kairos-chain 2.6.0 → 2.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd37add4e10e999bc03fda6eb9563f61744d2b57e2655cdc855e1b32c42f3cb8
-  data.tar.gz: 581be43b3792007464fced342d535c4af805335dd6a07e748e936fbd8215b130
+  metadata.gz: ffb5f6c69245852c1c1f9991cac0098bf630f460a35bc72d5cda24eef290218f
+  data.tar.gz: 60a22caeaf0abcd7433a9f518aac3b4553d48f395f5e8ea70dca69fff3c735f5
 SHA512:
-  metadata.gz: 1fb00f60fc782a70af64505c7fa227e2bc01e50286d5697e1302ad67bc4b340c6a4aeecf89339ee03308737fe95fb1000cb10a4a272da5a607bf534947c4d8a1
-  data.tar.gz: f81c3cc36cf14d7d6b959b9c38db00a3ae3a695dc88f5f68dab60468af12b15afad8dad43cb948400c79a2e745085818417a233499023e6b27c65f25adfbe236
+  metadata.gz: 6121a1dded568c8035a6c4a89c2aaded921d42559b7ae491c898a0648dffa52bc66f784fc08d9de04b8304db2c303a75727fb8b90a28e35007455055a8cfaf68
+  data.tar.gz: '0892de4a22da8c86df601b1b6c4523207adee72988eeb3d982ddeae625181fa04ac7322b4d698d18c8b76684e5693931c2cacf4950933b61f808ead59937a6e0'

data/CHANGELOG.md

@@ -4,6 +4,40 @@ All notable changes to the `kairos-chain` gem will be documented in this file.
 
 This project follows [Semantic Versioning](https://semver.org/).
 
+## [2.7.0] - 2026-03-06
+
+### Added
+
+- **Synoptis Mutual Attestation SkillSet**: New opt-in SkillSet for cross-agent trust verification through cryptographically signed proof envelopes
+  - `ProofEnvelope`: Signed attestation data structure with Merkle root and content hash
+  - `Verifier`: Structural + cryptographic verification with mandatory signature checks
+  - `AttestationEngine`: Attestation lifecycle (create, verify, list) with re-issuance prevention
+  - `RevocationManager`: Authorization-checked revocation (original attester or admin only)
+  - `ChallengeManager`: Challenge/response lifecycle (validity, evidence_request, re_verification)
+  - `TrustScorer`: Weighted composite trust score (quality, freshness, diversity, velocity, revocation penalty)
+  - `Registry::FileRegistry`: Append-only JSONL storage with hash-chain integrity (`_prev_entry_hash`) implementing constitutive recording (Proposition 5)
+  - `Transport`: Abstraction layer for MMP, Hestia, and Local transport mechanisms
+  - 7 MCP tools: `attestation_issue`, `attestation_verify`, `attestation_revoke`, `attestation_list`, `trust_query`, `challenge_create`, `challenge_respond`
+  - 88 unit tests
+
+- **MMP Handler Extension Mechanism**: `MMP::Protocol.register_handler` allows SkillSets to register custom MMP actions without modifying core protocol code. Thread-safe with Mutex, built-in action override prevention.
+
+- **MMP Bearer Token Authentication**: `MMP::PeerManager` now includes `session_token` in Peer struct, extracted during `introduce_to` handshake and sent as `Authorization: Bearer` header on all subsequent messages.
+
+- **MeetingRouter Authenticated Peer Injection**: `MeetingRouter#handle_message` injects `_authenticated_peer_id` into message body, enabling receiving handlers to verify sender identity.
+
+- **SkillSet Eager Loading in HTTP Mode**: `HttpServer` now calls `eager_load_skillsets` during initialization, ensuring SkillSet MMP handlers are registered before the first HTTP request.
+
+- **L1 Knowledge**: Synoptis attestation knowledge (EN/JP) with `readme_order: 4.7` for auto-generated README inclusion.
+
+- **Self-Development Workflow v1.2**: Added SkillSet Release Checklist to `kairoschain_self_development` knowledge (EN/JP) — covers L1 knowledge creation for README, `rake build_readme`, version/changelog updates, and gem build/publish.
+
+### Changed
+
+- **MMP SkillSet**: `meeting.yml` default changed from `enabled: false` to `enabled: true`
+
+---
+
 ## [2.6.0] - 2026-03-05
 
 ### Added
@@ -315,6 +349,7 @@ This project follows [Semantic Versioning](https://semver.org/).
 - Skill promotion with Persona Assembly
 - Tool guide and metadata system
 
+[2.7.0]: https://github.com/masaomi/KairosChain_2026/compare/v2.6.0...v2.7.0
 [2.6.0]: https://github.com/masaomi/KairosChain_2026/compare/v2.5.0...v2.6.0
 [2.5.0]: https://github.com/masaomi/KairosChain_2026/compare/v2.4.0...v2.5.0
 [2.4.0]: https://github.com/masaomi/KairosChain_2026/compare/v2.3.1...v2.4.0

data/lib/kairos_mcp/http_server.rb

@@ -54,6 +54,17 @@ module KairosMcp
       @admin_router = Admin::Router.new(token_store: @token_store, authenticator: @authenticator)
       @meeting_router = MeetingRouter.new
       @place_router = nil  # Initialized lazily via meeting_place_start tool
+
+      eager_load_skillsets
+    end
+
+    # Load SkillSets at startup so /meeting/* endpoints work immediately.
+    # Without this, MMP module is not defined until the first MCP request.
+    def eager_load_skillsets
+      require_relative 'skillset_manager'
+      SkillSetManager.new.enabled_skillsets.each(&:load!)
+    rescue StandardError => e
+      $stderr.puts "[HttpServer] SkillSet eager load: #{e.message}"
     end
 
     # Start the HTTP server with Puma

data/lib/kairos_mcp/meeting_router.rb

@@ -206,8 +206,10 @@ module KairosMcp
     end
 
     # POST /meeting/v1/message - Generic MMP message handler
+    # Injects authenticated peer_id to prevent from: spoofing in extended handlers.
     def handle_message(env)
       body = parse_body(env)
+      body['_authenticated_peer_id'] = env['meeting.authenticated_peer_id']
       result = protocol.process_message(body)
       json_response(200, result)
     end
@@ -453,6 +455,7 @@ module KairosMcp
         })
       end
 
+      env['meeting.authenticated_peer_id'] = peer_id
       nil # Authentication passed
     end
 

data/lib/kairos_mcp/version.rb

@@ -1,4 +1,4 @@
 module KairosMcp
-  VERSION = "2.6.0"
+  VERSION = "2.7.0"
   CHANGELOG_URL = "https://github.com/masaomi/KairosChain_2026/blob/main/CHANGELOG.md"
 end

data/templates/knowledge/synoptis_attestation/synoptis_attestation.md

@@ -0,0 +1,157 @@
+---
+name: synoptis_attestation
+description: "Synoptis Mutual Attestation — cross-agent trust verification through cryptographic proof envelopes"
+version: 1.0
+layer: L1
+tags: [documentation, readme, synoptis, attestation, trust, p2p, audit, challenge]
+readme_order: 4.7
+readme_lang: en
+---
+
+## Synoptis: Mutual Attestation Protocol (v2.7.0)
+
+### What is Synoptis?
+
+Synoptis is an opt-in SkillSet for cross-agent trust verification through cryptographically signed attestation proofs. It enables agents to attest to facts about any subject (knowledge entries, skill hashes, chain blocks, pipeline outputs, etc.), and provides mechanisms to verify, revoke, and challenge those attestations.
+
+Synoptis is implemented entirely as a SkillSet, preserving KairosChain's principle that new capabilities are expressed as SkillSets rather than core modifications.
+
+### Architecture
+
+```
+KairosChain (MCP Server)
+├── [core] L0/L1/L2 + private blockchain
+├── [SkillSet: mmp] P2P direct mode, /meeting/v1/*
+├── [SkillSet: hestia] Meeting Place + trust anchor
+└── [SkillSet: synoptis] Mutual attestation protocol
+      ├── ProofEnvelope       ← Signed attestation data structure
+      ├── Verifier            ← Structural + cryptographic verification
+      ├── AttestationEngine   ← Attestation lifecycle (create, verify, list)
+      ├── RevocationManager   ← Revocation with authorization checks
+      ├── ChallengeManager    ← Challenge/response lifecycle
+      ├── TrustScorer         ← Weighted trust score calculation
+      ├── Registry::FileRegistry ← Append-only JSONL with hash-chain integrity
+      ├── Transport            ← MMP / Hestia / Local transport abstraction
+      └── tools/               ← 7 MCP tools
+```
+
+### Quick Start
+
+#### 1. Install the synoptis SkillSet
+
+```bash
+# Synoptis depends on MMP. Install both:
+kairos-chain skillset install templates/skillsets/mmp
+kairos-chain skillset install templates/skillsets/synoptis
+```
+
+#### 2. Issue an attestation
+
+In Claude Code / Cursor:
+
+```
+"Attest that knowledge/my_skill has been integrity_verified"
+```
+
+This calls `attestation_issue(subject_ref: "knowledge/my_skill", claim: "integrity_verified")`.
+
+#### 3. Verify and query trust
+
+```
+"What is the trust score for knowledge/my_skill?"
+```
+
+This calls `trust_query(subject_ref: "knowledge/my_skill")`.
+
+### MCP Tools
+
+| Tool | Description |
+|------|-------------|
+| `attestation_issue` | Issue a signed attestation proof for a subject |
+| `attestation_verify` | Verify proof validity (structure, signature, expiry, revocation) |
+| `attestation_revoke` | Revoke an attestation (original attester or admin only) |
+| `attestation_list` | List attestations with optional filters (subject_ref, attester_id) |
+| `trust_query` | Calculate trust score based on attestation history |
+| `challenge_create` | Challenge an existing attestation (validity, evidence_request, re_verification) |
+| `challenge_respond` | Respond to a challenge with additional evidence |
+
+### MMP Integration
+
+Synoptis registers 5 MMP actions via `MMP::Protocol.register_handler`, enabling P2P attestation exchange:
+
+| MMP Action | Description |
+|------------|-------------|
+| `attestation_request` | Request an attestation from a peer |
+| `attestation_response` | Respond with a signed ProofEnvelope |
+| `attestation_revoke` | Broadcast a revocation |
+| `challenge_create` | Send a challenge to the original attester |
+| `challenge_respond` | Respond to a challenge over MMP |
+
+All P2P messages use Bearer token authentication via `MMP::PeerManager`. The authenticated peer ID is injected by `MeetingRouter` as `_authenticated_peer_id`.
+
+### Trust Scoring
+
+Trust scores are calculated as a weighted composite:
+
+| Factor | Weight | Description |
+|--------|--------|-------------|
+| Quality | 0.30 | Ratio of valid (non-revoked, non-expired) attestations |
+| Freshness | 0.25 | Recency of latest attestation (exponential decay, 24h half-life) |
+| Diversity | 0.25 | Number of unique attesters (capped at 5) |
+| Velocity | 0.10 | Attestation rate in the last 7 days |
+| Revocation penalty | −0.10 | Penalty for revoked attestations |
+
+### Registry and Constitutive Recording
+
+All attestation data is stored in append-only JSONL files with hash-chain linking (`_prev_entry_hash`). This implements constitutive recording (Proposition 5): each record irreversibly extends the system's history.
+
+Registry types:
+- `proofs.jsonl` — Attestation proof envelopes
+- `revocations.jsonl` — Revocation records
+- `challenges.jsonl` — Challenge and response records
+
+Use `trust_query` to verify registry integrity — it includes a `registry_integrity.valid` field in its response.
+
+### ProofEnvelope Structure
+
+```json
+{
+  "proof_id": "uuid",
+  "attester_id": "agent_instance_id",
+  "subject_ref": "knowledge/my_skill",
+  "claim": "integrity_verified",
+  "evidence": "manual review of hash chain",
+  "merkle_root": "sha256_of_content",
+  "content_hash": "sha256_of_canonical_json",
+  "signature": "rsa_sha256_signature",
+  "timestamp": "2026-03-06T12:00:00Z",
+  "ttl": 86400,
+  "version": "1.0.0"
+}
+```
+
+### Challenge Workflow
+
+1. Any agent can call `challenge_create(proof_id, challenge_type, details)` to challenge an attestation
+2. The original attester receives the challenge (via MMP or local notification)
+3. The attester calls `challenge_respond(challenge_id, response, evidence)` with additional evidence
+4. Challenge types: `validity` (proof may be incorrect), `evidence_request` (more evidence needed), `re_verification` (conditions may have changed)
+
+### Transport Layer
+
+Synoptis supports multiple transport mechanisms:
+
+| Transport | Backend | Use Case |
+|-----------|---------|----------|
+| MMP | `MMP::PeerManager` | P2P direct attestation exchange |
+| Hestia | `Hestia::PlaceRouter` | Via Meeting Place (future) |
+| Local | Direct registry access | Single-instance and Multiuser mode |
+
+Transport selection is automatic based on available SkillSets.
+
+### Dependencies
+
+- **Required**: MMP SkillSet (>= 1.0.0)
+- **Optional**: Hestia SkillSet (for Meeting Place transport)
+
+For the full protocol specification, install the synoptis SkillSet and refer to its bundled knowledge (`synoptis_protocol`).

data/templates/knowledge/synoptis_attestation_jp/synoptis_attestation_jp.md

@@ -0,0 +1,157 @@
+---
+name: synoptis_attestation_jp
+description: "Synoptis 相互証明 — 暗号署名付き証明エンベロープによるクロスエージェント信頼検証"
+version: 1.0
+layer: L1
+tags: [documentation, readme, synoptis, attestation, trust, p2p, audit, challenge]
+readme_order: 4.7
+readme_lang: jp
+---
+
+## Synoptis：相互証明プロトコル (v2.7.0)
+
+### Synoptis とは
+
+Synoptis は、暗号署名付き証明プルーフによるクロスエージェント信頼検証のためのオプトイン SkillSet です。エージェントはあらゆるサブジェクト（知識エントリ、スキルハッシュ、チェーンブロック、パイプライン出力など）に対して事実を証明でき、その証明を検証・取り消し・チャレンジする仕組みを提供します。
+
+Synoptis は完全に SkillSet として実装されており、新機能をコアではなく SkillSet として表現するという KairosChain の設計原則を保持しています。
+
+### アーキテクチャ
+
+```
+KairosChain (MCP Server)
+├── [core] L0/L1/L2 + private blockchain
+├── [SkillSet: mmp] P2P direct mode, /meeting/v1/*
+├── [SkillSet: hestia] Meeting Place + 信頼アンカー
+└── [SkillSet: synoptis] 相互証明プロトコル
+      ├── ProofEnvelope       ← 署名付き証明データ構造
+      ├── Verifier            ← 構造的 + 暗号学的検証
+      ├── AttestationEngine   ← 証明ライフサイクル（作成・検証・一覧）
+      ├── RevocationManager   ← 認可チェック付き取り消し
+      ├── ChallengeManager    ← チャレンジ/応答ライフサイクル
+      ├── TrustScorer         ← 加重信頼スコア計算
+      ├── Registry::FileRegistry ← ハッシュチェーン付き追記専用 JSONL
+      ├── Transport            ← MMP / Hestia / Local トランスポート抽象
+      └── tools/               ← 7 MCP ツール
+```
+
+### クイックスタート
+
+#### 1. synoptis SkillSet のインストール
+
+```bash
+# Synoptis は MMP に依存します。両方をインストール:
+kairos-chain skillset install templates/skillsets/mmp
+kairos-chain skillset install templates/skillsets/synoptis
+```
+
+#### 2. 証明の発行
+
+Claude Code / Cursor で：
+
+```
+「knowledge/my_skill の整合性を検証済みとして証明して」
+```
+
+これは `attestation_issue(subject_ref: "knowledge/my_skill", claim: "integrity_verified")` を呼び出します。
+
+#### 3. 検証と信頼クエリ
+
+```
+「knowledge/my_skill の信頼スコアは？」
+```
+
+これは `trust_query(subject_ref: "knowledge/my_skill")` を呼び出します。
+
+### MCP ツール
+
+| ツール | 説明 |
+|--------|------|
+| `attestation_issue` | サブジェクトに対する署名付き証明プルーフを発行 |
+| `attestation_verify` | プルーフの有効性を検証（構造、署名、有効期限、取り消し） |
+| `attestation_revoke` | 証明を取り消し（元の証明者または管理者のみ） |
+| `attestation_list` | 証明一覧を表示（subject_ref、attester_id でフィルタ可能） |
+| `trust_query` | 証明履歴に基づく信頼スコアを計算 |
+| `challenge_create` | 既存の証明にチャレンジ（validity、evidence_request、re_verification） |
+| `challenge_respond` | チャレンジに追加証拠で応答 |
+
+### MMP 統合
+
+Synoptis は `MMP::Protocol.register_handler` 経由で5つの MMP アクションを登録し、P2P 証明交換を可能にします：
+
+| MMP アクション | 説明 |
+|---------------|------|
+| `attestation_request` | ピアに証明をリクエスト |
+| `attestation_response` | 署名付き ProofEnvelope で応答 |
+| `attestation_revoke` | 取り消しをブロードキャスト |
+| `challenge_create` | 元の証明者にチャレンジを送信 |
+| `challenge_respond` | MMP 経由でチャレンジに応答 |
+
+すべての P2P メッセージは `MMP::PeerManager` 経由の Bearer トークン認証を使用します。認証済みピア ID は `MeetingRouter` が `_authenticated_peer_id` として注入します。
+
+### 信頼スコアリング
+
+信頼スコアは加重複合値として計算されます：
+
+| 要素 | 重み | 説明 |
+|------|------|------|
+| 品質 (Quality) | 0.30 | 有効な（未取消・未期限切れ）証明の比率 |
+| 鮮度 (Freshness) | 0.25 | 最新証明の新しさ（指数減衰、24時間半減期） |
+| 多様性 (Diversity) | 0.25 | ユニーク証明者の数（上限5） |
+| 速度 (Velocity) | 0.10 | 過去7日間の証明レート |
+| 取消ペナルティ | −0.10 | 取り消された証明に対するペナルティ |
+
+### レジストリと構成的記録
+
+すべての証明データはハッシュチェーン連結（`_prev_entry_hash`）付きの追記専用 JSONL ファイルに保存されます。これは構成的記録（命題5）を実装しています：各レコードはシステムの履歴を不可逆的に拡張します。
+
+レジストリ種別：
+- `proofs.jsonl` — 証明プルーフエンベロープ
+- `revocations.jsonl` — 取り消しレコード
+- `challenges.jsonl` — チャレンジと応答レコード
+
+`trust_query` でレジストリの整合性を検証できます — 応答に `registry_integrity.valid` フィールドが含まれます。
+
+### ProofEnvelope 構造
+
+```json
+{
+  "proof_id": "uuid",
+  "attester_id": "agent_instance_id",
+  "subject_ref": "knowledge/my_skill",
+  "claim": "integrity_verified",
+  "evidence": "ハッシュチェーンの手動レビュー",
+  "merkle_root": "sha256_of_content",
+  "content_hash": "sha256_of_canonical_json",
+  "signature": "rsa_sha256_signature",
+  "timestamp": "2026-03-06T12:00:00Z",
+  "ttl": 86400,
+  "version": "1.0.0"
+}
+```
+
+### チャレンジワークフロー
+
+1. 任意のエージェントが `challenge_create(proof_id, challenge_type, details)` で証明にチャレンジ
+2. 元の証明者がチャレンジを受信（MMP またはローカル通知）
+3. 証明者が `challenge_respond(challenge_id, response, evidence)` で追加証拠とともに応答
+4. チャレンジ種別：`validity`（プルーフが正しくない可能性）、`evidence_request`（追加証拠が必要）、`re_verification`（条件が変化した可能性）
+
+### トランスポート層
+
+Synoptis は複数のトランスポート機構をサポートします：
+
+| トランスポート | バックエンド | 用途 |
+|--------------|------------|------|
+| MMP | `MMP::PeerManager` | P2P 直接証明交換 |
+| Hestia | `Hestia::PlaceRouter` | Meeting Place 経由（将来） |
+| Local | レジストリ直接アクセス | シングルインスタンスおよび Multiuser モード |
+
+トランスポート選択は利用可能な SkillSet に基づいて自動的に行われます。
+
+### 依存関係
+
+- **必須**: MMP SkillSet (>= 1.0.0)
+- **オプション**: Hestia SkillSet（Meeting Place トランスポート用）
+
+プロトコルの完全な仕様については、synoptis SkillSet をインストールし、同梱の knowledge（`synoptis_protocol`）を参照してください。

data/templates/skillsets/mmp/config/meeting.yml

@@ -1,7 +1,7 @@
 # MMP SkillSet Configuration
 # Model Meeting Protocol for P2P agent communication
 
-enabled: false
+enabled: true
 
 identity:
   name: "KairosChain Instance"

data/templates/skillsets/mmp/lib/mmp/peer_manager.rb

@@ -13,6 +13,7 @@ module MMP
 
     Peer = Struct.new(:id, :name, :url, :status, :last_seen, :introduction,
                       :extensions, :added_at, :public_key, :verified,
+                      :session_token,
                       keyword_init: true)
 
     def initialize(identity:, config: {}, data_dir: nil)
@@ -110,6 +111,7 @@ module MMP
       response = http_post("#{peer.url}/meeting/v1/introduce", my_intro)
       if response && response[:status] == 'received'
         peer.introduction = response[:peer_identity] if response[:peer_identity]
+        peer.session_token = response[:session_token] if response[:session_token]
         peer.last_seen = Time.now.utc
         save_peers
       end
@@ -119,7 +121,8 @@ module MMP
     def send_message(peer_id, message)
       peer = @peers[peer_id]
       return nil unless peer
-      response = http_post("#{peer.url}/meeting/v1/message", message)
+      auth = peer.session_token ? { 'Authorization' => "Bearer #{peer.session_token}" } : {}
+      response = http_post("#{peer.url}/meeting/v1/message", message, headers: auth)
       peer.last_seen = Time.now.utc if response
       response
     end
@@ -224,7 +227,7 @@ module MMP
       nil
     end
 
-    def http_post(url, data)
+    def http_post(url, data, headers: {})
       uri = URI.parse(url)
       http = Net::HTTP.new(uri.host, uri.port)
       http.open_timeout = @timeout
@@ -232,6 +235,7 @@ module MMP
       request = Net::HTTP::Post.new(uri.request_uri)
       request['Content-Type'] = 'application/json'
       request['Accept'] = 'application/json'
+      headers.each { |k, v| request[k] = v }
       request.body = JSON.generate(data)
       response = http.request(request)
       return nil unless response.is_a?(Net::HTTPSuccess)

data/templates/skillsets/mmp/lib/mmp/protocol.rb

@@ -16,6 +16,49 @@ module MMP
       propose_extension evaluate_extension adopt_extension share_extension
     ].freeze
 
+    # Generic handler extension mechanism for other SkillSets.
+    # Completes the ProtocolLoader design: action names + handlers in one step.
+    class << self
+      def handler_mutex
+        @handler_mutex ||= Mutex.new
+      end
+
+      def register_handler(action, &block)
+        handler_mutex.synchronize do
+          action_str = action.to_s
+          raise ArgumentError, "Cannot override built-in action: #{action_str}" if ACTIONS.include?(action_str)
+
+          @extended_handlers ||= {}
+          @extended_actions ||= []
+          @extended_handlers[action_str] = block
+          @extended_actions << action_str unless @extended_actions.include?(action_str)
+        end
+      end
+
+      def unregister_handler(action)
+        handler_mutex.synchronize do
+          action_str = action.to_s
+          @extended_handlers&.delete(action_str)
+          @extended_actions&.delete(action_str)
+        end
+      end
+
+      def extended_handler(action)
+        handler_mutex.synchronize { @extended_handlers&.dig(action.to_s) }
+      end
+
+      def extended_actions
+        handler_mutex.synchronize { (@extended_actions || []).dup }
+      end
+
+      def clear_extended_handlers!
+        handler_mutex.synchronize do
+          @extended_handlers = {}
+          @extended_actions = []
+        end
+      end
+    end
+
     attr_reader :protocol_loader, :supported_extensions, :evolution, :compatibility
 
     Message = Struct.new(:id, :action, :from, :to, :timestamp, :payload, :in_reply_to, :protocol_version, keyword_init: true) do
@@ -56,11 +99,13 @@ module MMP
     end
 
     def supported_actions
-      if @protocol_loader&.available_actions&.any?
-        @protocol_loader.available_actions
-      else
-        ACTIONS
-      end
+      base = if @protocol_loader&.available_actions&.any?
+               @protocol_loader.available_actions
+             else
+               ACTIONS
+             end
+      ext = self.class.extended_actions
+      ext.empty? ? base : (base + ext).uniq
     end
 
     def action_supported?(action) = supported_actions.include?(action)
@@ -138,9 +183,19 @@ module MMP
       when 'skill_content' then process_skill_content(msg_data)
       when 'reflect' then process_reflect(msg_data)
       else
-        { status: 'action_not_supported', action: action,
-          message: "Action '#{action}' is registered but has no handler. Available handled actions: #{ACTIONS.join(', ')}",
-          available_actions: supported_actions }
+        handler = self.class.extended_handler(action)
+        if handler
+          begin
+            handler.call(msg_data, self)
+          rescue StandardError => e
+            warn "[MMP::Protocol] Handler error for '#{action}': #{e.message}"
+            { status: 'error', action: action, message: 'Handler execution failed' }
+          end
+        else
+          { status: 'action_not_supported', action: action,
+            message: "Action '#{action}' is recognized but has no handler.",
+            available_actions: supported_actions }
+        end
       end
     end
 

data/templates/skillsets/synoptis/config/synoptis.yml

@@ -0,0 +1,31 @@
+enabled: true
+
+attestation:
+  default_ttl: 86400          # 24 hours
+  max_evidence_size: 65536    # 64KB
+  require_signature: true
+
+trust:
+  score_weights:
+    quality: 0.3
+    freshness: 0.25
+    diversity: 0.25
+    velocity: 0.1
+    revocation_penalty: 0.1
+  min_trust_score: 0.0
+  max_trust_score: 1.0
+
+challenge:
+  response_timeout: 3600      # 1 hour
+  max_active_per_subject: 5
+
+registry:
+  backend: file               # file | sqlite (future)
+  data_dir: synoptis_data
+
+transport:
+  preferred: mmp              # mmp | hestia | local
+  fallback_order:
+    - mmp
+    - hestia
+    - local

data/templates/skillsets/synoptis/knowledge/synoptis_protocol/synoptis_protocol.md

@@ -0,0 +1,84 @@
+---
+name: synoptis_attestation_protocol
+version: "1.0.0"
+actions:
+  - attestation_request
+  - attestation_response
+  - attestation_revoke
+  - challenge_create
+  - challenge_respond
+tags:
+  - synoptis
+  - attestation
+  - trust
+  - audit
+---
+
+# Synoptis Mutual Attestation Protocol
+
+## Overview
+
+Synoptis is an opt-in SkillSet for KairosChain that provides mutual attestation
+between agents. It enables cross-agent trust verification through cryptographically
+signed proof envelopes, stored in append-only registries with hash-chain integrity.
+
+## MMP Actions
+
+### attestation_request
+
+Sent to request an attestation from a peer agent.
+
+**Payload:**
+- `subject_ref` (string): Reference to the subject being attested
+- `claim` (string): The type of attestation requested
+- `evidence_hints` (array, optional): Hints about what evidence to examine
+
+### attestation_response
+
+Sent in response to an attestation request, containing the signed proof envelope.
+
+**Payload:**
+- ProofEnvelope fields (proof_id, attester_id, subject_ref, claim, evidence, merkle_root, signature, timestamp, ttl)
+
+### attestation_revoke
+
+Broadcast when an attestation is revoked.
+
+**Payload:**
+- `proof_id` (string): The revoked proof ID
+- `revoker_id` (string): Who revoked it
+- `reason` (string): Reason for revocation
+
+### challenge_create
+
+Sent to challenge an existing attestation.
+
+**Payload:**
+- `challenge_id` (string): Unique challenge identifier
+- `proof_id` (string): The challenged proof
+- `challenge_type` (string): validity | evidence_request | re_verification
+- `details` (string, optional): Challenge details
+
+### challenge_respond
+
+Sent by the original attester in response to a challenge.
+
+**Payload:**
+- `challenge_id` (string): The challenge being responded to
+- `response` (string): Response text
+- `evidence` (string, optional): Additional evidence
+
+## Transport
+
+Messages are delivered via MMP PeerManager with Bearer token authentication.
+Handlers are registered via `MMP::Protocol.register_handler` during `Synoptis.load!`.
+
+## Registry
+
+All attestation data is stored in append-only JSONL files with hash-chain linking
+(`_prev_entry_hash`), implementing constitutive recording (Proposition 5).
+
+## Trust Scoring
+
+Trust scores are calculated from: quality (0.3), freshness (0.25), diversity (0.25),
+velocity (0.1), minus revocation penalty (0.1).