sovr-mcp-server 0.1.0

package/dist/tools/submitReceipt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"submitReceipt.d.ts","sourceRoot":"","sources":["../../src/tools/submitReceipt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAMvD,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoBnC,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAM1E,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgG7B,CAAC;AAMF,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC,CAShF;AAMD,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAenE"}

package/dist/tools/submitReceipt.js

@@ -0,0 +1,162 @@
+/**
+ * submit_receipt MCP Tool
+ *
+ * Records execution evidence to complete the audit trail.
+ * This closes the loop: gate_check → permit → execute → receipt.
+ */
+import { z } from 'zod';
+import { getClient } from '../api/client.js';
+// ==========================================================================
+// Input Schema
+// ==========================================================================
+export const submitReceiptInputSchema = z.object({
+    // Required fields
+    decision_id: z.string().describe('The decision_id from gate_check'),
+    permit_id: z.string().describe('The permit_id from grant_permit'),
+    external_ref: z.string().describe('Your execution task/job ID'),
+    status: z.enum(['success', 'failure', 'blocked', 'timeout']).describe('Execution outcome'),
+    started_at: z.number().describe('Unix timestamp when execution started'),
+    finished_at: z.number().describe('Unix timestamp when execution finished'),
+    output_hash: z.string().describe('SHA-512 hash of execution output/result'),
+    artifact_refs: z.array(z.string()).min(1).describe('URLs or storage keys to logs, screenshots, diffs'),
+    idempotency_key: z.string().describe('Unique key to prevent duplicate receipts'),
+    // Optional fields
+    error_code: z.string().optional().describe('Error code if status is failure'),
+    error_message: z.string().optional().describe('Error message if status is failure'),
+    resource_fingerprint: z.string().optional().describe('Stable hash of the resource (avoids leaking sensitive data)'),
+    execution_metrics: z.object({
+        duration_ms: z.number(),
+        retry_count: z.number(),
+    }).passthrough().optional().describe('Performance metrics'),
+});
+// ==========================================================================
+// Tool Definition
+// ==========================================================================
+export const submitReceiptTool = {
+    name: 'submit_receipt',
+    description: `Submit execution evidence to complete the audit trail.
+
+This is the final step in the SOVR responsibility flow.
+The receipt creates an immutable record linking:
+- The original decision (gate_check)
+- The execution permit (grant_permit)
+- The actual execution outcome and artifacts
+
+Required fields:
+- decision_id: From gate_check
+- permit_id: From grant_permit
+- external_ref: Your task/job ID
+- status: success | failure | blocked | timeout
+- started_at/finished_at: Unix timestamps
+- output_hash: SHA-512 of output
+- artifact_refs: At least one URL/key to evidence
+- idempotency_key: Prevents duplicates
+
+The receipt is written to the audit chain and cannot be modified.`,
+    inputSchema: {
+        type: 'object',
+        properties: {
+            decision_id: {
+                type: 'string',
+                description: 'The decision_id from gate_check',
+            },
+            permit_id: {
+                type: 'string',
+                description: 'The permit_id from grant_permit',
+            },
+            external_ref: {
+                type: 'string',
+                description: 'Your execution task/job ID',
+            },
+            status: {
+                type: 'string',
+                enum: ['success', 'failure', 'blocked', 'timeout'],
+                description: 'Execution outcome',
+            },
+            started_at: {
+                type: 'number',
+                description: 'Unix timestamp when execution started',
+            },
+            finished_at: {
+                type: 'number',
+                description: 'Unix timestamp when execution finished',
+            },
+            output_hash: {
+                type: 'string',
+                description: 'SHA-512 hash of execution output/result',
+            },
+            artifact_refs: {
+                type: 'array',
+                items: { type: 'string' },
+                minItems: 1,
+                description: 'URLs or storage keys to logs, screenshots, diffs',
+            },
+            idempotency_key: {
+                type: 'string',
+                description: 'Unique key to prevent duplicate receipts',
+            },
+            error_code: {
+                type: 'string',
+                description: 'Error code if status is failure',
+            },
+            error_message: {
+                type: 'string',
+                description: 'Error message if status is failure',
+            },
+            resource_fingerprint: {
+                type: 'string',
+                description: 'Stable hash of the resource',
+            },
+            execution_metrics: {
+                type: 'object',
+                properties: {
+                    duration_ms: { type: 'number' },
+                    retry_count: { type: 'number' },
+                },
+                description: 'Performance metrics',
+            },
+        },
+        required: [
+            'decision_id',
+            'permit_id',
+            'external_ref',
+            'status',
+            'started_at',
+            'finished_at',
+            'output_hash',
+            'artifact_refs',
+            'idempotency_key',
+        ],
+    },
+};
+// ==========================================================================
+// Handler
+// ==========================================================================
+export async function handleSubmitReceipt(input) {
+    // Validate input
+    const validated = submitReceiptInputSchema.parse(input);
+    // Call SOVR API
+    const client = getClient();
+    const result = await client.submitReceipt(validated);
+    return result;
+}
+// ==========================================================================
+// Response Formatter
+// ==========================================================================
+export function formatReceiptResponse(result) {
+    return `📋 Receipt Recorded
+
+**Receipt ID:** ${result.receipt_id}
+**Trust Hash:** ${result.trust_hash.slice(0, 32)}...
+**Evidence Hash:** ${result.evidence_hash.slice(0, 32)}...
+**Chain Position:** #${result.chain_position}
+**Recorded At:** ${new Date(result.recorded_at * 1000).toISOString()}
+
+✅ Audit trail complete. This execution is now part of the immutable evidence chain.
+
+The trust_hash can be used to:
+- Verify the execution in external audits
+- Export as part of a Trust Bundle
+- Reference in compliance reports`;
+}
+//# sourceMappingURL=submitReceipt.js.map

package/dist/tools/submitReceipt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"submitReceipt.js","sourceRoot":"","sources":["../../src/tools/submitReceipt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAG7C,6EAA6E;AAC7E,eAAe;AACf,6EAA6E;AAE7E,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,kBAAkB;IAClB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;IACnE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;IACjE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;IAC/D,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC1F,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;IACxE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;IAC1E,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,kDAAkD,CAAC;IACtG,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;IAEhF,kBAAkB;IAClB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;IAC7E,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;IACnF,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IACnH,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;KACxB,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;CAC5D,CAAC,CAAC;AAIH,6EAA6E;AAC7E,kBAAkB;AAClB,6EAA6E;AAE7E,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE;;;;;;;;;;;;;;;;;;kEAkBmD;IAChE,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,iCAAiC;aAC/C;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,iCAAiC;aAC/C;YACD,YAAY,EAAE;gBACZ,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,4BAA4B;aAC1C;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;gBAClD,WAAW,EAAE,mBAAmB;aACjC;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,uCAAuC;aACrD;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,wCAAwC;aACtD;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,yCAAyC;aACvD;YACD,aAAa,EAAE;gBACb,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,QAAQ,EAAE,CAAC;gBACX,WAAW,EAAE,kDAAkD;aAChE;YACD,eAAe,EAAE;gBACf,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;aACxD;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,iCAAiC;aAC/C;YACD,aAAa,EAAE;gBACb,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,oCAAoC;aAClD;YACD,oBAAoB,EAAE;gBACpB,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,6BAA6B;aAC3C;YACD,iBAAiB,EAAE;gBACjB,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC/B,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBAChC;gBACD,WAAW,EAAE,qBAAqB;aACnC;SACF;QACD,QAAQ,EAAE;YACR,aAAa;YACb,WAAW;YACX,cAAc;YACd,QAAQ;YACR,YAAY;YACZ,aAAa;YACb,aAAa;YACb,eAAe;YACf,iBAAiB;SAClB;KACF;CACF,CAAC;AAEF,6EAA6E;AAC7E,UAAU;AACV,6EAA6E;AAE7E,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,KAAc;IACtD,iBAAiB;IACjB,MAAM,SAAS,GAAG,wBAAwB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAExD,gBAAgB;IAChB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,6EAA6E;AAC7E,qBAAqB;AACrB,6EAA6E;AAE7E,MAAM,UAAU,qBAAqB,CAAC,MAAqB;IACzD,OAAO;;kBAES,MAAM,CAAC,UAAU;kBACjB,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;qBAC3B,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;uBAC/B,MAAM,CAAC,cAAc;mBACzB,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;;;;;;;kCAOlC,CAAC;AACnC,CAAC"}

package/dist/tools/systemStatus.d.ts

@@ -0,0 +1,32 @@
+/**
+ * system_status MCP Tool
+ *
+ * Get the current status of the SOVR system.
+ */
+import { z } from 'zod';
+import type { SystemStatus } from '../types/index.js';
+export declare const systemStatusInputSchema: z.ZodObject<{
+    include_services: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+}, "strip", z.ZodTypeAny, {
+    include_services: boolean;
+}, {
+    include_services?: boolean | undefined;
+}>;
+export type SystemStatusInput = z.infer<typeof systemStatusInputSchema>;
+export declare const systemStatusTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            include_services: {
+                type: string;
+                description: string;
+                default: boolean;
+            };
+        };
+        required: never[];
+    };
+};
+export declare function formatSystemStatusResponse(status: SystemStatus): string;
+//# sourceMappingURL=systemStatus.d.ts.map

package/dist/tools/systemStatus.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"systemStatus.d.ts","sourceRoot":"","sources":["../../src/tools/systemStatus.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAMtD,eAAO,MAAM,uBAAuB;;;;;;EAElC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAMxE,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;CAsB5B,CAAC;AAMF,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CA4BvE"}

package/dist/tools/systemStatus.js

@@ -0,0 +1,67 @@
+/**
+ * system_status MCP Tool
+ *
+ * Get the current status of the SOVR system.
+ */
+import { z } from 'zod';
+// ==========================================================================
+// Input Schema
+// ==========================================================================
+export const systemStatusInputSchema = z.object({
+    include_services: z.boolean().optional().default(true).describe('Include service health details'),
+});
+// ==========================================================================
+// Tool Definition
+// ==========================================================================
+export const systemStatusTool = {
+    name: 'system_status',
+    description: `Get the current status of the SOVR responsibility layer.
+
+Returns:
+- System health status
+- Kill switch state
+- API and policy versions
+- Service health (gate, approval, audit)
+
+Use this to check if the system is operational before performing actions.`,
+    inputSchema: {
+        type: 'object',
+        properties: {
+            include_services: {
+                type: 'boolean',
+                description: 'Include service health details',
+                default: true,
+            },
+        },
+        required: [],
+    },
+};
+// ==========================================================================
+// Response Formatter
+// ==========================================================================
+export function formatSystemStatusResponse(status) {
+    const healthIcon = status.healthy ? '✅' : '❌';
+    const killSwitchIcon = status.kill_switch_active ? '🔴 ACTIVE' : '🟢 Inactive';
+    let response = `${healthIcon} SOVR System Status
+
+**Health:** ${status.healthy ? 'Operational' : 'Degraded'}
+**Kill Switch:** ${killSwitchIcon}
+**API Version:** ${status.api_version}
+**Policy Version:** ${status.policy_version}
+**Last Updated:** ${new Date(status.last_updated).toISOString()}`;
+    if (status.services) {
+        response += `
+
+**Services:**
+- Gate: ${status.services.gate === 'up' ? '✅' : '❌'} ${status.services.gate}
+- Approval: ${status.services.approval === 'up' ? '✅' : '❌'} ${status.services.approval}
+- Audit: ${status.services.audit === 'up' ? '✅' : '❌'} ${status.services.audit}`;
+    }
+    if (status.kill_switch_active) {
+        response += `
+
+⚠️ **WARNING:** Kill switch is active. All irreversible operations are blocked.`;
+    }
+    return response;
+}
+//# sourceMappingURL=systemStatus.js.map

package/dist/tools/systemStatus.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"systemStatus.js","sourceRoot":"","sources":["../../src/tools/systemStatus.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,6EAA6E;AAC7E,eAAe;AACf,6EAA6E;AAE7E,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,gCAAgC,CAAC;CAClG,CAAC,CAAC;AAIH,6EAA6E;AAC7E,kBAAkB;AAClB,6EAA6E;AAE7E,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,IAAI,EAAE,eAAe;IACrB,WAAW,EAAE;;;;;;;;0EAQ2D;IACxE,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,gBAAgB,EAAE;gBAChB,IAAI,EAAE,SAAS;gBACf,WAAW,EAAE,gCAAgC;gBAC7C,OAAO,EAAE,IAAI;aACd;SACF;QACD,QAAQ,EAAE,EAAE;KACb;CACF,CAAC;AAEF,6EAA6E;AAC7E,qBAAqB;AACrB,6EAA6E;AAE7E,MAAM,UAAU,0BAA0B,CAAC,MAAoB;IAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC;IAE/E,IAAI,QAAQ,GAAG,GAAG,UAAU;;cAEhB,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU;mBACtC,cAAc;mBACd,MAAM,CAAC,WAAW;sBACf,MAAM,CAAC,cAAc;oBACvB,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;IAEhE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,QAAQ,IAAI;;;UAGN,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI;cAC7D,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ;WAC5E,MAAM,CAAC,QAAQ,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,QAAQ,IAAI;;gFAEgE,CAAC;IAC/E,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/types/index.d.ts

@@ -0,0 +1,146 @@
+/**
+ * SOVR MCP Server Types
+ *
+ * Core types for the responsibility layer protocol
+ */
+export interface ApiKey {
+    key_id: string;
+    tenant_id: string;
+    role: 'owner' | 'admin' | 'operator' | 'readonly';
+    scopes: Scope[];
+    rate_limit: number;
+    created_at: number;
+    expires_at: number | null;
+}
+export type Scope = 'gate:check' | 'permit:grant' | 'receipt:submit' | 'approval:request' | 'audit:read' | 'status:read';
+export interface GateCheckInput {
+    action: string;
+    resource: string;
+    context?: Record<string, unknown>;
+    tenant_id?: string;
+    idempotency_key?: string;
+}
+export interface GateCheckResult {
+    decision_id: string;
+    allowed: boolean;
+    requires_approval: boolean;
+    reason: string;
+    risk_score: number;
+    value_score: number;
+    policy_version: string;
+    checked_at: number;
+}
+export type ApprovalUrgency = 'low' | 'medium' | 'high' | 'critical';
+export type ApprovalStatus = 'pending' | 'approved' | 'rejected' | 'expired' | 'cancelled';
+export interface RequestApprovalInput {
+    decision_id: string;
+    justification: string;
+    urgency?: ApprovalUrgency;
+    metadata?: Record<string, unknown>;
+}
+export interface ApprovalResult {
+    approval_id: string;
+    status: ApprovalStatus;
+    approval_url: string;
+    estimated_wait_seconds: number;
+    created_at: number;
+    expires_at: number;
+}
+export interface GrantPermitInput {
+    decision_id: string;
+    ttl_seconds?: number;
+}
+export interface ExecutionPermit {
+    permit_id: string;
+    jti: string;
+    decision_id: string;
+    tenant_id: string;
+    action: string;
+    resource: string;
+    scope: string[];
+    issued_at: number;
+    expires_at: number;
+    signature: string;
+    public_key: string;
+}
+export interface PermitPayload {
+    jti: string;
+    decision_id: string;
+    tenant_id: string;
+    action: string;
+    resource: string;
+    scope: string[];
+    iat: number;
+    exp: number;
+}
+export type ExecutionStatus = 'success' | 'failure' | 'blocked' | 'timeout';
+export interface SubmitReceiptInput {
+    decision_id: string;
+    permit_id: string;
+    external_ref: string;
+    status: ExecutionStatus;
+    started_at: number;
+    finished_at: number;
+    output_hash: string;
+    artifact_refs: string[];
+    idempotency_key: string;
+    error_code?: string;
+    error_message?: string;
+    resource_fingerprint?: string;
+    execution_metrics?: {
+        duration_ms: number;
+        retry_count: number;
+        [key: string]: unknown;
+    };
+}
+export interface ReceiptResult {
+    receipt_id: string;
+    trust_hash: string;
+    evidence_hash: string;
+    chain_position: number;
+    recorded_at: number;
+}
+export interface SystemStatus {
+    healthy: boolean;
+    kill_switch_active: boolean;
+    api_version: string;
+    policy_version: string;
+    last_updated: number;
+    services: {
+        gate: 'up' | 'degraded' | 'down';
+        approval: 'up' | 'degraded' | 'down';
+        audit: 'up' | 'degraded' | 'down';
+    };
+}
+export interface AuditEvent {
+    event_id: string;
+    event_type: 'gate_check' | 'approval_request' | 'permit_grant' | 'receipt_submit';
+    tenant_id: string;
+    key_id: string;
+    trace_id: string;
+    decision_id?: string;
+    permit_id?: string;
+    receipt_id?: string;
+    timestamp: number;
+    metadata: Record<string, unknown>;
+}
+export declare class SovrError extends Error {
+    code: string;
+    details?: Record<string, unknown> | undefined;
+    constructor(code: string, message: string, details?: Record<string, unknown> | undefined);
+}
+export declare const ErrorCodes: {
+    readonly UNAUTHORIZED: "UNAUTHORIZED";
+    readonly FORBIDDEN: "FORBIDDEN";
+    readonly INVALID_INPUT: "INVALID_INPUT";
+    readonly DECISION_NOT_FOUND: "DECISION_NOT_FOUND";
+    readonly PERMIT_EXPIRED: "PERMIT_EXPIRED";
+    readonly PERMIT_INVALID: "PERMIT_INVALID";
+    readonly APPROVAL_REQUIRED: "APPROVAL_REQUIRED";
+    readonly APPROVAL_PENDING: "APPROVAL_PENDING";
+    readonly APPROVAL_REJECTED: "APPROVAL_REJECTED";
+    readonly RATE_LIMITED: "RATE_LIMITED";
+    readonly KILL_SWITCH_ACTIVE: "KILL_SWITCH_ACTIVE";
+    readonly SERVICE_UNAVAILABLE: "SERVICE_UNAVAILABLE";
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,WAAW,MAAM;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;IAClD,MAAM,EAAE,KAAK,EAAE,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,MAAM,KAAK,GACb,YAAY,GACZ,cAAc,GACd,gBAAgB,GAChB,kBAAkB,GAClB,YAAY,GACZ,aAAa,CAAC;AAMlB,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AACrE,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,GAAG,WAAW,CAAC;AAE3F,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,eAAe,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,cAAc,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAMD,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AAE5E,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,eAAe,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IAExB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;QACpB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE;QACR,IAAI,EAAE,IAAI,GAAG,UAAU,GAAG,MAAM,CAAC;QACjC,QAAQ,EAAE,IAAI,GAAG,UAAU,GAAG,MAAM,CAAC;QACrC,KAAK,EAAE,IAAI,GAAG,UAAU,GAAG,MAAM,CAAC;KACnC,CAAC;CACH;AAMD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,YAAY,GAAG,kBAAkB,GAAG,cAAc,GAAG,gBAAgB,CAAC;IAClF,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAMD,qBAAa,SAAU,SAAQ,KAAK;IAEzB,IAAI,EAAE,MAAM;IAEZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;gBAFjC,IAAI,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACR,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,YAAA;CAK3C;AAED,eAAO,MAAM,UAAU;;;;;;;;;;;;;CAab,CAAC"}

package/dist/types/index.js

@@ -0,0 +1,33 @@
+/**
+ * SOVR MCP Server Types
+ *
+ * Core types for the responsibility layer protocol
+ */
+// ============================================================================
+// Error Types
+// ============================================================================
+export class SovrError extends Error {
+    code;
+    details;
+    constructor(code, message, details) {
+        super(message);
+        this.code = code;
+        this.details = details;
+        this.name = 'SovrError';
+    }
+}
+export const ErrorCodes = {
+    UNAUTHORIZED: 'UNAUTHORIZED',
+    FORBIDDEN: 'FORBIDDEN',
+    INVALID_INPUT: 'INVALID_INPUT',
+    DECISION_NOT_FOUND: 'DECISION_NOT_FOUND',
+    PERMIT_EXPIRED: 'PERMIT_EXPIRED',
+    PERMIT_INVALID: 'PERMIT_INVALID',
+    APPROVAL_REQUIRED: 'APPROVAL_REQUIRED',
+    APPROVAL_PENDING: 'APPROVAL_PENDING',
+    APPROVAL_REJECTED: 'APPROVAL_REJECTED',
+    RATE_LIMITED: 'RATE_LIMITED',
+    KILL_SWITCH_ACTIVE: 'KILL_SWITCH_ACTIVE',
+    SERVICE_UNAVAILABLE: 'SERVICE_UNAVAILABLE',
+};
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA6KH,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E,MAAM,OAAO,SAAU,SAAQ,KAAK;IAEzB;IAEA;IAHT,YACS,IAAY,EACnB,OAAe,EACR,OAAiC;QAExC,KAAK,CAAC,OAAO,CAAC,CAAC;QAJR,SAAI,GAAJ,IAAI,CAAQ;QAEZ,YAAO,GAAP,OAAO,CAA0B;QAGxC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,YAAY,EAAE,cAAc;IAC5B,SAAS,EAAE,WAAW;IACtB,aAAa,EAAE,eAAe;IAC9B,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;IAChC,cAAc,EAAE,gBAAgB;IAChC,iBAAiB,EAAE,mBAAmB;IACtC,gBAAgB,EAAE,kBAAkB;IACpC,iBAAiB,EAAE,mBAAmB;IACtC,YAAY,EAAE,cAAc;IAC5B,kBAAkB,EAAE,oBAAoB;IACxC,mBAAmB,EAAE,qBAAqB;CAClC,CAAC"}

package/package.json

@@ -0,0 +1,71 @@
+{
+  "name": "sovr-mcp-server",
+  "version": "0.1.0",
+  "description": "SOVR MCP Server - Responsibility layer for AI agents. No irreversible action without a verifiable permit, audit trail, and evidence bundle.",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "sovr-mcp-server": "./dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx watch src/index.ts",
+    "start": "node dist/index.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:e2e": "vitest run tests/e2e.test.ts",
+    "lint": "eslint src/",
+    "prepublishOnly": "npm run build && npm run test"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "sovr",
+    "ai",
+    "ai-governance",
+    "ai-safety",
+    "responsibility-layer",
+    "audit",
+    "trust",
+    "ed25519",
+    "claude",
+    "cursor",
+    "windsurf"
+  ],
+  "author": "SOVR <team@sovr.inc>",
+  "license": "MIT",
+  "homepage": "https://sovr.inc",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/sovr-ai/sovr-mcp-server"
+  },
+  "bugs": {
+    "url": "https://github.com/sovr-ai/sovr-mcp-server/issues"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "@noble/ed25519": "^2.1.0",
+    "@noble/hashes": "^2.0.1",
+    "nanoid": "^5.0.0",
+    "zod": "^3.23.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "tsx": "^4.0.0",
+    "typescript": "^5.0.0",
+    "vitest": "^2.0.0"
+  }
+}