@tenova/swt3-mcp 0.1.0 → 0.5.2

package/README.md

@@ -1,7 +1,117 @@
 # @tenova/swt3-mcp
 
+> Listed on the [MCP Registry](https://github.com/modelcontextprotocol/servers) as `io.tenova/swt3-witness`
+
 MCP server for the SWT3 AI Witness protocol. Adds cryptographic compliance attestation to any MCP-compatible AI agent.
 
+SWT3 (Sovereign Witness Traceability) works by hashing your AI's inputs and outputs locally, extracting numeric factors (latency, token count, guardrail status), and anchoring them into a cryptographic fingerprint that anyone can independently verify. Your prompts and responses never leave your machine. The auditor gets tamper-proof evidence. You keep your data.
+
+## Why This Exists
+
+In 2026, attackers exploited MCP configuration injection in Flowise to achieve arbitrary code execution across thousands of AI workflow instances. A compromised third-party AI tool (Context.ai) pivoted into Vercel's internal systems. Microsoft disclosed RCE vulnerabilities in Semantic Kernel where a single prompt could execute commands on the host. 65% of firms reported AI agent security incidents. Only 14.4% of agents go live with full security approval.
+
+Every tool call your agent makes is an attack surface. This server witnesses those calls, enforces tool-level policy gates, and produces a cryptographic evidence chain that proves what happened. If an agent is compromised, the audit trail is immutable. If a tool call violates policy, the gate blocks it before execution.
+
+## Trust Mesh -- Secure Agent-to-Agent Communication
+
+Witnessing your own agent is step one. The next question is: can you trust the agent on the other side? Before two agents exchange data, invoke each other's tools, or share context, each side verifies the other's compliance posture. No anchor, no handshake.
+
+**You run Agent A. Your partner runs Agent B. Here's what happens:**
+
+```
+Your Agent (A)                    Partner's Agent (B)
+     |                                  |
+     |--- presentCredential() --------->|
+     |                                  |-- verifyTrust(credential)
+     |                                  |-- signed? yes
+     |                                  |-- procedures witnessed? 12 of 12
+     |                                  |-- trust level? 2 (verified)
+     |<---------- GRANTED --------------|
+     |                                  |
+     |    (data exchange begins)        |
+     |                                  |
+     |<-- presentCredential() ----------|
+     |-- verifyTrust(credential)        |
+     |-- signed? yes                    |
+     |-- trusted tenant? yes            |
+     |------------ GRANTED ------------>|
+     |                                  |
+     |    (bidirectional trust)         |
+```
+
+**What each side needs:**
+
+1. Both agents install the SDK (`pip install swt3-ai` or `npm install @tenova/swt3-ai`)
+2. Both configure `.swt3.yaml` with signing keys and trust boundaries
+3. Both add each other's tenant to `trusted_tenants`
+4. Exchange signing keys out-of-band (env vars, secrets manager, KMS)
+5. Call `presentCredential()` / `verifyTrust()` before any data exchange
+
+That's it. When you adopt the SWT3 witness layer, your partners and vendors must adopt it too in order to interact with your agents. Compliance becomes the connection protocol. Every agent in the mesh strengthens the network.
+
+```yaml
+# Your .swt3.yaml
+trust_mesh:
+  mode: strict
+  min_trust_level: 2
+  require_signature: true
+  trusted_tenants: ["PARTNER_B_TENANT"]
+
+# Partner's .swt3.yaml
+trust_mesh:
+  mode: strict
+  min_trust_level: 2
+  require_signature: true
+  trusted_tenants: ["YOUR_TENANT"]
+```
+
+**Trust levels:**
+
+| Level | Name | What It Means |
+|-------|------|---------------|
+| 1 | Basic | Valid credential, no signature verified |
+| 2 | Verified | Credential + HMAC signature confirmed |
+| 3 | Attested | Verified + hardware attestation + guardrails |
+| 4 | Sovereign | Attested + clearing level 2+ |
+
+Unsigned agents are capped at level 1. You decide the minimum level your agents accept. All verification is local. Zero cloud overhead. No data leaves until both sides clear the gate.
+
+## Policy-as-Code (swt3.yaml)
+
+Define your entire witnessing policy in a YAML file. No constructor parameters, no environment variable sprawl:
+
+```bash
+# Generate a config from a built-in profile
+npx @tenova/swt3-mcp  # reads .swt3.yaml automatically
+```
+
+```yaml
+# .swt3.yaml
+endpoint: https://sovereign.tenova.io
+tenant_id: YOUR_TENANT
+api_key_env: SWT3_API_KEY
+clearing_level: 2
+signing_key_env: SWT3_SIGNING_KEY
+agent_id: my-agent
+
+trust_mesh:
+  mode: strict
+  min_trust_level: 2
+  require_signature: true
+
+mcp_policy:
+  require_witness: true
+  blocked_tools: ["shell_exec", "rm_rf"]
+```
+
+Layer configs with `extends:` for environment-specific overrides. Three built-in profiles ship with the SDK: `eu-ai-act-high-risk`, `nist-ai-rmf`, and `minimal`.
+
+Validate your config:
+
+```bash
+npx swt3 doctor       # 8 checks: YAML, env vars, profile, trust mesh
+```
+
 ## Zero-config start
 
 ```bash
@@ -10,6 +120,19 @@ npx @tenova/swt3-mcp
 
 That's it. No account, no API key, no configuration. The server starts in demo mode and mints local witness anchors immediately.
 
+Ask your agent to witness an inference and you'll see:
+
+```
+Verdict: PASS
+Anchor: SWT3-DEMO-LOCAL-AI-AIINF1-PASS-1779146826-ed28dc4c2698
+Procedure: AI-INF.1
+Model: gpt-4o
+Clearing Level: 1
+Fingerprint: ed28dc4c2698
+```
+
+That fingerprint is a SHA-256 hash of the tenant, procedure, factors, and timestamp. Anyone can recompute it independently. If it matches, the anchor is real. If a single bit changed, the hash breaks.
+
 When you're ready to persist anchors to the SWT3 ledger, use the `signup` tool from within your agent conversation -- no need to leave your editor.
 
 ## Setup
@@ -68,49 +191,55 @@ claude mcp add swt3 -- npx @tenova/swt3-mcp
 | **API key only** | `SWT3_API_KEY` | Tenant auto-resolved, anchors persisted |
 | **Full config** | `SWT3_API_KEY` + `SWT3_TENANT_ID` | Explicit tenant, anchors persisted |
 
-## Tools
-
-### witness_inference
+## Regulatory Coverage
 
-Mint a cryptographic witness anchor for an AI inference.
+Every anchor maps to specific regulatory obligations:
 
-```
-model_id: "gpt-4o"            # required -- everything else is optional
-prompt: "What is 2+2?"        # hashed locally, never sent to server
-response: "4"                 # hashed locally, never sent to server
-```
+- **EU AI Act**: Articles 9, 10, 12, 13, 14, 53, 72
+- **NIST AI RMF**: GOVERN, MAP, MEASURE, MANAGE functions
+- **OWASP Agentic Top 10**: Tool abuse, prompt injection, chain exploitation
+- **CMMC**: Level 2 evidence automation for defense contractors
+- **NIST 800-53**: SI-7 (integrity), AU-2/AU-3 (audit), AC controls
+- **SR 11-7**: Model risk management for financial services
+- **ISO 42001**: Annex A AI management controls
 
-Returns verdict (PASS/FAIL), anchor token, and verification URL.
+## Tools (18)
 
-### verify_anchor
+**Witnessing:**
+`witness_inference` -- mint a cryptographic anchor for any AI inference. Prompt and response are hashed locally, never sent to the server. Returns verdict (PASS/FAIL), anchor token, and verification URL.
 
-Verify the cryptographic integrity of an existing anchor.
+**Verification:**
+`verify_anchor` -- verify the cryptographic integrity of an existing anchor.
 
-```
-token: "SWT3-E-VULTR-AI-AIINF1-PASS-1700000000-96b7d56c0245"
-```
+**Trust Mesh:**
+`verify_agent_trust` -- verify another agent's compliance credential.
+`present_trust_credential` -- present your agent's credential for verification.
 
-### list_procedures
+**Audit Sessions:**
+`start_audit_session` -- begin a scoped audit session with a session ID.
+`end_audit_session` -- close the session and get a summary with Merkle root.
 
-Browse the UCT procedure registry. 151+ compliance controls.
+**Agent Chains:**
+`start_chain` -- initialize a multi-agent chain with a cycle ID.
+`chain_handoff` -- record a handoff between agents in the chain.
+`report_violation` -- report a policy violation with severity and category.
 
-```
-namespace: "AI"               # optional filter
-```
+**Model Governance:**
+`witness_model_integrity` -- witness model weight hashes for tamper detection.
+`witness_adapter_stack` -- witness LoRA/adapter configurations.
 
-### check_posture
+**Skill Attestation:**
+`attest_skill_manifest` -- witness which skills and plugins are loaded.
+`attest_memory_context` -- witness which memory sources the agent accesses.
 
-Check current tenant compliance posture. No arguments.
-
-### signup
-
-Get a signup link to create a free account. No credentials pass through the AI.
-
-```
-framework: "EU-AI-ACT"        # optional (default: NIST-800-53)
-```
+**Authorization:**
+`witness_authorization` -- witness pre-inference authorization decisions.
 
-Returns a browser URL. Complete signup there, copy your API key, add it to your MCP config.
+**Discovery:**
+`list_procedures` -- browse the UCT procedure registry (151+ controls).
+`suggest_procedures` -- get recommended procedures based on your use case.
+`check_posture` -- check current tenant compliance posture.
+`signup` -- create a free account without leaving your editor.
 
 ## Environment variables (optional)
 
@@ -121,7 +250,7 @@ Returns a browser URL. Complete signup there, copy your API key, add it to your
 | `SWT3_ENDPOINT` | `https://sovereign.tenova.io` | Witness endpoint |
 | `SWT3_CLEARING_LEVEL` | `1` | Data clearing (0=analytics, 1=standard, 2=sensitive, 3=classified) |
 | `SWT3_AGENT_ID` | | Agent identity for AI-ID.1 |
-| `SWT3_SIGNING_KEY` | | HMAC-SHA256 signing key |
+| `SWT3_SIGNING_KEY` | | HMAC-SHA256 signing key (register server-side for validation) |
 
 ## Clearing levels
 
@@ -143,4 +272,4 @@ Raw prompt and response text never leaves your machine at any clearing level.
 
 Apache 2.0. Patent pending.
 
-Built by [TeNova](https://tenova.io).
+Built by [TeNova](https://tenova.io). Questions: engineering@tenovaai.com

package/dist/bin/swt3-mcp.js

@@ -15,8 +15,9 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { loadConfig } from "../config.js";
 import { createServer } from "../server.js";
 try {
-    const config = loadConfig();
-    const server = createServer(config);
+    const bundle = loadConfig();
+    const config = bundle.config;
+    const server = createServer(config, bundle);
     const transport = new StdioServerTransport();
     if (config.demo) {
         process.stderr.write("swt3-mcp: running in demo mode (local-only anchors)\n" +

package/dist/bin/swt3-mcp.js.map

@@ -1 +1 @@
-{"version":3,"file":"swt3-mcp.js","sourceRoot":"","sources":["../../src/bin/swt3-mcp.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,IAAI,CAAC;IACH,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAE7C,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,uDAAuD;YACvD,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAAC,OAAO,GAAG,EAAE,CAAC;IACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAc,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;IAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC"}
+{"version":3,"file":"swt3-mcp.js","sourceRoot":"","sources":["../../src/bin/swt3-mcp.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,IAAI,CAAC;IACH,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAE7C,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,uDAAuD;YACvD,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAAC,OAAO,GAAG,EAAE,CAAC;IACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAc,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;IAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC"}

package/dist/chain-verifier.d.ts

@@ -0,0 +1,46 @@
+/**
+ * SWT3 MCP Server: Anchor-Chain Verifier.
+ *
+ * Validates an agent's anchor chain before tool execution. Queries
+ * Redis reader (fast path) first, falls back to Supabase ledger (cold path).
+ * Integrates with the density policy engine for enforcement.
+ *
+ * Flow:
+ *   1. Query Redis in-memory index by agent_id / cycle_id
+ *   2. If insufficient, query ledger via AxiomClient
+ *   3. Check each anchor: not revoked, verdict=PASS, within gap limit
+ *   4. Evaluate density policy
+ *   5. Return structured result
+ *
+ * Patent pending.
+ */
+import type { McpConfig } from "./config.js";
+import type { AxiomClient } from "./client.js";
+import { type DensityPolicy, type PolicyViolation } from "./density-policy.js";
+export interface ChainVerifyResult {
+    valid: boolean;
+    anchorCount: number;
+    gaps: ChainGap[];
+    revoked: string[];
+    policyViolations: PolicyViolation[];
+    source: "redis" | "ledger" | "none";
+    reason?: string;
+}
+export interface ChainGap {
+    fromEpoch: number;
+    toEpoch: number;
+    gapSeconds: number;
+}
+/**
+ * Verify an agent's anchor chain. Called by the gatekeeper before tool execution.
+ *
+ * @param agentId - The presenting agent's ID
+ * @param cycleId - The active chain's cycle_id (optional)
+ * @param config - MCP config (for maxChainGapSeconds)
+ * @param client - AxiomClient for ledger fallback
+ * @param policy - Active density policy
+ * @param agentTokenCount - Total tokens reported by agent (optional)
+ * @param agentTrustLevel - Trust level from prior verify_agent_trust (optional)
+ */
+export declare function verifyAnchorChain(agentId: string | undefined, cycleId: string | undefined, config: McpConfig, client: AxiomClient, policy: DensityPolicy, agentTokenCount?: number, agentTrustLevel?: number): Promise<ChainVerifyResult>;
+//# sourceMappingURL=chain-verifier.d.ts.map

package/dist/chain-verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain-verifier.d.ts","sourceRoot":"","sources":["../src/chain-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C,OAAO,EAEL,KAAK,aAAa,EAElB,KAAK,eAAe,EACrB,MAAM,qBAAqB,CAAC;AAI7B,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,QAAQ,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB;AAkBD;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,aAAa,EACrB,eAAe,CAAC,EAAE,MAAM,EACxB,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,iBAAiB,CAAC,CAyC5B"}

package/dist/chain-verifier.js

@@ -0,0 +1,210 @@
+/**
+ * SWT3 MCP Server: Anchor-Chain Verifier.
+ *
+ * Validates an agent's anchor chain before tool execution. Queries
+ * Redis reader (fast path) first, falls back to Supabase ledger (cold path).
+ * Integrates with the density policy engine for enforcement.
+ *
+ * Flow:
+ *   1. Query Redis in-memory index by agent_id / cycle_id
+ *   2. If insufficient, query ledger via AxiomClient
+ *   3. Check each anchor: not revoked, verdict=PASS, within gap limit
+ *   4. Evaluate density policy
+ *   5. Return structured result
+ *
+ * Patent pending.
+ */
+import { queryAnchors } from "./redis-reader.js";
+import { signPayload } from "./fingerprint.js";
+import { evaluatePolicy, } from "./density-policy.js";
+// ── Main Verification Function ────────────────────────────────────────
+/**
+ * Verify an agent's anchor chain. Called by the gatekeeper before tool execution.
+ *
+ * @param agentId - The presenting agent's ID
+ * @param cycleId - The active chain's cycle_id (optional)
+ * @param config - MCP config (for maxChainGapSeconds)
+ * @param client - AxiomClient for ledger fallback
+ * @param policy - Active density policy
+ * @param agentTokenCount - Total tokens reported by agent (optional)
+ * @param agentTrustLevel - Trust level from prior verify_agent_trust (optional)
+ */
+export async function verifyAnchorChain(agentId, cycleId, config, client, policy, agentTokenCount, agentTrustLevel) {
+    // No identity to verify against
+    if (!agentId && !cycleId) {
+        return {
+            valid: false,
+            anchorCount: 0,
+            gaps: [],
+            revoked: [],
+            policyViolations: [],
+            source: "none",
+            reason: "no_agent_id_or_cycle_id",
+        };
+    }
+    // Step 1: Try Redis in-memory index (fast path)
+    const redisAnchors = queryAnchors(agentId, cycleId);
+    if (redisAnchors.length > 0) {
+        return evaluateChain(redisAnchors, "redis", config, policy, agentTokenCount, agentTrustLevel);
+    }
+    // Step 2: Fallback to ledger query
+    try {
+        const ledgerAnchors = await queryLedger(agentId, cycleId, config, client);
+        if (ledgerAnchors.length > 0) {
+            return evaluateChain(ledgerAnchors, "ledger", config, policy, agentTokenCount, agentTrustLevel);
+        }
+    }
+    catch {
+        // Ledger unavailable -- fail closed
+    }
+    // No anchors found anywhere
+    return {
+        valid: false,
+        anchorCount: 0,
+        gaps: [],
+        revoked: [],
+        policyViolations: [],
+        source: "none",
+        reason: "no_anchors_found",
+    };
+}
+// ── Chain Evaluation ──────────────────────────────────────────────────
+function evaluateChain(anchors, source, config, policy, agentTokenCount, agentTrustLevel) {
+    // Sort by epoch ascending
+    const sorted = [...anchors].sort((a, b) => a.anchor_epoch - b.anchor_epoch);
+    // Check for revocations (AI-REV.1 anchors targeting chain members)
+    const revoked = [];
+    for (const anchor of sorted) {
+        if (anchor.procedure_id === "AI-REV.1") {
+            // This IS a revocation anchor -- extract target from observations or context
+            const obs = anchor.observations;
+            const target = obs?.revocation_target;
+            if (target)
+                revoked.push(target);
+        }
+    }
+    // Check for FAIL verdicts
+    const failAnchors = sorted.filter((a) => {
+        const verdict = "verdict" in a ? a.verdict : undefined;
+        return verdict === "FAIL" && a.procedure_id !== "AI-REV.1";
+    });
+    // Check chain gaps
+    const maxGap = config.maxChainGapSeconds ?? 60;
+    const gaps = [];
+    for (let i = 1; i < sorted.length; i++) {
+        const gap = sorted[i].anchor_epoch - sorted[i - 1].anchor_epoch;
+        if (gap > maxGap) {
+            gaps.push({
+                fromEpoch: sorted[i - 1].anchor_epoch,
+                toEpoch: sorted[i].anchor_epoch,
+                gapSeconds: gap,
+            });
+        }
+    }
+    // Check anchor freshness (most recent anchor must be within maxGap of now)
+    const nowEpoch = Math.floor(Date.now() / 1000);
+    const newestAnchor = sorted[sorted.length - 1];
+    const staleness = nowEpoch - newestAnchor.anchor_epoch;
+    if (staleness > maxGap) {
+        gaps.push({
+            fromEpoch: newestAnchor.anchor_epoch,
+            toEpoch: nowEpoch,
+            gapSeconds: staleness,
+        });
+    }
+    // Verify HMAC signatures when signing key is available and policy requires it
+    let signatureFailures = 0;
+    if (policy.require_signing_key && config.signingKey) {
+        for (const anchor of sorted) {
+            if (anchor.procedure_id === "AI-REV.1")
+                continue;
+            if (!anchor.payload_signature) {
+                signatureFailures++;
+                continue;
+            }
+            // Recompute HMAC and compare (same-tenant verification)
+            const agentId = "agent_id" in anchor ? anchor.agent_id : undefined;
+            const expected = signPayload(config.signingKey, anchor.anchor_fingerprint, agentId);
+            if (anchor.payload_signature !== expected) {
+                signatureFailures++;
+            }
+        }
+    }
+    // Convert to ChainAnchor for policy evaluation
+    const chainAnchors = sorted
+        .filter((a) => a.procedure_id !== "AI-REV.1")
+        .map((a) => ({
+        anchor_epoch: a.anchor_epoch,
+        provider: a.provider,
+        payload_signature: a.payload_signature,
+        ai_input_tokens: a.ai_input_tokens,
+        ai_output_tokens: a.ai_output_tokens,
+    }));
+    // Evaluate density policy
+    const policyResult = evaluatePolicy(policy, chainAnchors, agentTokenCount, agentTrustLevel);
+    // Determine validity
+    const valid = revoked.length === 0 &&
+        failAnchors.length === 0 &&
+        gaps.length === 0 &&
+        signatureFailures === 0 &&
+        policyResult.compliant;
+    let reason;
+    if (!valid) {
+        if (revoked.length > 0)
+            reason = "revoked_anchors";
+        else if (failAnchors.length > 0)
+            reason = "fail_verdicts_in_chain";
+        else if (gaps.length > 0)
+            reason = "chain_gap_exceeded";
+        else if (signatureFailures > 0)
+            reason = "signature_verification_failed";
+        else if (!policyResult.compliant)
+            reason = "density_policy_violation";
+    }
+    return {
+        valid,
+        anchorCount: sorted.length,
+        gaps,
+        revoked,
+        policyViolations: policyResult.violations,
+        source,
+        reason,
+    };
+}
+// ── Ledger Query (HTTP fallback) ──────────────────────────────────────
+//
+// OPEN CORE BOUNDARY: This function queries the Axiom Engine's
+// proprietary chain verification endpoint. The endpoint performs
+// authoritative verification against the sovereign witness ledger
+// (multi-tenant, RLS-enforced, revocation-aware). This is the paywall:
+// local Redis verification is best-effort; ledger verification is
+// authoritative. Do NOT implement local ledger storage or self-contained
+// verification that would bypass this boundary.
+//
+async function queryLedger(agentId, cycleId, config, client) {
+    const params = new URLSearchParams();
+    if (agentId)
+        params.set("agent_id", agentId);
+    if (cycleId)
+        params.set("cycle_id", cycleId);
+    params.set("limit", "100");
+    params.set("recent", "true");
+    const url = `/api/v1/ai-witness/chain?${params.toString()}`;
+    try {
+        const response = await fetch(`${config.endpoint}${url}`, {
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${config.apiKey}`,
+            },
+            signal: AbortSignal.timeout(5000),
+        });
+        if (!response.ok)
+            return [];
+        const data = (await response.json());
+        return data.anchors || [];
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=chain-verifier.js.map

package/dist/chain-verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain-verifier.js","sourceRoot":"","sources":["../src/chain-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,OAAO,EAAE,YAAY,EAAoB,MAAM,mBAAmB,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EACL,cAAc,GAIf,MAAM,qBAAqB,CAAC;AAkC7B,yEAAyE;AAEzE;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAA2B,EAC3B,OAA2B,EAC3B,MAAiB,EACjB,MAAmB,EACnB,MAAqB,EACrB,eAAwB,EACxB,eAAwB;IAExB,gCAAgC;IAChC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,CAAC;YACd,IAAI,EAAE,EAAE;YACR,OAAO,EAAE,EAAE;YACX,gBAAgB,EAAE,EAAE;YACpB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,yBAAyB;SAClC,CAAC;IACJ,CAAC;IAED,gDAAgD;IAChD,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAEpD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,aAAa,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;IAChG,CAAC;IAED,mCAAmC;IACnC,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC1E,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,aAAa,CAAC,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;IAED,4BAA4B;IAC5B,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,WAAW,EAAE,CAAC;QACd,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;QACX,gBAAgB,EAAE,EAAE;QACpB,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,kBAAkB;KAC3B,CAAC;AACJ,CAAC;AAED,yEAAyE;AAEzE,SAAS,aAAa,CACpB,OAA0C,EAC1C,MAA0B,EAC1B,MAAiB,EACjB,MAAqB,EACrB,eAAwB,EACxB,eAAwB;IAExB,0BAA0B;IAC1B,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC;IAE5E,mEAAmE;IACnE,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;QAC5B,IAAI,MAAM,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;YACvC,6EAA6E;YAC7E,MAAM,GAAG,GAAI,MAAuB,CAAC,YAAY,CAAC;YAClD,MAAM,MAAM,GAAG,GAAG,EAAE,iBAAuC,CAAC;YAC5D,IAAI,MAAM;gBAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACtC,MAAM,OAAO,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;QACvD,OAAO,OAAO,KAAK,MAAM,IAAI,CAAC,CAAC,YAAY,KAAK,UAAU,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,mBAAmB;IACnB,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,IAAI,EAAE,CAAC;IAC/C,MAAM,IAAI,GAAe,EAAE,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;QAChE,IAAI,GAAG,GAAG,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC;gBACR,SAAS,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY;gBACrC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY;gBAC/B,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC;IACvD,IAAI,SAAS,GAAG,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC;YACR,SAAS,EAAE,YAAY,CAAC,YAAY;YACpC,OAAO,EAAE,QAAQ;YACjB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,IAAI,MAAM,CAAC,mBAAmB,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACpD,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,IAAI,MAAM,CAAC,YAAY,KAAK,UAAU;gBAAE,SAAS;YACjD,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAC9B,iBAAiB,EAAE,CAAC;gBACpB,SAAS;YACX,CAAC;YACD,wDAAwD;YACxD,MAAM,OAAO,GAAG,UAAU,IAAI,MAAM,CAAC,CAAC,CAAE,MAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;YACpF,IAAI,MAAM,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;gBAC1C,iBAAiB,EAAE,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,YAAY,GAAkB,MAAM;SACvC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,CAAC;SAC5C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACX,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;QACtC,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;KACrC,CAAC,CAAC,CAAC;IAEN,0BAA0B;IAC1B,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;IAE5F,qBAAqB;IACrB,MAAM,KAAK,GACT,OAAO,CAAC,MAAM,KAAK,CAAC;QACpB,WAAW,CAAC,MAAM,KAAK,CAAC;QACxB,IAAI,CAAC,MAAM,KAAK,CAAC;QACjB,iBAAiB,KAAK,CAAC;QACvB,YAAY,CAAC,SAAS,CAAC;IAEzB,IAAI,MAA0B,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,GAAG,iBAAiB,CAAC;aAC9C,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,GAAG,wBAAwB,CAAC;aAC9D,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,GAAG,oBAAoB,CAAC;aACnD,IAAI,iBAAiB,GAAG,CAAC;YAAE,MAAM,GAAG,+BAA+B,CAAC;aACpE,IAAI,CAAC,YAAY,CAAC,SAAS;YAAE,MAAM,GAAG,0BAA0B,CAAC;IACxE,CAAC;IAED,OAAO;QACL,KAAK;QACL,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,IAAI;QACJ,OAAO;QACP,gBAAgB,EAAE,YAAY,CAAC,UAAU;QACzC,MAAM;QACN,MAAM;KACP,CAAC;AACJ,CAAC;AAED,yEAAyE;AACzE,EAAE;AACF,+DAA+D;AAC/D,iEAAiE;AACjE,kEAAkE;AAClE,uEAAuE;AACvE,kEAAkE;AAClE,yEAAyE;AACzE,gDAAgD;AAChD,EAAE;AAEF,KAAK,UAAU,WAAW,CACxB,OAA2B,EAC3B,OAA2B,EAC3B,MAAiB,EACjB,MAAmB;IAEnB,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,IAAI,OAAO;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC7C,IAAI,OAAO;QAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE7B,MAAM,GAAG,GAAG,4BAA4B,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,QAAQ,GAAG,GAAG,EAAE,EAAE;YACvD,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE;aACzC;YACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QAE5B,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiC,CAAC;QACrE,OAAO,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/client.d.ts

@@ -25,6 +25,10 @@ export interface WitnessPayload {
     cycle_id?: string;
     payload_signature?: string;
     policy_version_hash?: string;
+    jurisdiction?: string;
+    legal_basis?: string;
+    purpose_class?: string;
+    witness_source?: string;
 }
 export interface WitnessReceipt {
     ok: boolean;

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wBAAwB,EAAE,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,OAAO,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,gBAAgB,CAAuB;gBAEnC,MAAM,EAAE,SAAS,EAAE,OAAO,GAAE,MAAc;IAMtD;;OAEG;IACH,mBAAmB,IAAI,MAAM,GAAG,IAAI;YAItB,OAAO;IAqCf,WAAW,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IAO7D,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAOpD,SAAS,IAAI,OAAO,CAAC,cAAc,CAAC;IAapC,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAI9C,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAaxD"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wBAAwB,EAAE,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,OAAO,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,gBAAgB,CAAuB;gBAEnC,MAAM,EAAE,SAAS,EAAE,OAAO,GAAE,MAAc;IAMtD;;OAEG;IACH,mBAAmB,IAAI,MAAM,GAAG,IAAI;YAItB,OAAO;IAqCf,WAAW,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IAO7D,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAOpD,SAAS,IAAI,OAAO,CAAC,cAAc,CAAC;IAapC,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAI9C,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAaxD"}

package/dist/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAsDH,MAAM,OAAO,WAAW;IACd,OAAO,CAAS;IAChB,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,gBAAgB,GAAkB,IAAI,CAAC;IAE/C,YAAY,MAAiB,EAAE,UAAkB,KAAK;QACpD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAY,EACZ,UAAuB,EAAE;QAEzB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,GAAG,OAAO;gBACV,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;oBACtC,GAAG,OAAO,CAAC,OAAO;iBACnB;aACF,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAgD,CAAC;YAEjF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,GAAG,GAAG,IAAI,EAAE,KAAK,IAAI,QAAQ,CAAC,UAAU,CAAC;gBAC/C,MAAM,IAAI,KAAK,CAAC,GAAG,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC,CAAC;YAChD,CAAC;YAED,4DAA4D;YAC5D,IAAI,IAAI,EAAE,SAAS,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAC1D,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC;YACzC,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAuB;QACvC,OAAO,IAAI,CAAC,OAAO,CAAiB,iBAAiB,EAAE;YACrD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,OAAO,CACjB,+BAA+B,OAAO,EAAE,CACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS;QACb,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,gBAAgB,CAAC;QAC5C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YACjE,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;QACnD,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,OAAO,CAA0B,oBAAoB,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,6BAA6B,CAAC;QACzD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YACjE,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAC5D,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;CAEF"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0DH,MAAM,OAAO,WAAW;IACd,OAAO,CAAS;IAChB,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,gBAAgB,GAAkB,IAAI,CAAC;IAE/C,YAAY,MAAiB,EAAE,UAAkB,KAAK;QACpD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAY,EACZ,UAAuB,EAAE;QAEzB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,GAAG,OAAO;gBACV,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;oBACtC,GAAG,OAAO,CAAC,OAAO;iBACnB;aACF,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAgD,CAAC;YAEjF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,GAAG,GAAG,IAAI,EAAE,KAAK,IAAI,QAAQ,CAAC,UAAU,CAAC;gBAC/C,MAAM,IAAI,KAAK,CAAC,GAAG,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC,CAAC;YAChD,CAAC;YAED,4DAA4D;YAC5D,IAAI,IAAI,EAAE,SAAS,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAC1D,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC;YACzC,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAuB;QACvC,OAAO,IAAI,CAAC,OAAO,CAAiB,iBAAiB,EAAE;YACrD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,OAAO,CACjB,+BAA+B,OAAO,EAAE,CACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS;QACb,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,gBAAgB,CAAC;QAC5C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YACjE,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;QACnD,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,OAAO,CAA0B,oBAAoB,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,6BAA6B,CAAC;QACzD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YACjE,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAC5D,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;CAEF"}

package/dist/config.d.ts

@@ -1,11 +1,15 @@
 /**
- * SWT3 MCP Server — Configuration from environment variables.
+ * SWT3 MCP Server -- Configuration.
  *
- * Three modes:
- *   1. Demo mode (no env vars) — local-only anchors, no account needed
- *   2. API key only — tenant auto-resolved from first API call
- *   3. Full config — API key + explicit tenant ID
+ * Priority: env vars > YAML file > defaults
+ *
+ * Four modes:
+ *   1. Demo mode (no env vars, no YAML) -- local-only anchors, no account needed
+ *   2. YAML config (SWT3_CONFIG_FILE) -- one file governs MCP + SDK
+ *   3. API key only -- tenant auto-resolved from first API call
+ *   4. Full config -- API key + explicit tenant ID
  */
+import type { DensityPolicy } from "./density-policy.js";
 export interface McpConfig {
     endpoint: string;
     apiKey: string;
@@ -14,6 +18,52 @@ export interface McpConfig {
     agentId?: string;
     signingKey?: string;
     demo: boolean;
+    /** Enable chain verification gatekeeper before tool execution. */
+    chainVerify: boolean;
+    /** Redis URL for stream reader (chain verification fast path). */
+    redisUrl: string;
+    /** Redis stream name for anchor consumption. */
+    redisStream: string;
+    /** Maximum seconds between consecutive anchors in a chain. */
+    maxChainGapSeconds: number;
+    /** SHA-256 hash of the config file (if loaded from YAML). */
+    configHash?: string;
+}
+export interface YamlTrustMesh {
+    trustedTenants: string[];
+    deniedAgents: string[];
+    deniedTenants: string[];
+}
+export interface McpToolPolicy {
+    /** Glob patterns for tools that MUST be witnessed. */
+    witnessedTools: string[];
+    /** Glob patterns for tools exempt from witnessing. */
+    exemptTools: string[];
+    /** Minimum trust level required before executing any MCP tool. */
+    requireTrustLevel: number;
+    /** Auto-witness all MCP tool calls without explicit wrapping. */
+    autoWitness: boolean;
+    /** Block tool execution if witnessing fails (true) or log-only (false). */
+    blockOnFailure: boolean;
+    /** Rate limit: "N/Xs" format (e.g., "4/30s"). */
+    maxVelocity?: string;
+    /** Maximum sequential dependent tool calls. */
+    maxChainDepth?: number;
+    /** Only these tools are permitted. Empty = all. */
+    toolAllowlist?: string[];
+    /** These tools are always blocked. */
+    toolBlocklist?: string[];
+    /** On enforcement error: true = block, false = log. Default true. */
+    failSecure?: boolean;
 }
-export declare function loadConfig(): McpConfig;
+export interface McpConfigBundle {
+    config: McpConfig;
+    densityPolicy: DensityPolicy | null;
+    trustMesh: YamlTrustMesh | null;
+    mcpPolicy: McpToolPolicy | null;
+}
+/**
+ * Load configuration. Checks SWT3_CONFIG_FILE first, falls back to env vars.
+ */
+export declare function loadConfig(): McpConfigBundle;
 //# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;CACf;AAED,wBAAgB,UAAU,IAAI,SAAS,CAkCtC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,kEAAkE;IAClE,WAAW,EAAE,OAAO,CAAC;IACrB,kEAAkE;IAClE,QAAQ,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,kBAAkB,EAAE,MAAM,CAAC;IAC3B,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,sDAAsD;IACtD,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kEAAkE;IAClE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,WAAW,EAAE,OAAO,CAAC;IACrB,2EAA2E;IAC3E,cAAc,EAAE,OAAO,CAAC;IACxB,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,sCAAsC;IACtC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,qEAAqE;IACrE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,CAAC;IAClB,aAAa,EAAE,aAAa,GAAG,IAAI,CAAC;IACpC,SAAS,EAAE,aAAa,GAAG,IAAI,CAAC;IAChC,SAAS,EAAE,aAAa,GAAG,IAAI,CAAC;CACjC;AAwID;;GAEG;AACH,wBAAgB,UAAU,IAAI,eAAe,CAmD5C"}