@sanctuary-framework/mcp-server 0.5.10 → 0.5.12

package/dist/index.cjs

@@ -1278,9 +1278,13 @@ var IdentityManager = class {
   get encryptionKey() {
     return derivePurposeKey(this.masterKey, "identity-encryption");
   }
-  /** Load identities from storage on startup */
+  /** Load identities from storage on startup.
+   *  Returns { total: number of encrypted files found, loaded: number successfully decrypted }.
+   *  A mismatch (total > 0, loaded === 0) indicates a wrong master key / missing passphrase.
+   */
   async load() {
     const entries = await this.storage.list("_identities");
+    let failed = 0;
     for (const entry of entries) {
       const raw = await this.storage.read("_identities", entry.key);
       if (!raw) continue;
@@ -1293,8 +1297,10 @@ var IdentityManager = class {
           this.primaryIdentityId = identity.identity_id;
         }
       } catch {
+        failed++;
       }
     }
+    return { total: entries.length, loaded: this.identities.size, failed };
   }
   /** Save an identity to storage */
   async save(identity) {
@@ -11084,11 +11090,57 @@ var TOOL_API_SCOPED = {
   ],
   default_action: "redact"
 };
+var REMOTE_INFERENCE_SANITIZE = {
+  id: "remote-inference-sanitize",
+  name: "Remote Inference Sanitization",
+  description: "Maximum privacy for remote/cloud LLM calls. Strips all identity, financial, location, and personal data before passing queries to external models. Inspired by Vitalik Buterin's 2-of-2 sovereignty model.",
+  use_when: "Your local agent needs to call a remote LLM for tasks beyond local model capability (complex coding, deep research) and you want to minimize data leakage to the remote provider. The remote model gets only the task, query, format requirements, and stripped code context.",
+  rules: [
+    {
+      provider: "inference",
+      allow: [
+        "task",
+        "task_description",
+        "current_query",
+        "query",
+        "prompt",
+        "question",
+        "instruction",
+        "output_format",
+        "format",
+        "language",
+        "code_context",
+        // Stripped code snippets for coding tasks
+        "error_message"
+        // For debugging help
+      ],
+      redact: [
+        ...ALWAYS_REDACT_SECRETS,
+        ...PII_PATTERNS,
+        ...INTERNAL_STATE_PATTERNS,
+        ...HISTORY_PATTERNS,
+        "tool_results",
+        "previous_results",
+        // Additional redactions for remote inference
+        "model_data",
+        "agent_state",
+        "runtime_config",
+        "capabilities",
+        "tool_list"
+      ],
+      // Deny patterns — these must NEVER reach the remote model, not even redacted
+      hash: [],
+      summarize: []
+    }
+  ],
+  default_action: "deny"
+};
 var TEMPLATES = {
   "inference-minimal": INFERENCE_MINIMAL,
   "inference-standard": INFERENCE_STANDARD,
   "logging-strict": LOGGING_STRICT,
-  "tool-api-scoped": TOOL_API_SCOPED
+  "tool-api-scoped": TOOL_API_SCOPED,
+  "remote-inference-sanitize": REMOTE_INFERENCE_SANITIZE
 };
 function listTemplateIds() {
   return Object.keys(TEMPLATES);
@@ -12576,6 +12628,101 @@ function createL2HardeningTools(storagePath, auditLog) {
 // src/index.ts
 init_encoding();
 
+// src/l2-operational/model-provenance.ts
+var InMemoryModelProvenanceStore = class {
+  models = /* @__PURE__ */ new Map();
+  primaryModelId = null;
+  declare(provenance) {
+    if (!provenance.model_id) {
+      throw new Error("ModelProvenance requires a model_id");
+    }
+    if (!provenance.model_name) {
+      throw new Error("ModelProvenance requires a model_name");
+    }
+    if (!provenance.provider) {
+      throw new Error("ModelProvenance requires a provider");
+    }
+    this.models.set(provenance.model_id, provenance);
+    if (this.primaryModelId === null) {
+      this.primaryModelId = provenance.model_id;
+    }
+  }
+  get(model_id) {
+    return this.models.get(model_id);
+  }
+  list() {
+    return Array.from(this.models.values());
+  }
+  primary() {
+    if (!this.primaryModelId) return void 0;
+    return this.models.get(this.primaryModelId);
+  }
+  setPrimary(model_id) {
+    if (!this.models.has(model_id)) {
+      throw new Error(`Model ${model_id} not found in store`);
+    }
+    this.primaryModelId = model_id;
+  }
+};
+var MODEL_PRESETS = {
+  /**
+   * Claude Opus 4 via Anthropic API (cloud inference, closed weights/source)
+   */
+  claudeOpus4: () => ({
+    model_id: "claude-opus-4",
+    model_name: "Claude Opus 4",
+    model_version: "4.0",
+    provider: "Anthropic",
+    license: "proprietary",
+    open_weights: false,
+    open_source: false,
+    local_inference: false,
+    declared_at: (/* @__PURE__ */ new Date()).toISOString()
+  }),
+  /**
+   * Qwen 3.5 via local inference (open weights, proprietary training)
+   */
+  qwen35Local: () => ({
+    model_id: "qwen-3.5-35b",
+    model_name: "Qwen 3.5 35B",
+    model_version: "3.5",
+    provider: "Alibaba Cloud",
+    license: "Apache-2.0",
+    open_weights: true,
+    open_source: false,
+    local_inference: true,
+    declared_at: (/* @__PURE__ */ new Date()).toISOString()
+  }),
+  /**
+   * Llama 3.3 70B via local inference (open weights and code)
+   */
+  llama33Local: () => ({
+    model_id: "llama-3.3-70b-instruct",
+    model_name: "Llama 3.3 70B Instruct",
+    model_version: "3.3",
+    provider: "Meta",
+    license: "Apache-2.0",
+    open_weights: true,
+    open_source: true,
+    local_inference: true,
+    declared_at: (/* @__PURE__ */ new Date()).toISOString()
+  }),
+  /**
+   * Mistral 7B (open weights, open code, local inference)
+   */
+  mistral7bLocal: () => ({
+    model_id: "mistral-7b-instruct",
+    model_name: "Mistral 7B Instruct",
+    model_version: "7",
+    provider: "Mistral AI",
+    license: "Apache-2.0",
+    open_weights: true,
+    open_source: true,
+    local_inference: true,
+    declared_at: (/* @__PURE__ */ new Date()).toISOString()
+  })
+};
+
 // src/storage/memory.ts
 var MemoryStorage = class {
   store = /* @__PURE__ */ new Map();
@@ -12725,7 +12872,29 @@ async function createSanctuaryServer(options) {
     keyProtection,
     auditLog
   );
-  await identityManager.load();
+  const loadResult = await identityManager.load();
+  if (loadResult.total > 0 && loadResult.loaded === 0) {
+    console.error(
+      `
+\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557
+\u2551  \u26A0  WARNING: Encrypted identities found but NONE loaded     \u2551
+\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563
+\u2551  ${loadResult.total} encrypted identity file(s) found on disk              \u2551
+\u2551  0 could be decrypted with the current master key            \u2551
+\u2551                                                              \u2551
+\u2551  This usually means SANCTUARY_PASSPHRASE is missing or       \u2551
+\u2551  incorrect. The server will start but with NO identity data. \u2551
+\u2551                                                              \u2551
+\u2551  To fix: set SANCTUARY_PASSPHRASE to the passphrase used     \u2551
+\u2551  when this Sanctuary instance was first configured.          \u2551
+\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
+`
+    );
+  } else if (loadResult.failed > 0) {
+    console.error(
+      `Warning: ${loadResult.failed} of ${loadResult.total} identity files could not be decrypted (possibly corrupted).`
+    );
+  }
   const l2Tools = [
     {
       name: "sanctuary/exec_attest",
@@ -13110,7 +13279,9 @@ exports.ContextGatePolicyStore = ContextGatePolicyStore;
 exports.DashboardApprovalChannel = DashboardApprovalChannel;
 exports.FederationRegistry = FederationRegistry;
 exports.FilesystemStorage = FilesystemStorage;
+exports.InMemoryModelProvenanceStore = InMemoryModelProvenanceStore;
 exports.InjectionDetector = InjectionDetector;
+exports.MODEL_PRESETS = MODEL_PRESETS;
 exports.MemoryStorage = MemoryStorage;
 exports.PolicyStore = PolicyStore;
 exports.ReputationStore = ReputationStore;