@truealter/sdk 0.2.0 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -49
- package/dist/bin/alter-identity.js +53 -39
- package/dist/bin/mcp-bridge.js +1 -3
- package/dist/index.cjs +66 -86
- package/dist/index.d.cts +67 -197
- package/dist/index.d.ts +67 -197
- package/dist/index.js +66 -86
- package/package.json +10 -5
- package/dist/bin/alter-identity.js.map +0 -1
- package/dist/bin/mcp-bridge.js.map +0 -1
- package/dist/index.cjs.map +0 -1
- package/dist/index.js.map +0 -1
package/dist/index.cjs
CHANGED
|
@@ -328,7 +328,7 @@ function parsePaymentHeader(header) {
|
|
|
328
328
|
}
|
|
329
329
|
|
|
330
330
|
// src/mcp.ts
|
|
331
|
-
var MCP_PROTOCOL_VERSION = "2025-
|
|
331
|
+
var MCP_PROTOCOL_VERSION = "2025-11-25";
|
|
332
332
|
var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
|
|
333
333
|
var MCPClient = class {
|
|
334
334
|
endpoint;
|
|
@@ -625,6 +625,8 @@ function base64urlDecode(input) {
|
|
|
625
625
|
// src/provenance.ts
|
|
626
626
|
var _jwksCache = /* @__PURE__ */ new Map();
|
|
627
627
|
var JWKS_TTL_MS = 5 * 60 * 1e3;
|
|
628
|
+
var JWKS_MAX_BYTES = 64 * 1024;
|
|
629
|
+
var JWKS_CACHE_MAX_ENTRIES = 32;
|
|
628
630
|
var DEFAULT_VERIFY_AT_ALLOWLIST = Object.freeze([
|
|
629
631
|
"api.truealter.com",
|
|
630
632
|
"mcp.truealter.com"
|
|
@@ -734,7 +736,8 @@ async function fetchPublicKeys(jwksUrl, fetchImpl = fetch) {
|
|
|
734
736
|
return fetchJwks(jwksUrl, fetchImpl);
|
|
735
737
|
}
|
|
736
738
|
async function fetchJwks(url, fetchImpl) {
|
|
737
|
-
const
|
|
739
|
+
const cacheKey = jwksCacheKey(url);
|
|
740
|
+
const cached = _jwksCache.get(cacheKey);
|
|
738
741
|
if (cached && Date.now() - cached.fetched < JWKS_TTL_MS) return cached.jwks;
|
|
739
742
|
let resp;
|
|
740
743
|
try {
|
|
@@ -751,13 +754,45 @@ async function fetchJwks(url, fetchImpl) {
|
|
|
751
754
|
);
|
|
752
755
|
}
|
|
753
756
|
if (!resp.ok) throw new AlterNetworkError(`${url} \u2192 HTTP ${resp.status}`);
|
|
754
|
-
const
|
|
757
|
+
const contentLength = resp.headers.get("content-length");
|
|
758
|
+
if (contentLength !== null) {
|
|
759
|
+
const n = Number.parseInt(contentLength, 10);
|
|
760
|
+
if (Number.isFinite(n) && n > JWKS_MAX_BYTES) {
|
|
761
|
+
throw new AlterProvenanceError(
|
|
762
|
+
`${url} \u2192 JWKS too large: ${n} > ${JWKS_MAX_BYTES} bytes`
|
|
763
|
+
);
|
|
764
|
+
}
|
|
765
|
+
}
|
|
766
|
+
const body = await resp.text();
|
|
767
|
+
if (body.length > JWKS_MAX_BYTES) {
|
|
768
|
+
throw new AlterProvenanceError(
|
|
769
|
+
`${url} \u2192 JWKS too large: ${body.length} > ${JWKS_MAX_BYTES} bytes`
|
|
770
|
+
);
|
|
771
|
+
}
|
|
772
|
+
let doc;
|
|
773
|
+
try {
|
|
774
|
+
doc = JSON.parse(body);
|
|
775
|
+
} catch (err) {
|
|
776
|
+
throw new AlterProvenanceError(`invalid JWKS at ${url}: ${err.message}`);
|
|
777
|
+
}
|
|
755
778
|
if (!doc || !Array.isArray(doc.keys)) {
|
|
756
779
|
throw new AlterProvenanceError(`invalid JWKS at ${url}`);
|
|
757
780
|
}
|
|
758
|
-
_jwksCache.
|
|
781
|
+
if (_jwksCache.size >= JWKS_CACHE_MAX_ENTRIES && !_jwksCache.has(cacheKey)) {
|
|
782
|
+
const oldest = _jwksCache.keys().next().value;
|
|
783
|
+
if (oldest !== void 0) _jwksCache.delete(oldest);
|
|
784
|
+
}
|
|
785
|
+
_jwksCache.set(cacheKey, { fetched: Date.now(), jwks: doc });
|
|
759
786
|
return doc;
|
|
760
787
|
}
|
|
788
|
+
function jwksCacheKey(url) {
|
|
789
|
+
try {
|
|
790
|
+
const parsed = new URL(url);
|
|
791
|
+
return `${parsed.origin}${parsed.pathname}`;
|
|
792
|
+
} catch {
|
|
793
|
+
return url;
|
|
794
|
+
}
|
|
795
|
+
}
|
|
761
796
|
function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
|
|
762
797
|
if (typeof verifyAt !== "string" || verifyAt.length === 0) {
|
|
763
798
|
throw new Error("verify_at must be a non-empty string");
|
|
@@ -780,6 +815,9 @@ function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
|
|
|
780
815
|
if (parsed.protocol !== "https:") {
|
|
781
816
|
throw new Error(`verify_at must be https: ${verifyAt}`);
|
|
782
817
|
}
|
|
818
|
+
if (parsed.username || parsed.password) {
|
|
819
|
+
throw new Error(`verify_at must not contain userinfo: ${verifyAt}`);
|
|
820
|
+
}
|
|
783
821
|
const host = parsed.hostname.toLowerCase();
|
|
784
822
|
const allowed = allowlist.some((h) => h.toLowerCase() === host);
|
|
785
823
|
if (!allowed) {
|
|
@@ -860,7 +898,16 @@ var AlterClient = class {
|
|
|
860
898
|
await this.mcp.initialize();
|
|
861
899
|
}
|
|
862
900
|
// ── Free tier ────────────────────────────────────────────────────────
|
|
863
|
-
/**
|
|
901
|
+
/** First handshake — confirms the connection, returns trust tier and tool counts. */
|
|
902
|
+
async helloAgent() {
|
|
903
|
+
return this.mcp.callTool("hello_agent", {});
|
|
904
|
+
}
|
|
905
|
+
/** Resolve a ~handle (e.g. ~drew) to its canonical form and kind. No auth required. */
|
|
906
|
+
async resolveHandle(args) {
|
|
907
|
+
const payload = typeof args === "string" ? { query: args } : args;
|
|
908
|
+
return this.mcp.callTool("alter_resolve_handle", payload);
|
|
909
|
+
}
|
|
910
|
+
/** Verify a person is registered with ALTER (handle or id). */
|
|
864
911
|
async verify(handleOrId, claims) {
|
|
865
912
|
const args = handleOrId.includes("@") ? { candidate_id: "", email: handleOrId } : handleOrId.startsWith("~") ? (
|
|
866
913
|
// ~handle — server resolves these via the candidate_id field
|
|
@@ -896,12 +943,6 @@ var AlterClient = class {
|
|
|
896
943
|
async getCompetencies(args) {
|
|
897
944
|
return this.mcp.callTool("get_competencies", args);
|
|
898
945
|
}
|
|
899
|
-
async createIdentityStub(args) {
|
|
900
|
-
return this.mcp.callTool("create_identity_stub", args);
|
|
901
|
-
}
|
|
902
|
-
async submitContext(args) {
|
|
903
|
-
return this.mcp.callTool("submit_context", args);
|
|
904
|
-
}
|
|
905
946
|
async searchIdentities(args) {
|
|
906
947
|
return this.mcp.callTool("search_identities", args);
|
|
907
948
|
}
|
|
@@ -926,9 +967,6 @@ var AlterClient = class {
|
|
|
926
967
|
async getPrivacyBudget(args) {
|
|
927
968
|
return this.mcp.callTool("get_privacy_budget", args);
|
|
928
969
|
}
|
|
929
|
-
async disputeAttestation(args) {
|
|
930
|
-
return this.mcp.callTool("dispute_attestation", args);
|
|
931
|
-
}
|
|
932
970
|
// ── Golden Thread ────────────────────────────────────────────────────
|
|
933
971
|
async goldenThreadStatus() {
|
|
934
972
|
return this.mcp.callTool("golden_thread_status", {});
|
|
@@ -945,16 +983,6 @@ var AlterClient = class {
|
|
|
945
983
|
async threadCensus(args = {}) {
|
|
946
984
|
return this.mcp.callTool("thread_census", args);
|
|
947
985
|
}
|
|
948
|
-
// ── Thirteen Seats ───────────────────────────────────────────────────
|
|
949
|
-
async seatStatus() {
|
|
950
|
-
return this.mcp.callTool("seat_status", {});
|
|
951
|
-
}
|
|
952
|
-
async respondToOffering(args) {
|
|
953
|
-
return this.mcp.callTool("respond_to_offering", args);
|
|
954
|
-
}
|
|
955
|
-
async subscribeAnnouncements(args = {}) {
|
|
956
|
-
return this.mcp.callTool("subscribe_announcements", args);
|
|
957
|
-
}
|
|
958
986
|
// ── Premium tier (x402-gated) ────────────────────────────────────────
|
|
959
987
|
async assessTraits(args, opts) {
|
|
960
988
|
return this.mcp.callTool("assess_traits", args, opts);
|
|
@@ -974,18 +1002,6 @@ var AlterClient = class {
|
|
|
974
1002
|
async generateMatchNarrative(args, opts) {
|
|
975
1003
|
return this.mcp.callTool("generate_match_narrative", args, opts);
|
|
976
1004
|
}
|
|
977
|
-
async submitBatchContext(args, opts) {
|
|
978
|
-
return this.mcp.callTool("submit_batch_context", args, opts);
|
|
979
|
-
}
|
|
980
|
-
async submitStructuredProfile(args, opts) {
|
|
981
|
-
return this.mcp.callTool("submit_structured_profile", args, opts);
|
|
982
|
-
}
|
|
983
|
-
async submitSocialLinks(args, opts) {
|
|
984
|
-
return this.mcp.callTool("submit_social_links", args, opts);
|
|
985
|
-
}
|
|
986
|
-
async attestDomain(args, opts) {
|
|
987
|
-
return this.mcp.callTool("attest_domain", args, opts);
|
|
988
|
-
}
|
|
989
1005
|
async getSideQuestGraph(args, opts) {
|
|
990
1006
|
return this.mcp.callTool("get_side_quest_graph", args, opts);
|
|
991
1007
|
}
|
|
@@ -1079,6 +1095,8 @@ function generateCursorConfig(opts = {}) {
|
|
|
1079
1095
|
|
|
1080
1096
|
// src/types.ts
|
|
1081
1097
|
var FREE_TOOL_NAMES = [
|
|
1098
|
+
"hello_agent",
|
|
1099
|
+
"alter_resolve_handle",
|
|
1082
1100
|
"list_archetypes",
|
|
1083
1101
|
"verify_identity",
|
|
1084
1102
|
"initiate_assessment",
|
|
@@ -1086,8 +1104,6 @@ var FREE_TOOL_NAMES = [
|
|
|
1086
1104
|
"get_profile",
|
|
1087
1105
|
"query_matches",
|
|
1088
1106
|
"get_competencies",
|
|
1089
|
-
"create_identity_stub",
|
|
1090
|
-
"submit_context",
|
|
1091
1107
|
"search_identities",
|
|
1092
1108
|
"get_identity_earnings",
|
|
1093
1109
|
"get_network_stats",
|
|
@@ -1098,15 +1114,11 @@ var FREE_TOOL_NAMES = [
|
|
|
1098
1114
|
"get_agent_trust_tier",
|
|
1099
1115
|
"get_agent_portfolio",
|
|
1100
1116
|
"get_privacy_budget",
|
|
1101
|
-
"dispute_attestation",
|
|
1102
1117
|
"golden_thread_status",
|
|
1103
1118
|
"begin_golden_thread",
|
|
1104
1119
|
"complete_knot",
|
|
1105
1120
|
"check_golden_thread",
|
|
1106
|
-
"thread_census"
|
|
1107
|
-
"seat_status",
|
|
1108
|
-
"respond_to_offering",
|
|
1109
|
-
"subscribe_announcements"
|
|
1121
|
+
"thread_census"
|
|
1110
1122
|
];
|
|
1111
1123
|
var PREMIUM_TOOL_NAMES = [
|
|
1112
1124
|
"assess_traits",
|
|
@@ -1115,15 +1127,13 @@ var PREMIUM_TOOL_NAMES = [
|
|
|
1115
1127
|
"compute_belonging",
|
|
1116
1128
|
"get_match_recommendations",
|
|
1117
1129
|
"generate_match_narrative",
|
|
1118
|
-
"submit_batch_context",
|
|
1119
|
-
"submit_structured_profile",
|
|
1120
|
-
"submit_social_links",
|
|
1121
|
-
"attest_domain",
|
|
1122
1130
|
"get_side_quest_graph",
|
|
1123
1131
|
"query_graph_similarity"
|
|
1124
1132
|
];
|
|
1125
1133
|
var TOOL_TIERS = {
|
|
1126
1134
|
// L0 (free)
|
|
1135
|
+
hello_agent: 0,
|
|
1136
|
+
alter_resolve_handle: 0,
|
|
1127
1137
|
list_archetypes: 0,
|
|
1128
1138
|
verify_identity: 0,
|
|
1129
1139
|
initiate_assessment: 0,
|
|
@@ -1131,9 +1141,7 @@ var TOOL_TIERS = {
|
|
|
1131
1141
|
get_profile: 0,
|
|
1132
1142
|
query_matches: 0,
|
|
1133
1143
|
get_competencies: 0,
|
|
1134
|
-
|
|
1135
|
-
submit_context: 1,
|
|
1136
|
-
search_identities: 1,
|
|
1144
|
+
search_identities: 0,
|
|
1137
1145
|
get_identity_earnings: 0,
|
|
1138
1146
|
get_network_stats: 0,
|
|
1139
1147
|
recommend_tool: 0,
|
|
@@ -1141,8 +1149,6 @@ var TOOL_TIERS = {
|
|
|
1141
1149
|
check_assessment_status: 0,
|
|
1142
1150
|
get_earning_summary: 0,
|
|
1143
1151
|
get_privacy_budget: 0,
|
|
1144
|
-
dispute_attestation: 0,
|
|
1145
|
-
// Free tools not present in upstream TOOL_TIERS — default to 0
|
|
1146
1152
|
get_agent_trust_tier: 0,
|
|
1147
1153
|
get_agent_portfolio: 0,
|
|
1148
1154
|
golden_thread_status: 0,
|
|
@@ -1150,18 +1156,11 @@ var TOOL_TIERS = {
|
|
|
1150
1156
|
complete_knot: 0,
|
|
1151
1157
|
check_golden_thread: 0,
|
|
1152
1158
|
thread_census: 0,
|
|
1153
|
-
seat_status: 0,
|
|
1154
|
-
respond_to_offering: 0,
|
|
1155
|
-
subscribe_announcements: 0,
|
|
1156
1159
|
// L1
|
|
1157
1160
|
assess_traits: 1,
|
|
1158
1161
|
get_trait_snapshot: 1,
|
|
1159
|
-
submit_structured_profile: 1,
|
|
1160
|
-
submit_social_links: 1,
|
|
1161
|
-
attest_domain: 1,
|
|
1162
1162
|
// L2
|
|
1163
1163
|
get_full_trait_vector: 2,
|
|
1164
|
-
submit_batch_context: 2,
|
|
1165
1164
|
get_side_quest_graph: 2,
|
|
1166
1165
|
// L3
|
|
1167
1166
|
query_graph_similarity: 3,
|
|
@@ -1173,6 +1172,8 @@ var TOOL_TIERS = {
|
|
|
1173
1172
|
};
|
|
1174
1173
|
var TOOL_COSTS = {
|
|
1175
1174
|
// L0 free
|
|
1175
|
+
hello_agent: 0,
|
|
1176
|
+
alter_resolve_handle: 0,
|
|
1176
1177
|
list_archetypes: 0,
|
|
1177
1178
|
verify_identity: 0,
|
|
1178
1179
|
initiate_assessment: 0,
|
|
@@ -1180,7 +1181,6 @@ var TOOL_COSTS = {
|
|
|
1180
1181
|
get_profile: 0,
|
|
1181
1182
|
query_matches: 0,
|
|
1182
1183
|
get_competencies: 0,
|
|
1183
|
-
create_identity_stub: 0,
|
|
1184
1184
|
search_identities: 0,
|
|
1185
1185
|
get_identity_earnings: 0,
|
|
1186
1186
|
get_network_stats: 0,
|
|
@@ -1191,25 +1191,16 @@ var TOOL_COSTS = {
|
|
|
1191
1191
|
get_agent_trust_tier: 0,
|
|
1192
1192
|
get_agent_portfolio: 0,
|
|
1193
1193
|
get_privacy_budget: 0,
|
|
1194
|
-
dispute_attestation: 0,
|
|
1195
1194
|
golden_thread_status: 0,
|
|
1196
1195
|
begin_golden_thread: 0,
|
|
1197
1196
|
complete_knot: 0,
|
|
1198
1197
|
check_golden_thread: 0,
|
|
1199
1198
|
thread_census: 0,
|
|
1200
|
-
seat_status: 0,
|
|
1201
|
-
respond_to_offering: 0,
|
|
1202
|
-
subscribe_announcements: 0,
|
|
1203
1199
|
// L1 ($0.005)
|
|
1204
|
-
submit_context: 5e-3,
|
|
1205
1200
|
assess_traits: 5e-3,
|
|
1206
1201
|
get_trait_snapshot: 5e-3,
|
|
1207
|
-
submit_structured_profile: 5e-3,
|
|
1208
|
-
submit_social_links: 5e-3,
|
|
1209
|
-
attest_domain: 5e-3,
|
|
1210
1202
|
// L2 ($0.01)
|
|
1211
1203
|
get_full_trait_vector: 0.01,
|
|
1212
|
-
submit_batch_context: 0.01,
|
|
1213
1204
|
get_side_quest_graph: 0.01,
|
|
1214
1205
|
// L3 ($0.025)
|
|
1215
1206
|
query_graph_similarity: 0.025,
|
|
@@ -1221,6 +1212,8 @@ var TOOL_COSTS = {
|
|
|
1221
1212
|
};
|
|
1222
1213
|
var TOOL_BLAST_RADIUS = {
|
|
1223
1214
|
// Low: read-only reference
|
|
1215
|
+
hello_agent: "low",
|
|
1216
|
+
alter_resolve_handle: "low",
|
|
1224
1217
|
list_archetypes: "low",
|
|
1225
1218
|
verify_identity: "low",
|
|
1226
1219
|
get_engagement_level: "low",
|
|
@@ -1233,13 +1226,12 @@ var TOOL_BLAST_RADIUS = {
|
|
|
1233
1226
|
begin_golden_thread: "low",
|
|
1234
1227
|
check_golden_thread: "low",
|
|
1235
1228
|
thread_census: "low",
|
|
1236
|
-
dispute_attestation: "low",
|
|
1237
1229
|
get_identity_earnings: "low",
|
|
1238
1230
|
get_identity_trust_score: "low",
|
|
1239
1231
|
initiate_assessment: "low",
|
|
1232
|
+
get_agent_trust_tier: "low",
|
|
1233
|
+
get_agent_portfolio: "low",
|
|
1240
1234
|
// Medium: writes data or searches
|
|
1241
|
-
create_identity_stub: "medium",
|
|
1242
|
-
submit_context: "medium",
|
|
1243
1235
|
search_identities: "medium",
|
|
1244
1236
|
get_profile: "medium",
|
|
1245
1237
|
query_matches: "medium",
|
|
@@ -1247,28 +1239,18 @@ var TOOL_BLAST_RADIUS = {
|
|
|
1247
1239
|
complete_knot: "medium",
|
|
1248
1240
|
assess_traits: "medium",
|
|
1249
1241
|
get_trait_snapshot: "medium",
|
|
1250
|
-
submit_structured_profile: "medium",
|
|
1251
|
-
submit_social_links: "medium",
|
|
1252
|
-
submit_batch_context: "medium",
|
|
1253
|
-
attest_domain: "medium",
|
|
1254
1242
|
// High: returns sensitive identity data or computes scores
|
|
1255
1243
|
get_full_trait_vector: "high",
|
|
1256
1244
|
compute_belonging: "high",
|
|
1257
1245
|
get_match_recommendations: "high",
|
|
1258
1246
|
generate_match_narrative: "high",
|
|
1259
1247
|
get_side_quest_graph: "high",
|
|
1260
|
-
query_graph_similarity: "high"
|
|
1261
|
-
// Tools not in upstream TOOL_BLAST_RADIUS — default to "low"
|
|
1262
|
-
get_agent_trust_tier: "low",
|
|
1263
|
-
get_agent_portfolio: "low",
|
|
1264
|
-
seat_status: "low",
|
|
1265
|
-
respond_to_offering: "low",
|
|
1266
|
-
subscribe_announcements: "low"
|
|
1248
|
+
query_graph_similarity: "high"
|
|
1267
1249
|
};
|
|
1268
1250
|
|
|
1269
1251
|
// src/index.ts
|
|
1270
1252
|
var SDK_NAME = "@truealter/sdk";
|
|
1271
|
-
var SDK_VERSION = "0.
|
|
1253
|
+
var SDK_VERSION = "0.2.4";
|
|
1272
1254
|
|
|
1273
1255
|
exports.AlterAuthError = AlterAuthError;
|
|
1274
1256
|
exports.AlterClient = AlterClient;
|
|
@@ -1312,5 +1294,3 @@ exports.sign = sign;
|
|
|
1312
1294
|
exports.verify = verify;
|
|
1313
1295
|
exports.verifyProvenance = verifyProvenance;
|
|
1314
1296
|
exports.verifyToolSignatures = verifyToolSignatures;
|
|
1315
|
-
//# sourceMappingURL=index.cjs.map
|
|
1316
|
-
//# sourceMappingURL=index.cjs.map
|