@tenova/swt3-mcp 0.1.0 → 0.5.2

package/dist/config.js

@@ -1,21 +1,149 @@
 /**
- * SWT3 MCP Server — Configuration from environment variables.
+ * SWT3 MCP Server -- Configuration.
  *
- * Three modes:
- *   1. Demo mode (no env vars) — local-only anchors, no account needed
- *   2. API key only — tenant auto-resolved from first API call
- *   3. Full config — API key + explicit tenant ID
+ * Priority: env vars > YAML file > defaults
+ *
+ * Four modes:
+ *   1. Demo mode (no env vars, no YAML) -- local-only anchors, no account needed
+ *   2. YAML config (SWT3_CONFIG_FILE) -- one file governs MCP + SDK
+ *   3. API key only -- tenant auto-resolved from first API call
+ *   4. Full config -- API key + explicit tenant ID
+ */
+import { readFileSync, existsSync } from "node:fs";
+function parseYaml(content) {
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const yamlMod = require("yaml");
+        return yamlMod.parse(content);
+    }
+    catch {
+        throw new Error("The 'yaml' package is required for YAML config. Install it with: npm install yaml");
+    }
+}
+/**
+ * Load config from YAML file + env var overrides.
+ * Returns the full bundle: McpConfig + DensityPolicy + TrustMesh.
+ */
+function loadFromYaml(yamlPath) {
+    if (!existsSync(yamlPath)) {
+        throw new Error(`SWT3 config file not found: ${yamlPath}`);
+    }
+    const content = readFileSync(yamlPath, "utf-8");
+    const { createHash } = require("node:crypto");
+    const configHash = createHash("sha256").update(content, "utf-8").digest("hex");
+    const raw = parseYaml(content);
+    if (!raw || typeof raw !== "object") {
+        throw new Error("Invalid config file: expected a YAML mapping");
+    }
+    // Resolve _env fields
+    let apiKey = raw.api_key || "";
+    if (raw.api_key_env) {
+        apiKey = process.env[raw.api_key_env] || "";
+    }
+    let signingKey = raw.signing_key || undefined;
+    if (raw.signing_key_env) {
+        signingKey = process.env[raw.signing_key_env] || undefined;
+    }
+    // Extract sections
+    const trustMeshRaw = raw.trust_mesh;
+    const densityRaw = raw.density_policy;
+    const mcpPolicyRaw = raw.mcp_policy;
+    // Build McpConfig (env vars override YAML)
+    const endpoint = process.env.SWT3_ENDPOINT || raw.endpoint || "https://sovereign.tenova.io";
+    apiKey = process.env.SWT3_API_KEY || apiKey;
+    const tenantId = process.env.SWT3_TENANT_ID || raw.tenant_id || "";
+    const agentId = process.env.SWT3_AGENT_ID || raw.agent_id || undefined;
+    signingKey = process.env.SWT3_SIGNING_KEY || signingKey;
+    const demo = !apiKey;
+    if (apiKey && !apiKey.startsWith("axm_")) {
+        throw new Error("API key must start with 'axm_'");
+    }
+    const rawLevel = process.env.SWT3_CLEARING_LEVEL ?? String(raw.clearing_level ?? 1);
+    let clearingLevel = 1;
+    const parsed = parseInt(rawLevel, 10);
+    if ([0, 1, 2, 3].includes(parsed)) {
+        clearingLevel = parsed;
+    }
+    // Chain verify: env > trust_mesh.mode === "strict" > false
+    const chainVerifyEnv = process.env.SWT3_CHAIN_VERIFY;
+    const meshMode = trustMeshRaw?.mode;
+    const chainVerify = chainVerifyEnv
+        ? chainVerifyEnv === "true"
+        : meshMode === "strict";
+    const maxChainGapSeconds = parseInt(process.env.SWT3_MAX_CHAIN_GAP
+        || String(densityRaw?.max_chain_gap_seconds ?? trustMeshRaw?.freshness_window ?? 60), 10);
+    const config = {
+        endpoint: endpoint.replace(/\/+$/, ""),
+        apiKey: demo ? "axm_demo_local" : apiKey,
+        tenantId: demo ? "DEMO_LOCAL" : tenantId,
+        clearingLevel,
+        agentId,
+        signingKey,
+        demo,
+        chainVerify: demo ? false : chainVerify,
+        redisUrl: process.env.SWT3_REDIS_URL || "redis://localhost:6379",
+        redisStream: process.env.SWT3_REDIS_STREAM || "swt3:anchors",
+        maxChainGapSeconds,
+        configHash,
+    };
+    // Density policy from YAML
+    let densityPolicy = null;
+    if (densityRaw) {
+        densityPolicy = {
+            min_anchors_per_1000_tokens: densityRaw.min_anchors_per_1000_tokens ?? 1,
+            required_providers: densityRaw.required_providers ?? [],
+            max_chain_gap_seconds: densityRaw.max_chain_gap_seconds ?? 60,
+            require_signing_key: densityRaw.require_signing_key ?? false,
+            min_trust_level: densityRaw.min_trust_level ?? 1,
+        };
+    }
+    // Trust mesh from YAML
+    let trustMesh = null;
+    if (trustMeshRaw) {
+        trustMesh = {
+            trustedTenants: trustMeshRaw.trusted_tenants ?? [],
+            deniedAgents: trustMeshRaw.deny_agents ?? [],
+            deniedTenants: trustMeshRaw.deny_tenants ?? [],
+        };
+    }
+    // MCP policy from YAML
+    let mcpPolicy = null;
+    if (mcpPolicyRaw) {
+        mcpPolicy = {
+            witnessedTools: mcpPolicyRaw.witnessed_tools ?? [],
+            exemptTools: mcpPolicyRaw.exempt_tools ?? [],
+            requireTrustLevel: mcpPolicyRaw.require_trust_level ?? 0,
+            autoWitness: mcpPolicyRaw.auto_witness ?? true,
+            blockOnFailure: mcpPolicyRaw.block_on_failure ?? false,
+            maxVelocity: mcpPolicyRaw.max_velocity,
+            maxChainDepth: mcpPolicyRaw.max_chain_depth,
+            toolAllowlist: mcpPolicyRaw.tool_allowlist ?? [],
+            toolBlocklist: mcpPolicyRaw.tool_blocklist ?? [],
+            failSecure: mcpPolicyRaw.fail_secure ?? true,
+        };
+    }
+    return { config, densityPolicy, trustMesh, mcpPolicy };
+}
+/**
+ * Load configuration. Checks SWT3_CONFIG_FILE first, falls back to env vars.
  */
 export function loadConfig() {
+    const yamlPath = process.env.SWT3_CONFIG_FILE;
+    if (yamlPath) {
+        return loadFromYaml(yamlPath);
+    }
+    // Legacy env-var-only path
     const endpoint = process.env.SWT3_ENDPOINT || "https://sovereign.tenova.io";
     const apiKey = process.env.SWT3_API_KEY || "";
     const tenantId = process.env.SWT3_TENANT_ID || "";
     const rawLevel = process.env.SWT3_CLEARING_LEVEL;
     const agentId = process.env.SWT3_AGENT_ID || undefined;
     const signingKey = process.env.SWT3_SIGNING_KEY || undefined;
-    // Demo mode: no API key set
+    const chainVerify = process.env.SWT3_CHAIN_VERIFY === "true";
+    const redisUrl = process.env.SWT3_REDIS_URL || "redis://localhost:6379";
+    const redisStream = process.env.SWT3_REDIS_STREAM || "swt3:anchors";
+    const maxChainGapSeconds = parseInt(process.env.SWT3_MAX_CHAIN_GAP || "60", 10);
     const demo = !apiKey;
-    // Validate API key format if provided
     if (apiKey && !apiKey.startsWith("axm_")) {
         throw new Error("SWT3_API_KEY must start with 'axm_'");
     }
@@ -28,13 +156,22 @@ export function loadConfig() {
         clearingLevel = parsed;
     }
     return {
-        endpoint: endpoint.replace(/\/+$/, ""),
-        apiKey: demo ? "axm_demo_local" : apiKey,
-        tenantId: demo ? "DEMO_LOCAL" : tenantId,
-        clearingLevel,
-        agentId,
-        signingKey,
-        demo,
+        config: {
+            endpoint: endpoint.replace(/\/+$/, ""),
+            apiKey: demo ? "axm_demo_local" : apiKey,
+            tenantId: demo ? "DEMO_LOCAL" : tenantId,
+            clearingLevel,
+            agentId,
+            signingKey,
+            demo,
+            chainVerify: demo ? false : chainVerify,
+            redisUrl,
+            redisStream,
+            maxChainGapSeconds,
+        },
+        densityPolicy: null,
+        trustMesh: null,
+        mcpPolicy: null,
     };
 }
 //# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAYH,MAAM,UAAU,UAAU;IACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,6BAA6B,CAAC;IAC5E,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACjD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,SAAS,CAAC;IACvD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS,CAAC;IAE7D,4BAA4B;IAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;IAErB,sCAAsC;IACtC,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,aAAa,GAAkB,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,aAAa,GAAG,MAAuB,CAAC;IAC1C,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QACtC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM;QACxC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ;QACxC,aAAa;QACb,OAAO;QACP,UAAU;QACV,IAAI;KACL,CAAC;AACJ,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AA2DnD,SAAS,SAAS,CAAC,OAAe;IAChC,IAAI,CAAC;QACH,iEAAiE;QACjE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,mFAAmF,CACpF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,QAAgB;IACpC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE/E,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAA4B,CAAC;IAC1D,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,GAAI,GAAG,CAAC,OAAkB,IAAI,EAAE,CAAC;IAC3C,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QACpB,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,WAAqB,CAAC,IAAI,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,UAAU,GAAI,GAAG,CAAC,WAAsB,IAAI,SAAS,CAAC;IAC1D,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC;QACxB,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,eAAyB,CAAC,IAAI,SAAS,CAAC;IACvE,CAAC;IAED,mBAAmB;IACnB,MAAM,YAAY,GAAG,GAAG,CAAC,UAAiD,CAAC;IAC3E,MAAM,UAAU,GAAG,GAAG,CAAC,cAAqD,CAAC;IAC7E,MAAM,YAAY,GAAG,GAAG,CAAC,UAAiD,CAAC;IAE3E,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAK,GAAG,CAAC,QAAmB,IAAI,6BAA6B,CAAC;IACxG,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,MAAM,CAAC;IAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAK,GAAG,CAAC,SAAoB,IAAI,EAAE,CAAC;IAC/E,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAK,GAAG,CAAC,QAAmB,IAAI,SAAS,CAAC;IACnF,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,UAAU,CAAC;IACxD,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;IAErB,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,MAAM,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC;IACpF,IAAI,aAAa,GAAkB,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACtC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAClC,aAAa,GAAG,MAAuB,CAAC;IAC1C,CAAC;IAED,2DAA2D;IAC3D,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACrD,MAAM,QAAQ,GAAG,YAAY,EAAE,IAA0B,CAAC;IAC1D,MAAM,WAAW,GAAG,cAAc;QAChC,CAAC,CAAC,cAAc,KAAK,MAAM;QAC3B,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAE1B,MAAM,kBAAkB,GAAG,QAAQ,CACjC,OAAO,CAAC,GAAG,CAAC,kBAAkB;WAC3B,MAAM,CAAC,UAAU,EAAE,qBAAqB,IAAI,YAAY,EAAE,gBAAgB,IAAI,EAAE,CAAC,EACpF,EAAE,CACH,CAAC;IAEF,MAAM,MAAM,GAAc;QACxB,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QACtC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM;QACxC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ;QACxC,aAAa;QACb,OAAO;QACP,UAAU;QACV,IAAI;QACJ,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW;QACvC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,wBAAwB;QAChE,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,cAAc;QAC5D,kBAAkB;QAClB,UAAU;KACX,CAAC;IAEF,2BAA2B;IAC3B,IAAI,aAAa,GAAyB,IAAI,CAAC;IAC/C,IAAI,UAAU,EAAE,CAAC;QACf,aAAa,GAAG;YACd,2BAA2B,EAAG,UAAU,CAAC,2BAAsC,IAAI,CAAC;YACpF,kBAAkB,EAAG,UAAU,CAAC,kBAA+B,IAAI,EAAE;YACrE,qBAAqB,EAAG,UAAU,CAAC,qBAAgC,IAAI,EAAE;YACzE,mBAAmB,EAAG,UAAU,CAAC,mBAA+B,IAAI,KAAK;YACzE,eAAe,EAAG,UAAU,CAAC,eAA0B,IAAI,CAAC;SAC7D,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,IAAI,SAAS,GAAyB,IAAI,CAAC;IAC3C,IAAI,YAAY,EAAE,CAAC;QACjB,SAAS,GAAG;YACV,cAAc,EAAG,YAAY,CAAC,eAA4B,IAAI,EAAE;YAChE,YAAY,EAAG,YAAY,CAAC,WAAwB,IAAI,EAAE;YAC1D,aAAa,EAAG,YAAY,CAAC,YAAyB,IAAI,EAAE;SAC7D,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,IAAI,SAAS,GAAyB,IAAI,CAAC;IAC3C,IAAI,YAAY,EAAE,CAAC;QACjB,SAAS,GAAG;YACV,cAAc,EAAG,YAAY,CAAC,eAA4B,IAAI,EAAE;YAChE,WAAW,EAAG,YAAY,CAAC,YAAyB,IAAI,EAAE;YAC1D,iBAAiB,EAAG,YAAY,CAAC,mBAA8B,IAAI,CAAC;YACpE,WAAW,EAAG,YAAY,CAAC,YAAwB,IAAI,IAAI;YAC3D,cAAc,EAAG,YAAY,CAAC,gBAA4B,IAAI,KAAK;YACnE,WAAW,EAAE,YAAY,CAAC,YAAkC;YAC5D,aAAa,EAAE,YAAY,CAAC,eAAqC;YACjE,aAAa,EAAG,YAAY,CAAC,cAA2B,IAAI,EAAE;YAC9D,aAAa,EAAG,YAAY,CAAC,cAA2B,IAAI,EAAE;YAC9D,UAAU,EAAG,YAAY,CAAC,WAAuB,IAAI,IAAI;SAC1D,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAC9C,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,6BAA6B,CAAC;IAC5E,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACjD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,SAAS,CAAC;IACvD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS,CAAC;IAC7D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,CAAC;IAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,wBAAwB,CAAC;IACxE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,cAAc,CAAC;IACpE,MAAM,kBAAkB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;IAEhF,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;IAErB,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,aAAa,GAAkB,CAAC,CAAC;IACrC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,aAAa,GAAG,MAAuB,CAAC;IAC1C,CAAC;IAED,OAAO;QACL,MAAM,EAAE;YACN,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACtC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM;YACxC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ;YACxC,aAAa;YACb,OAAO;YACP,UAAU;YACV,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW;YACvC,QAAQ;YACR,WAAW;YACX,kBAAkB;SACnB;QACD,aAAa,EAAE,IAAI;QACnB,SAAS,EAAE,IAAI;QACf,SAAS,EAAE,IAAI;KAChB,CAAC;AACJ,CAAC"}

package/dist/density-policy.d.ts

@@ -0,0 +1,55 @@
+/**
+ * SWT3 MCP Server: Anchor Density Policy Engine.
+ *
+ * Configurable rules that enforce minimum anchor frequency, provider
+ * requirements, chain gap limits, and signing enforcement. Agents that
+ * fail policy checks are denied tool execution by the chain verifier.
+ *
+ * Patent pending.
+ */
+export interface DensityPolicy {
+    /** Minimum anchors per 1,000 tokens generated. Default: 1 */
+    min_anchors_per_1000_tokens: number;
+    /** Required anchor providers (e.g. ["vllm-native", "nvidia-triton"]). Default: [] */
+    required_providers: string[];
+    /** Maximum seconds between consecutive anchors in a chain. Default: 60 */
+    max_chain_gap_seconds: number;
+    /** Require all anchors to have payload_signature. Default: false */
+    require_signing_key: boolean;
+    /** Minimum trust level for the presenting agent. Default: 1 */
+    min_trust_level: number;
+}
+export interface PolicyViolation {
+    rule: string;
+    message: string;
+    actual?: number | string;
+    required?: number | string;
+}
+export interface PolicyResult {
+    compliant: boolean;
+    violations: PolicyViolation[];
+}
+/** Minimal anchor shape needed for policy evaluation. */
+export interface ChainAnchor {
+    anchor_epoch: number;
+    provider?: string;
+    payload_signature?: string;
+    ai_input_tokens?: number;
+    ai_output_tokens?: number;
+    trust_level?: number;
+}
+/**
+ * Load density policy from environment.
+ * Priority: SWT3_DENSITY_POLICY (inline JSON) > SWT3_DENSITY_POLICY_FILE (path) > defaults
+ */
+export declare function loadDensityPolicy(yamlPolicy?: DensityPolicy): DensityPolicy;
+/**
+ * Evaluate an anchor chain against the density policy.
+ *
+ * @param policy - The active density policy
+ * @param anchors - Chain anchors sorted by epoch ascending
+ * @param agentTokenCount - Total tokens produced by the agent (optional, skips density check if absent)
+ * @param agentTrustLevel - Trust level of the presenting agent (from verify_agent_trust)
+ */
+export declare function evaluatePolicy(policy: DensityPolicy, anchors: ChainAnchor[], agentTokenCount?: number, agentTrustLevel?: number): PolicyResult;
+//# sourceMappingURL=density-policy.d.ts.map

package/dist/density-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"density-policy.d.ts","sourceRoot":"","sources":["../src/density-policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,MAAM,WAAW,aAAa;IAC5B,6DAA6D;IAC7D,2BAA2B,EAAE,MAAM,CAAC;IACpC,qFAAqF;IACrF,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,0EAA0E;IAC1E,qBAAqB,EAAE,MAAM,CAAC;IAC9B,oEAAoE;IACpE,mBAAmB,EAAE,OAAO,CAAC;IAC7B,+DAA+D;IAC/D,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,eAAe,EAAE,CAAC;CAC/B;AAED,yDAAyD;AACzD,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAcD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,CAAC,EAAE,aAAa,GAAG,aAAa,CAyB3E;AAID;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,aAAa,EACrB,OAAO,EAAE,WAAW,EAAE,EACtB,eAAe,CAAC,EAAE,MAAM,EACxB,eAAe,CAAC,EAAE,MAAM,GACvB,YAAY,CA0Ed"}

package/dist/density-policy.js

@@ -0,0 +1,128 @@
+/**
+ * SWT3 MCP Server: Anchor Density Policy Engine.
+ *
+ * Configurable rules that enforce minimum anchor frequency, provider
+ * requirements, chain gap limits, and signing enforcement. Agents that
+ * fail policy checks are denied tool execution by the chain verifier.
+ *
+ * Patent pending.
+ */
+import { readFileSync } from "node:fs";
+// ── Defaults ──────────────────────────────────────────────────────────
+const DEFAULT_POLICY = {
+    min_anchors_per_1000_tokens: 1,
+    required_providers: [],
+    max_chain_gap_seconds: 60,
+    require_signing_key: false,
+    min_trust_level: 1,
+};
+// ── Load Policy ───────────────────────────────────────────────────────
+/**
+ * Load density policy from environment.
+ * Priority: SWT3_DENSITY_POLICY (inline JSON) > SWT3_DENSITY_POLICY_FILE (path) > defaults
+ */
+export function loadDensityPolicy(yamlPolicy) {
+    // YAML-provided policy has second priority (after inline env var)
+    if (yamlPolicy && !process.env.SWT3_DENSITY_POLICY) {
+        return { ...DEFAULT_POLICY, ...yamlPolicy };
+    }
+    const inline = process.env.SWT3_DENSITY_POLICY;
+    if (inline) {
+        try {
+            return { ...DEFAULT_POLICY, ...JSON.parse(inline) };
+        }
+        catch {
+            // Fall through to file or defaults
+        }
+    }
+    const filePath = process.env.SWT3_DENSITY_POLICY_FILE;
+    if (filePath) {
+        try {
+            const raw = readFileSync(filePath, "utf8");
+            return { ...DEFAULT_POLICY, ...JSON.parse(raw) };
+        }
+        catch {
+            // Fall through to defaults
+        }
+    }
+    return { ...DEFAULT_POLICY };
+}
+// ── Evaluate Policy ───────────────────────────────────────────────────
+/**
+ * Evaluate an anchor chain against the density policy.
+ *
+ * @param policy - The active density policy
+ * @param anchors - Chain anchors sorted by epoch ascending
+ * @param agentTokenCount - Total tokens produced by the agent (optional, skips density check if absent)
+ * @param agentTrustLevel - Trust level of the presenting agent (from verify_agent_trust)
+ */
+export function evaluatePolicy(policy, anchors, agentTokenCount, agentTrustLevel) {
+    const violations = [];
+    // Rule 1: Anchor density (anchors per 1,000 tokens)
+    if (agentTokenCount != null && agentTokenCount > 0 && policy.min_anchors_per_1000_tokens > 0) {
+        const expectedAnchors = (agentTokenCount / 1000) * policy.min_anchors_per_1000_tokens;
+        if (anchors.length < expectedAnchors) {
+            violations.push({
+                rule: "anchor_density",
+                message: `Insufficient anchor density: ${anchors.length} anchors for ${agentTokenCount} tokens (need ${Math.ceil(expectedAnchors)})`,
+                actual: anchors.length,
+                required: Math.ceil(expectedAnchors),
+            });
+        }
+    }
+    // Rule 2: Required providers
+    if (policy.required_providers.length > 0) {
+        const presentProviders = new Set(anchors.map((a) => a.provider).filter(Boolean));
+        for (const required of policy.required_providers) {
+            if (!presentProviders.has(required)) {
+                violations.push({
+                    rule: "required_provider",
+                    message: `Missing required provider: ${required}`,
+                    actual: [...presentProviders].join(", ") || "none",
+                    required,
+                });
+            }
+        }
+    }
+    // Rule 3: Max chain gap
+    if (policy.max_chain_gap_seconds > 0 && anchors.length >= 2) {
+        for (let i = 1; i < anchors.length; i++) {
+            const gap = anchors[i].anchor_epoch - anchors[i - 1].anchor_epoch;
+            if (gap > policy.max_chain_gap_seconds) {
+                violations.push({
+                    rule: "chain_gap",
+                    message: `Chain gap of ${gap}s exceeds maximum ${policy.max_chain_gap_seconds}s (between anchors ${i - 1} and ${i})`,
+                    actual: gap,
+                    required: policy.max_chain_gap_seconds,
+                });
+                break; // Report first gap only
+            }
+        }
+    }
+    // Rule 4: Signing requirement
+    if (policy.require_signing_key) {
+        const unsigned = anchors.filter((a) => !a.payload_signature);
+        if (unsigned.length > 0) {
+            violations.push({
+                rule: "signing_required",
+                message: `${unsigned.length} of ${anchors.length} anchors missing payload_signature`,
+                actual: anchors.length - unsigned.length,
+                required: anchors.length,
+            });
+        }
+    }
+    // Rule 5: Minimum trust level
+    if (agentTrustLevel != null && agentTrustLevel < policy.min_trust_level) {
+        violations.push({
+            rule: "trust_level",
+            message: `Agent trust level ${agentTrustLevel} below minimum ${policy.min_trust_level}`,
+            actual: agentTrustLevel,
+            required: policy.min_trust_level,
+        });
+    }
+    return {
+        compliant: violations.length === 0,
+        violations,
+    };
+}
+//# sourceMappingURL=density-policy.js.map

package/dist/density-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"density-policy.js","sourceRoot":"","sources":["../src/density-policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAuCvC,yEAAyE;AAEzE,MAAM,cAAc,GAAkB;IACpC,2BAA2B,EAAE,CAAC;IAC9B,kBAAkB,EAAE,EAAE;IACtB,qBAAqB,EAAE,EAAE;IACzB,mBAAmB,EAAE,KAAK;IAC1B,eAAe,EAAE,CAAC;CACnB,CAAC;AAEF,yEAAyE;AAEzE;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAA0B;IAC1D,kEAAkE;IAClE,IAAI,UAAU,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;QACnD,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,UAAU,EAAE,CAAC;IAC9C,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAC/C,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;QACrC,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IACtD,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC3C,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,GAAG,cAAc,EAAE,CAAC;AAC/B,CAAC;AAED,yEAAyE;AAEzE;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,MAAqB,EACrB,OAAsB,EACtB,eAAwB,EACxB,eAAwB;IAExB,MAAM,UAAU,GAAsB,EAAE,CAAC;IAEzC,oDAAoD;IACpD,IAAI,eAAe,IAAI,IAAI,IAAI,eAAe,GAAG,CAAC,IAAI,MAAM,CAAC,2BAA2B,GAAG,CAAC,EAAE,CAAC;QAC7F,MAAM,eAAe,GAAG,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,MAAM,CAAC,2BAA2B,CAAC;QACtF,IAAI,OAAO,CAAC,MAAM,GAAG,eAAe,EAAE,CAAC;YACrC,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,gCAAgC,OAAO,CAAC,MAAM,gBAAgB,eAAe,iBAAiB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG;gBACpI,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC;aACrC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QACjF,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACjD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE,8BAA8B,QAAQ,EAAE;oBACjD,MAAM,EAAE,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;oBAClD,QAAQ;iBACT,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,CAAC,qBAAqB,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC5D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,YAAY,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;YAClE,IAAI,GAAG,GAAG,MAAM,CAAC,qBAAqB,EAAE,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,gBAAgB,GAAG,qBAAqB,MAAM,CAAC,qBAAqB,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG;oBACpH,MAAM,EAAE,GAAG;oBACX,QAAQ,EAAE,MAAM,CAAC,qBAAqB;iBACvC,CAAC,CAAC;gBACH,MAAM,CAAC,wBAAwB;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAC7D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,kBAAkB;gBACxB,OAAO,EAAE,GAAG,QAAQ,CAAC,MAAM,OAAO,OAAO,CAAC,MAAM,oCAAoC;gBACpF,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM;gBACxC,QAAQ,EAAE,OAAO,CAAC,MAAM;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,eAAe,IAAI,IAAI,IAAI,eAAe,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QACxE,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,qBAAqB,eAAe,kBAAkB,MAAM,CAAC,eAAe,EAAE;YACvF,MAAM,EAAE,eAAe;YACvB,QAAQ,EAAE,MAAM,CAAC,eAAe;SACjC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,SAAS,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;QAClC,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/redis-reader.d.ts

@@ -0,0 +1,57 @@
+/**
+ * SWT3 MCP Server: Redis Stream Reader for real-time anchor freshness.
+ *
+ * Subscribes to the swt3:anchors Redis stream as a separate consumer group
+ * (swt3-mcp-verifiers) and maintains an in-memory index for 0ms lookups.
+ * The chain verifier queries this index before falling back to Supabase.
+ *
+ * Architecture:
+ *   - Consumer group: swt3-mcp-verifiers (separate from swt3-processors)
+ *   - XREADGROUP with BLOCK for backpressure-friendly consumption
+ *   - In-memory index keyed by agent_id and cycle_id
+ *   - TTL eviction (1 hour) + max entries (10,000 LRU)
+ *
+ * Patent pending.
+ */
+export interface AnchorEntry {
+    messageId: string;
+    procedure_id: string;
+    anchor_fingerprint: string;
+    anchor_epoch: number;
+    agent_id?: string;
+    cycle_id?: string;
+    provider?: string;
+    payload_signature?: string;
+    verdict?: string;
+    ai_input_tokens?: number;
+    ai_output_tokens?: number;
+    clearing_level?: number;
+    receivedAt: number;
+}
+export interface RedisReaderState {
+    running: boolean;
+    connected: boolean;
+    entriesCount: number;
+    lastMessageId: string;
+}
+/**
+ * Start the Redis stream reader. No-op if already running or ioredis unavailable.
+ */
+export declare function startRedisReader(opts: {
+    redisUrl?: string;
+    streamName?: string;
+}): Promise<boolean>;
+/**
+ * Stop the Redis reader gracefully.
+ */
+export declare function stopRedisReader(): Promise<void>;
+/**
+ * Query cached anchors by agent_id and/or cycle_id.
+ * Returns empty array if Redis reader not running.
+ */
+export declare function queryAnchors(agentId?: string, cycleId?: string): AnchorEntry[];
+/**
+ * Get reader state for health/diagnostics.
+ */
+export declare function getReaderState(): RedisReaderState | null;
+//# sourceMappingURL=redis-reader.d.ts.map

package/dist/redis-reader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redis-reader.d.ts","sourceRoot":"","sources":["../src/redis-reader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAMH,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB;AAmCD;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,OAAO,CAAC,CAoDnB;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAwBrD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,WAAW,EAAE,CAc9E;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,gBAAgB,GAAG,IAAI,CAQxD"}