@sanctuary-framework/mcp-server 0.5.3 → 0.5.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +5990 -5700
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +5996 -5706
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +7 -37
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +7 -37
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -21,7 +21,7 @@ interface SanctuaryConfig {
|
|
|
21
21
|
};
|
|
22
22
|
};
|
|
23
23
|
disclosure: {
|
|
24
|
-
proof_system: "groth16" | "plonk" | "commitment-only";
|
|
24
|
+
proof_system: "groth16" | "plonk" | "schnorr-pedersen" | "commitment-only";
|
|
25
25
|
default_policy: "minimum-necessary" | "withhold-all";
|
|
26
26
|
};
|
|
27
27
|
reputation: {
|
package/dist/index.d.ts
CHANGED
|
@@ -21,7 +21,7 @@ interface SanctuaryConfig {
|
|
|
21
21
|
};
|
|
22
22
|
};
|
|
23
23
|
disclosure: {
|
|
24
|
-
proof_system: "groth16" | "plonk" | "commitment-only";
|
|
24
|
+
proof_system: "groth16" | "plonk" | "schnorr-pedersen" | "commitment-only";
|
|
25
25
|
default_policy: "minimum-necessary" | "withhold-all";
|
|
26
26
|
};
|
|
27
27
|
reputation: {
|
package/dist/index.js
CHANGED
|
@@ -228,7 +228,7 @@ function defaultConfig() {
|
|
|
228
228
|
}
|
|
229
229
|
},
|
|
230
230
|
disclosure: {
|
|
231
|
-
proof_system: "
|
|
231
|
+
proof_system: "schnorr-pedersen",
|
|
232
232
|
default_policy: "minimum-necessary"
|
|
233
233
|
},
|
|
234
234
|
reputation: {
|
|
@@ -342,7 +342,7 @@ function validateConfig(config) {
|
|
|
342
342
|
`Unimplemented config value: execution.environment = "${config.execution.environment}". Only ${[...implementedEnvironment].map((v) => `"${v}"`).join(", ")} are currently implemented. Using an unimplemented environment would silently degrade security.`
|
|
343
343
|
);
|
|
344
344
|
}
|
|
345
|
-
const implementedProofSystem = /* @__PURE__ */ new Set(["commitment-only"]);
|
|
345
|
+
const implementedProofSystem = /* @__PURE__ */ new Set(["schnorr-pedersen", "commitment-only"]);
|
|
346
346
|
if (!implementedProofSystem.has(config.disclosure.proof_system)) {
|
|
347
347
|
errors.push(
|
|
348
348
|
`Unimplemented config value: disclosure.proof_system = "${config.disclosure.proof_system}". Only ${[...implementedProofSystem].map((v) => `"${v}"`).join(", ")} is currently implemented. Using an unimplemented proof system would silently degrade security.`
|
|
@@ -7428,15 +7428,6 @@ function generateSHR(identityId, opts) {
|
|
|
7428
7428
|
mitigation: "TEE attestation planned for a future release"
|
|
7429
7429
|
});
|
|
7430
7430
|
}
|
|
7431
|
-
if (config.disclosure.proof_system === "commitment-only") {
|
|
7432
|
-
degradations.push({
|
|
7433
|
-
layer: "l3",
|
|
7434
|
-
code: "COMMITMENT_ONLY",
|
|
7435
|
-
severity: "info",
|
|
7436
|
-
description: "Commitment schemes only (no ZK proofs)",
|
|
7437
|
-
mitigation: "ZK proof support planned for future release"
|
|
7438
|
-
});
|
|
7439
|
-
}
|
|
7440
7431
|
const body = {
|
|
7441
7432
|
shr_version: "1.0",
|
|
7442
7433
|
implementation: {
|
|
@@ -7462,9 +7453,9 @@ function generateSHR(identityId, opts) {
|
|
|
7462
7453
|
attestation_available: config.execution.attestation
|
|
7463
7454
|
},
|
|
7464
7455
|
l3: {
|
|
7465
|
-
status:
|
|
7456
|
+
status: "active",
|
|
7466
7457
|
proof_system: config.disclosure.proof_system,
|
|
7467
|
-
selective_disclosure:
|
|
7458
|
+
selective_disclosure: true
|
|
7468
7459
|
},
|
|
7469
7460
|
l4: {
|
|
7470
7461
|
status: "active",
|
|
@@ -7677,7 +7668,7 @@ function extractAuthorizationSignals(body) {
|
|
|
7677
7668
|
behavioral_baseline_active: false,
|
|
7678
7669
|
// Would need explicit field in SHR v1.1
|
|
7679
7670
|
identity_verified: l1.identity_type === "ed25519" || l1.identity_type !== "none",
|
|
7680
|
-
zero_knowledge_capable: l3.status === "active"
|
|
7671
|
+
zero_knowledge_capable: l3.status === "active",
|
|
7681
7672
|
selective_disclosure_active: l3.selective_disclosure,
|
|
7682
7673
|
reputation_portable: l4.reputation_portable,
|
|
7683
7674
|
handshake_capable: body.capabilities.handshake
|
|
@@ -7755,14 +7746,6 @@ function generateAuthorizationConstraints(body, _degradations) {
|
|
|
7755
7746
|
priority: "high"
|
|
7756
7747
|
});
|
|
7757
7748
|
}
|
|
7758
|
-
if (layers.l3.proof_system === "commitment-only") {
|
|
7759
|
-
constraints.push({
|
|
7760
|
-
type: "restricted_scope",
|
|
7761
|
-
description: "No zero-knowledge proofs available \u2014 entire state context may be visible",
|
|
7762
|
-
rationale: "Proof system is commitment-only (no ZK)",
|
|
7763
|
-
priority: "medium"
|
|
7764
|
-
});
|
|
7765
|
-
}
|
|
7766
7749
|
if (layers.l4.status === "degraded") {
|
|
7767
7750
|
constraints.push({
|
|
7768
7751
|
type: "known_agents_only",
|
|
@@ -11890,11 +11873,6 @@ async function createSanctuaryServer(options) {
|
|
|
11890
11873
|
degradations.push(
|
|
11891
11874
|
"L2 isolation is process-level only; no TEE available"
|
|
11892
11875
|
);
|
|
11893
|
-
if (config.disclosure.proof_system === "commitment-only") {
|
|
11894
|
-
degradations.push(
|
|
11895
|
-
"L3 proofs are commitment-based only; ZK proofs not yet available"
|
|
11896
|
-
);
|
|
11897
|
-
}
|
|
11898
11876
|
return toolResult({
|
|
11899
11877
|
attestation: {
|
|
11900
11878
|
environment_type: config.execution.environment,
|
|
@@ -11920,7 +11898,7 @@ async function createSanctuaryServer(options) {
|
|
|
11920
11898
|
l1_state_encrypted: true,
|
|
11921
11899
|
l2_execution_isolated: false,
|
|
11922
11900
|
l2_isolation_type: "process-level",
|
|
11923
|
-
l3_proofs_available:
|
|
11901
|
+
l3_proofs_available: true,
|
|
11924
11902
|
l4_reputation_active: true,
|
|
11925
11903
|
overall_level: "mvs",
|
|
11926
11904
|
degradations
|
|
@@ -11943,14 +11921,6 @@ async function createSanctuaryServer(options) {
|
|
|
11943
11921
|
severity: "warning",
|
|
11944
11922
|
mitigation: "TEE support planned for a future release"
|
|
11945
11923
|
});
|
|
11946
|
-
if (config.disclosure.proof_system === "commitment-only") {
|
|
11947
|
-
degradations.push({
|
|
11948
|
-
layer: "l3",
|
|
11949
|
-
description: "Commitment schemes only (no ZK proofs)",
|
|
11950
|
-
severity: "info",
|
|
11951
|
-
mitigation: "ZK proof support planned for v0.2.0"
|
|
11952
|
-
});
|
|
11953
|
-
}
|
|
11954
11924
|
return toolResult({
|
|
11955
11925
|
status: degradations.some((d) => d.severity === "critical") ? "compromised" : degradations.some((d) => d.severity === "warning") ? "degraded" : "healthy",
|
|
11956
11926
|
storage_bytes: storageSizeBytes,
|
|
@@ -11969,7 +11939,7 @@ async function createSanctuaryServer(options) {
|
|
|
11969
11939
|
last_attestation: (/* @__PURE__ */ new Date()).toISOString()
|
|
11970
11940
|
},
|
|
11971
11941
|
l3: {
|
|
11972
|
-
status:
|
|
11942
|
+
status: "active",
|
|
11973
11943
|
proof_system: config.disclosure.proof_system,
|
|
11974
11944
|
circuits_loaded: 0,
|
|
11975
11945
|
proofs_generated_total: 0
|