@tenova/swt3-ai 0.5.1 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/LICENSE +191 -0
  2. package/README.md +227 -10
  3. package/dist/buffer.d.ts +7 -1
  4. package/dist/buffer.d.ts.map +1 -1
  5. package/dist/buffer.js +38 -3
  6. package/dist/buffer.js.map +1 -1
  7. package/dist/cli.d.ts +13 -0
  8. package/dist/cli.d.ts.map +1 -0
  9. package/dist/cli.js +202 -0
  10. package/dist/cli.js.map +1 -0
  11. package/dist/config.d.ts +18 -5
  12. package/dist/config.d.ts.map +1 -1
  13. package/dist/config.js +346 -42
  14. package/dist/config.js.map +1 -1
  15. package/dist/demo.d.ts +1 -1
  16. package/dist/demo.d.ts.map +1 -1
  17. package/dist/demo.js +88 -4
  18. package/dist/demo.js.map +1 -1
  19. package/dist/doctor.d.ts +20 -0
  20. package/dist/doctor.d.ts.map +1 -0
  21. package/dist/doctor.js +357 -0
  22. package/dist/doctor.js.map +1 -0
  23. package/dist/environment.d.ts +34 -0
  24. package/dist/environment.d.ts.map +1 -0
  25. package/dist/environment.js +99 -0
  26. package/dist/environment.js.map +1 -0
  27. package/dist/exporters/chain-monitor.d.ts +55 -0
  28. package/dist/exporters/chain-monitor.d.ts.map +1 -0
  29. package/dist/exporters/chain-monitor.js +172 -0
  30. package/dist/exporters/chain-monitor.js.map +1 -0
  31. package/dist/hardware.d.ts +96 -0
  32. package/dist/hardware.d.ts.map +1 -0
  33. package/dist/hardware.js +265 -0
  34. package/dist/hardware.js.map +1 -0
  35. package/dist/index.d.ts +19 -3
  36. package/dist/index.d.ts.map +1 -1
  37. package/dist/index.js +10 -2
  38. package/dist/index.js.map +1 -1
  39. package/dist/merkle.d.ts +107 -0
  40. package/dist/merkle.d.ts.map +1 -0
  41. package/dist/merkle.js +226 -0
  42. package/dist/merkle.js.map +1 -0
  43. package/dist/schema.d.ts +18 -0
  44. package/dist/schema.d.ts.map +1 -0
  45. package/dist/schema.js +255 -0
  46. package/dist/schema.js.map +1 -0
  47. package/dist/trust.d.ts +100 -0
  48. package/dist/trust.d.ts.map +1 -0
  49. package/dist/trust.js +222 -0
  50. package/dist/trust.js.map +1 -0
  51. package/dist/types.d.ts +167 -11
  52. package/dist/types.d.ts.map +1 -1
  53. package/dist/types.js +42 -1
  54. package/dist/types.js.map +1 -1
  55. package/dist/wal.d.ts +69 -0
  56. package/dist/wal.d.ts.map +1 -0
  57. package/dist/wal.js +223 -0
  58. package/dist/wal.js.map +1 -0
  59. package/dist/witness.d.ts +293 -1
  60. package/dist/witness.d.ts.map +1 -1
  61. package/dist/witness.js +1234 -5
  62. package/dist/witness.js.map +1 -1
  63. package/package.json +7 -7
  64. package/templates/cost-conscious.yaml +35 -0
  65. package/templates/eu-ai-act-high-risk.yaml +56 -0
  66. package/templates/granite-sovereign.yaml +55 -0
  67. package/templates/minimal.yaml +38 -0
  68. package/templates/mythos-defense.yaml +65 -0
  69. package/templates/nist-ai-rmf.yaml +47 -0
  70. package/templates/owasp-agentic-top10.yaml +50 -0
package/dist/trust.d.ts ADDED
@@ -0,0 +1,100 @@
1
+ /**
2
+ * SWT3 AI Witness SDK -- Agent Trust Mesh (AI-TRUST.1 / AI-TRUST.2).
3
+ *
4
+ * Mutual compliance trust verification between AI agents.
5
+ * Before two agents exchange data, invoke tools, or share context,
6
+ * each verifies the other's SWT3 compliance anchor.
7
+ *
8
+ * Credentials are HMAC-signed to prevent forgery and escalation.
9
+ * Unsigned credentials are capped at TRUST_BASIC.
10
+ *
11
+ * Zero external dependencies. All verification is local (no network calls).
12
+ */
13
+ export declare const TRUST_DENIED = 0;
14
+ export declare const TRUST_BASIC = 1;
15
+ export declare const TRUST_VERIFIED = 2;
16
+ export declare const TRUST_ATTESTED = 3;
17
+ export declare const TRUST_SOVEREIGN = 4;
18
+ export declare const TRUST_LEVEL_NAMES: Record<number, string>;
19
+ export declare const DENIAL_ANCHOR_NOT_FOUND = "anchor_not_found";
20
+ export declare const DENIAL_ANCHOR_EXPIRED = "anchor_expired";
21
+ export declare const DENIAL_ANCHOR_REVOKED = "anchor_revoked";
22
+ export declare const DENIAL_SIGNATURE_MISSING = "signature_missing";
23
+ export declare const DENIAL_TENANT_NOT_TRUSTED = "tenant_not_trusted";
24
+ export declare const DENIAL_DENY_LISTED = "deny_listed";
25
+ export declare const DENIAL_INSUFFICIENT_PROCEDURES = "insufficient_procedures";
26
+ export declare const DENIAL_SIGNATURE_INVALID = "signature_invalid";
27
+ export declare const DENIAL_SIGNATURE_UNVERIFIABLE = "signature_unverifiable";
28
+ export declare const DENIAL_INSUFFICIENT_TRUST_LEVEL = "insufficient_trust_level";
29
+ export declare const DENIAL_TIMESTAMP_FUTURE = "timestamp_future";
30
+ export interface TrustCredential {
31
+ agentId: string;
32
+ tenantId: string;
33
+ anchorFingerprint: string;
34
+ anchorTimestampMs: number;
35
+ isSigned?: boolean;
36
+ procedures?: string[];
37
+ clearingLevel?: number;
38
+ hasHardwareAttestation?: boolean;
39
+ hasGuardrails?: boolean;
40
+ credentialSignature?: string;
41
+ }
42
+ export interface TrustResult {
43
+ granted: boolean;
44
+ trustLevel: number;
45
+ denialReason?: string;
46
+ checksPerformed: number;
47
+ checksPassed: number;
48
+ counterpartAgentId: string;
49
+ counterpartTenantId: string;
50
+ }
51
+ export declare class TrustRegistry {
52
+ private trustedTenants;
53
+ private trustedAgents;
54
+ private deniedAgents;
55
+ private deniedTenants;
56
+ private signingKeys;
57
+ private requiredProcedures;
58
+ private freshnessWindowMs;
59
+ private requireSignature;
60
+ private minTrustLevel;
61
+ trustTenant(tenantId: string): void;
62
+ trustAgent(tenantId: string, agentId: string): void;
63
+ denyAgent(agentId: string): void;
64
+ denyTenant(tenantId: string): void;
65
+ registerSigningKey(agentId: string, key: string): void;
66
+ setRequiredProcedures(procedures: string[]): void;
67
+ setFreshnessWindow(seconds: number): void;
68
+ setRequireSignature(require: boolean): void;
69
+ setMinTrustLevel(level: number): void;
70
+ isAgentDenied(agentId: string): boolean;
71
+ isTenantDenied(tenantId: string): boolean;
72
+ isTenantTrusted(tenantId: string, ownTenantId: string): boolean;
73
+ isAgentTrusted(tenantId: string, agentId: string, ownTenantId: string): boolean;
74
+ /** @internal */
75
+ get _freshnessWindowMs(): number;
76
+ /** @internal */
77
+ get _requireSignature(): boolean;
78
+ /** @internal */
79
+ get _requiredProcedures(): string[];
80
+ /** @internal */
81
+ get _minTrustLevel(): number;
82
+ /** @internal */
83
+ getSigningKey(agentId: string): string | undefined;
84
+ }
85
+ /**
86
+ * Build the deterministic message used for credential signing/verification.
87
+ * Formula is LOCKED for cross-language parity.
88
+ */
89
+ export declare function buildCredentialMessage(credential: TrustCredential): string;
90
+ /**
91
+ * Sign a credential with HMAC-SHA256.
92
+ */
93
+ export declare function signCredential(credential: TrustCredential, signingKey: string): string;
94
+ /**
95
+ * Verify a credential signature against a known signing key.
96
+ */
97
+ export declare function verifyCredentialSignature(credential: TrustCredential, signingKey: string): boolean;
98
+ export declare function evaluateTrustLevel(credential: TrustCredential): number;
99
+ export declare function verifyCredential(credential: TrustCredential, registry: TrustRegistry, ownTenantId: string): TrustResult;
100
+ //# sourceMappingURL=trust.d.ts.map
package/dist/trust.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"trust.d.ts","sourceRoot":"","sources":["../src/trust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,eAAO,MAAM,YAAY,IAAI,CAAC;AAC9B,eAAO,MAAM,WAAW,IAAI,CAAC;AAC7B,eAAO,MAAM,cAAc,IAAI,CAAC;AAChC,eAAO,MAAM,cAAc,IAAI,CAAC;AAChC,eAAO,MAAM,eAAe,IAAI,CAAC;AAEjC,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAMpD,CAAC;AAEF,eAAO,MAAM,uBAAuB,qBAAqB,CAAC;AAC1D,eAAO,MAAM,qBAAqB,mBAAmB,CAAC;AACtD,eAAO,MAAM,qBAAqB,mBAAmB,CAAC;AACtD,eAAO,MAAM,wBAAwB,sBAAsB,CAAC;AAC5D,eAAO,MAAM,yBAAyB,uBAAuB,CAAC;AAC9D,eAAO,MAAM,kBAAkB,gBAAgB,CAAC;AAChD,eAAO,MAAM,8BAA8B,4BAA4B,CAAC;AACxE,eAAO,MAAM,wBAAwB,sBAAsB,CAAC;AAC5D,eAAO,MAAM,6BAA6B,2BAA2B,CAAC;AACtE,eAAO,MAAM,+BAA+B,6BAA6B,CAAC;AAC1E,eAAO,MAAM,uBAAuB,qBAAqB,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,cAAc,CAAqB;IAC3C,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,WAAW,CAA6B;IAChD,OAAO,CAAC,kBAAkB,CAAgB;IAC1C,OAAO,CAAC,iBAAiB,CAAuB;IAChD,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,aAAa,CAAe;IAEpC,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKnC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAInD,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIhC,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKlC,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI;IAItD,qBAAqB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI;IAIjD,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIzC,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI3C,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIrC,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAIvC,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAIzC,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO;IAK/D,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO;IAO/E,gBAAgB;IAChB,IAAI,kBAAkB,IAAI,MAAM,CAAmC;IACnE,gBAAgB;IAChB,IAAI,iBAAiB,IAAI,OAAO,CAAkC;IAClE,gBAAgB;IAChB,IAAI,mBAAmB,IAAI,MAAM,EAAE,CAAoC;IACvE,gBAAgB;IAChB,IAAI,cAAc,IAAI,MAAM,CAA+B;IAC3D,gBAAgB;IAChB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;CACnD;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,eAAe,GAAG,MAAM,CAG1E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAGtF;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAUlG;AAED,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,eAAe,GAAG,MAAM,CAKtE;AAED,wBAAgB,gBAAgB,CAC9B,UAAU,EAAE,eAAe,EAC3B,QAAQ,EAAE,aAAa,EACvB,WAAW,EAAE,MAAM,GAClB,WAAW,CAgFb"}
package/dist/trust.js ADDED
@@ -0,0 +1,222 @@
1
+ /**
2
+ * SWT3 AI Witness SDK -- Agent Trust Mesh (AI-TRUST.1 / AI-TRUST.2).
3
+ *
4
+ * Mutual compliance trust verification between AI agents.
5
+ * Before two agents exchange data, invoke tools, or share context,
6
+ * each verifies the other's SWT3 compliance anchor.
7
+ *
8
+ * Credentials are HMAC-signed to prevent forgery and escalation.
9
+ * Unsigned credentials are capped at TRUST_BASIC.
10
+ *
11
+ * Zero external dependencies. All verification is local (no network calls).
12
+ */
13
+ import { createHmac } from "node:crypto";
14
+ export const TRUST_DENIED = 0;
15
+ export const TRUST_BASIC = 1;
16
+ export const TRUST_VERIFIED = 2;
17
+ export const TRUST_ATTESTED = 3;
18
+ export const TRUST_SOVEREIGN = 4;
19
+ export const TRUST_LEVEL_NAMES = {
20
+ 0: "denied",
21
+ 1: "basic",
22
+ 2: "verified",
23
+ 3: "attested",
24
+ 4: "sovereign",
25
+ };
26
+ export const DENIAL_ANCHOR_NOT_FOUND = "anchor_not_found";
27
+ export const DENIAL_ANCHOR_EXPIRED = "anchor_expired";
28
+ export const DENIAL_ANCHOR_REVOKED = "anchor_revoked";
29
+ export const DENIAL_SIGNATURE_MISSING = "signature_missing";
30
+ export const DENIAL_TENANT_NOT_TRUSTED = "tenant_not_trusted";
31
+ export const DENIAL_DENY_LISTED = "deny_listed";
32
+ export const DENIAL_INSUFFICIENT_PROCEDURES = "insufficient_procedures";
33
+ export const DENIAL_SIGNATURE_INVALID = "signature_invalid";
34
+ export const DENIAL_SIGNATURE_UNVERIFIABLE = "signature_unverifiable";
35
+ export const DENIAL_INSUFFICIENT_TRUST_LEVEL = "insufficient_trust_level";
36
+ export const DENIAL_TIMESTAMP_FUTURE = "timestamp_future";
37
+ export class TrustRegistry {
38
+ trustedTenants = new Set();
39
+ trustedAgents = new Set();
40
+ deniedAgents = new Set();
41
+ deniedTenants = new Set();
42
+ signingKeys = new Map();
43
+ requiredProcedures = [];
44
+ freshnessWindowMs = 24 * 60 * 60 * 1000;
45
+ requireSignature = false;
46
+ minTrustLevel = TRUST_BASIC;
47
+ trustTenant(tenantId) {
48
+ this.trustedTenants.add(tenantId);
49
+ this.deniedTenants.delete(tenantId);
50
+ }
51
+ trustAgent(tenantId, agentId) {
52
+ this.trustedAgents.add(`${tenantId}:${agentId}`);
53
+ }
54
+ denyAgent(agentId) {
55
+ this.deniedAgents.add(agentId);
56
+ }
57
+ denyTenant(tenantId) {
58
+ this.deniedTenants.add(tenantId);
59
+ this.trustedTenants.delete(tenantId);
60
+ }
61
+ registerSigningKey(agentId, key) {
62
+ this.signingKeys.set(agentId, key);
63
+ }
64
+ setRequiredProcedures(procedures) {
65
+ this.requiredProcedures = procedures;
66
+ }
67
+ setFreshnessWindow(seconds) {
68
+ this.freshnessWindowMs = seconds * 1000;
69
+ }
70
+ setRequireSignature(require) {
71
+ this.requireSignature = require;
72
+ }
73
+ setMinTrustLevel(level) {
74
+ this.minTrustLevel = Math.max(0, Math.min(4, level));
75
+ }
76
+ isAgentDenied(agentId) {
77
+ return this.deniedAgents.has(agentId);
78
+ }
79
+ isTenantDenied(tenantId) {
80
+ return this.deniedTenants.has(tenantId);
81
+ }
82
+ isTenantTrusted(tenantId, ownTenantId) {
83
+ if (tenantId === ownTenantId)
84
+ return true;
85
+ return this.trustedTenants.has(tenantId);
86
+ }
87
+ isAgentTrusted(tenantId, agentId, ownTenantId) {
88
+ if (this.isAgentDenied(agentId))
89
+ return false;
90
+ if (this.isTenantDenied(tenantId))
91
+ return false;
92
+ if (this.isTenantTrusted(tenantId, ownTenantId))
93
+ return true;
94
+ return this.trustedAgents.has(`${tenantId}:${agentId}`);
95
+ }
96
+ /** @internal */
97
+ get _freshnessWindowMs() { return this.freshnessWindowMs; }
98
+ /** @internal */
99
+ get _requireSignature() { return this.requireSignature; }
100
+ /** @internal */
101
+ get _requiredProcedures() { return this.requiredProcedures; }
102
+ /** @internal */
103
+ get _minTrustLevel() { return this.minTrustLevel; }
104
+ /** @internal */
105
+ getSigningKey(agentId) { return this.signingKeys.get(agentId); }
106
+ }
107
+ /**
108
+ * Build the deterministic message used for credential signing/verification.
109
+ * Formula is LOCKED for cross-language parity.
110
+ */
111
+ export function buildCredentialMessage(credential) {
112
+ const procs = [...(credential.procedures ?? [])].sort().join(",");
113
+ return `${credential.agentId}:${credential.tenantId}:${credential.anchorFingerprint}:${credential.anchorTimestampMs}:${credential.isSigned ? 1 : 0}:${credential.hasHardwareAttestation ? 1 : 0}:${credential.hasGuardrails ? 1 : 0}:${credential.clearingLevel ?? 0}:${procs}`;
114
+ }
115
+ /**
116
+ * Sign a credential with HMAC-SHA256.
117
+ */
118
+ export function signCredential(credential, signingKey) {
119
+ const message = buildCredentialMessage(credential);
120
+ return createHmac("sha256", signingKey).update(message, "utf-8").digest("hex");
121
+ }
122
+ /**
123
+ * Verify a credential signature against a known signing key.
124
+ */
125
+ export function verifyCredentialSignature(credential, signingKey) {
126
+ if (!credential.credentialSignature)
127
+ return false;
128
+ const expected = signCredential(credential, signingKey);
129
+ // Constant-time comparison to prevent timing attacks
130
+ if (expected.length !== credential.credentialSignature.length)
131
+ return false;
132
+ let diff = 0;
133
+ for (let i = 0; i < expected.length; i++) {
134
+ diff |= expected.charCodeAt(i) ^ credential.credentialSignature.charCodeAt(i);
135
+ }
136
+ return diff === 0;
137
+ }
138
+ export function evaluateTrustLevel(credential) {
139
+ if (!credential.isSigned)
140
+ return TRUST_BASIC;
141
+ if (!credential.hasHardwareAttestation || !credential.hasGuardrails)
142
+ return TRUST_VERIFIED;
143
+ if ((credential.clearingLevel ?? 1) < 2)
144
+ return TRUST_ATTESTED;
145
+ return TRUST_SOVEREIGN;
146
+ }
147
+ export function verifyCredential(credential, registry, ownTenantId) {
148
+ let checks = 0;
149
+ let passed = 0;
150
+ const base = {
151
+ counterpartAgentId: credential.agentId,
152
+ counterpartTenantId: credential.tenantId,
153
+ };
154
+ const denied = (reason) => ({
155
+ granted: false, trustLevel: TRUST_DENIED, denialReason: reason,
156
+ checksPerformed: checks, checksPassed: passed, ...base,
157
+ });
158
+ // Check 1: deny list
159
+ checks++;
160
+ if (registry.isAgentDenied(credential.agentId))
161
+ return denied(DENIAL_DENY_LISTED);
162
+ if (registry.isTenantDenied(credential.tenantId))
163
+ return denied(DENIAL_DENY_LISTED);
164
+ passed++;
165
+ // Check 2: tenant trust
166
+ checks++;
167
+ if (!registry.isAgentTrusted(credential.tenantId, credential.agentId, ownTenantId)) {
168
+ return denied(DENIAL_TENANT_NOT_TRUSTED);
169
+ }
170
+ passed++;
171
+ // Check 3: freshness
172
+ checks++;
173
+ const now = Date.now();
174
+ const ageMs = now - credential.anchorTimestampMs;
175
+ if (ageMs > registry._freshnessWindowMs)
176
+ return denied(DENIAL_ANCHOR_EXPIRED);
177
+ // Reject future-dated credentials (allow 60s clock skew)
178
+ if (credential.anchorTimestampMs > now + 60_000)
179
+ return denied(DENIAL_TIMESTAMP_FUTURE);
180
+ passed++;
181
+ // Check 4: signing key presence
182
+ checks++;
183
+ if (registry._requireSignature && !credential.isSigned)
184
+ return denied(DENIAL_SIGNATURE_MISSING);
185
+ passed++;
186
+ // Check 5: credential signature verification
187
+ let signatureVerified = false;
188
+ if (credential.credentialSignature) {
189
+ checks++;
190
+ const counterpartKey = registry.getSigningKey(credential.agentId);
191
+ if (!counterpartKey) {
192
+ return denied(DENIAL_SIGNATURE_UNVERIFIABLE);
193
+ }
194
+ if (!verifyCredentialSignature(credential, counterpartKey)) {
195
+ return denied(DENIAL_SIGNATURE_INVALID);
196
+ }
197
+ signatureVerified = true;
198
+ passed++;
199
+ }
200
+ // Check 6: procedures
201
+ if (registry._requiredProcedures.length > 0) {
202
+ checks++;
203
+ const credProcs = new Set(credential.procedures ?? []);
204
+ if (!registry._requiredProcedures.every((p) => credProcs.has(p))) {
205
+ return denied(DENIAL_INSUFFICIENT_PROCEDURES);
206
+ }
207
+ passed++;
208
+ }
209
+ let level = evaluateTrustLevel(credential);
210
+ // Cap: unsigned or unverifiable credentials cannot exceed TRUST_BASIC
211
+ if (!signatureVerified && level > TRUST_BASIC) {
212
+ level = TRUST_BASIC;
213
+ }
214
+ if (level < registry._minTrustLevel) {
215
+ return denied(DENIAL_INSUFFICIENT_TRUST_LEVEL);
216
+ }
217
+ return {
218
+ granted: true, trustLevel: level,
219
+ checksPerformed: checks, checksPassed: passed, ...base,
220
+ };
221
+ }
222
+ //# sourceMappingURL=trust.js.map
package/dist/trust.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"trust.js","sourceRoot":"","sources":["../src/trust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC;AAC9B,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC;AAC7B,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC;AAChC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC;AAChC,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC;AAEjC,MAAM,CAAC,MAAM,iBAAiB,GAA2B;IACvD,CAAC,EAAE,QAAQ;IACX,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,UAAU;IACb,CAAC,EAAE,UAAU;IACb,CAAC,EAAE,WAAW;CACf,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CAAC;AAC1D,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC;AACtD,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC;AACtD,MAAM,CAAC,MAAM,wBAAwB,GAAG,mBAAmB,CAAC;AAC5D,MAAM,CAAC,MAAM,yBAAyB,GAAG,oBAAoB,CAAC;AAC9D,MAAM,CAAC,MAAM,kBAAkB,GAAG,aAAa,CAAC;AAChD,MAAM,CAAC,MAAM,8BAA8B,GAAG,yBAAyB,CAAC;AACxE,MAAM,CAAC,MAAM,wBAAwB,GAAG,mBAAmB,CAAC;AAC5D,MAAM,CAAC,MAAM,6BAA6B,GAAG,wBAAwB,CAAC;AACtE,MAAM,CAAC,MAAM,+BAA+B,GAAG,0BAA0B,CAAC;AAC1E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CAAC;AAyB1D,MAAM,OAAO,aAAa;IAChB,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;IACxC,kBAAkB,GAAa,EAAE,CAAC;IAClC,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACxC,gBAAgB,GAAG,KAAK,CAAC;IACzB,aAAa,GAAG,WAAW,CAAC;IAEpC,WAAW,CAAC,QAAgB;QAC1B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,UAAU,CAAC,QAAgB,EAAE,OAAe;QAC1C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,QAAQ,IAAI,OAAO,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,SAAS,CAAC,OAAe;QACvB,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,UAAU,CAAC,QAAgB;QACzB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACjC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,kBAAkB,CAAC,OAAe,EAAE,GAAW;QAC7C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,qBAAqB,CAAC,UAAoB;QACxC,IAAI,CAAC,kBAAkB,GAAG,UAAU,CAAC;IACvC,CAAC;IAED,kBAAkB,CAAC,OAAe;QAChC,IAAI,CAAC,iBAAiB,GAAG,OAAO,GAAG,IAAI,CAAC;IAC1C,CAAC;IAED,mBAAmB,CAAC,OAAgB;QAClC,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC;IAClC,CAAC;IAED,gBAAgB,CAAC,KAAa;QAC5B,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,aAAa,CAAC,OAAe;QAC3B,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,cAAc,CAAC,QAAgB;QAC7B,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1C,CAAC;IAED,eAAe,CAAC,QAAgB,EAAE,WAAmB;QACnD,IAAI,QAAQ,KAAK,WAAW;YAAE,OAAO,IAAI,CAAC;QAC1C,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAED,cAAc,CAAC,QAAgB,EAAE,OAAe,EAAE,WAAmB;QACnE,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9C,IAAI,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAChD,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7D,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,QAAQ,IAAI,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,gBAAgB;IAChB,IAAI,kBAAkB,KAAa,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IACnE,gBAAgB;IAChB,IAAI,iBAAiB,KAAc,OAAO,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAClE,gBAAgB;IAChB,IAAI,mBAAmB,KAAe,OAAO,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACvE,gBAAgB;IAChB,IAAI,cAAc,KAAa,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IAC3D,gBAAgB;IAChB,aAAa,CAAC,OAAe,IAAwB,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;CAC7F;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,UAA2B;IAChE,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClE,OAAO,GAAG,UAAU,CAAC,OAAO,IAAI,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,iBAAiB,IAAI,UAAU,CAAC,iBAAiB,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,aAAa,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC;AAClR,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,UAA2B,EAAE,UAAkB;IAC5E,MAAM,OAAO,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,UAA2B,EAAE,UAAkB;IACvF,IAAI,CAAC,UAAU,CAAC,mBAAmB;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,QAAQ,GAAG,cAAc,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IACxD,qDAAqD;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU,CAAC,mBAAmB,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC5E,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,IAAI,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChF,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,UAA2B;IAC5D,IAAI,CAAC,UAAU,CAAC,QAAQ;QAAE,OAAO,WAAW,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,sBAAsB,IAAI,CAAC,UAAU,CAAC,aAAa;QAAE,OAAO,cAAc,CAAC;IAC3F,IAAI,CAAC,UAAU,CAAC,aAAa,IAAI,CAAC,CAAC,GAAG,CAAC;QAAE,OAAO,cAAc,CAAC;IAC/D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,UAA2B,EAC3B,QAAuB,EACvB,WAAmB;IAEnB,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,IAAI,GAAG;QACX,kBAAkB,EAAE,UAAU,CAAC,OAAO;QACtC,mBAAmB,EAAE,UAAU,CAAC,QAAQ;KACzC,CAAC;IAEF,MAAM,MAAM,GAAG,CAAC,MAAc,EAAe,EAAE,CAAC,CAAC;QAC/C,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM;QAC9D,eAAe,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI;KACvD,CAAC,CAAC;IAEH,qBAAqB;IACrB,MAAM,EAAE,CAAC;IACT,IAAI,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAClF,IAAI,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACpF,MAAM,EAAE,CAAC;IAET,wBAAwB;IACxB,MAAM,EAAE,CAAC;IACT,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,CAAC;QACnF,OAAO,MAAM,CAAC,yBAAyB,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,EAAE,CAAC;IAET,qBAAqB;IACrB,MAAM,EAAE,CAAC;IACT,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,KAAK,GAAG,GAAG,GAAG,UAAU,CAAC,iBAAiB,CAAC;IACjD,IAAI,KAAK,GAAG,QAAQ,CAAC,kBAAkB;QAAE,OAAO,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC9E,yDAAyD;IACzD,IAAI,UAAU,CAAC,iBAAiB,GAAG,GAAG,GAAG,MAAM;QAAE,OAAO,MAAM,CAAC,uBAAuB,CAAC,CAAC;IACxF,MAAM,EAAE,CAAC;IAET,gCAAgC;IAChC,MAAM,EAAE,CAAC;IACT,IAAI,QAAQ,CAAC,iBAAiB,IAAI,CAAC,UAAU,CAAC,QAAQ;QAAE,OAAO,MAAM,CAAC,wBAAwB,CAAC,CAAC;IAChG,MAAM,EAAE,CAAC;IAET,6CAA6C;IAC7C,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,UAAU,CAAC,mBAAmB,EAAE,CAAC;QACnC,MAAM,EAAE,CAAC;QACT,MAAM,cAAc,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAClE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,MAAM,CAAC,6BAA6B,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,CAAC;YAC3D,OAAO,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAC1C,CAAC;QACD,iBAAiB,GAAG,IAAI,CAAC;QACzB,MAAM,EAAE,CAAC;IACX,CAAC;IAED,sBAAsB;IACtB,IAAI,QAAQ,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,MAAM,EAAE,CAAC;QACT,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,OAAO,MAAM,CAAC,8BAA8B,CAAC,CAAC;QAChD,CAAC;QACD,MAAM,EAAE,CAAC;IACX,CAAC;IAED,IAAI,KAAK,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAE3C,sEAAsE;IACtE,IAAI,CAAC,iBAAiB,IAAI,KAAK,GAAG,WAAW,EAAE,CAAC;QAC9C,KAAK,GAAG,WAAW,CAAC;IACtB,CAAC;IAED,IAAI,KAAK,GAAG,QAAQ,CAAC,cAAc,EAAE,CAAC;QACpC,OAAO,MAAM,CAAC,+BAA+B,CAAC,CAAC;IACjD,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK;QAChC,eAAe,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI;KACvD,CAAC;AACJ,CAAC"}
package/dist/types.d.ts CHANGED
@@ -25,6 +25,7 @@ export interface WitnessConfig {
25
25
  jurisdiction?: string;
26
26
  legalBasis?: string;
27
27
  purposeClass?: string;
28
+ tokenBudget?: number;
28
29
  onFlush?: (payloads: WitnessPayload[], receipts: WitnessReceipt[]) => void;
29
30
  }
30
31
  export interface WitnessPayload {
@@ -43,17 +44,7 @@ export interface WitnessPayload {
43
44
  ai_latency_ms?: number;
44
45
  ai_input_tokens?: number;
45
46
  ai_output_tokens?: number;
46
- ai_context?: {
47
- provider?: string;
48
- guardrails?: string[];
49
- system_fingerprint?: string;
50
- tool_name?: string;
51
- tool_call_id?: string;
52
- access_target?: string;
53
- access_scope?: string;
54
- access_granted?: boolean;
55
- cycle_id?: string;
56
- };
47
+ ai_context?: Record<string, unknown>;
57
48
  agent_id?: string;
58
49
  cycle_id?: string;
59
50
  payload_signature?: string;
@@ -109,4 +100,169 @@ export interface InferenceRecord {
109
100
  }
110
101
  /** Valid AI procedure IDs from SWT3 Spec v1.2.0 */
111
102
  export declare const AI_PROCEDURES: Set<string>;
103
+ /** A single retrieved context chunk for RAG witnessing. */
104
+ export interface RagChunk {
105
+ contentHash: string;
106
+ sourceId?: string;
107
+ similarityScore?: number;
108
+ metadata?: Record<string, unknown>;
109
+ }
110
+ /** Options for witnessRagContext(). */
111
+ export interface RagContextOptions {
112
+ chunks: (string | RagChunk)[];
113
+ corpusId?: string;
114
+ corpusHash?: string;
115
+ embeddingModel?: string;
116
+ retrievalLatencyMs?: number;
117
+ topK?: number;
118
+ similarityThreshold?: number;
119
+ }
120
+ /** Model weight file metadata for AI-MDL.5 witnessing. */
121
+ export interface ModelWeightInfo {
122
+ fileHash: string;
123
+ filePath?: string;
124
+ fileSizeBytes?: number;
125
+ format?: string;
126
+ }
127
+ /** LoRA/QLoRA/PEFT adapter metadata for AI-MDL.6 witnessing. */
128
+ export interface AdapterInfo {
129
+ name: string;
130
+ adapterHash: string;
131
+ baseModel?: string;
132
+ }
133
+ /** Skill/tool/plugin metadata for AI-SKILL.1 witnessing. */
134
+ export interface SkillInfo {
135
+ name: string;
136
+ version?: string;
137
+ skillHash?: string;
138
+ }
139
+ /** Persistent memory source metadata for AI-SKILL.2 witnessing. */
140
+ export interface MemorySource {
141
+ sourceType: string;
142
+ sourceId?: string;
143
+ contentHash?: string;
144
+ }
145
+ /** Quantization method codes for AI-MDL.7. */
146
+ export declare const QUANTIZATION_CODES: Record<string, number>;
147
+ /** Violation policy category codes for AI-VIO.1. */
148
+ export declare const POLICY_CATEGORIES: Record<string, number>;
149
+ /** Identity binding method codes for AI-HITL.3. */
150
+ export declare const BINDING_METHODS: Record<string, number>;
151
+ /** Model registry approval status codes for AI-MDL.8. */
152
+ export declare const APPROVAL_STATUS: Record<string, number>;
153
+ /** Training data PII lifecycle event type codes for AI-DATA.4. */
154
+ export declare const PII_EVENT_TYPES: Record<string, number>;
155
+ /** Trust mesh configuration from .swt3.yaml trust_mesh section. */
156
+ export interface TrustMeshConfig {
157
+ mode: "strict" | "permissive" | "monitor";
158
+ minTrustLevel: number;
159
+ requireSignature: boolean;
160
+ freshnessWindow: number;
161
+ trustedTenants: string[];
162
+ trustedAgents: {
163
+ tenant: string;
164
+ agent: string;
165
+ }[];
166
+ denyAgents: string[];
167
+ denyTenants: string[];
168
+ requiredProcedures: string[];
169
+ signingKeys: {
170
+ agent: string;
171
+ key: string;
172
+ }[];
173
+ }
174
+ /** Hardware attestation configuration from .swt3.yaml hardware section. */
175
+ export interface HardwareConfig {
176
+ requireAttestation: boolean;
177
+ attestationFreshness: number;
178
+ allowedMethods: string[];
179
+ }
180
+ /** Density policy configuration from .swt3.yaml density_policy section. */
181
+ export interface DensityPolicyConfig {
182
+ minAnchorsPerThousandTokens: number;
183
+ requiredProviders: string[];
184
+ maxChainGapSeconds: number;
185
+ requireSigningKey: boolean;
186
+ minTrustLevel: number;
187
+ }
188
+ /** A single chain enforcement rule from .swt3.yaml mcp_policy.rules array. */
189
+ export interface ChainRule {
190
+ /** Glob pattern matching tool names this rule applies to. "*" = all tools. */
191
+ match: string;
192
+ /** Action on violation: block execution or log and continue. */
193
+ action: "block" | "log";
194
+ /** Human-readable reason shown in violation errors. */
195
+ reason: string;
196
+ /** Optional rule-specific parameters (extensible). */
197
+ params?: Record<string, unknown>;
198
+ }
199
+ /** Error context for a chain density policy violation. */
200
+ export interface ChainPolicyViolation {
201
+ /** Which rule fired (e.g., "velocity", "blocklist", "custom"). */
202
+ rule: string;
203
+ /** Tool name that triggered the violation. */
204
+ toolName: string;
205
+ /** Action taken: "blocked" or "logged". */
206
+ action: "blocked" | "logged";
207
+ /** Human-readable reason. */
208
+ reason: string;
209
+ /** Timestamp of violation (ms since epoch). */
210
+ timestamp: number;
211
+ /** Rule-specific metadata (current count, limit, etc.). */
212
+ context?: Record<string, unknown>;
213
+ }
214
+ /** MCP tool witnessing policy from .swt3.yaml mcp_policy section. */
215
+ export interface McpPolicyConfig {
216
+ /** Glob patterns for tools that MUST be witnessed (e.g., "write_*", "search_*"). */
217
+ witnessedTools: string[];
218
+ /** Glob patterns for tools exempt from witnessing (e.g., "list_files"). */
219
+ exemptTools: string[];
220
+ /** Minimum trust level required before executing any MCP tool. */
221
+ requireTrustLevel: number;
222
+ /** Auto-witness all MCP tool calls without explicit wrapping. */
223
+ autoWitness: boolean;
224
+ /** Block tool execution if witnessing fails (true) or log-only (false). */
225
+ blockOnFailure: boolean;
226
+ /** Rate limit: "N/Xs" format (e.g., "4/30s" = max 4 calls per 30 seconds). */
227
+ maxVelocity?: string;
228
+ /** Maximum sequential dependent tool calls before blocking. */
229
+ maxChainDepth?: number;
230
+ /** Only these tools are permitted. Empty array = all permitted. */
231
+ toolAllowlist?: string[];
232
+ /** These tools are always blocked. */
233
+ toolBlocklist?: string[];
234
+ /** On enforcement error: true = block, false = log and continue. Default true. */
235
+ failSecure?: boolean;
236
+ /** Custom rule objects for extensibility. */
237
+ rules?: ChainRule[];
238
+ /** Maximum cumulative tokens per session before blocking tool execution. */
239
+ maxTokensPerSession?: number;
240
+ }
241
+ /** Merkle accumulator configuration from .swt3.yaml merkle section. */
242
+ export interface MerkleConfig {
243
+ /** Enable SDK-side Merkle accumulator. */
244
+ enabled: boolean;
245
+ /** Interval in seconds for session root computation (0 = on every flush). */
246
+ accumulatorInterval: number;
247
+ }
248
+ /** Parsed policy rules from .swt3.yaml policy section. */
249
+ export interface PolicyConfig {
250
+ requireSigning?: boolean;
251
+ minClearingLevel?: number;
252
+ requiredProcedures?: string[];
253
+ requireAgentId?: boolean;
254
+ maxFlushInterval?: number;
255
+ requireJurisdiction?: boolean;
256
+ }
257
+ /** Full parsed config returned by loadFullConfig(). */
258
+ export interface LoadedConfig {
259
+ witnessOptions: Record<string, unknown>;
260
+ trustMesh: TrustMeshConfig | null;
261
+ hardware: HardwareConfig | null;
262
+ densityPolicy: DensityPolicyConfig | null;
263
+ mcpPolicy: McpPolicyConfig | null;
264
+ merkle: MerkleConfig | null;
265
+ policy: PolicyConfig | null;
266
+ configHash: string;
267
+ }
112
268
  //# sourceMappingURL=types.d.ts.map
package/dist/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,IAAI,CAAC;CAC5E;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wBAAwB,EAAE,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE;QACX,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,mDAAmD;AACnD,eAAO,MAAM,aAAa,aAcxB,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,IAAI,CAAC;CAC5E;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wBAAwB,EAAE,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,mDAAmD;AACnD,eAAO,MAAM,aAAa,aAkCxB,CAAC;AAEH,2DAA2D;AAC3D,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,uCAAuC;AACvC,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC,EAAE,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,0DAA0D;AAC1D,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,gEAAgE;AAChE,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,4DAA4D;AAC5D,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,mEAAmE;AACnE,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,8CAA8C;AAC9C,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAErD,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAEpD,CAAC;AAEF,mDAAmD;AACnD,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAElD,CAAC;AAEF,yDAAyD;AACzD,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAElD,CAAC;AAEF,kEAAkE;AAClE,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAGlD,CAAC;AAIF,mEAAmE;AACnE,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,QAAQ,GAAG,YAAY,GAAG,SAAS,CAAC;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,aAAa,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACnD,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC/C;AAED,2EAA2E;AAC3E,MAAM,WAAW,cAAc;IAC7B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,2EAA2E;AAC3E,MAAM,WAAW,mBAAmB;IAClC,2BAA2B,EAAE,MAAM,CAAC;IACpC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,8EAA8E;AAC9E,MAAM,WAAW,SAAS;IACxB,8EAA8E;IAC9E,KAAK,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,MAAM,EAAE,OAAO,GAAG,KAAK,CAAC;IACxB,uDAAuD;IACvD,MAAM,EAAE,MAAM,CAAC;IACf,sDAAsD;IACtD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,0DAA0D;AAC1D,MAAM,WAAW,oBAAoB;IACnC,kEAAkE;IAClE,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,MAAM,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC7B,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,qEAAqE;AACrE,MAAM,WAAW,eAAe;IAC9B,oFAAoF;IACpF,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,2EAA2E;IAC3E,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kEAAkE;IAClE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,WAAW,EAAE,OAAO,CAAC;IACrB,2EAA2E;IAC3E,cAAc,EAAE,OAAO,CAAC;IACxB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+DAA+D;IAC/D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mEAAmE;IACnE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,sCAAsC;IACtC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,kFAAkF;IAClF,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC;IACpB,4EAA4E;IAC5E,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,uEAAuE;AACvE,MAAM,WAAW,YAAY;IAC3B,0CAA0C;IAC1C,OAAO,EAAE,OAAO,CAAC;IACjB,6EAA6E;IAC7E,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED,0DAA0D;AAC1D,MAAM,WAAW,YAAY;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAED,uDAAuD;AACvD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAC;IAChC,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAC1C,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,MAAM,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACpB"}
package/dist/types.js CHANGED
@@ -6,7 +6,7 @@ export const AI_PROCEDURES = new Set([
6
6
  "AI-INF.1", "AI-INF.2", "AI-INF.3",
7
7
  "AI-MDL.1", "AI-MDL.2", "AI-MDL.3",
8
8
  "AI-GRD.1", "AI-GRD.2", "AI-GRD.3",
9
- "AI-FAIR.1", "AI-FAIR.2",
9
+ "AI-FAIR.1", "AI-FAIR.2", "AI-FAIR.3",
10
10
  "AI-DATA.1", "AI-DATA.2",
11
11
  "AI-HITL.1", "AI-HITL.2",
12
12
  "AI-EXPL.1", "AI-EXPL.2",
@@ -16,5 +16,46 @@ export const AI_PROCEDURES = new Set([
16
16
  "AI-REV.1",
17
17
  "AI-SEC.1",
18
18
  "AI-SEC.2",
19
+ "AI-RAG.1",
20
+ "AI-RAG.2",
21
+ "AI-MDL.5",
22
+ "AI-MDL.6",
23
+ "AI-MDL.7",
24
+ "AI-SKILL.1",
25
+ "AI-SKILL.2",
26
+ "AI-SKILL.3",
27
+ "AI-HW.1",
28
+ "AI-HW.3",
29
+ "AI-TRUST.1",
30
+ "AI-TRUST.2",
31
+ "AI-CHR.1",
32
+ "AI-VIO.1",
33
+ "AI-CHAIN.1",
34
+ "AI-SAFE.1",
35
+ "AI-DATA.3",
36
+ "AI-DATA.4",
37
+ "AI-ENV.1",
38
+ "AI-ENV.2",
19
39
  ]);
40
+ /** Quantization method codes for AI-MDL.7. */
41
+ export const QUANTIZATION_CODES = {
42
+ fp32: 0, fp16: 1, bf16: 2, int8: 3, int4: 4, gptq: 5, awq: 6, gguf: 7,
43
+ };
44
+ /** Violation policy category codes for AI-VIO.1. */
45
+ export const POLICY_CATEGORIES = {
46
+ unspecified: 0, content: 1, access: 2, data: 3, safety: 4, regulatory: 5,
47
+ };
48
+ /** Identity binding method codes for AI-HITL.3. */
49
+ export const BINDING_METHODS = {
50
+ none: 0, session: 1, cryptographic: 2,
51
+ };
52
+ /** Model registry approval status codes for AI-MDL.8. */
53
+ export const APPROVAL_STATUS = {
54
+ approved: 0, pending: 1, denied: 2,
55
+ };
56
+ /** Training data PII lifecycle event type codes for AI-DATA.4. */
57
+ export const PII_EVENT_TYPES = {
58
+ unspecified: 0, pseudonymization: 1, anonymization: 2,
59
+ access_restriction: 3, deletion: 4, encryption: 5,
60
+ };
20
61
  //# sourceMappingURL=types.js.map
package/dist/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAiHH,mDAAmD;AACnD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IACnC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,SAAS;IACT,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;CACX,CAAC,CAAC"}
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAwGH,mDAAmD;AACnD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IACnC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,WAAW,EAAE,WAAW,EAAE,WAAW;IACrC,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,SAAS;IACT,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,YAAY;IACZ,YAAY;IACZ,YAAY;IACZ,SAAS;IACT,SAAS;IACT,YAAY;IACZ,YAAY;IACZ,UAAU;IACV,UAAU;IACV,YAAY;IACZ,WAAW;IACX,WAAW;IACX,WAAW;IACX,UAAU;IACV,UAAU;CACX,CAAC,CAAC;AAkDH,8CAA8C;AAC9C,MAAM,CAAC,MAAM,kBAAkB,GAA2B;IACxD,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;CACtE,CAAC;AAEF,oDAAoD;AACpD,MAAM,CAAC,MAAM,iBAAiB,GAA2B;IACvD,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;CACzE,CAAC;AAEF,mDAAmD;AACnD,MAAM,CAAC,MAAM,eAAe,GAA2B;IACrD,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC;CACtC,CAAC;AAEF,yDAAyD;AACzD,MAAM,CAAC,MAAM,eAAe,GAA2B;IACrD,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC;CACnC,CAAC;AAEF,kEAAkE;AAClE,MAAM,CAAC,MAAM,eAAe,GAA2B;IACrD,WAAW,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC;IACrD,kBAAkB,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;CAClD,CAAC"}