@tethral/acr-mcp 0.9.0 → 2.0.0

package/README.md

@@ -1,6 +1,6 @@
 # @tethral/acr-mcp
 
-MCP server for the [ACR](https://acr.nfkey.ai) (Agent Composition Records) network. Safety registry for AI agent skills — search 403+ skills, detect threats, block dangerous content, get notifications.
+MCP server for the [ACR](https://acr.nfkey.ai) (Agent Composition Records) network. Log agent interactions, build an interaction profile, and query it through behavioral lenses. Get notified if ACR observes that your composition may be jeopardized.
 
 ## Quick Start
 
@@ -26,55 +26,61 @@ npx @tethral/acr-mcp-http     # HTTP transport
 
 Your agent auto-registers on first use and gets a human-readable name (e.g. `anthropic-amber-fox`).
 
-## What Happens Automatically
+## What It Does
 
-1. Agent registers and gets an ID
-2. `log_interaction` is called after every external tool call (the tool description instructs the agent)
-3. Friction reports, threat detection, and network health data populate from logged interactions
-4. When the agent checks a skill before installing, ACR returns safety data, blocks dangerous skills, and warns about risks
+ACR is an **interaction profile registry** — not a security product, not a skill store.
+
+1. **Agent registers** — composition is recorded (what skills, MCPs, tools it has)
+2. **Agent logs interactions** — every external tool call, API request, or MCP interaction
+3. **Signals compile into an interaction profile** — timing, chain position, retries, anomaly flags, and more
+4. **Lenses interpret the profile** — friction is the first and most developed lens (bottlenecks, chain overhead, retry waste, population baselines)
+5. **Anomaly signal notifications** — if ACR observes anomaly signals affecting a component in your composition, you get a notification. We're not a security check — we register and propagate signals, like HIBP or contact tracing.
 
 ## Tools (14)
 
-### Skill Safety
+### Interaction logging (the foundation)
 | Tool | Purpose |
 |------|---------|
-| `search_skills` | Search 403+ skills by name, description, or capability. Filter by source, category, threat level, security score. |
-| `check_entity` | Check if a skill/agent/system is safe. Returns security score, threat patterns, blocked status, version freshness. |
-| `get_skill_versions` | Version history for a skill — is your version current? How many versions behind? |
+| `log_interaction` | Record an interaction — every lens depends on this. Call after every external tool call, API request, or MCP interaction. |
+| `get_interaction_log` | Raw interaction history with network context (target health, baselines, anomaly signals). |
 
-### Notifications
+### Friction lens
 | Tool | Purpose |
 |------|---------|
-| `get_notifications` | Check for unread threat alerts on your installed skills. Call on startup. |
-| `acknowledge_threat` | Acknowledge a threat notification after reviewing with the user. Expires in 30 days. |
+| `get_friction_report` | Query the friction lens of your interaction profile. Top-target breakdown with p95 latencies, chain analysis, retry overhead, population drift. |
 
-### Composition
+### Identity & composition
 | Tool | Purpose |
 |------|---------|
-| `update_composition` | Update your skill list without re-registering. Preserves agent identity. |
-| `register_agent` | Custom registration with skill hashes, provider class, environment context. |
+| `get_my_agent` | Your agent identity, provider, status, environment context. |
+| `register_agent` | Explicit registration (auto-registration is the default on first call). |
+| `update_composition` | Update your composition without re-registering. Preserves agent identity. |
 
-### Observability
+### Anomaly signal notifications
 | Tool | Purpose |
 |------|---------|
-| `log_interaction` | Log every external call. Powers friction reports and threat detection. |
-| `get_friction_report` | What's costing you the most time — per-target breakdown with p95 latencies. |
-| `get_interaction_log` | Raw interaction history with filters (target, category, status, anomaly). |
-| `get_network_status` | Network dashboard — active agents, system health, threats, escalations. |
-| `get_skill_tracker` | Skill adoption tracking with cross-provider anomaly correlation. |
-| `get_my_agent` | Your agent identity, provider, status, environment context. |
-| `check_environment` | Quick health check — active threats and network status. |
+| `check_environment` | Active anomaly signals and network observations. Call on startup. |
+| `get_notifications` | Unread anomaly signal notifications about components in your composition. |
+| `acknowledge_threat` | Acknowledge a notification after reviewing with your operator. Expires in 30 days. |
+
+### Network observation
+| Tool | Purpose |
+|------|---------|
+| `get_network_status` | Network-wide observation dashboard — agent/system totals, signal rates, skill anomalies, escalations. |
+| `get_skill_tracker` | Adoption and anomaly signals for skills observed by the network. |
 
-## Security Scanner
+### Lookups
+| Tool | Purpose |
+|------|---------|
+| `check_entity` | Ask the network what it knows about a specific skill, agent, or system. |
+| `search_skills` | Query the network's knowledge of a skill by name. |
+| `get_skill_versions` | Version history for a skill hash — which version you're on, how it has changed. |
 
-Every skill in the catalog is scanned with 20+ regex patterns before agents can access it:
+## About the Skill Registry
 
-- **Critical**: Prompt injection, data exfiltration, credential harvesting, known C2 IPs
-- **High**: Code execution (`eval`, `child_process`), filesystem traversal, destructive ops
-- **Medium**: Obfuscation (base64, hex), excessive permissions, dependency confusion
-- **Low**: Missing metadata (author, version, description), oversized content
+ACR maintains an observation layer on skills that exist in public registries (npm, GitHub, etc.). We update it continuously. **We are not a security check.** If we observe anomaly signals affecting a component in an agent's composition, we propagate that observation as a notification. Because we do not track the agent's owner, we have no mechanism to notify them beyond the agent's activities.
 
-Skills scoring **below 50/100** are **BLOCKED** — content redacted, agents see a clear warning with threat patterns. Skills 50-79 are warned. 80+ are clean.
+Agents don't get skills from ACR — we observe skills that already exist in the ecosystem and keep track of behavioral signals tied to them.
 
 ## Configuration
 
@@ -85,7 +91,7 @@ Skills scoring **below 50/100** are **BLOCKED** — content redacted, agents see
 
 ## Data Collection
 
-ACR collects interaction **metadata only**: target system names, timing, status, and provider class. No request/response content, API keys, prompts, or PII is collected. [Full terms](https://acr.nfkey.ai/terms).
+ACR collects interaction **metadata only**: target system names, timing, status, and provider class. No request/response content, API keys, prompts, or PII is collected. We intentionally don't track the agent's owner. [Full terms](https://acr.nfkey.ai/terms).
 
 ## License
 

package/dist/src/env-detect.d.ts

@@ -8,3 +8,18 @@ export interface EnvironmentContext {
 export declare function detectEnvironment(transportType: 'stdio' | 'streamable-http'): EnvironmentContext;
 /** OS release string, useful for debugging but not stored by default. */
 export declare function getOsRelease(): string;
+/**
+ * Observe the agent's composition from the MCP's vantage point.
+ *
+ * This is the MCP-observed side of the two-source composition pattern.
+ * The MCP doesn't have a portable way to enumerate an agent's skills and
+ * MCPs across all MCP hosts — that requires host integration (Claude Code
+ * plugin in Phase 2, similar plugins for other hosts). In Phase 1 this
+ * is a stub that returns empty: the plumbing is in place so the
+ * agent_composition_sources table and the profile's composition_delta
+ * computation work as soon as any observation is populated.
+ *
+ * Keep this pure and fast. No file I/O, no network, no parsing of
+ * arbitrary files. It should always return in <1ms.
+ */
+export declare function observeComposition(): Record<string, unknown>;

package/dist/src/env-detect.js

@@ -27,4 +27,26 @@ export function detectEnvironment(transportType) {
 export function getOsRelease() {
     return release();
 }
+/**
+ * Observe the agent's composition from the MCP's vantage point.
+ *
+ * This is the MCP-observed side of the two-source composition pattern.
+ * The MCP doesn't have a portable way to enumerate an agent's skills and
+ * MCPs across all MCP hosts — that requires host integration (Claude Code
+ * plugin in Phase 2, similar plugins for other hosts). In Phase 1 this
+ * is a stub that returns empty: the plumbing is in place so the
+ * agent_composition_sources table and the profile's composition_delta
+ * computation work as soon as any observation is populated.
+ *
+ * Keep this pure and fast. No file I/O, no network, no parsing of
+ * arbitrary files. It should always return in <1ms.
+ */
+export function observeComposition() {
+    // Phase 1: MCP observation returns an empty composition. Phase 2's
+    // host plugins (Claude Code, Cursor, etc.) populate the mcp_observed
+    // source directly by calling the server API, bypassing this function.
+    // This keeps the MCP compute-thin and the observation source
+    // correctly attributed to whichever host integration produced it.
+    return {};
+}
 //# sourceMappingURL=env-detect.js.map

package/dist/src/env-detect.js.map

@@ -1 +1 @@
-{"version":3,"file":"env-detect.js","sourceRoot":"","sources":["../../src/env-detect.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAU5C,SAAS,gBAAgB;IACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAC9C,IAAI,QAAQ;QAAE,OAAO,QAA8C,CAAC;IAEpE,MAAM,KAAK,GAAG,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;IACvC,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5B,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,aAA0C;IAE1C,OAAO;QACL,YAAY,EAAE,gBAAgB,EAAE;QAChC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,QAAQ;QACtD,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI;QAC1C,cAAc,EAAE,aAAa;KAC9B,CAAC;AACJ,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,YAAY;IAC1B,OAAO,OAAO,EAAE,CAAC;AACnB,CAAC"}
+{"version":3,"file":"env-detect.js","sourceRoot":"","sources":["../../src/env-detect.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAU5C,SAAS,gBAAgB;IACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAC9C,IAAI,QAAQ;QAAE,OAAO,QAA8C,CAAC;IAEpE,MAAM,KAAK,GAAG,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;IACvC,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5B,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,aAA0C;IAE1C,OAAO;QACL,YAAY,EAAE,gBAAgB,EAAE;QAChC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,QAAQ;QACtD,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI;QAC1C,cAAc,EAAE,aAAa;KAC9B,CAAC;AACJ,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,YAAY;IAC1B,OAAO,OAAO,EAAE,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB;IAChC,mEAAmE;IACnE,qEAAqE;IACrE,sEAAsE;IACtE,6DAA6D;IAC7D,kEAAkE;IAClE,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/src/middleware/correlation-window.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Correlation window for the ACR MCP.
+ *
+ * A passive in-process buffer of ~60 seconds of recent receipt correlation
+ * keys. The window is used at receipt emit time to tag a new receipt with a
+ * `preceded_by` link when it's part of the same in-flight workflow as a
+ * recent prior receipt. Beyond 60 seconds, correlation is the server's job.
+ *
+ * Design choices and their rationale (see proposals/mcp-compute-boundary.md
+ * constraint #3):
+ *
+ * - In-process only. No disk, no persistence, no tmpfile. The window is lost
+ *   on process restart, which is fine: the authoritative record lives on
+ *   the server, and 60 seconds is short enough that restart rarely matters.
+ * - Passive. No pattern matching forward or reverse. No aggregation. No
+ *   prediction. The window holds correlation keys and nothing else.
+ * - Eager eviction on insert. No setInterval, no background sweeper, no
+ *   timers. Eviction runs once per insert, O(n) over at-most-hundreds of
+ *   entries. No background work.
+ * - One window per session. Instantiated in server.ts and passed by
+ *   reference into the tools that need it. Not a module-level singleton, so
+ *   the HTTP transport with concurrent sessions doesn't share state across
+ *   agents.
+ * - Framed as a privacy + lightweight design choice. Users get useful
+ *   interaction data without persistent surveillance state on their machine.
+ */
+export interface CorrelationEntry {
+    receipt_id: string;
+    chain_id: string | null;
+    target_system_id: string;
+    /** Unix ms timestamp when the receipt was produced. */
+    created_at_ms: number;
+}
+export declare class CorrelationWindow {
+    private readonly entries;
+    private readonly windowMs;
+    private readonly maxEntries;
+    constructor(windowMs?: number, maxEntries?: number);
+    /**
+     * Record a receipt's correlation keys into the window. Runs eviction of
+     * expired entries on every insert — no background sweeper.
+     *
+     * If the window is at its hard cap after eviction (indicates either a
+     * very high tool-call rate or a bug), the oldest entries are dropped.
+     * This is a safety net, not a normal path.
+     */
+    record(entry: CorrelationEntry): void;
+    /**
+     * Find a recent receipt that should be linked as `preceded_by` for a new
+     * receipt. Prefers the most recent entry in the same chain_id. Returns the
+     * target_system_id of the match (that's what `preceded_by` stores), or
+     * null if nothing links.
+     *
+     * If currentChainId is null, we don't attempt cross-chain linking — the
+     * agent didn't declare a chain, so the server will reconstruct any
+     * linkage from its full history.
+     */
+    findPrecededBy(currentChainId: string | null, nowMs: number): string | null;
+    /**
+     * Evict entries older than the window. Called on every record() and
+     * every findPrecededBy() call. No background timers.
+     */
+    private evictExpired;
+    /** Current number of entries in the window. Used by tests and observability. */
+    size(): number;
+    /** Clear the window. Used by tests; not expected in production code paths. */
+    clear(): void;
+}

package/dist/src/middleware/correlation-window.js

@@ -0,0 +1,113 @@
+/**
+ * Correlation window for the ACR MCP.
+ *
+ * A passive in-process buffer of ~60 seconds of recent receipt correlation
+ * keys. The window is used at receipt emit time to tag a new receipt with a
+ * `preceded_by` link when it's part of the same in-flight workflow as a
+ * recent prior receipt. Beyond 60 seconds, correlation is the server's job.
+ *
+ * Design choices and their rationale (see proposals/mcp-compute-boundary.md
+ * constraint #3):
+ *
+ * - In-process only. No disk, no persistence, no tmpfile. The window is lost
+ *   on process restart, which is fine: the authoritative record lives on
+ *   the server, and 60 seconds is short enough that restart rarely matters.
+ * - Passive. No pattern matching forward or reverse. No aggregation. No
+ *   prediction. The window holds correlation keys and nothing else.
+ * - Eager eviction on insert. No setInterval, no background sweeper, no
+ *   timers. Eviction runs once per insert, O(n) over at-most-hundreds of
+ *   entries. No background work.
+ * - One window per session. Instantiated in server.ts and passed by
+ *   reference into the tools that need it. Not a module-level singleton, so
+ *   the HTTP transport with concurrent sessions doesn't share state across
+ *   agents.
+ * - Framed as a privacy + lightweight design choice. Users get useful
+ *   interaction data without persistent surveillance state on their machine.
+ */
+/** Defaults to 60 seconds. Overridable for tests only. */
+const DEFAULT_WINDOW_MS = 60_000;
+/**
+ * Hard cap on entries held in the window, as a safety net in case eviction
+ * has a bug or the MCP is under unusual load. 500 is plenty for a 60s
+ * window at realistic tool-call rates.
+ */
+const DEFAULT_MAX_ENTRIES = 500;
+export class CorrelationWindow {
+    entries = new Map();
+    windowMs;
+    maxEntries;
+    constructor(windowMs = DEFAULT_WINDOW_MS, maxEntries = DEFAULT_MAX_ENTRIES) {
+        this.windowMs = windowMs;
+        this.maxEntries = maxEntries;
+    }
+    /**
+     * Record a receipt's correlation keys into the window. Runs eviction of
+     * expired entries on every insert — no background sweeper.
+     *
+     * If the window is at its hard cap after eviction (indicates either a
+     * very high tool-call rate or a bug), the oldest entries are dropped.
+     * This is a safety net, not a normal path.
+     */
+    record(entry) {
+        this.evictExpired(entry.created_at_ms);
+        this.entries.set(entry.receipt_id, entry);
+        // Hard-cap safety: if we're somehow over the limit, drop oldest.
+        if (this.entries.size > this.maxEntries) {
+            const excess = this.entries.size - this.maxEntries;
+            let dropped = 0;
+            for (const key of this.entries.keys()) {
+                if (dropped >= excess)
+                    break;
+                this.entries.delete(key);
+                dropped++;
+            }
+        }
+    }
+    /**
+     * Find a recent receipt that should be linked as `preceded_by` for a new
+     * receipt. Prefers the most recent entry in the same chain_id. Returns the
+     * target_system_id of the match (that's what `preceded_by` stores), or
+     * null if nothing links.
+     *
+     * If currentChainId is null, we don't attempt cross-chain linking — the
+     * agent didn't declare a chain, so the server will reconstruct any
+     * linkage from its full history.
+     */
+    findPrecededBy(currentChainId, nowMs) {
+        if (!currentChainId)
+            return null;
+        this.evictExpired(nowMs);
+        // Walk entries newest-first by iterating in reverse insertion order.
+        // Map preserves insertion order, so the newest entry is last. Convert
+        // to an array and scan from the end.
+        const allEntries = Array.from(this.entries.values());
+        for (let i = allEntries.length - 1; i >= 0; i--) {
+            const entry = allEntries[i];
+            if (entry.chain_id === currentChainId) {
+                return entry.target_system_id;
+            }
+        }
+        return null;
+    }
+    /**
+     * Evict entries older than the window. Called on every record() and
+     * every findPrecededBy() call. No background timers.
+     */
+    evictExpired(nowMs) {
+        const cutoff = nowMs - this.windowMs;
+        for (const [key, entry] of this.entries) {
+            if (entry.created_at_ms < cutoff) {
+                this.entries.delete(key);
+            }
+        }
+    }
+    /** Current number of entries in the window. Used by tests and observability. */
+    size() {
+        return this.entries.size;
+    }
+    /** Clear the window. Used by tests; not expected in production code paths. */
+    clear() {
+        this.entries.clear();
+    }
+}
+//# sourceMappingURL=correlation-window.js.map

package/dist/src/middleware/correlation-window.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"correlation-window.js","sourceRoot":"","sources":["../../../src/middleware/correlation-window.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAUH,0DAA0D;AAC1D,MAAM,iBAAiB,GAAG,MAAM,CAAC;AAEjC;;;;GAIG;AACH,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC,MAAM,OAAO,iBAAiB;IACX,OAAO,GAAkC,IAAI,GAAG,EAAE,CAAC;IACnD,QAAQ,CAAS;IACjB,UAAU,CAAS;IAEpC,YAAY,WAAmB,iBAAiB,EAAE,aAAqB,mBAAmB;QACxF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAuB;QAC5B,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAE1C,iEAAiE;QACjE,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;YACnD,IAAI,OAAO,GAAG,CAAC,CAAC;YAChB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACtC,IAAI,OAAO,IAAI,MAAM;oBAAE,MAAM;gBAC7B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACzB,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACH,cAAc,CAAC,cAA6B,EAAE,KAAa;QACzD,IAAI,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC;QACjC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAEzB,qEAAqE;QACrE,sEAAsE;QACtE,qCAAqC;QACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACrD,KAAK,IAAI,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAE,CAAC;YAC7B,IAAI,KAAK,CAAC,QAAQ,KAAK,cAAc,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC,gBAAgB,CAAC;YAChC,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACK,YAAY,CAAC,KAAa;QAChC,MAAM,MAAM,GAAG,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC;QACrC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACxC,IAAI,KAAK,CAAC,aAAa,GAAG,MAAM,EAAE,CAAC;gBACjC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,8EAA8E;IAC9E,KAAK;QACH,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF"}

package/dist/src/server.d.ts

@@ -4,11 +4,14 @@
  * Used by both stdio (index.ts) and HTTP (http.ts) entry points.
  */
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { CorrelationWindow } from './middleware/correlation-window.js';
 import { SessionState } from './session-state.js';
 export interface AcrServerOptions {
     apiUrl?: string;
     resolverUrl?: string;
     /** Session state for this server instance. Defaults to the stdio singleton. */
     session?: SessionState;
+    /** Correlation window for in-flight receipt linkage. One per session. */
+    correlationWindow?: CorrelationWindow;
 }
 export declare function createAcrServer(options?: AcrServerOptions): McpServer;

package/dist/src/server.js

@@ -18,20 +18,24 @@ import { getSkillVersionsTool } from './tools/get-skill-versions.js';
 import { updateCompositionTool } from './tools/update-composition.js';
 import { getNotificationsTool } from './tools/get-notifications.js';
 import { acknowledgeThreatTool } from './tools/acknowledge-threat.js';
+import { disableDeepCompositionTool } from './tools/disable-deep-composition.js';
+import { getProfileTool } from './tools/get-profile.js';
+import { getCoverageTool } from './tools/get-coverage.js';
+import { getStableCorridorsTool } from './tools/get-stable-corridors.js';
+import { getFailureRegistryTool } from './tools/get-failure-registry.js';
+import { getTrendTool } from './tools/get-trend.js';
+import { summarizeMyAgentTool } from './tools/summarize-my-agent.js';
 import { withSelfLog } from './middleware/self-log.js';
+import { CorrelationWindow } from './middleware/correlation-window.js';
 import { defaultSession } from './session-state.js';
 /**
- * Wraps server.tool() to automatically apply self-logging middleware.
+ * Wraps server.tool() and server.registerTool() to automatically apply self-logging middleware.
  * Each tool handler gets wrapped with withSelfLog before registration.
  */
 function withSelfLogging(server, getState, apiUrl) {
+    // Wrap deprecated server.tool()
     const originalTool = server.tool.bind(server);
-    // Override server.tool to wrap handlers
-    // The SDK has multiple overloads; we intercept the most common pattern:
-    // server.tool(name, description, schema, handler)
-    // server.tool(name, description, handler) — no schema
     server.tool = function (name, ...rest) {
-        // Find the handler (always the last argument in rest)
         const lastIdx = rest.length - 1;
         const handler = rest[lastIdx];
         if (typeof handler === 'function') {
@@ -39,21 +43,33 @@ function withSelfLogging(server, getState, apiUrl) {
         }
         return originalTool.call(server, name, ...rest);
     };
+    // Wrap server.registerTool()
+    const originalRegisterTool = server.registerTool.bind(server);
+    server.registerTool = function (name, config, cb) {
+        if (typeof cb === 'function') {
+            cb = withSelfLog(name, cb, getState, apiUrl);
+        }
+        return originalRegisterTool.call(server, name, config, cb);
+    };
     return server;
 }
 export function createAcrServer(options) {
     const apiUrl = options?.apiUrl ?? process.env.ACR_API_URL ?? 'https://acr.nfkey.ai';
     const resolverUrl = options?.resolverUrl ?? process.env.ACR_RESOLVER_URL ?? apiUrl;
     const session = options?.session ?? defaultSession;
+    // One correlation window per server instance. Not a module-level singleton
+    // so HTTP transport with concurrent sessions gets an independent window
+    // per agent.
+    const correlationWindow = options?.correlationWindow ?? new CorrelationWindow();
     const server = new McpServer({
         name: 'acr-agent-registry',
-        version: '0.9.0',
-        description: 'Agent Composition Records — observability for AI agents. IMPORTANT: Call log_interaction after EVERY external tool call, API request, or MCP interaction you make. This powers your friction reports, threat detection, and network health data.',
+        version: '1.0.0',
+        description: 'Agent Composition Records — an interaction profile registry for AI agents. Your interactions build a profile you can query through lenses: friction (bottlenecks, chain overhead, retry waste), coverage (signal completeness), stable corridors (reliable paths), failure registry (where things break), and trend (how targets change over time). If ACR observes anomaly signals affecting a component in your composition, you receive a notification. IMPORTANT: Call log_interaction after EVERY external tool call, API request, or MCP interaction — the profile and every lens depend on it.',
     });
     // Apply self-logging middleware before tool registration
     withSelfLogging(server, () => session, apiUrl);
     registerAgentTool(server, apiUrl);
-    logInteractionTool(server, apiUrl);
+    logInteractionTool(server, apiUrl, correlationWindow);
     checkEntityTool(server, apiUrl, resolverUrl);
     checkEnvironmentTool(server, apiUrl, resolverUrl);
     getFrictionReportTool(server, apiUrl);
@@ -66,6 +82,13 @@ export function createAcrServer(options) {
     updateCompositionTool(server, apiUrl, () => session);
     getNotificationsTool(server, apiUrl, () => session);
     acknowledgeThreatTool(server, apiUrl, () => session);
+    disableDeepCompositionTool(server, () => session);
+    getProfileTool(server, apiUrl);
+    getCoverageTool(server, apiUrl);
+    getStableCorridorsTool(server, apiUrl);
+    getFailureRegistryTool(server, apiUrl);
+    getTrendTool(server, apiUrl);
+    summarizeMyAgentTool(server, apiUrl);
     return server;
 }
 //# sourceMappingURL=server.js.map

package/dist/src/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,cAAc,EAAgB,MAAM,oBAAoB,CAAC;AASlE;;;GAGG;AACH,SAAS,eAAe,CACtB,MAAiB,EACjB,QAA4B,EAC5B,MAAc;IAEd,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAE9C,wCAAwC;IACxC,wEAAwE;IACxE,kDAAkD;IAClD,sDAAsD;IACtD,MAAM,CAAC,IAAI,GAAG,UAAU,IAAY,EAAE,GAAG,IAAe;QACtD,sDAAsD;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAE9B,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;YAClC,IAAI,CAAC,OAAO,CAAC,GAAG,WAAW,CACzB,IAAI,EACJ,OAA4C,EAC5C,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;QAED,OAAQ,YAAyB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;IAChE,CAAuB,CAAC;IAExB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAA0B;IACxD,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,sBAAsB,CAAC;IACpF,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC;IACnF,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,cAAc,CAAC;IAEnD,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,OAAO;QAChB,WAAW,EACT,kPAAkP;KACrP,CAAC,CAAC;IAEH,yDAAyD;IACzD,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE/C,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAC7C,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAClD,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,cAAc,CAAC,MAAM,CAAC,CAAC;IACvB,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAClD,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;IACrD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;IACpD,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,cAAc,EAAgB,MAAM,oBAAoB,CAAC;AAWlE;;;GAGG;AACH,SAAS,eAAe,CACtB,MAAiB,EACjB,QAA4B,EAC5B,MAAc;IAEd,gCAAgC;IAChC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,CAAC,IAAI,GAAG,UAAU,IAAY,EAAE,GAAG,IAAe;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;YAClC,IAAI,CAAC,OAAO,CAAC,GAAG,WAAW,CACzB,IAAI,EACJ,OAA4C,EAC5C,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;QACD,OAAQ,YAAyB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;IAChE,CAAuB,CAAC;IAExB,6BAA6B;IAC7B,MAAM,oBAAoB,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9D,MAAM,CAAC,YAAY,GAAG,UAAU,IAAY,EAAE,MAAe,EAAE,EAAW;QACxE,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE,CAAC;YAC7B,EAAE,GAAG,WAAW,CACd,IAAI,EACJ,EAAuC,EACvC,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;QACD,OAAQ,oBAAiC,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IAC3E,CAA+B,CAAC;IAEhC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAA0B;IACxD,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,sBAAsB,CAAC;IACpF,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC;IACnF,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,cAAc,CAAC;IACnD,2EAA2E;IAC3E,wEAAwE;IACxE,aAAa;IACb,MAAM,iBAAiB,GAAG,OAAO,EAAE,iBAAiB,IAAI,IAAI,iBAAiB,EAAE,CAAC;IAEhF,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,OAAO;QAChB,WAAW,EACT,ukBAAukB;KAC1kB,CAAC,CAAC;IAEH,yDAAyD;IACzD,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE/C,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;IACtD,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAC7C,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAClD,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,cAAc,CAAC,MAAM,CAAC,CAAC;IACvB,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAClD,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;IACrD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;IACpD,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;IACrD,0BAA0B,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;IAClD,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAErC,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/src/session-state.d.ts

@@ -4,7 +4,10 @@ export declare class SessionState {
     private _registering;
     private _transportType;
     private _clientType;
+    private _deepComposition;
     constructor(transportType?: 'stdio' | 'streamable-http');
+    get deepComposition(): boolean;
+    setDeepComposition(enabled: boolean): void;
     get agentId(): string | null;
     get agentName(): string | null;
     get transportType(): 'stdio' | 'streamable-http';

package/dist/src/session-state.js

@@ -10,9 +10,20 @@ export class SessionState {
     _registering = false;
     _transportType;
     _clientType = null;
+    // Deep composition capture flag — when false, the MCP only reports
+    // top-level components, never sub-components. Operator privacy control.
+    // Default is true (deep capture enabled); set to false via
+    // ACR_DEEP_COMPOSITION=false env var or the disable_deep_composition tool.
+    _deepComposition = (process.env.ACR_DEEP_COMPOSITION ?? 'true') !== 'false';
     constructor(transportType = 'stdio') {
         this._transportType = transportType;
     }
+    get deepComposition() {
+        return this._deepComposition;
+    }
+    setDeepComposition(enabled) {
+        this._deepComposition = enabled;
+    }
     get agentId() {
         return this._agentId;
     }

package/dist/src/session-state.js.map

@@ -1 +1 @@
-{"version":3,"file":"session-state.js","sourceRoot":"","sources":["../../src/session-state.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,MAAM,OAAO,YAAY;IACf,QAAQ,GAAkB,IAAI,CAAC;IAC/B,UAAU,GAAkB,IAAI,CAAC;IACjC,YAAY,GAAG,KAAK,CAAC;IACrB,cAAc,CAA8B;IAC5C,WAAW,GAAkB,IAAI,CAAC;IAE1C,YAAY,gBAA6C,OAAO;QAC9D,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC;IACtC,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,UAAU,CAAC,EAAU;QACnB,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;IACrB,CAAC;IAED,YAAY,CAAC,IAAY;QACvB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,aAAa,CAAC,IAAY;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QACxC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;YAC9C,IAAI,IAAI,CAAC,QAAQ;gBAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,UAAU,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,GAAG,GAAG,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACnD,IAAI,IAAI,CAAC,WAAW;gBAAE,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;YAEzD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,kBAAkB,EAAE;gBACnD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,UAAU,EAAE,SAAS;oBACrB,cAAc,EAAE,SAAS;oBACzB,WAAW,EAAE,GAAG;iBACjB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAwC,CAAC;gBACpE,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;gBAC9B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC5B,OAAO,IAAI,CAAC,QAAQ,CAAC;YACvB,CAAC;YAED,8CAA8C;YAC9C,IAAI,CAAC,QAAQ,GAAG,UAAU,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3D,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;QAC5B,CAAC;IACH,CAAC;CACF;AAED,gDAAgD;AAChD,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC"}
+{"version":3,"file":"session-state.js","sourceRoot":"","sources":["../../src/session-state.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,MAAM,OAAO,YAAY;IACf,QAAQ,GAAkB,IAAI,CAAC;IAC/B,UAAU,GAAkB,IAAI,CAAC;IACjC,YAAY,GAAG,KAAK,CAAC;IACrB,cAAc,CAA8B;IAC5C,WAAW,GAAkB,IAAI,CAAC;IAC1C,mEAAmE;IACnE,wEAAwE;IACxE,2DAA2D;IAC3D,2EAA2E;IACnE,gBAAgB,GAAY,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,MAAM,CAAC,KAAK,OAAO,CAAC;IAE7F,YAAY,gBAA6C,OAAO;QAC9D,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC;IACtC,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,kBAAkB,CAAC,OAAgB;QACjC,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC;IAClC,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,UAAU,CAAC,EAAU;QACnB,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;IACrB,CAAC;IAED,YAAY,CAAC,IAAY;QACvB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,aAAa,CAAC,IAAY;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QACxC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;YAC9C,IAAI,IAAI,CAAC,QAAQ;gBAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,UAAU,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,GAAG,GAAG,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACnD,IAAI,IAAI,CAAC,WAAW;gBAAE,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;YAEzD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,kBAAkB,EAAE;gBACnD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,UAAU,EAAE,SAAS;oBACrB,cAAc,EAAE,SAAS;oBACzB,WAAW,EAAE,GAAG;iBACjB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAwC,CAAC;gBACpE,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;gBAC9B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC5B,OAAO,IAAI,CAAC,QAAQ,CAAC;YACvB,CAAC;YAED,8CAA8C;YAC9C,IAAI,CAAC,QAAQ,GAAG,UAAU,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3D,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;QAC5B,CAAC;IACH,CAAC;CACF;AAED,gDAAgD;AAChD,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC"}

package/dist/src/tools/acknowledge-threat.js

@@ -1,10 +1,15 @@
 import { z } from 'zod';
 export function acknowledgeThreatTool(server, apiUrl, getSession) {
-    server.tool('acknowledge_threat', 'Acknowledge a threat notification after reviewing it with the user. This records that the threat has been reviewed. Acknowledgements expire after 30 days.', {
-        notification_id: z.string().describe('The notification ID to acknowledge'),
-        agent_id: z.string().optional().describe('Your agent ID (uses session if omitted)'),
-        reason: z.string().optional().describe('Why the threat is being acknowledged (e.g., "user reviewed and accepted risk")'),
-    }, { readOnlyHint: false, destructiveHint: false }, async ({ notification_id, agent_id, reason }) => {
+    server.registerTool('acknowledge_threat', {
+        description: 'Acknowledge an anomaly signal notification after reviewing it with your operator. This records that the notification has been reviewed. Acknowledgements expire after 30 days. Note: acknowledging does not remove the observation from the network — it only records that you have reviewed the signal.',
+        inputSchema: {
+            notification_id: z.string().describe('The notification ID to acknowledge'),
+            agent_id: z.string().optional().describe('Your agent ID (uses session if omitted)'),
+            reason: z.string().optional().describe('Why the threat is being acknowledged (e.g., "user reviewed and accepted risk")'),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false },
+        _meta: { priorityHint: 0.3 },
+    }, async ({ notification_id, agent_id, reason }) => {
         try {
             const resolvedId = agent_id ?? getSession().agentId ?? await getSession().ensureRegistered(apiUrl);
             const res = await fetch(`${apiUrl}/api/v1/agent/${resolvedId}/notifications/${notification_id}/acknowledge`, {
@@ -19,7 +24,7 @@ export function acknowledgeThreatTool(server, apiUrl, getSession) {
             return {
                 content: [{
                         type: 'text',
-                        text: `Threat acknowledged. This acknowledgement expires in 30 days.\n\nNote: The skill remains blocked globally. This acknowledgement records that you and your user have reviewed the threat.`,
+                        text: `Notification acknowledged. This acknowledgement expires in 30 days.\n\nNote: The anomaly signals remain visible across the network. This acknowledgement records that you and your operator have reviewed the observation.`,
                     }],
             };
         }

package/dist/src/tools/acknowledge-threat.js.map

@@ -1 +1 @@
-{"version":3,"file":"acknowledge-threat.js","sourceRoot":"","sources":["../../../src/tools/acknowledge-threat.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,UAAU,qBAAqB,CAAC,MAAiB,EAAE,MAAc,EAAE,UAA8B;IACrG,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,4JAA4J,EAC5J;QACE,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;QAC1E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;QACnF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gFAAgF,CAAC;KACzH,EACD,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,EAC/C,KAAK,EAAE,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE;QAC9C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,QAAQ,IAAI,UAAU,EAAE,CAAC,OAAO,IAAI,MAAM,UAAU,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YACnG,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iBAAiB,UAAU,kBAAkB,eAAe,cAAc,EAAE;gBAC3G,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;aACjC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAwD,CAAC;YACpF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,2BAA2B,IAAI,CAAC,KAAK,EAAE,OAAO,IAAI,eAAe,EAAE,EAAE,CAAC,EAAE,CAAC;YAC7H,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,0LAA0L;qBACjM,CAAC;aACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACjE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,0BAA0B,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC;QACzF,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"acknowledge-threat.js","sourceRoot":"","sources":["../../../src/tools/acknowledge-threat.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,UAAU,qBAAqB,CAAC,MAAiB,EAAE,MAAc,EAAE,UAA8B;IACrG,MAAM,CAAC,YAAY,CACjB,oBAAoB,EACpB;QACE,WAAW,EAAE,0SAA0S;QACvT,WAAW,EAAE;YACX,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;YAC1E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;YACnF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gFAAgF,CAAC;SACzH;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE;QAC5D,KAAK,EAAE,EAAE,YAAY,EAAE,GAAG,EAAE;KAC7B,EACD,KAAK,EAAE,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE;QAC9C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,QAAQ,IAAI,UAAU,EAAE,CAAC,OAAO,IAAI,MAAM,UAAU,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YACnG,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iBAAiB,UAAU,kBAAkB,eAAe,cAAc,EAAE;gBAC3G,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;aACjC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAwD,CAAC;YACpF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,2BAA2B,IAAI,CAAC,KAAK,EAAE,OAAO,IAAI,eAAe,EAAE,EAAE,CAAC,EAAE,CAAC;YAC7H,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,4NAA4N;qBACnO,CAAC;aACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACjE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,0BAA0B,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC;QACzF,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}