npm - protect-mcp - Versions diffs - 0.5.0 → 0.5.2 - Mend

protect-mcp 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +152 -161
package/dist/{chunk-IUFFDQYZ.mjs → chunk-IWDR5WU3.mjs} +1 -1
package/dist/{chunk-V52W3XIN.mjs → chunk-N4F76LTC.mjs} +12 -8
package/dist/{chunk-IAJJA5IW.mjs → chunk-Q4KOQUKV.mjs} +1 -1
package/dist/{chunk-YKM6W6T7.mjs → chunk-W4U5VNEC.mjs} +2 -2
package/dist/cli.js +12 -8
package/dist/cli.mjs +4 -4
package/dist/hook-server.js +12 -8
package/dist/hook-server.mjs +2 -2
package/dist/{http-transport-GXIXLVJQ.mjs → http-transport-PWCK7JHZ.mjs} +2 -2
package/dist/index.d.mts +118 -1
package/dist/index.d.ts +118 -1
package/dist/index.js +289 -8
package/dist/index.mjs +279 -4
package/package.json +6 -3

package/dist/index.d.mts CHANGED Viewed

@@ -539,6 +539,45 @@ interface CedarPolicySet {
     /** Filenames loaded */
     files: string[];
 }
+interface CedarEvalRequest {
+    /** Tool name being called */
+    tool: string;
+    /** Trust tier of the agent */
+    tier: TrustTier;
+    /** Agent ID (optional) */
+    agentId?: string;
+    /** Additional context fields */
+    context?: Record<string, unknown>;
+    /** Tool input (for schema-validated evaluation) */
+    toolInput?: Record<string, unknown>;
+}
+/** Cedar schema for typed policy evaluation (generated by cedar-schema.ts) */
+interface CedarSchema {
+    /** The schema as a JSON object for Cedar WASM */
+    schemaJson: Record<string, unknown> | null;
+    /** Namespace used in the schema */
+    namespace?: string;
+}
+/**
+ * Load all .cedar files from a directory and return a compiled policy set.
+ *
+ * Files are sorted alphabetically for deterministic digest computation.
+ * Throws if the directory doesn't exist or contains no .cedar files.
+ */
+declare function loadCedarPolicies(dirPath: string): CedarPolicySet;
+/**
+ * Evaluate a Cedar policy set against a tool call.
+ *
+ * Returns a standard ExternalDecision compatible with the gateway's
+ * decision pipeline. If Cedar WASM is not available, returns a
+ * fallback allow decision (fail-open, logged).
+ */
+declare function evaluateCedar(policySet: CedarPolicySet, req: CedarEvalRequest, schema?: CedarSchema): Promise<ExternalDecision>;
+/**
+ * Validate that Cedar WASM is available.
+ * Useful for CLI startup diagnostics.
+ */
+declare function isCedarAvailable(): Promise<boolean>;
 /**
  * MCP tool-calling gateway that intercepts JSON-RPC requests,
@@ -1313,6 +1352,84 @@ declare function validateManifest(manifest: unknown): string[];
  */
 declare function validateEvidenceReceipt(receipt: unknown): string[];
+/**
+ * @scopeblind/protect-mcp — Cedar Schema Generator for MCP Tools
+ *
+ * Auto-generates a Cedar authorization schema from MCP tool descriptions.
+ * This enables typed Cedar policies that reference tool input attributes:
+ *
+ *   permit(principal, action == Action::"read_file", resource)
+ *   when { context.input.path like "./workspace/*" };
+ *
+ * Compatible with cedar-policy/cedar-for-agents schema format.
+ * Designed to replace `schema: null` in Cedar WASM evaluations.
+ *
+ * @see https://github.com/cedar-policy/cedar-for-agents
+ * @standard RFC 8785 (JCS), Cedar Policy Language v4
+ */
+/** MCP tool description from tools/list response */
+interface McpToolDescription {
+    name: string;
+    description?: string;
+    inputSchema?: JsonSchema;
+}
+/** Subset of JSON Schema that MCP tools use */
+interface JsonSchema {
+    type?: string | string[];
+    properties?: Record<string, JsonSchema>;
+    required?: string[];
+    items?: JsonSchema;
+    enum?: (string | number | boolean)[];
+    format?: string;
+    description?: string;
+    additionalProperties?: boolean | JsonSchema;
+    anyOf?: JsonSchema[];
+    oneOf?: JsonSchema[];
+}
+/** Generated Cedar schema components */
+interface CedarSchemaResult {
+    /** The .cedarschema text (human-readable Cedar schema format) */
+    schemaText: string;
+    /** The schema as a JSON object (for passing to Cedar WASM) */
+    schemaJson: Record<string, unknown>;
+    /** Number of tools mapped */
+    toolCount: number;
+    /** Tool names included */
+    tools: string[];
+}
+interface SchemaGeneratorConfig {
+    /** Namespace for generated types (default: "ScopeBlind") */
+    namespace?: string;
+    /** Include agent tier as principal attribute (default: true) */
+    includeTier?: boolean;
+    /** Include timestamp context (default: true) */
+    includeTimestamp?: boolean;
+    /** Include agent_id as principal attribute (default: true) */
+    includeAgentId?: boolean;
+}
+/**
+ * Generate a Cedar schema from MCP tool descriptions.
+ *
+ * Produces both human-readable .cedarschema text and the JSON
+ * representation that Cedar WASM accepts.
+ *
+ * The generated schema defines:
+ * - Agent entity type (principal) with tier and agent_id attributes
+ * - Tool entity type (resource)
+ * - One action per MCP tool, with typed input context
+ * - A parent action "MCP::Tool::call" for blanket policies
+ *
+ * This enables policies like:
+ *   forbid(principal, action == Action::"execute_command", resource)
+ *   when { context.input has "command" && context.input.command like "rm *" };
+ */
+declare function generateCedarSchema(tools: McpToolDescription[], config?: SchemaGeneratorConfig): CedarSchemaResult;
+/**
+ * Generate a Cedar schema stub file for customization.
+ * This is the starting point for users who want to extend the auto-generated schema.
+ */
+declare function generateSchemaStub(namespace?: string): string;
 /**
  * Sigstore Rekor Transparency Log Anchoring
  *
@@ -2639,4 +2756,4 @@ declare function confidentialInference(_prompt: string, _config: ConfidentialInf
     receipt: Record<string, unknown>;
 }>;
-export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, ed25519ToDIDKey, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };
+export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type CedarEvalRequest, type CedarPolicySet, type CedarSchema, type CedarSchemaResult, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type McpToolDescription, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SchemaGeneratorConfig, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, ed25519ToDIDKey, evaluateCedar, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateCedarSchema, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, generateSchemaStub, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isCedarAvailable, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadCedarPolicies, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };

package/dist/index.d.ts CHANGED Viewed

@@ -539,6 +539,45 @@ interface CedarPolicySet {
     /** Filenames loaded */
     files: string[];
 }
+interface CedarEvalRequest {
+    /** Tool name being called */
+    tool: string;
+    /** Trust tier of the agent */
+    tier: TrustTier;
+    /** Agent ID (optional) */
+    agentId?: string;
+    /** Additional context fields */
+    context?: Record<string, unknown>;
+    /** Tool input (for schema-validated evaluation) */
+    toolInput?: Record<string, unknown>;
+}
+/** Cedar schema for typed policy evaluation (generated by cedar-schema.ts) */
+interface CedarSchema {
+    /** The schema as a JSON object for Cedar WASM */
+    schemaJson: Record<string, unknown> | null;
+    /** Namespace used in the schema */
+    namespace?: string;
+}
+/**
+ * Load all .cedar files from a directory and return a compiled policy set.
+ *
+ * Files are sorted alphabetically for deterministic digest computation.
+ * Throws if the directory doesn't exist or contains no .cedar files.
+ */
+declare function loadCedarPolicies(dirPath: string): CedarPolicySet;
+/**
+ * Evaluate a Cedar policy set against a tool call.
+ *
+ * Returns a standard ExternalDecision compatible with the gateway's
+ * decision pipeline. If Cedar WASM is not available, returns a
+ * fallback allow decision (fail-open, logged).
+ */
+declare function evaluateCedar(policySet: CedarPolicySet, req: CedarEvalRequest, schema?: CedarSchema): Promise<ExternalDecision>;
+/**
+ * Validate that Cedar WASM is available.
+ * Useful for CLI startup diagnostics.
+ */
+declare function isCedarAvailable(): Promise<boolean>;
 /**
  * MCP tool-calling gateway that intercepts JSON-RPC requests,
@@ -1313,6 +1352,84 @@ declare function validateManifest(manifest: unknown): string[];
  */
 declare function validateEvidenceReceipt(receipt: unknown): string[];
+/**
+ * @scopeblind/protect-mcp — Cedar Schema Generator for MCP Tools
+ *
+ * Auto-generates a Cedar authorization schema from MCP tool descriptions.
+ * This enables typed Cedar policies that reference tool input attributes:
+ *
+ *   permit(principal, action == Action::"read_file", resource)
+ *   when { context.input.path like "./workspace/*" };
+ *
+ * Compatible with cedar-policy/cedar-for-agents schema format.
+ * Designed to replace `schema: null` in Cedar WASM evaluations.
+ *
+ * @see https://github.com/cedar-policy/cedar-for-agents
+ * @standard RFC 8785 (JCS), Cedar Policy Language v4
+ */
+/** MCP tool description from tools/list response */
+interface McpToolDescription {
+    name: string;
+    description?: string;
+    inputSchema?: JsonSchema;
+}
+/** Subset of JSON Schema that MCP tools use */
+interface JsonSchema {
+    type?: string | string[];
+    properties?: Record<string, JsonSchema>;
+    required?: string[];
+    items?: JsonSchema;
+    enum?: (string | number | boolean)[];
+    format?: string;
+    description?: string;
+    additionalProperties?: boolean | JsonSchema;
+    anyOf?: JsonSchema[];
+    oneOf?: JsonSchema[];
+}
+/** Generated Cedar schema components */
+interface CedarSchemaResult {
+    /** The .cedarschema text (human-readable Cedar schema format) */
+    schemaText: string;
+    /** The schema as a JSON object (for passing to Cedar WASM) */
+    schemaJson: Record<string, unknown>;
+    /** Number of tools mapped */
+    toolCount: number;
+    /** Tool names included */
+    tools: string[];
+}
+interface SchemaGeneratorConfig {
+    /** Namespace for generated types (default: "ScopeBlind") */
+    namespace?: string;
+    /** Include agent tier as principal attribute (default: true) */
+    includeTier?: boolean;
+    /** Include timestamp context (default: true) */
+    includeTimestamp?: boolean;
+    /** Include agent_id as principal attribute (default: true) */
+    includeAgentId?: boolean;
+}
+/**
+ * Generate a Cedar schema from MCP tool descriptions.
+ *
+ * Produces both human-readable .cedarschema text and the JSON
+ * representation that Cedar WASM accepts.
+ *
+ * The generated schema defines:
+ * - Agent entity type (principal) with tier and agent_id attributes
+ * - Tool entity type (resource)
+ * - One action per MCP tool, with typed input context
+ * - A parent action "MCP::Tool::call" for blanket policies
+ *
+ * This enables policies like:
+ *   forbid(principal, action == Action::"execute_command", resource)
+ *   when { context.input has "command" && context.input.command like "rm *" };
+ */
+declare function generateCedarSchema(tools: McpToolDescription[], config?: SchemaGeneratorConfig): CedarSchemaResult;
+/**
+ * Generate a Cedar schema stub file for customization.
+ * This is the starting point for users who want to extend the auto-generated schema.
+ */
+declare function generateSchemaStub(namespace?: string): string;
 /**
  * Sigstore Rekor Transparency Log Anchoring
  *
@@ -2639,4 +2756,4 @@ declare function confidentialInference(_prompt: string, _config: ConfidentialInf
     receipt: Record<string, unknown>;
 }>;
-export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, ed25519ToDIDKey, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };
+export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type CedarEvalRequest, type CedarPolicySet, type CedarSchema, type CedarSchemaResult, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type McpToolDescription, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SchemaGeneratorConfig, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, ed25519ToDIDKey, evaluateCedar, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateCedarSchema, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, generateSchemaStub, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isCedarAvailable, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadCedarPolicies, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };