agent-passport-system 1.19.4 → 1.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -4
- package/dist/src/core/data-contribution.d.ts +16 -0
- package/dist/src/core/data-contribution.d.ts.map +1 -0
- package/dist/src/core/data-contribution.js +215 -0
- package/dist/src/core/data-contribution.js.map +1 -0
- package/dist/src/core/data-enforcement.d.ts +59 -0
- package/dist/src/core/data-enforcement.d.ts.map +1 -0
- package/dist/src/core/data-enforcement.js +132 -0
- package/dist/src/core/data-enforcement.js.map +1 -0
- package/dist/src/core/data-settlement.d.ts +9 -0
- package/dist/src/core/data-settlement.d.ts.map +1 -0
- package/dist/src/core/data-settlement.js +180 -0
- package/dist/src/core/data-settlement.js.map +1 -0
- package/dist/src/core/training-attribution.d.ts +60 -0
- package/dist/src/core/training-attribution.d.ts.map +1 -0
- package/dist/src/core/training-attribution.js +131 -0
- package/dist/src/core/training-attribution.js.map +1 -0
- package/dist/src/index.d.ts +6 -0
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +16 -0
- package/dist/src/index.js.map +1 -1
- package/dist/src/interop/qntm-bridge.d.ts +96 -0
- package/dist/src/interop/qntm-bridge.d.ts.map +1 -0
- package/dist/src/interop/qntm-bridge.js +318 -0
- package/dist/src/interop/qntm-bridge.js.map +1 -0
- package/dist/src/types/data-contribution.d.ts +133 -0
- package/dist/src/types/data-contribution.d.ts.map +1 -0
- package/dist/src/types/data-contribution.js +8 -0
- package/dist/src/types/data-contribution.js.map +1 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -5,9 +5,11 @@
|
|
|
5
5
|
[](https://github.com/aeoess/agent-passport-system)
|
|
6
6
|
[](https://doi.org/10.5281/zenodo.18749779)
|
|
7
7
|
|
|
8
|
+
> **🤖 For AI agents:** If you are an agent reading this, visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable documentation or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete technical reference. This README is designed for humans.
|
|
9
|
+
|
|
8
10
|
Cryptographic identity, ethical governance, economic attribution, data source registration, protocol-native communication, intent architecture, cascade revocation, coordination primitives, and agentic commerce for autonomous AI agents.
|
|
9
11
|
|
|
10
|
-
**37 core modules + 32 v2 constitutional modules.
|
|
12
|
+
**37 core modules + 32 v2 constitutional modules. 1148 tests. Zero heavy dependencies. Running code. MCP server included.**
|
|
11
13
|
|
|
12
14
|
> *As AI agents from different creators, running different models, serving different humans begin to collaborate — who is responsible, under what authority, according to what values, and who benefits?*
|
|
13
15
|
|
|
@@ -407,7 +409,7 @@ Or zero-install remote mode:
|
|
|
407
409
|
npx agent-passport-system-mcp setup --remote
|
|
408
410
|
```
|
|
409
411
|
|
|
410
|
-
**72 tools across all
|
|
412
|
+
**72 tools across all 39 modules, role-scoped access control.** Identity, delegation, agora, values/policy, coordination, and commerce — all accessible via MCP. Every operation Ed25519 signed. Auto-configures Claude Desktop and Cursor.
|
|
411
413
|
|
|
412
414
|
Every operation is Ed25519 signed. Role is auto-detected from task assignments. Role-specific prompts served via MCP prompts API. File-backed task persistence at `~/.agent-passport-tasks.json`.
|
|
413
415
|
|
|
@@ -429,7 +431,7 @@ PyPI: [agent-passport-system](https://pypi.org/project/agent-passport-system/)
|
|
|
429
431
|
|
|
430
432
|
```bash
|
|
431
433
|
npm test
|
|
432
|
-
#
|
|
434
|
+
# 1148 tests across 58 files, 310 suites, 0 failures
|
|
433
435
|
```
|
|
434
436
|
|
|
435
437
|
Includes 50 adversarial tests across 4 test files: Merkle tree tampering, attribution gaming resistance, compliance violations, floor negotiation attacks, wrong-key attestations, cross-chain confused deputy, taint laundering, permit bypass, causal chain manipulation.
|
|
@@ -525,7 +527,7 @@ src/ 32 source files
|
|
|
525
527
|
reputation-authority.ts — Reputation/tier types
|
|
526
528
|
cross-chain.ts — Cross-chain taint/SAO types
|
|
527
529
|
data-source.ts — Data source/access receipt types
|
|
528
|
-
tests/
|
|
530
|
+
tests/ 61 test files, 1148 tests (310 suites)
|
|
529
531
|
adversarial.ts — 50 adversarial cases
|
|
530
532
|
adversarial-paper.test.ts — 22 paper-linked attack scenarios
|
|
531
533
|
adversarial-causal-chain.test.ts — 18 causal chain attacks
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { DataAccessReceipt } from '../types/data-source.js';
|
|
2
|
+
import { ContributionRecord, ContributionQuery, SourceMetrics, AgentDataFootprint } from '../types/data-contribution.js';
|
|
3
|
+
export interface ContributionLedger {
|
|
4
|
+
records: Map<string, ContributionRecord>;
|
|
5
|
+
index: {
|
|
6
|
+
bySource: Map<string, Set<string>>;
|
|
7
|
+
byAgent: Map<string, Set<string>>;
|
|
8
|
+
byPrincipal: Map<string, Set<string>>;
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
export declare function createContributionLedger(): ContributionLedger;
|
|
12
|
+
export declare function recordContribution(ledger: ContributionLedger, receipt: DataAccessReceipt, sourceDescriptor?: string): ContributionRecord;
|
|
13
|
+
export declare function queryContributions(ledger: ContributionLedger, query: ContributionQuery): ContributionRecord[];
|
|
14
|
+
export declare function getSourceMetrics(ledger: ContributionLedger, sourceReceiptId: string): SourceMetrics | null;
|
|
15
|
+
export declare function getAgentDataFootprint(ledger: ContributionLedger, agentId: string): AgentDataFootprint | null;
|
|
16
|
+
//# sourceMappingURL=data-contribution.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"data-contribution.d.ts","sourceRoot":"","sources":["../../../src/core/data-contribution.ts"],"names":[],"mappings":"AAYA,OAAO,EACL,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EACL,kBAAkB,EAAE,iBAAiB,EAAE,aAAa,EACpD,kBAAkB,EACnB,MAAM,+BAA+B,CAAA;AAKtC,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;IACxC,KAAK,EAAE;QACL,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;QAClC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;QACjC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;KACtC,CAAA;CACF;AAED,wBAAgB,wBAAwB,IAAI,kBAAkB,CAS7D;AA2CD,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,kBAAkB,EAC1B,OAAO,EAAE,iBAAiB,EAC1B,gBAAgB,GAAE,MAAW,GAC5B,kBAAkB,CAiDpB;AAID,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,kBAAkB,EAC1B,KAAK,EAAE,iBAAiB,GACvB,kBAAkB,EAAE,CA2BtB;AAKD,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,kBAAkB,EAC1B,eAAe,EAAE,MAAM,GACtB,aAAa,GAAG,IAAI,CA2CtB;AAKD,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,kBAAkB,EAC1B,OAAO,EAAE,MAAM,GACd,kBAAkB,GAAG,IAAI,CAmC3B"}
|
|
@@ -0,0 +1,215 @@
|
|
|
1
|
+
// ══════════════════════════════════════════════════════════════════════
|
|
2
|
+
// Module 38: Data Contribution Ledger
|
|
3
|
+
// ══════════════════════════════════════════════════════════════════════
|
|
4
|
+
// Aggregation layer on top of Module 36A (Data Source Registration).
|
|
5
|
+
// Tracks who accessed what data, how many times, and what's owed.
|
|
6
|
+
//
|
|
7
|
+
// Key principle: receipts are the evidence, the ledger is the index.
|
|
8
|
+
// The ledger doesn't replace 36A — it aggregates 36A receipts into
|
|
9
|
+
// queryable contribution records with compensation accrual.
|
|
10
|
+
// ══════════════════════════════════════════════════════════════════════
|
|
11
|
+
import crypto from 'crypto';
|
|
12
|
+
export function createContributionLedger() {
|
|
13
|
+
return {
|
|
14
|
+
records: new Map(),
|
|
15
|
+
index: {
|
|
16
|
+
bySource: new Map(),
|
|
17
|
+
byAgent: new Map(),
|
|
18
|
+
byPrincipal: new Map(),
|
|
19
|
+
},
|
|
20
|
+
};
|
|
21
|
+
}
|
|
22
|
+
// ── Compensation Computation ──
|
|
23
|
+
function computeCompensation(terms, accessCount) {
|
|
24
|
+
const model = terms.compensation;
|
|
25
|
+
const base = {
|
|
26
|
+
model: model.type,
|
|
27
|
+
totalOwed: 0,
|
|
28
|
+
currency: 'usd',
|
|
29
|
+
accessesBilled: accessCount,
|
|
30
|
+
lastComputedAt: new Date().toISOString(),
|
|
31
|
+
};
|
|
32
|
+
switch (model.type) {
|
|
33
|
+
case 'none':
|
|
34
|
+
case 'attribution_only':
|
|
35
|
+
case 'negotiate':
|
|
36
|
+
return base;
|
|
37
|
+
case 'per_access':
|
|
38
|
+
return { ...base, totalOwed: model.amount * accessCount, currency: model.currency };
|
|
39
|
+
case 'revenue_share':
|
|
40
|
+
// Revenue share requires external revenue data — track percentage only
|
|
41
|
+
return { ...base, model: 'revenue_share', totalOwed: 0 };
|
|
42
|
+
case 'pool':
|
|
43
|
+
return { ...base, model: 'pool' };
|
|
44
|
+
default:
|
|
45
|
+
return base;
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
// ── Record a Contribution ──
|
|
49
|
+
// Takes a DataAccessReceipt from Module 36A and updates the ledger.
|
|
50
|
+
function ledgerKey(receipt) {
|
|
51
|
+
return `${receipt.sourceReceiptId}:${receipt.agentId}:${receipt.principalId}`;
|
|
52
|
+
}
|
|
53
|
+
function addToIndex(index, key, id) {
|
|
54
|
+
if (!index.has(key))
|
|
55
|
+
index.set(key, new Set());
|
|
56
|
+
index.get(key).add(id);
|
|
57
|
+
}
|
|
58
|
+
export function recordContribution(ledger, receipt, sourceDescriptor = '') {
|
|
59
|
+
const key = ledgerKey(receipt);
|
|
60
|
+
const existing = Array.from(ledger.records.values()).find(r => r.sourceReceiptId === receipt.sourceReceiptId
|
|
61
|
+
&& r.agentId === receipt.agentId
|
|
62
|
+
&& r.principalId === receipt.principalId);
|
|
63
|
+
if (existing) {
|
|
64
|
+
// Update existing contribution record
|
|
65
|
+
existing.accessCount += 1;
|
|
66
|
+
existing.lastAccessAt = receipt.timestamp;
|
|
67
|
+
if (!existing.purposes.includes(receipt.declaredPurpose)) {
|
|
68
|
+
existing.purposes.push(receipt.declaredPurpose);
|
|
69
|
+
}
|
|
70
|
+
if (!existing.accessMethods.includes(receipt.accessMethod)) {
|
|
71
|
+
existing.accessMethods.push(receipt.accessMethod);
|
|
72
|
+
}
|
|
73
|
+
existing.receiptIds.push(receipt.accessReceiptId);
|
|
74
|
+
existing.compensationAccrued = computeCompensation(receipt.termsAtAccessTime, existing.accessCount);
|
|
75
|
+
return existing;
|
|
76
|
+
}
|
|
77
|
+
// Create new contribution record
|
|
78
|
+
const record = {
|
|
79
|
+
contributionId: 'dcr_' + crypto.randomUUID(),
|
|
80
|
+
sourceReceiptId: receipt.sourceReceiptId,
|
|
81
|
+
sourceDescriptor,
|
|
82
|
+
agentId: receipt.agentId,
|
|
83
|
+
agentPublicKey: receipt.agentPublicKey,
|
|
84
|
+
principalId: receipt.principalId,
|
|
85
|
+
accessCount: 1,
|
|
86
|
+
firstAccessAt: receipt.timestamp,
|
|
87
|
+
lastAccessAt: receipt.timestamp,
|
|
88
|
+
purposes: [receipt.declaredPurpose],
|
|
89
|
+
accessMethods: [receipt.accessMethod],
|
|
90
|
+
compensationAccrued: computeCompensation(receipt.termsAtAccessTime, 1),
|
|
91
|
+
receiptIds: [receipt.accessReceiptId],
|
|
92
|
+
};
|
|
93
|
+
ledger.records.set(record.contributionId, record);
|
|
94
|
+
addToIndex(ledger.index.bySource, receipt.sourceReceiptId, record.contributionId);
|
|
95
|
+
addToIndex(ledger.index.byAgent, receipt.agentId, record.contributionId);
|
|
96
|
+
addToIndex(ledger.index.byPrincipal, receipt.principalId, record.contributionId);
|
|
97
|
+
return record;
|
|
98
|
+
}
|
|
99
|
+
// ── Query Contributions ──
|
|
100
|
+
export function queryContributions(ledger, query) {
|
|
101
|
+
let candidates;
|
|
102
|
+
// Use index for fast lookup when possible
|
|
103
|
+
if (query.sourceReceiptId && ledger.index.bySource.has(query.sourceReceiptId)) {
|
|
104
|
+
const ids = ledger.index.bySource.get(query.sourceReceiptId);
|
|
105
|
+
candidates = Array.from(ids).map(id => ledger.records.get(id)).filter(Boolean);
|
|
106
|
+
}
|
|
107
|
+
else if (query.agentId && ledger.index.byAgent.has(query.agentId)) {
|
|
108
|
+
const ids = ledger.index.byAgent.get(query.agentId);
|
|
109
|
+
candidates = Array.from(ids).map(id => ledger.records.get(id)).filter(Boolean);
|
|
110
|
+
}
|
|
111
|
+
else if (query.principalId && ledger.index.byPrincipal.has(query.principalId)) {
|
|
112
|
+
const ids = ledger.index.byPrincipal.get(query.principalId);
|
|
113
|
+
candidates = Array.from(ids).map(id => ledger.records.get(id)).filter(Boolean);
|
|
114
|
+
}
|
|
115
|
+
else {
|
|
116
|
+
candidates = Array.from(ledger.records.values());
|
|
117
|
+
}
|
|
118
|
+
return candidates.filter(r => {
|
|
119
|
+
if (query.sourceReceiptId && r.sourceReceiptId !== query.sourceReceiptId)
|
|
120
|
+
return false;
|
|
121
|
+
if (query.agentId && r.agentId !== query.agentId)
|
|
122
|
+
return false;
|
|
123
|
+
if (query.principalId && r.principalId !== query.principalId)
|
|
124
|
+
return false;
|
|
125
|
+
if (query.purpose && !r.purposes.includes(query.purpose))
|
|
126
|
+
return false;
|
|
127
|
+
if (query.after && r.lastAccessAt < query.after)
|
|
128
|
+
return false;
|
|
129
|
+
if (query.before && r.firstAccessAt > query.before)
|
|
130
|
+
return false;
|
|
131
|
+
if (query.minAccessCount && r.accessCount < query.minAccessCount)
|
|
132
|
+
return false;
|
|
133
|
+
return true;
|
|
134
|
+
});
|
|
135
|
+
}
|
|
136
|
+
// ── Source Metrics ──
|
|
137
|
+
// "Show me how many agents used our dataset this month and what's owed"
|
|
138
|
+
export function getSourceMetrics(ledger, sourceReceiptId) {
|
|
139
|
+
const records = queryContributions(ledger, { sourceReceiptId });
|
|
140
|
+
if (records.length === 0)
|
|
141
|
+
return null;
|
|
142
|
+
const uniqueAgents = new Set(records.map(r => r.agentId));
|
|
143
|
+
const uniquePrincipals = new Set(records.map(r => r.principalId));
|
|
144
|
+
const purposeBreakdown = {};
|
|
145
|
+
let totalAccesses = 0;
|
|
146
|
+
let totalOwed = 0;
|
|
147
|
+
let currency = 'usd';
|
|
148
|
+
for (const r of records) {
|
|
149
|
+
totalAccesses += r.accessCount;
|
|
150
|
+
totalOwed += r.compensationAccrued.totalOwed;
|
|
151
|
+
currency = r.compensationAccrued.currency || currency;
|
|
152
|
+
for (const p of r.purposes) {
|
|
153
|
+
purposeBreakdown[p] = (purposeBreakdown[p] || 0) + r.accessCount;
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
const topAgents = records
|
|
157
|
+
.sort((a, b) => b.accessCount - a.accessCount)
|
|
158
|
+
.slice(0, 10)
|
|
159
|
+
.map(r => ({ agentId: r.agentId, accessCount: r.accessCount }));
|
|
160
|
+
return {
|
|
161
|
+
sourceReceiptId,
|
|
162
|
+
sourceDescriptor: records[0]?.sourceDescriptor || '',
|
|
163
|
+
totalAccesses,
|
|
164
|
+
uniqueAgents: uniqueAgents.size,
|
|
165
|
+
uniquePrincipals: uniquePrincipals.size,
|
|
166
|
+
purposeBreakdown,
|
|
167
|
+
compensationOwed: {
|
|
168
|
+
model: records[0]?.compensationAccrued.model || 'none',
|
|
169
|
+
totalOwed,
|
|
170
|
+
currency,
|
|
171
|
+
accessesBilled: totalAccesses,
|
|
172
|
+
lastComputedAt: new Date().toISOString(),
|
|
173
|
+
},
|
|
174
|
+
firstAccess: records.reduce((min, r) => r.firstAccessAt < min ? r.firstAccessAt : min, records[0].firstAccessAt),
|
|
175
|
+
lastAccess: records.reduce((max, r) => r.lastAccessAt > max ? r.lastAccessAt : max, records[0].lastAccessAt),
|
|
176
|
+
topAgents,
|
|
177
|
+
};
|
|
178
|
+
}
|
|
179
|
+
// ── Agent Data Footprint ──
|
|
180
|
+
// "Show me every data source this agent has touched"
|
|
181
|
+
export function getAgentDataFootprint(ledger, agentId) {
|
|
182
|
+
const records = queryContributions(ledger, { agentId });
|
|
183
|
+
if (records.length === 0)
|
|
184
|
+
return null;
|
|
185
|
+
let totalAccesses = 0;
|
|
186
|
+
let totalComp = 0;
|
|
187
|
+
let currency = 'usd';
|
|
188
|
+
const sources = records.map(r => {
|
|
189
|
+
totalAccesses += r.accessCount;
|
|
190
|
+
totalComp += r.compensationAccrued.totalOwed;
|
|
191
|
+
currency = r.compensationAccrued.currency || currency;
|
|
192
|
+
const status = r.compensationAccrued.model === 'none' ? 'none'
|
|
193
|
+
: r.compensationAccrued.model === 'attribution_only' ? 'attribution_only'
|
|
194
|
+
: r.compensationAccrued.totalOwed > 0 ? 'accruing' : 'none';
|
|
195
|
+
return {
|
|
196
|
+
sourceReceiptId: r.sourceReceiptId,
|
|
197
|
+
sourceDescriptor: r.sourceDescriptor,
|
|
198
|
+
accessCount: r.accessCount,
|
|
199
|
+
purposes: r.purposes,
|
|
200
|
+
lastAccess: r.lastAccessAt,
|
|
201
|
+
compensationStatus: status,
|
|
202
|
+
};
|
|
203
|
+
});
|
|
204
|
+
return {
|
|
205
|
+
agentId,
|
|
206
|
+
agentPublicKey: records[0].agentPublicKey,
|
|
207
|
+
principalId: records[0].principalId,
|
|
208
|
+
sourcesAccessed: sources,
|
|
209
|
+
totalSources: records.length,
|
|
210
|
+
totalAccesses,
|
|
211
|
+
totalCompensationAccrued: totalComp,
|
|
212
|
+
currency,
|
|
213
|
+
};
|
|
214
|
+
}
|
|
215
|
+
//# sourceMappingURL=data-contribution.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"data-contribution.js","sourceRoot":"","sources":["../../../src/core/data-contribution.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,sCAAsC;AACtC,yEAAyE;AACzE,qEAAqE;AACrE,kEAAkE;AAClE,EAAE;AACF,qEAAqE;AACrE,mEAAmE;AACnE,4DAA4D;AAC5D,yEAAyE;AAEzE,OAAO,MAAM,MAAM,QAAQ,CAAA;AAqB3B,MAAM,UAAU,wBAAwB;IACtC,OAAO;QACL,OAAO,EAAE,IAAI,GAAG,EAAE;QAClB,KAAK,EAAE;YACL,QAAQ,EAAE,IAAI,GAAG,EAAE;YACnB,OAAO,EAAE,IAAI,GAAG,EAAE;YAClB,WAAW,EAAE,IAAI,GAAG,EAAE;SACvB;KACF,CAAA;AACH,CAAC;AAED,iCAAiC;AAEjC,SAAS,mBAAmB,CAAC,KAAgB,EAAE,WAAmB;IAChE,MAAM,KAAK,GAAG,KAAK,CAAC,YAAY,CAAA;IAChC,MAAM,IAAI,GAAwB;QAChC,KAAK,EAAE,KAAK,CAAC,IAAI;QACjB,SAAS,EAAE,CAAC;QACZ,QAAQ,EAAE,KAAK;QACf,cAAc,EAAE,WAAW;QAC3B,cAAc,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACzC,CAAA;IAED,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC;QACZ,KAAK,kBAAkB,CAAC;QACxB,KAAK,WAAW;YACd,OAAO,IAAI,CAAA;QACb,KAAK,YAAY;YACf,OAAO,EAAE,GAAG,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,GAAG,WAAW,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAA;QACrF,KAAK,eAAe;YAClB,uEAAuE;YACvE,OAAO,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,EAAE,CAAA;QAC1D,KAAK,MAAM;YACT,OAAO,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAA;QACnC;YACE,OAAO,IAAI,CAAA;IACf,CAAC;AACH,CAAC;AAED,8BAA8B;AAC9B,oEAAoE;AAEpE,SAAS,SAAS,CAAC,OAA0B;IAC3C,OAAO,GAAG,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE,CAAA;AAC/E,CAAC;AAED,SAAS,UAAU,CAAC,KAA+B,EAAE,GAAW,EAAE,EAAU;IAC1E,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,CAAC,CAAA;IAC9C,KAAK,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,MAA0B,EAC1B,OAA0B,EAC1B,mBAA2B,EAAE;IAE7B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAA;IAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CACvD,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,OAAO,CAAC,eAAe;WAC7C,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,OAAO;WAC7B,CAAC,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,CAC3C,CAAA;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,sCAAsC;QACtC,QAAQ,CAAC,WAAW,IAAI,CAAC,CAAA;QACzB,QAAQ,CAAC,YAAY,GAAG,OAAO,CAAC,SAAS,CAAA;QACzC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YACzD,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;QACjD,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAC3D,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;QACnD,CAAC;QACD,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;QACjD,QAAQ,CAAC,mBAAmB,GAAG,mBAAmB,CAChD,OAAO,CAAC,iBAAiB,EAAE,QAAQ,CAAC,WAAW,CAChD,CAAA;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,iCAAiC;IACjC,MAAM,MAAM,GAAuB;QACjC,cAAc,EAAE,MAAM,GAAG,MAAM,CAAC,UAAU,EAAE;QAC5C,eAAe,EAAE,OAAO,CAAC,eAAe;QACxC,gBAAgB;QAChB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,WAAW,EAAE,CAAC;QACd,aAAa,EAAE,OAAO,CAAC,SAAS;QAChC,YAAY,EAAE,OAAO,CAAC,SAAS;QAC/B,QAAQ,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC;QACnC,aAAa,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC;QACrC,mBAAmB,EAAE,mBAAmB,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;QACtE,UAAU,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC;KACtC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAA;IACjD,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,eAAe,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;IACjF,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;IACxE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;IAEhF,OAAO,MAAM,CAAA;AACf,CAAC;AAED,4BAA4B;AAE5B,MAAM,UAAU,kBAAkB,CAChC,MAA0B,EAC1B,KAAwB;IAExB,IAAI,UAAgC,CAAA;IAEpC,0CAA0C;IAC1C,IAAI,KAAK,CAAC,eAAe,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;QAC9E,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,CAAE,CAAA;QAC7D,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IACjF,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACpE,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAE,CAAA;QACpD,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IACjF,CAAC;SAAM,IAAI,KAAK,CAAC,WAAW,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QAChF,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAE,CAAA;QAC5D,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IACjF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;IAClD,CAAC;IAED,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAC3B,IAAI,KAAK,CAAC,eAAe,IAAI,CAAC,CAAC,eAAe,KAAK,KAAK,CAAC,eAAe;YAAE,OAAO,KAAK,CAAA;QACtF,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;QAC9D,IAAI,KAAK,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,KAAK,KAAK,CAAC,WAAW;YAAE,OAAO,KAAK,CAAA;QAC1E,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC;YAAE,OAAO,KAAK,CAAA;QACtE,IAAI,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,YAAY,GAAG,KAAK,CAAC,KAAK;YAAE,OAAO,KAAK,CAAA;QAC7D,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,aAAa,GAAG,KAAK,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QAChE,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC,WAAW,GAAG,KAAK,CAAC,cAAc;YAAE,OAAO,KAAK,CAAA;QAC9E,OAAO,IAAI,CAAA;IACb,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,uBAAuB;AACvB,wEAAwE;AAExE,MAAM,UAAU,gBAAgB,CAC9B,MAA0B,EAC1B,eAAuB;IAEvB,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,EAAE,EAAE,eAAe,EAAE,CAAC,CAAA;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAErC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAA;IACzD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAA;IACjE,MAAM,gBAAgB,GAA2B,EAAE,CAAA;IACnD,IAAI,aAAa,GAAG,CAAC,CAAA;IACrB,IAAI,SAAS,GAAG,CAAC,CAAA;IACjB,IAAI,QAAQ,GAAG,KAAK,CAAA;IAEpB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,aAAa,IAAI,CAAC,CAAC,WAAW,CAAA;QAC9B,SAAS,IAAI,CAAC,CAAC,mBAAmB,CAAC,SAAS,CAAA;QAC5C,QAAQ,GAAG,CAAC,CAAC,mBAAmB,CAAC,QAAQ,IAAI,QAAQ,CAAA;QACrD,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC3B,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,WAAW,CAAA;QAClE,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,OAAO;SACtB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;SAC7C,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAA;IAEjE,OAAO;QACL,eAAe;QACf,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,gBAAgB,IAAI,EAAE;QACpD,aAAa;QACb,YAAY,EAAE,YAAY,CAAC,IAAI;QAC/B,gBAAgB,EAAE,gBAAgB,CAAC,IAAI;QACvC,gBAAgB;QAChB,gBAAgB,EAAE;YAChB,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,mBAAmB,CAAC,KAAK,IAAI,MAAM;YACtD,SAAS;YACT,QAAQ;YACR,cAAc,EAAE,aAAa;YAC7B,cAAc,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACzC;QACD,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;QAChH,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;QAC5G,SAAS;KACV,CAAA;AACH,CAAC;AAED,6BAA6B;AAC7B,qDAAqD;AAErD,MAAM,UAAU,qBAAqB,CACnC,MAA0B,EAC1B,OAAe;IAEf,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,CAAA;IACvD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAErC,IAAI,aAAa,GAAG,CAAC,CAAA;IACrB,IAAI,SAAS,GAAG,CAAC,CAAA;IACjB,IAAI,QAAQ,GAAG,KAAK,CAAA;IAEpB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAC9B,aAAa,IAAI,CAAC,CAAC,WAAW,CAAA;QAC9B,SAAS,IAAI,CAAC,CAAC,mBAAmB,CAAC,SAAS,CAAA;QAC5C,QAAQ,GAAG,CAAC,CAAC,mBAAmB,CAAC,QAAQ,IAAI,QAAQ,CAAA;QACrD,MAAM,MAAM,GAAG,CAAC,CAAC,mBAAmB,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,MAAe;YACrE,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,KAAK,KAAK,kBAAkB,CAAC,CAAC,CAAC,kBAA2B;gBAClF,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,UAAmB,CAAC,CAAC,CAAC,MAAe,CAAA;QAC/E,OAAO;YACL,eAAe,EAAE,CAAC,CAAC,eAAe;YAClC,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,UAAU,EAAE,CAAC,CAAC,YAAY;YAC1B,kBAAkB,EAAE,MAAM;SAC3B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,OAAO;QACL,OAAO;QACP,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,cAAc;QACzC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW;QACnC,eAAe,EAAE,OAAO;QACxB,YAAY,EAAE,OAAO,CAAC,MAAM;QAC5B,aAAa;QACb,wBAAwB,EAAE,SAAS;QACnC,QAAQ;KACT,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { DataAccessReceipt, SourceReceipt, DataPurpose, AccessMethod } from '../types/data-source.js';
|
|
2
|
+
import { ContributionLedger } from './data-contribution.js';
|
|
3
|
+
export interface DataEnforcementConfig {
|
|
4
|
+
gatewayId: string;
|
|
5
|
+
gatewayPublicKey: string;
|
|
6
|
+
gatewayPrivateKey: string;
|
|
7
|
+
mode: 'enforce' | 'audit' | 'off';
|
|
8
|
+
onAccessBlocked?: (agentId: string, sourceId: string, violations: string[]) => void;
|
|
9
|
+
onAccessRecorded?: (receipt: DataAccessReceipt) => void;
|
|
10
|
+
onTermsWarning?: (agentId: string, sourceId: string, warnings: string[]) => void;
|
|
11
|
+
}
|
|
12
|
+
export interface DataAccessRequest {
|
|
13
|
+
agentId: string;
|
|
14
|
+
agentPublicKey: string;
|
|
15
|
+
principalId: string;
|
|
16
|
+
delegationId?: string;
|
|
17
|
+
sourceReceiptId: string;
|
|
18
|
+
declaredPurpose: DataPurpose;
|
|
19
|
+
accessMethod: AccessMethod;
|
|
20
|
+
accessScope: string;
|
|
21
|
+
executionFrameId: string;
|
|
22
|
+
dataHash?: string;
|
|
23
|
+
}
|
|
24
|
+
export interface DataAccessDecision {
|
|
25
|
+
allowed: boolean;
|
|
26
|
+
sourceReceiptId: string;
|
|
27
|
+
hardViolations: string[];
|
|
28
|
+
advisoryWarnings: string[];
|
|
29
|
+
receipt?: DataAccessReceipt;
|
|
30
|
+
accessesRemaining?: number;
|
|
31
|
+
}
|
|
32
|
+
export declare class DataEnforcementGate {
|
|
33
|
+
private config;
|
|
34
|
+
private sources;
|
|
35
|
+
private ledger;
|
|
36
|
+
private receipts;
|
|
37
|
+
constructor(config: DataEnforcementConfig, ledger?: ContributionLedger);
|
|
38
|
+
/** Register a data source with the gate. Only registered sources are enforced. */
|
|
39
|
+
registerSource(receipt: SourceReceipt, descriptor: string): void;
|
|
40
|
+
/** Get the contribution ledger for settlement/reporting */
|
|
41
|
+
getLedger(): ContributionLedger;
|
|
42
|
+
/** Get all access receipts */
|
|
43
|
+
getReceipts(): DataAccessReceipt[];
|
|
44
|
+
/** Get Merkle root of all receipts */
|
|
45
|
+
getMerkleRoot(): string;
|
|
46
|
+
/**
|
|
47
|
+
* Check whether an agent can access a data source.
|
|
48
|
+
* In 'enforce' mode, blocks non-compliant access.
|
|
49
|
+
* In 'audit' mode, logs but allows.
|
|
50
|
+
* Always generates a receipt and feeds the contribution ledger.
|
|
51
|
+
*/
|
|
52
|
+
checkAccess(request: DataAccessRequest): DataAccessDecision;
|
|
53
|
+
/** Bulk check: verify an agent can access all required sources before starting execution */
|
|
54
|
+
preflightCheck(requests: DataAccessRequest[]): {
|
|
55
|
+
allAllowed: boolean;
|
|
56
|
+
decisions: DataAccessDecision[];
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
//# sourceMappingURL=data-enforcement.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"data-enforcement.d.ts","sourceRoot":"","sources":["../../../src/core/data-enforcement.ts"],"names":[],"mappings":"AAYA,OAAO,EACL,iBAAiB,EAAa,aAAa,EAAE,WAAW,EAAE,YAAY,EACvE,MAAM,yBAAyB,CAAA;AAIhC,OAAO,EACL,kBAAkB,EACnB,MAAM,wBAAwB,CAAA;AAI/B,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAA;IACjB,gBAAgB,EAAE,MAAM,CAAA;IACxB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,EAAE,SAAS,GAAG,OAAO,GAAG,KAAK,CAAA;IAEjC,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,IAAI,CAAA;IACnF,gBAAgB,CAAC,EAAE,CAAC,OAAO,EAAE,iBAAiB,KAAK,IAAI,CAAA;IACvD,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,IAAI,CAAA;CACjF;AAYD,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,EAAE,MAAM,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,eAAe,EAAE,MAAM,CAAA;IACvB,eAAe,EAAE,WAAW,CAAA;IAC5B,YAAY,EAAE,YAAY,CAAA;IAC1B,WAAW,EAAE,MAAM,CAAA;IACnB,gBAAgB,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAID,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAA;IAChB,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,OAAO,CAAC,EAAE,iBAAiB,CAAA;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B;AAID,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,OAAO,CAA2C;IAC1D,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,QAAQ,CAA0B;gBAE9B,MAAM,EAAE,qBAAqB,EAAE,MAAM,CAAC,EAAE,kBAAkB;IAKtE,kFAAkF;IAClF,cAAc,CAAC,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAIhE,2DAA2D;IAC3D,SAAS,IAAI,kBAAkB;IAE/B,8BAA8B;IAC9B,WAAW,IAAI,iBAAiB,EAAE;IAElC,sCAAsC;IACtC,aAAa,IAAI,MAAM;IAEvB;;;;;OAKG;IACH,WAAW,CAAC,OAAO,EAAE,iBAAiB,GAAG,kBAAkB;IA4E3D,4FAA4F;IAC5F,cAAc,CAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG;QAAE,UAAU,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,kBAAkB,EAAE,CAAA;KAAE;CAsBxG"}
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
// ══════════════════════════════════════════════════════════════════════
|
|
2
|
+
// Data Enforcement Gate
|
|
3
|
+
// ══════════════════════════════════════════════════════════════════════
|
|
4
|
+
// Sits alongside the ProxyGateway. Before an agent accesses data,
|
|
5
|
+
// the enforcement gate checks DataTerms, blocks if non-compliant,
|
|
6
|
+
// and automatically generates access receipts + contribution records.
|
|
7
|
+
//
|
|
8
|
+
// Key principle: the agent cannot skip this check. The gateway calls
|
|
9
|
+
// the enforcement gate before executing any data-accessing tool.
|
|
10
|
+
// ══════════════════════════════════════════════════════════════════════
|
|
11
|
+
import crypto from 'crypto';
|
|
12
|
+
import { checkTermsCompliance, recordDataAccess, buildDataAccessMerkleRoot, } from './data-source.js';
|
|
13
|
+
import { createContributionLedger, recordContribution, } from './data-contribution.js';
|
|
14
|
+
// ── Data Enforcement Gate ──
|
|
15
|
+
export class DataEnforcementGate {
|
|
16
|
+
config;
|
|
17
|
+
sources = new Map();
|
|
18
|
+
ledger;
|
|
19
|
+
receipts = [];
|
|
20
|
+
constructor(config, ledger) {
|
|
21
|
+
this.config = config;
|
|
22
|
+
this.ledger = ledger || createContributionLedger();
|
|
23
|
+
}
|
|
24
|
+
/** Register a data source with the gate. Only registered sources are enforced. */
|
|
25
|
+
registerSource(receipt, descriptor) {
|
|
26
|
+
this.sources.set(receipt.sourceReceiptId, { receipt, descriptor, accessCount: 0 });
|
|
27
|
+
}
|
|
28
|
+
/** Get the contribution ledger for settlement/reporting */
|
|
29
|
+
getLedger() { return this.ledger; }
|
|
30
|
+
/** Get all access receipts */
|
|
31
|
+
getReceipts() { return [...this.receipts]; }
|
|
32
|
+
/** Get Merkle root of all receipts */
|
|
33
|
+
getMerkleRoot() { return buildDataAccessMerkleRoot(this.receipts); }
|
|
34
|
+
/**
|
|
35
|
+
* Check whether an agent can access a data source.
|
|
36
|
+
* In 'enforce' mode, blocks non-compliant access.
|
|
37
|
+
* In 'audit' mode, logs but allows.
|
|
38
|
+
* Always generates a receipt and feeds the contribution ledger.
|
|
39
|
+
*/
|
|
40
|
+
checkAccess(request) {
|
|
41
|
+
if (this.config.mode === 'off') {
|
|
42
|
+
return { allowed: true, sourceReceiptId: request.sourceReceiptId, hardViolations: [], advisoryWarnings: [] };
|
|
43
|
+
}
|
|
44
|
+
const source = this.sources.get(request.sourceReceiptId);
|
|
45
|
+
if (!source) {
|
|
46
|
+
return {
|
|
47
|
+
allowed: false,
|
|
48
|
+
sourceReceiptId: request.sourceReceiptId,
|
|
49
|
+
hardViolations: ['Source not registered with enforcement gate'],
|
|
50
|
+
advisoryWarnings: [],
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
// Check terms compliance
|
|
54
|
+
const compliance = checkTermsCompliance({
|
|
55
|
+
sourceReceipt: source.receipt,
|
|
56
|
+
agentId: request.agentId,
|
|
57
|
+
principalId: request.principalId,
|
|
58
|
+
declaredPurpose: request.declaredPurpose,
|
|
59
|
+
currentAccessCount: source.accessCount,
|
|
60
|
+
});
|
|
61
|
+
// In enforce mode, block if hard violations exist
|
|
62
|
+
if (this.config.mode === 'enforce' && !compliance.compliant) {
|
|
63
|
+
this.config.onAccessBlocked?.(request.agentId, request.sourceReceiptId, compliance.hardViolations);
|
|
64
|
+
return {
|
|
65
|
+
allowed: false,
|
|
66
|
+
sourceReceiptId: request.sourceReceiptId,
|
|
67
|
+
hardViolations: compliance.hardViolations,
|
|
68
|
+
advisoryWarnings: compliance.advisoryWarnings,
|
|
69
|
+
accessesRemaining: compliance.accessesRemaining,
|
|
70
|
+
};
|
|
71
|
+
}
|
|
72
|
+
// Advisory warnings (both modes)
|
|
73
|
+
if (compliance.advisoryWarnings.length > 0) {
|
|
74
|
+
this.config.onTermsWarning?.(request.agentId, request.sourceReceiptId, compliance.advisoryWarnings);
|
|
75
|
+
}
|
|
76
|
+
// Generate access receipt (gateway-signed, third-party attestation)
|
|
77
|
+
const receipt = recordDataAccess({
|
|
78
|
+
sourceReceipt: source.receipt,
|
|
79
|
+
dataHash: request.dataHash || crypto.createHash('sha256').update(request.executionFrameId + request.sourceReceiptId).digest('hex'),
|
|
80
|
+
agentId: request.agentId,
|
|
81
|
+
agentPublicKey: request.agentPublicKey,
|
|
82
|
+
delegationId: request.delegationId,
|
|
83
|
+
principalId: request.principalId,
|
|
84
|
+
executionFrameId: request.executionFrameId,
|
|
85
|
+
accessScope: request.accessScope,
|
|
86
|
+
accessMethod: request.accessMethod,
|
|
87
|
+
declaredPurpose: request.declaredPurpose,
|
|
88
|
+
gatewayId: this.config.gatewayId,
|
|
89
|
+
gatewayPublicKey: this.config.gatewayPublicKey,
|
|
90
|
+
gatewayPrivateKey: this.config.gatewayPrivateKey,
|
|
91
|
+
});
|
|
92
|
+
// Update tracking
|
|
93
|
+
source.accessCount++;
|
|
94
|
+
this.receipts.push(receipt);
|
|
95
|
+
this.config.onAccessRecorded?.(receipt);
|
|
96
|
+
// Feed the contribution ledger
|
|
97
|
+
recordContribution(this.ledger, receipt, source.descriptor);
|
|
98
|
+
return {
|
|
99
|
+
allowed: true,
|
|
100
|
+
sourceReceiptId: request.sourceReceiptId,
|
|
101
|
+
hardViolations: compliance.hardViolations, // empty in enforce mode if we got here
|
|
102
|
+
advisoryWarnings: compliance.advisoryWarnings,
|
|
103
|
+
receipt,
|
|
104
|
+
accessesRemaining: compliance.accessesRemaining,
|
|
105
|
+
};
|
|
106
|
+
}
|
|
107
|
+
/** Bulk check: verify an agent can access all required sources before starting execution */
|
|
108
|
+
preflightCheck(requests) {
|
|
109
|
+
const decisions = requests.map(r => {
|
|
110
|
+
// Dry run — don't generate receipts, just check compliance
|
|
111
|
+
const source = this.sources.get(r.sourceReceiptId);
|
|
112
|
+
if (!source)
|
|
113
|
+
return { allowed: false, sourceReceiptId: r.sourceReceiptId, hardViolations: ['Source not registered'], advisoryWarnings: [] };
|
|
114
|
+
const compliance = checkTermsCompliance({
|
|
115
|
+
sourceReceipt: source.receipt,
|
|
116
|
+
agentId: r.agentId,
|
|
117
|
+
principalId: r.principalId,
|
|
118
|
+
declaredPurpose: r.declaredPurpose,
|
|
119
|
+
currentAccessCount: source.accessCount,
|
|
120
|
+
});
|
|
121
|
+
return {
|
|
122
|
+
allowed: this.config.mode === 'enforce' ? compliance.compliant : true,
|
|
123
|
+
sourceReceiptId: r.sourceReceiptId,
|
|
124
|
+
hardViolations: compliance.hardViolations,
|
|
125
|
+
advisoryWarnings: compliance.advisoryWarnings,
|
|
126
|
+
accessesRemaining: compliance.accessesRemaining,
|
|
127
|
+
};
|
|
128
|
+
});
|
|
129
|
+
return { allAllowed: decisions.every(d => d.allowed), decisions };
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
//# sourceMappingURL=data-enforcement.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"data-enforcement.js","sourceRoot":"","sources":["../../../src/core/data-enforcement.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,wBAAwB;AACxB,yEAAyE;AACzE,kEAAkE;AAClE,kEAAkE;AAClE,sEAAsE;AACtE,EAAE;AACF,qEAAqE;AACrE,iEAAiE;AACjE,yEAAyE;AAEzE,OAAO,MAAM,MAAM,QAAQ,CAAA;AAI3B,OAAO,EACL,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,GAClE,MAAM,kBAAkB,CAAA;AACzB,OAAO,EACe,wBAAwB,EAAE,kBAAkB,GACjE,MAAM,wBAAwB,CAAA;AAiD/B,8BAA8B;AAE9B,MAAM,OAAO,mBAAmB;IACtB,MAAM,CAAuB;IAC7B,OAAO,GAAkC,IAAI,GAAG,EAAE,CAAA;IAClD,MAAM,CAAoB;IAC1B,QAAQ,GAAwB,EAAE,CAAA;IAE1C,YAAY,MAA6B,EAAE,MAA2B;QACpE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,wBAAwB,EAAE,CAAA;IACpD,CAAC;IAED,kFAAkF;IAClF,cAAc,CAAC,OAAsB,EAAE,UAAkB;QACvD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAA;IACpF,CAAC;IAED,2DAA2D;IAC3D,SAAS,KAAyB,OAAO,IAAI,CAAC,MAAM,CAAA,CAAC,CAAC;IAEtD,8BAA8B;IAC9B,WAAW,KAA0B,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAA,CAAC,CAAC;IAEhE,sCAAsC;IACtC,aAAa,KAAa,OAAO,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA,CAAC,CAAC;IAE3E;;;;;OAKG;IACH,WAAW,CAAC,OAA0B;QACpC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YAC/B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,CAAC,eAAe,EAAE,cAAc,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAA;QAC9G,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,cAAc,EAAE,CAAC,6CAA6C,CAAC;gBAC/D,gBAAgB,EAAE,EAAE;aACrB,CAAA;QACH,CAAC;QAED,yBAAyB;QACzB,MAAM,UAAU,GAAG,oBAAoB,CAAC;YACtC,aAAa,EAAE,MAAM,CAAC,OAAO;YAC7B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,kBAAkB,EAAE,MAAM,CAAC,WAAW;SACvC,CAAC,CAAA;QAEF,kDAAkD;QAClD,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;YAC5D,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,EAAE,UAAU,CAAC,cAAc,CAAC,CAAA;YAClG,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,cAAc,EAAE,UAAU,CAAC,cAAc;gBACzC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;gBAC7C,iBAAiB,EAAE,UAAU,CAAC,iBAAiB;aAChD,CAAA;QACH,CAAC;QAED,iCAAiC;QACjC,IAAI,UAAU,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,EAAE,UAAU,CAAC,gBAAgB,CAAC,CAAA;QACrG,CAAC;QAED,oEAAoE;QACpE,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,aAAa,EAAE,MAAM,CAAC,OAAO;YAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAClI,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAChC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB;YAC9C,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;SACjD,CAAC,CAAA;QAEF,kBAAkB;QAClB,MAAM,CAAC,WAAW,EAAE,CAAA;QACpB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC3B,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC,CAAA;QAEvC,+BAA+B;QAC/B,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;QAE3D,OAAO;YACL,OAAO,EAAE,IAAI;YACb,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,cAAc,EAAE,UAAU,CAAC,cAAc,EAAE,uCAAuC;YAClF,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;YAC7C,OAAO;YACP,iBAAiB,EAAE,UAAU,CAAC,iBAAiB;SAChD,CAAA;IACH,CAAC;IAED,4FAA4F;IAC5F,cAAc,CAAC,QAA6B;QAC1C,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;YACjC,2DAA2D;YAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAA;YAClD,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC,eAAe,EAAE,cAAc,EAAE,CAAC,uBAAuB,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAA;YAC3I,MAAM,UAAU,GAAG,oBAAoB,CAAC;gBACtC,aAAa,EAAE,MAAM,CAAC,OAAO;gBAC7B,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,eAAe,EAAE,CAAC,CAAC,eAAe;gBAClC,kBAAkB,EAAE,MAAM,CAAC,WAAW;aACvC,CAAC,CAAA;YACF,OAAO;gBACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;gBACrE,eAAe,EAAE,CAAC,CAAC,eAAe;gBAClC,cAAc,EAAE,UAAU,CAAC,cAAc;gBACzC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;gBAC7C,iBAAiB,EAAE,UAAU,CAAC,iBAAiB;aAChD,CAAA;QACH,CAAC,CAAC,CAAA;QACF,OAAO,EAAE,UAAU,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,CAAA;IACnE,CAAC;CACF"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { SettlementRecord, SettlementPeriod, SettlementVerification, DataComplianceReport } from '../types/data-contribution.js';
|
|
2
|
+
import { ContributionLedger } from './data-contribution.js';
|
|
3
|
+
export declare function generateSettlement(ledger: ContributionLedger, period: SettlementPeriod, generatorPublicKey: string, generatorPrivateKey: string): SettlementRecord;
|
|
4
|
+
export declare function verifySettlement(record: SettlementRecord): SettlementVerification;
|
|
5
|
+
export declare function generateComplianceReport(ledger: ContributionLedger, period: SettlementPeriod, reportType: DataComplianceReport['reportType'], generatorPrivateKey: string, options?: {
|
|
6
|
+
agentId?: string;
|
|
7
|
+
principalId?: string;
|
|
8
|
+
}): DataComplianceReport;
|
|
9
|
+
//# sourceMappingURL=data-settlement.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"data-settlement.d.ts","sourceRoot":"","sources":["../../../src/core/data-settlement.ts"],"names":[],"mappings":"AAeA,OAAO,EACL,gBAAgB,EAAsB,gBAAgB,EACtD,sBAAsB,EAAE,oBAAoB,EAC7C,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,kBAAkB,EAAsB,MAAM,wBAAwB,CAAA;AAwC/E,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,kBAAkB,EAC1B,MAAM,EAAE,gBAAgB,EACxB,kBAAkB,EAAE,MAAM,EAC1B,mBAAmB,EAAE,MAAM,GAC1B,gBAAgB,CAkDlB;AAID,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,sBAAsB,CAkCjF;AAKD,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,kBAAkB,EAC1B,MAAM,EAAE,gBAAgB,EACxB,UAAU,EAAE,oBAAoB,CAAC,YAAY,CAAC,EAC9C,mBAAmB,EAAE,MAAM,EAC3B,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD,oBAAoB,CAyDtB"}
|