@tenova/swt3-ai 0.5.2 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +191 -0
- package/README.md +113 -7
- package/dist/adapters/cerebras.d.ts +25 -0
- package/dist/adapters/cerebras.d.ts.map +1 -0
- package/dist/adapters/cerebras.js +79 -0
- package/dist/adapters/cerebras.js.map +1 -0
- package/dist/clearing.d.ts +15 -3
- package/dist/clearing.d.ts.map +1 -1
- package/dist/clearing.js +42 -10
- package/dist/clearing.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +54 -2
- package/dist/config.js.map +1 -1
- package/dist/demo.d.ts.map +1 -1
- package/dist/demo.js +6 -2
- package/dist/demo.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +20 -0
- package/dist/doctor.js.map +1 -1
- package/dist/exporters/evidence.d.ts +59 -0
- package/dist/exporters/evidence.d.ts.map +1 -0
- package/dist/exporters/evidence.js +148 -0
- package/dist/exporters/evidence.js.map +1 -0
- package/dist/index.d.ts +10 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -4
- package/dist/index.js.map +1 -1
- package/dist/merkle.d.ts +15 -0
- package/dist/merkle.d.ts.map +1 -1
- package/dist/merkle.js +24 -0
- package/dist/merkle.js.map +1 -1
- package/dist/schema.d.ts.map +1 -1
- package/dist/schema.js +60 -4
- package/dist/schema.js.map +1 -1
- package/dist/sentinel-client.d.ts +90 -0
- package/dist/sentinel-client.d.ts.map +1 -0
- package/dist/sentinel-client.js +179 -0
- package/dist/sentinel-client.js.map +1 -0
- package/dist/signing.d.ts +31 -6
- package/dist/signing.d.ts.map +1 -1
- package/dist/signing.js +105 -12
- package/dist/signing.js.map +1 -1
- package/dist/types.d.ts +25 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +15 -0
- package/dist/types.js.map +1 -1
- package/dist/wal.d.ts +1 -1
- package/dist/wal.js +1 -1
- package/dist/witness.d.ts +117 -0
- package/dist/witness.d.ts.map +1 -1
- package/dist/witness.js +334 -9
- package/dist/witness.js.map +1 -1
- package/package.json +5 -6
- package/templates/autonomous-systems.yaml +70 -0
- package/templates/content-platform.yaml +68 -0
- package/templates/cost-conscious.yaml +35 -0
- package/templates/defense-govcon.yaml +77 -0
- package/templates/fintech-model-risk.yaml +69 -0
- package/templates/github-action.yml +44 -0
- package/templates/healthcare-clinical.yaml +67 -0
- package/templates/insurance-underwriting.yaml +68 -0
- package/templates/telecom-compliance.yaml +72 -0
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SWT3 AI Witness SDK: Sentinel Client.
|
|
3
|
+
*
|
|
4
|
+
* Thin proxy that connects to the swt3-sentinel daemon over a Unix
|
|
5
|
+
* domain socket. When the daemon is detected, witness operations
|
|
6
|
+
* (attestation signing, WAL persistence, Merkle accumulation) are
|
|
7
|
+
* delegated to the isolated process for tamper-proof evidence.
|
|
8
|
+
* When the daemon is absent, the SDK operates standalone with
|
|
9
|
+
* zero degradation.
|
|
10
|
+
*
|
|
11
|
+
* Auto-detection adds less than 10ms to initialization and requires
|
|
12
|
+
* zero code changes from the developer.
|
|
13
|
+
*
|
|
14
|
+
* Copyright (c) 2026 Tenable Nova LLC. Apache 2.0. Patent pending.
|
|
15
|
+
*/
|
|
16
|
+
export interface SentinelClientOptions {
|
|
17
|
+
socketPath?: string;
|
|
18
|
+
timeoutMs?: number;
|
|
19
|
+
failSecure?: boolean;
|
|
20
|
+
}
|
|
21
|
+
export interface SentinelViolation {
|
|
22
|
+
rule: string;
|
|
23
|
+
tool: string;
|
|
24
|
+
action: "blocked" | "logged";
|
|
25
|
+
reason: string;
|
|
26
|
+
timestamp: number;
|
|
27
|
+
context?: Record<string, unknown>;
|
|
28
|
+
}
|
|
29
|
+
export interface SentinelCheckResult {
|
|
30
|
+
allowed: boolean;
|
|
31
|
+
violation?: SentinelViolation;
|
|
32
|
+
}
|
|
33
|
+
export interface SentinelStatusResult {
|
|
34
|
+
uptime: number;
|
|
35
|
+
tokens: number;
|
|
36
|
+
violations: number;
|
|
37
|
+
walSeq: number;
|
|
38
|
+
walCheckpoint: number;
|
|
39
|
+
connections: number;
|
|
40
|
+
protocolVersion: number;
|
|
41
|
+
}
|
|
42
|
+
export declare class SentinelClient {
|
|
43
|
+
private socket;
|
|
44
|
+
private _connected;
|
|
45
|
+
private pending;
|
|
46
|
+
private buffer;
|
|
47
|
+
private socketPath;
|
|
48
|
+
private timeoutMs;
|
|
49
|
+
private failSecure;
|
|
50
|
+
constructor(options?: SentinelClientOptions);
|
|
51
|
+
/**
|
|
52
|
+
* Non-blocking auto-detection. Attempts to connect to the sentinel
|
|
53
|
+
* daemon with a 10ms timeout. Returns a connected client or null.
|
|
54
|
+
*
|
|
55
|
+
* Usage:
|
|
56
|
+
* const sentinel = await SentinelClient.detect();
|
|
57
|
+
* if (sentinel) { // daemon present, delegate operations }
|
|
58
|
+
*/
|
|
59
|
+
static detect(socketPath?: string): Promise<SentinelClient | null>;
|
|
60
|
+
/** Connect to the sentinel daemon. */
|
|
61
|
+
connect(): Promise<void>;
|
|
62
|
+
get connected(): boolean;
|
|
63
|
+
/** Check a tool call against the shared enforcement engine. */
|
|
64
|
+
check(tool: string): Promise<SentinelCheckResult>;
|
|
65
|
+
/** Record a witness entry in the protected WAL. */
|
|
66
|
+
record(fingerprint: string, payload: string): Promise<{
|
|
67
|
+
seq: number;
|
|
68
|
+
merkleRoot?: string;
|
|
69
|
+
}>;
|
|
70
|
+
/** Sign a payload using the daemon's isolated key. */
|
|
71
|
+
sign(data: string, agentId?: string): Promise<string>;
|
|
72
|
+
/** Record token consumption in the shared budget. */
|
|
73
|
+
recordTokens(count: number): Promise<{
|
|
74
|
+
total: number;
|
|
75
|
+
budget: number;
|
|
76
|
+
}>;
|
|
77
|
+
/** Flush the protected WAL. */
|
|
78
|
+
flush(): Promise<{
|
|
79
|
+
flushedSeq: number;
|
|
80
|
+
merkleRoot?: string;
|
|
81
|
+
}>;
|
|
82
|
+
/** Get daemon status. */
|
|
83
|
+
status(): Promise<SentinelStatusResult>;
|
|
84
|
+
/** Disconnect from the daemon. */
|
|
85
|
+
destroy(): void;
|
|
86
|
+
private request;
|
|
87
|
+
private onData;
|
|
88
|
+
private rejectAllPending;
|
|
89
|
+
}
|
|
90
|
+
//# sourceMappingURL=sentinel-client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sentinel-client.d.ts","sourceRoot":"","sources":["../src/sentinel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAYH,MAAM,WAAW,qBAAqB;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,iBAAiB,CAAC;CAC/B;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;CACzB;AAQD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,OAAO,CAAqC;IACpD,OAAO,CAAC,MAAM,CAAM;IACpB,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAU;gBAEhB,OAAO,GAAE,qBAA0B;IAQ/C;;;;;;;OAOG;IACH,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IA4BlE,sCAAsC;IAChC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAsB9B,IAAI,SAAS,IAAI,OAAO,CAEvB;IAED,+DAA+D;IACzD,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAIvD,mDAAmD;IAC7C,MAAM,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAIjG,sDAAsD;IAChD,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAK3D,qDAAqD;IAC/C,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAI7E,+BAA+B;IACzB,KAAK,IAAI,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAInE,yBAAyB;IACnB,MAAM,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAI7C,kCAAkC;IAClC,OAAO,IAAI,IAAI;IAWf,OAAO,CAAC,OAAO;IAoBf,OAAO,CAAC,MAAM;IA0Bd,OAAO,CAAC,gBAAgB;CAOzB"}
|
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SWT3 AI Witness SDK: Sentinel Client.
|
|
3
|
+
*
|
|
4
|
+
* Thin proxy that connects to the swt3-sentinel daemon over a Unix
|
|
5
|
+
* domain socket. When the daemon is detected, witness operations
|
|
6
|
+
* (attestation signing, WAL persistence, Merkle accumulation) are
|
|
7
|
+
* delegated to the isolated process for tamper-proof evidence.
|
|
8
|
+
* When the daemon is absent, the SDK operates standalone with
|
|
9
|
+
* zero degradation.
|
|
10
|
+
*
|
|
11
|
+
* Auto-detection adds less than 10ms to initialization and requires
|
|
12
|
+
* zero code changes from the developer.
|
|
13
|
+
*
|
|
14
|
+
* Copyright (c) 2026 Tenable Nova LLC. Apache 2.0. Patent pending.
|
|
15
|
+
*/
|
|
16
|
+
import { connect } from "node:net";
|
|
17
|
+
import { randomUUID } from "node:crypto";
|
|
18
|
+
import { join } from "node:path";
|
|
19
|
+
import { homedir } from "node:os";
|
|
20
|
+
/** User-writable default: ~/.swt3/sentinel.sock. No root needed. */
|
|
21
|
+
const DEFAULT_SOCKET_PATH = join(homedir(), ".swt3", "sentinel.sock");
|
|
22
|
+
const DEFAULT_TIMEOUT_MS = 50;
|
|
23
|
+
const DETECT_TIMEOUT_MS = 10;
|
|
24
|
+
export class SentinelClient {
|
|
25
|
+
socket = null;
|
|
26
|
+
_connected = false;
|
|
27
|
+
pending = new Map();
|
|
28
|
+
buffer = "";
|
|
29
|
+
socketPath;
|
|
30
|
+
timeoutMs;
|
|
31
|
+
failSecure;
|
|
32
|
+
constructor(options = {}) {
|
|
33
|
+
this.socketPath = options.socketPath
|
|
34
|
+
?? process.env.SWT3_SENTINEL_SOCKET
|
|
35
|
+
?? DEFAULT_SOCKET_PATH;
|
|
36
|
+
this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
|
|
37
|
+
this.failSecure = options.failSecure ?? false;
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Non-blocking auto-detection. Attempts to connect to the sentinel
|
|
41
|
+
* daemon with a 10ms timeout. Returns a connected client or null.
|
|
42
|
+
*
|
|
43
|
+
* Usage:
|
|
44
|
+
* const sentinel = await SentinelClient.detect();
|
|
45
|
+
* if (sentinel) { // daemon present, delegate operations }
|
|
46
|
+
*/
|
|
47
|
+
static detect(socketPath) {
|
|
48
|
+
const path = socketPath
|
|
49
|
+
?? process.env.SWT3_SENTINEL_SOCKET
|
|
50
|
+
?? DEFAULT_SOCKET_PATH;
|
|
51
|
+
return new Promise((resolve) => {
|
|
52
|
+
const timer = setTimeout(() => {
|
|
53
|
+
sock.destroy();
|
|
54
|
+
resolve(null);
|
|
55
|
+
}, DETECT_TIMEOUT_MS);
|
|
56
|
+
const sock = connect({ path }, () => {
|
|
57
|
+
clearTimeout(timer);
|
|
58
|
+
sock.destroy();
|
|
59
|
+
// Socket exists and accepts connections -- create a real client
|
|
60
|
+
const client = new SentinelClient({ socketPath: path });
|
|
61
|
+
client.connect()
|
|
62
|
+
.then(() => resolve(client))
|
|
63
|
+
.catch(() => resolve(null));
|
|
64
|
+
});
|
|
65
|
+
sock.on("error", () => {
|
|
66
|
+
clearTimeout(timer);
|
|
67
|
+
resolve(null);
|
|
68
|
+
});
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
/** Connect to the sentinel daemon. */
|
|
72
|
+
async connect() {
|
|
73
|
+
return new Promise((resolve, reject) => {
|
|
74
|
+
this.socket = connect({ path: this.socketPath }, () => {
|
|
75
|
+
this._connected = true;
|
|
76
|
+
resolve();
|
|
77
|
+
});
|
|
78
|
+
this.socket.on("data", (chunk) => this.onData(chunk));
|
|
79
|
+
this.socket.on("close", () => {
|
|
80
|
+
this._connected = false;
|
|
81
|
+
this.rejectAllPending("Connection closed");
|
|
82
|
+
});
|
|
83
|
+
this.socket.on("error", (err) => {
|
|
84
|
+
this._connected = false;
|
|
85
|
+
this.rejectAllPending(err.message);
|
|
86
|
+
reject(err);
|
|
87
|
+
});
|
|
88
|
+
});
|
|
89
|
+
}
|
|
90
|
+
get connected() {
|
|
91
|
+
return this._connected;
|
|
92
|
+
}
|
|
93
|
+
/** Check a tool call against the shared enforcement engine. */
|
|
94
|
+
async check(tool) {
|
|
95
|
+
return this.request({ op: "check", tool });
|
|
96
|
+
}
|
|
97
|
+
/** Record a witness entry in the protected WAL. */
|
|
98
|
+
async record(fingerprint, payload) {
|
|
99
|
+
return this.request({ op: "record", fingerprint, payload });
|
|
100
|
+
}
|
|
101
|
+
/** Sign a payload using the daemon's isolated key. */
|
|
102
|
+
async sign(data, agentId) {
|
|
103
|
+
const resp = await this.request({ op: "sign", payload: data, agentId });
|
|
104
|
+
return resp.signature;
|
|
105
|
+
}
|
|
106
|
+
/** Record token consumption in the shared budget. */
|
|
107
|
+
async recordTokens(count) {
|
|
108
|
+
return this.request({ op: "tokens", count });
|
|
109
|
+
}
|
|
110
|
+
/** Flush the protected WAL. */
|
|
111
|
+
async flush() {
|
|
112
|
+
return this.request({ op: "flush" });
|
|
113
|
+
}
|
|
114
|
+
/** Get daemon status. */
|
|
115
|
+
async status() {
|
|
116
|
+
return this.request({ op: "status" });
|
|
117
|
+
}
|
|
118
|
+
/** Disconnect from the daemon. */
|
|
119
|
+
destroy() {
|
|
120
|
+
this.rejectAllPending("Client destroyed");
|
|
121
|
+
if (this.socket) {
|
|
122
|
+
this.socket.destroy();
|
|
123
|
+
this.socket = null;
|
|
124
|
+
}
|
|
125
|
+
this._connected = false;
|
|
126
|
+
}
|
|
127
|
+
// ── Internal ──────────────────────────────────────────────────────
|
|
128
|
+
request(req) {
|
|
129
|
+
const id = randomUUID().slice(0, 8);
|
|
130
|
+
const line = JSON.stringify({ ...req, id }) + "\n";
|
|
131
|
+
return new Promise((resolve, reject) => {
|
|
132
|
+
if (!this.socket || !this._connected) {
|
|
133
|
+
reject(new Error("Not connected to sentinel daemon"));
|
|
134
|
+
return;
|
|
135
|
+
}
|
|
136
|
+
const timer = setTimeout(() => {
|
|
137
|
+
this.pending.delete(id);
|
|
138
|
+
reject(new Error("Sentinel request timed out"));
|
|
139
|
+
}, this.timeoutMs);
|
|
140
|
+
this.pending.set(id, { resolve, reject, timer });
|
|
141
|
+
this.socket.write(line);
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
onData(chunk) {
|
|
145
|
+
this.buffer += chunk.toString();
|
|
146
|
+
let idx;
|
|
147
|
+
while ((idx = this.buffer.indexOf("\n")) !== -1) {
|
|
148
|
+
const line = this.buffer.slice(0, idx).trim();
|
|
149
|
+
this.buffer = this.buffer.slice(idx + 1);
|
|
150
|
+
if (!line)
|
|
151
|
+
continue;
|
|
152
|
+
try {
|
|
153
|
+
const resp = JSON.parse(line);
|
|
154
|
+
const pending = this.pending.get(resp.id);
|
|
155
|
+
if (pending) {
|
|
156
|
+
clearTimeout(pending.timer);
|
|
157
|
+
this.pending.delete(resp.id);
|
|
158
|
+
if (resp.ok) {
|
|
159
|
+
pending.resolve(resp);
|
|
160
|
+
}
|
|
161
|
+
else {
|
|
162
|
+
pending.reject(new Error(resp.error ?? "Sentinel error"));
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
catch {
|
|
167
|
+
// Corrupted response line -- skip
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
rejectAllPending(reason) {
|
|
172
|
+
for (const [id, pending] of this.pending) {
|
|
173
|
+
clearTimeout(pending.timer);
|
|
174
|
+
pending.reject(new Error(reason));
|
|
175
|
+
}
|
|
176
|
+
this.pending.clear();
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
//# sourceMappingURL=sentinel-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sentinel-client.js","sourceRoot":"","sources":["../src/sentinel-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAe,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,oEAAoE;AACpE,MAAM,mBAAmB,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;AACtE,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAC9B,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAsC7B,MAAM,OAAO,cAAc;IACjB,MAAM,GAAkB,IAAI,CAAC;IAC7B,UAAU,GAAG,KAAK,CAAC;IACnB,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC5C,MAAM,GAAG,EAAE,CAAC;IACZ,UAAU,CAAS;IACnB,SAAS,CAAS;IAClB,UAAU,CAAU;IAE5B,YAAY,UAAiC,EAAE;QAC7C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU;eAC/B,OAAO,CAAC,GAAG,CAAC,oBAAoB;eAChC,mBAAmB,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;QACzD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;IAChD,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,MAAM,CAAC,UAAmB;QAC/B,MAAM,IAAI,GAAG,UAAU;eAClB,OAAO,CAAC,GAAG,CAAC,oBAAoB;eAChC,mBAAmB,CAAC;QAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,EAAE,iBAAiB,CAAC,CAAC;YAEtB,MAAM,IAAI,GAAG,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE;gBAClC,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,CAAC,OAAO,EAAE,CAAC;gBACf,gEAAgE;gBAChE,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;gBACxD,MAAM,CAAC,OAAO,EAAE;qBACb,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;qBAC3B,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACpB,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,sCAAsC;IACtC,KAAK,CAAC,OAAO;QACX,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,GAAG,EAAE;gBACpD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;gBACvB,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAE9D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBAC3B,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;gBACxB,IAAI,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC9B,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;gBACxB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACnC,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,+DAA+D;IAC/D,KAAK,CAAC,KAAK,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,mDAAmD;IACnD,KAAK,CAAC,MAAM,CAAC,WAAmB,EAAE,OAAe;QAC/C,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,sDAAsD;IACtD,KAAK,CAAC,IAAI,CAAC,IAAY,EAAE,OAAgB;QACvC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,qDAAqD;IACrD,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,+BAA+B;IAC/B,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,yBAAyB;IACzB,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,kCAAkC;IAClC,OAAO;QACL,IAAI,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;QAC1C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACtB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;IAC1B,CAAC;IAED,qEAAqE;IAE7D,OAAO,CAAC,GAA4B;QAC1C,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC;QAEnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrC,MAAM,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC;gBACtD,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACxB,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;YAClD,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAEnB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACjD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,MAAM,CAAC,KAAa;QAC1B,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,GAAW,CAAC;QAChB,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACzC,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC1C,IAAI,OAAO,EAAE,CAAC;oBACZ,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;oBAC5B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAC7B,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;wBACZ,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBACxB,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,gBAAgB,CAAC,CAAC,CAAC;oBAC5D,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,kCAAkC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,MAAc;QACrC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACzC,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC5B,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF"}
|
package/dist/signing.d.ts
CHANGED
|
@@ -1,20 +1,45 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* SWT3 AI Witness SDK - Payload Signing
|
|
2
|
+
* SWT3 AI Witness SDK - Payload Signing.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
4
|
+
* Supports HMAC-SHA256 (default) and ML-DSA-65 (FIPS 204, post-quantum).
|
|
5
5
|
* The signature input is deterministic and must match the Python SDK.
|
|
6
|
+
*
|
|
7
|
+
* ML-DSA-65 requires: npm install @noble/post-quantum
|
|
8
|
+
*/
|
|
9
|
+
export declare const SIGNING_ALGORITHM_HMAC: "hmac-sha256";
|
|
10
|
+
export declare const SIGNING_ALGORITHM_MLDSA: "ml-dsa-65";
|
|
11
|
+
export type SigningAlgorithm = typeof SIGNING_ALGORITHM_HMAC | typeof SIGNING_ALGORITHM_MLDSA;
|
|
12
|
+
export declare const VALID_SIGNING_ALGORITHMS: Set<string>;
|
|
13
|
+
export declare const DEFAULT_SIGNING_ALGORITHM: SigningAlgorithm;
|
|
14
|
+
/**
|
|
15
|
+
* Generate an ML-DSA-65 key pair from a random 32-byte seed.
|
|
16
|
+
* @returns { seed: Uint8Array, publicKey: Uint8Array } - seed is 32 bytes, publicKey is 1952 bytes.
|
|
17
|
+
*/
|
|
18
|
+
export declare function generateMldsaKeypair(): {
|
|
19
|
+
seed: Uint8Array;
|
|
20
|
+
publicKey: Uint8Array;
|
|
21
|
+
};
|
|
22
|
+
/**
|
|
23
|
+
* Verify an ML-DSA-65 signature.
|
|
24
|
+
* @param publicKeyHex - Hex-encoded public key (1952 bytes = 3904 hex chars).
|
|
25
|
+
* @param message - The canonical message that was signed.
|
|
26
|
+
* @param signatureHex - Hex-encoded ML-DSA-65 signature.
|
|
27
|
+
* @returns True if valid, false otherwise.
|
|
6
28
|
*/
|
|
29
|
+
export declare function verifyMldsa(publicKeyHex: string, message: string, signatureHex: string): boolean;
|
|
7
30
|
/**
|
|
8
|
-
* Sign an anchor fingerprint
|
|
31
|
+
* Sign an anchor fingerprint.
|
|
9
32
|
*
|
|
10
|
-
* @param signingKey -
|
|
33
|
+
* @param signingKey - For hmac-sha256: shared secret string.
|
|
34
|
+
* For ml-dsa-65: hex-encoded 32-byte seed.
|
|
11
35
|
* @param anchorFingerprint - The 12-char hex fingerprint to sign.
|
|
12
36
|
* @param agentId - Optional agent identifier to bind to the signature.
|
|
13
|
-
* @
|
|
37
|
+
* @param algorithm - "hmac-sha256" (default) or "ml-dsa-65".
|
|
38
|
+
* @returns Hex-encoded signature string.
|
|
14
39
|
*
|
|
15
40
|
* Message format:
|
|
16
41
|
* "{fingerprint}:{agentId}" if agentId is provided
|
|
17
42
|
* "{fingerprint}" if agentId is undefined
|
|
18
43
|
*/
|
|
19
|
-
export declare function signPayload(signingKey: string, anchorFingerprint: string, agentId?: string): string;
|
|
44
|
+
export declare function signPayload(signingKey: string, anchorFingerprint: string, agentId?: string, algorithm?: SigningAlgorithm): string;
|
|
20
45
|
//# sourceMappingURL=signing.d.ts.map
|
package/dist/signing.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,eAAO,MAAM,sBAAsB,EAAG,aAAsB,CAAC;AAC7D,eAAO,MAAM,uBAAuB,EAAG,WAAoB,CAAC;AAC5D,MAAM,MAAM,gBAAgB,GAAG,OAAO,sBAAsB,GAAG,OAAO,uBAAuB,CAAC;AAC9F,eAAO,MAAM,wBAAwB,aAAqE,CAAC;AAC3G,eAAO,MAAM,yBAAyB,EAAE,gBAAyC,CAAC;AAsClF;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,SAAS,EAAE,UAAU,CAAA;CAAE,CAMlF;AAYD;;;;;;GAMG;AACH,wBAAgB,WAAW,CACzB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,OAAO,CAUT;AAmBD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,WAAW,CACzB,UAAU,EAAE,MAAM,EAClB,iBAAiB,EAAE,MAAM,EACzB,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,GAAE,gBAA4C,GACtD,MAAM,CAgBR"}
|
package/dist/signing.js
CHANGED
|
@@ -1,28 +1,121 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* SWT3 AI Witness SDK - Payload Signing
|
|
2
|
+
* SWT3 AI Witness SDK - Payload Signing.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
4
|
+
* Supports HMAC-SHA256 (default) and ML-DSA-65 (FIPS 204, post-quantum).
|
|
5
5
|
* The signature input is deterministic and must match the Python SDK.
|
|
6
|
+
*
|
|
7
|
+
* ML-DSA-65 requires: npm install @noble/post-quantum
|
|
6
8
|
*/
|
|
7
9
|
import { createHmac } from "node:crypto";
|
|
10
|
+
import { createRequire } from "node:module";
|
|
11
|
+
// ── Algorithm Constants ──────────────────────────────────────────────
|
|
12
|
+
export const SIGNING_ALGORITHM_HMAC = "hmac-sha256";
|
|
13
|
+
export const SIGNING_ALGORITHM_MLDSA = "ml-dsa-65";
|
|
14
|
+
export const VALID_SIGNING_ALGORITHMS = new Set([SIGNING_ALGORITHM_HMAC, SIGNING_ALGORITHM_MLDSA]);
|
|
15
|
+
export const DEFAULT_SIGNING_ALGORITHM = SIGNING_ALGORITHM_HMAC;
|
|
16
|
+
// ── Message Builder ──────────────────────────────────────────────────
|
|
17
|
+
function buildMessage(anchorFingerprint, agentId) {
|
|
18
|
+
return agentId ? `${anchorFingerprint}:${agentId}` : anchorFingerprint;
|
|
19
|
+
}
|
|
20
|
+
// ── HMAC-SHA256 ──────────────────────────────────────────────────────
|
|
21
|
+
function signHmac(signingKey, message) {
|
|
22
|
+
return createHmac("sha256", signingKey)
|
|
23
|
+
.update(message, "utf-8")
|
|
24
|
+
.digest("hex");
|
|
25
|
+
}
|
|
26
|
+
// ── ML-DSA-65 (FIPS 204) ────────────────────────────────────────────
|
|
27
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
28
|
+
let _mlDsa = null;
|
|
29
|
+
function getMlDsa() {
|
|
30
|
+
if (_mlDsa)
|
|
31
|
+
return _mlDsa;
|
|
32
|
+
try {
|
|
33
|
+
// Use createRequire for ESM-compatible sync import of @noble/post-quantum
|
|
34
|
+
const esmRequire = createRequire(import.meta.url);
|
|
35
|
+
_mlDsa = esmRequire("@noble/post-quantum/ml-dsa.js");
|
|
36
|
+
return _mlDsa;
|
|
37
|
+
}
|
|
38
|
+
catch {
|
|
39
|
+
throw new Error("ML-DSA-65 signing requires @noble/post-quantum. " +
|
|
40
|
+
"Install with: npm install @noble/post-quantum");
|
|
41
|
+
}
|
|
42
|
+
}
|
|
8
43
|
/**
|
|
9
|
-
*
|
|
44
|
+
* Generate an ML-DSA-65 key pair from a random 32-byte seed.
|
|
45
|
+
* @returns { seed: Uint8Array, publicKey: Uint8Array } - seed is 32 bytes, publicKey is 1952 bytes.
|
|
46
|
+
*/
|
|
47
|
+
export function generateMldsaKeypair() {
|
|
48
|
+
const { ml_dsa65 } = getMlDsa();
|
|
49
|
+
const seed = globalThis.crypto?.getRandomValues?.(new Uint8Array(32))
|
|
50
|
+
?? require("node:crypto").randomBytes(32);
|
|
51
|
+
const kp = ml_dsa65.keygen(seed);
|
|
52
|
+
return { seed, publicKey: kp.publicKey };
|
|
53
|
+
}
|
|
54
|
+
function signMlDsa(seedHex, message) {
|
|
55
|
+
const { ml_dsa65 } = getMlDsa();
|
|
56
|
+
const seed = hexToBytes(seedHex);
|
|
57
|
+
// Expand seed to full 4032-byte secret key via deterministic keygen
|
|
58
|
+
const kp = ml_dsa65.keygen(seed);
|
|
59
|
+
const msgBytes = new TextEncoder().encode(message);
|
|
60
|
+
const sig = ml_dsa65.sign(msgBytes, kp.secretKey);
|
|
61
|
+
return bytesToHex(sig);
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Verify an ML-DSA-65 signature.
|
|
65
|
+
* @param publicKeyHex - Hex-encoded public key (1952 bytes = 3904 hex chars).
|
|
66
|
+
* @param message - The canonical message that was signed.
|
|
67
|
+
* @param signatureHex - Hex-encoded ML-DSA-65 signature.
|
|
68
|
+
* @returns True if valid, false otherwise.
|
|
69
|
+
*/
|
|
70
|
+
export function verifyMldsa(publicKeyHex, message, signatureHex) {
|
|
71
|
+
const { ml_dsa65 } = getMlDsa();
|
|
72
|
+
const publicKey = hexToBytes(publicKeyHex);
|
|
73
|
+
const msgBytes = new TextEncoder().encode(message);
|
|
74
|
+
const sig = hexToBytes(signatureHex);
|
|
75
|
+
try {
|
|
76
|
+
return ml_dsa65.verify(sig, msgBytes, publicKey);
|
|
77
|
+
}
|
|
78
|
+
catch {
|
|
79
|
+
return false;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
// ── Hex Utilities ────────────────────────────────────────────────────
|
|
83
|
+
function hexToBytes(hex) {
|
|
84
|
+
const len = hex.length;
|
|
85
|
+
const bytes = new Uint8Array(len / 2);
|
|
86
|
+
for (let i = 0; i < len; i += 2) {
|
|
87
|
+
bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
|
|
88
|
+
}
|
|
89
|
+
return bytes;
|
|
90
|
+
}
|
|
91
|
+
function bytesToHex(bytes) {
|
|
92
|
+
return Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
|
|
93
|
+
}
|
|
94
|
+
// ── Public API ───────────────────────────────────────────────────────
|
|
95
|
+
/**
|
|
96
|
+
* Sign an anchor fingerprint.
|
|
10
97
|
*
|
|
11
|
-
* @param signingKey -
|
|
98
|
+
* @param signingKey - For hmac-sha256: shared secret string.
|
|
99
|
+
* For ml-dsa-65: hex-encoded 32-byte seed.
|
|
12
100
|
* @param anchorFingerprint - The 12-char hex fingerprint to sign.
|
|
13
101
|
* @param agentId - Optional agent identifier to bind to the signature.
|
|
14
|
-
* @
|
|
102
|
+
* @param algorithm - "hmac-sha256" (default) or "ml-dsa-65".
|
|
103
|
+
* @returns Hex-encoded signature string.
|
|
15
104
|
*
|
|
16
105
|
* Message format:
|
|
17
106
|
* "{fingerprint}:{agentId}" if agentId is provided
|
|
18
107
|
* "{fingerprint}" if agentId is undefined
|
|
19
108
|
*/
|
|
20
|
-
export function signPayload(signingKey, anchorFingerprint, agentId) {
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
109
|
+
export function signPayload(signingKey, anchorFingerprint, agentId, algorithm = DEFAULT_SIGNING_ALGORITHM) {
|
|
110
|
+
if (!VALID_SIGNING_ALGORITHMS.has(algorithm)) {
|
|
111
|
+
throw new Error(`Unknown signing algorithm: '${algorithm}'. ` +
|
|
112
|
+
`Valid: ${[...VALID_SIGNING_ALGORITHMS].sort().join(", ")}`);
|
|
113
|
+
}
|
|
114
|
+
const message = buildMessage(anchorFingerprint, agentId);
|
|
115
|
+
if (algorithm === SIGNING_ALGORITHM_HMAC) {
|
|
116
|
+
return signHmac(signingKey, message);
|
|
117
|
+
}
|
|
118
|
+
// ML-DSA-65: signingKey is hex-encoded private key bytes
|
|
119
|
+
return signMlDsa(signingKey, message);
|
|
27
120
|
}
|
|
28
121
|
//# sourceMappingURL=signing.js.map
|
package/dist/signing.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,wEAAwE;AAExE,MAAM,CAAC,MAAM,sBAAsB,GAAG,aAAsB,CAAC;AAC7D,MAAM,CAAC,MAAM,uBAAuB,GAAG,WAAoB,CAAC;AAE5D,MAAM,CAAC,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAS,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,CAAC,CAAC;AAC3G,MAAM,CAAC,MAAM,yBAAyB,GAAqB,sBAAsB,CAAC;AAElF,wEAAwE;AAExE,SAAS,YAAY,CAAC,iBAAyB,EAAE,OAAgB;IAC/D,OAAO,OAAO,CAAC,CAAC,CAAC,GAAG,iBAAiB,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC;AACzE,CAAC;AAED,wEAAwE;AAExE,SAAS,QAAQ,CAAC,UAAkB,EAAE,OAAe;IACnD,OAAO,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC;SACpC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC;SACxB,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,uEAAuE;AAEvE,8DAA8D;AAC9D,IAAI,MAAM,GAAQ,IAAI,CAAC;AAIvB,SAAS,QAAQ;IACf,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,IAAI,CAAC;QACH,0EAA0E;QAC1E,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClD,MAAM,GAAG,UAAU,CAAC,+BAA+B,CAAC,CAAC;QACrD,OAAO,MAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,kDAAkD;YAClD,+CAA+C,CAChD,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,eAAe,EAAE,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;WAChE,OAAO,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAC5C,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,SAAS,CAAC,OAAe,EAAE,OAAe;IACjD,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACjC,oEAAoE;IACpE,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC;IAClD,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CACzB,YAAoB,EACpB,OAAe,EACf,YAAoB;IAEpB,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;IAChC,MAAM,SAAS,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,OAAO,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,UAAU,CAAC,KAAiB;IACnC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,wEAAwE;AAExE;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,WAAW,CACzB,UAAkB,EAClB,iBAAyB,EACzB,OAAgB,EAChB,YAA8B,yBAAyB;IAEvD,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,+BAA+B,SAAS,KAAK;YAC7C,UAAU,CAAC,GAAG,wBAAwB,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;IAEzD,IAAI,SAAS,KAAK,sBAAsB,EAAE,CAAC;QACzC,OAAO,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,yDAAyD;IACzD,OAAO,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AACxC,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -20,12 +20,14 @@ export interface WitnessConfig {
|
|
|
20
20
|
signingKey?: string;
|
|
21
21
|
signingKeyId?: string;
|
|
22
22
|
signingKeyVersion?: number;
|
|
23
|
+
signingAlgorithm?: "hmac-sha256" | "ml-dsa-65";
|
|
23
24
|
cycleId?: string;
|
|
24
25
|
policyVersion?: string;
|
|
25
26
|
jurisdiction?: string;
|
|
26
27
|
legalBasis?: string;
|
|
27
28
|
purposeClass?: string;
|
|
28
29
|
tokenBudget?: number;
|
|
30
|
+
chainMinTrustLevel?: number;
|
|
29
31
|
onFlush?: (payloads: WitnessPayload[], receipts: WitnessReceipt[]) => void;
|
|
30
32
|
}
|
|
31
33
|
export interface WitnessPayload {
|
|
@@ -48,6 +50,7 @@ export interface WitnessPayload {
|
|
|
48
50
|
agent_id?: string;
|
|
49
51
|
cycle_id?: string;
|
|
50
52
|
payload_signature?: string;
|
|
53
|
+
signing_algorithm?: string;
|
|
51
54
|
signing_key_id?: string;
|
|
52
55
|
signing_key_version?: number;
|
|
53
56
|
policy_version_hash?: string;
|
|
@@ -152,6 +155,12 @@ export declare const BINDING_METHODS: Record<string, number>;
|
|
|
152
155
|
export declare const APPROVAL_STATUS: Record<string, number>;
|
|
153
156
|
/** Training data PII lifecycle event type codes for AI-DATA.4. */
|
|
154
157
|
export declare const PII_EVENT_TYPES: Record<string, number>;
|
|
158
|
+
/** Content type codes for AI-MARK.1 content provenance marking. */
|
|
159
|
+
export declare const CONTENT_TYPE_CODES: Record<string, number>;
|
|
160
|
+
/** Valid marking methods for AI-MARK.1. */
|
|
161
|
+
export declare const MARKING_METHODS: readonly ["c2pa", "watermark", "metadata_tag", "steganographic", "manifest"];
|
|
162
|
+
/** Baseline mode codes for AI-BASE.1 agent behavioral baseline. */
|
|
163
|
+
export declare const BASELINE_MODE_CODES: Record<string, number>;
|
|
155
164
|
/** Trust mesh configuration from .swt3.yaml trust_mesh section. */
|
|
156
165
|
export interface TrustMeshConfig {
|
|
157
166
|
mode: "strict" | "permissive" | "monitor";
|
|
@@ -171,11 +180,26 @@ export interface TrustMeshConfig {
|
|
|
171
180
|
key: string;
|
|
172
181
|
}[];
|
|
173
182
|
}
|
|
183
|
+
/** Hardware runtime profile for config-time topology binding. */
|
|
184
|
+
export interface RuntimeProfileConfig {
|
|
185
|
+
expectedTopology?: string;
|
|
186
|
+
minGpuCount?: number;
|
|
187
|
+
minMemoryMb?: number;
|
|
188
|
+
expectedAccelerator?: string;
|
|
189
|
+
maxTemperatureCelsius?: number;
|
|
190
|
+
maxPowerWatts?: number;
|
|
191
|
+
}
|
|
174
192
|
/** Hardware attestation configuration from .swt3.yaml hardware section. */
|
|
175
193
|
export interface HardwareConfig {
|
|
176
194
|
requireAttestation: boolean;
|
|
177
195
|
attestationFreshness: number;
|
|
178
196
|
allowedMethods: string[];
|
|
197
|
+
runtimeProfile?: RuntimeProfileConfig;
|
|
198
|
+
}
|
|
199
|
+
/** Skill card configuration from .swt3.yaml skill_card section. */
|
|
200
|
+
export interface SkillCardConfig {
|
|
201
|
+
skills: (string | SkillInfo)[];
|
|
202
|
+
expectedManifestHash?: string;
|
|
179
203
|
}
|
|
180
204
|
/** Density policy configuration from .swt3.yaml density_policy section. */
|
|
181
205
|
export interface DensityPolicyConfig {
|
|
@@ -259,6 +283,7 @@ export interface LoadedConfig {
|
|
|
259
283
|
witnessOptions: Record<string, unknown>;
|
|
260
284
|
trustMesh: TrustMeshConfig | null;
|
|
261
285
|
hardware: HardwareConfig | null;
|
|
286
|
+
skillCard: SkillCardConfig | null;
|
|
262
287
|
densityPolicy: DensityPolicyConfig | null;
|
|
263
288
|
mcpPolicy: McpPolicyConfig | null;
|
|
264
289
|
merkle: MerkleConfig | null;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,IAAI,CAAC;CAC5E;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wBAAwB,EAAE,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,mDAAmD;AACnD,eAAO,MAAM,aAAa,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,aAAa,GAAG,WAAW,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,IAAI,CAAC;CAC5E;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wBAAwB,EAAE,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,mDAAmD;AACnD,eAAO,MAAM,aAAa,aAqCxB,CAAC;AAEH,2DAA2D;AAC3D,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,uCAAuC;AACvC,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC,EAAE,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,0DAA0D;AAC1D,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,gEAAgE;AAChE,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,4DAA4D;AAC5D,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,mEAAmE;AACnE,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,8CAA8C;AAC9C,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAErD,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAEpD,CAAC;AAEF,mDAAmD;AACnD,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAElD,CAAC;AAEF,yDAAyD;AACzD,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAElD,CAAC;AAEF,kEAAkE;AAClE,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAGlD,CAAC;AAEF,mEAAmE;AACnE,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAErD,CAAC;AAEF,2CAA2C;AAC3C,eAAO,MAAM,eAAe,8EAElB,CAAC;AAEX,mEAAmE;AACnE,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAEtD,CAAC;AAIF,mEAAmE;AACnE,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,QAAQ,GAAG,YAAY,GAAG,SAAS,CAAC;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,aAAa,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACnD,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC/C;AAED,iEAAiE;AACjE,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,2EAA2E;AAC3E,MAAM,WAAW,cAAc;IAC7B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,CAAC,EAAE,oBAAoB,CAAC;CACvC;AAED,mEAAmE;AACnE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,CAAC;IAC/B,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,2EAA2E;AAC3E,MAAM,WAAW,mBAAmB;IAClC,2BAA2B,EAAE,MAAM,CAAC;IACpC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,8EAA8E;AAC9E,MAAM,WAAW,SAAS;IACxB,8EAA8E;IAC9E,KAAK,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,MAAM,EAAE,OAAO,GAAG,KAAK,CAAC;IACxB,uDAAuD;IACvD,MAAM,EAAE,MAAM,CAAC;IACf,sDAAsD;IACtD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,0DAA0D;AAC1D,MAAM,WAAW,oBAAoB;IACnC,kEAAkE;IAClE,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,MAAM,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC7B,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,qEAAqE;AACrE,MAAM,WAAW,eAAe;IAC9B,oFAAoF;IACpF,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,2EAA2E;IAC3E,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kEAAkE;IAClE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,WAAW,EAAE,OAAO,CAAC;IACrB,2EAA2E;IAC3E,cAAc,EAAE,OAAO,CAAC;IACxB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+DAA+D;IAC/D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mEAAmE;IACnE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,sCAAsC;IACtC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,kFAAkF;IAClF,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC;IACpB,4EAA4E;IAC5E,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,uEAAuE;AACvE,MAAM,WAAW,YAAY;IAC3B,0CAA0C;IAC1C,OAAO,EAAE,OAAO,CAAC;IACjB,6EAA6E;IAC7E,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED,0DAA0D;AAC1D,MAAM,WAAW,YAAY;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAED,uDAAuD;AACvD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAC;IAChC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAC1C,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,MAAM,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACpB"}
|
package/dist/types.js
CHANGED
|
@@ -31,11 +31,14 @@ export const AI_PROCEDURES = new Set([
|
|
|
31
31
|
"AI-CHR.1",
|
|
32
32
|
"AI-VIO.1",
|
|
33
33
|
"AI-CHAIN.1",
|
|
34
|
+
"AI-CHAIN.2",
|
|
34
35
|
"AI-SAFE.1",
|
|
35
36
|
"AI-DATA.3",
|
|
36
37
|
"AI-DATA.4",
|
|
37
38
|
"AI-ENV.1",
|
|
38
39
|
"AI-ENV.2",
|
|
40
|
+
"AI-MARK.1",
|
|
41
|
+
"AI-BASE.1",
|
|
39
42
|
]);
|
|
40
43
|
/** Quantization method codes for AI-MDL.7. */
|
|
41
44
|
export const QUANTIZATION_CODES = {
|
|
@@ -58,4 +61,16 @@ export const PII_EVENT_TYPES = {
|
|
|
58
61
|
unspecified: 0, pseudonymization: 1, anonymization: 2,
|
|
59
62
|
access_restriction: 3, deletion: 4, encryption: 5,
|
|
60
63
|
};
|
|
64
|
+
/** Content type codes for AI-MARK.1 content provenance marking. */
|
|
65
|
+
export const CONTENT_TYPE_CODES = {
|
|
66
|
+
text: 0, image: 1, audio: 2, video: 3, multimodal: 4, code: 5, structured_data: 6,
|
|
67
|
+
};
|
|
68
|
+
/** Valid marking methods for AI-MARK.1. */
|
|
69
|
+
export const MARKING_METHODS = [
|
|
70
|
+
"c2pa", "watermark", "metadata_tag", "steganographic", "manifest",
|
|
71
|
+
];
|
|
72
|
+
/** Baseline mode codes for AI-BASE.1 agent behavioral baseline. */
|
|
73
|
+
export const BASELINE_MODE_CODES = {
|
|
74
|
+
establishing: 0, monitoring: 1, drift_detected: 2, baseline_reset: 3,
|
|
75
|
+
};
|
|
61
76
|
//# sourceMappingURL=types.js.map
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AA2GH,mDAAmD;AACnD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IACnC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,UAAU,EAAE,UAAU,EAAE,UAAU;IAClC,WAAW,EAAE,WAAW,EAAE,WAAW;IACrC,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,SAAS;IACT,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,YAAY;IACZ,YAAY;IACZ,YAAY;IACZ,SAAS;IACT,SAAS;IACT,YAAY;IACZ,YAAY;IACZ,UAAU;IACV,UAAU;IACV,YAAY;IACZ,YAAY;IACZ,WAAW;IACX,WAAW;IACX,WAAW;IACX,UAAU;IACV,UAAU;IACV,WAAW;IACX,WAAW;CACZ,CAAC,CAAC;AAkDH,8CAA8C;AAC9C,MAAM,CAAC,MAAM,kBAAkB,GAA2B;IACxD,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;CACtE,CAAC;AAEF,oDAAoD;AACpD,MAAM,CAAC,MAAM,iBAAiB,GAA2B;IACvD,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;CACzE,CAAC;AAEF,mDAAmD;AACnD,MAAM,CAAC,MAAM,eAAe,GAA2B;IACrD,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC;CACtC,CAAC;AAEF,yDAAyD;AACzD,MAAM,CAAC,MAAM,eAAe,GAA2B;IACrD,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC;CACnC,CAAC;AAEF,kEAAkE;AAClE,MAAM,CAAC,MAAM,eAAe,GAA2B;IACrD,WAAW,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC;IACrD,kBAAkB,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;CAClD,CAAC;AAEF,mEAAmE;AACnE,MAAM,CAAC,MAAM,kBAAkB,GAA2B;IACxD,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC;CAClF,CAAC;AAEF,2CAA2C;AAC3C,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,UAAU;CACzD,CAAC;AAEX,mEAAmE;AACnE,MAAM,CAAC,MAAM,mBAAmB,GAA2B;IACzD,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC;CACrE,CAAC"}
|
package/dist/wal.d.ts
CHANGED
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
* duplicate witness anchors from being submitted. The set is populated
|
|
15
15
|
* from the WAL on startup and updated on each enqueue.
|
|
16
16
|
*
|
|
17
|
-
*
|
|
17
|
+
* Copyright (c) 2026 Tenable Nova LLC. Apache 2.0. Patent pending.
|
|
18
18
|
*/
|
|
19
19
|
import type { WitnessPayload } from "./types.js";
|
|
20
20
|
export interface WalOptions {
|