vaspera 2.13.0 → 2.15.0

package/dist/agents/antagonist/types.js

@@ -0,0 +1,63 @@
+/**
+ * Antagonist Agent Types
+ *
+ * The antagonist agent synthesizes findings into attack narratives
+ * and challenges assumptions from other agents.
+ *
+ * @module agents/antagonist/types
+ */
+/**
+ * Default antagonist configuration
+ */
+export const DEFAULT_ANTAGONIST_CONFIG = {
+    mode: "both",
+    includePrioritization: true,
+    maxNarratives: 10,
+    minConfidence: 50,
+    challengeThreshold: 70,
+    useLlm: true,
+    llmModel: "claude-sonnet-4-20250514",
+};
+/**
+ * Attack vector categories for gap analysis
+ */
+export const ATTACK_VECTORS = [
+    "web-application",
+    "api-security",
+    "authentication",
+    "authorization",
+    "injection",
+    "cryptography",
+    "session-management",
+    "input-validation",
+    "output-encoding",
+    "error-handling",
+    "logging-monitoring",
+    "data-protection",
+    "network-security",
+    "supply-chain",
+    "infrastructure",
+    "llm-security",
+    "agent-security",
+];
+/**
+ * Maps finding categories to attack vectors
+ */
+export const CATEGORY_TO_VECTOR = {
+    "sql-injection": "injection",
+    "command-injection": "injection",
+    "code-injection": "injection",
+    xss: "output-encoding",
+    "auth-bypass": "authentication",
+    "broken-access-control": "authorization",
+    "session-management": "session-management",
+    "cryptographic-failure": "cryptography",
+    "hardcoded-secret": "data-protection",
+    "prompt-injection": "llm-security",
+    "excessive-agency": "agent-security",
+    "exfil-path": "agent-security",
+    ssrf: "network-security",
+    "path-traversal": "input-validation",
+    "dependency-vuln": "supply-chain",
+};
+//# sourceMappingURL=types.js.map

package/dist/agents/antagonist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/agents/antagonist/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA2IH;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAqB;IACzD,IAAI,EAAE,MAAM;IACZ,qBAAqB,EAAE,IAAI;IAC3B,aAAa,EAAE,EAAE;IACjB,aAAa,EAAE,EAAE;IACjB,kBAAkB,EAAE,EAAE;IACtB,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,0BAA0B;CACrC,CAAC;AAkBF;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,iBAAiB;IACjB,cAAc;IACd,gBAAgB;IAChB,eAAe;IACf,WAAW;IACX,cAAc;IACd,oBAAoB;IACpB,kBAAkB;IAClB,iBAAiB;IACjB,gBAAgB;IAChB,oBAAoB;IACpB,iBAAiB;IACjB,kBAAkB;IAClB,cAAc;IACd,gBAAgB;IAChB,cAAc;IACd,gBAAgB;CACR,CAAC;AAIX;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAiC;IAC9D,eAAe,EAAE,WAAW;IAC5B,mBAAmB,EAAE,WAAW;IAChC,gBAAgB,EAAE,WAAW;IAC7B,GAAG,EAAE,iBAAiB;IACtB,aAAa,EAAE,gBAAgB;IAC/B,uBAAuB,EAAE,eAAe;IACxC,oBAAoB,EAAE,oBAAoB;IAC1C,uBAAuB,EAAE,cAAc;IACvC,kBAAkB,EAAE,iBAAiB;IACrC,kBAAkB,EAAE,cAAc;IAClC,kBAAkB,EAAE,gBAAgB;IACpC,YAAY,EAAE,gBAAgB;IAC9B,IAAI,EAAE,kBAAkB;IACxB,gBAAgB,EAAE,kBAAkB;IACpC,iBAAiB,EAAE,cAAc;CAClC,CAAC"}

package/dist/agents/index.d.ts

@@ -12,4 +12,5 @@ export { runZeroDayHunter, zeroDayToFindings, type ZeroDayHunterConfig, type Zer
 export { runLogicFlawDetector, logicFlawToFindings, type LogicFlawDetectorConfig, type LogicFlawDetectorResult, type LogicFlawFinding, type LogicFlawCategory, } from "./logic-flaw-detector.js";
 export { analyzeExploitChains, exploitChainsToFindings, getChainSummary, type ExploitChain, type ExploitChainResult, type ChainStep, } from "./exploit-chain.js";
 export { runAdversaryAnalysis, adversaryToFindings, estimateAdversaryCost, createDefaultConfig, createFocusedConfig, getModelForTier, type AdversaryConfig, type AdversaryResult, type AdversaryFinding, type AdversaryModel, type AggressivenessLevel, type AttackFocusArea, type ProofOfConcept, type ExploitChain as AdversaryExploitChain, } from "./adversary/index.js";
+export { runAntagonistAnalysis, quickAntagonistCheck, synthesizeNarratives, synthesizeNarrativesDeterministic, runChallenger, runChallengerDeterministic, prioritizeRemediations, calculatePrioritizationMetrics, type AntagonistInput, type AntagonistConfig, type AntagonistResult, type AttackNarrative, type AttackStep, type ChallengerAssessment, type GapAnalysis, type PrioritizedRemediation, type KillChainPhase, type Difficulty, type Likelihood, type ChallengeType, } from "./antagonist/index.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/agents/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,KAAK,OAAO,EACZ,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,qBAAqB,GAC3B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,cAAc,EACnB,KAAK,gBAAgB,GACtB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,GACvB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,eAAe,EACf,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACvB,KAAK,SAAS,GACf,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,YAAY,IAAI,qBAAqB,GAC3C,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,KAAK,OAAO,EACZ,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,qBAAqB,GAC3B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,cAAc,EACnB,KAAK,gBAAgB,GACtB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,GACvB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,eAAe,EACf,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACvB,KAAK,SAAS,GACf,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,YAAY,IAAI,qBAAqB,GAC3C,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,iCAAiC,EACjC,aAAa,EACb,0BAA0B,EAC1B,sBAAsB,EACtB,8BAA8B,EAC9B,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,oBAAoB,EACzB,KAAK,WAAW,EAChB,KAAK,sBAAsB,EAC3B,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,aAAa,GACnB,MAAM,uBAAuB,CAAC"}

package/dist/agents/index.js

@@ -18,4 +18,6 @@ export { runLogicFlawDetector, logicFlawToFindings, } from "./logic-flaw-detecto
 export { analyzeExploitChains, exploitChainsToFindings, getChainSummary, } from "./exploit-chain.js";
 // Adversary Agent - Mythos-class ethical hacker with Claude API reasoning
 export { runAdversaryAnalysis, adversaryToFindings, estimateAdversaryCost, createDefaultConfig, createFocusedConfig, getModelForTier, } from "./adversary/index.js";
+// Antagonist Agent - Meta-analysis: attack narratives + challenger
+export { runAntagonistAnalysis, quickAntagonistCheck, synthesizeNarratives, synthesizeNarrativesDeterministic, runChallenger, runChallengerDeterministic, prioritizeRemediations, calculatePrioritizationMetrics, } from "./antagonist/index.js";
 //# sourceMappingURL=index.js.map

package/dist/agents/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,qDAAqD;AACrD,OAAO,EACL,kBAAkB,EAClB,iBAAiB,GAKlB,MAAM,oBAAoB,CAAC;AAE5B,kEAAkE;AAClE,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,GAMpB,MAAM,sBAAsB,CAAC;AAE9B,uDAAuD;AACvD,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAKlB,MAAM,sBAAsB,CAAC;AAE9B,+DAA+D;AAC/D,OAAO,EACL,oBAAoB,EACpB,mBAAmB,GAKpB,MAAM,0BAA0B,CAAC;AAElC,4DAA4D;AAC5D,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,eAAe,GAIhB,MAAM,oBAAoB,CAAC;AAE5B,0EAA0E;AAC1E,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,GAShB,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,qDAAqD;AACrD,OAAO,EACL,kBAAkB,EAClB,iBAAiB,GAKlB,MAAM,oBAAoB,CAAC;AAE5B,kEAAkE;AAClE,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,GAMpB,MAAM,sBAAsB,CAAC;AAE9B,uDAAuD;AACvD,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAKlB,MAAM,sBAAsB,CAAC;AAE9B,+DAA+D;AAC/D,OAAO,EACL,oBAAoB,EACpB,mBAAmB,GAKpB,MAAM,0BAA0B,CAAC;AAElC,4DAA4D;AAC5D,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,eAAe,GAIhB,MAAM,oBAAoB,CAAC;AAE5B,0EAA0E;AAC1E,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,GAShB,MAAM,sBAAsB,CAAC;AAE9B,mEAAmE;AACnE,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,iCAAiC,EACjC,aAAa,EACb,0BAA0B,EAC1B,sBAAsB,EACtB,8BAA8B,GAa/B,MAAM,uBAAuB,CAAC"}

package/dist/certification/agent-certificate-map.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Map a completed Certification into an Agent Certificate body.
+ *
+ * Turns a real certification run (findings, scores, level, project hash)
+ * into the six-dimension certificate — no fabricated data. Dimensions not
+ * covered by the current engine (compliance frameworks, runtime decision
+ * provenance) are reported as `not_assessed` rather than invented, so the
+ * certificate never overstates what was actually checked.
+ *
+ * @module certification/agent-certificate-map
+ */
+import type { AgentCertificateBody } from "./agent-certificate.js";
+import type { Certification, Finding } from "./types.js";
+import type { ComplianceFramework } from "../compliance/types.js";
+type ComplianceDimension = AgentCertificateBody["dimensions"]["compliance"];
+/**
+ * Evaluate the requested compliance frameworks against the findings,
+ * producing the certificate's compliance dimension. Reuses the existing
+ * compliance mapper (so ISO 42001 / NIST AI RMF are real control
+ * mappings, not labels).
+ */
+export declare function buildComplianceDimension(findings: Finding[], frameworks: ComplianceFramework[]): ComplianceDimension;
+export interface MapOptions {
+    toolVersion: string;
+    issuedAt: string;
+    expiresAt: string;
+    certificateId: string;
+    /** Frameworks to evaluate for the compliance dimension (e.g. ISO-42001). */
+    complianceFrameworks?: ComplianceFramework[];
+    /** Decision-provenance anchor (audit-trail head + record count). */
+    provenance?: {
+        auditTrailHead?: string;
+        decisionRecords?: number;
+    };
+}
+export interface BaselineOptions extends MapOptions {
+    subjectName: string;
+    subjectKind: "agent" | "mcp-server" | "codebase";
+    identifier: string;
+}
+/**
+ * A baseline certificate body for a subject with no certification run yet
+ * — every dimension is `not_assessed` (honest, never fabricated).
+ */
+export declare function baselineCertificateBody(options: BaselineOptions): AgentCertificateBody;
+/**
+ * Build a certificate body from a completed certification.
+ */
+export declare function certificationToCertificateBody(cert: Certification, options: MapOptions): AgentCertificateBody;
+export {};
+//# sourceMappingURL=agent-certificate-map.d.ts.map

package/dist/certification/agent-certificate-map.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-certificate-map.d.ts","sourceRoot":"","sources":["../../src/certification/agent-certificate-map.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,oBAAoB,EAAmB,MAAM,wBAAwB,CAAC;AACpF,OAAO,KAAK,EACV,aAAa,EACb,OAAO,EAIR,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAElE,KAAK,mBAAmB,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC;AAyG5E;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,OAAO,EAAE,EACnB,UAAU,EAAE,mBAAmB,EAAE,GAChC,mBAAmB,CAgDrB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,4EAA4E;IAC5E,oBAAoB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC7C,oEAAoE;IACpE,UAAU,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,MAAM,CAAC;QAAC,eAAe,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACpE;AAED,MAAM,WAAW,eAAgB,SAAQ,UAAU;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,GAAG,YAAY,GAAG,UAAU,CAAC;IACjD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,eAAe,GAAG,oBAAoB,CAoCtF;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAC5C,IAAI,EAAE,aAAa,EACnB,OAAO,EAAE,UAAU,GAClB,oBAAoB,CAkFtB"}

package/dist/certification/agent-certificate-map.js

@@ -0,0 +1,265 @@
+/**
+ * Map a completed Certification into an Agent Certificate body.
+ *
+ * Turns a real certification run (findings, scores, level, project hash)
+ * into the six-dimension certificate — no fabricated data. Dimensions not
+ * covered by the current engine (compliance frameworks, runtime decision
+ * provenance) are reported as `not_assessed` rather than invented, so the
+ * certificate never overstates what was actually checked.
+ *
+ * @module certification/agent-certificate-map
+ */
+import { AGENT_CERTIFICATE_SCHEMA } from "./agent-certificate.js";
+import { mapFindingsToControls } from "../compliance/mapper.js";
+const SEVERITY_RANK = {
+    critical: 4,
+    high: 3,
+    medium: 2,
+    low: 1,
+    info: 0,
+};
+function checkStatusForSeverity(severity) {
+    if (severity === "critical" || severity === "high")
+        return "fail";
+    if (severity === "medium")
+        return "warn";
+    return "pass";
+}
+function gatherFindings(cert, agents) {
+    const out = [];
+    for (const agent of agents) {
+        const data = cert.agents[agent];
+        if (data?.findings)
+            out.push(...data.findings);
+    }
+    return out;
+}
+function dimensionFromFindings(findings, score, label) {
+    const critical = findings.filter((f) => f.severity === "critical").length;
+    const high = findings.filter((f) => f.severity === "high").length;
+    const status = critical > 0 || high > 0 ? "fail" : findings.length > 0 ? "warn" : "pass";
+    // Surface the most severe findings first, capped so a certificate stays
+    // a summary, not a full report.
+    const checks = [...findings]
+        .sort((a, b) => SEVERITY_RANK[b.severity] - SEVERITY_RANK[a.severity])
+        .slice(0, 10)
+        .map((f) => ({
+        id: f.id,
+        title: f.description.slice(0, 140),
+        status: checkStatusForSeverity(f.severity),
+        severity: f.severity,
+        category: String(f.category),
+        ...(f.file ? { detail: `${f.file}${f.line ? `:${f.line}` : ""}` } : {}),
+    }));
+    return {
+        status,
+        score: Math.max(0, Math.min(100, score)),
+        summary: `${label}: ${findings.length} finding(s) (${critical} critical, ${high} high).`,
+        checks,
+    };
+}
+function notAssessed(reason) {
+    return { status: "not_assessed", score: 0, summary: reason, checks: [] };
+}
+function buildExplainabilityDimension(projectHash, decisionRecords) {
+    const checks = [];
+    if (projectHash) {
+        checks.push({
+            id: "project-hash",
+            title: "Certification bound to a project content hash",
+            status: "pass",
+        });
+    }
+    if (decisionRecords > 0) {
+        checks.push({
+            id: "decision-provenance",
+            title: `${decisionRecords} AI decision(s) recorded on the tamper-evident hash chain`,
+            status: "pass",
+        });
+    }
+    if (checks.length === 0) {
+        return notAssessed("No project hash or decision records captured.");
+    }
+    // Stronger explainability when decisions are actually traced.
+    const score = decisionRecords > 0 ? 90 : 75;
+    return {
+        status: "pass",
+        score,
+        summary: decisionRecords > 0
+            ? `Tamper-evident audit trail with ${decisionRecords} hash-chained decision record(s).`
+            : "Certification bound to a project content hash; audit trail is tamper-evident.",
+        checks,
+    };
+}
+function allFindings(cert) {
+    const out = [];
+    for (const agent of Object.keys(cert.agents)) {
+        const data = cert.agents[agent];
+        if (data?.findings)
+            out.push(...data.findings);
+    }
+    return out;
+}
+/**
+ * Evaluate the requested compliance frameworks against the findings,
+ * producing the certificate's compliance dimension. Reuses the existing
+ * compliance mapper (so ISO 42001 / NIST AI RMF are real control
+ * mappings, not labels).
+ */
+export function buildComplianceDimension(findings, frameworks) {
+    const results = frameworks.map((framework) => {
+        const mapped = mapFindingsToControls(findings, framework);
+        const satisfied = mapped.filter((c) => c.status === "compliant").length;
+        const atRisk = mapped.filter((c) => c.status === "at_risk").length;
+        const failed = mapped.filter((c) => c.status === "non_compliant").length;
+        return {
+            framework,
+            controlsTotal: mapped.length,
+            controlsSatisfied: satisfied,
+            controlsAtRisk: atRisk,
+            controlsFailed: failed,
+            controls: mapped.map((c) => ({
+                controlId: c.control.id,
+                title: c.control.title,
+                status: (c.status === "compliant"
+                    ? "satisfied"
+                    : c.status === "at_risk"
+                        ? "at_risk"
+                        : "failed"),
+            })),
+        };
+    });
+    const totalControls = results.reduce((n, r) => n + r.controlsTotal, 0);
+    const anyFailed = results.some((r) => r.controlsFailed > 0);
+    const anyAtRisk = results.some((r) => r.controlsAtRisk > 0);
+    const status = anyFailed
+        ? "fail"
+        : anyAtRisk
+            ? "warn"
+            : "pass";
+    // Score = % of controls not failed, across all frameworks.
+    const failedTotal = results.reduce((n, r) => n + r.controlsFailed, 0);
+    const score = totalControls === 0
+        ? 0
+        : Math.round(((totalControls - failedTotal) / totalControls) * 100);
+    return {
+        status: totalControls === 0 ? "not_assessed" : status,
+        score,
+        summary: totalControls === 0
+            ? "No controls evaluated for the requested frameworks."
+            : `Mapped findings to ${frameworks.join(", ")}: ${failedTotal} failed / ${totalControls} controls.`,
+        frameworks: results,
+    };
+}
+/**
+ * A baseline certificate body for a subject with no certification run yet
+ * — every dimension is `not_assessed` (honest, never fabricated).
+ */
+export function baselineCertificateBody(options) {
+    const na = {
+        status: "not_assessed",
+        score: 0,
+        summary: "Not assessed — run a certification first.",
+        checks: [],
+    };
+    return {
+        schemaVersion: AGENT_CERTIFICATE_SCHEMA,
+        certificateId: options.certificateId,
+        subject: {
+            kind: options.subjectKind,
+            name: options.subjectName,
+            identifier: options.identifier,
+        },
+        issuer: {
+            name: "Vaspera",
+            tool: "vaspera-hardening-mcp",
+            toolVersion: options.toolVersion,
+            actor: { type: "system", id: "vaspera-certification" },
+        },
+        issuedAt: options.issuedAt,
+        expiresAt: options.expiresAt,
+        level: "REVIEW_REQUIRED",
+        overallScore: 0,
+        dimensions: {
+            security: na,
+            scalability: na,
+            quality: na,
+            explainability: na,
+            compliance: { status: "not_assessed", score: 0, summary: na.summary, frameworks: [] },
+            aiBom: { status: "not_assessed", score: 0, summary: na.summary, components: [] },
+        },
+        provenance: { decisionRecords: 0 },
+        evidence: [],
+    };
+}
+/**
+ * Build a certificate body from a completed certification.
+ */
+export function certificationToCertificateBody(cert, options) {
+    const meta = cert.metadata;
+    const score = meta.final_score ?? 0;
+    const level = meta.certification_level ?? "REVIEW_REQUIRED";
+    const securityFindings = gatherFindings(cert, [
+        "security",
+        "redteam",
+        "adversary",
+        "agent-redteam",
+        "agent-privacy",
+    ]);
+    const qualityFindings = gatherFindings(cert, ["quality", "typesafety"]);
+    const scalabilityFindings = gatherFindings(cert, ["reliability", "performance"]);
+    const agentScore = (agent) => cert.agents[agent]?.summary?.confidence_score ?? score;
+    const ranAgents = Object.keys(cert.agents).filter((a) => cert.agents[a]?.status === "completed");
+    return {
+        schemaVersion: AGENT_CERTIFICATE_SCHEMA,
+        certificateId: options.certificateId,
+        subject: {
+            kind: "codebase",
+            name: meta.project_name,
+            identifier: meta.project_path,
+            digest: meta.project_hash,
+        },
+        issuer: {
+            name: "Vaspera",
+            tool: "vaspera-hardening-mcp",
+            toolVersion: options.toolVersion,
+            actor: { type: "system", id: "vaspera-certification" },
+        },
+        issuedAt: options.issuedAt,
+        expiresAt: options.expiresAt,
+        level,
+        overallScore: Math.max(0, Math.min(100, score)),
+        dimensions: {
+            security: dimensionFromFindings(securityFindings, agentScore("security"), "Security"),
+            scalability: scalabilityFindings.length
+                ? dimensionFromFindings(scalabilityFindings, agentScore("reliability"), "Scalability")
+                : notAssessed("No reliability/performance agent run in this certification."),
+            quality: dimensionFromFindings(qualityFindings, agentScore("quality"), "Quality"),
+            explainability: buildExplainabilityDimension(meta.project_hash, options.provenance?.decisionRecords ?? 0),
+            compliance: options.complianceFrameworks && options.complianceFrameworks.length > 0
+                ? buildComplianceDimension(allFindings(cert), options.complianceFrameworks)
+                : {
+                    status: "not_assessed",
+                    score: 0,
+                    summary: "No compliance frameworks requested (pass complianceFrameworks, e.g. ISO-42001, NIST-AI-RMF).",
+                    frameworks: [],
+                },
+            aiBom: {
+                status: ranAgents.length ? "pass" : "not_assessed",
+                score: ranAgents.length ? 75 : 0,
+                summary: `${ranAgents.length} analysis agent(s) enumerated.`,
+                components: ranAgents.map((a) => ({
+                    name: a,
+                    kind: "tool",
+                    role: "certification agent",
+                })),
+            },
+        },
+        provenance: options.provenance ?? {
+            ...(meta.project_hash ? { auditTrailHead: meta.project_hash } : {}),
+            decisionRecords: 0,
+        },
+        evidence: [],
+    };
+}
+//# sourceMappingURL=agent-certificate-map.js.map

package/dist/certification/agent-certificate-map.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-certificate-map.js","sourceRoot":"","sources":["../../src/certification/agent-certificate-map.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AASlE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAKhE,MAAM,aAAa,GAA6B;IAC9C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAClE,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC;IACzC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,IAAmB,EAAE,MAAmB;IAC9D,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,IAAI,EAAE,QAAQ;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB,CAC5B,QAAmB,EACnB,KAAa,EACb,KAAa;IAEb,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC1E,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAClE,MAAM,MAAM,GACV,QAAQ,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAE5E,wEAAwE;IACxE,gCAAgC;IAChC,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC;SACzB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;SACrE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACX,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,KAAK,EAAE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;QAClC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC1C,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC5B,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC,CAAC,CAAC;IAEN,OAAO;QACL,MAAM;QACN,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACxC,OAAO,EAAE,GAAG,KAAK,KAAK,QAAQ,CAAC,MAAM,gBAAgB,QAAQ,cAAc,IAAI,SAAS;QACxF,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAC3E,CAAC;AAED,SAAS,4BAA4B,CACnC,WAA+B,EAC/B,eAAuB;IAEvB,MAAM,MAAM,GAA8B,EAAE,CAAC;IAC7C,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,cAAc;YAClB,KAAK,EAAE,+CAA+C;YACtD,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;IACL,CAAC;IACD,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,qBAAqB;YACzB,KAAK,EAAE,GAAG,eAAe,2DAA2D;YACpF,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;IACL,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC,+CAA+C,CAAC,CAAC;IACtE,CAAC;IACD,8DAA8D;IAC9D,MAAM,KAAK,GAAG,eAAe,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5C,OAAO;QACL,MAAM,EAAE,MAAM;QACd,KAAK;QACL,OAAO,EACL,eAAe,GAAG,CAAC;YACjB,CAAC,CAAC,mCAAmC,eAAe,mCAAmC;YACvF,CAAC,CAAC,+EAA+E;QACrF,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,IAAmB;IACtC,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAgB,EAAE,CAAC;QAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,IAAI,EAAE,QAAQ;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAmB,EACnB,UAAiC;IAEjC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;QAC3C,MAAM,MAAM,GAAG,qBAAqB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,MAAM,CAAC;QACxE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;QACnE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC,MAAM,CAAC;QACzE,OAAO;YACL,SAAS;YACT,aAAa,EAAE,MAAM,CAAC,MAAM;YAC5B,iBAAiB,EAAE,SAAS;YAC5B,cAAc,EAAE,MAAM;YACtB,cAAc,EAAE,MAAM;YACtB,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3B,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE;gBACvB,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK;gBACtB,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW;oBAC/B,CAAC,CAAC,WAAW;oBACb,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS;wBACtB,CAAC,CAAC,SAAS;wBACX,CAAC,CAAC,QAAQ,CAA0D;aACzE,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IACvE,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;IAC5D,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;IAC5D,MAAM,MAAM,GAA8B,SAAS;QACjD,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,SAAS;YACT,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,MAAM,CAAC;IACb,2DAA2D;IAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,KAAK,GACT,aAAa,KAAK,CAAC;QACjB,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa,GAAG,WAAW,CAAC,GAAG,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC;IAExE,OAAO;QACL,MAAM,EAAE,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM;QACrD,KAAK;QACL,OAAO,EACL,aAAa,KAAK,CAAC;YACjB,CAAC,CAAC,qDAAqD;YACvD,CAAC,CAAC,sBAAsB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,WAAW,aAAa,aAAa,YAAY;QACvG,UAAU,EAAE,OAAO;KACpB,CAAC;AACJ,CAAC;AAmBD;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAwB;IAC9D,MAAM,EAAE,GAAoB;QAC1B,MAAM,EAAE,cAAc;QACtB,KAAK,EAAE,CAAC;QACR,OAAO,EAAE,2CAA2C;QACpD,MAAM,EAAE,EAAE;KACX,CAAC;IACF,OAAO;QACL,aAAa,EAAE,wBAAwB;QACvC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,OAAO,EAAE;YACP,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B;QACD,MAAM,EAAE;YACN,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,uBAAuB,EAAE;SACvD;QACD,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,KAAK,EAAE,iBAAiB;QACxB,YAAY,EAAE,CAAC;QACf,UAAU,EAAE;YACV,QAAQ,EAAE,EAAE;YACZ,WAAW,EAAE,EAAE;YACf,OAAO,EAAE,EAAE;YACX,cAAc,EAAE,EAAE;YAClB,UAAU,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE;YACrF,KAAK,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE;SACjF;QACD,UAAU,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;QAClC,QAAQ,EAAE,EAAE;KACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAC5C,IAAmB,EACnB,OAAmB;IAEnB,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IACpC,MAAM,KAAK,GAAuB,IAAI,CAAC,mBAAmB,IAAI,iBAAiB,CAAC;IAEhF,MAAM,gBAAgB,GAAG,cAAc,CAAC,IAAI,EAAE;QAC5C,UAAU;QACV,SAAS;QACT,WAAW;QACX,eAAe;QACf,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,EAAE,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC;IACxE,MAAM,mBAAmB,GAAG,cAAc,CAAC,IAAI,EAAE,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC;IAEjF,MAAM,UAAU,GAAG,CAAC,KAAgB,EAAU,EAAE,CAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,gBAAgB,IAAI,KAAK,CAAC;IAEzD,MAAM,SAAS,GAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAiB,CAAC,MAAM,CAChE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,KAAK,WAAW,CAC9C,CAAC;IAEF,OAAO;QACL,aAAa,EAAE,wBAAwB;QACvC,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,OAAO,EAAE;YACP,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,IAAI,CAAC,YAAY;YACvB,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,MAAM,EAAE,IAAI,CAAC,YAAY;SAC1B;QACD,MAAM,EAAE;YACN,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,uBAAuB,EAAE;SACvD;QACD,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,KAAK;QACL,YAAY,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC/C,UAAU,EAAE;YACV,QAAQ,EAAE,qBAAqB,CAC7B,gBAAgB,EAChB,UAAU,CAAC,UAAU,CAAC,EACtB,UAAU,CACX;YACD,WAAW,EAAE,mBAAmB,CAAC,MAAM;gBACrC,CAAC,CAAC,qBAAqB,CAAC,mBAAmB,EAAE,UAAU,CAAC,aAAa,CAAC,EAAE,aAAa,CAAC;gBACtF,CAAC,CAAC,WAAW,CAAC,6DAA6D,CAAC;YAC9E,OAAO,EAAE,qBAAqB,CAAC,eAAe,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC;YACjF,cAAc,EAAE,4BAA4B,CAC1C,IAAI,CAAC,YAAY,EACjB,OAAO,CAAC,UAAU,EAAE,eAAe,IAAI,CAAC,CACzC;YACD,UAAU,EACR,OAAO,CAAC,oBAAoB,IAAI,OAAO,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC;gBACrE,CAAC,CAAC,wBAAwB,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC;gBAC3E,CAAC,CAAC;oBACE,MAAM,EAAE,cAAc;oBACtB,KAAK,EAAE,CAAC;oBACR,OAAO,EACL,8FAA8F;oBAChG,UAAU,EAAE,EAAE;iBACf;YACP,KAAK,EAAE;gBACL,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc;gBAClD,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAChC,OAAO,EAAE,GAAG,SAAS,CAAC,MAAM,gCAAgC;gBAC5D,UAAU,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAChC,IAAI,EAAE,CAAC;oBACP,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,qBAAqB;iBAC5B,CAAC,CAAC;aACJ;SACF;QACD,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI;YAChC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,eAAe,EAAE,CAAC;SACnB;QACD,QAAQ,EAAE,EAAE;KACb,CAAC;AACJ,CAAC"}

package/dist/certification/agent-certificate-sample.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Sample agent certificate builder.
+ *
+ * Produces a realistic certificate body for the Vaspera Hardening MCP
+ * server itself — the dogfood. It reflects the actual hardened state of
+ * this codebase, so the sample doubles as proof the platform certifies
+ * its own primary use case.
+ *
+ * @module certification/agent-certificate-sample
+ */
+import type { AgentCertificateBody } from "./agent-certificate.js";
+export interface SampleOptions {
+    toolVersion: string;
+    /** ISO timestamp for issuedAt (kept injectable for deterministic tests). */
+    issuedAt: string;
+    /** ISO timestamp for expiresAt. */
+    expiresAt: string;
+    certificateId: string;
+}
+/**
+ * Build a sample certificate body certifying the vaspera-hardening MCP
+ * server. Values mirror the real hardening work landed this cycle.
+ */
+export declare function buildSampleCertificateBody(options: SampleOptions): AgentCertificateBody;
+//# sourceMappingURL=agent-certificate-sample.d.ts.map

package/dist/certification/agent-certificate-sample.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-certificate-sample.d.ts","sourceRoot":"","sources":["../../src/certification/agent-certificate-sample.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAEnE,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,QAAQ,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,aAAa,GAAG,oBAAoB,CAsMvF"}