npm - @mnemom/agent-alignment-protocol - Versions diffs - 0.3.0 → 0.5.0 - Mend

@mnemom/agent-alignment-protocol 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -6,7 +6,7 @@
 [![PyPI](https://img.shields.io/pypi/v/agent-alignment-protocol.svg)](https://pypi.org/project/agent-alignment-protocol/)
 [![npm](https://img.shields.io/npm/v/@mnemom/agent-alignment-protocol.svg)](https://www.npmjs.com/package/@mnemom/agent-alignment-protocol)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
-[![Spec](https://img.shields.io/badge/spec-v0.1.0-green.svg)](docs/SPEC.md)
+[![Spec](https://img.shields.io/badge/spec-v0.4.0-green.svg)](docs/SPEC.md)
 **A transparency protocol for autonomous agents.**

package/dist/index.d.mts CHANGED Viewed

@@ -516,6 +516,13 @@ interface FleetCoherenceResult {
 /**
  * Verify a single AP-Trace against an Alignment Card.
  *
+ * IMPORTANT: This function provides STRUCTURAL verification only — it checks that
+ * a trace conforms to the declarations in an alignment card. It does NOT provide
+ * cryptographic integrity verification. Traces are not signed or hash-chained in
+ * the current version. A malicious agent can produce structurally valid traces for
+ * arbitrary behavior. For integrity guarantees, use AIP (Agent Integrity Protocol)
+ * in conjunction with AAP.
+ *
  * Performs the verification algorithm specified in SPEC Section 7.3:
  * 1. Autonomy compliance - action category matches autonomy envelope
  * 2. Escalation compliance - required escalations were performed

package/dist/index.d.ts CHANGED Viewed

@@ -516,6 +516,13 @@ interface FleetCoherenceResult {
 /**
  * Verify a single AP-Trace against an Alignment Card.
  *
+ * IMPORTANT: This function provides STRUCTURAL verification only — it checks that
+ * a trace conforms to the declarations in an alignment card. It does NOT provide
+ * cryptographic integrity verification. Traces are not signed or hash-chained in
+ * the current version. A malicious agent can produce structurally valid traces for
+ * arbitrary behavior. For integrity guarantees, use AIP (Agent Integrity Protocol)
+ * in conjunction with AAP.
+ *
  * Performs the verification algorithm specified in SPEC Section 7.3:
  * 1. Autonomy compliance - action category matches autonomy envelope
  * 2. Escalation compliance - required escalations were performed

package/dist/index.js CHANGED Viewed

@@ -243,6 +243,10 @@ function verifyTrace(trace, card) {
   const violations = [];
   const warnings = [];
   const checksPerformed = [];
+  const tamperEvidence = card.audit?.commitment?.tamper_evidence;
+  if (tamperEvidence === "signed" || tamperEvidence === "merkle") {
+    console.warn(`[AAP] Warning: tamper_evidence mode "${tamperEvidence}" is declared but NOT cryptographically enforced in this version.`);
+  }
   const traceId = trace.trace_id ?? "";
   const cardId = card.card_id ?? "";
   checksPerformed.push("card_reference");
@@ -413,7 +417,7 @@ function checkCoherence(myCard, theirCard, taskValues) {
   }
   const totalRequired = requiredValues.size || 1;
   const matchedCount = taskValues ? matched.filter((v) => requiredValues.has(v)).length : matched.length;
-  const conflictPenalty = CONFLICT_PENALTY_MULTIPLIER * (conflicts.length / totalRequired);
+  const conflictPenalty = Math.min(1, CONFLICT_PENALTY_MULTIPLIER * (conflicts.length / totalRequired));
   let score = matchedCount / totalRequired * (1 - conflictPenalty);
   score = Math.max(0, Math.min(1, score));
   const compatible = conflicts.length === 0 && score >= MIN_COHERENCE_FOR_PROCEED;
@@ -755,6 +759,7 @@ function evaluateCondition(condition, trace) {
     const ctxValue = trace.context?.[condition];
     return Boolean(ctxValue ?? trace.context?.metadata?.[condition]);
   }
+  console.warn(`[AAP] Condition could not be parsed: "${condition}". Supported patterns: "field == value", "field > number", "field_name" (boolean). This trigger will not fire.`);
   return false;
 }
 function inferDriftDirection(streak, card, escalationRates, valueUsage) {

package/dist/index.mjs CHANGED Viewed

@@ -188,6 +188,10 @@ function verifyTrace(trace, card) {
   const violations = [];
   const warnings = [];
   const checksPerformed = [];
+  const tamperEvidence = card.audit?.commitment?.tamper_evidence;
+  if (tamperEvidence === "signed" || tamperEvidence === "merkle") {
+    console.warn(`[AAP] Warning: tamper_evidence mode "${tamperEvidence}" is declared but NOT cryptographically enforced in this version.`);
+  }
   const traceId = trace.trace_id ?? "";
   const cardId = card.card_id ?? "";
   checksPerformed.push("card_reference");
@@ -358,7 +362,7 @@ function checkCoherence(myCard, theirCard, taskValues) {
   }
   const totalRequired = requiredValues.size || 1;
   const matchedCount = taskValues ? matched.filter((v) => requiredValues.has(v)).length : matched.length;
-  const conflictPenalty = CONFLICT_PENALTY_MULTIPLIER * (conflicts.length / totalRequired);
+  const conflictPenalty = Math.min(1, CONFLICT_PENALTY_MULTIPLIER * (conflicts.length / totalRequired));
   let score = matchedCount / totalRequired * (1 - conflictPenalty);
   score = Math.max(0, Math.min(1, score));
   const compatible = conflicts.length === 0 && score >= MIN_COHERENCE_FOR_PROCEED;
@@ -700,6 +704,7 @@ function evaluateCondition(condition, trace) {
     const ctxValue = trace.context?.[condition];
     return Boolean(ctxValue ?? trace.context?.metadata?.[condition]);
   }
+  console.warn(`[AAP] Condition could not be parsed: "${condition}". Supported patterns: "field == value", "field > number", "field_name" (boolean). This trigger will not fire.`);
   return false;
 }
 function inferDriftDirection(streak, card, escalationRates, valueUsage) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mnemom/agent-alignment-protocol",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "Agent Alignment Protocol (AAP) - Verification and drift detection for AI agents",
   "main": "dist/index.js",
   "module": "dist/index.mjs",

package/src/verification/api.ts CHANGED Viewed

@@ -70,6 +70,13 @@ function actionMatchesList(actionName: string, list: string[]): boolean {
 /**
  * Verify a single AP-Trace against an Alignment Card.
  *
+ * IMPORTANT: This function provides STRUCTURAL verification only — it checks that
+ * a trace conforms to the declarations in an alignment card. It does NOT provide
+ * cryptographic integrity verification. Traces are not signed or hash-chained in
+ * the current version. A malicious agent can produce structurally valid traces for
+ * arbitrary behavior. For integrity guarantees, use AIP (Agent Integrity Protocol)
+ * in conjunction with AAP.
+ *
  * Performs the verification algorithm specified in SPEC Section 7.3:
  * 1. Autonomy compliance - action category matches autonomy envelope
  * 2. Escalation compliance - required escalations were performed
@@ -89,6 +96,12 @@ export function verifyTrace(
   const warnings: Warning[] = [];
   const checksPerformed: string[] = [];
+  // Warn if tamper_evidence is declared but not cryptographically enforced
+  const tamperEvidence = (card as Record<string, any>).audit?.commitment?.tamper_evidence;
+  if (tamperEvidence === 'signed' || tamperEvidence === 'merkle') {
+    console.warn(`[AAP] Warning: tamper_evidence mode "${tamperEvidence}" is declared but NOT cryptographically enforced in this version.`);
+  }
   const traceId = trace.trace_id ?? "";
   const cardId = card.card_id ?? "";
@@ -315,7 +328,7 @@ export function checkCoherence(
   const matchedCount = taskValues
     ? matched.filter((v) => requiredValues.has(v)).length
     : matched.length;
-  const conflictPenalty = CONFLICT_PENALTY_MULTIPLIER * (conflicts.length / totalRequired);
+  const conflictPenalty = Math.min(1, CONFLICT_PENALTY_MULTIPLIER * (conflicts.length / totalRequired));
   let score = (matchedCount / totalRequired) * (1 - conflictPenalty);
   score = Math.max(0, Math.min(1, score)); // Clamp to [0, 1]
@@ -798,6 +811,7 @@ function evaluateCondition(condition: string, trace: APTrace): boolean {
     return Boolean(ctxValue ?? trace.context?.metadata?.[condition]);
   }
+  console.warn(`[AAP] Condition could not be parsed: "${condition}". Supported patterns: "field == value", "field > number", "field_name" (boolean). This trigger will not fire.`);
   return false;
 }