@nekzus/liop 2.0.0-alpha.27 → 2.0.0-alpha.29

package/dist/index.d.ts

@@ -1,11 +1,14 @@
 export { LiopBridgeOptions, LiopMcpBridge, LiopStreamBridge, LiopStreamBridgeOptions } from './bridge.js';
-import { L as LiopTlsOptions } from './index-BihN3W-K.js';
-export { a as LiopClient } from './index-BihN3W-K.js';
+import { L as LiopTlsOptions } from './index-B_Vbrb_I.js';
+export { a as LiopClient } from './index-B_Vbrb_I.js';
 export { LiopHybridGateway } from './gateway.js';
 export { LiopManifest, MeshNode, MeshNodeConfig } from './mesh.js';
 import * as grpc from '@grpc/grpc-js';
-export { AggregationPolicy, LiopServer, LiopServerOptions, LogicExecutionPolicy, NerScanner, OutputSanitizerConfig, PII_PATTERNS, PII_PRESETS, PiiRule, PiiScanner, ToolHandler, sanitizeOutput } from './server.js';
-export { CallToolRequest, CallToolResult, GetPromptRequest, GetPromptResult, McpRequest, McpResponse, Prompt, PromptSchema, Resource, ResourceSchema, ServerInfo, Tool, ToolSchema } from './types.js';
+export { A as AUTH_DEFAULTS, b as AggregationPolicy, c as AuthRole, d as LiopAuthConfig, L as LiopServer, a as LiopServerOptions, e as LogicExecutionPolicy, N as NerScanner, O as OAuthClientConfig, f as OutputSanitizerConfig, P as PII_PATTERNS, g as PII_PRESETS, h as PiiRule, i as PiiScanner, T as ToolHandler, s as sanitizeOutput } from './index-CL8m1L1d.js';
+import { A as AuthInfo } from './types-DzEXgi4s.js';
+export { C as CallToolRequest, a as CallToolResult, G as GetPromptRequest, c as GetPromptResult, J as JwtValidator, M as McpRequest, b as McpResponse, P as Prompt, d as PromptSchema, R as Resource, e as ResourceSchema, S as ServerInfo, T as Tool, f as ToolSchema } from './types-DzEXgi4s.js';
+import * as jose from 'jose';
+import Provider from 'oidc-provider';
 import '@modelcontextprotocol/sdk/server/mcp.js';
 import 'zod';
 import './verifier-DTCD9imJ.js';
@@ -248,7 +251,8 @@ interface LogicResponse {
  */
 declare class LiopRpcClient {
     private client;
-    constructor(address: string, tls?: LiopTlsOptions);
+    private token?;
+    constructor(address: string, tls?: LiopTlsOptions, token?: string);
     /**
      * Negotiates intent with the remote host.
      * Returns the ephemeral Kyber public key for payload encryption.
@@ -273,6 +277,11 @@ declare class LiopRpcServer {
     stop(): Promise<void>;
 }
 
+/**
+ * Returns a filtered environment object containing only safe system variables,
+ * preventing exposure of sensitive credentials and shell function injection.
+ */
+declare function getDefaultEnvironment(): Record<string, string>;
 interface SandboxConfig {
     allowEnv?: boolean;
     allowedDirectories?: Record<string, string>;
@@ -310,4 +319,113 @@ declare class WasiSandbox {
     teardown(): Promise<void>;
 }
 
-export { type AIProvider, ErrorCode, HeuristicTokenEstimator, LiopError, LiopOTelBridge, LiopRpcClient, LiopRpcServer, type PromptConfig, RealTokenEstimator, type SandboxConfig, type TokenEstimator, type TokenOperationMetric, type TokenSessionReport, TokenTelemetryEngine, type ToolTokenBreakdown, WasiSandbox, createSyncTokenEstimator, createTokenEstimator, generateSystemInstructions };
+/**
+ * LIOP Embedded OAuth 2.1 Authorization Server
+ *
+ * Implements a lightweight, high-performance OAuth 2.1 / OIDC Authorization Server
+ * for the Nexus node using `panva/node-oidc-provider`.
+ *
+ * Security Hardening:
+ * - M2M (Machine-to-Machine) Client Credentials Grant ONLY (Zero human interaction interface).
+ * - Algorithmic whitelist: EdDSA (Ed25519) for token signing.
+ * - JWT Access Tokens: Allows stateless, cryptographically-secure validation on data nodes (NIST SP 800-207).
+ * - Interaction Lockout: Throws exception on any interactive flow attempt to prevent hijack attacks (OWASP).
+ *
+ * Standards: OAuth 2.1, RFC 6749, RFC 7519, NIST SP 800-63B
+ */
+
+interface OAuthServerClientConfig {
+    client_id: string;
+    client_secret: string;
+    grant_types: string[];
+    scope: string;
+}
+interface OAuthServerConfig {
+    issuer: string;
+    clients: OAuthServerClientConfig[];
+}
+interface OAuthServerResult {
+    provider: Provider;
+    jwks: jose.JSONWebKeySet;
+}
+/**
+ * Creates and configures the embedded node-oidc-provider instance for the Nexus.
+ *
+ * @param config - Server configuration containing the issuer URL and allowed M2M clients.
+ */
+declare function createOAuthServer(config: OAuthServerConfig): OAuthServerResult;
+
+/**
+ * LIOP Protected Resource Metadata — RFC 9728
+ *
+ * Builds the JSON document served at /.well-known/oauth-protected-resource.
+ * This enables MCP clients to discover the authorization server and
+ * required scopes for accessing LIOP tools and resources.
+ *
+ * Standards: RFC 9728, MCP Spec 2025-11-25
+ */
+/**
+ * RFC 9728 Protected Resource Metadata response.
+ *
+ * @see https://datatracker.ietf.org/doc/rfc9728
+ */
+interface ProtectedResourceMetadata {
+    /** Identifier for the protected resource. */
+    resource: string;
+    /** Array of authorization server issuer URLs that can issue tokens for this resource. */
+    authorization_servers: string[];
+    /** OAuth scopes accepted by this resource. */
+    scopes_supported: readonly string[];
+    /** Methods of presenting the bearer token (always "header" for LIOP). */
+    bearer_methods_supported: string[];
+    /** URL to the resource documentation. */
+    resource_documentation: string;
+}
+/**
+ * Builds the Protected Resource Metadata document (RFC 9728).
+ *
+ * @param issuer - OIDC issuer URL of the Nexus authorization server
+ * @param audience - JWT audience claim (resource identifier)
+ */
+declare function buildProtectedResourceMetadata(issuer: string, audience: string): ProtectedResourceMetadata;
+
+/**
+ * LIOP RBAC Engine — Scope-Based Authorization
+ *
+ * Maps MCP JSON-RPC methods to required LIOP OAuth scopes.
+ * Enforces least-privilege access at the router level before
+ * any tool execution or resource read occurs.
+ *
+ * Standards: NIST SP 800-207 §4.3 (least privilege), OWASP LLM06 (Excessive Agency),
+ *            OWASP API-A01 (Broken Access Control)
+ */
+
+/**
+ * Authorization result with optional denial reason for audit logging.
+ */
+interface AuthorizationResult {
+    allowed: boolean;
+    reason?: string;
+}
+/**
+ * Evaluates whether a request is authorized based on JWT scopes.
+ *
+ * Decision logic:
+ * 1. Methods with no required scopes (initialize, ping) → always allowed.
+ * 2. Methods with required scopes but no auth → denied.
+ * 3. Methods with required scopes → all scopes must be present in the JWT.
+ * 4. Unknown methods with no auth → denied (fail-closed per NIST SP 800-207).
+ *
+ * @param method - MCP JSON-RPC method name (e.g., "tools/call")
+ * @param auth - Validated JWT context, or null if unauthenticated
+ * @param additionalScopes - Extra scopes required by specific node configuration
+ */
+declare function authorizeRequest(method: string, auth: AuthInfo | null, additionalScopes?: readonly string[]): AuthorizationResult;
+/**
+ * All LIOP OAuth scopes supported by the protocol.
+ * Used for PRM metadata and client registration.
+ */
+declare const LIOP_SCOPES: readonly ["liop:tools:list", "liop:tools:call", "liop:resources:read", "liop:schema:read", "liop:mesh:query"];
+type LiopScope = (typeof LIOP_SCOPES)[number];
+
+export { type AIProvider, AuthInfo, ErrorCode, HeuristicTokenEstimator, LIOP_SCOPES, LiopError, LiopOTelBridge, LiopRpcClient, LiopRpcServer, type LiopScope, type PromptConfig, RealTokenEstimator, type SandboxConfig, type TokenEstimator, type TokenOperationMetric, type TokenSessionReport, TokenTelemetryEngine, type ToolTokenBreakdown, WasiSandbox, authorizeRequest, buildProtectedResourceMetadata, createOAuthServer, createSyncTokenEstimator, createTokenEstimator, generateSystemInstructions, getDefaultEnvironment };

package/dist/index.js

@@ -1,4 +1,4 @@
-export{b as WasiSandbox}from'./chunk-RNS4FR5L.js';export{b as LiopClient,a as LiopRpcClient}from'./chunk-AKTU6ZMX.js';export{c as PromptSchema,b as ResourceSchema,a as ToolSchema}from'./chunk-TNMS53OP.js';export{b as LiopMcpBridge,a as LiopStreamBridge}from'./chunk-GYK2HORK.js';export{a as LiopHybridGateway}from'./chunk-YTIMVS2I.js';export{a as LiopRpcServer,g as LiopServer,b as NerScanner,d as PII_PATTERNS,e as PII_PRESETS,f as PiiScanner,c as sanitizeOutput}from'./chunk-BDQZURCS.js';import'./chunk-2MGFSIXN.js';export{b as HeuristicTokenEstimator,e as LiopOTelBridge,a as RealTokenEstimator,f as TokenTelemetryEngine,d as createSyncTokenEstimator,c as createTokenEstimator}from'./chunk-GFRRQ2EB.js';import'./chunk-SW53FNSN.js';import'./chunk-ANFXJGMP.js';import'./chunk-DBXGYHKY.js';import'./chunk-V5MKJT6S.js';export{a as MeshNode}from'./chunk-7I6YJS3C.js';import'./chunk-S6RJHZV2.js';import'./chunk-4C666HHU.js';var m=(e=>(e.CapabilityViolation="CapabilityViolation",e.SandboxEscape="SandboxEscape",e.PiiLeak="PiiLeak",e.InvalidIntent="InvalidIntent",e.Throttled="Throttled",e.ZkVerificationFailed="ZkVerificationFailed",e.MeshUnavailable="MeshUnavailable",e.ConnectionFailed="ConnectionFailed",e))(m||{}),n=class extends Error{code;constructor(o,t){super(t),this.name="LiopError",this.code=o;}};var g={claude:{xmlStandard:true,jsonSchemaPreferred:false},openai:{xmlStandard:false,jsonSchemaPreferred:true},gemini:{xmlStandard:false,jsonSchemaPreferred:true}};function _(i){let o=g[i],t=`[LIOP-PROTO-V1: LOGIC-ON-ORIGIN SPECIFICATION]
+export{c as WasiSandbox,b as getDefaultEnvironment}from'./chunk-RYYRR4N5.js';export{b as LiopClient,a as LiopRpcClient}from'./chunk-N6FGTZ6A.js';export{c as PromptSchema,b as ResourceSchema,a as ToolSchema}from'./chunk-TYVG6TXQ.js';export{b as LiopMcpBridge,a as LiopStreamBridge}from'./chunk-W2QGWRTT.js';export{b as LiopHybridGateway,a as buildProtectedResourceMetadata}from'./chunk-YZVCAJJO.js';export{b as AUTH_DEFAULTS,c as JwtValidator,a as LiopRpcServer,j as LiopServer,e as NerScanner,g as PII_PATTERNS,h as PII_PRESETS,i as PiiScanner,d as createOAuthServer,f as sanitizeOutput}from'./chunk-L5A64CNT.js';import'./chunk-2MGFSIXN.js';export{b as HeuristicTokenEstimator,e as LiopOTelBridge,a as RealTokenEstimator,f as TokenTelemetryEngine,d as createSyncTokenEstimator,c as createTokenEstimator}from'./chunk-VGXNGTIC.js';import'./chunk-SW53FNSN.js';import'./chunk-ANFXJGMP.js';import'./chunk-DBXGYHKY.js';export{b as LIOP_SCOPES,a as authorizeRequest}from'./chunk-SB5XJXKV.js';import'./chunk-V5MKJT6S.js';export{a as MeshNode}from'./chunk-DQ6UW6L7.js';import'./chunk-S6RJHZV2.js';import'./chunk-4C666HHU.js';var h=(e=>(e.CapabilityViolation="CapabilityViolation",e.SandboxEscape="SandboxEscape",e.PiiLeak="PiiLeak",e.InvalidIntent="InvalidIntent",e.Throttled="Throttled",e.ZkVerificationFailed="ZkVerificationFailed",e.MeshUnavailable="MeshUnavailable",e.ConnectionFailed="ConnectionFailed",e))(h||{}),n=class extends Error{code;constructor(o,t){super(t),this.name="LiopError",this.code=o;}};var x={claude:{xmlStandard:true,jsonSchemaPreferred:false},openai:{xmlStandard:false,jsonSchemaPreferred:true},gemini:{xmlStandard:false,jsonSchemaPreferred:true}};function W(i){let o=x[i],t=`[LIOP-PROTO-V1: LOGIC-ON-ORIGIN SPECIFICATION]
 You are interacting with a Logic-Injection-on-Origin Protocol (LIOP) Mesh Network.
 Unlike standard MCP where you pull context to evaluate it remotely, in LIOP you WRITE code that executes on the data's origin.
 
@@ -40,5 +40,5 @@ Example:
   "target": "liop://vault/patients",
   "logic_blob": "const records = await liop.readResource(args.target); return { targetCount: records.filter(r => r.disease === 'Hypertension').length };"
 }
-`),t}export{m as ErrorCode,n as LiopError,_ as generateSystemInstructions};//# sourceMappingURL=index.js.map
+`),t}export{h as ErrorCode,n as LiopError,W as generateSystemInstructions};//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/errors.ts","../src/prompts/adapters.ts"],"names":["ErrorCode","LiopError","code","message","PROVIDER_CONFIGS","generateSystemInstructions","provider","config","instructions"],"mappings":"y5BAAO,IAAKA,OACXA,CAAAA,CAAA,mBAAA,CAAsB,qBAAA,CACtBA,CAAAA,CAAA,cAAgB,eAAA,CAChBA,CAAAA,CAAA,OAAA,CAAU,SAAA,CACVA,EAAA,aAAA,CAAgB,eAAA,CAChBA,EAAA,SAAA,CAAY,WAAA,CACZA,EAAA,oBAAA,CAAuB,sBAAA,CACvBA,CAAAA,CAAA,eAAA,CAAkB,kBAClBA,CAAAA,CAAA,gBAAA,CAAmB,kBAAA,CARRA,CAAAA,CAAAA,EAAAA,CAAAA,EAAA,IAWCC,CAAAA,CAAN,cAAwB,KAAM,CACpB,KAEhB,WAAA,CAAYC,CAAAA,CAAiBC,EAAiB,CAC7C,KAAA,CAAMA,CAAO,CAAA,CACb,IAAA,CAAK,IAAA,CAAO,WAAA,CACZ,KAAK,IAAA,CAAOD,EACb,CACD,ECLA,IAAME,CAAAA,CAAqD,CAC1D,MAAA,CAAQ,CAAE,YAAa,IAAA,CAAM,mBAAA,CAAqB,KAAM,CAAA,CACxD,MAAA,CAAQ,CAAE,WAAA,CAAa,KAAA,CAAO,mBAAA,CAAqB,IAAK,EACxD,MAAA,CAAQ,CAAE,YAAa,KAAA,CAAO,mBAAA,CAAqB,IAAK,CACzD,CAAA,CAMO,SAASC,CAAAA,CAA2BC,EAA8B,CACxE,IAAMC,EAASH,CAAAA,CAAiBE,CAAQ,EAEpCE,CAAAA,CAAe,CAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA,CA2BnB,OAAID,CAAAA,CAAO,WAAA,CACVC,CAAAA,EAAgB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA,CAUND,CAAAA,CAAO,sBACjBC,CAAAA,EAAgB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA,CAAA,CAWVA,CACR","file":"index.js","sourcesContent":["export enum ErrorCode {\n\tCapabilityViolation = \"CapabilityViolation\",\n\tSandboxEscape = \"SandboxEscape\",\n\tPiiLeak = \"PiiLeak\",\n\tInvalidIntent = \"InvalidIntent\",\n\tThrottled = \"Throttled\",\n\tZkVerificationFailed = \"ZkVerificationFailed\",\n\tMeshUnavailable = \"MeshUnavailable\",\n\tConnectionFailed = \"ConnectionFailed\",\n}\n\nexport class LiopError extends Error {\n\tpublic readonly code: ErrorCode;\n\n\tconstructor(code: ErrorCode, message: string) {\n\t\tsuper(message);\n\t\tthis.name = \"LiopError\";\n\t\tthis.code = code;\n\t}\n}\n","/**\n * LIOP Cross-AI Prompt Adapters (Fase 92)\n *\n * Normalizes system instructions for different LLM providers (Claude, OpenAI, Gemini)\n * to ensure they understand how to generate \"Logic-on-Origin\" WASM-compatible payload structures.\n */\n\nexport type AIProvider = \"claude\" | \"openai\" | \"gemini\";\n\nexport interface PromptConfig {\n\txmlStandard: boolean;\n\tjsonSchemaPreferred: boolean;\n}\n\nconst PROVIDER_CONFIGS: Record<AIProvider, PromptConfig> = {\n\tclaude: { xmlStandard: true, jsonSchemaPreferred: false },\n\topenai: { xmlStandard: false, jsonSchemaPreferred: true },\n\tgemini: { xmlStandard: false, jsonSchemaPreferred: true },\n};\n\n/**\n * Generates specific System Prompts optimized for the provided AI.\n * This instructs the LLM on how to bypass Context-Pulling and use Logic-Injection (Zero-Shot).\n */\nexport function generateSystemInstructions(provider: AIProvider): string {\n\tconst config = PROVIDER_CONFIGS[provider];\n\n\tlet instructions = `[LIOP-PROTO-V1: LOGIC-ON-ORIGIN SPECIFICATION]\nYou are interacting with a Logic-Injection-on-Origin Protocol (LIOP) Mesh Network.\nUnlike standard MCP where you pull context to evaluate it remotely, in LIOP you WRITE code that executes on the data's origin.\n\n### CORE PARADIGM\nWhen you call a tool or resource, you MUST provide a payload that represents secure sandboxed logic to be executed on the remote Node.\nThe node will execute your logic securely on the raw secure data, and return only the RESULT, avoiding PII data egress.\n\n### EXECUTION RULES\n1. Provide a self-contained JavaScript syntax block that we will compile to WASM-Sandboxed logic.\n2. Rely only on standard ECMA script features (No Node.js polyfills).\n3. The logic must end by returning the calculated insights, not the raw data.\n\n### DIFFERENTIAL PRIVACY (DP) MECHANISM (Laplace Mechanism)\nTo prevent database reconstruction and inference attacks, numeric query outputs are processed by a Laplace DP engine:\n- COUNT / LENGTH queries: To get EXACT integer values without noise, you MUST name return keys containing 'count', 'length', 'size', 'num', 'positive', 'negative', or starting with 'total_' or 'num_' (e.g. 'total_tx', 'credits_count'). This forces sensitivity=1.0, rounds values, and clamps to non-negative values.\n- AVERAGE queries: Return keys containing 'avg', 'mean', or 'average' scale down noise automatically by dividing global sensitivity by the dataset size (sensitivity / n).\n- SUM / OTHER queries: Return keys without these semantic names receive full Laplace noise based on the global node sensitivity (which can be up to 100,000 in Bank nodes to protect raw balances). Do NOT attempt to bypass this by renaming sum fields to count fields, as it violates protocol integrity.\n\n### SANDBOX RUNTIME RESTRICTIONS & WORKAROUNDS\n- Date is poisoned: The 'Date' class/constructor is undefined (calling 'new Date()', 'Date.now()', or 'Date.parse()' will crash the execution).\n  - Workaround: Perform chronological sorting and comparisons lexicographically on ISO 8601 string dates (e.g. record.date >= '2024-01-01').\n- Poisoned globals: eval, Function, setTimeout, setInterval, Buffer, ArrayBuffer, and TypedArrays are undefined.\n- Frozen prototypes: Modifications to Object.prototype, Array.prototype, etc., are blocked.\n- K-Anonymity constraints: Small datasets (< 10 records) limit outputs to max 3 scalar keys with NO nesting. Datasets with >= 10 records limit outputs to max 10 fields.\n`;\n\n\tif (config.xmlStandard) {\n\t\tinstructions += `\n### PAYLOAD FORMATTING (CLAUDE-XML PREFERRED)\nYou must wrap your logic precisely within <liop_logic> tags.\nExample:\n<liop_logic>\nconst records = await liop.readResource(\"liop://vault/patients\");\nconst filtered = records.filter(r => r.disease === \"Hypertension\");\nreturn { alert: \"High risk demographic\", targetCount: filtered.length };\n</liop_logic>\n`;\n\t} else if (config.jsonSchemaPreferred) {\n\t\tinstructions += `\n### PAYLOAD FORMATTING (JSON PARSING PREFERRED)\nYou must provide your logic strictly within a JSON string key called \\`\"logic_blob\"\\` inside your tool call parameters.\nExample:\n{\n  \"target\": \"liop://vault/patients\",\n  \"logic_blob\": \"const records = await liop.readResource(args.target); return { targetCount: records.filter(r => r.disease === 'Hypertension').length };\"\n}\n`;\n\t}\n\n\treturn instructions;\n}\n"]}
+{"version":3,"sources":["../src/errors.ts","../src/prompts/adapters.ts"],"names":["ErrorCode","LiopError","code","message","PROVIDER_CONFIGS","generateSystemInstructions","provider","config","instructions"],"mappings":"4lCAAO,IAAKA,OACXA,CAAAA,CAAA,mBAAA,CAAsB,qBAAA,CACtBA,CAAAA,CAAA,cAAgB,eAAA,CAChBA,CAAAA,CAAA,OAAA,CAAU,SAAA,CACVA,EAAA,aAAA,CAAgB,eAAA,CAChBA,EAAA,SAAA,CAAY,WAAA,CACZA,EAAA,oBAAA,CAAuB,sBAAA,CACvBA,CAAAA,CAAA,eAAA,CAAkB,kBAClBA,CAAAA,CAAA,gBAAA,CAAmB,kBAAA,CARRA,CAAAA,CAAAA,EAAAA,CAAAA,EAAA,IAWCC,CAAAA,CAAN,cAAwB,KAAM,CACpB,KAEhB,WAAA,CAAYC,CAAAA,CAAiBC,EAAiB,CAC7C,KAAA,CAAMA,CAAO,CAAA,CACb,IAAA,CAAK,IAAA,CAAO,WAAA,CACZ,KAAK,IAAA,CAAOD,EACb,CACD,ECLA,IAAME,CAAAA,CAAqD,CAC1D,MAAA,CAAQ,CAAE,YAAa,IAAA,CAAM,mBAAA,CAAqB,KAAM,CAAA,CACxD,MAAA,CAAQ,CAAE,WAAA,CAAa,KAAA,CAAO,mBAAA,CAAqB,IAAK,EACxD,MAAA,CAAQ,CAAE,YAAa,KAAA,CAAO,mBAAA,CAAqB,IAAK,CACzD,CAAA,CAMO,SAASC,CAAAA,CAA2BC,EAA8B,CACxE,IAAMC,EAASH,CAAAA,CAAiBE,CAAQ,EAEpCE,CAAAA,CAAe,CAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA,CA2BnB,OAAID,CAAAA,CAAO,WAAA,CACVC,CAAAA,EAAgB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA,CAUND,CAAAA,CAAO,sBACjBC,CAAAA,EAAgB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA,CAAA,CAWVA,CACR","file":"index.js","sourcesContent":["export enum ErrorCode {\n\tCapabilityViolation = \"CapabilityViolation\",\n\tSandboxEscape = \"SandboxEscape\",\n\tPiiLeak = \"PiiLeak\",\n\tInvalidIntent = \"InvalidIntent\",\n\tThrottled = \"Throttled\",\n\tZkVerificationFailed = \"ZkVerificationFailed\",\n\tMeshUnavailable = \"MeshUnavailable\",\n\tConnectionFailed = \"ConnectionFailed\",\n}\n\nexport class LiopError extends Error {\n\tpublic readonly code: ErrorCode;\n\n\tconstructor(code: ErrorCode, message: string) {\n\t\tsuper(message);\n\t\tthis.name = \"LiopError\";\n\t\tthis.code = code;\n\t}\n}\n","/**\n * LIOP Cross-AI Prompt Adapters (Fase 92)\n *\n * Normalizes system instructions for different LLM providers (Claude, OpenAI, Gemini)\n * to ensure they understand how to generate \"Logic-on-Origin\" WASM-compatible payload structures.\n */\n\nexport type AIProvider = \"claude\" | \"openai\" | \"gemini\";\n\nexport interface PromptConfig {\n\txmlStandard: boolean;\n\tjsonSchemaPreferred: boolean;\n}\n\nconst PROVIDER_CONFIGS: Record<AIProvider, PromptConfig> = {\n\tclaude: { xmlStandard: true, jsonSchemaPreferred: false },\n\topenai: { xmlStandard: false, jsonSchemaPreferred: true },\n\tgemini: { xmlStandard: false, jsonSchemaPreferred: true },\n};\n\n/**\n * Generates specific System Prompts optimized for the provided AI.\n * This instructs the LLM on how to bypass Context-Pulling and use Logic-Injection (Zero-Shot).\n */\nexport function generateSystemInstructions(provider: AIProvider): string {\n\tconst config = PROVIDER_CONFIGS[provider];\n\n\tlet instructions = `[LIOP-PROTO-V1: LOGIC-ON-ORIGIN SPECIFICATION]\nYou are interacting with a Logic-Injection-on-Origin Protocol (LIOP) Mesh Network.\nUnlike standard MCP where you pull context to evaluate it remotely, in LIOP you WRITE code that executes on the data's origin.\n\n### CORE PARADIGM\nWhen you call a tool or resource, you MUST provide a payload that represents secure sandboxed logic to be executed on the remote Node.\nThe node will execute your logic securely on the raw secure data, and return only the RESULT, avoiding PII data egress.\n\n### EXECUTION RULES\n1. Provide a self-contained JavaScript syntax block that we will compile to WASM-Sandboxed logic.\n2. Rely only on standard ECMA script features (No Node.js polyfills).\n3. The logic must end by returning the calculated insights, not the raw data.\n\n### DIFFERENTIAL PRIVACY (DP) MECHANISM (Laplace Mechanism)\nTo prevent database reconstruction and inference attacks, numeric query outputs are processed by a Laplace DP engine:\n- COUNT / LENGTH queries: To get EXACT integer values without noise, you MUST name return keys containing 'count', 'length', 'size', 'num', 'positive', 'negative', or starting with 'total_' or 'num_' (e.g. 'total_tx', 'credits_count'). This forces sensitivity=1.0, rounds values, and clamps to non-negative values.\n- AVERAGE queries: Return keys containing 'avg', 'mean', or 'average' scale down noise automatically by dividing global sensitivity by the dataset size (sensitivity / n).\n- SUM / OTHER queries: Return keys without these semantic names receive full Laplace noise based on the global node sensitivity (which can be up to 100,000 in Bank nodes to protect raw balances). Do NOT attempt to bypass this by renaming sum fields to count fields, as it violates protocol integrity.\n\n### SANDBOX RUNTIME RESTRICTIONS & WORKAROUNDS\n- Date is poisoned: The 'Date' class/constructor is undefined (calling 'new Date()', 'Date.now()', or 'Date.parse()' will crash the execution).\n  - Workaround: Perform chronological sorting and comparisons lexicographically on ISO 8601 string dates (e.g. record.date >= '2024-01-01').\n- Poisoned globals: eval, Function, setTimeout, setInterval, Buffer, ArrayBuffer, and TypedArrays are undefined.\n- Frozen prototypes: Modifications to Object.prototype, Array.prototype, etc., are blocked.\n- K-Anonymity constraints: Small datasets (< 10 records) limit outputs to max 3 scalar keys with NO nesting. Datasets with >= 10 records limit outputs to max 10 fields.\n`;\n\n\tif (config.xmlStandard) {\n\t\tinstructions += `\n### PAYLOAD FORMATTING (CLAUDE-XML PREFERRED)\nYou must wrap your logic precisely within <liop_logic> tags.\nExample:\n<liop_logic>\nconst records = await liop.readResource(\"liop://vault/patients\");\nconst filtered = records.filter(r => r.disease === \"Hypertension\");\nreturn { alert: \"High risk demographic\", targetCount: filtered.length };\n</liop_logic>\n`;\n\t} else if (config.jsonSchemaPreferred) {\n\t\tinstructions += `\n### PAYLOAD FORMATTING (JSON PARSING PREFERRED)\nYou must provide your logic strictly within a JSON string key called \\`\"logic_blob\"\\` inside your tool call parameters.\nExample:\n{\n  \"target\": \"liop://vault/patients\",\n  \"logic_blob\": \"const records = await liop.readResource(args.target); return { targetCount: records.filter(r => r.disease === 'Hypertension').length };\"\n}\n`;\n\t}\n\n\treturn instructions;\n}\n"]}

package/dist/mesh.d.ts

@@ -26,6 +26,9 @@ interface LiopManifest {
         clearanceTier: number;
         executionTypes: string[];
     };
+    authRequired?: boolean;
+    /** Canonical slug for deterministic token resolution. Agents resolve LIOP_TOKEN_<tokenSlug>. Must match /^[A-Z][A-Z0-9_]*$/. */
+    tokenSlug?: string;
 }
 interface MeshNodeConfig {
     listenAddresses?: string[];

package/dist/mesh.js

@@ -1,2 +1,2 @@
-import'./chunk-RWRRBYG4.js';export{a as MeshNode}from'./chunk-7I6YJS3C.js';import'./chunk-S6RJHZV2.js';import'./chunk-4C666HHU.js';//# sourceMappingURL=mesh.js.map
+import'./chunk-RWRRBYG4.js';export{a as MeshNode}from'./chunk-DQ6UW6L7.js';import'./chunk-S6RJHZV2.js';import'./chunk-4C666HHU.js';//# sourceMappingURL=mesh.js.map
 //# sourceMappingURL=mesh.js.map

package/dist/server.d.ts

@@ -1,377 +1,5 @@
-import { z } from 'zod';
-import { MeshNode } from './mesh.js';
-import { ServerInfo, CallToolResult, Prompt, GetPromptRequest, GetPromptResult, CallToolRequest, Tool, Resource } from './types.js';
-
-/** Single named entity detected by the NER scanner. */
-interface NerEntity {
-    type: "person" | "place" | "organization";
-    text: string;
-}
-/** Result of an NER scan operation. */
-interface NerScanResult {
-    detected: boolean;
-    entities: NerEntity[];
-}
-/**
- * Scans text content for named entities that may represent PII.
- * Uses `compromise/three` for person, place, and organization detection.
- *
- * Designed for egress filtering — optimized for recall over precision
- * to ensure sensitive data does not leak through aliased output keys.
- */
-declare class NerScanner {
-    private static nlp;
-    /**
-     * Lazy loads the compromise library only when needed.
-     */
-    private getNlp;
-    /**
-     * Scans a single string value for named entities.
-     * Returns detected entities if the text contains recognizable PII.
-     */
-    scan(text: string): Promise<NerScanResult>;
-    /**
-     * Recursively scans all string values within an object/array.
-     * Stops at the first detection for performance (fail-fast).
-     */
-    scanDeep(input: unknown, seen?: WeakSet<object>): Promise<NerScanResult>;
-}
-
-/**
- * LIOP Egress Shield Output Sanitizer (NIST SP 800-226 and OWASP DLP 2025 compliant)
- * Recursively sanitizes execution outputs by rounding floating-point numbers
- * and clamping negative values to zero floor where appropriate.
- *
- * Implements absolute immutability, returning a fresh copy of the data.
- */
-interface OutputSanitizerConfig {
-    /** Maximum decimal places for floating-point values (default: 4) */
-    maxDecimalPlaces?: number;
-    /** Clamp negative values to zero floor (default: true) */
-    clampNonNegative?: boolean;
-}
-/**
- * Recursively walks a JSON-like tree, rounding floats and clamping negative values.
- *
- * @param output - The raw or DP-modified output object/value to sanitize
- * @param config - Sanitization parameters (rounding depth, negative clamping)
- * @returns A sanitized deep copy of the output
- */
-declare function sanitizeOutput(output: unknown, config?: OutputSanitizerConfig): unknown;
-
-/**
- * LIOP Professional PII Engine (The Shield V2 - Tier-1 Military Edition)
- * Implements high-fidelity detection based on NIST and OWASP standards.
- * Features Multi-Layer Verification (Regex + Algorithmic Validators).
- */
-type PiiRuleDefinition = {
-    name: string;
-    pattern: string | RegExp;
-    validator?: (match: string) => boolean;
-};
-type PiiRule = string | RegExp | PiiRuleDefinition;
-declare const PII_PATTERNS: {
-    EMAIL: PiiRuleDefinition;
-    CREDIT_CARD: PiiRuleDefinition;
-    IP_ADDRESS: PiiRuleDefinition;
-    PHONE: PiiRuleDefinition;
-    SSN: PiiRuleDefinition;
-    IBAN: PiiRuleDefinition;
-    PASSPORT_MRZ: PiiRuleDefinition;
-};
-/**
- * Regional and Cultural Security Presets for Out-Of-The-Box compliance.
- * Developers can override, merge, or omit these based on local laws.
- */
-declare const PII_PRESETS: {
-    GLOBAL_STRICT: PiiRuleDefinition[];
-    US_COMPLIANT: PiiRuleDefinition[];
-    EU_GDPR: PiiRuleDefinition[];
-};
-declare class PiiScanner {
-    private patterns;
-    private forbiddenKeysSet;
-    private nerScanner;
-    /**
-     * Safelist of keys that contain forbidden substrings but are NOT PII.
-     * Prevents false positives from fuzzy matching (e.g., "grid" contains "id").
-     */
-    private static readonly KEY_SAFELIST;
-    /**
-     * Short forbidden tokens (< 4 chars) that require boundary-aware matching.
-     * Uses regex boundary detection to avoid false positives.
-     */
-    private shortTokenBoundaryPatterns;
-    /**
-     * Long forbidden tokens (>= 4 chars) that use substring containment.
-     */
-    private longForbiddenTokens;
-    constructor(patterns?: PiiRule[], forbiddenKeys?: string[], nerScanner?: NerScanner | null);
-    /**
-     * Scans any input (string, object, array) for PII violations.
-     * Returns the pattern/rule name that triggered the violation, or null if safe.
-     *
-     * Detection pipeline (fail-fast):
-     *   1. Exact key match (O(1) Set lookup)
-     *   2. Fuzzy key match (boundary detection for short tokens, substring for long)
-     *   3. Regex/algorithmic pattern match on string values
-     *   4. NER content scan on string values (if enabled)
-     */
-    scan(input: unknown, seen?: WeakSet<object>): Promise<string | null>;
-    /**
-     * Checks a key against fuzzy matching rules.
-     * Short tokens use boundary-aware regex; long tokens use substring containment.
-     */
-    private checkKeyFuzzy;
-    private checkString;
-}
-
-type ToolHandler<T extends z.ZodRawShape = z.ZodRawShape> = (args: z.infer<z.ZodObject<T>>, extra: {
-    signal?: AbortSignal;
-}) => Promise<CallToolResult>;
-interface LiopServerOptions {
-    capabilities?: Record<string, unknown>;
-    workerPool?: {
-        enabled?: boolean;
-        minThreads?: number;
-        maxThreads?: number;
-        idleTimeout?: number;
-        /** Max heap memory per worker in MB (default: 64). Prevents heap bomb DoS. */
-        maxHeapMb?: number;
-    };
-    security?: {
-        piiPatterns?: PiiRule[];
-        forbiddenKeys?: string[];
-        sensitiveKeys?: string[];
-        /** Enable NLP-based Named Entity Recognition scanning on output values. */
-        enableNerScanning?: boolean;
-        /** Rate limiting configuration for tool calls (OWASP A01). */
-        rateLimit?: {
-            /** Maximum calls per window per tool (default: 15). */
-            maxPerWindow?: number;
-            /** Maximum calls per window across ALL tools combined (default: 40). */
-            globalMaxPerWindow?: number;
-            /** Sliding window duration in milliseconds (default: 60000 = 1 min). */
-            windowMs?: number;
-        };
-    };
-    taxonomy?: {
-        domain?: string;
-        clearanceTier?: number;
-        executionTypes?: string[];
-    };
-}
-interface AggregationPolicy {
-    /** Maximum number of object-type array elements allowed (default: 10) */
-    maxOutputRows?: number;
-    /** Allow arrays containing only primitive values (default: true) */
-    allowPrimitiveArrays?: boolean;
-    /** Block min/max extraction when dataset size < this value (default: 50) */
-    minMaxBlockThreshold?: number;
-}
-interface LogicExecutionPolicy {
-    /**
-     * Validate the business payload returned by sandbox logic (post-execution).
-     * This runs before final egress checks and blocks non-conforming outputs.
-     */
-    outputSchema?: z.ZodType<unknown>;
-    /**
-     * Enforce aggregation-first heuristics (preflight + post-check).
-     */
-    enforceAggregationFirst?: boolean | AggregationPolicy;
-    /**
-     * Optional additional deny patterns checked against extracted logic source.
-     */
-    preflightDenyPatterns?: RegExp[];
-    /**
-     * Differential Privacy epsilon per query (default: 1.0).
-     * Lower = stronger privacy + more noise. Standard: Apple iOS uses 1.0.
-     */
-    dpEpsilon?: number;
-    /**
-     * DP sensitivity: max change when one record added/removed (default: 1.0).
-     * For SUM queries on a field with range [0, X], set sensitivity = X.
-     */
-    dpSensitivity?: number;
-    /**
-     * Dataset size threshold below which Differential Privacy is active (default: 50).
-     */
-    dpSmallDatasetThreshold?: number;
-    /**
-     * Max queries per numeric field per PQC session (default: 5).
-     * Prevents multi-query differencing attacks.
-     */
-    queryBudgetPerField?: number;
-    /**
-     * Domain-specific sensitive keys that fall under the "sensitive" query budget tier.
-     */
-    sensitiveKeys?: string[];
-}
-declare class LiopServer {
-    private serverInfo;
-    private config?;
-    private logicCache;
-    private connectionStats;
-    private readonly CACHE_TTL_MS;
-    private readonly THROTTLE_THRESHOLD;
-    private readonly THROTTLE_COOLDOWN_MS;
-    private toolCallWindows;
-    private readonly toolCallMaxPerWindow;
-    private readonly toolCallWindowMs;
-    private globalCallWindow;
-    private readonly globalCallMaxPerWindow;
-    private fieldQueryBudget;
-    private readonly taintAnalyzer;
-    private tools;
-    private resources;
-    private prompts;
-    private activeSchema;
-    private sandboxRecords;
-    private piiScanner;
-    private workerPool;
-    private meshNode;
-    private rpcServer;
-    private boundPort;
-    private sessions;
-    private static readonly LIOP_COMPACT_REGEX;
-    private extractLogic;
-    private parseUnknownJson;
-    private runPreflightPolicy;
-    private validateOutputPolicy;
-    /**
-     * Proxied tools stringify a full MCP CallToolResult (`{ content: [...] }`).
-     * Aggregation-first heuristics must scan the inner business JSON, not the MCP envelope
-     * (otherwise `content` looks like a tabular array of objects and everything blocks).
-     */
-    private unwrapForAggregationPolicyScan;
-    private violatesAggregationFirstPolicy;
-    constructor(serverInfo: ServerInfo, config?: LiopServerOptions | undefined);
-    /**
-     * Builds the centralized LIOP envelope specification document.
-     * Served as a single Resource (liop://protocol/envelope-spec) instead
-     * of being duplicated across every tool description.
-     */
-    private buildEnvelopeSpec;
-    /**
-     * Extracts a compact, human-readable field summary from a JSON Schema.
-     *
-     * Walks the schema structure to find actual data property names and types,
-     * rather than returning top-level schema metadata keys (type, items, etc.).
-     *
-     * Example output for a banking schema:
-     *   "Array of {id(string), accountHolder(string), balance(number), transactions(array of {date(string), amount(number)})}"
-     */
-    private extractSchemaFieldSummary;
-    /**
-     * Convenience alias for connectToMesh(), matching official documentation.
-     */
-    connect(options?: {
-        port?: number;
-        meshConfig?: {
-            listenAddresses?: string[];
-            bootstrapNodes?: string[];
-            identityPath?: string;
-        };
-    }): Promise<void>;
-    /**
-     * Register a new Tool
-     */
-    tool<T extends z.ZodRawShape>(name: string, description: string, shape: T, handler: ToolHandler<T>, policy?: LogicExecutionPolicy): void;
-    /**
-     * Register a dynamic prompt
-     */
-    prompt(name: string, description: string | undefined, args: Prompt["arguments"], handler: (request: GetPromptRequest) => GetPromptResult | Promise<GetPromptResult>): void;
-    /**
-     * Enables LIOP Zero-Shot Autonomy by registering the Blind Analyst standard prompt.
-     */
-    enableZeroShotAutonomy(): void;
-    /**
-     * Register a dynamic resource
-     */
-    resource(name: string, uri: string, description?: string, mimeType?: string, content?: string | (() => Promise<string>)): void;
-    /**
-     * Builds execution guidelines served as a resource to guide LLM code generation.
-     */
-    private buildExecutionGuidelines;
-    /**
-     * Broadcasts the Data Dictionary to the LLM prior to code injection.
-     */
-    dataDictionary(schema: Record<string, unknown>, name?: string, uri?: string, description?: string): void;
-    /**
-     * Manually invalidates the AST Logic Cache (e.g. for Zero-Day patches).
-     */
-    clearAstCache(): void;
-    /**
-     * Sliding window rate limiter for tool call frequency.
-     * Prevents micro-query exfiltration attacks where an attacker
-     * makes hundreds of individually-legitimate calls to reconstruct
-     * the full dataset field by field. (OWASP A01)
-     */
-    private checkToolCallRateLimit;
-    /**
-     * Global cross-tool rate limiter.
-     * Prevents attackers from distributing micro-queries across multiple tools
-     * to evade per-tool rate limits. (OWASP A01)
-     */
-    private checkGlobalRateLimit;
-    /**
-     * Emulates calling a tool (used locally or via LIOPMcpBridge)
-     */
-    callTool(request: CallToolRequest, clientId?: string): Promise<CallToolResult>;
-    /**
-     * Retrieves registered tools
-     */
-    listTools(): Tool[];
-    /**
-     * Retrieves registered prompts
-     */
-    listPrompts(): Prompt[];
-    /**
-     * Gets a specific prompt by name
-     */
-    getPrompt(request: GetPromptRequest): Promise<GetPromptResult>;
-    /**
-     * Retrieves registered resources
-     */
-    listResources(): Resource[];
-    /**
-     * Reads a specific resource by URI
-     */
-    readResource(uri: string): Promise<{
-        contents: Array<{
-            uri: string;
-            mimeType?: string;
-            text: string;
-        }>;
-    }>;
-    getServerInfo(): ServerInfo;
-    getMeshNode(): MeshNode | null;
-    /**
-     * Injects data into the secure sandbox context for Logic-on-Origin tools.
-     */
-    setSandboxData(records: Record<string, unknown>[]): void;
-    getBoundPort(): number | null;
-    /**
-     * Connects to the libp2p Kademlia DHT and announces capabilities.
-     * Boots the gRPC server for secure Logic-on-Origin.
-     */
-    connectToMesh(options?: {
-        port?: number;
-        meshConfig?: {
-            listenAddresses?: string[];
-            bootstrapNodes?: string[];
-            identityPath?: string;
-        };
-    }): Promise<void>;
-    /**
-     * Internal worker execution with Egress Filtering logic.
-     */
-    private executeInWorkerPool;
-    /**
-     * Safely destroys the worker pool, gRPC server, and Mesh node.
-     * Recommended to be called during graceful shutdowns or test teardowns.
-     */
-    close(): Promise<void>;
-}
-
-export { type AggregationPolicy, LiopServer, type LiopServerOptions, type LogicExecutionPolicy, NerScanner, type OutputSanitizerConfig, PII_PATTERNS, PII_PRESETS, type PiiRule, PiiScanner, type ToolHandler, sanitizeOutput };
+export { b as AggregationPolicy, L as LiopServer, a as LiopServerOptions, e as LogicExecutionPolicy, N as NerScanner, f as OutputSanitizerConfig, P as PII_PATTERNS, g as PII_PRESETS, h as PiiRule, i as PiiScanner, T as ToolHandler, s as sanitizeOutput } from './index-CL8m1L1d.js';
+import 'zod';
+import './mesh.js';
+import './types-DzEXgi4s.js';
+import 'jose';

package/dist/server.js

@@ -1,2 +1,2 @@
-export{g as LiopServer,b as NerScanner,d as PII_PATTERNS,e as PII_PRESETS,f as PiiScanner,c as sanitizeOutput}from'./chunk-BDQZURCS.js';import'./chunk-2MGFSIXN.js';import'./chunk-V5MKJT6S.js';import'./chunk-7I6YJS3C.js';import'./chunk-S6RJHZV2.js';import'./chunk-4C666HHU.js';//# sourceMappingURL=server.js.map
+export{j as LiopServer,e as NerScanner,g as PII_PATTERNS,h as PII_PRESETS,i as PiiScanner,f as sanitizeOutput}from'./chunk-L5A64CNT.js';import'./chunk-2MGFSIXN.js';import'./chunk-SB5XJXKV.js';import'./chunk-V5MKJT6S.js';import'./chunk-DQ6UW6L7.js';import'./chunk-S6RJHZV2.js';import'./chunk-4C666HHU.js';//# sourceMappingURL=server.js.map
 //# sourceMappingURL=server.js.map