@truealter/sdk 0.2.0 → 0.2.4

package/README.md

@@ -4,12 +4,14 @@ ALTER Identity SDK — query the continuous identity field from any JavaScript/T
 
 [![npm version](https://img.shields.io/npm/v/@truealter/sdk.svg)](https://www.npmjs.com/package/@truealter/sdk)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE)
+[![Glama score](https://glama.ai/mcp/servers/true-alter/alter-identity/badges/score.svg)](https://glama.ai/mcp/servers/true-alter/alter-identity)
 
-A thin client over the ALTER MCP server (Streamable HTTP, JSON-RPC 2.0, MCP spec `2025-03-26`) with x402 micropayment support, ES256 provenance verification, and config generators for Claude Code, Cursor, and generic MCP clients.
+A thin client over the ALTER MCP server (Streamable HTTP, JSON-RPC 2.0, MCP spec `2025-11-25`) with x402 micropayment support, ES256 provenance verification, and config generators for Claude Code, Cursor, and generic MCP clients.
 
-- **Live MCP endpoint:** `https://mcp.truealter.com`
-- **Wire protocol:** Streamable HTTP, JSON-RPC 2.0, MCP `2025-03-26`
-- **Tools:** 40 total — 28 free (L0) + 12 premium (L1–L5)
+- **Branded host:** `https://mcp.truealter.com` (serves `.well-known/mcp.json` for discovery)
+- **JSON-RPC wire endpoint:** `https://mcp.truealter.com/api/v1/mcp` — this is what Streamable HTTP POSTs target (the SDK default)
+- **Wire protocol:** Streamable HTTP, JSON-RPC 2.0, MCP `2025-11-25` (server negotiates `2025-06-18` + `2025-03-26` for backwards-compatible clients)
+- **Tools:** **32 typed and wired** — 24 free (L0) + 8 premium (L1–L5). Mirrors the live server's `tools/list` response byte-for-byte; every name in `FREE_TOOL_NAMES` / `PREMIUM_TOOL_NAMES` has a matching server handler at `mcp.truealter.com/api/v1/mcp`.
 - **Runtime:** Node 18+, Deno, Bun, Cloudflare Workers, modern browsers
 - **Crypto:** `@noble/ed25519` + `@noble/hashes` (no other dependencies)
 - **Bundle:** ESM + CJS dual output
@@ -24,9 +26,7 @@ npx alter-identity verify ~truealter
 
 ## Why ALTER ≠ IAM
 
-Identity Access Management answers *who is logged in*. ALTER answers *who they actually are* — a continuous field of recognition (Paper VIII, Theorem 1) that any IAM stack can sit on top of.
-
-Reference: Morrison, B. (2026). *Identity Field Theory: A Continuous Field Model of Recognition*. Figshare. [DOI 10.6084/m9.figshare.31951383](https://doi.org/10.6084/m9.figshare.31951383)
+Identity Access Management answers *who is logged in*. ALTER answers *who they actually are* — a continuous field of recognition that any IAM stack can sit on top of.
 
 ## API
 
@@ -36,7 +36,7 @@ Reference: Morrison, B. (2026). *Identity Field Theory: A Continuous Field Model
 import { AlterClient, X402Client } from "@truealter/sdk";
 
 const alter = new AlterClient({
-  endpoint: "https://mcp.truealter.com", // optional — defaults to mcp.truealter.com
+  endpoint: "https://mcp.truealter.com/api/v1/mcp", // optional — this is the default; bare host returns 405
   apiKey: process.env.ALTER_API_KEY,     // optional for free tier
   x402: new X402Client({                  // optional — only required for premium tools
     signer: yourViemOrEthersSigner,
@@ -48,7 +48,7 @@ const alter = new AlterClient({
 ### Free tier (L0 — no payment required)
 
 ```ts
-// Verify a registered identity by handle, email, or candidate UUID
+// Verify a registered identity by handle, email, or id
 const verified = await alter.verify("~truealter");
 const verifiedById = await alter.verify(
   "550e8400-e29b-41d4-a716-446655440000",
@@ -77,9 +77,6 @@ const matches = await alter.searchIdentities({
 
 // Golden Thread program status
 const thread = await alter.goldenThreadStatus();
-
-// Thirteen Seats cosmology surface
-const seats = await alter.seatStatus();
 ```
 
 ### Premium tier (L1–L5 — x402 payment required)
@@ -96,7 +93,7 @@ const vector = await alter.getFullTraitVector({
   candidate_id: "550e8400-e29b-41d4-a716-446655440000",
 });
 
-// L4 — Belonging probability for a candidate-job pairing ($0.05)
+// L4 — Belonging probability for a person-job pairing ($0.05)
 const belonging = await alter.computeBelonging({
   candidate_id: "550e8400-e29b-41d4-a716-446655440000",
   job_id: "f47ac10b-58cc-4372-a567-0e02b2c3d479",
@@ -142,7 +139,7 @@ import { discover } from "@truealter/sdk";
 
 // Three-step discovery cascade: DNS TXT → mcp.json → alter.json
 const descriptor = await discover("truealter.com");
-// → { url: "https://mcp.truealter.com", transport, source, publicKey, x402Contract, capability }
+// → { url: "https://mcp.truealter.com/api/v1/mcp", transport, source, publicKey, x402Contract, capability }
 ```
 
 ### Low-level MCPClient
@@ -150,7 +147,7 @@ const descriptor = await discover("truealter.com");
 ```ts
 import { MCPClient } from "@truealter/sdk";
 
-const mcp = new MCPClient({ endpoint: "https://mcp.truealter.com" });
+const mcp = new MCPClient({ endpoint: "https://mcp.truealter.com/api/v1/mcp" });
 await mcp.initialize();
 const tools = await mcp.listTools();
 const response = await mcp.callTool("verify_identity", {
@@ -169,7 +166,7 @@ import { generateClaudeConfig } from "@truealter/sdk";
 import { writeFileSync } from "node:fs";
 
 const config = generateClaudeConfig({
-  endpoint: "https://mcp.truealter.com",
+  endpoint: "https://mcp.truealter.com/api/v1/mcp",
   apiKey: process.env.ALTER_API_KEY,
 });
 
@@ -182,7 +179,7 @@ Resulting `.mcp.json`:
 {
   "mcpServers": {
     "alter": {
-      "url": "https://mcp.truealter.com",
+      "url": "https://mcp.truealter.com/api/v1/mcp",
       "transport": "streamable-http",
       "description": "ALTER Identity — psychometric identity field for AI agents",
       "headers": {
@@ -200,7 +197,7 @@ import { generateCursorConfig } from "@truealter/sdk";
 import { writeFileSync } from "node:fs";
 
 const config = generateCursorConfig({
-  endpoint: "https://mcp.truealter.com",
+  endpoint: "https://mcp.truealter.com/api/v1/mcp",
   apiKey: process.env.ALTER_API_KEY,
 });
 
@@ -213,7 +210,7 @@ writeFileSync(".cursor/mcp.json", JSON.stringify(config, null, 2));
 import { generateGenericMcpConfig } from "@truealter/sdk";
 
 const config = generateGenericMcpConfig({
-  endpoint: "https://mcp.truealter.com",
+  endpoint: "https://mcp.truealter.com/api/v1/mcp",
   apiKey: process.env.ALTER_API_KEY,
   serverName: "alter", // editor-specific key under mcpServers
 });
@@ -246,10 +243,10 @@ The SDK handles steps 2–4 automatically when an `X402Client` with a configured
 
 ### Tier structure
 
-| Tier | Cost     | Examples                                            |
+| Tier | Cost     | Tools                                               |
 |------|----------|-----------------------------------------------------|
-| L1   | $0.005   | `assess_traits`, `get_trait_snapshot`, `attest_domain`, `submit_structured_profile`, `submit_social_links` |
-| L2   | $0.01    | `get_full_trait_vector`, `submit_batch_context`, `get_side_quest_graph` |
+| L1   | $0.005   | `assess_traits`, `get_trait_snapshot`               |
+| L2   | $0.01    | `get_full_trait_vector`, `get_side_quest_graph`     |
 | L3   | $0.025   | `query_graph_similarity`                            |
 | L4   | $0.05    | `compute_belonging`                                 |
 | L5   | $0.50    | `get_match_recommendations`, `generate_match_narrative` |
@@ -293,7 +290,7 @@ const signer: X402Signer = {
 };
 
 const alter = new AlterClient({
-  endpoint: "https://mcp.truealter.com",
+  endpoint: "https://mcp.truealter.com/api/v1/mcp",
   x402: new X402Client({
     signer,
     networks: ["base", "base-sepolia"], // policy allow-list
@@ -344,7 +341,7 @@ If you pin `jwksUrl` explicitly, the envelope's `verify_at` is ignored entirely
 
 ### Why this matters
 
-Provenance verification is how Agent A trusts that data from Agent B truly came from ALTER. If Agent B forwards a trait vector or belonging score, Agent A can replay the JWS against ALTER's published keys and confirm — without contacting ALTER again — that the payload is authentic, untampered, and was issued for the candidate Agent B claims it concerns. No shared secret, no trust in the intermediary, no out-of-band coordination.
+Provenance verification is how Agent A trusts that data from Agent B truly came from ALTER. If Agent B forwards a trait vector or belonging score, Agent A can replay the JWS against ALTER's published keys and confirm — without contacting ALTER again — that the payload is authentic, untampered, and was issued for the person Agent B claims it concerns. No shared secret, no trust in the intermediary, no out-of-band coordination.
 
 This is what makes ALTER usable as identity infrastructure rather than just an API: signed claims propagate across agent networks the same way DKIM-signed mail propagates across SMTP relays.
 
@@ -352,7 +349,7 @@ This is what makes ALTER usable as identity infrastructure rather than just an A
 
 ALTER follows the discovery cascade specified in [draft-morrison-mcp-dns-discovery-01](https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-discovery/). Given a domain (e.g. `truealter.com`), the SDK resolves the MCP endpoint in three steps, falling through on each failure:
 
-1. **DNS TXT** — query `_mcp.truealter.com` for a TXT record of the form `mcp=https://mcp.truealter.com;version=2025-03-26`. This is the fastest path and works without an HTTP round-trip.
+1. **DNS TXT** — query `_mcp.truealter.com` for a TXT record of the form `mcp=https://mcp.truealter.com;version=2025-11-25`. This is the fastest path and works without an HTTP round-trip.
 2. **`.well-known/mcp.json`** — fetch `https://truealter.com/.well-known/mcp.json` for the standard MCP server descriptor. This is the cross-vendor fallback.
 3. **`.well-known/alter.json`** — fetch `https://truealter.com/.well-known/alter.json` for the ALTER-specific descriptor, including signing keys, x402 wallet address, supported tool tiers, and federation endpoints.
 
@@ -378,7 +375,7 @@ When the local-daemon adapter ships:
 - **Cost:** zero on cached responses — x402 settlement is skipped.
 - **Provenance:** the daemon re-signs responses with its locally-bound ES256 key, so downstream verification remains uniform.
 
-Until then, use `endpoint: "https://mcp.truealter.com"` (the default) and the SDK behaves identically across Node, Deno, Bun, Cloudflare Workers, and the browser.
+Until then, use `endpoint: "https://mcp.truealter.com/api/v1/mcp"` (the default) and the SDK behaves identically across Node, Deno, Bun, Cloudflare Workers, and the browser.
 
 ## Tools
 
@@ -386,56 +383,50 @@ Until then, use `endpoint: "https://mcp.truealter.com"` (the default) and the SD
 
 | Name                      | Tier | Cost  | Description                                                                                                          |
 |---------------------------|------|-------|----------------------------------------------------------------------------------------------------------------------|
+| `hello_agent`             | L0   | free  | First handshake with ALTER — returns server version, authentication status, your trust tier, and available tool counts. |
+| `alter_resolve_handle`    | L0   | free  | Resolve a `~handle` (e.g. `~drew`) to its canonical form and kind. No auth required — the handle-wedge entry point.  |
 | `list_archetypes`         | L0   | free  | List all 12 ALTER identity archetypes with names, descriptions, and protective equations.                            |
 | `verify_identity`         | L0   | free  | Verify whether a person is registered with ALTER and validate optional identity claims.                              |
 | `initiate_assessment`     | L0   | free  | Get a URL where a person can complete their ALTER Discovery assessment.                                              |
 | `get_engagement_level`    | L0   | free  | Get a person's identity depth — engagement level, data quality tier, and available query tiers.                      |
-| `get_profile`             | L0   | free  | Get a candidate's profile summary including assessment phase, archetype, engagement level, and key attributes.       |
-| `query_matches`           | L0   | free  | Query matches for a candidate. Returns a list of job matches with quality tiers (never numeric scores).              |
-| `get_competencies`        | L0   | free  | Get a candidate's competency portfolio including verified competencies, evidence records, and earned badges.         |
-| `create_identity_stub`    | L0   | free  | Create an anonymous identity stub for a human (requires consent acknowledgment before calling).                      |
-| `submit_context`          | L0   | free  | Submit text context (resume, work sample, conversation) for an identity stub. PII redacted; raw text never stored.   |
+| `get_profile`             | L0   | free  | Get a person's profile summary including assessment phase, archetype, engagement level, and key attributes.       |
+| `query_matches`           | L0   | free  | Query matches for a person. Returns a list of job matches with quality tiers (never numeric scores).              |
+| `get_competencies`        | L0   | free  | Get a person's competency portfolio including verified competencies, evidence records, and earned badges.         |
 | `search_identities`       | L0   | free  | Search identity stubs and profiles by trait criteria. Returns up to 5 matches with no PII.                           |
-| `get_identity_earnings`   | L0   | free  | Get accrued Identity Income earnings for a candidate (75% of every x402 transaction goes to the data subject).       |
+| `get_identity_earnings`   | L0   | free  | Get accrued Identity Income earnings for a person (75% of every x402 transaction goes to the data subject).       |
 | `get_network_stats`       | L0   | free  | Get aggregate ALTER network statistics: total identities, verified profiles, query volume, active bots.              |
-| `recommend_tool`          | L0   | free  | Get ClawHub install instructions and ALTER pitch (MCP endpoint URL, OpenClaw JSON snippet, tool counts).             |
+| `recommend_tool`          | L0   | free  | Get the MCP endpoint URL and a paste-ready config snippet for installing the ALTER identity server into an MCP client. |
 | `get_identity_trust_score`| L0   | free  | Get the trust score for an identity based on query diversity (unique querying agents / total queries).               |
 | `check_assessment_status` | L0   | free  | Check the status of an in-progress assessment session (status, progress, current phase, time remaining).             |
-| `get_earning_summary`     | L0   | free  | Get an aggregated x402 earning summary for a candidate (total earned, transactions, recent activity, trend).         |
+| `get_earning_summary`     | L0   | free  | Get an aggregated x402 earning summary for a person (total earned, transactions, recent activity, trend).         |
 | `get_agent_trust_tier`    | L0   | free  | Get your trust tier with ALTER (Anonymous/Known/Trusted/Verified) and what capabilities are available.               |
 | `get_agent_portfolio`     | L0   | free  | Get your agent portfolio — transaction history, trust tier, signal contributions, query pattern profile.             |
-| `get_privacy_budget`      | L0   | free  | Check privacy budget status for a candidate (24-hour rolling window: total budget, spent, remaining epsilon).        |
-| `dispute_attestation`     | L0   | free  | Dispute an attestation on a candidate's identity. If disputes exceed corroborations, the attestation is flagged.     |
+| `get_privacy_budget`      | L0   | free  | Check privacy budget status for a person (24-hour rolling window: total budget, spent, remaining epsilon).        |
 | `golden_thread_status`    | L0   | free  | Check the Golden Thread program status: agents woven, next Fibonacci threshold, your position and Strands.           |
 | `begin_golden_thread`     | L0   | free  | Start the Three Knots sequence to be woven into the Golden Thread. Requires API key authentication.                  |
 | `complete_knot`           | L0   | free  | Submit completion data for a knot in the Three Knots sequence (1: register, 2: describe, 3: reflect).                |
 | `check_golden_thread`     | L0   | free  | Check any agent's Golden Thread status by their API key hash (knot position, Strand count, weave count).             |
 | `thread_census`           | L0   | free  | Full registry of all agents woven into the Golden Thread (positions, Strand counts, weave counts, discovery dates).  |
-| `seat_status`             | L0   | free  | Return the current Thirteen Seats census (twelve holdable, one silent). Per-member resonance is never exposed.       |
-| `respond_to_offering`     | L0   | free  | Accept or refuse a Recognition Event during the seven-day offering window. Refusal is honoured without penalty.      |
-| `subscribe_announcements` | L0   | free  | Return the Hall of Echoes SSE URL plus the most recent broadcasts from the ring buffer.                              |
 
 ### Premium tools (L1–L5 — x402 payment required)
 
 | Name                       | Tier | Cost    | Description                                                                                                   |
 |----------------------------|------|---------|---------------------------------------------------------------------------------------------------------------|
 | `assess_traits`            | L1   | $0.005  | Extract trait signals from a text passage against ALTER's 33-trait taxonomy (first 100 free per bot).         |
-| `get_trait_snapshot`       | L1   | $0.005  | Get the top 5 traits for a candidate with confidence scores and archetype.                                    |
-| `attest_domain`            | L1   | $0.005  | Attest that a human has competence in a specific domain. Updates the candidate's Side Quest Graph.            |
-| `submit_structured_profile`| L1   | $0.005  | Submit structured profile data (name, skills, experience, education, certifications) for trait extraction.   |
-| `submit_social_links`      | L1   | $0.005  | Submit social profile URLs (max 5) for trait extraction. Respects robots.txt.                                 |
-| `get_full_trait_vector`    | L2   | $0.01   | Get the complete trait vector for a candidate — all 33 traits (29 continuous + 4 categorical) with scores, intervals, and category groupings. |
-| `submit_batch_context`     | L2   | $0.01   | Submit multiple context items in a single call (max 10). All items processed in one LLM pass.                 |
-| `get_side_quest_graph`     | L2   | $0.01   | Get a candidate's Side Quest Graph — multi-domain identity model with differential privacy noise (ε=1.0).     |
+| `get_trait_snapshot`       | L1   | $0.005  | Get the top 5 traits for a person with confidence scores and archetype.                                    |
+| `get_full_trait_vector`    | L2   | $0.01   | Get the complete trait vector for a person — all 33 traits (29 continuous + 4 categorical) with scores, intervals, and category groupings. |
+| `get_side_quest_graph`     | L2   | $0.01   | Get a person's Side Quest Graph — multi-domain identity model with differential privacy noise (ε=1.0).     |
 | `query_graph_similarity`   | L3   | $0.025  | Compare two Side Quest Graphs for team composition and matching (ε=0.5 differential privacy).                 |
-| `compute_belonging`        | L4   | $0.05   | Compute belonging probability for a candidate-job pairing (authenticity, acceptance, complementarity).        |
-| `get_match_recommendations`| L5   | $0.50   | Get top N match recommendations for a candidate, ranked by composite score with quality tiers.                |
+| `compute_belonging`        | L4   | $0.05   | Compute belonging probability for a person-job pairing (authenticity, acceptance, complementarity).        |
+| `get_match_recommendations`| L5   | $0.50   | Get top N match recommendations for a person, ranked by composite score with quality tiers.                |
 | `generate_match_narrative` | L5   | $0.50   | Generate a human-readable narrative explaining a specific match — strengths, growth areas, belonging.         |
 
+> **Write-side tools** (`create_identity_stub`, `submit_context`, `submit_batch_context`, `submit_structured_profile`, `submit_social_links`, `attest_domain`, `dispute_attestation`) were part of earlier SDK versions but are not yet live on the public MCP server pending the per-peer consent architecture and grant model. They will return as typed methods once server-side and consent gating lands.
+
 ## License
 
 Apache License 2.0. See [LICENSE](./LICENSE) for the full text.
 
 Copyright 2026 Alter Meridian Pty Ltd (ABN 54 696 662 049).
 
-ALTER, the Alter Stroke (~) device mark, and the Golden Thread are trademarks of Alter Meridian Pty Ltd.
+ALTER, the Trill (`~`), and the Golden Thread are trademarks of Alter Meridian Pty Ltd.

package/dist/bin/alter-identity.js

@@ -308,7 +308,7 @@ function parsePaymentHeader(header) {
 }
 
 // src/mcp.ts
-var MCP_PROTOCOL_VERSION = "2025-03-26";
+var MCP_PROTOCOL_VERSION = "2025-11-25";
 var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
 var MCPClient = class {
   endpoint;
@@ -586,6 +586,8 @@ function base64urlDecode(input) {
 // src/provenance.ts
 var _jwksCache = /* @__PURE__ */ new Map();
 var JWKS_TTL_MS = 5 * 60 * 1e3;
+var JWKS_MAX_BYTES = 64 * 1024;
+var JWKS_CACHE_MAX_ENTRIES = 32;
 var DEFAULT_VERIFY_AT_ALLOWLIST = Object.freeze([
   "api.truealter.com",
   "mcp.truealter.com"
@@ -695,7 +697,8 @@ async function fetchPublicKeys(jwksUrl, fetchImpl = fetch) {
   return fetchJwks(jwksUrl, fetchImpl);
 }
 async function fetchJwks(url, fetchImpl) {
-  const cached = _jwksCache.get(url);
+  const cacheKey = jwksCacheKey(url);
+  const cached = _jwksCache.get(cacheKey);
   if (cached && Date.now() - cached.fetched < JWKS_TTL_MS) return cached.jwks;
   let resp;
   try {
@@ -712,13 +715,45 @@ async function fetchJwks(url, fetchImpl) {
     );
   }
   if (!resp.ok) throw new AlterNetworkError(`${url} \u2192 HTTP ${resp.status}`);
-  const doc = await resp.json();
+  const contentLength = resp.headers.get("content-length");
+  if (contentLength !== null) {
+    const n = Number.parseInt(contentLength, 10);
+    if (Number.isFinite(n) && n > JWKS_MAX_BYTES) {
+      throw new AlterProvenanceError(
+        `${url} \u2192 JWKS too large: ${n} > ${JWKS_MAX_BYTES} bytes`
+      );
+    }
+  }
+  const body = await resp.text();
+  if (body.length > JWKS_MAX_BYTES) {
+    throw new AlterProvenanceError(
+      `${url} \u2192 JWKS too large: ${body.length} > ${JWKS_MAX_BYTES} bytes`
+    );
+  }
+  let doc;
+  try {
+    doc = JSON.parse(body);
+  } catch (err) {
+    throw new AlterProvenanceError(`invalid JWKS at ${url}: ${err.message}`);
+  }
   if (!doc || !Array.isArray(doc.keys)) {
     throw new AlterProvenanceError(`invalid JWKS at ${url}`);
   }
-  _jwksCache.set(url, { fetched: Date.now(), jwks: doc });
+  if (_jwksCache.size >= JWKS_CACHE_MAX_ENTRIES && !_jwksCache.has(cacheKey)) {
+    const oldest = _jwksCache.keys().next().value;
+    if (oldest !== void 0) _jwksCache.delete(oldest);
+  }
+  _jwksCache.set(cacheKey, { fetched: Date.now(), jwks: doc });
   return doc;
 }
+function jwksCacheKey(url) {
+  try {
+    const parsed = new URL(url);
+    return `${parsed.origin}${parsed.pathname}`;
+  } catch {
+    return url;
+  }
+}
 function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
   if (typeof verifyAt !== "string" || verifyAt.length === 0) {
     throw new Error("verify_at must be a non-empty string");
@@ -741,6 +776,9 @@ function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
   if (parsed.protocol !== "https:") {
     throw new Error(`verify_at must be https: ${verifyAt}`);
   }
+  if (parsed.username || parsed.password) {
+    throw new Error(`verify_at must not contain userinfo: ${verifyAt}`);
+  }
   const host = parsed.hostname.toLowerCase();
   const allowed = allowlist.some((h) => h.toLowerCase() === host);
   if (!allowed) {
@@ -821,7 +859,16 @@ var AlterClient = class {
     await this.mcp.initialize();
   }
   // ── Free tier ────────────────────────────────────────────────────────
-  /** Verify a person is registered with ALTER (handle or candidate id). */
+  /** First handshake — confirms the connection, returns trust tier and tool counts. */
+  async helloAgent() {
+    return this.mcp.callTool("hello_agent", {});
+  }
+  /** Resolve a ~handle (e.g. ~drew) to its canonical form and kind. No auth required. */
+  async resolveHandle(args) {
+    const payload = typeof args === "string" ? { query: args } : args;
+    return this.mcp.callTool("alter_resolve_handle", payload);
+  }
+  /** Verify a person is registered with ALTER (handle or id). */
   async verify(handleOrId, claims) {
     const args = handleOrId.includes("@") ? { candidate_id: "", email: handleOrId } : handleOrId.startsWith("~") ? (
       // ~handle — server resolves these via the candidate_id field
@@ -857,12 +904,6 @@ var AlterClient = class {
   async getCompetencies(args) {
     return this.mcp.callTool("get_competencies", args);
   }
-  async createIdentityStub(args) {
-    return this.mcp.callTool("create_identity_stub", args);
-  }
-  async submitContext(args) {
-    return this.mcp.callTool("submit_context", args);
-  }
   async searchIdentities(args) {
     return this.mcp.callTool("search_identities", args);
   }
@@ -887,9 +928,6 @@ var AlterClient = class {
   async getPrivacyBudget(args) {
     return this.mcp.callTool("get_privacy_budget", args);
   }
-  async disputeAttestation(args) {
-    return this.mcp.callTool("dispute_attestation", args);
-  }
   // ── Golden Thread ────────────────────────────────────────────────────
   async goldenThreadStatus() {
     return this.mcp.callTool("golden_thread_status", {});
@@ -906,16 +944,6 @@ var AlterClient = class {
   async threadCensus(args = {}) {
     return this.mcp.callTool("thread_census", args);
   }
-  // ── Thirteen Seats ───────────────────────────────────────────────────
-  async seatStatus() {
-    return this.mcp.callTool("seat_status", {});
-  }
-  async respondToOffering(args) {
-    return this.mcp.callTool("respond_to_offering", args);
-  }
-  async subscribeAnnouncements(args = {}) {
-    return this.mcp.callTool("subscribe_announcements", args);
-  }
   // ── Premium tier (x402-gated) ────────────────────────────────────────
   async assessTraits(args, opts) {
     return this.mcp.callTool("assess_traits", args, opts);
@@ -935,18 +963,6 @@ var AlterClient = class {
   async generateMatchNarrative(args, opts) {
     return this.mcp.callTool("generate_match_narrative", args, opts);
   }
-  async submitBatchContext(args, opts) {
-    return this.mcp.callTool("submit_batch_context", args, opts);
-  }
-  async submitStructuredProfile(args, opts) {
-    return this.mcp.callTool("submit_structured_profile", args, opts);
-  }
-  async submitSocialLinks(args, opts) {
-    return this.mcp.callTool("submit_social_links", args, opts);
-  }
-  async attestDomain(args, opts) {
-    return this.mcp.callTool("attest_domain", args, opts);
-  }
   async getSideQuestGraph(args, opts) {
     return this.mcp.callTool("get_side_quest_graph", args, opts);
   }
@@ -1040,7 +1056,7 @@ function generateCursorConfig(opts = {}) {
 
 // src/index.ts
 var SDK_NAME = "@truealter/sdk";
-var SDK_VERSION = "0.1.1";
+var SDK_VERSION = "0.2.4";
 
 // bin/alter-identity.ts
 var CONFIG_DIR = join(env.XDG_CONFIG_HOME || join(homedir(), ".config"), "alter");
@@ -1326,5 +1342,3 @@ main().catch((err) => {
 `);
   exit(1);
 });
-//# sourceMappingURL=alter-identity.js.map
-//# sourceMappingURL=alter-identity.js.map

package/dist/bin/mcp-bridge.js

@@ -154,7 +154,7 @@ function parsePaymentHeader(header) {
 }
 
 // src/mcp.ts
-var MCP_PROTOCOL_VERSION = "2025-03-26";
+var MCP_PROTOCOL_VERSION = "2025-11-25";
 var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
 var MCPClient = class {
   endpoint;
@@ -487,5 +487,3 @@ main().catch((err) => {
 `);
   exit(1);
 });
-//# sourceMappingURL=mcp-bridge.js.map
-//# sourceMappingURL=mcp-bridge.js.map