@saihm/mcp-server-pro 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -1
- package/package.json +5 -1
package/README.md
CHANGED
|
@@ -51,6 +51,16 @@ await saihm.share({
|
|
|
51
51
|
});
|
|
52
52
|
await saihm.revokeShare(cellId, recipientPinnedAgentIdHashHex);
|
|
53
53
|
|
|
54
|
+
// Read a cell another agent shared TO you (the recipient side of `share`). Pin the
|
|
55
|
+
// sharer's agentIdHash out-of-band; the library verifies the sharer's signature and
|
|
56
|
+
// returns null when there is no live grant (e.g. revoked, or the sharer crypto-shredded it).
|
|
57
|
+
const shared = await saihm.recallShared({
|
|
58
|
+
sharerPinnedAgentIdHashHex, // the sharer's agentIdHash, pinned out-of-band
|
|
59
|
+
sharerRecord, // the sharer's published identity record (hex)
|
|
60
|
+
cellId,
|
|
61
|
+
});
|
|
62
|
+
console.log(shared?.plaintext);
|
|
63
|
+
|
|
54
64
|
// Operator-observable metadata only (no plaintext).
|
|
55
65
|
const status = await saihm.status();
|
|
56
66
|
```
|
|
@@ -79,7 +89,7 @@ Non-2xx responses throw `SaihmEndpointError` with `status` and a typed `code` (e
|
|
|
79
89
|
| Integrity / authenticity | Every cell is ML-DSA-65-signed over its contents, including the sequence number. |
|
|
80
90
|
| Anti-replay | The signed monotonic sequence is rejected by the endpoint if not strictly increasing. |
|
|
81
91
|
| Tenant isolation | Your `agentIdHash` (= the JWT `sub`) namespaces your state; a write whose signed identity differs from the JWT is rejected. |
|
|
82
|
-
| Authenticated sharing | Grantee public keys are pinned out-of-band and verified before any secret is bound to them. |
|
|
92
|
+
| Authenticated sharing | Grantee public keys are pinned out-of-band and verified before any secret is bound to them; on the recipient side, `recallShared` pins the sharer's key and verifies the cell signature before returning any plaintext. |
|
|
83
93
|
| Erasure | Destroying the endpoint-side wrapped DEK crypto-shreds the cell. |
|
|
84
94
|
|
|
85
95
|
## Where sealed cells are stored
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@saihm/mcp-server-pro",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.3",
|
|
4
4
|
"description": "SAIHM production thin-client. Seals client-side via @saihm/client-pro (ML-DSA-65 identity, per-cell AES-256-GCM DEK wrapped under a client KEK, ML-KEM-768 authenticated sharing) and POSTs opaque ciphertext to the blind, non-custodial SAIHM /mcp endpoint. The master secret, KEK, and plaintext never leave this process. Apache-2.0.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -37,6 +37,10 @@
|
|
|
37
37
|
"license": "Apache-2.0",
|
|
38
38
|
"author": "SAIHM",
|
|
39
39
|
"homepage": "https://saihm.coti.global",
|
|
40
|
+
"repository": {
|
|
41
|
+
"type": "git",
|
|
42
|
+
"url": "git+https://github.com/SAIHM-Admin/saihm-mcp-server-pro.git"
|
|
43
|
+
},
|
|
40
44
|
"engines": {
|
|
41
45
|
"node": ">=20"
|
|
42
46
|
},
|