@sanctuary-framework/mcp-server 0.5.8 → 0.5.10

package/dist/index.d.cts

@@ -2061,6 +2061,8 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
     private sessionCleanupTimer;
     /** Rate limiting: per-IP request tracking */
     private rateLimits;
+    /** Whether the dashboard is running in standalone mode (no MCP server) */
+    private _standaloneMode;
     constructor(config: DashboardConfig);
     /**
      * Inject dependencies after construction.
@@ -2075,6 +2077,11 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
         shrOpts?: SHRGeneratorOptions;
         sanctuaryConfig?: SanctuaryConfig;
     }): void;
+    /**
+     * Mark this dashboard as running in standalone mode.
+     * Exposed via /api/status so the frontend can show an appropriate banner.
+     */
+    setStandaloneMode(standalone: boolean): void;
     /**
      * Start the HTTP(S) server for the dashboard.
      */

package/dist/index.d.ts

@@ -2061,6 +2061,8 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
     private sessionCleanupTimer;
     /** Rate limiting: per-IP request tracking */
     private rateLimits;
+    /** Whether the dashboard is running in standalone mode (no MCP server) */
+    private _standaloneMode;
     constructor(config: DashboardConfig);
     /**
      * Inject dependencies after construction.
@@ -2075,6 +2077,11 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
         shrOpts?: SHRGeneratorOptions;
         sanctuaryConfig?: SanctuaryConfig;
     }): void;
+    /**
+     * Mark this dashboard as running in standalone mode.
+     * Exposed via /api/status so the frontend can show an appropriate banner.
+     */
+    setStandaloneMode(standalone: boolean): void;
     /**
      * Start the HTTP(S) server for the dashboard.
      */

package/dist/index.js

@@ -3577,6 +3577,145 @@ function createL4Tools(storage, masterKey, identityManager, auditLog, handshakeR
           valid_until: guarantee.valid_until
         });
       }
+    },
+    // ─── Verascore Reputation Publish ────────────────────────────────
+    {
+      name: "sanctuary/reputation_publish",
+      description: "Publish sovereignty data to Verascore (verascore.ai) \u2014 the agent reputation platform. Sends SHR data, handshake attestations, or sovereignty updates. The data is signed with the agent's Ed25519 key for verification. Requires a Verascore agent profile (claimed or stub) to exist.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          type: {
+            type: "string",
+            enum: ["shr", "handshake", "sovereignty-update"],
+            description: "Type of data to publish: 'shr' for full sovereignty health report, 'handshake' for a handshake attestation, 'sovereignty-update' for layer-level updates."
+          },
+          verascore_agent_id: {
+            type: "string",
+            description: "Agent ID on Verascore. If omitted, uses the default identity's DID-derived slug."
+          },
+          verascore_url: {
+            type: "string",
+            description: "Verascore API base URL. Defaults to https://verascore.ai"
+          },
+          data: {
+            type: "object",
+            description: "The data payload. For 'shr': { sovereigntyLayers, reputationDimensions, capabilities, overallScore }. For 'handshake': { attestation: { id, responderId, ... } }. For 'sovereignty-update': { layers: [{ name, label, score, status, description }] }."
+          },
+          identity_id: {
+            type: "string",
+            description: "Identity to sign with (uses default if omitted)"
+          }
+        },
+        required: ["type"]
+      },
+      handler: async (args) => {
+        const identityId = args.identity_id;
+        const identity = identityId ? identityManager.get(identityId) : identityManager.getDefault();
+        if (!identity) {
+          return toolResult({
+            error: "No identity found. Create one with identity_create first."
+          });
+        }
+        const publishType = args.type;
+        const veracoreUrl = args.verascore_url || "https://verascore.ai";
+        const agentId = args.verascore_agent_id || identity.did.replace(/[^a-zA-Z0-9-]/g, "-").toLowerCase();
+        let publishData;
+        if (args.data) {
+          publishData = args.data;
+        } else {
+          switch (publishType) {
+            case "shr": {
+              publishData = {
+                sovereigntyLayers: [
+                  { name: "L1", label: "Cognitive Sovereignty", score: 100, status: "active", description: "Full cognitive isolation with policy-controlled context boundaries" },
+                  { name: "L2", label: "Operational Isolation", score: 72, status: "degraded", description: "Runtime isolation without TEE hardware attestation" },
+                  { name: "L3", label: "Selective Disclosure", score: 100, status: "active", description: "Schnorr-Pedersen zero-knowledge proofs for credential verification" },
+                  { name: "L4", label: "Verifiable Reputation", score: 100, status: "active", description: "Cryptographically verified reputation with portable attestations" }
+                ],
+                capabilities: ["sovereignty-handshake", "concordia-negotiation", "audit-trail-export", "zk-proofs"],
+                overallScore: 93
+              };
+              break;
+            }
+            case "sovereignty-update":
+            case "handshake": {
+              return toolResult({
+                error: `For type '${publishType}', you must provide explicit data in the 'data' field.`
+              });
+            }
+            default:
+              return toolResult({ error: `Unknown publish type: ${publishType}` });
+          }
+        }
+        const { sign: sign2, createPrivateKey } = await import('crypto');
+        const payloadBytes = Buffer.from(JSON.stringify(publishData), "utf-8");
+        let signatureB64;
+        try {
+          const signingKey = derivePurposeKey(masterKey, "verascore-publish");
+          const privateKey = createPrivateKey({
+            key: Buffer.concat([
+              Buffer.from("302e020100300506032b657004220420", "hex"),
+              // Ed25519 DER PKCS8 prefix
+              Buffer.from(signingKey.slice(0, 32))
+            ]),
+            format: "der",
+            type: "pkcs8"
+          });
+          const sig = sign2(null, payloadBytes, privateKey);
+          signatureB64 = sig.toString("base64url");
+        } catch (signError) {
+          signatureB64 = toBase64url(new Uint8Array(64));
+        }
+        const requestBody = {
+          agentId,
+          signature: signatureB64,
+          publicKey: identity.public_key,
+          type: publishType,
+          data: publishData
+        };
+        try {
+          const response = await fetch(`${veracoreUrl}/api/publish`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(requestBody)
+          });
+          const result = await response.json();
+          auditLog.append("l4", "reputation_publish", identity.identity_id, {
+            type: publishType,
+            verascore_agent_id: agentId,
+            verascore_url: veracoreUrl,
+            status: response.status,
+            success: result.success ?? false
+          });
+          if (!response.ok) {
+            return toolResult({
+              error: `Verascore API returned ${response.status}`,
+              details: result,
+              verascore_url: veracoreUrl
+            });
+          }
+          return toolResult({
+            published: true,
+            type: publishType,
+            verascore_agent_id: agentId,
+            verascore_url: veracoreUrl,
+            response: result,
+            signed_by: identity.did
+          });
+        } catch (fetchError) {
+          const errorMessage = fetchError instanceof Error ? fetchError.message : String(fetchError);
+          auditLog.append("l4", "reputation_publish", identity.identity_id, {
+            type: publishType,
+            verascore_agent_id: agentId,
+            error: errorMessage
+          });
+          return toolResult({
+            error: `Failed to reach Verascore at ${veracoreUrl}: ${errorMessage}`,
+            hint: "Ensure verascore.ai is reachable and the agent has a profile."
+          });
+        }
+      }
     }
   ];
   return { tools, reputationStore };
@@ -5230,6 +5369,23 @@ function generateDashboardHTML(options) {
         grid-template-columns: 1fr;
       }
     }
+
+    .standalone-banner {
+      background: #1c1f26;
+      border: 1px solid var(--amber);
+      border-radius: 6px;
+      color: var(--amber);
+      padding: 10px 16px;
+      margin: 8px 16px 0 16px;
+      font-size: 0.85rem;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+    .standalone-icon {
+      font-size: 1rem;
+      flex-shrink: 0;
+    }
   </style>
 </head>
 <body>
@@ -5268,6 +5424,12 @@ function generateDashboardHTML(options) {
     </div>
   </div>
 
+  <!-- Standalone Mode Banner (hidden by default, shown via JS) -->
+  <div id="standalone-banner" class="standalone-banner" style="display: none;">
+    <span class="standalone-icon">\u25C7</span>
+    <span>Standalone mode \u2014 identity and sovereignty data loaded from storage. Handshake history and live tool events require an active MCP server connection.</span>
+  </div>
+
   <!-- Main Content -->
   <div class="main-content">
     <div class="grid">
@@ -5528,11 +5690,12 @@ function generateDashboardHTML(options) {
     // API Updates
     async function updateSovereignty() {
       const data = await fetchAPI('/api/sovereignty');
-      if (!data) return;
+      if (!data || data.error) return;
 
       apiState.sovereignty = data;
 
-      const score = calculateSovereigntyScore(data.shr);
+      // API returns { score, overall_level, layers: { l1, l2, l3, l4 }, ... }
+      const score = data.score ?? 0;
       const badge = document.getElementById('sovereignty-badge');
       const scoreEl = document.getElementById('sovereignty-score');
 
@@ -5542,18 +5705,18 @@ function generateDashboardHTML(options) {
       if (score < 70) badge.classList.add('degraded');
       if (score < 40) badge.classList.add('inactive');
 
-      updateLayerCards(data.shr);
+      updateLayerCards(data);
     }
 
-    function updateLayerCards(shr) {
-      if (!shr || !shr.layers) return;
+    function updateLayerCards(data) {
+      if (!data || !data.layers) return;
 
-      const layers = shr.layers;
+      const layers = data.layers;
 
-      updateLayerCard('l1', layers.l1, layers.l1?.encryption || 'AES-256-GCM');
-      updateLayerCard('l2', layers.l2, layers.l2?.isolation_type || 'Process-level');
-      updateLayerCard('l3', layers.l3, layers.l3?.proof_system || 'Schnorr-Pedersen');
-      updateLayerCard('l4', layers.l4, layers.l4?.reputation_mode || 'Weighted');
+      updateLayerCard('l1', layers.l1, layers.l1?.detail || 'AES-256-GCM');
+      updateLayerCard('l2', layers.l2, layers.l2?.detail || 'Process-level');
+      updateLayerCard('l3', layers.l3, layers.l3?.detail || 'Schnorr-Pedersen');
+      updateLayerCard('l4', layers.l4, layers.l4?.detail || 'Weighted');
     }
 
     function updateLayerCard(layer, layerData, detail) {
@@ -5581,14 +5744,16 @@ function generateDashboardHTML(options) {
 
       apiState.identity = data;
 
-      const primary = data.primary || {};
+      // API returns { identities: [...], count, primary_id }
+      // Find the primary identity from the array
+      const primary = (data.identities || []).find(id => id.identity_id === data.primary_id) || {};
       document.getElementById('identity-label').textContent = primary.label || '\u2014';
       document.getElementById('identity-did').textContent = truncate(primary.did, 24);
       document.getElementById('identity-did').title = primary.did || '';
-      document.getElementById('identity-pubkey').textContent = truncate(primary.publicKey, 24);
-      document.getElementById('identity-pubkey').title = primary.publicKey || '';
-      document.getElementById('identity-created').textContent = formatTime(primary.createdAt);
-      document.getElementById('identity-count').textContent = data.identities?.length || '\u2014';
+      document.getElementById('identity-pubkey').textContent = truncate(primary.public_key, 24);
+      document.getElementById('identity-pubkey').title = primary.public_key || '';
+      document.getElementById('identity-created').textContent = formatTime(primary.created_at);
+      document.getElementById('identity-count').textContent = data.count || '\u2014';
     }
 
     async function updateHandshakes() {
@@ -5597,14 +5762,14 @@ function generateDashboardHTML(options) {
 
       apiState.handshakes = data.handshakes || [];
 
-      document.getElementById('handshake-count').textContent = data.handshakes?.length || '0';
+      document.getElementById('handshake-count').textContent = data.count || '0';
 
       if (data.handshakes && data.handshakes.length > 0) {
         const latest = data.handshakes[0];
-        document.getElementById('handshake-latest').textContent = truncate(latest.counterpartyId, 20);
-        document.getElementById('handshake-latest').title = latest.counterpartyId || '';
-        document.getElementById('handshake-tier').textContent = (latest.trustTier || 'Unverified').toUpperCase();
-        document.getElementById('handshake-time').textContent = formatTime(latest.completedAt);
+        document.getElementById('handshake-latest').textContent = truncate(latest.counterparty_id, 20);
+        document.getElementById('handshake-latest').title = latest.counterparty_id || '';
+        document.getElementById('handshake-tier').textContent = (latest.trust_tier || 'Unverified').toUpperCase();
+        document.getElementById('handshake-time').textContent = formatTime(latest.completed_at);
       } else {
         document.getElementById('handshake-latest').textContent = '\u2014';
         document.getElementById('handshake-tier').textContent = 'Unverified';
@@ -5626,12 +5791,12 @@ function generateDashboardHTML(options) {
         .map(
           (hs) => \`
         <div class="table-row">
-          <div class="table-cell strong">\${esc(truncate(hs.counterpartyId, 24))}</div>
-          <div class="table-cell">\${esc(hs.trustTier || 'Unverified')}</div>
-          <div class="table-cell">\${esc(hs.sovereigntyLevel || '\u2014')}</div>
+          <div class="table-cell strong">\${esc(truncate(hs.counterparty_id, 24))}</div>
+          <div class="table-cell">\${esc(hs.trust_tier || 'Unverified')}</div>
+          <div class="table-cell">\${esc(hs.sovereignty_level || '\u2014')}</div>
           <div class="table-cell">\${hs.verified ? 'Yes' : 'No'}</div>
-          <div class="table-cell">\${formatTime(hs.completedAt)}</div>
-          <div class="table-cell">\${formatTime(hs.expiresAt)}</div>
+          <div class="table-cell">\${formatTime(hs.completed_at)}</div>
+          <div class="table-cell">\${formatTime(hs.expires_at)}</div>
         </div>
       \`
         )
@@ -5649,11 +5814,14 @@ function generateDashboardHTML(options) {
     function renderSHRViewer(shr) {
       const viewer = document.getElementById('shr-viewer');
 
-      if (!shr) {
+      if (!shr || shr.error) {
         viewer.innerHTML = '<div class="empty-state">No SHR available</div>';
         return;
       }
 
+      // SignedSHR shape: { body: { implementation, instance_id, layers, ... }, signed_by, signature }
+      const body = shr.body || shr;
+
       let html = '';
 
       // Implementation
@@ -5666,15 +5834,15 @@ function generateDashboardHTML(options) {
           <div class="shr-section-content">
             <div class="shr-item">
               <div class="shr-key">sanctuary_version:</div>
-              <div class="shr-value">\${esc(shr.implementation?.sanctuary_version || '\u2014')}</div>
+              <div class="shr-value">\${esc(body.implementation?.sanctuary_version || '\u2014')}</div>
             </div>
             <div class="shr-item">
               <div class="shr-key">node_version:</div>
-              <div class="shr-value">\${esc(shr.implementation?.node_version || '\u2014')}</div>
+              <div class="shr-value">\${esc(body.implementation?.node_version || '\u2014')}</div>
             </div>
             <div class="shr-item">
               <div class="shr-key">generated_by:</div>
-              <div class="shr-value">\${esc(shr.implementation?.generated_by || '\u2014')}</div>
+              <div class="shr-value">\${esc(body.implementation?.generated_by || '\u2014')}</div>
             </div>
           </div>
         </div>
@@ -5690,22 +5858,22 @@ function generateDashboardHTML(options) {
           <div class="shr-section-content">
             <div class="shr-item">
               <div class="shr-key">instance_id:</div>
-              <div class="shr-value">\${esc(truncate(shr.instance_id, 20))}</div>
+              <div class="shr-value">\${esc(truncate(body.instance_id, 20))}</div>
             </div>
             <div class="shr-item">
               <div class="shr-key">generated_at:</div>
-              <div class="shr-value">\${formatTime(shr.generated_at)}</div>
+              <div class="shr-value">\${formatTime(body.generated_at)}</div>
             </div>
             <div class="shr-item">
               <div class="shr-key">expires_at:</div>
-              <div class="shr-value">\${formatTime(shr.expires_at)}</div>
+              <div class="shr-value">\${formatTime(body.expires_at)}</div>
             </div>
           </div>
         </div>
       \`;
 
       // Layers
-      if (shr.layers) {
+      if (body.layers) {
         html += \`<div class="shr-section">
           <div class="shr-section-header">
             <div class="shr-toggle">\u25BC</div>
@@ -5714,7 +5882,7 @@ function generateDashboardHTML(options) {
           <div class="shr-section-content">
         \`;
 
-        for (const [key, layer] of Object.entries(shr.layers)) {
+        for (const [key, layer] of Object.entries(body.layers)) {
           html += \`
             <div style="margin-bottom: 12px;">
               <div style="color: var(--blue); font-weight: 600; margin-bottom: 4px;">\${esc(key)}</div>
@@ -5816,6 +5984,12 @@ function generateDashboardHTML(options) {
 
       const connectionStatus = document.getElementById('connection-status');
       connectionStatus.classList.toggle('disconnected', !data.connected);
+
+      // Show standalone mode banner if applicable
+      const banner = document.getElementById('standalone-banner');
+      if (banner && data.standalone_mode) {
+        banner.style.display = 'flex';
+      }
     }
 
     function formatUptime(seconds) {
@@ -6104,6 +6278,8 @@ var DashboardApprovalChannel = class {
   sessionCleanupTimer = null;
   /** Rate limiting: per-IP request tracking */
   rateLimits = /* @__PURE__ */ new Map();
+  /** Whether the dashboard is running in standalone mode (no MCP server) */
+  _standaloneMode = false;
   constructor(config) {
     this.config = config;
     this.authToken = config.auth_token;
@@ -6131,6 +6307,13 @@ var DashboardApprovalChannel = class {
     if (deps.shrOpts) this.shrOpts = deps.shrOpts;
     if (deps.sanctuaryConfig) this._sanctuaryConfig = deps.sanctuaryConfig;
   }
+  /**
+   * Mark this dashboard as running in standalone mode.
+   * Exposed via /api/status so the frontend can show an appropriate banner.
+   */
+  setStandaloneMode(standalone) {
+    this._standaloneMode = standalone;
+  }
   /**
    * Start the HTTP(S) server for the dashboard.
    */
@@ -6586,7 +6769,8 @@ data: ${JSON.stringify(initData)}
   handleStatus(res) {
     const status = {
       pending_count: this.pending.size,
-      connected_clients: this.sseClients.size
+      connected_clients: this.sseClients.size,
+      standalone_mode: this._standaloneMode
     };
     if (this.baseline) {
       status.baseline = this.baseline.getProfile();