@nobulex/mcp 0.1.0

package/dist/index.js

@@ -0,0 +1,364 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  PRESETS: () => PRESETS,
+  SteleGuard: () => SteleGuard
+});
+module.exports = __toCommonJS(index_exports);
+var import_crypto = require("@nobulex/crypto");
+var import_ccl = require("@nobulex/ccl");
+var import_core = require("@nobulex/core");
+var import_enforcement = require("@nobulex/enforcement");
+var import_identity = require("@nobulex/identity");
+var import_reputation = require("@nobulex/reputation");
+var import_proof = require("@nobulex/proof");
+
+// src/presets.ts
+var PRESETS = {
+  "standard:data-isolation": `permit file.read on '/data/**'
+permit tool.read_file on '/data/**'
+permit tool.* on '/data/**'
+deny file.write on '**' severity high
+deny network.send on '**' severity critical
+deny network.send on '**' when payload.contains_pii = true severity critical
+require audit.log on '**' severity critical
+limit api.call 100 per 60 seconds`,
+  "standard:read-write": `permit file.read on '/data/**'
+permit file.write on '/output/**'
+deny file.write on '/system/**' severity critical
+deny network.send on '**' severity high
+deny network.send on '**' when payload.contains_pii = true severity critical
+require audit.log on '**' severity critical`,
+  "standard:network": `permit file.read on '/data/**'
+permit file.write on '/output/**'
+permit network.send on '**'
+deny network.send on '**' when payload.contains_pii = true severity critical
+deny file.write on '/system/**' severity critical
+require audit.log on '**' severity critical
+require encrypt.output on '**' when output.classification = 'sensitive' severity high
+limit api.call 500 per 3600 seconds
+limit network.send 100 per 60 seconds`,
+  "standard:minimal": `deny file.read on '**' severity high
+deny file.write on '**' severity critical
+deny network.send on '**' severity critical
+require audit.log on '**' severity critical`
+};
+
+// src/index.ts
+function resolveConstraints(constraints) {
+  const trimmed = constraints.trim();
+  if (trimmed in PRESETS) {
+    return PRESETS[trimmed];
+  }
+  return trimmed;
+}
+function toolAction(toolName) {
+  return `tool.${toolName}`;
+}
+function toolResource(toolName, args) {
+  for (const key of ["path", "file", "url", "uri", "resource", "target", "name"]) {
+    const val = args[key];
+    if (typeof val === "string" && val.length > 0) {
+      return val;
+    }
+  }
+  return `/tool/${toolName}`;
+}
+function extractSeverity(matchedRule) {
+  if (matchedRule && typeof matchedRule === "object" && "severity" in matchedRule && typeof matchedRule.severity === "string") {
+    return matchedRule.severity;
+  }
+  return "medium";
+}
+function extractConstraint(matchedRule) {
+  if (matchedRule && typeof matchedRule === "object" && "type" in matchedRule) {
+    const rule = matchedRule;
+    const type = rule.type;
+    const action = rule.action ?? "*";
+    const resource = rule.resource ?? "*";
+    return `${type} ${action} on '${resource}'`;
+  }
+  return "default deny (no matching permit rule)";
+}
+var SteleGuard = class _SteleGuard {
+  // Private constructor - use static factory methods
+  constructor() {
+  }
+  /**
+   * Wrap an MCP server with Stele accountability using constraint text
+   * (either a preset name or raw CCL).
+   *
+   * Generates a keypair if one is not provided, creates an agent identity,
+   * builds a covenant document, and returns a wrapped server that intercepts
+   * every tool call through the constraint monitor.
+   */
+  static async wrap(server, options) {
+    const constraintSource = resolveConstraints(options.constraints);
+    (0, import_ccl.parse)(constraintSource);
+    const operatorKeyPair = options.operatorKeyPair ?? await (0, import_crypto.generateKeyPair)();
+    const model = options.model ?? {
+      provider: "unknown",
+      modelId: "unknown",
+      attestationType: "self_reported"
+    };
+    const identity = await (0, import_identity.createIdentity)({
+      operatorKeyPair,
+      operatorIdentifier: options.agentIdentifier,
+      model,
+      capabilities: (server.tools ?? []).map((t) => toolAction(t.name)),
+      deployment: {
+        runtime: "process"
+      }
+    });
+    const covenant = await (0, import_core.buildCovenant)({
+      issuer: {
+        id: options.agentIdentifier ?? operatorKeyPair.publicKeyHex,
+        publicKey: operatorKeyPair.publicKeyHex,
+        role: "issuer"
+      },
+      beneficiary: {
+        id: identity.id,
+        publicKey: operatorKeyPair.publicKeyHex,
+        role: "beneficiary"
+      },
+      constraints: constraintSource,
+      privateKey: operatorKeyPair.privateKey,
+      enforcement: {
+        type: "monitor",
+        config: { mode: options.mode ?? "enforce" }
+      },
+      proof: {
+        type: options.proofType ?? "audit_log",
+        config: {}
+      }
+    });
+    const monitor = new import_enforcement.Monitor(covenant.id, constraintSource, {
+      mode: options.mode ?? "enforce"
+    });
+    return _SteleGuard.buildWrappedServer(
+      server,
+      monitor,
+      identity,
+      covenant,
+      operatorKeyPair,
+      options
+    );
+  }
+  /**
+   * Wrap an MCP server using a pre-built covenant document.
+   *
+   * This is useful when the covenant has been created externally
+   * (e.g. by an orchestrator or governance system) and should be
+   * used as-is without re-building.
+   */
+  static async fromCovenant(server, covenant, operatorKeyPair) {
+    const identity = await (0, import_identity.createIdentity)({
+      operatorKeyPair,
+      model: {
+        provider: "unknown",
+        modelId: "unknown",
+        attestationType: "self_reported"
+      },
+      capabilities: (server.tools ?? []).map((t) => toolAction(t.name)),
+      deployment: {
+        runtime: "process"
+      }
+    });
+    const mode = covenant.enforcement?.config?.mode === "log_only" ? "log_only" : "enforce";
+    const monitor = new import_enforcement.Monitor(covenant.id, covenant.constraints, {
+      mode
+    });
+    return _SteleGuard.buildWrappedServer(
+      server,
+      monitor,
+      identity,
+      covenant,
+      operatorKeyPair,
+      {}
+    );
+  }
+  /**
+   * Internal method to build the wrapped server proxy from all
+   * the initialized components.
+   */
+  static buildWrappedServer(server, monitor, identity, covenant, operatorKeyPair, options) {
+    let totalToolCalls = 0;
+    let hasViolations = false;
+    let violationSeverity;
+    let firstCallTime;
+    let lastReceipt = null;
+    const interceptedHandleToolCall = async (name, args) => {
+      const callStart = Date.now();
+      if (firstCallTime === void 0) {
+        firstCallTime = callStart;
+      }
+      totalToolCalls++;
+      const action = toolAction(name);
+      const resource = toolResource(name, args);
+      const now = (0, import_crypto.timestamp)();
+      let permitted = true;
+      let result;
+      try {
+        await monitor.evaluate(action, resource, args);
+      } catch (err) {
+        permitted = false;
+        const severity = extractSeverity(
+          err && typeof err === "object" && "matchedRule" in err ? err.matchedRule : void 0
+        );
+        const constraint = extractConstraint(
+          err && typeof err === "object" && "matchedRule" in err ? err.matchedRule : void 0
+        );
+        hasViolations = true;
+        violationSeverity = severity;
+        if (options.onViolation) {
+          const details = {
+            toolName: name,
+            action,
+            resource,
+            constraint,
+            severity,
+            timestamp: now
+          };
+          options.onViolation(details);
+        }
+        if (options.onToolCall) {
+          const callEnd2 = Date.now();
+          const details = {
+            toolName: name,
+            action,
+            resource,
+            permitted: false,
+            timestamp: now,
+            durationMs: callEnd2 - callStart
+          };
+          options.onToolCall(details);
+        }
+        await updateReceipt(
+          covenant,
+          identity,
+          operatorKeyPair,
+          callStart,
+          hasViolations,
+          violationSeverity,
+          lastReceipt
+        ).then((r) => {
+          lastReceipt = r;
+        });
+        throw err;
+      }
+      if (server.handleToolCall) {
+        result = await server.handleToolCall(name, args);
+      } else {
+        result = void 0;
+      }
+      const callEnd = Date.now();
+      if (options.onToolCall) {
+        const details = {
+          toolName: name,
+          action,
+          resource,
+          permitted: true,
+          timestamp: now,
+          durationMs: callEnd - callStart
+        };
+        options.onToolCall(details);
+      }
+      lastReceipt = await updateReceipt(
+        covenant,
+        identity,
+        operatorKeyPair,
+        callStart,
+        hasViolations,
+        violationSeverity,
+        lastReceipt
+      );
+      return result;
+    };
+    const wrapped = /* @__PURE__ */ Object.create(null);
+    for (const key of Object.keys(server)) {
+      if (key === "handleToolCall") {
+        continue;
+      }
+      wrapped[key] = server[key];
+    }
+    if (server.tools) {
+      wrapped.tools = server.tools;
+    }
+    wrapped.handleToolCall = interceptedHandleToolCall;
+    wrapped.getMonitor = () => monitor;
+    wrapped.getIdentity = () => identity;
+    wrapped.getAuditLog = () => monitor.getAuditLog();
+    wrapped.generateProof = async () => {
+      const auditLog = monitor.getAuditLog();
+      const auditEntries = auditLog.entries.map(
+        (entry) => ({
+          action: entry.action,
+          resource: entry.resource,
+          outcome: entry.outcome,
+          timestamp: entry.timestamp,
+          hash: entry.hash
+        })
+      );
+      return (0, import_proof.generateComplianceProof)({
+        covenantId: covenant.id,
+        constraints: covenant.constraints,
+        auditEntries
+      });
+    };
+    wrapped.getReceipt = () => lastReceipt;
+    wrapped.getCovenant = () => covenant;
+    return wrapped;
+  }
+};
+async function updateReceipt(covenant, identity, operatorKeyPair, callStartTime, hasViolations, violationSeverity, previousReceipt) {
+  const durationMs = Date.now() - callStartTime;
+  let outcome;
+  let breachSeverity;
+  if (hasViolations) {
+    outcome = "breached";
+    breachSeverity = violationSeverity ?? "medium";
+  } else {
+    outcome = "fulfilled";
+  }
+  const proofHash = (0, import_crypto.sha256Object)({
+    covenantId: covenant.id,
+    identityId: identity.id,
+    timestamp: (0, import_crypto.timestamp)()
+  });
+  const receipt = await (0, import_reputation.createReceipt)(
+    covenant.id,
+    identity.id,
+    operatorKeyPair.publicKeyHex,
+    outcome,
+    proofHash,
+    durationMs,
+    operatorKeyPair,
+    previousReceipt?.receiptHash ?? null,
+    breachSeverity
+  );
+  return receipt;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  PRESETS,
+  SteleGuard
+});

package/dist/index.mjs

@@ -0,0 +1,338 @@
+// src/index.ts
+import { generateKeyPair, timestamp, sha256Object } from "@nobulex/crypto";
+import { parse } from "@nobulex/ccl";
+import { buildCovenant } from "@nobulex/core";
+import { Monitor } from "@nobulex/enforcement";
+import { createIdentity } from "@nobulex/identity";
+import { createReceipt } from "@nobulex/reputation";
+import { generateComplianceProof } from "@nobulex/proof";
+
+// src/presets.ts
+var PRESETS = {
+  "standard:data-isolation": `permit file.read on '/data/**'
+permit tool.read_file on '/data/**'
+permit tool.* on '/data/**'
+deny file.write on '**' severity high
+deny network.send on '**' severity critical
+deny network.send on '**' when payload.contains_pii = true severity critical
+require audit.log on '**' severity critical
+limit api.call 100 per 60 seconds`,
+  "standard:read-write": `permit file.read on '/data/**'
+permit file.write on '/output/**'
+deny file.write on '/system/**' severity critical
+deny network.send on '**' severity high
+deny network.send on '**' when payload.contains_pii = true severity critical
+require audit.log on '**' severity critical`,
+  "standard:network": `permit file.read on '/data/**'
+permit file.write on '/output/**'
+permit network.send on '**'
+deny network.send on '**' when payload.contains_pii = true severity critical
+deny file.write on '/system/**' severity critical
+require audit.log on '**' severity critical
+require encrypt.output on '**' when output.classification = 'sensitive' severity high
+limit api.call 500 per 3600 seconds
+limit network.send 100 per 60 seconds`,
+  "standard:minimal": `deny file.read on '**' severity high
+deny file.write on '**' severity critical
+deny network.send on '**' severity critical
+require audit.log on '**' severity critical`
+};
+
+// src/index.ts
+function resolveConstraints(constraints) {
+  const trimmed = constraints.trim();
+  if (trimmed in PRESETS) {
+    return PRESETS[trimmed];
+  }
+  return trimmed;
+}
+function toolAction(toolName) {
+  return `tool.${toolName}`;
+}
+function toolResource(toolName, args) {
+  for (const key of ["path", "file", "url", "uri", "resource", "target", "name"]) {
+    const val = args[key];
+    if (typeof val === "string" && val.length > 0) {
+      return val;
+    }
+  }
+  return `/tool/${toolName}`;
+}
+function extractSeverity(matchedRule) {
+  if (matchedRule && typeof matchedRule === "object" && "severity" in matchedRule && typeof matchedRule.severity === "string") {
+    return matchedRule.severity;
+  }
+  return "medium";
+}
+function extractConstraint(matchedRule) {
+  if (matchedRule && typeof matchedRule === "object" && "type" in matchedRule) {
+    const rule = matchedRule;
+    const type = rule.type;
+    const action = rule.action ?? "*";
+    const resource = rule.resource ?? "*";
+    return `${type} ${action} on '${resource}'`;
+  }
+  return "default deny (no matching permit rule)";
+}
+var SteleGuard = class _SteleGuard {
+  // Private constructor - use static factory methods
+  constructor() {
+  }
+  /**
+   * Wrap an MCP server with Stele accountability using constraint text
+   * (either a preset name or raw CCL).
+   *
+   * Generates a keypair if one is not provided, creates an agent identity,
+   * builds a covenant document, and returns a wrapped server that intercepts
+   * every tool call through the constraint monitor.
+   */
+  static async wrap(server, options) {
+    const constraintSource = resolveConstraints(options.constraints);
+    parse(constraintSource);
+    const operatorKeyPair = options.operatorKeyPair ?? await generateKeyPair();
+    const model = options.model ?? {
+      provider: "unknown",
+      modelId: "unknown",
+      attestationType: "self_reported"
+    };
+    const identity = await createIdentity({
+      operatorKeyPair,
+      operatorIdentifier: options.agentIdentifier,
+      model,
+      capabilities: (server.tools ?? []).map((t) => toolAction(t.name)),
+      deployment: {
+        runtime: "process"
+      }
+    });
+    const covenant = await buildCovenant({
+      issuer: {
+        id: options.agentIdentifier ?? operatorKeyPair.publicKeyHex,
+        publicKey: operatorKeyPair.publicKeyHex,
+        role: "issuer"
+      },
+      beneficiary: {
+        id: identity.id,
+        publicKey: operatorKeyPair.publicKeyHex,
+        role: "beneficiary"
+      },
+      constraints: constraintSource,
+      privateKey: operatorKeyPair.privateKey,
+      enforcement: {
+        type: "monitor",
+        config: { mode: options.mode ?? "enforce" }
+      },
+      proof: {
+        type: options.proofType ?? "audit_log",
+        config: {}
+      }
+    });
+    const monitor = new Monitor(covenant.id, constraintSource, {
+      mode: options.mode ?? "enforce"
+    });
+    return _SteleGuard.buildWrappedServer(
+      server,
+      monitor,
+      identity,
+      covenant,
+      operatorKeyPair,
+      options
+    );
+  }
+  /**
+   * Wrap an MCP server using a pre-built covenant document.
+   *
+   * This is useful when the covenant has been created externally
+   * (e.g. by an orchestrator or governance system) and should be
+   * used as-is without re-building.
+   */
+  static async fromCovenant(server, covenant, operatorKeyPair) {
+    const identity = await createIdentity({
+      operatorKeyPair,
+      model: {
+        provider: "unknown",
+        modelId: "unknown",
+        attestationType: "self_reported"
+      },
+      capabilities: (server.tools ?? []).map((t) => toolAction(t.name)),
+      deployment: {
+        runtime: "process"
+      }
+    });
+    const mode = covenant.enforcement?.config?.mode === "log_only" ? "log_only" : "enforce";
+    const monitor = new Monitor(covenant.id, covenant.constraints, {
+      mode
+    });
+    return _SteleGuard.buildWrappedServer(
+      server,
+      monitor,
+      identity,
+      covenant,
+      operatorKeyPair,
+      {}
+    );
+  }
+  /**
+   * Internal method to build the wrapped server proxy from all
+   * the initialized components.
+   */
+  static buildWrappedServer(server, monitor, identity, covenant, operatorKeyPair, options) {
+    let totalToolCalls = 0;
+    let hasViolations = false;
+    let violationSeverity;
+    let firstCallTime;
+    let lastReceipt = null;
+    const interceptedHandleToolCall = async (name, args) => {
+      const callStart = Date.now();
+      if (firstCallTime === void 0) {
+        firstCallTime = callStart;
+      }
+      totalToolCalls++;
+      const action = toolAction(name);
+      const resource = toolResource(name, args);
+      const now = timestamp();
+      let permitted = true;
+      let result;
+      try {
+        await monitor.evaluate(action, resource, args);
+      } catch (err) {
+        permitted = false;
+        const severity = extractSeverity(
+          err && typeof err === "object" && "matchedRule" in err ? err.matchedRule : void 0
+        );
+        const constraint = extractConstraint(
+          err && typeof err === "object" && "matchedRule" in err ? err.matchedRule : void 0
+        );
+        hasViolations = true;
+        violationSeverity = severity;
+        if (options.onViolation) {
+          const details = {
+            toolName: name,
+            action,
+            resource,
+            constraint,
+            severity,
+            timestamp: now
+          };
+          options.onViolation(details);
+        }
+        if (options.onToolCall) {
+          const callEnd2 = Date.now();
+          const details = {
+            toolName: name,
+            action,
+            resource,
+            permitted: false,
+            timestamp: now,
+            durationMs: callEnd2 - callStart
+          };
+          options.onToolCall(details);
+        }
+        await updateReceipt(
+          covenant,
+          identity,
+          operatorKeyPair,
+          callStart,
+          hasViolations,
+          violationSeverity,
+          lastReceipt
+        ).then((r) => {
+          lastReceipt = r;
+        });
+        throw err;
+      }
+      if (server.handleToolCall) {
+        result = await server.handleToolCall(name, args);
+      } else {
+        result = void 0;
+      }
+      const callEnd = Date.now();
+      if (options.onToolCall) {
+        const details = {
+          toolName: name,
+          action,
+          resource,
+          permitted: true,
+          timestamp: now,
+          durationMs: callEnd - callStart
+        };
+        options.onToolCall(details);
+      }
+      lastReceipt = await updateReceipt(
+        covenant,
+        identity,
+        operatorKeyPair,
+        callStart,
+        hasViolations,
+        violationSeverity,
+        lastReceipt
+      );
+      return result;
+    };
+    const wrapped = /* @__PURE__ */ Object.create(null);
+    for (const key of Object.keys(server)) {
+      if (key === "handleToolCall") {
+        continue;
+      }
+      wrapped[key] = server[key];
+    }
+    if (server.tools) {
+      wrapped.tools = server.tools;
+    }
+    wrapped.handleToolCall = interceptedHandleToolCall;
+    wrapped.getMonitor = () => monitor;
+    wrapped.getIdentity = () => identity;
+    wrapped.getAuditLog = () => monitor.getAuditLog();
+    wrapped.generateProof = async () => {
+      const auditLog = monitor.getAuditLog();
+      const auditEntries = auditLog.entries.map(
+        (entry) => ({
+          action: entry.action,
+          resource: entry.resource,
+          outcome: entry.outcome,
+          timestamp: entry.timestamp,
+          hash: entry.hash
+        })
+      );
+      return generateComplianceProof({
+        covenantId: covenant.id,
+        constraints: covenant.constraints,
+        auditEntries
+      });
+    };
+    wrapped.getReceipt = () => lastReceipt;
+    wrapped.getCovenant = () => covenant;
+    return wrapped;
+  }
+};
+async function updateReceipt(covenant, identity, operatorKeyPair, callStartTime, hasViolations, violationSeverity, previousReceipt) {
+  const durationMs = Date.now() - callStartTime;
+  let outcome;
+  let breachSeverity;
+  if (hasViolations) {
+    outcome = "breached";
+    breachSeverity = violationSeverity ?? "medium";
+  } else {
+    outcome = "fulfilled";
+  }
+  const proofHash = sha256Object({
+    covenantId: covenant.id,
+    identityId: identity.id,
+    timestamp: timestamp()
+  });
+  const receipt = await createReceipt(
+    covenant.id,
+    identity.id,
+    operatorKeyPair.publicKeyHex,
+    outcome,
+    proofHash,
+    durationMs,
+    operatorKeyPair,
+    previousReceipt?.receiptHash ?? null,
+    breachSeverity
+  );
+  return receipt;
+}
+export {
+  PRESETS,
+  SteleGuard
+};

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "@nobulex/mcp",
+  "version": "0.1.0",
+  "sideEffects": false,
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "module": "dist/index.mjs",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "default": "./dist/index.mjs"
+    }
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format cjs,esm",
+    "bundle": "tsup src/index.ts --format cjs,esm",
+    "dev": "tsup src/index.ts --format cjs,esm --watch",
+    "prepublishOnly": "npm run build"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "@nobulex/crypto": "0.1.0",
+    "@nobulex/ccl": "0.1.0",
+    "@nobulex/core": "0.1.0",
+    "@nobulex/enforcement": "0.1.0",
+    "@nobulex/identity": "0.1.0",
+    "@nobulex/reputation": "0.1.0",
+    "@nobulex/proof": "0.1.0"
+  },
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/agbusiness195/Stele.git",
+    "directory": "packages/mcp"
+  },
+  "keywords": [
+    "stele",
+    "covenant",
+    "ai-accountability"
+  ]
+}