protect-mcp 0.6.2 → 0.6.3

package/dist/index.mjs

@@ -1,24 +1,8 @@
-import {
-  formatReportMarkdown,
-  generateReport
-} from "./chunk-JQDVKZBN.mjs";
 import {
   formatSimulation,
   parseLogFile,
   simulate
 } from "./chunk-S4ICHNSP.mjs";
-import {
-  ProtectGateway,
-  buildDecisionContext,
-  evaluateTier,
-  listCredentialLabels,
-  meetsMinTier,
-  parseNotificationConfigFromEnv,
-  queryExternalPDP,
-  resolveCredential,
-  sendApprovalNotification,
-  validateCredentials
-} from "./chunk-PLKRTBDR.mjs";
 import {
   createSandboxServer
 } from "./chunk-J6L4XCTE.mjs";
@@ -34,6 +18,22 @@ import {
   getScopeBlindBridge,
   startHookServer
 } from "./chunk-3YCKR72H.mjs";
+import {
+  collectSignedReceipts,
+  createAuditBundle
+} from "./chunk-5JXFV37Y.mjs";
+import {
+  ProtectGateway,
+  buildDecisionContext,
+  evaluateTier,
+  listCredentialLabels,
+  meetsMinTier,
+  parseNotificationConfigFromEnv,
+  queryExternalPDP,
+  resolveCredential,
+  sendApprovalNotification,
+  validateCredentials
+} from "./chunk-PLKRTBDR.mjs";
 import {
   checkRateLimit,
   evaluateCedar,
@@ -48,38 +48,33 @@ import {
   signDecision
 } from "./chunk-UV53U6D4.mjs";
 import {
-  ed25519,
-  sha256
-} from "./chunk-LYKNULYU.mjs";
-import {
-  bytesToHex,
-  hexToBytes,
-  randomBytes
-} from "./chunk-D733KAPG.mjs";
-import {
-  collectSignedReceipts,
-  createAuditBundle
-} from "./chunk-5JXFV37Y.mjs";
+  formatReportMarkdown,
+  generateReport
+} from "./chunk-JQDVKZBN.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 
-// node_modules/@noble/hashes/esm/sha256.js
-var sha2562 = sha256;
+// src/signing-committed.ts
+import { ed25519 } from "@noble/curves/ed25519";
+import { sha256 as sha2563 } from "@noble/hashes/sha256";
+import { bytesToHex as bytesToHex3, hexToBytes as hexToBytes3, randomBytes as randomBytes2 } from "@noble/hashes/utils";
 
 // src/commitments/merkle.ts
+import { sha256 } from "@noble/hashes/sha256";
+import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
 var DOMAIN_LEAF = 0;
 var DOMAIN_INTERNAL = 1;
 function hashLeaf(leafBytes) {
   const buf = new Uint8Array(leafBytes.length + 1);
   buf[0] = DOMAIN_LEAF;
   buf.set(leafBytes, 1);
-  return sha2562(buf);
+  return sha256(buf);
 }
 function hashInternal(left, right) {
   const buf = new Uint8Array(left.length + right.length + 1);
   buf[0] = DOMAIN_INTERNAL;
   buf.set(left, 1);
   buf.set(right, 1 + left.length);
-  return sha2562(buf);
+  return sha256(buf);
 }
 function merkleRoot(leafHashes) {
   if (leafHashes.length === 0) {
@@ -133,6 +128,9 @@ function largestPowerOfTwoLessThan(n) {
 }
 
 // src/commitments/primitives.ts
+import { sha256 as sha2562 } from "@noble/hashes/sha256";
+import { hmac } from "@noble/hashes/hmac";
+import { bytesToHex as bytesToHex2, hexToBytes as hexToBytes2, randomBytes } from "@noble/hashes/utils";
 function jcs(value) {
   if (value === null || value === void 0) return "null";
   if (typeof value === "boolean" || typeof value === "number")
@@ -183,7 +181,7 @@ function leavesFromFields(fields) {
 
 // src/signing-committed.ts
 function freshSalt() {
-  return randomBytes(32);
+  return randomBytes2(32);
 }
 function signCommittedDecision(entry, committedFieldNames, signingKey, publicKey, kid, issuer) {
   const allFields = {
@@ -223,7 +221,7 @@ function signCommittedDecision(entry, committedFieldNames, signingKey, publicKey
     const { sorted, leafBytes } = leavesFromFields(committedFields);
     const leafHashes = leafBytes.map(hashLeaf);
     const root = merkleRoot(leafHashes);
-    committedFieldsRoot = bytesToHex(root);
+    committedFieldsRoot = bytesToHex3(root);
     sorted.forEach((f, i) => {
       openings[f.name] = { name: f.name, value: f.value, salt: f.salt, index: i };
     });
@@ -240,8 +238,8 @@ function signCommittedDecision(entry, committedFieldNames, signingKey, publicKey
     payload.committed_field_names = committedFields.map((f) => f.name);
   }
   const canonical = jcs(payload);
-  const messageHash = sha2562(new TextEncoder().encode(canonical));
-  const signatureBytes = ed25519.sign(messageHash, hexToBytes(signingKey));
+  const messageHash = sha2563(new TextEncoder().encode(canonical));
+  const signatureBytes = ed25519.sign(messageHash, hexToBytes3(signingKey));
   const signedReceipt = {
     ...payload,
     signature: {
@@ -254,7 +252,7 @@ function signCommittedDecision(entry, committedFieldNames, signingKey, publicKey
     }
   };
   const signedJson = JSON.stringify(signedReceipt);
-  const receiptHash = bytesToHex(sha2562(new TextEncoder().encode(jcs(signedReceipt))));
+  const receiptHash = bytesToHex3(sha2563(new TextEncoder().encode(jcs(signedReceipt))));
   return {
     signed: signedJson,
     artifact_type: "decision_receipt_committed_v1",
@@ -789,7 +787,7 @@ function createLogAnchorField(anchor) {
 }
 
 // src/selective-disclosure.ts
-import { createHash as createHash2, randomBytes as randomBytes2 } from "crypto";
+import { createHash as createHash2, randomBytes as randomBytes3 } from "crypto";
 function redactFields(receipt, fieldsToRedact) {
   const redacted = JSON.parse(JSON.stringify(receipt));
   const salts = [];
@@ -805,7 +803,7 @@ function redactFields(receipt, fieldsToRedact) {
       if (i === parts.length - 1) {
         if (key in current) {
           const originalValue = current[key];
-          const salt = randomBytes2(16).toString("hex");
+          const salt = randomBytes3(16).toString("hex");
           const commitment = computeCommitment(salt, originalValue);
           salts.push({ field: fieldPath, salt, originalValue });
           current[key] = `sha256(salt + ${typeof originalValue === "string" ? "..." : JSON.stringify(originalValue).slice(0, 20) + "..."})`;
@@ -1022,9 +1020,13 @@ MIT
 }
 
 // src/webauthn-approval.ts
-import { createHash as createHash3, randomBytes as randomBytes3 } from "crypto";
+import { createHash as createHash3, randomBytes as randomBytes4, timingSafeEqual } from "crypto";
+import { p256 } from "@noble/curves/p256";
+import { ed25519 as ed255192 } from "@noble/curves/ed25519";
+import { sha256 as sha2564 } from "@noble/hashes/sha256";
+import { hexToBytes as hexToBytes4 } from "@noble/hashes/utils";
 function createApprovalChallenge(requestId, toolName, agentId, rpId = "scopeblind.com", timeoutSeconds = 300) {
-  const challengeBytes = randomBytes3(32);
+  const challengeBytes = randomBytes4(32);
   const contextHash = createHash3("sha256").update(JSON.stringify({ requestId, toolName, agentId, timestamp: Date.now() })).digest("hex");
   return {
     challenge: base64urlEncode(challengeBytes),
@@ -1054,43 +1056,72 @@ function toCredentialRequestOptions(challenge, allowCredentials) {
     }
   };
 }
-function verifyApprovalAssertion(challenge, assertion) {
+function verifyApprovalAssertion(challenge, assertion, credentialPublicKey, opts = {}) {
+  const now = opts.now ?? Date.now();
+  const fail = (reason, partial = {}) => ({
+    valid: false,
+    reason,
+    credentialId: assertion.credentialId,
+    authenticatorType: "unknown",
+    userVerified: false,
+    signCount: 0,
+    contextHash: challenge.contextHash,
+    approvedAt: new Date(now).toISOString(),
+    ...partial
+  });
   const createdAt = new Date(challenge.createdAt).getTime();
-  const now = Date.now();
-  if (now - createdAt > challenge.timeoutSeconds * 1e3) {
-    return {
-      valid: false,
-      credentialId: assertion.credentialId,
-      authenticatorType: "unknown",
-      userVerified: false,
-      signCount: 0,
-      contextHash: challenge.contextHash,
-      approvedAt: (/* @__PURE__ */ new Date()).toISOString()
-    };
+  if (now - createdAt > challenge.timeoutSeconds * 1e3) return fail("challenge_expired");
+  if (!credentialPublicKey?.publicKeyHex) return fail("missing_credential_public_key");
+  const clientDataBytes = base64urlDecode(assertion.clientDataJSON);
+  let clientData;
+  try {
+    clientData = JSON.parse(Buffer.from(clientDataBytes).toString("utf8"));
+  } catch {
+    return fail("client_data_parse_error");
   }
+  if (clientData.type !== "webauthn.get") return fail("wrong_client_data_type");
+  if (!constantTimeStrEqual(clientData.challenge ?? "", challenge.challenge)) return fail("challenge_mismatch");
+  const allowedOrigins = opts.expectedOrigin ? Array.isArray(opts.expectedOrigin) ? opts.expectedOrigin : [opts.expectedOrigin] : [`https://${challenge.rpId}`];
+  if (!clientData.origin || !allowedOrigins.includes(clientData.origin)) return fail("origin_mismatch");
   const authData = base64urlDecode(assertion.authenticatorData);
+  if (authData.length < 37) return fail("authenticator_data_too_short");
+  const rpIdHash = authData.slice(0, 32);
+  const expectedRpIdHash = sha2564(new TextEncoder().encode(challenge.rpId));
+  if (!bytesEqual(rpIdHash, expectedRpIdHash)) return fail("rp_id_hash_mismatch");
   const flags = authData[32];
   const userPresent = !!(flags & 1);
   const userVerified = !!(flags & 4);
-  const attestedCredData = !!(flags & 64);
-  const signCount = authData.length >= 37 ? authData[33] << 24 | authData[34] << 16 | authData[35] << 8 | authData[36] : 0;
-  let authenticatorType = "unknown";
+  if (!userPresent) return fail("user_not_present");
+  if ((opts.requireUserVerification ?? true) && !userVerified) return fail("user_verification_required", { userVerified });
+  const signCount = authData[33] << 24 | authData[34] << 16 | authData[35] << 8 | authData[36];
+  if (typeof opts.prevSignCount === "number" && signCount !== 0 && signCount <= opts.prevSignCount) {
+    return fail("sign_count_regression", { userVerified, signCount });
+  }
+  const signedData = concatBytes(authData, sha2564(clientDataBytes));
+  const sigBytes = base64urlDecode(assertion.signature);
+  let sigOk = false;
   try {
-    const clientData = JSON.parse(Buffer.from(base64urlDecode(assertion.clientDataJSON)).toString());
-    if (clientData.type === "webauthn.get") {
-      authenticatorType = "platform";
+    if (credentialPublicKey.alg === -7) {
+      sigOk = p256.verify(sigBytes, sha2564(signedData), hexToBytes4(credentialPublicKey.publicKeyHex), { format: "der" });
+    } else if (credentialPublicKey.alg === -8) {
+      sigOk = ed255192.verify(sigBytes, signedData, hexToBytes4(credentialPublicKey.publicKeyHex));
+    } else {
+      return fail("unsupported_algorithm", { userVerified, signCount });
     }
   } catch {
+    sigOk = false;
   }
+  if (!sigOk) return fail("invalid_signature", { userVerified, signCount });
   return {
-    valid: userPresent,
-    // At minimum, user must be present
+    valid: true,
     credentialId: assertion.credentialId,
-    authenticatorType,
+    // Heuristic: platform authenticators (TouchID/FaceID/Hello) report UV; roaming
+    // keys without a PIN are UP-only. Attachment is authoritative only at registration.
+    authenticatorType: userVerified ? "platform" : "cross-platform",
     userVerified,
     signCount,
     contextHash: challenge.contextHash,
-    approvedAt: (/* @__PURE__ */ new Date()).toISOString()
+    approvedAt: new Date(now).toISOString()
   };
 }
 function createApprovalReceiptPayload(challenge, result) {
@@ -1116,6 +1147,22 @@ function base64urlDecode(str) {
   const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
   return new Uint8Array(Buffer.from(padded, "base64"));
 }
+function concatBytes(a, b) {
+  const out = new Uint8Array(a.length + b.length);
+  out.set(a, 0);
+  out.set(b, a.length);
+  return out;
+}
+function bytesEqual(a, b) {
+  if (a.length !== b.length) return false;
+  return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+function constantTimeStrEqual(a, b) {
+  const ab = Buffer.from(a, "utf8");
+  const bb = Buffer.from(b, "utf8");
+  if (ab.length !== bb.length) return false;
+  return timingSafeEqual(ab, bb);
+}
 
 // src/did-vc.ts
 function ed25519ToDIDKey(publicKeyHex) {

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "protect-mcp",
-  "version": "0.6.2",
+  "version": "0.6.3",
   "mcpName": "com.scopeblind/protect-mcp",
-  "description": "Cedar policy + signed receipts for AI agent decisions. Same primitive shipping in ScopeBlind cold-chain hardware. scopeblind.com/cold-chain",
+  "description": "Cedar policy + Ed25519 signed receipts for AI agent decisions. The open gate behind Legate by ScopeBlind: enforce before action, verify offline. scopeblind.com",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "module": "dist/index.mjs",
@@ -62,7 +62,8 @@
     "url": "https://github.com/scopeblind/scopeblind-gateway/issues"
   },
   "dependencies": {
-    "@veritasacta/artifacts": "^0.2.2",
+    "@noble/curves": "^1.8.0",
+    "@noble/hashes": "^1.7.0",
     "@veritasacta/protocol": "^0.1.0"
   },
   "optionalDependencies": {

package/dist/chunk-D733KAPG.mjs

@@ -1,252 +0,0 @@
-// node_modules/@noble/hashes/esm/cryptoNode.js
-import * as nc from "crypto";
-var crypto = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : nc && typeof nc === "object" && "randomBytes" in nc ? nc : void 0;
-
-// node_modules/@noble/hashes/esm/utils.js
-function isBytes(a) {
-  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
-}
-function anumber(n) {
-  if (!Number.isSafeInteger(n) || n < 0)
-    throw new Error("positive integer expected, got " + n);
-}
-function abytes(b, ...lengths) {
-  if (!isBytes(b))
-    throw new Error("Uint8Array expected");
-  if (lengths.length > 0 && !lengths.includes(b.length))
-    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
-}
-function ahash(h) {
-  if (typeof h !== "function" || typeof h.create !== "function")
-    throw new Error("Hash should be wrapped by utils.createHasher");
-  anumber(h.outputLen);
-  anumber(h.blockLen);
-}
-function aexists(instance, checkFinished = true) {
-  if (instance.destroyed)
-    throw new Error("Hash instance has been destroyed");
-  if (checkFinished && instance.finished)
-    throw new Error("Hash#digest() has already been called");
-}
-function aoutput(out, instance) {
-  abytes(out);
-  const min = instance.outputLen;
-  if (out.length < min) {
-    throw new Error("digestInto() expects output buffer of length at least " + min);
-  }
-}
-function u8(arr) {
-  return new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
-}
-function u32(arr) {
-  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
-}
-function clean(...arrays) {
-  for (let i = 0; i < arrays.length; i++) {
-    arrays[i].fill(0);
-  }
-}
-function createView(arr) {
-  return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
-}
-function rotr(word, shift) {
-  return word << 32 - shift | word >>> shift;
-}
-function rotl(word, shift) {
-  return word << shift | word >>> 32 - shift >>> 0;
-}
-var isLE = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
-function byteSwap(word) {
-  return word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
-}
-var swap8IfBE = isLE ? (n) => n : (n) => byteSwap(n);
-var byteSwapIfBE = swap8IfBE;
-function byteSwap32(arr) {
-  for (let i = 0; i < arr.length; i++) {
-    arr[i] = byteSwap(arr[i]);
-  }
-  return arr;
-}
-var swap32IfBE = isLE ? (u) => u : byteSwap32;
-var hasHexBuiltin = /* @__PURE__ */ (() => (
-  // @ts-ignore
-  typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function"
-))();
-var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
-function bytesToHex(bytes) {
-  abytes(bytes);
-  if (hasHexBuiltin)
-    return bytes.toHex();
-  let hex = "";
-  for (let i = 0; i < bytes.length; i++) {
-    hex += hexes[bytes[i]];
-  }
-  return hex;
-}
-var asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
-function asciiToBase16(ch) {
-  if (ch >= asciis._0 && ch <= asciis._9)
-    return ch - asciis._0;
-  if (ch >= asciis.A && ch <= asciis.F)
-    return ch - (asciis.A - 10);
-  if (ch >= asciis.a && ch <= asciis.f)
-    return ch - (asciis.a - 10);
-  return;
-}
-function hexToBytes(hex) {
-  if (typeof hex !== "string")
-    throw new Error("hex string expected, got " + typeof hex);
-  if (hasHexBuiltin)
-    return Uint8Array.fromHex(hex);
-  const hl = hex.length;
-  const al = hl / 2;
-  if (hl % 2)
-    throw new Error("hex string expected, got unpadded hex of length " + hl);
-  const array = new Uint8Array(al);
-  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
-    const n1 = asciiToBase16(hex.charCodeAt(hi));
-    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
-    if (n1 === void 0 || n2 === void 0) {
-      const char = hex[hi] + hex[hi + 1];
-      throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
-    }
-    array[ai] = n1 * 16 + n2;
-  }
-  return array;
-}
-var nextTick = async () => {
-};
-async function asyncLoop(iters, tick, cb) {
-  let ts = Date.now();
-  for (let i = 0; i < iters; i++) {
-    cb(i);
-    const diff = Date.now() - ts;
-    if (diff >= 0 && diff < tick)
-      continue;
-    await nextTick();
-    ts += diff;
-  }
-}
-function utf8ToBytes(str) {
-  if (typeof str !== "string")
-    throw new Error("string expected");
-  return new Uint8Array(new TextEncoder().encode(str));
-}
-function bytesToUtf8(bytes) {
-  return new TextDecoder().decode(bytes);
-}
-function toBytes(data) {
-  if (typeof data === "string")
-    data = utf8ToBytes(data);
-  abytes(data);
-  return data;
-}
-function kdfInputToBytes(data) {
-  if (typeof data === "string")
-    data = utf8ToBytes(data);
-  abytes(data);
-  return data;
-}
-function concatBytes(...arrays) {
-  let sum = 0;
-  for (let i = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    abytes(a);
-    sum += a.length;
-  }
-  const res = new Uint8Array(sum);
-  for (let i = 0, pad = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    res.set(a, pad);
-    pad += a.length;
-  }
-  return res;
-}
-function checkOpts(defaults, opts) {
-  if (opts !== void 0 && {}.toString.call(opts) !== "[object Object]")
-    throw new Error("options should be object or undefined");
-  const merged = Object.assign(defaults, opts);
-  return merged;
-}
-var Hash = class {
-};
-function createHasher(hashCons) {
-  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
-  const tmp = hashCons();
-  hashC.outputLen = tmp.outputLen;
-  hashC.blockLen = tmp.blockLen;
-  hashC.create = () => hashCons();
-  return hashC;
-}
-function createOptHasher(hashCons) {
-  const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();
-  const tmp = hashCons({});
-  hashC.outputLen = tmp.outputLen;
-  hashC.blockLen = tmp.blockLen;
-  hashC.create = (opts) => hashCons(opts);
-  return hashC;
-}
-function createXOFer(hashCons) {
-  const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();
-  const tmp = hashCons({});
-  hashC.outputLen = tmp.outputLen;
-  hashC.blockLen = tmp.blockLen;
-  hashC.create = (opts) => hashCons(opts);
-  return hashC;
-}
-var wrapConstructor = createHasher;
-var wrapConstructorWithOpts = createOptHasher;
-var wrapXOFConstructorWithOpts = createXOFer;
-function randomBytes(bytesLength = 32) {
-  if (crypto && typeof crypto.getRandomValues === "function") {
-    return crypto.getRandomValues(new Uint8Array(bytesLength));
-  }
-  if (crypto && typeof crypto.randomBytes === "function") {
-    return Uint8Array.from(crypto.randomBytes(bytesLength));
-  }
-  throw new Error("crypto.getRandomValues must be defined");
-}
-
-export {
-  isBytes,
-  anumber,
-  abytes,
-  ahash,
-  aexists,
-  aoutput,
-  u8,
-  u32,
-  clean,
-  createView,
-  rotr,
-  rotl,
-  isLE,
-  byteSwap,
-  swap8IfBE,
-  byteSwapIfBE,
-  byteSwap32,
-  swap32IfBE,
-  bytesToHex,
-  hexToBytes,
-  nextTick,
-  asyncLoop,
-  utf8ToBytes,
-  bytesToUtf8,
-  toBytes,
-  kdfInputToBytes,
-  concatBytes,
-  checkOpts,
-  Hash,
-  createHasher,
-  createOptHasher,
-  createXOFer,
-  wrapConstructor,
-  wrapConstructorWithOpts,
-  wrapXOFConstructorWithOpts,
-  randomBytes
-};
-/*! Bundled license information:
-
-@noble/hashes/esm/utils.js:
-  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
-*/