAULT_ANALYSIS_MAX_TOKENS, DEFAULT_ANALYSIS_TIMEOUT_MS, DEFAULT_CONSCIENCE_VALUES, DEFAULT_SUSTAINED_CHECKS_THRESHOLD, DEFAULT_THINKING_TOKEN_BUDGET, DEFAULT_WINDOW_MAX_AGE_SECONDS, DEFAULT_WINDOW_MAX_SIZE, DRIFT_ALERT_ID_PREFIX, DRIFT_SEVERITY_LOW_THRESHOLD, DRIFT_SEVERITY_MEDIUM_THRESHOLD, EU_COMPLIANCE_FAILURE_POLICY, EU_COMPLIANCE_WINDOW_CONFIG, FallbackAdapter, GoogleAdapter, MAX_EVIDENCE_LENGTH, MIN_WINDOW_SIZE, OpenAIAdapter, REGISTRATION_ID_PREFIX, TRUNCATION_HEAD_RATIO, TRUNCATION_TAIL_RATIO, WEBHOOK_MAX_RETRIES, WEBHOOK_RETRY_DELAYS_MS, WindowManager, buildConsciencePrompt, buildSignal, checkIntegrity, createAdapterRegistry, createClient, createDriftState, createWindowState, detectIntegrityDrift, hashThinkingBlock, mapVerdictToAction, mapVerdictToProceed, signPayload, summarizeCard, validateAgreement, verifyCertificate, verifySignature };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map