@sanctuary-framework/mcp-server 0.5.13 → 0.5.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +671 -6
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +671 -6
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +650 -5
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +117 -1
- package/dist/index.d.ts +117 -1
- package/dist/index.js +648 -6
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -2004,6 +2004,118 @@ declare class ContextGateEnforcer {
|
|
|
2004
2004
|
resetStats(): void;
|
|
2005
2005
|
}
|
|
2006
2006
|
|
|
2007
|
+
/**
|
|
2008
|
+
* Sanctuary MCP Server — Sovereignty Profile
|
|
2009
|
+
*
|
|
2010
|
+
* Encrypted store for the sovereignty profile configuration.
|
|
2011
|
+
* Controls which Sanctuary features are active and how they behave.
|
|
2012
|
+
*
|
|
2013
|
+
* The profile is stored encrypted in a reserved namespace (_sovereignty_profile)
|
|
2014
|
+
* using AES-256-GCM with HKDF domain separation, following the same pattern
|
|
2015
|
+
* as ContextGatePolicyStore.
|
|
2016
|
+
*
|
|
2017
|
+
* Security invariants:
|
|
2018
|
+
* - Profile is stored in a reserved namespace (underscore-prefixed)
|
|
2019
|
+
* - L1 state tools cannot read or write reserved namespaces
|
|
2020
|
+
* - Profile changes only come through dedicated profile tools (Tier 1)
|
|
2021
|
+
* or the dashboard
|
|
2022
|
+
* - All changes are audit-logged
|
|
2023
|
+
*/
|
|
2024
|
+
|
|
2025
|
+
interface SovereigntyProfile {
|
|
2026
|
+
version: 1;
|
|
2027
|
+
features: {
|
|
2028
|
+
audit_logging: {
|
|
2029
|
+
enabled: boolean;
|
|
2030
|
+
};
|
|
2031
|
+
injection_detection: {
|
|
2032
|
+
enabled: boolean;
|
|
2033
|
+
sensitivity?: "low" | "medium" | "high";
|
|
2034
|
+
};
|
|
2035
|
+
context_gating: {
|
|
2036
|
+
enabled: boolean;
|
|
2037
|
+
policy_id?: string;
|
|
2038
|
+
};
|
|
2039
|
+
approval_gate: {
|
|
2040
|
+
enabled: boolean;
|
|
2041
|
+
};
|
|
2042
|
+
zk_proofs: {
|
|
2043
|
+
enabled: boolean;
|
|
2044
|
+
};
|
|
2045
|
+
};
|
|
2046
|
+
updated_at: string;
|
|
2047
|
+
}
|
|
2048
|
+
/** Partial feature update — all fields optional */
|
|
2049
|
+
interface SovereigntyProfileUpdate {
|
|
2050
|
+
audit_logging?: {
|
|
2051
|
+
enabled?: boolean;
|
|
2052
|
+
};
|
|
2053
|
+
injection_detection?: {
|
|
2054
|
+
enabled?: boolean;
|
|
2055
|
+
sensitivity?: "low" | "medium" | "high";
|
|
2056
|
+
};
|
|
2057
|
+
context_gating?: {
|
|
2058
|
+
enabled?: boolean;
|
|
2059
|
+
policy_id?: string;
|
|
2060
|
+
};
|
|
2061
|
+
approval_gate?: {
|
|
2062
|
+
enabled?: boolean;
|
|
2063
|
+
};
|
|
2064
|
+
zk_proofs?: {
|
|
2065
|
+
enabled?: boolean;
|
|
2066
|
+
};
|
|
2067
|
+
}
|
|
2068
|
+
declare function createDefaultProfile(): SovereigntyProfile;
|
|
2069
|
+
/**
|
|
2070
|
+
* Sovereignty profile store — encrypted under L1 sovereignty.
|
|
2071
|
+
*
|
|
2072
|
+
* Stores the active sovereignty profile in a reserved namespace.
|
|
2073
|
+
* On first load, creates the default profile automatically.
|
|
2074
|
+
*/
|
|
2075
|
+
declare class SovereigntyProfileStore {
|
|
2076
|
+
private storage;
|
|
2077
|
+
private encryptionKey;
|
|
2078
|
+
private profile;
|
|
2079
|
+
constructor(storage: StorageBackend, masterKey: Uint8Array);
|
|
2080
|
+
/**
|
|
2081
|
+
* Load the active sovereignty profile from encrypted storage.
|
|
2082
|
+
* Creates the default profile on first run.
|
|
2083
|
+
*/
|
|
2084
|
+
load(): Promise<SovereigntyProfile>;
|
|
2085
|
+
/**
|
|
2086
|
+
* Get the current profile. Must call load() first.
|
|
2087
|
+
*/
|
|
2088
|
+
get(): SovereigntyProfile;
|
|
2089
|
+
/**
|
|
2090
|
+
* Apply a partial update to the profile.
|
|
2091
|
+
* Returns the updated profile.
|
|
2092
|
+
*/
|
|
2093
|
+
update(updates: SovereigntyProfileUpdate): Promise<SovereigntyProfile>;
|
|
2094
|
+
/**
|
|
2095
|
+
* Persist the current profile to encrypted storage.
|
|
2096
|
+
*/
|
|
2097
|
+
private persist;
|
|
2098
|
+
}
|
|
2099
|
+
|
|
2100
|
+
/**
|
|
2101
|
+
* Sanctuary MCP Server — System Prompt Generator
|
|
2102
|
+
*
|
|
2103
|
+
* Pure function that takes a SovereigntyProfile and generates a concise
|
|
2104
|
+
* system prompt snippet (< 500 tokens) instructing the agent on which
|
|
2105
|
+
* Sanctuary features are active and how to use them.
|
|
2106
|
+
*
|
|
2107
|
+
* The prompt is generic (not harness-specific) and intended to be pasted
|
|
2108
|
+
* into any agent's system configuration.
|
|
2109
|
+
*/
|
|
2110
|
+
|
|
2111
|
+
/**
|
|
2112
|
+
* Generate a system prompt snippet from the active sovereignty profile.
|
|
2113
|
+
*
|
|
2114
|
+
* The output is a concise, copy-pasteable text block that instructs the
|
|
2115
|
+
* agent on which Sanctuary features are active and how to interact with them.
|
|
2116
|
+
*/
|
|
2117
|
+
declare function generateSystemPrompt(profile: SovereigntyProfile): string;
|
|
2118
|
+
|
|
2007
2119
|
/**
|
|
2008
2120
|
* Sanctuary MCP Server — In-Memory Storage Backend
|
|
2009
2121
|
*
|
|
@@ -2171,6 +2283,7 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
|
|
|
2171
2283
|
private handshakeResults;
|
|
2172
2284
|
private shrOpts;
|
|
2173
2285
|
private _sanctuaryConfig;
|
|
2286
|
+
private profileStore;
|
|
2174
2287
|
private dashboardHTML;
|
|
2175
2288
|
private loginHTML;
|
|
2176
2289
|
private authToken;
|
|
@@ -2197,6 +2310,7 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
|
|
|
2197
2310
|
handshakeResults?: Map<string, HandshakeResult>;
|
|
2198
2311
|
shrOpts?: SHRGeneratorOptions;
|
|
2199
2312
|
sanctuaryConfig?: SanctuaryConfig;
|
|
2313
|
+
profileStore?: SovereigntyProfileStore;
|
|
2200
2314
|
}): void;
|
|
2201
2315
|
/**
|
|
2202
2316
|
* Mark this dashboard as running in standalone mode.
|
|
@@ -2284,6 +2398,8 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
|
|
|
2284
2398
|
private handleIdentity;
|
|
2285
2399
|
private handleHandshakes;
|
|
2286
2400
|
private handleSHR;
|
|
2401
|
+
private handleSovereigntyProfileGet;
|
|
2402
|
+
private handleSovereigntyProfileUpdate;
|
|
2287
2403
|
broadcastSSE(event: string, data: unknown): void;
|
|
2288
2404
|
/**
|
|
2289
2405
|
* Broadcast an audit entry to connected dashboards.
|
|
@@ -2794,4 +2910,4 @@ declare function createSanctuaryServer(options?: {
|
|
|
2794
2910
|
storage?: StorageBackend;
|
|
2795
2911
|
}): Promise<SanctuaryServer>;
|
|
2796
2912
|
|
|
2797
|
-
export { ATTESTATION_VERSION, ApprovalGate, type AttestationBody, type AttestationVerificationResult, AuditLog, AutoApproveChannel, BaselineTracker, type BridgeAttestationRequest, type BridgeAttestationResult, type BridgeCommitment, type BridgeVerificationResult, TEMPLATES as CONTEXT_GATE_TEMPLATES, CallbackApprovalChannel, CommitmentStore, type ConcordiaOutcome, type ContextAction, type ContextFilterResult, ContextGateEnforcer, type ContextGatePolicy, ContextGatePolicyStore, type ContextGateRule, type ContextGateTemplate, DashboardApprovalChannel, type DashboardConfig, type DetectionResult, type EnforcerConfig, type FederationCapabilities, type FederationPeer, FederationRegistry, type FieldClassification, type FieldFilterResult, FilesystemStorage, type GateResult, type HandshakeChallenge, type HandshakeCompletion, type HandshakeResponse, type HandshakeResult, InMemoryModelProvenanceStore, InjectionDetector, type InjectionDetectorConfig, type InjectionSignal, MODEL_PRESETS, MemoryStorage, type ModelProvenance, type ModelProvenanceStore, type PedersenCommitment, type PeerTrustEvaluation, type PolicyRecommendation, PolicyStore, type PrincipalPolicy, type ProviderCategory, ReputationStore, type SHRBody, type SHRGeneratorOptions, type SHRVerificationResult, type SanctuaryConfig, type SanctuaryServer, type SignedAttestation, type SignedSHR, type SovereigntyTier, StateStore, StderrApprovalChannel, TIER_WEIGHTS, type TierMetadata, type TieredAttestation, WebhookApprovalChannel, type WebhookCallbackPayload, type WebhookConfig, type WebhookPayload, type ZKProofOfKnowledge, type ZKRangeProof, canonicalize, classifyField, completeHandshake, computeWeightedScore, createBridgeCommitment, createPedersenCommitment, createProofOfKnowledge, createRangeProof, createSanctuaryServer, evaluateField, filterContext, generateAttestation, generateSHR, getTemplate, initiateHandshake, listTemplateIds, loadConfig, loadPrincipalPolicy, recommendPolicy, resolveTier, respondToHandshake, signPayload, tierDistribution, verifyAttestation, verifyBridgeCommitment, verifyCompletion, verifyPedersenCommitment, verifyProofOfKnowledge, verifyRangeProof, verifySHR, verifySignature };
|
|
2913
|
+
export { ATTESTATION_VERSION, ApprovalGate, type AttestationBody, type AttestationVerificationResult, AuditLog, AutoApproveChannel, BaselineTracker, type BridgeAttestationRequest, type BridgeAttestationResult, type BridgeCommitment, type BridgeVerificationResult, TEMPLATES as CONTEXT_GATE_TEMPLATES, CallbackApprovalChannel, CommitmentStore, type ConcordiaOutcome, type ContextAction, type ContextFilterResult, ContextGateEnforcer, type ContextGatePolicy, ContextGatePolicyStore, type ContextGateRule, type ContextGateTemplate, DashboardApprovalChannel, type DashboardConfig, type DetectionResult, type EnforcerConfig, type FederationCapabilities, type FederationPeer, FederationRegistry, type FieldClassification, type FieldFilterResult, FilesystemStorage, type GateResult, type HandshakeChallenge, type HandshakeCompletion, type HandshakeResponse, type HandshakeResult, InMemoryModelProvenanceStore, InjectionDetector, type InjectionDetectorConfig, type InjectionSignal, MODEL_PRESETS, MemoryStorage, type ModelProvenance, type ModelProvenanceStore, type PedersenCommitment, type PeerTrustEvaluation, type PolicyRecommendation, PolicyStore, type PrincipalPolicy, type ProviderCategory, ReputationStore, type SHRBody, type SHRGeneratorOptions, type SHRVerificationResult, type SanctuaryConfig, type SanctuaryServer, type SignedAttestation, type SignedSHR, type SovereigntyProfile, SovereigntyProfileStore, type SovereigntyProfileUpdate, type SovereigntyTier, StateStore, StderrApprovalChannel, TIER_WEIGHTS, type TierMetadata, type TieredAttestation, WebhookApprovalChannel, type WebhookCallbackPayload, type WebhookConfig, type WebhookPayload, type ZKProofOfKnowledge, type ZKRangeProof, canonicalize, classifyField, completeHandshake, computeWeightedScore, createBridgeCommitment, createDefaultProfile, createPedersenCommitment, createProofOfKnowledge, createRangeProof, createSanctuaryServer, evaluateField, filterContext, generateAttestation, generateSHR, generateSystemPrompt, getTemplate, initiateHandshake, listTemplateIds, loadConfig, loadPrincipalPolicy, recommendPolicy, resolveTier, respondToHandshake, signPayload, tierDistribution, verifyAttestation, verifyBridgeCommitment, verifyCompletion, verifyPedersenCommitment, verifyProofOfKnowledge, verifyRangeProof, verifySHR, verifySignature };
|
package/dist/index.d.ts
CHANGED
|
@@ -2004,6 +2004,118 @@ declare class ContextGateEnforcer {
|
|
|
2004
2004
|
resetStats(): void;
|
|
2005
2005
|
}
|
|
2006
2006
|
|
|
2007
|
+
/**
|
|
2008
|
+
* Sanctuary MCP Server — Sovereignty Profile
|
|
2009
|
+
*
|
|
2010
|
+
* Encrypted store for the sovereignty profile configuration.
|
|
2011
|
+
* Controls which Sanctuary features are active and how they behave.
|
|
2012
|
+
*
|
|
2013
|
+
* The profile is stored encrypted in a reserved namespace (_sovereignty_profile)
|
|
2014
|
+
* using AES-256-GCM with HKDF domain separation, following the same pattern
|
|
2015
|
+
* as ContextGatePolicyStore.
|
|
2016
|
+
*
|
|
2017
|
+
* Security invariants:
|
|
2018
|
+
* - Profile is stored in a reserved namespace (underscore-prefixed)
|
|
2019
|
+
* - L1 state tools cannot read or write reserved namespaces
|
|
2020
|
+
* - Profile changes only come through dedicated profile tools (Tier 1)
|
|
2021
|
+
* or the dashboard
|
|
2022
|
+
* - All changes are audit-logged
|
|
2023
|
+
*/
|
|
2024
|
+
|
|
2025
|
+
interface SovereigntyProfile {
|
|
2026
|
+
version: 1;
|
|
2027
|
+
features: {
|
|
2028
|
+
audit_logging: {
|
|
2029
|
+
enabled: boolean;
|
|
2030
|
+
};
|
|
2031
|
+
injection_detection: {
|
|
2032
|
+
enabled: boolean;
|
|
2033
|
+
sensitivity?: "low" | "medium" | "high";
|
|
2034
|
+
};
|
|
2035
|
+
context_gating: {
|
|
2036
|
+
enabled: boolean;
|
|
2037
|
+
policy_id?: string;
|
|
2038
|
+
};
|
|
2039
|
+
approval_gate: {
|
|
2040
|
+
enabled: boolean;
|
|
2041
|
+
};
|
|
2042
|
+
zk_proofs: {
|
|
2043
|
+
enabled: boolean;
|
|
2044
|
+
};
|
|
2045
|
+
};
|
|
2046
|
+
updated_at: string;
|
|
2047
|
+
}
|
|
2048
|
+
/** Partial feature update — all fields optional */
|
|
2049
|
+
interface SovereigntyProfileUpdate {
|
|
2050
|
+
audit_logging?: {
|
|
2051
|
+
enabled?: boolean;
|
|
2052
|
+
};
|
|
2053
|
+
injection_detection?: {
|
|
2054
|
+
enabled?: boolean;
|
|
2055
|
+
sensitivity?: "low" | "medium" | "high";
|
|
2056
|
+
};
|
|
2057
|
+
context_gating?: {
|
|
2058
|
+
enabled?: boolean;
|
|
2059
|
+
policy_id?: string;
|
|
2060
|
+
};
|
|
2061
|
+
approval_gate?: {
|
|
2062
|
+
enabled?: boolean;
|
|
2063
|
+
};
|
|
2064
|
+
zk_proofs?: {
|
|
2065
|
+
enabled?: boolean;
|
|
2066
|
+
};
|
|
2067
|
+
}
|
|
2068
|
+
declare function createDefaultProfile(): SovereigntyProfile;
|
|
2069
|
+
/**
|
|
2070
|
+
* Sovereignty profile store — encrypted under L1 sovereignty.
|
|
2071
|
+
*
|
|
2072
|
+
* Stores the active sovereignty profile in a reserved namespace.
|
|
2073
|
+
* On first load, creates the default profile automatically.
|
|
2074
|
+
*/
|
|
2075
|
+
declare class SovereigntyProfileStore {
|
|
2076
|
+
private storage;
|
|
2077
|
+
private encryptionKey;
|
|
2078
|
+
private profile;
|
|
2079
|
+
constructor(storage: StorageBackend, masterKey: Uint8Array);
|
|
2080
|
+
/**
|
|
2081
|
+
* Load the active sovereignty profile from encrypted storage.
|
|
2082
|
+
* Creates the default profile on first run.
|
|
2083
|
+
*/
|
|
2084
|
+
load(): Promise<SovereigntyProfile>;
|
|
2085
|
+
/**
|
|
2086
|
+
* Get the current profile. Must call load() first.
|
|
2087
|
+
*/
|
|
2088
|
+
get(): SovereigntyProfile;
|
|
2089
|
+
/**
|
|
2090
|
+
* Apply a partial update to the profile.
|
|
2091
|
+
* Returns the updated profile.
|
|
2092
|
+
*/
|
|
2093
|
+
update(updates: SovereigntyProfileUpdate): Promise<SovereigntyProfile>;
|
|
2094
|
+
/**
|
|
2095
|
+
* Persist the current profile to encrypted storage.
|
|
2096
|
+
*/
|
|
2097
|
+
private persist;
|
|
2098
|
+
}
|
|
2099
|
+
|
|
2100
|
+
/**
|
|
2101
|
+
* Sanctuary MCP Server — System Prompt Generator
|
|
2102
|
+
*
|
|
2103
|
+
* Pure function that takes a SovereigntyProfile and generates a concise
|
|
2104
|
+
* system prompt snippet (< 500 tokens) instructing the agent on which
|
|
2105
|
+
* Sanctuary features are active and how to use them.
|
|
2106
|
+
*
|
|
2107
|
+
* The prompt is generic (not harness-specific) and intended to be pasted
|
|
2108
|
+
* into any agent's system configuration.
|
|
2109
|
+
*/
|
|
2110
|
+
|
|
2111
|
+
/**
|
|
2112
|
+
* Generate a system prompt snippet from the active sovereignty profile.
|
|
2113
|
+
*
|
|
2114
|
+
* The output is a concise, copy-pasteable text block that instructs the
|
|
2115
|
+
* agent on which Sanctuary features are active and how to interact with them.
|
|
2116
|
+
*/
|
|
2117
|
+
declare function generateSystemPrompt(profile: SovereigntyProfile): string;
|
|
2118
|
+
|
|
2007
2119
|
/**
|
|
2008
2120
|
* Sanctuary MCP Server — In-Memory Storage Backend
|
|
2009
2121
|
*
|
|
@@ -2171,6 +2283,7 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
|
|
|
2171
2283
|
private handshakeResults;
|
|
2172
2284
|
private shrOpts;
|
|
2173
2285
|
private _sanctuaryConfig;
|
|
2286
|
+
private profileStore;
|
|
2174
2287
|
private dashboardHTML;
|
|
2175
2288
|
private loginHTML;
|
|
2176
2289
|
private authToken;
|
|
@@ -2197,6 +2310,7 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
|
|
|
2197
2310
|
handshakeResults?: Map<string, HandshakeResult>;
|
|
2198
2311
|
shrOpts?: SHRGeneratorOptions;
|
|
2199
2312
|
sanctuaryConfig?: SanctuaryConfig;
|
|
2313
|
+
profileStore?: SovereigntyProfileStore;
|
|
2200
2314
|
}): void;
|
|
2201
2315
|
/**
|
|
2202
2316
|
* Mark this dashboard as running in standalone mode.
|
|
@@ -2284,6 +2398,8 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
|
|
|
2284
2398
|
private handleIdentity;
|
|
2285
2399
|
private handleHandshakes;
|
|
2286
2400
|
private handleSHR;
|
|
2401
|
+
private handleSovereigntyProfileGet;
|
|
2402
|
+
private handleSovereigntyProfileUpdate;
|
|
2287
2403
|
broadcastSSE(event: string, data: unknown): void;
|
|
2288
2404
|
/**
|
|
2289
2405
|
* Broadcast an audit entry to connected dashboards.
|
|
@@ -2794,4 +2910,4 @@ declare function createSanctuaryServer(options?: {
|
|
|
2794
2910
|
storage?: StorageBackend;
|
|
2795
2911
|
}): Promise<SanctuaryServer>;
|
|
2796
2912
|
|
|
2797
|
-
export { ATTESTATION_VERSION, ApprovalGate, type AttestationBody, type AttestationVerificationResult, AuditLog, AutoApproveChannel, BaselineTracker, type BridgeAttestationRequest, type BridgeAttestationResult, type BridgeCommitment, type BridgeVerificationResult, TEMPLATES as CONTEXT_GATE_TEMPLATES, CallbackApprovalChannel, CommitmentStore, type ConcordiaOutcome, type ContextAction, type ContextFilterResult, ContextGateEnforcer, type ContextGatePolicy, ContextGatePolicyStore, type ContextGateRule, type ContextGateTemplate, DashboardApprovalChannel, type DashboardConfig, type DetectionResult, type EnforcerConfig, type FederationCapabilities, type FederationPeer, FederationRegistry, type FieldClassification, type FieldFilterResult, FilesystemStorage, type GateResult, type HandshakeChallenge, type HandshakeCompletion, type HandshakeResponse, type HandshakeResult, InMemoryModelProvenanceStore, InjectionDetector, type InjectionDetectorConfig, type InjectionSignal, MODEL_PRESETS, MemoryStorage, type ModelProvenance, type ModelProvenanceStore, type PedersenCommitment, type PeerTrustEvaluation, type PolicyRecommendation, PolicyStore, type PrincipalPolicy, type ProviderCategory, ReputationStore, type SHRBody, type SHRGeneratorOptions, type SHRVerificationResult, type SanctuaryConfig, type SanctuaryServer, type SignedAttestation, type SignedSHR, type SovereigntyTier, StateStore, StderrApprovalChannel, TIER_WEIGHTS, type TierMetadata, type TieredAttestation, WebhookApprovalChannel, type WebhookCallbackPayload, type WebhookConfig, type WebhookPayload, type ZKProofOfKnowledge, type ZKRangeProof, canonicalize, classifyField, completeHandshake, computeWeightedScore, createBridgeCommitment, createPedersenCommitment, createProofOfKnowledge, createRangeProof, createSanctuaryServer, evaluateField, filterContext, generateAttestation, generateSHR, getTemplate, initiateHandshake, listTemplateIds, loadConfig, loadPrincipalPolicy, recommendPolicy, resolveTier, respondToHandshake, signPayload, tierDistribution, verifyAttestation, verifyBridgeCommitment, verifyCompletion, verifyPedersenCommitment, verifyProofOfKnowledge, verifyRangeProof, verifySHR, verifySignature };
|
|
2913
|
+
export { ATTESTATION_VERSION, ApprovalGate, type AttestationBody, type AttestationVerificationResult, AuditLog, AutoApproveChannel, BaselineTracker, type BridgeAttestationRequest, type BridgeAttestationResult, type BridgeCommitment, type BridgeVerificationResult, TEMPLATES as CONTEXT_GATE_TEMPLATES, CallbackApprovalChannel, CommitmentStore, type ConcordiaOutcome, type ContextAction, type ContextFilterResult, ContextGateEnforcer, type ContextGatePolicy, ContextGatePolicyStore, type ContextGateRule, type ContextGateTemplate, DashboardApprovalChannel, type DashboardConfig, type DetectionResult, type EnforcerConfig, type FederationCapabilities, type FederationPeer, FederationRegistry, type FieldClassification, type FieldFilterResult, FilesystemStorage, type GateResult, type HandshakeChallenge, type HandshakeCompletion, type HandshakeResponse, type HandshakeResult, InMemoryModelProvenanceStore, InjectionDetector, type InjectionDetectorConfig, type InjectionSignal, MODEL_PRESETS, MemoryStorage, type ModelProvenance, type ModelProvenanceStore, type PedersenCommitment, type PeerTrustEvaluation, type PolicyRecommendation, PolicyStore, type PrincipalPolicy, type ProviderCategory, ReputationStore, type SHRBody, type SHRGeneratorOptions, type SHRVerificationResult, type SanctuaryConfig, type SanctuaryServer, type SignedAttestation, type SignedSHR, type SovereigntyProfile, SovereigntyProfileStore, type SovereigntyProfileUpdate, type SovereigntyTier, StateStore, StderrApprovalChannel, TIER_WEIGHTS, type TierMetadata, type TieredAttestation, WebhookApprovalChannel, type WebhookCallbackPayload, type WebhookConfig, type WebhookPayload, type ZKProofOfKnowledge, type ZKRangeProof, canonicalize, classifyField, completeHandshake, computeWeightedScore, createBridgeCommitment, createDefaultProfile, createPedersenCommitment, createProofOfKnowledge, createRangeProof, createSanctuaryServer, evaluateField, filterContext, generateAttestation, generateSHR, generateSystemPrompt, getTemplate, initiateHandshake, listTemplateIds, loadConfig, loadPrincipalPolicy, recommendPolicy, resolveTier, respondToHandshake, signPayload, tierDistribution, verifyAttestation, verifyBridgeCommitment, verifyCompletion, verifyPedersenCommitment, verifyProofOfKnowledge, verifyRangeProof, verifySHR, verifySignature };
|