@sanctuary-framework/mcp-server 0.4.0 → 0.4.2

package/dist/cli.cjs

@@ -211,6 +211,7 @@ var init_hashing = __esm({
 });
 var require2 = module$1.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.cjs', document.baseURI).href)));
 var { version: PKG_VERSION } = require2("../package.json");
+var SANCTUARY_VERSION = PKG_VERSION;
 function defaultConfig() {
   return {
     version: PKG_VERSION,
@@ -3641,7 +3642,12 @@ var DEFAULT_POLICY = {
     "context_gate_filter",
     "context_gate_list_policies",
     "l2_hardening_status",
-    "l2_verify_isolation"
+    "l2_verify_isolation",
+    "sovereignty_audit",
+    "shr_gateway_export",
+    "bridge_commit",
+    "bridge_verify",
+    "bridge_attest"
   ],
   approval_channel: DEFAULT_CHANNEL
 };
@@ -3708,6 +3714,10 @@ function parseScalar(value) {
   return value.replace(/^["']|["']$/g, "");
 }
 function validatePolicy(raw) {
+  const userTier3 = raw.tier3_always_allow ?? [];
+  const mergedTier3 = [
+    .../* @__PURE__ */ new Set([...userTier3, ...DEFAULT_POLICY.tier3_always_allow])
+  ];
   return {
     version: raw.version ?? 1,
     tier1_always_approve: raw.tier1_always_approve ?? DEFAULT_POLICY.tier1_always_approve,
@@ -3715,7 +3725,7 @@ function validatePolicy(raw) {
       ...DEFAULT_TIER2,
       ...raw.tier2_anomaly ?? {}
     },
-    tier3_always_allow: raw.tier3_always_allow ?? DEFAULT_POLICY.tier3_always_allow,
+    tier3_always_allow: mergedTier3,
     approval_channel: (() => {
       const merged = {
         ...DEFAULT_CHANNEL,
@@ -3800,6 +3810,11 @@ tier3_always_allow:
   - context_gate_recommend
   - context_gate_filter
   - context_gate_list_policies
+  - sovereignty_audit
+  - shr_gateway_export
+  - bridge_commit
+  - bridge_verify
+  - bridge_attest
 
 # \u2500\u2500\u2500 Approval Channel \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
 # How Sanctuary reaches you when approval is needed.
@@ -4576,8 +4591,6 @@ function generateDashboardHTML(options) {
 }
 
 // src/principal-policy/dashboard.ts
-var require4 = module$1.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.cjs', document.baseURI).href)));
-var { version: PKG_VERSION3 } = require4("../../package.json");
 var SESSION_TTL_MS = 5 * 60 * 1e3;
 var MAX_SESSIONS = 1e3;
 var RATE_LIMIT_WINDOW_MS = 6e4;
@@ -4606,7 +4619,7 @@ var DashboardApprovalChannel = class {
     this.useTLS = !!(config.tls?.cert_path && config.tls?.key_path);
     this.dashboardHTML = generateDashboardHTML({
       timeoutSeconds: config.timeout_seconds,
-      serverVersion: PKG_VERSION3,
+      serverVersion: SANCTUARY_VERSION,
       authToken: this.authToken
     });
     this.sessionCleanupTimer = setInterval(() => this.cleanupSessions(), 6e4);
@@ -5669,6 +5682,11 @@ function generateSHR(identityId, opts) {
   }
   const body = {
     shr_version: "1.0",
+    implementation: {
+      sanctuary_version: config.version,
+      node_version: process.versions.node,
+      generated_by: "sanctuary-mcp-server"
+    },
     instance_id: identity.identity_id,
     generated_at: now.toISOString(),
     expires_at: expiresAt.toISOString(),
@@ -9994,8 +10012,8 @@ async function checkForUpdate(currentVersion) {
   } catch {
   }
 }
-var require5 = module$1.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.cjs', document.baseURI).href)));
-var { version: PKG_VERSION4 } = require5("../package.json");
+var require4 = module$1.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.cjs', document.baseURI).href)));
+var { version: PKG_VERSION3 } = require4("../package.json");
 async function main() {
   const args = process.argv.slice(2);
   let passphrase = process.env.SANCTUARY_PASSPHRASE;
@@ -10008,7 +10026,7 @@ async function main() {
       printHelp();
       process.exit(0);
     } else if (args[i] === "--version" || args[i] === "-v") {
-      console.log(`@sanctuary-framework/mcp-server ${PKG_VERSION4}`);
+      console.log(`@sanctuary-framework/mcp-server ${PKG_VERSION3}`);
       process.exit(0);
     }
   }
@@ -10019,7 +10037,7 @@ async function main() {
     console.error(`Sanctuary MCP Server v${config.version} running (stdio)`);
     console.error(`Storage: ${config.storage_path}`);
     console.error("Tools: all registered");
-    checkForUpdate(PKG_VERSION4);
+    checkForUpdate(PKG_VERSION3);
   } else {
     console.error("HTTP transport not yet implemented. Use stdio.");
     process.exit(1);
@@ -10027,7 +10045,7 @@ async function main() {
 }
 function printHelp() {
   console.log(`
-@sanctuary-framework/mcp-server v${PKG_VERSION4}
+@sanctuary-framework/mcp-server v${PKG_VERSION3}
 
 Sovereignty infrastructure for agents in the agentic economy.