@tenova/swt3-ai 0.5.1 → 0.5.3

package/dist/exporters/chain-monitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain-monitor.d.ts","sourceRoot":"","sources":["../../src/exporters/chain-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExD,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,SAAS,oBAAoB,EAAE,CAAC;IAC7C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAQD,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE;QACR,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,MAAM,CAAC;QACvB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,UAAU,EAAE,oBAAoB,EAAE,CAAC;CACpC;AAED,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,OAAO,CAAsB;gBAEzB,OAAO,GAAE,mBAAwB;IAI7C,OAAO,CAAC,OAAO;IAmBf,WAAW,IAAI,WAAW;IAuC1B,UAAU,IAAI,MAAM;IAIpB,UAAU,IAAI,MAAM;CAiGrB"}

package/dist/exporters/chain-monitor.js

@@ -0,0 +1,172 @@
+/**
+ * SWT3 AI Witness SDK -- Exploit Chain Monitor Exporter.
+ *
+ * Reads WAL entries and chain enforcer violation history to produce
+ * forensic timelines for incident response and auditor review.
+ *
+ * Usage:
+ *   swt3 audit --format html
+ *   swt3 audit --format json --wal-path /tmp/swt3-wal
+ */
+import { readFileSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+export class ChainMonitorExporter {
+    options;
+    constructor(options = {}) {
+        this.options = options;
+    }
+    readWal() {
+        const dir = this.options.walDir ?? join(tmpdir(), "swt3-wal");
+        const tenantId = this.options.tenantId ?? "UNKNOWN";
+        const safe = tenantId.replace(/[^a-zA-Z0-9_-]/g, "_");
+        const walPath = join(dir, `${safe}.wal`);
+        if (!existsSync(walPath))
+            return [];
+        const raw = readFileSync(walPath, "utf-8");
+        const entries = [];
+        for (const line of raw.split("\n")) {
+            if (!line.trim())
+                continue;
+            try {
+                entries.push(JSON.parse(line));
+            }
+            catch { /* skip corrupted lines */ }
+        }
+        return entries;
+    }
+    buildReport() {
+        const entries = this.readWal();
+        const violations = [...(this.options.violations ?? [])];
+        const timeline = entries.map((e) => {
+            const p = e.payload;
+            const isChainEnforcer = p.provider === "chain-enforcer";
+            return {
+                seq: e.seq,
+                timestamp: p.fingerprint_timestamp_ms ?? 0,
+                fingerprint: e.fingerprint,
+                procedureId: p.procedure_id ?? "unknown",
+                toolName: p.ai_model_id ?? undefined,
+                modelId: isChainEnforcer ? undefined : p.ai_model_id ?? undefined,
+                tokens: (p.ai_input_tokens ?? 0) + (p.ai_output_tokens ?? 0) || undefined,
+                isViolation: isChainEnforcer,
+                violationReason: isChainEnforcer ? "Chain policy violation" : undefined,
+            };
+        });
+        timeline.sort((a, b) => a.timestamp - b.timestamp);
+        return {
+            metadata: {
+                generatedAt: new Date().toISOString(),
+                sdkVersion: "0.5.3",
+                tenantId: this.options.tenantId ?? "UNKNOWN",
+                agentId: this.options.agentId ?? "UNKNOWN",
+                modelId: this.options.modelId ?? "UNKNOWN",
+                clearingLevel: this.options.clearingLevel ?? 1,
+                entryCount: timeline.length,
+                violationCount: violations.length + timeline.filter((t) => t.isViolation).length,
+                merkleRoot: this.options.merkleRoot,
+            },
+            timeline,
+            violations,
+        };
+    }
+    exportJson() {
+        return JSON.stringify(this.buildReport(), null, 2);
+    }
+    exportHtml() {
+        const report = this.buildReport();
+        const m = report.metadata;
+        const ts = m.generatedAt.replace("T", " ").slice(0, 19);
+        const timelineRows = report.timeline.map((t) => {
+            const time = t.timestamp ? new Date(t.timestamp).toISOString().slice(11, 23) : "--";
+            const status = t.isViolation
+                ? '<span style="color:#EF4444">VIOLATION</span>'
+                : '<span style="color:#4ADE80">OK</span>';
+            const tool = t.toolName ? escapeHtml(t.toolName) : "--";
+            const tokens = t.tokens ? String(t.tokens) : "--";
+            const reason = t.violationReason ? `<br><span style="color:#EF4444;font-size:.75rem">${escapeHtml(t.violationReason)}</span>` : "";
+            return `<tr><td>${t.seq}</td><td>${time}</td><td>${escapeHtml(t.procedureId)}</td><td>${tool}</td><td style="font-family:monospace;font-size:.8rem">${escapeHtml(t.fingerprint.slice(0, 12))}</td><td>${tokens}</td><td>${status}${reason}</td></tr>`;
+        }).join("\n");
+        const violationRows = report.violations.map((v) => {
+            const time = v.timestamp ? new Date(v.timestamp).toISOString().slice(11, 23) : "--";
+            return `<tr style="color:#EF4444"><td>${escapeHtml(v.rule)}</td><td>${escapeHtml(v.toolName)}</td><td>${escapeHtml(v.reason)}</td><td>${time}</td><td>${v.action}</td></tr>`;
+        }).join("\n");
+        const merkleSection = m.merkleRoot
+            ? `<h2>Cryptographic Seal</h2><pre>Merkle Root: ${escapeHtml(m.merkleRoot)}</pre>`
+            : "";
+        const watermark = "Self-Signed / Unnotarized";
+        return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width,initial-scale=1.0">
+<title>SWT3 Exploit Chain Monitor</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{background:#070504;color:#E0D9D1;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;padding:2.5rem;line-height:1.6}
+.c{max-width:960px;margin:0 auto}
+h1{color:#E8A87C;font-size:1.5rem;margin-bottom:.25rem}
+h2{color:#E8A87C;font-size:1.1rem;margin:1.5rem 0 .75rem}
+.meta{color:#6B7280;font-size:.8rem;margin-bottom:1.5rem}
+.stats{display:flex;gap:2rem;margin:1rem 0}
+.stat{text-align:center}
+.stat .num{font-size:2rem;font-weight:800}
+.stat .label{font-size:.75rem;color:#6B7280;text-transform:uppercase;letter-spacing:.1em}
+.pass{color:#4ADE80}
+.fail{color:#EF4444}
+table{width:100%;border-collapse:collapse;margin:.75rem 0;font-size:.85rem}
+th{text-align:left;padding:.5rem .75rem;color:#E8A87C;border-bottom:1px solid #222;font-size:.7rem;text-transform:uppercase;letter-spacing:.1em}
+td{padding:.5rem .75rem;border-bottom:1px solid #151312}
+pre{background:#111;padding:1rem;border-radius:8px;overflow-x:auto;font-size:.8rem;color:#9CA3AF;margin:.75rem 0;border:1px solid #222}
+.sep{border:none;border-top:1px solid #222;margin:1.5rem 0}
+.watermark{color:#6B7280;font-size:.75rem;margin-top:2.5rem;padding-top:1.5rem;border-top:1px solid #222;text-align:center}
+.watermark .badge{display:inline-block;padding:.25rem .75rem;border:1px solid #FBBF24;color:#FBBF24;border-radius:4px;font-size:.7rem;font-weight:600;letter-spacing:.05em;margin-bottom:.5rem}
+</style>
+</head>
+<body>
+<div class="c">
+<h1>SWT3 Exploit Chain Monitor</h1>
+<p class="meta">Generated ${ts} UTC | SWT3 SDK v${escapeHtml(m.sdkVersion)} | Clearing Level ${m.clearingLevel}</p>
+
+<div class="stats">
+<div class="stat"><div class="num pass">${m.entryCount}</div><div class="label">Events</div></div>
+<div class="stat"><div class="num ${m.violationCount > 0 ? "fail" : "pass"}">${m.violationCount}</div><div class="label">Violations</div></div>
+</div>
+
+<h2>Session</h2>
+<table>
+<tr><td style="color:#6B7280">Tenant</td><td>${escapeHtml(m.tenantId)}</td></tr>
+<tr><td style="color:#6B7280">Agent</td><td>${escapeHtml(m.agentId)}</td></tr>
+<tr><td style="color:#6B7280">Model</td><td>${escapeHtml(m.modelId)}</td></tr>
+</table>
+
+<h2>Timeline</h2>
+${report.timeline.length > 0 ? `<table>
+<tr><th>#</th><th>Time</th><th>Procedure</th><th>Tool</th><th>Fingerprint</th><th>Tokens</th><th>Status</th></tr>
+${timelineRows}
+</table>` : '<p style="color:#6B7280">No WAL entries found.</p>'}
+
+${report.violations.length > 0 ? `<hr class="sep">
+<h2>Chain Density Violations</h2>
+<table>
+<tr><th>Rule</th><th>Tool</th><th>Reason</th><th>Time</th><th>Action</th></tr>
+${violationRows}
+</table>` : ""}
+
+${merkleSection}
+
+<div class="watermark">
+<div class="badge">${watermark}</div>
+<p>SWT3 Protocol | Patent Pending | Apache 2.0</p>
+<p>TeNova: Defining the AI Accountability Standard.</p>
+<p style="margin-top:.5rem">This report was generated locally. No data was transmitted to external services.</p>
+</div>
+</div>
+</body>
+</html>`;
+    }
+}
+function escapeHtml(str) {
+    return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+//# sourceMappingURL=chain-monitor.js.map

package/dist/exporters/chain-monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain-monitor.js","sourceRoot":"","sources":["../../src/exporters/chain-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AA+CjC,MAAM,OAAO,oBAAoB;IACvB,OAAO,CAAsB;IAErC,YAAY,UAA+B,EAAE;QAC3C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAEO,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAC;QACpD,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,CAAC;QAEzC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,CAAC;QAEpC,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAe,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAC3B,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,WAAW;QACT,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC;QAExD,MAAM,QAAQ,GAAoB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAClD,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC;YACpB,MAAM,eAAe,GAAG,CAAC,CAAC,QAAQ,KAAK,gBAAgB,CAAC;YACxD,OAAO;gBACL,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,SAAS,EAAG,CAAC,CAAC,wBAAmC,IAAI,CAAC;gBACtD,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,WAAW,EAAG,CAAC,CAAC,YAAuB,IAAI,SAAS;gBACpD,QAAQ,EAAG,CAAC,CAAC,WAAsB,IAAI,SAAS;gBAChD,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAE,CAAC,CAAC,WAAsB,IAAI,SAAS;gBAC7E,MAAM,EAAE,CAAE,CAAC,CAAC,eAA0B,IAAI,CAAC,CAAC,GAAG,CAAE,CAAC,CAAC,gBAA2B,IAAI,CAAC,CAAC,IAAI,SAAS;gBACjG,WAAW,EAAE,eAAe;gBAC5B,eAAe,EAAE,eAAe,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS;aACxE,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;QAEnD,OAAO;YACL,QAAQ,EAAE;gBACR,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,UAAU,EAAE,OAAO;gBACnB,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,SAAS;gBAC5C,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS;gBAC1C,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS;gBAC1C,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,IAAI,CAAC;gBAC9C,UAAU,EAAE,QAAQ,CAAC,MAAM;gBAC3B,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,MAAM;gBAChF,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;aACpC;YACD,QAAQ;YACR,UAAU;SACX,CAAC;IACJ,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,UAAU;QACR,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC1B,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7C,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACpF,MAAM,MAAM,GAAG,CAAC,CAAC,WAAW;gBAC1B,CAAC,CAAC,8CAA8C;gBAChD,CAAC,CAAC,uCAAuC,CAAC;YAC5C,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACxD,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,MAAM,GAAG,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,oDAAoD,UAAU,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;YACnI,OAAO,WAAW,CAAC,CAAC,GAAG,YAAY,IAAI,YAAY,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,YAAY,IAAI,0DAA0D,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,MAAM,YAAY,MAAM,GAAG,MAAM,YAAY,CAAC;QACxP,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAChD,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACpF,OAAO,iCAAiC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,YAAY,CAAC,CAAC,MAAM,YAAY,CAAC;QAC/K,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,MAAM,aAAa,GAAG,CAAC,CAAC,UAAU;YAChC,CAAC,CAAC,gDAAgD,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ;YAClF,CAAC,CAAC,EAAE,CAAC;QAEP,MAAM,SAAS,GAAG,2BAA2B,CAAC;QAE9C,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;4BA+BiB,EAAE,oBAAoB,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC,aAAa;;;0CAGpE,CAAC,CAAC,UAAU;oCAClB,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,cAAc;;;;;+CAKhD,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC;8CACvB,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;8CACrB,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;;;;EAIjE,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;;EAE7B,YAAY;SACL,CAAC,CAAC,CAAC,oDAAoD;;EAE9D,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;;;;EAI/B,aAAa;SACN,CAAC,CAAC,CAAC,EAAE;;EAEZ,aAAa;;;qBAGM,SAAS;;;;;;;QAOtB,CAAC;IACP,CAAC;CACF;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACxG,CAAC"}

package/dist/hardware.d.ts

@@ -0,0 +1,96 @@
+/**
+ * SWT3 AI Witness SDK -- Hardware Discovery (AI-HW.1, AI-HW.3).
+ *
+ * Out-of-band hardware inventory snapshots. Records what GPU hardware
+ * and TPM state were present when the service started.
+ * Does NOT sit in the inference path.
+ *
+ * Data sources:
+ *   - nvidia-smi subprocess for GPU discovery (AI-HW.1)
+ *   - tpm2-tools subprocess for TPM 2.0 attestation (AI-HW.3)
+ *
+ * Security: All hardware identifiers (GPU UUIDs, bus IDs, hostnames,
+ * PCR digests, endorsement keys) are SHA-256 hashed at discovery time.
+ * Raw values never leave this module.
+ */
+export interface GpuInfo {
+    name: string;
+    memoryMb: number;
+    busIdHash: string;
+    uuidHash: string;
+}
+export interface HardwareSnapshot {
+    gpus: GpuInfo[];
+    driverVersion: string;
+    cudaVersion: string;
+    topology: string;
+    interconnect: string;
+    totalMemoryMb: number;
+    hostnameHash: string;
+}
+/** Topology codes for factor_c. */
+export declare const TOPOLOGY_CODES: Record<string, number>;
+/**
+ * Query GPU hardware and return a pre-hashed snapshot.
+ * Returns empty snapshot if no GPUs are detectable.
+ */
+export declare function queryHardware(): HardwareSnapshot;
+/**
+ * Infer cluster topology from GPU count and model names.
+ */
+export declare function detectTopology(gpus: GpuInfo[]): string;
+/**
+ * Detect GPU interconnect type from nvidia-smi topology matrix.
+ */
+export declare function detectInterconnect(): string;
+/**
+ * Convert topology string to factor_c integer code.
+ */
+export declare function topologyCode(topology: string): number;
+/**
+ * Query GPUs via nvidia-smi subprocess. Returns [gpus, driverVersion].
+ */
+export declare function queryNvidiaSmi(): [GpuInfo[], string];
+export interface PcrRegister {
+    index: number;
+    bank: string;
+    digestHash: string;
+}
+export interface TPMSnapshot {
+    available: boolean;
+    manufacturer: string;
+    firmwareVersion: string;
+    pcrs: PcrRegister[];
+    endorsementKeyHash: string;
+    hostnameHash: string;
+}
+/**
+ * Query TPM 2.0 PCR registers and return a pre-hashed snapshot.
+ * Returns empty snapshot if no TPM device or tpm2-tools not installed.
+ */
+export declare function queryTPM(): TPMSnapshot;
+/**
+ * Read TPM PCR registers via tpm2_pcrread. Returns hashed digests.
+ *
+ * Output format:
+ *   sha256:
+ *     0 : 0x<64-hex-chars>
+ *     7 : 0x<64-hex-chars>
+ */
+export declare function queryTPMPcrs(): PcrRegister[];
+/**
+ * Parse tpm2_pcrread output into pre-hashed PcrRegister array.
+ */
+export declare function parseTPMPcrOutput(output: string): PcrRegister[];
+/**
+ * Query TPM manufacturer and firmware via tpm2_getcap.
+ * Returns hashed values. Falls back to empty strings on failure.
+ */
+export declare function queryTPMProperties(): {
+    manufacturer: string;
+    firmwareVersion: string;
+    endorsementKeyHash: string;
+};
+/** SHA-256 hash of the all-zeros PCR value (uninitialized register). */
+export declare const ZERO_PCR_HASH: string;
+//# sourceMappingURL=hardware.d.ts.map

package/dist/hardware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hardware.d.ts","sourceRoot":"","sources":["../src/hardware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAMH,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,EAAE,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,mCAAmC;AACnC,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAYjD,CAAC;AAEF;;;GAGG;AACH,wBAAgB,aAAa,IAAI,gBAAgB,CAiBhD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,MAAM,CAkBtD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CA2B3C;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAErD;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CA8BpD;AAID,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,IAAI,EAAE,WAAW,EAAE,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;CACtB;AAWD;;;GAGG;AACH,wBAAgB,QAAQ,IAAI,WAAW,CActC;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,IAAI,WAAW,EAAE,CAW5C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,EAAE,CAwB/D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAgCA;AAED,wEAAwE;AACxE,eAAO,MAAM,aAAa,QAAkC,CAAC"}

package/dist/hardware.js

@@ -0,0 +1,265 @@
+/**
+ * SWT3 AI Witness SDK -- Hardware Discovery (AI-HW.1, AI-HW.3).
+ *
+ * Out-of-band hardware inventory snapshots. Records what GPU hardware
+ * and TPM state were present when the service started.
+ * Does NOT sit in the inference path.
+ *
+ * Data sources:
+ *   - nvidia-smi subprocess for GPU discovery (AI-HW.1)
+ *   - tpm2-tools subprocess for TPM 2.0 attestation (AI-HW.3)
+ *
+ * Security: All hardware identifiers (GPU UUIDs, bus IDs, hostnames,
+ * PCR digests, endorsement keys) are SHA-256 hashed at discovery time.
+ * Raw values never leave this module.
+ */
+import { execSync } from "node:child_process";
+import { hostname } from "node:os";
+import { sha256Truncated } from "./fingerprint.js";
+/** Topology codes for factor_c. */
+export const TOPOLOGY_CODES = {
+    single: 0,
+    "multi-gpu": 1,
+    HGX: 1,
+    "DGX-A100": 1,
+    "DGX-H100": 1,
+    "DGX-H200": 1,
+    "DGX-B200": 1,
+    NVL36: 2,
+    NVL72: 2,
+    "multi-node": 2,
+    unknown: 3,
+};
+/**
+ * Query GPU hardware and return a pre-hashed snapshot.
+ * Returns empty snapshot if no GPUs are detectable.
+ */
+export function queryHardware() {
+    const [gpus, driverVersion] = queryNvidiaSmi();
+    const topology = detectTopology(gpus);
+    // Only query interconnect if GPUs were found (avoids unnecessary subprocess)
+    const interconnect = gpus.length > 0 ? detectInterconnect() : "unknown";
+    const totalMemoryMb = gpus.reduce((sum, g) => sum + g.memoryMb, 0);
+    const hostnameHash = sha256Truncated(hostname());
+    return {
+        gpus,
+        driverVersion,
+        cudaVersion: "", // Not available via nvidia-smi CSV
+        topology,
+        interconnect,
+        totalMemoryMb,
+        hostnameHash,
+    };
+}
+/**
+ * Infer cluster topology from GPU count and model names.
+ */
+export function detectTopology(gpus) {
+    const count = gpus.length;
+    if (count === 0)
+        return "unknown";
+    if (count === 1)
+        return "single";
+    const nameStr = gpus.map((g) => g.name.toUpperCase()).join(" ");
+    if (count === 72)
+        return "NVL72";
+    if (count === 36)
+        return "NVL36";
+    if (count === 8) {
+        if (nameStr.includes("B200") || nameStr.includes("BLACKWELL"))
+            return "DGX-B200";
+        if (nameStr.includes("H200"))
+            return "DGX-H200";
+        if (nameStr.includes("H100"))
+            return "DGX-H100";
+        if (nameStr.includes("A100"))
+            return "DGX-A100";
+        return "HGX";
+    }
+    if ([2, 3, 4, 6].includes(count))
+        return "multi-gpu";
+    return "multi-node";
+}
+/**
+ * Detect GPU interconnect type from nvidia-smi topology matrix.
+ */
+export function detectInterconnect() {
+    try {
+        const raw = execSync("nvidia-smi topo -m", {
+            timeout: 5_000,
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        // Parse only GPU data rows (start with "GPU" + digit), skip header/legend
+        const connections = [];
+        for (const line of raw.split("\n")) {
+            const trimmed = line.trim();
+            if (/^GPU\d/.test(trimmed)) {
+                const parts = trimmed.split(/\s+/).slice(1).filter((p) => p !== "X");
+                connections.push(...parts.map((p) => p.toUpperCase()));
+            }
+        }
+        if (connections.length === 0)
+            return "unknown";
+        const joined = connections.join(" ");
+        if (joined.includes("SYS"))
+            return "nvswitch";
+        if (connections.some((c) => /^NV\d/.test(c)))
+            return "nvlink";
+        if (joined.includes("PIX") || joined.includes("PHB") || joined.includes("PXB"))
+            return "pcie";
+        return "unknown";
+    }
+    catch {
+        return "unknown";
+    }
+}
+/**
+ * Convert topology string to factor_c integer code.
+ */
+export function topologyCode(topology) {
+    return TOPOLOGY_CODES[topology] ?? 3;
+}
+/**
+ * Query GPUs via nvidia-smi subprocess. Returns [gpus, driverVersion].
+ */
+export function queryNvidiaSmi() {
+    try {
+        const output = execSync("nvidia-smi --query-gpu=name,memory.total,pci.bus_id,uuid,driver_version --format=csv,noheader,nounits", { timeout: 5_000, encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+        const gpus = [];
+        let driver = "";
+        for (const line of output.trim().split("\n")) {
+            if (!line.trim())
+                continue;
+            const parts = line.split(",").map((p) => p.trim());
+            if (parts.length < 5)
+                continue;
+            const [name, memStr, busId, uuid, drv] = parts;
+            if (!driver)
+                driver = drv;
+            gpus.push({
+                name,
+                memoryMb: Math.round(parseFloat(memStr)) || 0,
+                busIdHash: sha256Truncated(busId),
+                uuidHash: sha256Truncated(uuid),
+            });
+        }
+        return [gpus, driver];
+    }
+    catch {
+        return [[], ""];
+    }
+}
+const EMPTY_TPM = {
+    available: false,
+    manufacturer: "",
+    firmwareVersion: "",
+    pcrs: [],
+    endorsementKeyHash: "",
+    hostnameHash: "",
+};
+/**
+ * Query TPM 2.0 PCR registers and return a pre-hashed snapshot.
+ * Returns empty snapshot if no TPM device or tpm2-tools not installed.
+ */
+export function queryTPM() {
+    const pcrs = queryTPMPcrs();
+    if (pcrs.length === 0)
+        return { ...EMPTY_TPM, hostnameHash: sha256Truncated(hostname()) };
+    const props = queryTPMProperties();
+    return {
+        available: true,
+        manufacturer: props.manufacturer,
+        firmwareVersion: props.firmwareVersion,
+        pcrs,
+        endorsementKeyHash: props.endorsementKeyHash,
+        hostnameHash: sha256Truncated(hostname()),
+    };
+}
+/**
+ * Read TPM PCR registers via tpm2_pcrread. Returns hashed digests.
+ *
+ * Output format:
+ *   sha256:
+ *     0 : 0x<64-hex-chars>
+ *     7 : 0x<64-hex-chars>
+ */
+export function queryTPMPcrs() {
+    try {
+        const output = execSync("tpm2_pcrread sha256:0,1,2,3,4,5,6,7", {
+            timeout: 5_000,
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        return parseTPMPcrOutput(output);
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Parse tpm2_pcrread output into pre-hashed PcrRegister array.
+ */
+export function parseTPMPcrOutput(output) {
+    const pcrs = [];
+    let currentBank = "";
+    for (const line of output.split("\n")) {
+        const trimmed = line.trim();
+        // Bank header: "sha256:" or "sha1:"
+        const bankMatch = trimmed.match(/^(\w+):$/);
+        if (bankMatch) {
+            currentBank = bankMatch[1];
+            continue;
+        }
+        // PCR line: "  0 : 0x3d458c..."
+        const pcrMatch = trimmed.match(/^(\d+)\s*:\s*0x([0-9a-fA-F]+)$/);
+        if (pcrMatch && currentBank) {
+            pcrs.push({
+                index: parseInt(pcrMatch[1], 10),
+                bank: currentBank,
+                digestHash: sha256Truncated(pcrMatch[2]),
+            });
+        }
+    }
+    return pcrs;
+}
+/**
+ * Query TPM manufacturer and firmware via tpm2_getcap.
+ * Returns hashed values. Falls back to empty strings on failure.
+ */
+export function queryTPMProperties() {
+    const result = { manufacturer: "", firmwareVersion: "", endorsementKeyHash: "" };
+    try {
+        const output = execSync("tpm2_getcap properties-fixed", {
+            timeout: 5_000,
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        for (const line of output.split("\n")) {
+            const kv = line.trim();
+            if (kv.startsWith("TPM2_PT_MANUFACTURER:")) {
+                result.manufacturer = sha256Truncated(kv.split(":").slice(1).join(":").trim());
+            }
+            else if (kv.startsWith("TPM2_PT_FIRMWARE_VERSION_1:")) {
+                result.firmwareVersion = sha256Truncated(kv.split(":").slice(1).join(":").trim());
+            }
+        }
+    }
+    catch { /* unavailable */ }
+    // Endorsement key: separate command
+    try {
+        const ekOutput = execSync("tpm2_readpublic -c 0x81010001 -o /dev/null 2>&1 || tpm2_createek -c /dev/null -G rsa -u /dev/stdout 2>/dev/null | head -c 512", {
+            timeout: 5_000,
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        if (ekOutput.trim()) {
+            result.endorsementKeyHash = sha256Truncated(ekOutput.trim());
+        }
+    }
+    catch { /* unavailable */ }
+    return result;
+}
+/** SHA-256 hash of the all-zeros PCR value (uninitialized register). */
+export const ZERO_PCR_HASH = sha256Truncated("0".repeat(64));
+//# sourceMappingURL=hardware.js.map

package/dist/hardware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hardware.js","sourceRoot":"","sources":["../src/hardware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAmBnD,mCAAmC;AACnC,MAAM,CAAC,MAAM,cAAc,GAA2B;IACpD,MAAM,EAAE,CAAC;IACT,WAAW,EAAE,CAAC;IACd,GAAG,EAAE,CAAC;IACN,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,CAAC;IACb,KAAK,EAAE,CAAC;IACR,KAAK,EAAE,CAAC;IACR,YAAY,EAAE,CAAC;IACf,OAAO,EAAE,CAAC;CACX,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,CAAC,IAAI,EAAE,aAAa,CAAC,GAAG,cAAc,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,6EAA6E;IAC7E,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACxE,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IACnE,MAAM,YAAY,GAAG,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEjD,OAAO;QACL,IAAI;QACJ,aAAa;QACb,WAAW,EAAE,EAAE,EAAE,mCAAmC;QACpD,QAAQ;QACR,YAAY;QACZ,aAAa;QACb,YAAY;KACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAe;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC;IAC1B,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAClC,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAEjC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEhE,IAAI,KAAK,KAAK,EAAE;QAAE,OAAO,OAAO,CAAC;IACjC,IAAI,KAAK,KAAK,EAAE;QAAE,OAAO,OAAO,CAAC;IACjC,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,UAAU,CAAC;QACjF,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,UAAU,CAAC;QAChD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,UAAU,CAAC;QAChD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,UAAU,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,WAAW,CAAC;IACrD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,QAAQ,CAAC,oBAAoB,EAAE;YACzC,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,0EAA0E;QAC1E,MAAM,WAAW,GAAa,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;gBACrE,WAAW,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,UAAU,CAAC;QAC9C,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,QAAQ,CAAC;QAC9D,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,MAAM,CAAC;QAC9F,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CACrB,uGAAuG,EACvG,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvE,CAAC;QAEF,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACnD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAE/B,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;YAC/C,IAAI,CAAC,MAAM;gBAAE,MAAM,GAAG,GAAG,CAAC;YAE1B,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI;gBACJ,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;gBAC7C,SAAS,EAAE,eAAe,CAAC,KAAK,CAAC;gBACjC,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAmBD,MAAM,SAAS,GAAgB;IAC7B,SAAS,EAAE,KAAK;IAChB,YAAY,EAAE,EAAE;IAChB,eAAe,EAAE,EAAE;IACnB,IAAI,EAAE,EAAE;IACR,kBAAkB,EAAE,EAAE;IACtB,YAAY,EAAE,EAAE;CACjB,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,QAAQ;IACtB,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;IAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,GAAG,SAAS,EAAE,YAAY,EAAE,eAAe,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;IAE1F,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAC;IAEnC,OAAO;QACL,SAAS,EAAE,IAAI;QACf,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,eAAe,EAAE,KAAK,CAAC,eAAe;QACtC,IAAI;QACJ,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;QAC5C,YAAY,EAAE,eAAe,CAAC,QAAQ,EAAE,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY;IAC1B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,qCAAqC,EAAE;YAC7D,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QACH,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAc;IAC9C,MAAM,IAAI,GAAkB,EAAE,CAAC;IAC/B,IAAI,WAAW,GAAG,EAAE,CAAC;IAErB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,oCAAoC;QACpC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,SAAS,EAAE,CAAC;YACd,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAC3B,SAAS;QACX,CAAC;QACD,gCAAgC;QAChC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACjE,IAAI,QAAQ,IAAI,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,IAAI,CAAC;gBACR,KAAK,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,EAAE,WAAW;gBACjB,UAAU,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;aACzC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB;IAKhC,MAAM,MAAM,GAAG,EAAE,YAAY,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC;IAEjF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,8BAA8B,EAAE;YACtD,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACvB,IAAI,EAAE,CAAC,UAAU,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBAC3C,MAAM,CAAC,YAAY,GAAG,eAAe,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACjF,CAAC;iBAAM,IAAI,EAAE,CAAC,UAAU,CAAC,6BAA6B,CAAC,EAAE,CAAC;gBACxD,MAAM,CAAC,eAAe,GAAG,eAAe,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAE7B,oCAAoC;IACpC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,QAAQ,CAAC,+HAA+H,EAAE;YACzJ,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;YACpB,MAAM,CAAC,kBAAkB,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAE7B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,wEAAwE;AACxE,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC"}

package/dist/index.d.ts

@@ -13,13 +13,29 @@
  *
  *   const client = witness.wrap(new OpenAI()) as OpenAI;
  */
-export { Witness, GatekeeperError } from "./witness.js";
+export { Witness, GatekeeperError, ChainEnforcer, PolicyViolationError } from "./witness.js";
+export { ChainMonitorExporter } from "./exporters/chain-monitor.js";
+export type { ChainMonitorOptions, AuditReport, TimelineEntry } from "./exporters/chain-monitor.js";
 export type { WitnessOptions } from "./witness.js";
-export type { WitnessConfig, WitnessPayload, WitnessReceipt, InferenceRecord, BatchResponse, } from "./types.js";
+export type { WitnessConfig, WitnessPayload, WitnessReceipt, InferenceRecord, BatchResponse, RagChunk, RagContextOptions, ModelWeightInfo, AdapterInfo, SkillInfo, MemorySource, } from "./types.js";
+export { QUANTIZATION_CODES, POLICY_CATEGORIES, BINDING_METHODS, APPROVAL_STATUS, PII_EVENT_TYPES } from "./types.js";
 export { mintFingerprint, sha256Truncated, sha256Hex, timestampMs } from "./fingerprint.js";
 export { extractPayloads, extractGatekeeperPayload, extractRevocationPayload, REVOCATION_REASONS } from "./clearing.js";
 export { signPayload } from "./signing.js";
-export { loadConfig } from "./config.js";
+export { loadConfig, loadFullConfig, computeConfigHash } from "./config.js";
+export type { TrustMeshConfig, HardwareConfig, DensityPolicyConfig, McpPolicyConfig, MerkleConfig, LoadedConfig, ChainRule, ChainPolicyViolation } from "./types.js";
+export { validateSchema } from "./schema.js";
+export type { ValidationResult, ValidationError } from "./schema.js";
+export { WriteAheadLog } from "./wal.js";
+export type { WalOptions } from "./wal.js";
 export { wrapOllama, isOllamaClient } from "./adapters/ollama.js";
 export { wrapVllm } from "./adapters/vllm.js";
+export { queryHardware, detectTopology, topologyCode, TOPOLOGY_CODES, queryTPM, parseTPMPcrOutput, ZERO_PCR_HASH } from "./hardware.js";
+export type { GpuInfo, HardwareSnapshot, TPMSnapshot, PcrRegister } from "./hardware.js";
+export { hashLeaf, hashNode, getMerkleRoot, getMerkleProof, verifyMerkleProof, MerkleAccumulator, } from "./merkle.js";
+export type { MerkleProof, MerkleProofStep, SessionRoot, MerkleAccumulatorOptions } from "./merkle.js";
+export { queryEnvironment, NODE_TYPE_CODES } from "./environment.js";
+export type { EnvironmentSnapshot } from "./environment.js";
+export { TrustRegistry, verifyCredential, evaluateTrustLevel, signCredential, verifyCredentialSignature, buildCredentialMessage, TRUST_DENIED, TRUST_BASIC, TRUST_VERIFIED, TRUST_ATTESTED, TRUST_SOVEREIGN, TRUST_LEVEL_NAMES, } from "./trust.js";
+export type { TrustCredential, TrustResult } from "./trust.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACxD,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnD,YAAY,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,eAAe,EACf,aAAa,GACd,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC5F,OAAO,EAAE,eAAe,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACxH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAC7F,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,YAAY,EAAE,mBAAmB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AACpG,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnD,YAAY,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,eAAe,EACf,aAAa,EACb,QAAQ,EACR,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,SAAS,EACT,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AACtH,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC5F,OAAO,EAAE,eAAe,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACxH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC5E,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,mBAAmB,EAAE,eAAe,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AACrK,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACxI,YAAY,EAAE,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACzF,OAAO,EACL,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,EACpE,iBAAiB,GAClB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,WAAW,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACvG,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,YAAY,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EACL,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,EACnD,cAAc,EAAE,yBAAyB,EAAE,sBAAsB,EACjE,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe,EAC1E,iBAAiB,GAClB,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -13,11 +13,19 @@
  *
  *   const client = witness.wrap(new OpenAI()) as OpenAI;
  */
-export { Witness, GatekeeperError } from "./witness.js";
+export { Witness, GatekeeperError, ChainEnforcer, PolicyViolationError } from "./witness.js";
+export { ChainMonitorExporter } from "./exporters/chain-monitor.js";
+export { QUANTIZATION_CODES, POLICY_CATEGORIES, BINDING_METHODS, APPROVAL_STATUS, PII_EVENT_TYPES } from "./types.js";
 export { mintFingerprint, sha256Truncated, sha256Hex, timestampMs } from "./fingerprint.js";
 export { extractPayloads, extractGatekeeperPayload, extractRevocationPayload, REVOCATION_REASONS } from "./clearing.js";
 export { signPayload } from "./signing.js";
-export { loadConfig } from "./config.js";
+export { loadConfig, loadFullConfig, computeConfigHash } from "./config.js";
+export { validateSchema } from "./schema.js";
+export { WriteAheadLog } from "./wal.js";
 export { wrapOllama, isOllamaClient } from "./adapters/ollama.js";
 export { wrapVllm } from "./adapters/vllm.js";
+export { queryHardware, detectTopology, topologyCode, TOPOLOGY_CODES, queryTPM, parseTPMPcrOutput, ZERO_PCR_HASH } from "./hardware.js";
+export { hashLeaf, hashNode, getMerkleRoot, getMerkleProof, verifyMerkleProof, MerkleAccumulator, } from "./merkle.js";
+export { queryEnvironment, NODE_TYPE_CODES } from "./environment.js";
+export { TrustRegistry, verifyCredential, evaluateTrustLevel, signCredential, verifyCredentialSignature, buildCredentialMessage, TRUST_DENIED, TRUST_BASIC, TRUST_VERIFIED, TRUST_ATTESTED, TRUST_SOVEREIGN, TRUST_LEVEL_NAMES, } from "./trust.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AASxD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC5F,OAAO,EAAE,eAAe,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACxH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAC7F,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAgBpE,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AACtH,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC5F,OAAO,EAAE,eAAe,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACxH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAE5E,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAExI,OAAO,EACL,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,EACpE,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAErE,OAAO,EACL,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,EACnD,cAAc,EAAE,yBAAyB,EAAE,sBAAsB,EACjE,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe,EAC1E,iBAAiB,GAClB,MAAM,YAAY,CAAC"}