@sanctuary-framework/mcp-server 1.2.0 → 1.2.2

package/dist/templates/coding-assistant/commitments.json

@@ -0,0 +1,14 @@
+{
+  "shapes": [
+    {
+      "commitment_class": "task-accept",
+      "example_deliverable": "Implement the requested feature or fix",
+      "example_deadline_or_terminal": "2026-12-31T23:59:59Z"
+    },
+    {
+      "commitment_class": "output-publish",
+      "example_deliverable": "Code diff, test results, or build artifacts",
+      "example_deadline_or_terminal": "Task completion or explicit operator cancel"
+    }
+  ]
+}

package/dist/templates/coding-assistant/defaults.json

@@ -0,0 +1,34 @@
+{
+  "egress": [
+    {
+      "destination": "api.example-llm-provider.com",
+      "methods": ["POST"],
+      "comment": "Replace with your model provider inference endpoint."
+    },
+    {
+      "destination": "registry.npmjs.org",
+      "methods": ["GET"],
+      "comment": "npm package registry (read-only). Replace or extend with your package registries."
+    },
+    {
+      "destination": "pypi.org",
+      "methods": ["GET"],
+      "comment": "Python package index (read-only). Remove if not needed."
+    },
+    {
+      "destination": "docs.example-framework.com",
+      "methods": ["GET"],
+      "comment": "Replace with documentation sites your coding agent references."
+    }
+  ],
+  "budgets": {
+    "daily": { "amount": 500000, "unit": "tokens" }
+  },
+  "retention": {
+    "windows": {
+      "memory": { "max_age_seconds": 604800 },
+      "plans": { "max_age_seconds": 2592000 },
+      "outputs": { "max_age_seconds": 7776000 }
+    }
+  }
+}

package/dist/templates/coding-assistant/onboarding.md

@@ -0,0 +1,24 @@
+# Coding Assistant
+
+A full-access coding agent with bidirectional memory and output sync, a daily token budget, and egress to your model provider and developer services.
+
+## What this agent does
+
+- Reads and writes to all four slots (memory, credentials, plans, outputs).
+- Syncs memory and outputs bidirectionally with peer agents in the mesh.
+- Makes inference calls to your configured model provider.
+- Accesses package registries and documentation sites for development tasks.
+
+## What this agent does not do
+
+- It cannot exceed the daily token budget (default: 500,000 tokens/day).
+- It cannot reach endpoints outside the egress allowlist.
+- It cannot share credentials with other agents without explicit operator policy.
+
+## What you will need to set
+
+1. **Model provider endpoint.** Replace the placeholder domain with your actual LLM inference endpoint (e.g., your provider's API domain).
+2. **Developer service endpoints.** Add or replace package registries and documentation sites your agent needs.
+3. **Daily token budget.** The default is 500,000 tokens/day. Adjust based on your workload and cost tolerance.
+4. **Agent identity.** Provide an agent ID when initializing.
+5. **Retention windows.** Memory: 7 days. Plans: 30 days. Outputs: 90 days. Credentials: indefinite. Adjust as needed.

package/dist/templates/coding-assistant/policy.md

@@ -0,0 +1 @@
+This agent may read and write to all four slots: memory, credentials, plans, and outputs. Memory and outputs are synced bidirectionally with peer agents in the mesh. Credentials access is scoped to the agent's own stored secrets. Plans are read-write for task tracking. The operator sets a daily token budget to cap inference spend. Egress is limited to the model provider and approved developer service endpoints.

package/dist/templates/coding-assistant/template.json

@@ -0,0 +1,23 @@
+{
+  "name": "coding-assistant",
+  "version": "1.0.0",
+  "channel": "read-then-report",
+  "tier": "B",
+  "slot_augmentations": {
+    "memory": {
+      "mode": "grant",
+      "grants": [
+        { "counterparty": "*", "action": "read" },
+        { "counterparty": "*", "action": "subscribe" }
+      ]
+    },
+    "outputs": {
+      "mode": "grant",
+      "grants": [
+        { "counterparty": "*", "action": "subscribe" }
+      ]
+    }
+  },
+  "target_archetype": "A Tier B adapter-wrapped agent running an external coding harness. Full four-slot access with bidirectional memory and output sync.",
+  "description": "Coding agent: bidirectional sync on memory and outputs. Daily token budget. Egress to model provider and dev services."
+}

package/dist/templates/handoff-coordinator/commitments.json

@@ -0,0 +1,14 @@
+{
+  "shapes": [
+    {
+      "commitment_class": "task-delegate",
+      "example_deliverable": "Delegate subtask to a peer agent",
+      "example_deadline_or_terminal": "Peer agent completion or timeout"
+    },
+    {
+      "commitment_class": "escrow-hold",
+      "example_deliverable": "Hold handoff output in escrow until counterparty confirms",
+      "example_deadline_or_terminal": "Counterparty confirmation or operator intervention"
+    }
+  ]
+}

package/dist/templates/handoff-coordinator/defaults.json

@@ -0,0 +1,10 @@
+{
+  "egress": [],
+  "budgets": {},
+  "retention": {
+    "windows": {
+      "plans": { "max_age_seconds": 2592000 },
+      "outputs": { "max_age_seconds": 2592000 }
+    }
+  }
+}

package/dist/templates/handoff-coordinator/onboarding.md

@@ -0,0 +1,23 @@
+# Handoff Coordinator
+
+An agent that coordinates escrow-style handoffs between other agents in your fortress. Every handoff is gated by a commitment boundary check.
+
+## What this agent does
+
+- Reads and writes to plans and outputs to manage handoffs.
+- Delegates tasks to peer agents and holds results in escrow.
+- Every handoff produces a commitment that passes the boundary gate.
+- Declares the intra-mesh-escrow commitment class for structured handoffs.
+
+## What this agent does not do
+
+- It cannot access credentials or memory.
+- It cannot make outbound network requests (empty egress allowlist).
+- It cannot spend tokens or money (no budget configured).
+- It cannot bypass the commitment boundary; every handoff is gated.
+
+## What you will need to set
+
+1. **Agent identity.** Provide an agent ID when initializing.
+2. **Peer agents.** The coordinator needs at least two peer agents to coordinate between. Ensure those agents have compatible channel policies.
+3. **Retention windows.** Plans and outputs: 30 days each. Adjust if your handoff workflows span longer periods.

package/dist/templates/handoff-coordinator/policy.md

@@ -0,0 +1 @@
+This agent coordinates handoffs between other agents in the mesh. It may read and write to plans and outputs. Every handoff must pass the commitment boundary gate. The intra-mesh-escrow commitment class is declared. No credentials access. No memory sync. No egress. No budget. The operator reviews handoff outcomes via the outputs slot.

package/dist/templates/handoff-coordinator/template.json

@@ -0,0 +1,17 @@
+{
+  "name": "handoff-coordinator",
+  "version": "1.0.0",
+  "channel": "fortress-relay",
+  "tier": "B",
+  "slot_augmentations": {
+    "plans": {
+      "mode": "grant",
+      "grants": [
+        { "counterparty": "*", "action": "read" }
+      ]
+    },
+    "concordia_commitment_classes": ["intra-mesh-escrow"]
+  },
+  "target_archetype": "A Tier B adapter-wrapped agent that coordinates handoffs between other agents. Commitment boundary enforces every handoff.",
+  "description": "Handoff coordinator: manages escrow-style handoffs between agents. Commitment boundary on every handoff."
+}

package/dist/templates/ops-runner/commitments.json

@@ -0,0 +1,14 @@
+{
+  "shapes": [
+    {
+      "commitment_class": "task-accept",
+      "example_deliverable": "Execute the authorized ops task",
+      "example_deadline_or_terminal": "2026-12-31T23:59:59Z"
+    },
+    {
+      "commitment_class": "credential-share",
+      "example_deliverable": "Share scoped credential with authorized service",
+      "example_deadline_or_terminal": "Credential expiry or operator revocation"
+    }
+  ]
+}

package/dist/templates/ops-runner/defaults.json

@@ -0,0 +1,12 @@
+{
+  "egress": [],
+  "budgets": {
+    "monthly": { "amount": 100, "unit": "usd" }
+  },
+  "retention": {
+    "windows": {
+      "plans": { "max_age_seconds": 2592000 },
+      "outputs": { "max_age_seconds": 7776000 }
+    }
+  }
+}

package/dist/templates/ops-runner/onboarding.md

@@ -0,0 +1,25 @@
+# Ops Runner
+
+An operations agent that runs authorized tasks against scoped credentials, with a monthly USD budget and operator-controlled egress.
+
+## What this agent does
+
+- Accepts operator-authorized tasks via the commitment boundary.
+- Accesses scoped credentials (one credential at a time, named by ID).
+- Writes task results to the outputs slot for operator review.
+- Tracks spend against a monthly USD budget.
+
+## What this agent does not do
+
+- It cannot access credentials beyond the scope the operator configures.
+- It cannot make outbound requests until the operator fills the egress allowlist.
+- It cannot exceed the monthly USD budget (default: $100/month).
+- It cannot act without first proposing a commitment that passes the boundary gate.
+
+## What you will need to set
+
+1. **Egress allowlist.** This template ships with an empty allowlist. You must add every service endpoint your ops agent needs to reach.
+2. **Credential scope.** When initializing, specify which credential ID the agent may access.
+3. **Monthly USD budget.** The default is $100/month. Adjust based on the cost of the APIs your agent calls.
+4. **Agent identity.** Provide an agent ID when initializing.
+5. **Retention windows.** Plans: 30 days. Outputs: 90 days. Credentials: indefinite. Adjust as needed.

package/dist/templates/ops-runner/policy.md

@@ -0,0 +1 @@
+This agent may access scoped credentials for operator-authorized operations tasks. Plans are gated by the commitment boundary: the agent must propose a commitment before acting. Outputs are written for operator review. The operator configures a monthly USD budget to cap metered API spend. Egress is empty by default; the operator must explicitly allowlist the service endpoints this agent needs to reach.

package/dist/templates/ops-runner/template.json

@@ -0,0 +1,16 @@
+{
+  "name": "ops-runner",
+  "version": "1.0.0",
+  "channel": "read-then-report",
+  "tier": "B",
+  "slot_augmentations": {
+    "credentials": {
+      "mode": "grant",
+      "grants": [
+        { "counterparty": "*", "action": "share" }
+      ]
+    }
+  },
+  "target_archetype": "A Tier B adapter-wrapped agent that runs operator-authorized ops tasks against scoped credentials. Monthly USD budget. Plans gated by commitment boundary.",
+  "description": "Ops agent: runs authorized tasks with scoped credentials. Monthly USD budget. Operator fills egress allowlist."
+}

package/dist/templates/planner/commitments.json

@@ -0,0 +1,9 @@
+{
+  "shapes": [
+    {
+      "commitment_class": "plan-publish",
+      "example_deliverable": "Implementation plan or revision for operator review",
+      "example_deadline_or_terminal": "Operator approval or plan superseded"
+    }
+  ]
+}

package/dist/templates/planner/defaults.json

@@ -0,0 +1,10 @@
+{
+  "egress": [],
+  "budgets": {},
+  "retention": {
+    "windows": {
+      "plans": { "max_age_seconds": 7776000 },
+      "outputs": { "max_age_seconds": 7776000 }
+    }
+  }
+}

package/dist/templates/planner/onboarding.md

@@ -0,0 +1,22 @@
+# Planner
+
+A planning agent that writes and revises plans for your review. Operates entirely offline with no egress and no budget.
+
+## What this agent does
+
+- Writes and revises plans in the plans slot.
+- Other agents in the mesh can read-only inspect this agent's plans.
+- Reads memory and outputs for context (read-only).
+
+## What this agent does not do
+
+- It cannot access credentials.
+- It cannot make outbound network requests (empty egress allowlist).
+- It cannot spend tokens or money (no budget configured).
+- It cannot execute plans; it only writes them for your approval.
+
+## What you will need to set
+
+1. **Agent identity.** Provide an agent ID when initializing.
+2. **Retention windows.** Plans and outputs: 90 days each. Adjust based on your planning cycle length.
+3. **Peer agents.** If you want other agents to inspect this planner's output, they will need a channel opened to read the plans slot.

package/dist/templates/planner/policy.md

@@ -0,0 +1 @@
+This agent may write and revise plans. The operator reads plans before approving them. Other agents in the mesh may read this agent's plans (read-only inspect). Memory and outputs are read-only for this agent. No credentials access. No egress. No budget. This agent works entirely offline, producing plans for human review.

package/dist/templates/planner/template.json

@@ -0,0 +1,8 @@
+{
+  "name": "planner",
+  "version": "1.0.0",
+  "channel": "plan-draft-only",
+  "tier": "B",
+  "target_archetype": "A Tier B adapter-wrapped agent that writes and revises plans for operator review. Plans slot read-write; other slots read-only. No egress.",
+  "description": "Planning agent: writes plans for operator review. No egress, no budget, read-only on other slots."
+}

package/dist/templates/research-assistant/commitments.json

@@ -0,0 +1,9 @@
+{
+  "shapes": [
+    {
+      "commitment_class": "output-publish",
+      "example_deliverable": "Research summary on the requested topic",
+      "example_deadline_or_terminal": "2026-12-31T23:59:59Z"
+    }
+  ]
+}

package/dist/templates/research-assistant/defaults.json

@@ -0,0 +1,25 @@
+{
+  "egress": [
+    {
+      "destination": "api.example-research-provider.com",
+      "methods": ["GET"],
+      "comment": "Replace with your research data provider endpoint."
+    },
+    {
+      "destination": "scholar.example.com",
+      "methods": ["GET"],
+      "comment": "Replace with your academic search endpoint."
+    },
+    {
+      "destination": "api.example-llm-provider.com",
+      "methods": ["POST"],
+      "comment": "Replace with your model provider inference endpoint."
+    }
+  ],
+  "budgets": {},
+  "retention": {
+    "windows": {
+      "outputs": { "max_age_seconds": 2592000 }
+    }
+  }
+}

package/dist/templates/research-assistant/onboarding.md

@@ -0,0 +1,21 @@
+# Research Assistant
+
+A read-only research agent that fetches information from approved sources and writes summaries to your fortress outputs.
+
+## What this agent does
+
+- Reads from external research sources you configure in the egress allowlist.
+- Writes research summaries to the outputs slot for your review.
+- Does not access credentials, plans, or memory from other agents.
+
+## What this agent does not do
+
+- It cannot share credentials or access secrets.
+- It cannot modify plans or coordinate with other agents.
+- It cannot make outbound requests to destinations outside the egress allowlist.
+
+## What you will need to set
+
+1. **Egress allowlist.** Replace the placeholder domains in the egress configuration with your actual research data providers and model inference endpoint.
+2. **Agent identity.** Provide an agent ID when initializing (used for policy binding and audit trail).
+3. **Review cadence.** Outputs are retained for 30 days by default. Adjust if your review cycle is longer.

package/dist/templates/research-assistant/policy.md

@@ -0,0 +1 @@
+This agent may read approved external sources and write research summaries to the outputs slot. No credentials access. No plans access. No memory sync with other agents. The operator reviews all outputs before acting on them. Outputs are read-only to other agents in the mesh.

package/dist/templates/research-assistant/template.json

@@ -0,0 +1,8 @@
+{
+  "name": "research-assistant",
+  "version": "1.0.0",
+  "channel": "read-then-report",
+  "tier": "B",
+  "target_archetype": "A Tier B adapter-wrapped agent that reads approved sources and writes research summaries. Minimal footprint, read-only output surface.",
+  "description": "Research agent: reads sources, writes summaries to outputs. No credentials, no plans, no bidirectional sync."
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sanctuary-framework/mcp-server",
-  "version": "1.2.0",
-  "description": "Your agent, your machine, your keys — an MCP server that adds encrypted state, approval gates, and a portable identity to any AI agent.",
+  "version": "1.2.2",
+  "description": "Your agent, your machine, your keys. An MCP server that adds encrypted state, approval gates, and a portable identity to any AI agent.",
   "type": "module",
   "main": "dist/index.cjs",
   "module": "dist/index.js",
@@ -23,7 +23,7 @@
     "LICENSE"
   ],
   "scripts": {
-    "build": "tsup",
+    "build": "tsup && node scripts/copy-templates.js",
     "dev": "tsup --watch",
     "start": "node dist/cli.js",
     "test": "vitest run",
@@ -80,7 +80,7 @@
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
-    "url": "https://github.com/eriknewton/sanctuary-framework.git",
+    "url": "git+https://github.com/eriknewton/sanctuary-framework.git",
     "directory": "server"
   },
   "keywords": [