npm - @saihm/mcp-server-pro - Versions diffs - 0.1.1 → 0.1.2 - Mend

@saihm/mcp-server-pro 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/client.d.ts CHANGED Viewed

@@ -60,6 +60,11 @@ export interface ShareGrant {
     scope?: 'read' | 'write' | 'readwrite';
     expiryEpoch?: bigint | null;
 }
+export interface SharedReadGrant {
+    sharerPinnedAgentIdHashHex: string;
+    sharerRecord: WireIdentityRecord;
+    cellId: string;
+}
 export interface SaihmProClientOpts {
     tier?: string;
     seqStatePath?: string;
@@ -88,6 +93,7 @@ export declare class SaihmProClient {
     status(): Promise<StatusSnapshot>;
     share(grant: ShareGrant): Promise<ShareResult>;
     revokeShare(cellId: string, recipientHex: string): Promise<RevokeResult>;
+    recallShared(grant: SharedReadGrant): Promise<RecalledCell | null>;
     governancePropose(args: {
         scope: 'emission_param' | 'protocol_upgrade';
         paramKey: string | null;

package/dist/client.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { randomBytes } from 'node:crypto';
 import { mkdirSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
 import { dirname } from 'node:path';
-import { deriveIdentity, sealCell, openCell, shareCell, encodeEnvelope, decodeEnvelope, encodeShareEnvelope, encodeIdentityRecord, decodeIdentityRecord, fromHex, toHex, utf8, fromUtf8, ctEqual, SeqHighWaterMark, } from '@saihm/client-pro';
+import { deriveIdentity, sealCell, openCell, shareCell, decodeShareEnvelope, unwrapSharedDek, verifyShareSig, openCellWithDek, verifyEnvelope, verifyIdentityRecord, encodeEnvelope, decodeEnvelope, encodeShareEnvelope, encodeIdentityRecord, decodeIdentityRecord, fromHex, toHex, utf8, fromUtf8, ctEqual, SeqHighWaterMark, } from '@saihm/client-pro';
 const REQUEST_TIMEOUT_MS = 30_000;
 const MAX_RESPONSE_BYTES = 16 * 1024 * 1024;
 const MAX_SEQ = (1n << 64n) - 1n;
@@ -378,6 +378,83 @@ export class SaihmProClient {
     async revokeShare(cellId, recipientHex) {
         return this.call('saihm_revoke_share', { cellId, recipient: recipientHex });
     }
+    async recallShared(grant) {
+        let sharerRecord;
+        let sharerPinned;
+        try {
+            sharerRecord = decodeIdentityRecord(grant.sharerRecord);
+            sharerPinned = fromHex(grant.sharerPinnedAgentIdHashHex);
+        }
+        catch {
+            throw new SaihmEndpointError(0, 'bad_sharer', 'sharer identity record or pinned agentIdHash is malformed');
+        }
+        verifyIdentityRecord(sharerRecord, sharerPinned);
+        const sharerHex = toHex(sharerPinned);
+        const r = await this.call('saihm_recall', { sharer: sharerHex, cellId: grant.cellId });
+        if (typeof r !== 'object' || r === null || Array.isArray(r)) {
+            throw new SaihmEndpointError(502, 'malformed_response', 'endpoint returned a malformed shared-recall response');
+        }
+        const res = r;
+        if (!res.found || !res.wire || !res.contentWire)
+            return null;
+        let share;
+        try {
+            share = decodeShareEnvelope(res.wire);
+        }
+        catch {
+            throw new SaihmEndpointError(502, 'malformed_share', `endpoint returned a malformed share envelope for cell '${grant.cellId}'`);
+        }
+        if (!ctEqual(share.recipientAgentIdHash, this.identity.agentIdHash)) {
+            throw new SaihmEndpointError(502, 'foreign_share', 'endpoint returned a share addressed to a different recipient');
+        }
+        if (!ctEqual(share.sharerAgentIdHash, sharerPinned) || share.cellId !== grant.cellId) {
+            throw new SaihmEndpointError(502, 'share_mismatch', `endpoint returned a share for the wrong sharer/cell`);
+        }
+        if (!verifyShareSig(share, sharerRecord.mldsaPubKey)) {
+            throw new SaihmEndpointError(502, 'bad_share_sig', 'share envelope signature does not verify against the pinned sharer key');
+        }
+        let dek;
+        try {
+            dek = unwrapSharedDek({
+                share,
+                recipientAgentIdHash: this.identity.agentIdHash,
+                sharerPinnedMldsaPubKey: sharerRecord.mldsaPubKey,
+                recipientMlkemSecretKey: this.identity.mlkemSecretKey,
+            });
+        }
+        catch {
+            throw new SaihmEndpointError(502, 'undecryptable_share', `share DEK for cell '${grant.cellId}' could not be unwrapped with this identity`);
+        }
+        try {
+            let env;
+            try {
+                env = decodeEnvelope(res.contentWire);
+            }
+            catch {
+                throw new SaihmEndpointError(502, 'malformed_envelope', `endpoint returned a malformed content envelope for cell '${grant.cellId}'`);
+            }
+            if (!ctEqual(env.agentIdHash, sharerPinned)) {
+                throw new SaihmEndpointError(502, 'foreign_envelope', 'shared content envelope is not signed by the pinned sharer');
+            }
+            if (env.cellId !== grant.cellId) {
+                throw new SaihmEndpointError(502, 'cell_mismatch', `endpoint returned cell '${env.cellId}' for requested '${grant.cellId}'`);
+            }
+            if (!verifyEnvelope(env)) {
+                throw new SaihmEndpointError(502, 'unverified_envelope', `shared content envelope for cell '${grant.cellId}' failed verification`);
+            }
+            let plaintext;
+            try {
+                plaintext = fromUtf8(openCellWithDek(env, dek));
+            }
+            catch {
+                throw new SaihmEndpointError(502, 'undecryptable', `shared cell '${grant.cellId}' could not be opened with the unwrapped DEK`);
+            }
+            return { cellId: env.cellId, plaintext, seq: env.seq.toString(10), commitmentHash: toHex(env.publicMeta.commitmentHash) };
+        }
+        finally {
+            dek.fill(0);
+        }
+    }
     async governancePropose(args) {
         await this.call('saihm_governance_propose', args);
         throw new SaihmEndpointError(403, 'governance_unavailable', 'governance unavailable');

package/dist/index.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
 export { SaihmProClient, SaihmEndpointError } from './client.js';
-export type { RememberResult, RecalledCell, ForgetResult, StatusSnapshot, ShareResult, RevokeResult, RememberOpts, ShareGrant, SaihmProClientOpts, } from './client.js';
+export { KeySubstitutionError } from '@saihm/client-pro';
+export type { RememberResult, RecalledCell, ForgetResult, StatusSnapshot, ShareResult, RevokeResult, RememberOpts, ShareGrant, SharedReadGrant, SaihmProClientOpts, } from './client.js';

package/dist/index.js CHANGED Viewed

	@@ -1 +1,2 @@
1 1	export { SaihmProClient, SaihmEndpointError } from './client.js';
2	+ export { KeySubstitutionError } from '@saihm/client-pro';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@saihm/mcp-server-pro",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "SAIHM production thin-client. Seals client-side via @saihm/client-pro (ML-DSA-65 identity, per-cell AES-256-GCM DEK wrapped under a client KEK, ML-KEM-768 authenticated sharing) and POSTs opaque ciphertext to the blind, non-custodial SAIHM /mcp endpoint. The master secret, KEK, and plaintext never leave this process. Apache-2.0.",
   "type": "module",
   "main": "dist/index.js",