@agenttrust-sdk/mcp 0.1.0

package/dist/tools/write/init-policy.js

@@ -0,0 +1,124 @@
+"use strict";
+/**
+ * `agenttrust_init_policy` — initialise a PolicyAccount + VelocityLedger
+ * for the caller's `(agent_asset, policy_id)` pair. Requires the
+ * PolicyAuthority to already exist with the signer as a member; this
+ * tool surfaces a clear error pointing at `init_authority` if not.
+ *
+ * The full per-kind config is exposed as JSON; sane defaults zero every
+ * field so callers can incrementally enable kinds via the bitmask.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initPolicyTool = void 0;
+const anchor_1 = require("@coral-xyz/anchor");
+const web3_js_1 = require("@solana/web3.js");
+const zod_1 = require("zod");
+const chain_1 = require("../../chain");
+const config_1 = require("../../config");
+const common_1 = require("../common");
+const POLICY_AUTHORITY_PREFIX = Buffer.from("policy_authority");
+const SpendingSchema = zod_1.z.object({
+    per_tx_max: zod_1.z.union([zod_1.z.number().int().nonnegative(), zod_1.z.string().regex(/^\d+$/)]).default(0),
+    daily_max: zod_1.z.union([zod_1.z.number().int().nonnegative(), zod_1.z.string().regex(/^\d+$/)]).default(0),
+    weekly_max: zod_1.z.union([zod_1.z.number().int().nonnegative(), zod_1.z.string().regex(/^\d+$/)]).default(0),
+}).default({ per_tx_max: 0, daily_max: 0, weekly_max: 0 });
+const VelocitySchema = zod_1.z.object({
+    window_secs: zod_1.z.union([zod_1.z.number().int().nonnegative(), zod_1.z.string().regex(/^\d+$/)]).default(0),
+    max_in_window: zod_1.z.union([zod_1.z.number().int().nonnegative(), zod_1.z.string().regex(/^\d+$/)]).default(0),
+    tier0_decay_factor: zod_1.z.union([zod_1.z.number().int().nonnegative(), zod_1.z.string().regex(/^\d+$/)]).default(10000),
+}).default({ window_secs: 0, max_in_window: 0, tier0_decay_factor: 10000 });
+const CounterpartySchema = zod_1.z.object({
+    min_tier: zod_1.z.number().int().min(0).max(4).default(0),
+    max_risk_score: zod_1.z.number().int().min(0).max(255).default(255),
+    min_confidence: zod_1.z.number().int().min(0).max(10000).default(0),
+    default_unrated_treatment: zod_1.z.number().int().min(0).max(2).default(0),
+}).default({ min_tier: 0, max_risk_score: 255, min_confidence: 0, default_unrated_treatment: 0 });
+const ValidationSchema = zod_1.z.object({
+    required_capability_hash_hex: common_1.HexHashSchema.optional(),
+    accepted_attestors: zod_1.z.array(common_1.PubkeySchema).max(2).default([]),
+}).default({ accepted_attestors: [] });
+const InputSchema = zod_1.z.object({
+    agent_asset: common_1.PubkeySchema.describe("Quantu agent asset (must equal a member of the agent's PolicyAuthority)"),
+    policy_id: zod_1.z.number().int().min(0).max(0xffffffff),
+    enabled_kinds_bitmask: zod_1.z.number().int().min(0).max(255).describe("OR of KIND_* flags: 1=KillSwitch 2=Spending 4=Velocity 8=CounterpartyTier 16=RequireValidation"),
+    gate_mode: zod_1.z.number().int().min(0).max(1).default(0).describe("0=Immediate, 1=Confirmed"),
+    scope_kind: zod_1.z.number().int().min(0).max(2).default(2).describe("0=Global 1=PerCollection 2=PerAgent"),
+    spending: SpendingSchema,
+    velocity: VelocitySchema,
+    counterparty: CounterpartySchema,
+    validation: ValidationSchema,
+});
+const ZERO_PUBKEY = new web3_js_1.PublicKey(new Uint8Array(32));
+exports.initPolicyTool = {
+    name: "agenttrust_init_policy",
+    description: "Create a PolicyAccount + VelocityLedger PDA for the caller's agent. " +
+        "Requires KEYPAIR_B58 (the signer must be a member of the agent's " +
+        "PolicyAuthority). Returns the tx signature plus Explorer URLs for " +
+        "both new PDAs.",
+    inputSchema: InputSchema,
+    async handler(input, ctx) {
+        const signer = ctx.chain.requireSigner();
+        const agent = (0, common_1.parsePubkey)(input.agent_asset, "agent_asset");
+        const policyVault = await ctx.chain.policyVault();
+        const policyPda = (0, chain_1.derivePolicyPda)(ctx.chain.cfg.programs.policyVault, agent, input.policy_id);
+        const velocityPda = (0, chain_1.deriveVelocityPda)(ctx.chain.cfg.programs.policyVault, agent, input.policy_id);
+        const authorityPda = web3_js_1.PublicKey.findProgramAddressSync([POLICY_AUTHORITY_PREFIX, agent.toBuffer()], ctx.chain.cfg.programs.policyVault)[0];
+        const validationHash = input.validation.required_capability_hash_hex
+            ? Array.from((0, common_1.hexToBytes)(input.validation.required_capability_hash_hex))
+            : Array.from(new Uint8Array(32));
+        const acceptedAttestors = [
+            input.validation.accepted_attestors[0]
+                ? (0, common_1.parsePubkey)(input.validation.accepted_attestors[0], "validation.accepted_attestors[0]")
+                : ZERO_PUBKEY,
+            input.validation.accepted_attestors[1]
+                ? (0, common_1.parsePubkey)(input.validation.accepted_attestors[1], "validation.accepted_attestors[1]")
+                : ZERO_PUBKEY,
+        ];
+        const args = {
+            policyId: input.policy_id,
+            enabledKindsBitmask: input.enabled_kinds_bitmask,
+            gateMode: input.gate_mode,
+            scopeKind: input.scope_kind,
+            spending: {
+                perTxMax: new anchor_1.BN(input.spending.per_tx_max.toString()),
+                dailyMax: new anchor_1.BN(input.spending.daily_max.toString()),
+                weeklyMax: new anchor_1.BN(input.spending.weekly_max.toString()),
+            },
+            velocity: {
+                windowSecs: new anchor_1.BN(input.velocity.window_secs.toString()),
+                maxInWindow: new anchor_1.BN(input.velocity.max_in_window.toString()),
+                tier0DecayFactor: new anchor_1.BN(input.velocity.tier0_decay_factor.toString()),
+            },
+            counterparty: {
+                minTier: input.counterparty.min_tier,
+                maxRiskScore: input.counterparty.max_risk_score,
+                minConfidence: input.counterparty.min_confidence,
+                defaultUnratedTreatment: input.counterparty.default_unrated_treatment,
+            },
+            validation: {
+                requiredCapabilityHash: validationHash,
+                acceptedAttestors,
+            },
+        };
+        const txSignature = await policyVault.methods
+            .initPolicy(agent, args)
+            .accounts({
+            payer: signer.publicKey,
+            policyAuthority: authorityPda,
+            policyAccount: policyPda,
+            velocityLedger: velocityPda,
+            systemProgram: web3_js_1.SystemProgram.programId,
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        })
+            .rpc();
+        return {
+            txSignature,
+            explorerTxUrl: (0, config_1.explorerUrl)(ctx.chain.cfg, "tx", txSignature),
+            policyPda: policyPda.toBase58(),
+            policyExplorer: (0, config_1.explorerUrl)(ctx.chain.cfg, "address", policyPda.toBase58()),
+            velocityPda: velocityPda.toBase58(),
+            velocityExplorer: (0, config_1.explorerUrl)(ctx.chain.cfg, "address", velocityPda.toBase58()),
+        };
+    },
+};
+//# sourceMappingURL=init-policy.js.map

package/dist/tools/write/init-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init-policy.js","sourceRoot":"","sources":["../../../src/tools/write/init-policy.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,8CAAuC;AACvC,6CAA2D;AAC3D,6BAAwB;AAExB,uCAAiE;AACjE,yCAA2C;AAC3C,sCAAiF;AAGjF,MAAM,uBAAuB,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AAEhE,MAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,UAAU,EAAG,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5F,SAAS,EAAI,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5F,UAAU,EAAG,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;CAC7F,CAAC,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,CAAC;AAE3D,MAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,WAAW,EAAS,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACnG,aAAa,EAAO,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACnG,kBAAkB,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;CACxG,CAAC,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC;AAE5E,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,QAAQ,EAAmB,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACpE,cAAc,EAAa,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IACxE,cAAc,EAAa,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,yBAAyB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;CACrE,CAAC,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,cAAc,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC,EAAE,yBAAyB,EAAE,CAAC,EAAE,CAAC,CAAC;AAElG,MAAM,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,4BAA4B,EAAE,sBAAa,CAAC,QAAQ,EAAE;IACtD,kBAAkB,EAAY,OAAC,CAAC,KAAK,CAAC,qBAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACvE,CAAC,CAAC,OAAO,CAAC,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC,CAAC;AAEvC,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3B,WAAW,EAAY,qBAAY,CAAC,QAAQ,CAAC,yEAAyE,CAAC;IACvH,SAAS,EAAc,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC;IAC9D,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,gGAAgG,CAAC;IAClK,SAAS,EAAc,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IACrG,UAAU,EAAa,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,qCAAqC,CAAC;IAChH,QAAQ,EAAe,cAAc;IACrC,QAAQ,EAAe,cAAc;IACrC,YAAY,EAAW,kBAAkB;IACzC,UAAU,EAAa,gBAAgB;CACxC,CAAC,CAAC;AAYH,MAAM,WAAW,GAAG,IAAI,mBAAS,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;AAEzC,QAAA,cAAc,GAAwB;IACjD,IAAI,EAAS,wBAAwB;IACrC,WAAW,EACT,sEAAsE;QACtE,mEAAmE;QACnE,oEAAoE;QACpE,gBAAgB;IAClB,WAAW,EAAE,WAAW;IAExB,KAAK,CAAC,OAAO,CAAC,KAAY,EAAE,GAAgB;QAC1C,MAAM,MAAM,GAAS,GAAG,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;QAC/C,MAAM,KAAK,GAAU,IAAA,oBAAW,EAAC,KAAK,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QACnE,MAAM,WAAW,GAAI,MAAM,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QAEnD,MAAM,SAAS,GAAM,IAAA,uBAAe,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QACjG,MAAM,WAAW,GAAI,IAAA,yBAAiB,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QACnG,MAAM,YAAY,GAAG,mBAAS,CAAC,sBAAsB,CACnD,CAAC,uBAAuB,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,EAC3C,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CACnC,CAAC,CAAC,CAAC,CAAC;QAEL,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,CAAC,4BAA4B;YAClE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAA,mBAAU,EAAC,KAAK,CAAC,UAAU,CAAC,4BAA4B,CAAC,CAAC;YACvE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACnC,MAAM,iBAAiB,GAAgB;YACrC,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBACpC,CAAC,CAAC,IAAA,oBAAW,EAAC,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,kCAAkC,CAAC;gBACzF,CAAC,CAAC,WAAW;YACf,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBACpC,CAAC,CAAC,IAAA,oBAAW,EAAC,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,kCAAkC,CAAC;gBACzF,CAAC,CAAC,WAAW;SAChB,CAAC;QAEF,MAAM,IAAI,GAAG;YACX,QAAQ,EAAa,KAAK,CAAC,SAAS;YACpC,mBAAmB,EAAE,KAAK,CAAC,qBAAqB;YAChD,QAAQ,EAAa,KAAK,CAAC,SAAS;YACpC,SAAS,EAAY,KAAK,CAAC,UAAU;YACrC,QAAQ,EAAE;gBACR,QAAQ,EAAG,IAAI,WAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACvD,QAAQ,EAAG,IAAI,WAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;gBACtD,SAAS,EAAE,IAAI,WAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;aACxD;YACD,QAAQ,EAAE;gBACR,UAAU,EAAS,IAAI,WAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;gBAChE,WAAW,EAAQ,IAAI,WAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;gBAClE,gBAAgB,EAAG,IAAI,WAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC;aACxE;YACD,YAAY,EAAE;gBACZ,OAAO,EAAkB,KAAK,CAAC,YAAY,CAAC,QAAQ;gBACpD,YAAY,EAAa,KAAK,CAAC,YAAY,CAAC,cAAc;gBAC1D,aAAa,EAAY,KAAK,CAAC,YAAY,CAAC,cAAc;gBAC1D,uBAAuB,EAAE,KAAK,CAAC,YAAY,CAAC,yBAAyB;aACtE;YACD,UAAU,EAAE;gBACV,sBAAsB,EAAE,cAAc;gBACtC,iBAAiB;aAClB;SACF,CAAC;QAEF,MAAM,WAAW,GAAW,MAAM,WAAW,CAAC,OAAO;aAClD,UAAU,CAAC,KAAK,EAAE,IAAa,CAAC;aAChC,QAAQ,CAAC;YACR,KAAK,EAAY,MAAM,CAAC,SAAS;YACjC,eAAe,EAAE,YAAY;YAC7B,aAAa,EAAI,SAAS;YAC1B,cAAc,EAAG,WAAW;YAC5B,aAAa,EAAI,uBAAa,CAAC,SAAS;YACxC,8DAA8D;SACxD,CAAC;aACR,GAAG,EAAE,CAAC;QAET,OAAO;YACL,WAAW;YACX,aAAa,EAAK,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,EAAO,WAAW,CAAC;YACpE,SAAS,EAAS,SAAS,CAAC,QAAQ,EAAE;YACtC,cAAc,EAAI,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC7E,WAAW,EAAO,WAAW,CAAC,QAAQ,EAAE;YACxC,gBAAgB,EAAE,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/write/request-validation.d.ts

@@ -0,0 +1,39 @@
+/**
+ * `agenttrust_request_validation` — open a ValidationRequest PDA,
+ * inviting attestors to attest to `(subject_asset, capability_hash)`
+ * by `deadline_slot`.
+ *
+ * Composes via `buildRequestValidationIx` in the SDK so the on-chain
+ * account list + arg encoding stays the canonical source of truth.
+ */
+import { z } from "zod";
+import type { Tool } from "../types";
+declare const InputSchema: z.ZodObject<{
+    subject_asset: z.ZodEffects<z.ZodString, string, string>;
+    capability_name: z.ZodOptional<z.ZodString>;
+    capability_hash_hex: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    claim_uri_hash_hex: z.ZodEffects<z.ZodString, string, string>;
+    deadline_slot: z.ZodUnion<[z.ZodNumber, z.ZodString]>;
+}, "strip", z.ZodTypeAny, {
+    subject_asset: string;
+    claim_uri_hash_hex: string;
+    deadline_slot: string | number;
+    capability_name?: string | undefined;
+    capability_hash_hex?: string | undefined;
+}, {
+    subject_asset: string;
+    claim_uri_hash_hex: string;
+    deadline_slot: string | number;
+    capability_name?: string | undefined;
+    capability_hash_hex?: string | undefined;
+}>;
+type Input = z.infer<typeof InputSchema>;
+interface Output {
+    txSignature: string;
+    explorerTxUrl: string;
+    requestPda: string;
+    requestExplorer: string;
+    capabilityHashHex: string;
+}
+export declare const requestValidationTool: Tool<Input, Output>;
+export {};

package/dist/tools/write/request-validation.js

@@ -0,0 +1,69 @@
+"use strict";
+/**
+ * `agenttrust_request_validation` — open a ValidationRequest PDA,
+ * inviting attestors to attest to `(subject_asset, capability_hash)`
+ * by `deadline_slot`.
+ *
+ * Composes via `buildRequestValidationIx` in the SDK so the on-chain
+ * account list + arg encoding stays the canonical source of truth.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requestValidationTool = void 0;
+const web3_js_1 = require("@solana/web3.js");
+const zod_1 = require("zod");
+const chain_1 = require("../../chain");
+const config_1 = require("../../config");
+const common_1 = require("../common");
+const InputSchema = zod_1.z.object({
+    subject_asset: common_1.PubkeySchema.describe("Quantu agent asset whose capability is being attested"),
+    capability_name: zod_1.z.string().min(3).max(32).optional()
+        .describe("Canonical capability name (3..=32 chars, no ':'); preferred over hex"),
+    capability_hash_hex: common_1.HexHashSchema.optional()
+        .describe("Direct 32-byte capability hash (hex); use only if you already have the digest"),
+    claim_uri_hash_hex: common_1.HexHashSchema.describe("32-byte hash of the off-chain claim URI"),
+    deadline_slot: zod_1.z.union([zod_1.z.number().int().positive(), zod_1.z.string().regex(/^\d+$/)])
+        .describe("Slot by which an attestor must respond"),
+});
+exports.requestValidationTool = {
+    name: "agenttrust_request_validation",
+    description: "Open a ValidationRequest PDA inviting attestors to attest to a " +
+        "subject's capability. Pass either capability_name (preferred — the SDK " +
+        "computes SHA256(name) and stamps it as the hash) or capability_hash_hex " +
+        "directly. Requires KEYPAIR_B58. Returns the request PDA's Explorer URL.",
+    inputSchema: InputSchema,
+    async handler(input, ctx) {
+        const signer = ctx.chain.requireSigner();
+        const subject = (0, common_1.parsePubkey)(input.subject_asset, "subject_asset");
+        if (!input.capability_name && !input.capability_hash_hex) {
+            throw new Error("Provide either capability_name or capability_hash_hex.");
+        }
+        const capHash = input.capability_name
+            ? (0, chain_1.computeCapabilityHash)(input.capability_name)
+            : (0, common_1.hexToBytes)(input.capability_hash_hex);
+        if (capHash.length !== 32)
+            throw new Error("capability_hash must be 32 bytes");
+        const claimHash = (0, common_1.hexToBytes)(input.claim_uri_hash_hex);
+        if (claimHash.length !== 32)
+            throw new Error("claim_uri_hash must decode to 32 bytes");
+        const program = await ctx.chain.validationRegistry();
+        const ix = await (0, chain_1.buildRequestValidationIx)({
+            program,
+            requester: signer.publicKey,
+            subjectAsset: subject,
+            capabilityHash: capHash,
+            claimUriHash: claimHash,
+            deadlineSlot: BigInt(input.deadline_slot.toString()),
+        });
+        const tx = new web3_js_1.Transaction().add(ix);
+        const txSignature = await ctx.chain.provider.sendAndConfirm(tx, [signer]);
+        const requestPda = (0, chain_1.deriveValidationRequestPda)(ctx.chain.cfg.validationRegistryId, subject, capHash, signer.publicKey);
+        return {
+            txSignature,
+            explorerTxUrl: (0, config_1.explorerUrl)(ctx.chain.cfg, "tx", txSignature),
+            requestPda: requestPda.toBase58(),
+            requestExplorer: (0, config_1.explorerUrl)(ctx.chain.cfg, "address", requestPda.toBase58()),
+            capabilityHashHex: (0, common_1.bytesToHex)(capHash),
+        };
+    },
+};
+//# sourceMappingURL=request-validation.js.map

package/dist/tools/write/request-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-validation.js","sourceRoot":"","sources":["../../../src/tools/write/request-validation.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,6CAA8C;AAC9C,6BAAwB;AAExB,uCAIqB;AACrB,yCAA2C;AAC3C,sCAA6F;AAG7F,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3B,aAAa,EAAS,qBAAY,CAAC,QAAQ,CAAC,uDAAuD,CAAC;IACpG,eAAe,EAAO,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;SACjC,QAAQ,CAAC,sEAAsE,CAAC;IACzG,mBAAmB,EAAG,sBAAa,CAAC,QAAQ,EAAE;SACrB,QAAQ,CAAC,+EAA+E,CAAC;IAClH,kBAAkB,EAAI,sBAAa,CAAC,QAAQ,CAAC,yCAAyC,CAAC;IACvF,aAAa,EAAS,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;SAC9D,QAAQ,CAAC,wCAAwC,CAAC;CAC5E,CAAC,CAAC;AAWU,QAAA,qBAAqB,GAAwB;IACxD,IAAI,EAAS,+BAA+B;IAC5C,WAAW,EACT,iEAAiE;QACjE,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;IAC3E,WAAW,EAAE,WAAW;IAExB,KAAK,CAAC,OAAO,CAAC,KAAY,EAAE,GAAgB;QAC1C,MAAM,MAAM,GAAI,GAAG,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,IAAA,oBAAW,EAAC,KAAK,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;QAClE,IAAI,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,CAAC,eAAe;YACnC,CAAC,CAAC,IAAA,6BAAqB,EAAC,KAAK,CAAC,eAAe,CAAC;YAC9C,CAAC,CAAC,IAAA,mBAAU,EAAC,KAAK,CAAC,mBAAoB,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAC/E,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACvD,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAEvF,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;QACrD,MAAM,EAAE,GAAG,MAAM,IAAA,gCAAwB,EAAC;YACxC,OAAO;YACP,SAAS,EAAO,MAAM,CAAC,SAAS;YAChC,YAAY,EAAI,OAAO;YACvB,cAAc,EAAE,OAAO;YACvB,YAAY,EAAI,SAAS;YACzB,YAAY,EAAI,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;SACvD,CAAC,CAAC;QAEH,MAAM,EAAE,GAAG,IAAI,qBAAW,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1E,MAAM,UAAU,GAAG,IAAA,kCAA0B,EAC3C,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,CACvE,CAAC;QAEF,OAAO;YACL,WAAW;YACX,aAAa,EAAM,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,EAAO,WAAW,CAAC;YACrE,UAAU,EAAS,UAAU,CAAC,QAAQ,EAAE;YACxC,eAAe,EAAI,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC;YAC/E,iBAAiB,EAAE,IAAA,mBAAU,EAAC,OAAO,CAAC;SACvC,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/write/respond-to-validation.d.ts

@@ -0,0 +1,47 @@
+/**
+ * `agenttrust_respond_to_validation` — an attestor responds to an open
+ * `ValidationRequest` by writing a `ValidationAttestation` PDA.
+ *
+ * Composes via the SDK's `buildRespondToValidationIx` so the same
+ * builder the attestor-demo uses runs through the MCP path. The signer
+ * must be the attestor (matches `attestor_profile.attestor`).
+ *
+ * If the attestor profile doesn't exist yet, this tool surfaces a clear
+ * error pointing at the planned `register_attestor` flow — the
+ * attestor-demo's bootstrap script is the source-of-truth lifecycle.
+ */
+import { z } from "zod";
+import type { Tool } from "../types";
+declare const InputSchema: z.ZodObject<{
+    subject_asset: z.ZodEffects<z.ZodString, string, string>;
+    capability_name: z.ZodOptional<z.ZodString>;
+    capability_hash_hex: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    claim_payload_hash_hex: z.ZodEffects<z.ZodString, string, string>;
+    claim_uri_hash_hex: z.ZodEffects<z.ZodString, string, string>;
+    expires_at_slot: z.ZodUnion<[z.ZodNumber, z.ZodString]>;
+}, "strip", z.ZodTypeAny, {
+    subject_asset: string;
+    claim_uri_hash_hex: string;
+    claim_payload_hash_hex: string;
+    expires_at_slot: string | number;
+    capability_name?: string | undefined;
+    capability_hash_hex?: string | undefined;
+}, {
+    subject_asset: string;
+    claim_uri_hash_hex: string;
+    claim_payload_hash_hex: string;
+    expires_at_slot: string | number;
+    capability_name?: string | undefined;
+    capability_hash_hex?: string | undefined;
+}>;
+type Input = z.infer<typeof InputSchema>;
+interface Output {
+    txSignature: string;
+    explorerTxUrl: string;
+    attestationPda: string;
+    attestationExplorer: string;
+    attestorProfilePda: string;
+    capabilityHashHex: string;
+}
+export declare const respondToValidationTool: Tool<Input, Output>;
+export {};

package/dist/tools/write/respond-to-validation.js

@@ -0,0 +1,81 @@
+"use strict";
+/**
+ * `agenttrust_respond_to_validation` — an attestor responds to an open
+ * `ValidationRequest` by writing a `ValidationAttestation` PDA.
+ *
+ * Composes via the SDK's `buildRespondToValidationIx` so the same
+ * builder the attestor-demo uses runs through the MCP path. The signer
+ * must be the attestor (matches `attestor_profile.attestor`).
+ *
+ * If the attestor profile doesn't exist yet, this tool surfaces a clear
+ * error pointing at the planned `register_attestor` flow — the
+ * attestor-demo's bootstrap script is the source-of-truth lifecycle.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.respondToValidationTool = void 0;
+const web3_js_1 = require("@solana/web3.js");
+const zod_1 = require("zod");
+const chain_1 = require("../../chain");
+const config_1 = require("../../config");
+const common_1 = require("../common");
+const InputSchema = zod_1.z.object({
+    subject_asset: common_1.PubkeySchema,
+    capability_name: zod_1.z.string().min(3).max(32).optional(),
+    capability_hash_hex: common_1.HexHashSchema.optional(),
+    claim_payload_hash_hex: common_1.HexHashSchema.describe("32-byte hash of the attestor's signed claim payload"),
+    claim_uri_hash_hex: common_1.HexHashSchema.describe("32-byte hash of the canonical claim URI"),
+    expires_at_slot: zod_1.z.union([zod_1.z.number().int().positive(), zod_1.z.string().regex(/^\d+$/)])
+        .describe("Attestation expiry slot (0 = never)"),
+});
+exports.respondToValidationTool = {
+    name: "agenttrust_respond_to_validation",
+    description: "Attestor responds to a ValidationRequest by creating a " +
+        "ValidationAttestation PDA. Requires KEYPAIR_B58 (must equal the " +
+        "attestor pubkey registered in AttestorProfile). Surfaces the " +
+        "attestation PDA + Explorer URL for downstream PolicyVault " +
+        "RequireValidation reads.",
+    inputSchema: InputSchema,
+    async handler(input, ctx) {
+        const signer = ctx.chain.requireSigner();
+        const subject = (0, common_1.parsePubkey)(input.subject_asset, "subject_asset");
+        if (!input.capability_name && !input.capability_hash_hex) {
+            throw new Error("Provide either capability_name or capability_hash_hex.");
+        }
+        const capHash = input.capability_name
+            ? (0, chain_1.computeCapabilityHash)(input.capability_name)
+            : (0, common_1.hexToBytes)(input.capability_hash_hex);
+        if (capHash.length !== 32)
+            throw new Error("capability_hash must be 32 bytes");
+        const claimPayloadHash = (0, common_1.hexToBytes)(input.claim_payload_hash_hex);
+        const claimUriHash = (0, common_1.hexToBytes)(input.claim_uri_hash_hex);
+        const program = await ctx.chain.validationRegistry();
+        const profile = await (0, chain_1.fetchAttestorProfile)(program, signer.publicKey);
+        if (!profile.data) {
+            throw new Error(`AttestorProfile not initialised for signer ${signer.publicKey.toBase58()}. ` +
+                `Run the attestor-demo bootstrap (or register_attestor instruction) first.`);
+        }
+        const ix = await (0, chain_1.buildRespondToValidationIx)({
+            program,
+            payer: signer.publicKey,
+            attestor: signer.publicKey,
+            subjectAsset: subject,
+            capabilityHash: capHash,
+            claimPayloadHash,
+            claimUriHash,
+            expiresAtSlot: BigInt(input.expires_at_slot.toString()),
+        });
+        const tx = new web3_js_1.Transaction().add(ix);
+        const txSignature = await ctx.chain.provider.sendAndConfirm(tx, [signer]);
+        const attestationPda = (0, chain_1.deriveValidationAttestationPda)(ctx.chain.cfg.validationRegistryId, subject, capHash, signer.publicKey);
+        const attestorProfilePda = (0, chain_1.deriveAttestorProfilePda)(ctx.chain.cfg.validationRegistryId, signer.publicKey);
+        return {
+            txSignature,
+            explorerTxUrl: (0, config_1.explorerUrl)(ctx.chain.cfg, "tx", txSignature),
+            attestationPda: attestationPda.toBase58(),
+            attestationExplorer: (0, config_1.explorerUrl)(ctx.chain.cfg, "address", attestationPda.toBase58()),
+            attestorProfilePda: attestorProfilePda.toBase58(),
+            capabilityHashHex: (0, common_1.bytesToHex)(capHash),
+        };
+    },
+};
+//# sourceMappingURL=respond-to-validation.js.map

package/dist/tools/write/respond-to-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"respond-to-validation.js","sourceRoot":"","sources":["../../../src/tools/write/respond-to-validation.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAEH,6CAA8C;AAC9C,6BAAwB;AAExB,uCAMqB;AACrB,yCAA2C;AAC3C,sCAA6F;AAG7F,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3B,aAAa,EAAS,qBAAY;IAClC,eAAe,EAAO,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC1D,mBAAmB,EAAG,sBAAa,CAAC,QAAQ,EAAE;IAC9C,sBAAsB,EAAE,sBAAa,CAAC,QAAQ,CAAC,qDAAqD,CAAC;IACrG,kBAAkB,EAAI,sBAAa,CAAC,QAAQ,CAAC,yCAAyC,CAAC;IACvF,eAAe,EAAO,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;SAC9D,QAAQ,CAAC,qCAAqC,CAAC;CACzE,CAAC,CAAC;AAYU,QAAA,uBAAuB,GAAwB;IAC1D,IAAI,EAAS,kCAAkC;IAC/C,WAAW,EACT,yDAAyD;QACzD,kEAAkE;QAClE,+DAA+D;QAC/D,4DAA4D;QAC5D,0BAA0B;IAC5B,WAAW,EAAE,WAAW;IAExB,KAAK,CAAC,OAAO,CAAC,KAAY,EAAE,GAAgB;QAC1C,MAAM,MAAM,GAAI,GAAG,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,IAAA,oBAAW,EAAC,KAAK,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;QAClE,IAAI,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,CAAC,eAAe;YACnC,CAAC,CAAC,IAAA,6BAAqB,EAAC,KAAK,CAAC,eAAe,CAAC;YAC9C,CAAC,CAAC,IAAA,mBAAU,EAAC,KAAK,CAAC,mBAAoB,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAC/E,MAAM,gBAAgB,GAAG,IAAA,mBAAU,EAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAClE,MAAM,YAAY,GAAO,IAAA,mBAAU,EAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAE9D,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAErD,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAoB,EAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QACtE,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI;gBAC7E,2EAA2E,CAC5E,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,IAAA,kCAA0B,EAAC;YAC1C,OAAO;YACP,KAAK,EAAa,MAAM,CAAC,SAAS;YAClC,QAAQ,EAAU,MAAM,CAAC,SAAS;YAClC,YAAY,EAAM,OAAO;YACzB,cAAc,EAAI,OAAO;YACzB,gBAAgB;YAChB,YAAY;YACZ,aAAa,EAAK,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;SAC3D,CAAC,CAAC;QAEH,MAAM,EAAE,GAAG,IAAI,qBAAW,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAE1E,MAAM,cAAc,GAAG,IAAA,sCAA8B,EACnD,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,CACvE,CAAC;QACF,MAAM,kBAAkB,GAAG,IAAA,gCAAwB,EACjD,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,SAAS,CACrD,CAAC;QAEF,OAAO;YACL,WAAW;YACX,aAAa,EAAS,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,EAAO,WAAW,CAAC;YACxE,cAAc,EAAQ,cAAc,CAAC,QAAQ,EAAE;YAC/C,mBAAmB,EAAG,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC;YACtF,kBAAkB,EAAI,kBAAkB,CAAC,QAAQ,EAAE;YACnD,iBAAiB,EAAK,IAAA,mBAAU,EAAC,OAAO,CAAC;SAC1C,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/write/set-killswitch.d.ts

@@ -0,0 +1,34 @@
+/**
+ * `agenttrust_set_killswitch` — flip the per-agent KillSwitchState pause
+ * bit. Multisig-gated: the signer (lead) plus optional additional
+ * signers in `remainingAccounts` must reach the PolicyAuthority's
+ * threshold count.
+ *
+ * v1 ships the lead-signer-only happy path; thresholds > 1 require the
+ * caller to assemble the multisig out-of-band and pass cosigner pubkeys
+ * via `cosigner_pubkeys` (each must be available in the local keypair
+ * env to actually sign — the tool currently supports lead-only and
+ * surfaces a clear error if more signers are needed).
+ */
+import { z } from "zod";
+import type { Tool } from "../types";
+declare const InputSchema: z.ZodObject<{
+    agent_asset: z.ZodEffects<z.ZodString, string, string>;
+    paused: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    agent_asset: string;
+    paused: boolean;
+}, {
+    agent_asset: string;
+    paused: boolean;
+}>;
+type Input = z.infer<typeof InputSchema>;
+interface Output {
+    txSignature: string;
+    explorerTxUrl: string;
+    killSwitchPda: string;
+    killSwitchExplorer: string;
+    paused: boolean;
+}
+export declare const setKillswitchTool: Tool<Input, Output>;
+export {};

package/dist/tools/write/set-killswitch.js

@@ -0,0 +1,70 @@
+"use strict";
+/**
+ * `agenttrust_set_killswitch` — flip the per-agent KillSwitchState pause
+ * bit. Multisig-gated: the signer (lead) plus optional additional
+ * signers in `remainingAccounts` must reach the PolicyAuthority's
+ * threshold count.
+ *
+ * v1 ships the lead-signer-only happy path; thresholds > 1 require the
+ * caller to assemble the multisig out-of-band and pass cosigner pubkeys
+ * via `cosigner_pubkeys` (each must be available in the local keypair
+ * env to actually sign — the tool currently supports lead-only and
+ * surfaces a clear error if more signers are needed).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setKillswitchTool = void 0;
+const web3_js_1 = require("@solana/web3.js");
+const zod_1 = require("zod");
+const chain_1 = require("../../chain");
+const config_1 = require("../../config");
+const common_1 = require("../common");
+const POLICY_AUTHORITY_PREFIX = Buffer.from("policy_authority");
+const InputSchema = zod_1.z.object({
+    agent_asset: common_1.PubkeySchema.describe("Quantu agent asset"),
+    paused: zod_1.z.boolean().describe("true to pause, false to unpause"),
+});
+exports.setKillswitchTool = {
+    name: "agenttrust_set_killswitch",
+    description: "Pause or unpause an agent's KillSwitchState. Requires KEYPAIR_B58 to " +
+        "be the lead signer (a member of the agent's PolicyAuthority). When the " +
+        "authority's threshold > 1 the call needs additional cosigners; this " +
+        "tool currently only supports lead-only multisigs (threshold=1).",
+    inputSchema: InputSchema,
+    async handler(input, ctx) {
+        const signer = ctx.chain.requireSigner();
+        const agent = (0, common_1.parsePubkey)(input.agent_asset, "agent_asset");
+        const policy = await ctx.chain.policyVault();
+        const ksPda = (0, chain_1.deriveKillSwitchPda)(ctx.chain.cfg.programs.policyVault, agent);
+        const authPda = web3_js_1.PublicKey.findProgramAddressSync([POLICY_AUTHORITY_PREFIX, agent.toBuffer()], ctx.chain.cfg.programs.policyVault)[0];
+        // Friendly preflight: confirm the authority threshold is satisfiable
+        // by the lead signer alone.
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const auth = await policy.account.policyAuthority.fetchNullable(authPda);
+        if (!auth) {
+            throw new Error(`PolicyAuthority not initialised for ${agent.toBase58()}. Call ` +
+                `init_authority before set_killswitch.`);
+        }
+        const threshold = Number(auth.threshold ?? 0);
+        if (threshold > 1) {
+            throw new Error(`PolicyAuthority threshold is ${threshold}; this tool only supports ` +
+                `lead-only signing (threshold=1). Cosigner support is roadmap.`);
+        }
+        const txSignature = await policy.methods
+            .setKillswitch(agent, input.paused)
+            .accounts({
+            signer: signer.publicKey,
+            policyAuthority: authPda,
+            killSwitchState: ksPda,
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        })
+            .rpc();
+        return {
+            txSignature,
+            explorerTxUrl: (0, config_1.explorerUrl)(ctx.chain.cfg, "tx", txSignature),
+            killSwitchPda: ksPda.toBase58(),
+            killSwitchExplorer: (0, config_1.explorerUrl)(ctx.chain.cfg, "address", ksPda.toBase58()),
+            paused: input.paused,
+        };
+    },
+};
+//# sourceMappingURL=set-killswitch.js.map

package/dist/tools/write/set-killswitch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"set-killswitch.js","sourceRoot":"","sources":["../../../src/tools/write/set-killswitch.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAEH,6CAA4C;AAC5C,6BAAwB;AAExB,uCAAkD;AAClD,yCAA2C;AAC3C,sCAAsD;AAGtD,MAAM,uBAAuB,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AAEhE,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3B,WAAW,EAAE,qBAAY,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACxD,MAAM,EAAO,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;CACrE,CAAC,CAAC;AAWU,QAAA,iBAAiB,GAAwB;IACpD,IAAI,EAAS,2BAA2B;IACxC,WAAW,EACT,uEAAuE;QACvE,yEAAyE;QACzE,sEAAsE;QACtE,iEAAiE;IACnE,WAAW,EAAE,WAAW;IAExB,KAAK,CAAC,OAAO,CAAC,KAAY,EAAE,GAAgB;QAC1C,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;QACzC,MAAM,KAAK,GAAI,IAAA,oBAAW,EAAC,KAAK,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QAE7C,MAAM,KAAK,GAAK,IAAA,2BAAmB,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,mBAAS,CAAC,sBAAsB,CAC9C,CAAC,uBAAuB,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,EAC3C,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CACnC,CAAC,CAAC,CAAC,CAAC;QAEL,qEAAqE;QACrE,4BAA4B;QAC5B,8DAA8D;QAC9D,MAAM,IAAI,GAAQ,MAAO,MAAM,CAAC,OAAe,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACvF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CACb,uCAAuC,KAAK,CAAC,QAAQ,EAAE,SAAS;gBAChE,uCAAuC,CACxC,CAAC;QACJ,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC;QAC9C,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,gCAAgC,SAAS,4BAA4B;gBACrE,+DAA+D,CAChE,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAW,MAAM,MAAM,CAAC,OAAO;aAC7C,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC;aAClC,QAAQ,CAAC;YACR,MAAM,EAAY,MAAM,CAAC,SAAS;YAClC,eAAe,EAAG,OAAO;YACzB,eAAe,EAAG,KAAK;YACvB,8DAA8D;SACxD,CAAC;aACR,GAAG,EAAE,CAAC;QAET,OAAO;YACL,WAAW;YACX,aAAa,EAAO,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,EAAO,WAAW,CAAC;YACtE,aAAa,EAAO,KAAK,CAAC,QAAQ,EAAE;YACpC,kBAAkB,EAAE,IAAA,oBAAW,EAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3E,MAAM,EAAc,KAAK,CAAC,MAAM;SACjC,CAAC;IACJ,CAAC;CACF,CAAC"}

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "@agenttrust-sdk/mcp",
+  "version": "0.1.0",
+  "description": "MCP server for AgentTrust — query and call deployed Solana programs from Claude Desktop / Cursor / any MCP client",
+  "author": "AgentTrust Labs (https://agenttrust.tech)",
+  "license": "MIT",
+  "homepage": "https://github.com/agenttrust-labs/agenttrust/tree/main/mcp#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/agenttrust-labs/agenttrust.git",
+    "directory": "mcp"
+  },
+  "bugs": {
+    "url": "https://github.com/agenttrust-labs/agenttrust/issues"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "agenttrust",
+    "solana",
+    "claude-desktop",
+    "cursor",
+    "x402",
+    "agent-payments"
+  ],
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "agenttrust-mcp": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "scripts/install-claude-desktop.sh",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@coral-xyz/anchor": "^0.31.1",
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "@solana/web3.js": "^1.98.0",
+    "bs58": "^6.0.0",
+    "zod": "^3.25.76",
+    "zod-to-json-schema": "^3.23.5",
+    "@agenttrust-sdk/trustgate": "0.1.1"
+  },
+  "devDependencies": {
+    "@types/chai": "^4.3.0",
+    "@types/mocha": "^9.0.0",
+    "@types/node": "^20.0.0",
+    "chai": "^4.3.4",
+    "mocha": "^9.0.3",
+    "ts-mocha": "^10.0.0",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.6.0"
+  },
+  "scripts": {
+    "build": "tsc && node -e \"const fs=require('fs');const path=require('path');const src=path.resolve('src/idl');const dst=path.resolve('dist/idl');fs.mkdirSync(dst,{recursive:true});for(const f of fs.readdirSync(src))if(f.endsWith('.json'))fs.copyFileSync(path.join(src,f),path.join(dst,f));\"",
+    "lint": "tsc --noEmit",
+    "start": "node dist/index.js",
+    "dev": "ts-node src/index.ts",
+    "test": "ts-mocha -p ./test/tsconfig.json -t 30000 \"test/**/*.test.ts\"",
+    "test:integration": "INTEGRATION=1 ts-mocha -p ./test/tsconfig.json -t 60000 test/integration.test.ts",
+    "test:conformance": "pnpm run build && ts-node test/protocol-conformance.ts",
+    "publish:dry": "npm publish --dry-run"
+  }
+}

package/scripts/install-claude-desktop.sh

@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+# Insert the AgentTrust MCP server into Claude Desktop's config.
+#
+# Backs up the existing config to <path>.bak.<timestamp> before
+# editing. Idempotent: re-running updates the entry in place rather
+# than appending a duplicate.
+#
+# Requires `node` (used to merge the JSON safely) and a built MCP
+# server at mcp/dist/index.js — run `pnpm --filter ./mcp run build`
+# first.
+
+set -euo pipefail
+
+# Resolve the absolute path to dist/index.js relative to this script.
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MCP_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+DIST_ENTRY="$MCP_DIR/dist/index.js"
+
+if [ ! -f "$DIST_ENTRY" ]; then
+    echo "error: $DIST_ENTRY does not exist" >&2
+    echo "       run: pnpm --filter ./mcp run build" >&2
+    exit 1
+fi
+
+# Locate Claude Desktop config based on OS.
+case "$(uname -s)" in
+    Darwin*)
+        CONFIG="$HOME/Library/Application Support/Claude/claude_desktop_config.json"
+        ;;
+    Linux*)
+        CONFIG="${XDG_CONFIG_HOME:-$HOME/.config}/Claude/claude_desktop_config.json"
+        ;;
+    *)
+        echo "error: unsupported platform $(uname -s)" >&2
+        echo "       paste the snippet manually; see mcp/README.md" >&2
+        exit 1
+        ;;
+esac
+
+# Ensure parent dir exists; create empty config if absent.
+mkdir -p "$(dirname "$CONFIG")"
+if [ ! -f "$CONFIG" ]; then
+    echo '{}' > "$CONFIG"
+fi
+
+# Backup before edit.
+TIMESTAMP="$(date -u +%Y%m%dT%H%M%SZ)"
+cp "$CONFIG" "$CONFIG.bak.$TIMESTAMP"
+echo "Backed up: $CONFIG.bak.$TIMESTAMP"
+
+# Merge using node — safer than sed for JSON.
+node - "$CONFIG" "$DIST_ENTRY" <<'EOF'
+const fs = require("fs");
+const [, , configPath, distEntry] = process.argv;
+const raw = fs.readFileSync(configPath, "utf-8");
+const cfg = JSON.parse(raw || "{}");
+if (!cfg.mcpServers || typeof cfg.mcpServers !== "object") cfg.mcpServers = {};
+cfg.mcpServers.agenttrust = {
+  command: "node",
+  args:    [distEntry],
+  env: {
+    RPC_URL: "https://api.devnet.solana.com",
+    NETWORK: "solana-devnet",
+  },
+};
+fs.writeFileSync(configPath, JSON.stringify(cfg, null, 2) + "\n");
+console.log("agenttrust entry written to " + configPath);
+EOF
+
+echo "Done. Restart Claude Desktop to pick up the new server."
+echo
+echo "To enable write tools, edit $CONFIG and add KEYPAIR_B58 to the env block."