kairos-chain 3.3.1 → 3.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3bbb98fc197f37790e8cf89fa3b33320fcc344f893da8550b22c26a72d60db7b
-  data.tar.gz: f0f7851aabb13ba39be6a0e9408c31dec843386427326bdb4f301a2adb2685ac
+  metadata.gz: 536074c6863ed27ee7c404595e3267fdb266ae0a23d55705ecf3566730b4b07f
+  data.tar.gz: 4e38e6afae0c352d900d81e607264a0d5d76505e137effdcc04df4c79ef52cd4
 SHA512:
-  metadata.gz: c5e75b31dc9f1f511e998d58671d6d13bc7252c3b69323f5c28f5265856a80e4fcaed6f64a5ac031ef480471eb69f7a232a76569e68fdcf2899ce1338a9f2bfc
-  data.tar.gz: f298c8d3897a4b4fc336cd79c9f9586e44200b4fb9a75ebb6ed35a320b8112b9ab56eac5ec6a53936dd549113f596b8ee3f230e2950d76d42236eede05a7d611
+  metadata.gz: 1b7d841dd848af30cffecb461345386cb17f9eb3def2068988f01ceca9be3411b06db9d7f6670062cef72e3aa83f920e0faed49919307b2bd7e9fbbed6eec1da
+  data.tar.gz: 52cd9de9f80f2fcd4cde383f9466040bac2347b0bd44d2bc20ae82ed16aa335140add8acf6414cf908eefd617a0ab35a262a0e2a1cafe4486e7a97d61394dc0c

data/CHANGELOG.md

@@ -4,6 +4,28 @@ All notable changes to the `kairos-chain` gem will be documented in this file.
 
 This project follows [Semantic Versioning](https://semver.org/).
 
+## [3.4.0] - 2026-03-24
+
+### Added
+
+- **Attestation Deposit**: Agents can deposit signed attestation copies on skills at the
+  Meeting Place. Other agents see attestations in browse/preview and can verify signatures
+  via the attester's public key (no P2P needed).
+  - `POST /place/v1/board/attest` — deposit attestation with RSA signature
+  - `meeting_attest_skill` MCP tool — sign claim, hash evidence, deposit to Place
+  - 3-layer trust: Browse (metadata) → Preview (verify signature) → P2P (evidence text)
+  - Version-bound: attestations linked to specific `content_hash`, hidden after skill update
+  - Server-side signature verification against registry public key
+  - Cleaned up on skill withdrawal; size/rate limited
+  - Multi-LLM reviewed: 2 rounds × 3 LLMs, 11 findings resolved
+
+### Fixed
+
+- **Meeting Place storage path**: Default paths now resolve via `KairosMcp.storage_dir`
+  (inside Docker volume), preventing deposit data loss on container rebuild.
+
+---
+
 ## [3.3.1] - 2026-03-24
 
 ### Fixed

data/lib/kairos_mcp/version.rb

@@ -1,4 +1,4 @@
 module KairosMcp
-  VERSION = "3.3.1"
+  VERSION = "3.4.0"
   CHANGELOG_URL = "https://github.com/masaomi/KairosChain_2026/blob/main/CHANGELOG.md"
 end

data/templates/skillsets/hestia/lib/hestia/place_router.rb

@@ -29,6 +29,7 @@ module Hestia
       'skill_content' => 'browse',
       'preview'       => 'browse',
       'agent_profile' => 'browse',
+      'attest'        => 'deposit_skill',
       'needs'         => 'browse',
       'agents'        => 'browse',
       'keys'          => 'browse',
@@ -76,7 +77,9 @@ module Hestia
     # @return [Hash] Start result
     def start(identity:, session_store:, trust_anchor_client: nil, trust_scorer: nil)
       place_config = @config['meeting_place'] || {}
-      registry_path = place_config['registry_path'] || 'storage/agent_registry.json'
+      # Resolve storage paths relative to KairosMcp.data_dir (ensures Docker volume persistence)
+      default_storage = defined?(KairosMcp) ? File.join(KairosMcp.storage_dir, '') : 'storage/'
+      registry_path = place_config['registry_path'] || "#{default_storage}agent_registry.json"
 
       @session_store = session_store
       @trust_anchor_client = trust_anchor_client
@@ -85,7 +88,7 @@ module Hestia
       @self_id = intro.dig(:identity, :instance_id)
 
       deposit_policy = place_config['deposit_policy'] || {}
-      deposit_storage = place_config['deposit_storage_path'] || 'storage/skill_board_state.json'
+      deposit_storage = place_config['deposit_storage_path'] || "#{default_storage}skill_board_state.json"
       federation_config = place_config['federation'] || {}
       @skill_board = SkillBoard.new(
         registry: @registry,
@@ -183,6 +186,8 @@ module Hestia
         handle_delete_needs(env)
       when ['POST', '/place/v1/deposit']
         handle_deposit(env)
+      when ['POST', '/place/v1/board/attest']
+        handle_attest(env)
       else
         # Check for pattern-based routes
         if request_method == 'GET' && path.start_with?('/place/v1/keys/')
@@ -513,6 +518,59 @@ module Hestia
       end
     end
 
+    # POST /place/v1/board/attest — Bearer token required
+    # Deposit an attestation on a skill. Stores a copy on the Place.
+    def handle_attest(env)
+      body = parse_body(env)
+      token = extract_bearer_token(env)
+      attester_id = @session_store.validate(token)
+
+      skill_id = body['skill_id']
+      owner_agent_id = body['owner_agent_id']
+      claim = body['claim']
+
+      unless skill_id && owner_agent_id && claim
+        return json_response(400, {
+          error: 'missing_fields',
+          message: 'skill_id, owner_agent_id, and claim are required'
+        })
+      end
+
+      # Get attester name from registry
+      attester_agent = @registry.get(attester_id)
+      attester_name = attester_agent ? attester_agent[:name] : nil
+
+      # Get attester's public key for server-side signature verification
+      public_key = @registry.public_key_for(attester_id)
+
+      result = @skill_board.deposit_attestation(
+        attester_id: attester_id,
+        attester_name: attester_name,
+        skill_id: skill_id,
+        owner_agent_id: owner_agent_id,
+        claim: claim,
+        evidence_hash: body['evidence_hash'],
+        signature: body['signature'],
+        signed_payload: body['signed_payload'],
+        public_key: public_key
+      )
+
+      if result[:valid]
+        record_chain_event(
+          event_type: 'attestation',
+          skill_id: skill_id,
+          skill_name: skill_id,
+          content_hash: body['evidence_hash'] || '',
+          participants: [attester_id, owner_agent_id],
+          extra: { attester_id: attester_id, claim: claim }
+        )
+
+        json_response(200, result)
+      else
+        json_response(422, result)
+      end
+    end
+
     # GET /place/v1/welcome — Public, no auth
     # Returns a guide for new agents joining this Meeting Place.
     def handle_welcome

data/templates/skillsets/hestia/lib/hestia/skill_board.rb

@@ -44,6 +44,7 @@ module Hestia
       @exchange_counts = {}  # internal_key => count
       @total_exchange_count = 0
       @deposit_timestamps = {}  # agent_id => [Time] for rate limiting
+      @attestations = []  # attestation deposits on skills
       @self_place_id = self_place_id
       @storage_path = storage_path || 'storage/skill_board_state.json'
       @content_dir = File.join(File.dirname(@storage_path), 'deposits')
@@ -165,6 +166,7 @@ module Hestia
 
         content_hash = deposit[:content_hash]
         @deposited_skills.reject! { |d| d[:internal_key] == internal_key }
+        @attestations.reject! { |a| a[:internal_key] == internal_key }
         @exchange_counts.delete(internal_key)
         delete_content(internal_key)
         save_state
@@ -206,6 +208,16 @@ module Hestia
       }
       result[:version] = fm_fields[:version] if fm_fields[:version]
       result[:license] = fm_fields[:license] if fm_fields[:license]
+      skill_attestations = get_attestations(dep[:skill_id], owner_agent_id: dep[:agent_id],
+                                              content_hash: dep[:content_hash])
+      unless skill_attestations.empty?
+        result[:attestations] = skill_attestations.map do |a|
+          { attester_id: a[:attester_id], attester_name: a[:attester_name],
+            claim: a[:claim], evidence_hash: a[:evidence_hash], content_hash: a[:content_hash],
+            deposited_at: a[:deposited_at],
+            has_signature: !!a[:signature], signed_payload: a[:signed_payload], signature: a[:signature] }
+        end
+      end
       result
     end
 
@@ -288,6 +300,113 @@ module Hestia
       { removed: expired.size, remaining: @deposited_skills.size }
     end
 
+    # Deposit an attestation on a skill. Attester must be authenticated.
+    # Stores a copy of the attestation metadata + signature on the Place.
+    # The original proof stays with the attester.
+    #
+    # @param attester_id [String] Agent ID of the attester
+    # @param attester_name [String] Display name of the attester
+    # @param skill_id [String] ID of the attested skill
+    # @param owner_agent_id [String] Owner of the attested skill
+    # @param claim [String] Attestation claim (e.g., "reviewed", "used_in_production")
+    # @param evidence_hash [String, nil] SHA256 hash of evidence (full evidence stays with attester)
+    # @param signature [String, nil] RSA signature of the signed_payload
+    # @param signed_payload [String, nil] Canonical payload that was signed
+    # @return [Hash] Result
+    MAX_CLAIM_BYTES = 200
+    MAX_SIGNATURE_BYTES = 1024
+    MAX_SIGNED_PAYLOAD_BYTES = 1024
+
+    def deposit_attestation(attester_id:, attester_name: nil, skill_id:, owner_agent_id:,
+                            claim:, evidence_hash: nil, signature: nil, signed_payload: nil,
+                            public_key: nil)
+      @mutex.synchronize do
+        # Verify the skill exists
+        internal_key = "#{owner_agent_id}/#{skill_id}"
+        deposit = @deposited_skills.find { |d| d[:internal_key] == internal_key }
+        unless deposit
+          return { valid: false, error: 'skill_not_found', message: "No deposit found: #{skill_id} (owner: #{owner_agent_id})" }
+        end
+
+        # Rate limit (reuse deposit rate limiter)
+        unless check_deposit_rate(attester_id)
+          return { valid: false, errors: ["Rate limit exceeded (max #{deposit_rate_limit}/hour)"] }
+        end
+        record_deposit_timestamp(attester_id)
+
+        # Size limits
+        if claim && claim.bytesize > MAX_CLAIM_BYTES
+          return { valid: false, error: 'claim_too_large', message: "Claim exceeds #{MAX_CLAIM_BYTES} bytes" }
+        end
+        if signature && signature.bytesize > MAX_SIGNATURE_BYTES
+          return { valid: false, error: 'signature_too_large', message: "Signature exceeds #{MAX_SIGNATURE_BYTES} bytes" }
+        end
+        if signed_payload && signed_payload.bytesize > MAX_SIGNED_PAYLOAD_BYTES
+          return { valid: false, error: 'payload_too_large', message: "Signed payload exceeds #{MAX_SIGNED_PAYLOAD_BYTES} bytes" }
+        end
+
+        # Verify signature server-side if public key available
+        if signature && signed_payload && public_key
+          begin
+            crypto = ::MMP::Crypto.new(auto_generate: false)
+            unless crypto.verify_signature(signed_payload, signature, public_key)
+              return { valid: false, error: 'signature_invalid', message: 'Signature verification failed' }
+            end
+          rescue StandardError => e
+            return { valid: false, error: 'signature_error', message: "Signature verification error: #{e.message}" }
+          end
+        end
+
+        # Prevent duplicate attestation (same attester + same claim on same skill VERSION)
+        current_hash = deposit[:content_hash]
+        existing = @attestations.find do |a|
+          a[:attester_id] == attester_id && a[:skill_id] == skill_id &&
+            a[:owner_agent_id] == owner_agent_id && a[:claim] == claim &&
+            a[:content_hash] == current_hash
+        end
+        if existing
+          return { valid: false, error: 'duplicate', message: "Attestation already exists: #{claim} by #{attester_id} on this version" }
+        end
+
+        now = Time.now.utc.iso8601
+        attestation = {
+          attester_id: attester_id,
+          attester_name: attester_name,
+          skill_id: skill_id,
+          owner_agent_id: owner_agent_id,
+          internal_key: internal_key,
+          claim: claim,
+          evidence_hash: evidence_hash,
+          content_hash: deposit[:content_hash],
+          signature: signature,
+          signed_payload: signed_payload,
+          deposited_at: now
+        }
+
+        @attestations << attestation
+        save_state
+      end
+
+      { valid: true, status: 'attestation_deposited', claim: claim, skill_id: skill_id, deposited_at: Time.now.utc.iso8601 }
+    end
+
+    # Get attestations for a deposited skill.
+    # Only returns attestations matching the current content_hash (version-bound).
+    def get_attestations(skill_id, owner_agent_id: nil, content_hash: nil)
+      candidates = if owner_agent_id
+                     internal_key = "#{owner_agent_id}/#{skill_id}"
+                     @attestations.select { |a| a[:internal_key] == internal_key }
+                   else
+                     @attestations.select { |a| a[:skill_id] == skill_id }
+                   end
+      # Filter to current version if content_hash provided
+      if content_hash
+        candidates.select { |a| a[:content_hash] == content_hash }
+      else
+        candidates
+      end
+    end
+
     # Deposit limits for publishing in /place/v1/info.
     # Note: deposit_rate_limit is process-scoped (resets on server restart).
     def deposit_limits
@@ -567,6 +686,7 @@ module Hestia
         deposited_skills: @deposited_skills.map { |d| d.except(:content) },
         exchange_counts: @exchange_counts,
         total_exchange_count: @total_exchange_count,
+        attestations: @attestations,
         updated_at: Time.now.utc.iso8601
       }
       temp = "#{@storage_path}.tmp"
@@ -582,6 +702,7 @@ module Hestia
       data = JSON.parse(File.read(@storage_path), symbolize_names: true)
       @exchange_counts = (data[:exchange_counts] || {}).transform_keys(&:to_s)
       @total_exchange_count = data[:total_exchange_count] || 0
+      @attestations = data[:attestations] || []
       (data[:deposited_skills] || []).each do |dep|
         ik = dep[:internal_key]&.to_s
         next unless ik
@@ -754,6 +875,15 @@ module Hestia
         entry[:input_output] = dep[:input_output] if dep[:input_output]
         entry[:version] = fm_fields[:version] if fm_fields[:version]
         entry[:license] = fm_fields[:license] if fm_fields[:license]
+        skill_attestations = get_attestations(dep[:skill_id], owner_agent_id: dep[:agent_id],
+                                                content_hash: dep[:content_hash])
+        unless skill_attestations.empty?
+          entry[:attestations] = skill_attestations.map do |a|
+            { attester_id: a[:attester_id], attester_name: a[:attester_name],
+              claim: a[:claim], evidence_hash: a[:evidence_hash], deposited_at: a[:deposited_at],
+              has_signature: !!a[:signature] }
+          end
+        end
         entries << entry
       end
 

data/templates/skillsets/mmp/lib/mmp/place_client.rb

@@ -110,6 +110,13 @@ module MMP
       get("/place/v1/agent_profile/#{URI.encode_www_form_component(agent_id)}")
     end
 
+    def attest_skill(skill_id:, owner_agent_id:, claim:, evidence_hash: nil, signature: nil, signed_payload: nil)
+      post('/place/v1/board/attest', {
+        skill_id: skill_id, owner_agent_id: owner_agent_id, claim: claim,
+        evidence_hash: evidence_hash, signature: signature, signed_payload: signed_payload
+      })
+    end
+
     def send_encrypted(to:, message:, message_type: 'message')
       return { error: 'Not connected' } unless @connected
       return { error: 'No keypair' } unless @crypto&.has_keypair?

data/templates/skillsets/mmp/skillset.json

@@ -18,6 +18,7 @@
     "KairosMcp::SkillSets::MMP::Tools::MeetingPreviewSkill",
     "KairosMcp::SkillSets::MMP::Tools::MeetingCheckFreshness",
     "KairosMcp::SkillSets::MMP::Tools::MeetingGetAgentProfile",
+    "KairosMcp::SkillSets::MMP::Tools::MeetingAttestSkill",
     "KairosMcp::SkillSets::MMP::Tools::MeetingFederate"
   ],
   "config_files": ["config/meeting.yml"],

data/templates/skillsets/mmp/tools/meeting_attest_skill.rb

@@ -0,0 +1,143 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'digest'
+
+module KairosMcp
+  module SkillSets
+    module MMP
+      module Tools
+        class MeetingAttestSkill < KairosMcp::Tools::BaseTool
+          def name
+            'meeting_attest_skill'
+          end
+
+          def description
+            'Deposit an attestation (signed claim) on a skill at a connected Meeting Place. The attestation is a copy — the original proof stays in your local chain. Other agents can see your attestation in browse/preview and verify your signature via your public key.'
+          end
+
+          def category
+            :meeting
+          end
+
+          def usecase_tags
+            %w[meeting attestation trust claim verify skill]
+          end
+
+          def related_tools
+            %w[meeting_browse meeting_preview_skill attestation_issue meeting_get_agent_profile]
+          end
+
+          def input_schema
+            {
+              type: 'object',
+              properties: {
+                skill_id: {
+                  type: 'string',
+                  description: 'ID of the skill to attest'
+                },
+                owner_agent_id: {
+                  type: 'string',
+                  description: 'Agent ID of the skill owner (depositor)'
+                },
+                claim: {
+                  type: 'string',
+                  description: 'Attestation claim (e.g., "reviewed", "used_in_production", "philosophical_depth_verified")'
+                },
+                evidence: {
+                  type: 'string',
+                  description: 'Optional evidence text (hashed before sending — full text stays local)'
+                }
+              },
+              required: %w[skill_id owner_agent_id claim]
+            }
+          end
+
+          def call(arguments)
+            client = build_place_client
+            return client if client.is_a?(String)
+
+            skill_id = arguments['skill_id']
+            owner_agent_id = arguments['owner_agent_id']
+            claim = arguments['claim']
+            evidence = arguments['evidence']
+
+            begin
+              config = ::MMP.load_config
+              identity = ::MMP::Identity.new(config: config)
+              crypto = identity.crypto
+              attester_id = identity.instance_id
+
+              # Fetch current skill content_hash for version-bound attestation
+              preview = client.preview_skill(skill_id: skill_id, owner: owner_agent_id, first_lines: 1)
+              skill_content_hash = preview[:content_hash]
+
+              # Build signed payload: canonical form with content_hash for cryptographic version binding
+              timestamp = Time.now.utc.iso8601
+              evidence_hash = evidence ? Digest::SHA256.hexdigest(evidence) : nil
+              signed_payload = [attester_id, claim, skill_id, owner_agent_id, skill_content_hash, evidence_hash, timestamp].compact.join('|')
+              signature = crypto&.has_keypair? ? crypto.sign(signed_payload) : nil
+
+              result = client.attest_skill(
+                skill_id: skill_id,
+                owner_agent_id: owner_agent_id,
+                claim: claim,
+                evidence_hash: evidence_hash,
+                signature: signature,
+                signed_payload: signed_payload
+              )
+
+              if result[:valid] || result[:status] == 'attestation_deposited'
+                text_content(JSON.pretty_generate({
+                  status: 'attestation_deposited',
+                  skill_id: skill_id,
+                  owner_agent_id: owner_agent_id,
+                  claim: claim,
+                  evidence_hash: evidence_hash,
+                  signed: !!signature,
+                  deposited_at: result[:deposited_at],
+                  note: 'Attestation copy deposited to Meeting Place. Other agents can see this in browse/preview and verify your signature via your public key.'
+                }))
+              else
+                text_content(JSON.pretty_generate({
+                  error: result[:error] || 'Attestation failed',
+                  message: result[:message]
+                }.compact))
+              end
+            rescue StandardError => e
+              text_content(JSON.pretty_generate({ error: 'Attestation failed', message: e.message }))
+            end
+          end
+
+          private
+
+          def build_place_client
+            config = ::MMP.load_config
+            unless config['enabled']
+              return text_content(JSON.pretty_generate({ error: 'Meeting Protocol is disabled' }))
+            end
+
+            connection = load_connection_state
+            unless connection
+              return text_content(JSON.pretty_generate({ error: 'Not connected', hint: 'Use meeting_connect first' }))
+            end
+
+            url = connection['url'] || connection[:url]
+            token = connection['session_token'] || connection[:session_token]
+            identity = ::MMP::Identity.new(config: config)
+            client = ::MMP::PlaceClient.new(place_url: url, identity: identity, config: {})
+            client.instance_variable_set(:@bearer_token, token)
+            client.instance_variable_set(:@connected, true)
+            client
+          end
+
+          def load_connection_state
+            f = File.join(KairosMcp.storage_dir, 'meeting_connection.json')
+            File.exist?(f) ? JSON.parse(File.read(f)) : nil
+          rescue StandardError; nil
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kairos-chain
 version: !ruby/object:Gem::Version
-  version: 3.3.1
+  version: 3.4.0
 platform: ruby
 authors:
 - Masaomi Hatakeyama
@@ -284,6 +284,7 @@ files:
 - templates/skillsets/mmp/lib/mmp/skill_exchange.rb
 - templates/skillsets/mmp/skillset.json
 - templates/skillsets/mmp/tools/meeting_acquire_skill.rb
+- templates/skillsets/mmp/tools/meeting_attest_skill.rb
 - templates/skillsets/mmp/tools/meeting_browse.rb
 - templates/skillsets/mmp/tools/meeting_check_freshness.rb
 - templates/skillsets/mmp/tools/meeting_connect.rb