@sanctuary-framework/mcp-server 0.5.9 → 0.5.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +87 -35
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +87 -35
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +184 -35
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +115 -1
- package/dist/index.d.ts +115 -1
- package/dist/index.js +183 -36
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -5693,11 +5693,12 @@ function generateDashboardHTML(options) {
|
|
|
5693
5693
|
// API Updates
|
|
5694
5694
|
async function updateSovereignty() {
|
|
5695
5695
|
const data = await fetchAPI('/api/sovereignty');
|
|
5696
|
-
if (!data) return;
|
|
5696
|
+
if (!data || data.error) return;
|
|
5697
5697
|
|
|
5698
5698
|
apiState.sovereignty = data;
|
|
5699
5699
|
|
|
5700
|
-
|
|
5700
|
+
// API returns { score, overall_level, layers: { l1, l2, l3, l4 }, ... }
|
|
5701
|
+
const score = data.score ?? 0;
|
|
5701
5702
|
const badge = document.getElementById('sovereignty-badge');
|
|
5702
5703
|
const scoreEl = document.getElementById('sovereignty-score');
|
|
5703
5704
|
|
|
@@ -5707,18 +5708,18 @@ function generateDashboardHTML(options) {
|
|
|
5707
5708
|
if (score < 70) badge.classList.add('degraded');
|
|
5708
5709
|
if (score < 40) badge.classList.add('inactive');
|
|
5709
5710
|
|
|
5710
|
-
updateLayerCards(data
|
|
5711
|
+
updateLayerCards(data);
|
|
5711
5712
|
}
|
|
5712
5713
|
|
|
5713
|
-
function updateLayerCards(
|
|
5714
|
-
if (!
|
|
5714
|
+
function updateLayerCards(data) {
|
|
5715
|
+
if (!data || !data.layers) return;
|
|
5715
5716
|
|
|
5716
|
-
const layers =
|
|
5717
|
+
const layers = data.layers;
|
|
5717
5718
|
|
|
5718
|
-
updateLayerCard('l1', layers.l1, layers.l1?.
|
|
5719
|
-
updateLayerCard('l2', layers.l2, layers.l2?.
|
|
5720
|
-
updateLayerCard('l3', layers.l3, layers.l3?.
|
|
5721
|
-
updateLayerCard('l4', layers.l4, layers.l4?.
|
|
5719
|
+
updateLayerCard('l1', layers.l1, layers.l1?.detail || 'AES-256-GCM');
|
|
5720
|
+
updateLayerCard('l2', layers.l2, layers.l2?.detail || 'Process-level');
|
|
5721
|
+
updateLayerCard('l3', layers.l3, layers.l3?.detail || 'Schnorr-Pedersen');
|
|
5722
|
+
updateLayerCard('l4', layers.l4, layers.l4?.detail || 'Weighted');
|
|
5722
5723
|
}
|
|
5723
5724
|
|
|
5724
5725
|
function updateLayerCard(layer, layerData, detail) {
|
|
@@ -5746,14 +5747,16 @@ function generateDashboardHTML(options) {
|
|
|
5746
5747
|
|
|
5747
5748
|
apiState.identity = data;
|
|
5748
5749
|
|
|
5749
|
-
|
|
5750
|
+
// API returns { identities: [...], count, primary_id }
|
|
5751
|
+
// Find the primary identity from the array
|
|
5752
|
+
const primary = (data.identities || []).find(id => id.identity_id === data.primary_id) || {};
|
|
5750
5753
|
document.getElementById('identity-label').textContent = primary.label || '\u2014';
|
|
5751
5754
|
document.getElementById('identity-did').textContent = truncate(primary.did, 24);
|
|
5752
5755
|
document.getElementById('identity-did').title = primary.did || '';
|
|
5753
|
-
document.getElementById('identity-pubkey').textContent = truncate(primary.
|
|
5754
|
-
document.getElementById('identity-pubkey').title = primary.
|
|
5755
|
-
document.getElementById('identity-created').textContent = formatTime(primary.
|
|
5756
|
-
document.getElementById('identity-count').textContent = data.
|
|
5756
|
+
document.getElementById('identity-pubkey').textContent = truncate(primary.public_key, 24);
|
|
5757
|
+
document.getElementById('identity-pubkey').title = primary.public_key || '';
|
|
5758
|
+
document.getElementById('identity-created').textContent = formatTime(primary.created_at);
|
|
5759
|
+
document.getElementById('identity-count').textContent = data.count || '\u2014';
|
|
5757
5760
|
}
|
|
5758
5761
|
|
|
5759
5762
|
async function updateHandshakes() {
|
|
@@ -5762,14 +5765,14 @@ function generateDashboardHTML(options) {
|
|
|
5762
5765
|
|
|
5763
5766
|
apiState.handshakes = data.handshakes || [];
|
|
5764
5767
|
|
|
5765
|
-
document.getElementById('handshake-count').textContent = data.
|
|
5768
|
+
document.getElementById('handshake-count').textContent = data.count || '0';
|
|
5766
5769
|
|
|
5767
5770
|
if (data.handshakes && data.handshakes.length > 0) {
|
|
5768
5771
|
const latest = data.handshakes[0];
|
|
5769
|
-
document.getElementById('handshake-latest').textContent = truncate(latest.
|
|
5770
|
-
document.getElementById('handshake-latest').title = latest.
|
|
5771
|
-
document.getElementById('handshake-tier').textContent = (latest.
|
|
5772
|
-
document.getElementById('handshake-time').textContent = formatTime(latest.
|
|
5772
|
+
document.getElementById('handshake-latest').textContent = truncate(latest.counterparty_id, 20);
|
|
5773
|
+
document.getElementById('handshake-latest').title = latest.counterparty_id || '';
|
|
5774
|
+
document.getElementById('handshake-tier').textContent = (latest.trust_tier || 'Unverified').toUpperCase();
|
|
5775
|
+
document.getElementById('handshake-time').textContent = formatTime(latest.completed_at);
|
|
5773
5776
|
} else {
|
|
5774
5777
|
document.getElementById('handshake-latest').textContent = '\u2014';
|
|
5775
5778
|
document.getElementById('handshake-tier').textContent = 'Unverified';
|
|
@@ -5791,12 +5794,12 @@ function generateDashboardHTML(options) {
|
|
|
5791
5794
|
.map(
|
|
5792
5795
|
(hs) => \`
|
|
5793
5796
|
<div class="table-row">
|
|
5794
|
-
<div class="table-cell strong">\${esc(truncate(hs.
|
|
5795
|
-
<div class="table-cell">\${esc(hs.
|
|
5796
|
-
<div class="table-cell">\${esc(hs.
|
|
5797
|
+
<div class="table-cell strong">\${esc(truncate(hs.counterparty_id, 24))}</div>
|
|
5798
|
+
<div class="table-cell">\${esc(hs.trust_tier || 'Unverified')}</div>
|
|
5799
|
+
<div class="table-cell">\${esc(hs.sovereignty_level || '\u2014')}</div>
|
|
5797
5800
|
<div class="table-cell">\${hs.verified ? 'Yes' : 'No'}</div>
|
|
5798
|
-
<div class="table-cell">\${formatTime(hs.
|
|
5799
|
-
<div class="table-cell">\${formatTime(hs.
|
|
5801
|
+
<div class="table-cell">\${formatTime(hs.completed_at)}</div>
|
|
5802
|
+
<div class="table-cell">\${formatTime(hs.expires_at)}</div>
|
|
5800
5803
|
</div>
|
|
5801
5804
|
\`
|
|
5802
5805
|
)
|
|
@@ -5814,11 +5817,14 @@ function generateDashboardHTML(options) {
|
|
|
5814
5817
|
function renderSHRViewer(shr) {
|
|
5815
5818
|
const viewer = document.getElementById('shr-viewer');
|
|
5816
5819
|
|
|
5817
|
-
if (!shr) {
|
|
5820
|
+
if (!shr || shr.error) {
|
|
5818
5821
|
viewer.innerHTML = '<div class="empty-state">No SHR available</div>';
|
|
5819
5822
|
return;
|
|
5820
5823
|
}
|
|
5821
5824
|
|
|
5825
|
+
// SignedSHR shape: { body: { implementation, instance_id, layers, ... }, signed_by, signature }
|
|
5826
|
+
const body = shr.body || shr;
|
|
5827
|
+
|
|
5822
5828
|
let html = '';
|
|
5823
5829
|
|
|
5824
5830
|
// Implementation
|
|
@@ -5831,15 +5837,15 @@ function generateDashboardHTML(options) {
|
|
|
5831
5837
|
<div class="shr-section-content">
|
|
5832
5838
|
<div class="shr-item">
|
|
5833
5839
|
<div class="shr-key">sanctuary_version:</div>
|
|
5834
|
-
<div class="shr-value">\${esc(
|
|
5840
|
+
<div class="shr-value">\${esc(body.implementation?.sanctuary_version || '\u2014')}</div>
|
|
5835
5841
|
</div>
|
|
5836
5842
|
<div class="shr-item">
|
|
5837
5843
|
<div class="shr-key">node_version:</div>
|
|
5838
|
-
<div class="shr-value">\${esc(
|
|
5844
|
+
<div class="shr-value">\${esc(body.implementation?.node_version || '\u2014')}</div>
|
|
5839
5845
|
</div>
|
|
5840
5846
|
<div class="shr-item">
|
|
5841
5847
|
<div class="shr-key">generated_by:</div>
|
|
5842
|
-
<div class="shr-value">\${esc(
|
|
5848
|
+
<div class="shr-value">\${esc(body.implementation?.generated_by || '\u2014')}</div>
|
|
5843
5849
|
</div>
|
|
5844
5850
|
</div>
|
|
5845
5851
|
</div>
|
|
@@ -5855,22 +5861,22 @@ function generateDashboardHTML(options) {
|
|
|
5855
5861
|
<div class="shr-section-content">
|
|
5856
5862
|
<div class="shr-item">
|
|
5857
5863
|
<div class="shr-key">instance_id:</div>
|
|
5858
|
-
<div class="shr-value">\${esc(truncate(
|
|
5864
|
+
<div class="shr-value">\${esc(truncate(body.instance_id, 20))}</div>
|
|
5859
5865
|
</div>
|
|
5860
5866
|
<div class="shr-item">
|
|
5861
5867
|
<div class="shr-key">generated_at:</div>
|
|
5862
|
-
<div class="shr-value">\${formatTime(
|
|
5868
|
+
<div class="shr-value">\${formatTime(body.generated_at)}</div>
|
|
5863
5869
|
</div>
|
|
5864
5870
|
<div class="shr-item">
|
|
5865
5871
|
<div class="shr-key">expires_at:</div>
|
|
5866
|
-
<div class="shr-value">\${formatTime(
|
|
5872
|
+
<div class="shr-value">\${formatTime(body.expires_at)}</div>
|
|
5867
5873
|
</div>
|
|
5868
5874
|
</div>
|
|
5869
5875
|
</div>
|
|
5870
5876
|
\`;
|
|
5871
5877
|
|
|
5872
5878
|
// Layers
|
|
5873
|
-
if (
|
|
5879
|
+
if (body.layers) {
|
|
5874
5880
|
html += \`<div class="shr-section">
|
|
5875
5881
|
<div class="shr-section-header">
|
|
5876
5882
|
<div class="shr-toggle">\u25BC</div>
|
|
@@ -5879,7 +5885,7 @@ function generateDashboardHTML(options) {
|
|
|
5879
5885
|
<div class="shr-section-content">
|
|
5880
5886
|
\`;
|
|
5881
5887
|
|
|
5882
|
-
for (const [key, layer] of Object.entries(
|
|
5888
|
+
for (const [key, layer] of Object.entries(body.layers)) {
|
|
5883
5889
|
html += \`
|
|
5884
5890
|
<div style="margin-bottom: 12px;">
|
|
5885
5891
|
<div style="color: var(--blue); font-weight: 600; margin-bottom: 4px;">\${esc(key)}</div>
|
|
@@ -11078,11 +11084,57 @@ var TOOL_API_SCOPED = {
|
|
|
11078
11084
|
],
|
|
11079
11085
|
default_action: "redact"
|
|
11080
11086
|
};
|
|
11087
|
+
var REMOTE_INFERENCE_SANITIZE = {
|
|
11088
|
+
id: "remote-inference-sanitize",
|
|
11089
|
+
name: "Remote Inference Sanitization",
|
|
11090
|
+
description: "Maximum privacy for remote/cloud LLM calls. Strips all identity, financial, location, and personal data before passing queries to external models. Inspired by Vitalik Buterin's 2-of-2 sovereignty model.",
|
|
11091
|
+
use_when: "Your local agent needs to call a remote LLM for tasks beyond local model capability (complex coding, deep research) and you want to minimize data leakage to the remote provider. The remote model gets only the task, query, format requirements, and stripped code context.",
|
|
11092
|
+
rules: [
|
|
11093
|
+
{
|
|
11094
|
+
provider: "inference",
|
|
11095
|
+
allow: [
|
|
11096
|
+
"task",
|
|
11097
|
+
"task_description",
|
|
11098
|
+
"current_query",
|
|
11099
|
+
"query",
|
|
11100
|
+
"prompt",
|
|
11101
|
+
"question",
|
|
11102
|
+
"instruction",
|
|
11103
|
+
"output_format",
|
|
11104
|
+
"format",
|
|
11105
|
+
"language",
|
|
11106
|
+
"code_context",
|
|
11107
|
+
// Stripped code snippets for coding tasks
|
|
11108
|
+
"error_message"
|
|
11109
|
+
// For debugging help
|
|
11110
|
+
],
|
|
11111
|
+
redact: [
|
|
11112
|
+
...ALWAYS_REDACT_SECRETS,
|
|
11113
|
+
...PII_PATTERNS,
|
|
11114
|
+
...INTERNAL_STATE_PATTERNS,
|
|
11115
|
+
...HISTORY_PATTERNS,
|
|
11116
|
+
"tool_results",
|
|
11117
|
+
"previous_results",
|
|
11118
|
+
// Additional redactions for remote inference
|
|
11119
|
+
"model_data",
|
|
11120
|
+
"agent_state",
|
|
11121
|
+
"runtime_config",
|
|
11122
|
+
"capabilities",
|
|
11123
|
+
"tool_list"
|
|
11124
|
+
],
|
|
11125
|
+
// Deny patterns — these must NEVER reach the remote model, not even redacted
|
|
11126
|
+
hash: [],
|
|
11127
|
+
summarize: []
|
|
11128
|
+
}
|
|
11129
|
+
],
|
|
11130
|
+
default_action: "deny"
|
|
11131
|
+
};
|
|
11081
11132
|
var TEMPLATES = {
|
|
11082
11133
|
"inference-minimal": INFERENCE_MINIMAL,
|
|
11083
11134
|
"inference-standard": INFERENCE_STANDARD,
|
|
11084
11135
|
"logging-strict": LOGGING_STRICT,
|
|
11085
|
-
"tool-api-scoped": TOOL_API_SCOPED
|
|
11136
|
+
"tool-api-scoped": TOOL_API_SCOPED,
|
|
11137
|
+
"remote-inference-sanitize": REMOTE_INFERENCE_SANITIZE
|
|
11086
11138
|
};
|
|
11087
11139
|
function listTemplateIds() {
|
|
11088
11140
|
return Object.keys(TEMPLATES);
|
|
@@ -12570,6 +12622,101 @@ function createL2HardeningTools(storagePath, auditLog) {
|
|
|
12570
12622
|
// src/index.ts
|
|
12571
12623
|
init_encoding();
|
|
12572
12624
|
|
|
12625
|
+
// src/l2-operational/model-provenance.ts
|
|
12626
|
+
var InMemoryModelProvenanceStore = class {
|
|
12627
|
+
models = /* @__PURE__ */ new Map();
|
|
12628
|
+
primaryModelId = null;
|
|
12629
|
+
declare(provenance) {
|
|
12630
|
+
if (!provenance.model_id) {
|
|
12631
|
+
throw new Error("ModelProvenance requires a model_id");
|
|
12632
|
+
}
|
|
12633
|
+
if (!provenance.model_name) {
|
|
12634
|
+
throw new Error("ModelProvenance requires a model_name");
|
|
12635
|
+
}
|
|
12636
|
+
if (!provenance.provider) {
|
|
12637
|
+
throw new Error("ModelProvenance requires a provider");
|
|
12638
|
+
}
|
|
12639
|
+
this.models.set(provenance.model_id, provenance);
|
|
12640
|
+
if (this.primaryModelId === null) {
|
|
12641
|
+
this.primaryModelId = provenance.model_id;
|
|
12642
|
+
}
|
|
12643
|
+
}
|
|
12644
|
+
get(model_id) {
|
|
12645
|
+
return this.models.get(model_id);
|
|
12646
|
+
}
|
|
12647
|
+
list() {
|
|
12648
|
+
return Array.from(this.models.values());
|
|
12649
|
+
}
|
|
12650
|
+
primary() {
|
|
12651
|
+
if (!this.primaryModelId) return void 0;
|
|
12652
|
+
return this.models.get(this.primaryModelId);
|
|
12653
|
+
}
|
|
12654
|
+
setPrimary(model_id) {
|
|
12655
|
+
if (!this.models.has(model_id)) {
|
|
12656
|
+
throw new Error(`Model ${model_id} not found in store`);
|
|
12657
|
+
}
|
|
12658
|
+
this.primaryModelId = model_id;
|
|
12659
|
+
}
|
|
12660
|
+
};
|
|
12661
|
+
var MODEL_PRESETS = {
|
|
12662
|
+
/**
|
|
12663
|
+
* Claude Opus 4 via Anthropic API (cloud inference, closed weights/source)
|
|
12664
|
+
*/
|
|
12665
|
+
claudeOpus4: () => ({
|
|
12666
|
+
model_id: "claude-opus-4",
|
|
12667
|
+
model_name: "Claude Opus 4",
|
|
12668
|
+
model_version: "4.0",
|
|
12669
|
+
provider: "Anthropic",
|
|
12670
|
+
license: "proprietary",
|
|
12671
|
+
open_weights: false,
|
|
12672
|
+
open_source: false,
|
|
12673
|
+
local_inference: false,
|
|
12674
|
+
declared_at: (/* @__PURE__ */ new Date()).toISOString()
|
|
12675
|
+
}),
|
|
12676
|
+
/**
|
|
12677
|
+
* Qwen 3.5 via local inference (open weights, proprietary training)
|
|
12678
|
+
*/
|
|
12679
|
+
qwen35Local: () => ({
|
|
12680
|
+
model_id: "qwen-3.5-35b",
|
|
12681
|
+
model_name: "Qwen 3.5 35B",
|
|
12682
|
+
model_version: "3.5",
|
|
12683
|
+
provider: "Alibaba Cloud",
|
|
12684
|
+
license: "Apache-2.0",
|
|
12685
|
+
open_weights: true,
|
|
12686
|
+
open_source: false,
|
|
12687
|
+
local_inference: true,
|
|
12688
|
+
declared_at: (/* @__PURE__ */ new Date()).toISOString()
|
|
12689
|
+
}),
|
|
12690
|
+
/**
|
|
12691
|
+
* Llama 3.3 70B via local inference (open weights and code)
|
|
12692
|
+
*/
|
|
12693
|
+
llama33Local: () => ({
|
|
12694
|
+
model_id: "llama-3.3-70b-instruct",
|
|
12695
|
+
model_name: "Llama 3.3 70B Instruct",
|
|
12696
|
+
model_version: "3.3",
|
|
12697
|
+
provider: "Meta",
|
|
12698
|
+
license: "Apache-2.0",
|
|
12699
|
+
open_weights: true,
|
|
12700
|
+
open_source: true,
|
|
12701
|
+
local_inference: true,
|
|
12702
|
+
declared_at: (/* @__PURE__ */ new Date()).toISOString()
|
|
12703
|
+
}),
|
|
12704
|
+
/**
|
|
12705
|
+
* Mistral 7B (open weights, open code, local inference)
|
|
12706
|
+
*/
|
|
12707
|
+
mistral7bLocal: () => ({
|
|
12708
|
+
model_id: "mistral-7b-instruct",
|
|
12709
|
+
model_name: "Mistral 7B Instruct",
|
|
12710
|
+
model_version: "7",
|
|
12711
|
+
provider: "Mistral AI",
|
|
12712
|
+
license: "Apache-2.0",
|
|
12713
|
+
open_weights: true,
|
|
12714
|
+
open_source: true,
|
|
12715
|
+
local_inference: true,
|
|
12716
|
+
declared_at: (/* @__PURE__ */ new Date()).toISOString()
|
|
12717
|
+
})
|
|
12718
|
+
};
|
|
12719
|
+
|
|
12573
12720
|
// src/storage/memory.ts
|
|
12574
12721
|
var MemoryStorage = class {
|
|
12575
12722
|
store = /* @__PURE__ */ new Map();
|
|
@@ -13104,7 +13251,9 @@ exports.ContextGatePolicyStore = ContextGatePolicyStore;
|
|
|
13104
13251
|
exports.DashboardApprovalChannel = DashboardApprovalChannel;
|
|
13105
13252
|
exports.FederationRegistry = FederationRegistry;
|
|
13106
13253
|
exports.FilesystemStorage = FilesystemStorage;
|
|
13254
|
+
exports.InMemoryModelProvenanceStore = InMemoryModelProvenanceStore;
|
|
13107
13255
|
exports.InjectionDetector = InjectionDetector;
|
|
13256
|
+
exports.MODEL_PRESETS = MODEL_PRESETS;
|
|
13108
13257
|
exports.MemoryStorage = MemoryStorage;
|
|
13109
13258
|
exports.PolicyStore = PolicyStore;
|
|
13110
13259
|
exports.ReputationStore = ReputationStore;
|