npm - sovr-mcp-server - Versions diffs - 0.1.0 - Mend

sovr-mcp-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of sovr-mcp-server might be problematic. Click here for more details.

Files changed (71) hide show

package/LICENSE +21 -0
package/README.md +341 -0
package/dist/api/client.d.ts +59 -0
package/dist/api/client.d.ts.map +1 -0
package/dist/api/client.js +162 -0
package/dist/api/client.js.map +1 -0
package/dist/auth/apiKey.d.ts +53 -0
package/dist/auth/apiKey.d.ts.map +1 -0
package/dist/auth/apiKey.js +146 -0
package/dist/auth/apiKey.js.map +1 -0
package/dist/cli.d.ts +10 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +59 -0
package/dist/cli.js.map +1 -0
package/dist/crypto/ed25519.d.ts +46 -0
package/dist/crypto/ed25519.d.ts.map +1 -0
package/dist/crypto/ed25519.js +144 -0
package/dist/crypto/ed25519.js.map +1 -0
package/dist/index.d.ts +13 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +335 -0
package/dist/index.js.map +1 -0
package/dist/local/client.d.ts +74 -0
package/dist/local/client.d.ts.map +1 -0
package/dist/local/client.js +118 -0
package/dist/local/client.js.map +1 -0
package/dist/local/store.d.ts +127 -0
package/dist/local/store.d.ts.map +1 -0
package/dist/local/store.js +384 -0
package/dist/local/store.js.map +1 -0
package/dist/tools/auditQuery.d.ts +101 -0
package/dist/tools/auditQuery.d.ts.map +1 -0
package/dist/tools/auditQuery.js +136 -0
package/dist/tools/auditQuery.js.map +1 -0
package/dist/tools/gateCheck.d.ts +61 -0
package/dist/tools/gateCheck.d.ts.map +1 -0
package/dist/tools/gateCheck.js +96 -0
package/dist/tools/gateCheck.js.map +1 -0
package/dist/tools/grantPermit.d.ts +45 -0
package/dist/tools/grantPermit.d.ts.map +1 -0
package/dist/tools/grantPermit.js +121 -0
package/dist/tools/grantPermit.js.map +1 -0
package/dist/tools/index.d.ts +163 -0
package/dist/tools/index.d.ts.map +1 -0
package/dist/tools/index.js +31 -0
package/dist/tools/index.js.map +1 -0
package/dist/tools/killSwitch.d.ts +52 -0
package/dist/tools/killSwitch.d.ts.map +1 -0
package/dist/tools/killSwitch.js +85 -0
package/dist/tools/killSwitch.js.map +1 -0
package/dist/tools/policyList.d.ts +68 -0
package/dist/tools/policyList.d.ts.map +1 -0
package/dist/tools/policyList.js +96 -0
package/dist/tools/policyList.js.map +1 -0
package/dist/tools/requestApproval.d.ts +56 -0
package/dist/tools/requestApproval.d.ts.map +1 -0
package/dist/tools/requestApproval.js +97 -0
package/dist/tools/requestApproval.js.map +1 -0
package/dist/tools/submitReceipt.d.ts +145 -0
package/dist/tools/submitReceipt.d.ts.map +1 -0
package/dist/tools/submitReceipt.js +162 -0
package/dist/tools/submitReceipt.js.map +1 -0
package/dist/tools/systemStatus.d.ts +32 -0
package/dist/tools/systemStatus.d.ts.map +1 -0
package/dist/tools/systemStatus.js +67 -0
package/dist/tools/systemStatus.js.map +1 -0
package/dist/types/index.d.ts +146 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +33 -0
package/dist/types/index.js.map +1 -0
package/package.json +71 -0

package/dist/tools/auditQuery.js ADDED Viewed

@@ -0,0 +1,136 @@
+/**
+ * audit_query MCP Tool
+ *
+ * Query the audit trail for decisions and receipts.
+ */
+import { z } from 'zod';
+// ==========================================================================
+// Input Schema
+// ==========================================================================
+export const auditQueryInputSchema = z.object({
+    decision_id: z.string().optional().describe('Filter by specific decision ID'),
+    action: z.string().optional().describe('Filter by action type (e.g., "delete_*")'),
+    resource: z.string().optional().describe('Filter by resource pattern'),
+    status: z.enum(['success', 'failure', 'blocked', 'pending']).optional().describe('Filter by execution status'),
+    from_date: z.number().optional().describe('Start timestamp (Unix ms)'),
+    to_date: z.number().optional().describe('End timestamp (Unix ms)'),
+    limit: z.number().min(1).max(100).optional().default(20).describe('Maximum results to return'),
+    offset: z.number().min(0).optional().default(0).describe('Offset for pagination'),
+});
+// ==========================================================================
+// Tool Definition
+// ==========================================================================
+export const auditQueryTool = {
+    name: 'audit_query',
+    description: `Query the SOVR audit trail for decisions and execution receipts.
+Use this to:
+- Review past decisions and their outcomes
+- Verify execution evidence
+- Generate compliance reports
+- Debug issues with specific operations
+Filters:
+- decision_id: Get specific decision and all related records
+- action/resource: Filter by operation type
+- status: Filter by execution outcome
+- from_date/to_date: Time range filter
+Returns decisions, approvals, permits, and receipts matching the criteria.`,
+    inputSchema: {
+        type: 'object',
+        properties: {
+            decision_id: {
+                type: 'string',
+                description: 'Filter by specific decision ID',
+            },
+            action: {
+                type: 'string',
+                description: 'Filter by action type',
+            },
+            resource: {
+                type: 'string',
+                description: 'Filter by resource pattern',
+            },
+            status: {
+                type: 'string',
+                enum: ['success', 'failure', 'blocked', 'pending'],
+                description: 'Filter by execution status',
+            },
+            from_date: {
+                type: 'number',
+                description: 'Start timestamp (Unix ms)',
+            },
+            to_date: {
+                type: 'number',
+                description: 'End timestamp (Unix ms)',
+            },
+            limit: {
+                type: 'number',
+                minimum: 1,
+                maximum: 100,
+                default: 20,
+                description: 'Maximum results to return',
+            },
+            offset: {
+                type: 'number',
+                minimum: 0,
+                default: 0,
+                description: 'Offset for pagination',
+            },
+        },
+        required: [],
+    },
+};
+// ==========================================================================
+// Response Formatter
+// ==========================================================================
+export function formatAuditQueryResponse(result) {
+    if (result.records.length === 0) {
+        return `📋 Audit Query Results
+No records found matching the criteria.`;
+    }
+    let response = `📋 Audit Query Results
+**Total:** ${result.total} records
+**Showing:** ${result.offset + 1}-${Math.min(result.offset + result.limit, result.total)}
+`;
+    for (const record of result.records) {
+        const icon = getRecordIcon(record.type, record.status);
+        const timestamp = new Date(record.timestamp).toISOString();
+        response += `---
+${icon} **${record.type.toUpperCase()}** \`${record.id}\`
+- Decision: ${record.decision_id}
+- Time: ${timestamp}`;
+        if (record.action)
+            response += `\n- Action: ${record.action}`;
+        if (record.resource)
+            response += `\n- Resource: ${record.resource}`;
+        if (record.status)
+            response += `\n- Status: ${record.status}`;
+        response += '\n\n';
+    }
+    if (result.total > result.offset + result.limit) {
+        response += `\n_Use offset: ${result.offset + result.limit} to see more records._`;
+    }
+    return response;
+}
+function getRecordIcon(type, status) {
+    if (type === 'receipt') {
+        switch (status) {
+            case 'success': return '✅';
+            case 'failure': return '❌';
+            case 'blocked': return '🚫';
+            default: return '📋';
+        }
+    }
+    switch (type) {
+        case 'decision': return '🔍';
+        case 'approval': return '👤';
+        case 'permit': return '🔐';
+        default: return '📄';
+    }
+}
+//# sourceMappingURL=auditQuery.js.map

package/dist/tools/auditQuery.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auditQuery.js","sourceRoot":"","sources":["../../src/tools/auditQuery.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,6EAA6E;AAC7E,eAAe;AACf,6EAA6E;AAE7E,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC7E,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;IAClF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;IACtE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;IAC9G,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IACtE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yBAAyB,CAAC;IAClE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC9F,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,uBAAuB,CAAC;CAClF,CAAC,CAAC;AAIH,6EAA6E;AAC7E,kBAAkB;AAClB,6EAA6E;AAE7E,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE;;;;;;;;;;;;;;2EAc4D;IACzE,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,gCAAgC;aAC9C;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,uBAAuB;aACrC;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,4BAA4B;aAC1C;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;gBAClD,WAAW,EAAE,4BAA4B;aAC1C;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,2BAA2B;aACzC;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,yBAAyB;aACvC;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,CAAC;gBACV,OAAO,EAAE,GAAG;gBACZ,OAAO,EAAE,EAAE;gBACX,WAAW,EAAE,2BAA2B;aACzC;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,CAAC;gBACV,OAAO,EAAE,CAAC;gBACV,WAAW,EAAE,uBAAuB;aACrC;SACF;QACD,QAAQ,EAAE,EAAE;KACb;CACF,CAAC;AAwBF,6EAA6E;AAC7E,qBAAqB;AACrB,6EAA6E;AAE7E,MAAM,UAAU,wBAAwB,CAAC,MAAwB;IAC/D,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO;;wCAE6B,CAAC;IACvC,CAAC;IAED,IAAI,QAAQ,GAAG;;aAEJ,MAAM,CAAC,KAAK;eACV,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;;CAEvF,CAAC;IAEA,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QAE3D,QAAQ,IAAI;EACd,IAAI,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,MAAM,CAAC,EAAE;cACxC,MAAM,CAAC,WAAW;UACtB,SAAS,EAAE,CAAC;QAElB,IAAI,MAAM,CAAC,MAAM;YAAE,QAAQ,IAAI,eAAe,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9D,IAAI,MAAM,CAAC,QAAQ;YAAE,QAAQ,IAAI,iBAAiB,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpE,IAAI,MAAM,CAAC,MAAM;YAAE,QAAQ,IAAI,eAAe,MAAM,CAAC,MAAM,EAAE,CAAC;QAE9D,QAAQ,IAAI,MAAM,CAAC;IACrB,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;QAChD,QAAQ,IAAI,kBAAkB,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,wBAAwB,CAAC;IACrF,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,IAAY,EAAE,MAAe;IAClD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,SAAS,CAAC,CAAC,OAAO,GAAG,CAAC;YAC3B,KAAK,SAAS,CAAC,CAAC,OAAO,GAAG,CAAC;YAC3B,KAAK,SAAS,CAAC,CAAC,OAAO,IAAI,CAAC;YAC5B,OAAO,CAAC,CAAC,OAAO,IAAI,CAAC;QACvB,CAAC;IACH,CAAC;IACD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU,CAAC,CAAC,OAAO,IAAI,CAAC;QAC7B,KAAK,UAAU,CAAC,CAAC,OAAO,IAAI,CAAC;QAC7B,KAAK,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC;QAC3B,OAAO,CAAC,CAAC,OAAO,IAAI,CAAC;IACvB,CAAC;AACH,CAAC"}

package/dist/tools/gateCheck.d.ts ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * gate_check MCP Tool
+ *
+ * Evaluates if an irreversible action should be allowed.
+ * This is the entry point for all governed operations.
+ */
+import { z } from 'zod';
+import type { GateCheckResult } from '../types/index.js';
+export declare const gateCheckInputSchema: z.ZodObject<{
+    action: z.ZodString;
+    resource: z.ZodString;
+    context: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    tenant_id: z.ZodOptional<z.ZodString>;
+    idempotency_key: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    action: string;
+    resource: string;
+    context?: Record<string, unknown> | undefined;
+    tenant_id?: string | undefined;
+    idempotency_key?: string | undefined;
+}, {
+    action: string;
+    resource: string;
+    context?: Record<string, unknown> | undefined;
+    tenant_id?: string | undefined;
+    idempotency_key?: string | undefined;
+}>;
+export type GateCheckInput = z.infer<typeof gateCheckInputSchema>;
+export declare const gateCheckTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            action: {
+                type: string;
+                description: string;
+            };
+            resource: {
+                type: string;
+                description: string;
+            };
+            context: {
+                type: string;
+                description: string;
+            };
+            tenant_id: {
+                type: string;
+                description: string;
+            };
+            idempotency_key: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare function handleGateCheck(input: unknown): Promise<GateCheckResult>;
+export declare function formatGateCheckResponse(result: GateCheckResult): string;
+//# sourceMappingURL=gateCheck.d.ts.map

package/dist/tools/gateCheck.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gateCheck.d.ts","sourceRoot":"","sources":["../../src/tools/gateCheck.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAMzD,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;EAM/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsCzB,CAAC;AAMF,wBAAsB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAS9E;AAMD,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAqBvE"}

package/dist/tools/gateCheck.js ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * gate_check MCP Tool
+ *
+ * Evaluates if an irreversible action should be allowed.
+ * This is the entry point for all governed operations.
+ */
+import { z } from 'zod';
+import { getClient } from '../api/client.js';
+// ==========================================================================
+// Input Schema
+// ==========================================================================
+export const gateCheckInputSchema = z.object({
+    action: z.string().describe('The action to perform (e.g., "delete_database", "send_email", "deploy_code")'),
+    resource: z.string().describe('The target resource identifier'),
+    context: z.record(z.unknown()).optional().describe('Additional context for policy evaluation'),
+    tenant_id: z.string().optional().describe('Tenant ID for multi-tenant scenarios'),
+    idempotency_key: z.string().optional().describe('Unique key to prevent duplicate checks'),
+});
+// ==========================================================================
+// Tool Definition
+// ==========================================================================
+export const gateCheckTool = {
+    name: 'gate_check',
+    description: `Check if an irreversible action is allowed before execution.
+This is the first step in the SOVR responsibility flow:
+1. gate_check → Get decision
+2. request_approval (if required)
+3. grant_permit → Get execution permit
+4. Execute action
+5. submit_receipt → Record evidence
+Returns a decision_id that must be used in subsequent steps.`,
+    inputSchema: {
+        type: 'object',
+        properties: {
+            action: {
+                type: 'string',
+                description: 'The action to perform (e.g., "delete_database", "send_email", "deploy_code")',
+            },
+            resource: {
+                type: 'string',
+                description: 'The target resource identifier',
+            },
+            context: {
+                type: 'object',
+                description: 'Additional context for policy evaluation',
+            },
+            tenant_id: {
+                type: 'string',
+                description: 'Tenant ID for multi-tenant scenarios',
+            },
+            idempotency_key: {
+                type: 'string',
+                description: 'Unique key to prevent duplicate checks',
+            },
+        },
+        required: ['action', 'resource'],
+    },
+};
+// ==========================================================================
+// Handler
+// ==========================================================================
+export async function handleGateCheck(input) {
+    // Validate input
+    const validated = gateCheckInputSchema.parse(input);
+    // Call SOVR API
+    const client = getClient();
+    const result = await client.gateCheck(validated);
+    return result;
+}
+// ==========================================================================
+// Response Formatter
+// ==========================================================================
+export function formatGateCheckResponse(result) {
+    const statusEmoji = result.allowed ? '✅' : '❌';
+    const approvalNote = result.requires_approval
+        ? '\n⚠️ Human approval required before proceeding.'
+        : '';
+    return `${statusEmoji} Gate Check Result
+**Decision ID:** ${result.decision_id}
+**Allowed:** ${result.allowed}
+**Reason:** ${result.reason}
+**Risk Score:** ${result.risk_score}/100
+**Value Score:** ${result.value_score}/100
+**Policy Version:** ${result.policy_version}
+${approvalNote}
+${result.allowed
+        ? 'Next step: Call grant_permit with this decision_id to get an execution permit.'
+        : result.requires_approval
+            ? 'Next step: Call request_approval with this decision_id to initiate approval workflow.'
+            : 'Action blocked. Review the reason and adjust your request.'}`;
+}
+//# sourceMappingURL=gateCheck.js.map

package/dist/tools/gateCheck.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gateCheck.js","sourceRoot":"","sources":["../../src/tools/gateCheck.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAG7C,6EAA6E;AAC7E,eAAe;AACf,6EAA6E;AAE7E,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8EAA8E,CAAC;IAC3G,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC/D,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;IAC9F,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IACjF,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;CAC1F,CAAC,CAAC;AAIH,6EAA6E;AAC7E,kBAAkB;AAClB,6EAA6E;AAE7E,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE;;;;;;;;;6DAS8C;IAC3D,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,8EAA8E;aAC5F;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,gCAAgC;aAC9C;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;aACxD;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,sCAAsC;aACpD;YACD,eAAe,EAAE;gBACf,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,wCAAwC;aACtD;SACF;QACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC;KACjC;CACF,CAAC;AAEF,6EAA6E;AAC7E,UAAU;AACV,6EAA6E;AAE7E,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAc;IAClD,iBAAiB;IACjB,MAAM,SAAS,GAAG,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEpD,gBAAgB;IAChB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAEjD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,6EAA6E;AAC7E,qBAAqB;AACrB,6EAA6E;AAE7E,MAAM,UAAU,uBAAuB,CAAC,MAAuB;IAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,iBAAiB;QAC3C,CAAC,CAAC,iDAAiD;QACnD,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO,GAAG,WAAW;;mBAEJ,MAAM,CAAC,WAAW;eACtB,MAAM,CAAC,OAAO;cACf,MAAM,CAAC,MAAM;kBACT,MAAM,CAAC,UAAU;mBAChB,MAAM,CAAC,WAAW;sBACf,MAAM,CAAC,cAAc;EACzC,YAAY;;EAEZ,MAAM,CAAC,OAAO;QACd,CAAC,CAAC,gFAAgF;QAClF,CAAC,CAAC,MAAM,CAAC,iBAAiB;YACxB,CAAC,CAAC,uFAAuF;YACzF,CAAC,CAAC,4DAA4D,EAAE,CAAC;AACrE,CAAC"}

package/dist/tools/grantPermit.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * grant_permit MCP Tool
+ *
+ * Issues a cryptographically signed execution permit.
+ * The permit is a verifiable credential that authorizes action execution.
+ */
+import { z } from 'zod';
+import type { ExecutionPermit } from '../types/index.js';
+export declare const grantPermitInputSchema: z.ZodObject<{
+    decision_id: z.ZodString;
+    ttl_seconds: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, "strip", z.ZodTypeAny, {
+    decision_id: string;
+    ttl_seconds: number;
+}, {
+    decision_id: string;
+    ttl_seconds?: number | undefined;
+}>;
+export type GrantPermitInput = z.infer<typeof grantPermitInputSchema>;
+export declare const grantPermitTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            decision_id: {
+                type: string;
+                description: string;
+            };
+            ttl_seconds: {
+                type: string;
+                description: string;
+                minimum: number;
+                maximum: number;
+                default: number;
+            };
+        };
+        required: string[];
+    };
+};
+export declare function initializeSigningKey(privateKeyHex: string): void;
+export declare function getPublicKey(): string | null;
+export declare function handleGrantPermit(input: unknown): Promise<ExecutionPermit>;
+export declare function formatPermitResponse(permit: ExecutionPermit): string;
+//# sourceMappingURL=grantPermit.d.ts.map

package/dist/tools/grantPermit.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"grantPermit.d.ts","sourceRoot":"","sources":["../../src/tools/grantPermit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAMzD,eAAO,MAAM,sBAAsB;;;;;;;;;EAQjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAMtE,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;CAgC3B,CAAC;AAQF,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAEhE;AAED,wBAAgB,YAAY,IAAI,MAAM,GAAG,IAAI,CAE5C;AAMD,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAkChF;AAMD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAsBpE"}

package/dist/tools/grantPermit.js ADDED Viewed

@@ -0,0 +1,121 @@
+/**
+ * grant_permit MCP Tool
+ *
+ * Issues a cryptographically signed execution permit.
+ * The permit is a verifiable credential that authorizes action execution.
+ */
+import { z } from 'zod';
+import { getClient } from '../api/client.js';
+import { signPermit, loadKeyPair, DEFAULT_PERMIT_TTL, MIN_PERMIT_TTL, MAX_PERMIT_TTL } from '../crypto/ed25519.js';
+// ==========================================================================
+// Input Schema
+// ==========================================================================
+export const grantPermitInputSchema = z.object({
+    decision_id: z.string().describe('The decision_id from an approved gate_check'),
+    ttl_seconds: z.number()
+        .min(MIN_PERMIT_TTL)
+        .max(MAX_PERMIT_TTL)
+        .optional()
+        .default(DEFAULT_PERMIT_TTL)
+        .describe(`Permit validity duration in seconds (${MIN_PERMIT_TTL}-${MAX_PERMIT_TTL}, default ${DEFAULT_PERMIT_TTL})`),
+});
+// ==========================================================================
+// Tool Definition
+// ==========================================================================
+export const grantPermitTool = {
+    name: 'grant_permit',
+    description: `Issue a cryptographically signed execution permit.
+Prerequisites:
+- gate_check must have returned allowed: true, OR
+- request_approval must have been approved
+The permit:
+- Is signed with Ed25519 for verification
+- Has a configurable TTL (60-900 seconds, default 300)
+- Contains scope, action, and resource constraints
+- Must be used before expiration
+After execution, call submit_receipt with the permit_id to complete the audit trail.`,
+    inputSchema: {
+        type: 'object',
+        properties: {
+            decision_id: {
+                type: 'string',
+                description: 'The decision_id from an approved gate_check',
+            },
+            ttl_seconds: {
+                type: 'number',
+                description: `Permit validity duration in seconds (${MIN_PERMIT_TTL}-${MAX_PERMIT_TTL}, default ${DEFAULT_PERMIT_TTL})`,
+                minimum: MIN_PERMIT_TTL,
+                maximum: MAX_PERMIT_TTL,
+                default: DEFAULT_PERMIT_TTL,
+            },
+        },
+        required: ['decision_id'],
+    },
+};
+// ==========================================================================
+// State (in production, this would be from secure key management)
+// ==========================================================================
+let signingKeyPair = null;
+export function initializeSigningKey(privateKeyHex) {
+    signingKeyPair = loadKeyPair(privateKeyHex);
+}
+export function getPublicKey() {
+    return signingKeyPair?.publicKeyHex ?? null;
+}
+// ==========================================================================
+// Handler
+// ==========================================================================
+export async function handleGrantPermit(input) {
+    // Validate input
+    const validated = grantPermitInputSchema.parse(input);
+    if (!signingKeyPair) {
+        throw new Error('Signing key not initialized. Server configuration error.');
+    }
+    // Verify decision exists and is approved
+    const client = getClient();
+    const decision = await client.getDecision(validated.decision_id);
+    if (!decision.allowed) {
+        throw new Error(`Decision ${validated.decision_id} is not allowed. Cannot grant permit.`);
+    }
+    if (decision.approval && decision.approval.status !== 'approved') {
+        throw new Error(`Approval status is ${decision.approval.status}. Cannot grant permit until approved.`);
+    }
+    // Sign and issue permit
+    const permit = await signPermit({
+        decision_id: validated.decision_id,
+        tenant_id: 'default', // Will be extracted from API key in production
+        action: 'execute', // Will be from decision in production
+        resource: 'resource', // Will be from decision in production
+        scope: ['execute'],
+    }, signingKeyPair, validated.ttl_seconds);
+    return permit;
+}
+// ==========================================================================
+// Response Formatter
+// ==========================================================================
+export function formatPermitResponse(permit) {
+    const expiresIn = Math.max(0, permit.expires_at - Math.floor(Date.now() / 1000));
+    return `🔐 Execution Permit Granted
+**Permit ID:** ${permit.permit_id}
+**Decision ID:** ${permit.decision_id}
+**Valid For:** ${expiresIn} seconds
+**Expires At:** ${new Date(permit.expires_at * 1000).toISOString()}
+**Scope:** ${permit.scope.join(', ')}
+**Public Key:** ${permit.public_key.slice(0, 16)}...
+⚠️ This permit is cryptographically signed and time-limited.
+Execute your action now and call submit_receipt immediately after.
+**Required Receipt Fields:**
+- permit_id: ${permit.permit_id}
+- decision_id: ${permit.decision_id}
+- external_ref: Your execution task ID
+- output_hash: SHA-512 hash of execution output
+- artifact_refs: URLs/keys to logs, screenshots, diffs`;
+}
+//# sourceMappingURL=grantPermit.js.map

package/dist/tools/grantPermit.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"grantPermit.js","sourceRoot":"","sources":["../../src/tools/grantPermit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,kBAAkB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGnH,6EAA6E;AAC7E,eAAe;AACf,6EAA6E;AAE7E,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IAC/E,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;SACpB,GAAG,CAAC,cAAc,CAAC;SACnB,GAAG,CAAC,cAAc,CAAC;SACnB,QAAQ,EAAE;SACV,OAAO,CAAC,kBAAkB,CAAC;SAC3B,QAAQ,CAAC,wCAAwC,cAAc,IAAI,cAAc,aAAa,kBAAkB,GAAG,CAAC;CACxH,CAAC,CAAC;AAIH,6EAA6E;AAC7E,kBAAkB;AAClB,6EAA6E;AAE7E,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,IAAI,EAAE,cAAc;IACpB,WAAW,EAAE;;;;;;;;;;;;qFAYsE;IACnF,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,6CAA6C;aAC3D;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,wCAAwC,cAAc,IAAI,cAAc,aAAa,kBAAkB,GAAG;gBACvH,OAAO,EAAE,cAAc;gBACvB,OAAO,EAAE,cAAc;gBACvB,OAAO,EAAE,kBAAkB;aAC5B;SACF;QACD,QAAQ,EAAE,CAAC,aAAa,CAAC;KAC1B;CACF,CAAC;AAEF,6EAA6E;AAC7E,kEAAkE;AAClE,6EAA6E;AAE7E,IAAI,cAAc,GAA0C,IAAI,CAAC;AAEjE,MAAM,UAAU,oBAAoB,CAAC,aAAqB;IACxD,cAAc,GAAG,WAAW,CAAC,aAAa,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO,cAAc,EAAE,YAAY,IAAI,IAAI,CAAC;AAC9C,CAAC;AAED,6EAA6E;AAC7E,UAAU;AACV,6EAA6E;AAE7E,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,KAAc;IACpD,iBAAiB;IACjB,MAAM,SAAS,GAAG,sBAAsB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEtD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,yCAAyC;IACzC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAEjE,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,YAAY,SAAS,CAAC,WAAW,uCAAuC,CAAC,CAAC;IAC5F,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,CAAC,QAAQ,CAAC,MAAM,uCAAuC,CAAC,CAAC;IACzG,CAAC;IAED,wBAAwB;IACxB,MAAM,MAAM,GAAG,MAAM,UAAU,CAC7B;QACE,WAAW,EAAE,SAAS,CAAC,WAAW;QAClC,SAAS,EAAE,SAAS,EAAE,+CAA+C;QACrE,MAAM,EAAE,SAAS,EAAE,sCAAsC;QACzD,QAAQ,EAAE,UAAU,EAAE,sCAAsC;QAC5D,KAAK,EAAE,CAAC,SAAS,CAAC;KACnB,EACD,cAAc,EACd,SAAS,CAAC,WAAW,CACtB,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,6EAA6E;AAC7E,qBAAqB;AACrB,6EAA6E;AAE7E,MAAM,UAAU,oBAAoB,CAAC,MAAuB;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAEjF,OAAO;;iBAEQ,MAAM,CAAC,SAAS;mBACd,MAAM,CAAC,WAAW;iBACpB,SAAS;kBACR,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;;aAErD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;kBAClB,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;;;;;;eAMjC,MAAM,CAAC,SAAS;iBACd,MAAM,CAAC,WAAW;;;uDAGoB,CAAC;AACxD,CAAC"}

package/dist/tools/index.d.ts ADDED Viewed

@@ -0,0 +1,163 @@
+/**
+ * SOVR MCP Tools Index
+ *
+ * Exports all MCP tools and their handlers.
+ */
+export { gateCheckTool, handleGateCheck, formatGateCheckResponse } from './gateCheck.js';
+export { requestApprovalTool, handleRequestApproval, formatApprovalResponse } from './requestApproval.js';
+export { grantPermitTool, handleGrantPermit, formatPermitResponse, initializeSigningKey, getPublicKey } from './grantPermit.js';
+export { submitReceiptTool, handleSubmitReceipt, formatReceiptResponse } from './submitReceipt.js';
+export declare const tools: ({
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            action: {
+                type: string;
+                description: string;
+            };
+            resource: {
+                type: string;
+                description: string;
+            };
+            context: {
+                type: string;
+                description: string;
+            };
+            tenant_id: {
+                type: string;
+                description: string;
+            };
+            idempotency_key: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+} | {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            decision_id: {
+                type: string;
+                description: string;
+            };
+            justification: {
+                type: string;
+                description: string;
+            };
+            urgency: {
+                type: string;
+                enum: string[];
+                description: string;
+                default: string;
+            };
+            metadata: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+} | {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            decision_id: {
+                type: string;
+                description: string;
+            };
+            ttl_seconds: {
+                type: string;
+                description: string;
+                minimum: number;
+                maximum: number;
+                default: number;
+            };
+        };
+        required: string[];
+    };
+} | {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            decision_id: {
+                type: string;
+                description: string;
+            };
+            permit_id: {
+                type: string;
+                description: string;
+            };
+            external_ref: {
+                type: string;
+                description: string;
+            };
+            status: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            started_at: {
+                type: string;
+                description: string;
+            };
+            finished_at: {
+                type: string;
+                description: string;
+            };
+            output_hash: {
+                type: string;
+                description: string;
+            };
+            artifact_refs: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                minItems: number;
+                description: string;
+            };
+            idempotency_key: {
+                type: string;
+                description: string;
+            };
+            error_code: {
+                type: string;
+                description: string;
+            };
+            error_message: {
+                type: string;
+                description: string;
+            };
+            resource_fingerprint: {
+                type: string;
+                description: string;
+            };
+            execution_metrics: {
+                type: string;
+                properties: {
+                    duration_ms: {
+                        type: string;
+                    };
+                    retry_count: {
+                        type: string;
+                    };
+                };
+                description: string;
+            };
+        };
+        required: string[];
+    };
+})[];
+export declare const toolHandlers: Record<string, (input: unknown) => Promise<unknown>>;
+export declare const responseFormatters: Record<string, (result: unknown) => string>;
+//# sourceMappingURL=index.d.ts.map

package/dist/tools/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC1G,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChI,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAGnG,eAAO,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAKjB,CAAC;AAGF,eAAO,MAAM,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAK7E,CAAC;AAGF,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,MAAM,CAK1E,CAAC"}