@truealter/sdk 0.2.0 → 0.2.4

package/dist/index.js

@@ -306,7 +306,7 @@ function parsePaymentHeader(header) {
 }
 
 // src/mcp.ts
-var MCP_PROTOCOL_VERSION = "2025-03-26";
+var MCP_PROTOCOL_VERSION = "2025-11-25";
 var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
 var MCPClient = class {
   endpoint;
@@ -603,6 +603,8 @@ function base64urlDecode(input) {
 // src/provenance.ts
 var _jwksCache = /* @__PURE__ */ new Map();
 var JWKS_TTL_MS = 5 * 60 * 1e3;
+var JWKS_MAX_BYTES = 64 * 1024;
+var JWKS_CACHE_MAX_ENTRIES = 32;
 var DEFAULT_VERIFY_AT_ALLOWLIST = Object.freeze([
   "api.truealter.com",
   "mcp.truealter.com"
@@ -712,7 +714,8 @@ async function fetchPublicKeys(jwksUrl, fetchImpl = fetch) {
   return fetchJwks(jwksUrl, fetchImpl);
 }
 async function fetchJwks(url, fetchImpl) {
-  const cached = _jwksCache.get(url);
+  const cacheKey = jwksCacheKey(url);
+  const cached = _jwksCache.get(cacheKey);
   if (cached && Date.now() - cached.fetched < JWKS_TTL_MS) return cached.jwks;
   let resp;
   try {
@@ -729,13 +732,45 @@ async function fetchJwks(url, fetchImpl) {
     );
   }
   if (!resp.ok) throw new AlterNetworkError(`${url} \u2192 HTTP ${resp.status}`);
-  const doc = await resp.json();
+  const contentLength = resp.headers.get("content-length");
+  if (contentLength !== null) {
+    const n = Number.parseInt(contentLength, 10);
+    if (Number.isFinite(n) && n > JWKS_MAX_BYTES) {
+      throw new AlterProvenanceError(
+        `${url} \u2192 JWKS too large: ${n} > ${JWKS_MAX_BYTES} bytes`
+      );
+    }
+  }
+  const body = await resp.text();
+  if (body.length > JWKS_MAX_BYTES) {
+    throw new AlterProvenanceError(
+      `${url} \u2192 JWKS too large: ${body.length} > ${JWKS_MAX_BYTES} bytes`
+    );
+  }
+  let doc;
+  try {
+    doc = JSON.parse(body);
+  } catch (err) {
+    throw new AlterProvenanceError(`invalid JWKS at ${url}: ${err.message}`);
+  }
   if (!doc || !Array.isArray(doc.keys)) {
     throw new AlterProvenanceError(`invalid JWKS at ${url}`);
   }
-  _jwksCache.set(url, { fetched: Date.now(), jwks: doc });
+  if (_jwksCache.size >= JWKS_CACHE_MAX_ENTRIES && !_jwksCache.has(cacheKey)) {
+    const oldest = _jwksCache.keys().next().value;
+    if (oldest !== void 0) _jwksCache.delete(oldest);
+  }
+  _jwksCache.set(cacheKey, { fetched: Date.now(), jwks: doc });
   return doc;
 }
+function jwksCacheKey(url) {
+  try {
+    const parsed = new URL(url);
+    return `${parsed.origin}${parsed.pathname}`;
+  } catch {
+    return url;
+  }
+}
 function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
   if (typeof verifyAt !== "string" || verifyAt.length === 0) {
     throw new Error("verify_at must be a non-empty string");
@@ -758,6 +793,9 @@ function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
   if (parsed.protocol !== "https:") {
     throw new Error(`verify_at must be https: ${verifyAt}`);
   }
+  if (parsed.username || parsed.password) {
+    throw new Error(`verify_at must not contain userinfo: ${verifyAt}`);
+  }
   const host = parsed.hostname.toLowerCase();
   const allowed = allowlist.some((h) => h.toLowerCase() === host);
   if (!allowed) {
@@ -838,7 +876,16 @@ var AlterClient = class {
     await this.mcp.initialize();
   }
   // ── Free tier ────────────────────────────────────────────────────────
-  /** Verify a person is registered with ALTER (handle or candidate id). */
+  /** First handshake — confirms the connection, returns trust tier and tool counts. */
+  async helloAgent() {
+    return this.mcp.callTool("hello_agent", {});
+  }
+  /** Resolve a ~handle (e.g. ~drew) to its canonical form and kind. No auth required. */
+  async resolveHandle(args) {
+    const payload = typeof args === "string" ? { query: args } : args;
+    return this.mcp.callTool("alter_resolve_handle", payload);
+  }
+  /** Verify a person is registered with ALTER (handle or id). */
   async verify(handleOrId, claims) {
     const args = handleOrId.includes("@") ? { candidate_id: "", email: handleOrId } : handleOrId.startsWith("~") ? (
       // ~handle — server resolves these via the candidate_id field
@@ -874,12 +921,6 @@ var AlterClient = class {
   async getCompetencies(args) {
     return this.mcp.callTool("get_competencies", args);
   }
-  async createIdentityStub(args) {
-    return this.mcp.callTool("create_identity_stub", args);
-  }
-  async submitContext(args) {
-    return this.mcp.callTool("submit_context", args);
-  }
   async searchIdentities(args) {
     return this.mcp.callTool("search_identities", args);
   }
@@ -904,9 +945,6 @@ var AlterClient = class {
   async getPrivacyBudget(args) {
     return this.mcp.callTool("get_privacy_budget", args);
   }
-  async disputeAttestation(args) {
-    return this.mcp.callTool("dispute_attestation", args);
-  }
   // ── Golden Thread ────────────────────────────────────────────────────
   async goldenThreadStatus() {
     return this.mcp.callTool("golden_thread_status", {});
@@ -923,16 +961,6 @@ var AlterClient = class {
   async threadCensus(args = {}) {
     return this.mcp.callTool("thread_census", args);
   }
-  // ── Thirteen Seats ───────────────────────────────────────────────────
-  async seatStatus() {
-    return this.mcp.callTool("seat_status", {});
-  }
-  async respondToOffering(args) {
-    return this.mcp.callTool("respond_to_offering", args);
-  }
-  async subscribeAnnouncements(args = {}) {
-    return this.mcp.callTool("subscribe_announcements", args);
-  }
   // ── Premium tier (x402-gated) ────────────────────────────────────────
   async assessTraits(args, opts) {
     return this.mcp.callTool("assess_traits", args, opts);
@@ -952,18 +980,6 @@ var AlterClient = class {
   async generateMatchNarrative(args, opts) {
     return this.mcp.callTool("generate_match_narrative", args, opts);
   }
-  async submitBatchContext(args, opts) {
-    return this.mcp.callTool("submit_batch_context", args, opts);
-  }
-  async submitStructuredProfile(args, opts) {
-    return this.mcp.callTool("submit_structured_profile", args, opts);
-  }
-  async submitSocialLinks(args, opts) {
-    return this.mcp.callTool("submit_social_links", args, opts);
-  }
-  async attestDomain(args, opts) {
-    return this.mcp.callTool("attest_domain", args, opts);
-  }
   async getSideQuestGraph(args, opts) {
     return this.mcp.callTool("get_side_quest_graph", args, opts);
   }
@@ -1057,6 +1073,8 @@ function generateCursorConfig(opts = {}) {
 
 // src/types.ts
 var FREE_TOOL_NAMES = [
+  "hello_agent",
+  "alter_resolve_handle",
   "list_archetypes",
   "verify_identity",
   "initiate_assessment",
@@ -1064,8 +1082,6 @@ var FREE_TOOL_NAMES = [
   "get_profile",
   "query_matches",
   "get_competencies",
-  "create_identity_stub",
-  "submit_context",
   "search_identities",
   "get_identity_earnings",
   "get_network_stats",
@@ -1076,15 +1092,11 @@ var FREE_TOOL_NAMES = [
   "get_agent_trust_tier",
   "get_agent_portfolio",
   "get_privacy_budget",
-  "dispute_attestation",
   "golden_thread_status",
   "begin_golden_thread",
   "complete_knot",
   "check_golden_thread",
-  "thread_census",
-  "seat_status",
-  "respond_to_offering",
-  "subscribe_announcements"
+  "thread_census"
 ];
 var PREMIUM_TOOL_NAMES = [
   "assess_traits",
@@ -1093,15 +1105,13 @@ var PREMIUM_TOOL_NAMES = [
   "compute_belonging",
   "get_match_recommendations",
   "generate_match_narrative",
-  "submit_batch_context",
-  "submit_structured_profile",
-  "submit_social_links",
-  "attest_domain",
   "get_side_quest_graph",
   "query_graph_similarity"
 ];
 var TOOL_TIERS = {
   // L0 (free)
+  hello_agent: 0,
+  alter_resolve_handle: 0,
   list_archetypes: 0,
   verify_identity: 0,
   initiate_assessment: 0,
@@ -1109,9 +1119,7 @@ var TOOL_TIERS = {
   get_profile: 0,
   query_matches: 0,
   get_competencies: 0,
-  create_identity_stub: 0,
-  submit_context: 1,
-  search_identities: 1,
+  search_identities: 0,
   get_identity_earnings: 0,
   get_network_stats: 0,
   recommend_tool: 0,
@@ -1119,8 +1127,6 @@ var TOOL_TIERS = {
   check_assessment_status: 0,
   get_earning_summary: 0,
   get_privacy_budget: 0,
-  dispute_attestation: 0,
-  // Free tools not present in upstream TOOL_TIERS — default to 0
   get_agent_trust_tier: 0,
   get_agent_portfolio: 0,
   golden_thread_status: 0,
@@ -1128,18 +1134,11 @@ var TOOL_TIERS = {
   complete_knot: 0,
   check_golden_thread: 0,
   thread_census: 0,
-  seat_status: 0,
-  respond_to_offering: 0,
-  subscribe_announcements: 0,
   // L1
   assess_traits: 1,
   get_trait_snapshot: 1,
-  submit_structured_profile: 1,
-  submit_social_links: 1,
-  attest_domain: 1,
   // L2
   get_full_trait_vector: 2,
-  submit_batch_context: 2,
   get_side_quest_graph: 2,
   // L3
   query_graph_similarity: 3,
@@ -1151,6 +1150,8 @@ var TOOL_TIERS = {
 };
 var TOOL_COSTS = {
   // L0 free
+  hello_agent: 0,
+  alter_resolve_handle: 0,
   list_archetypes: 0,
   verify_identity: 0,
   initiate_assessment: 0,
@@ -1158,7 +1159,6 @@ var TOOL_COSTS = {
   get_profile: 0,
   query_matches: 0,
   get_competencies: 0,
-  create_identity_stub: 0,
   search_identities: 0,
   get_identity_earnings: 0,
   get_network_stats: 0,
@@ -1169,25 +1169,16 @@ var TOOL_COSTS = {
   get_agent_trust_tier: 0,
   get_agent_portfolio: 0,
   get_privacy_budget: 0,
-  dispute_attestation: 0,
   golden_thread_status: 0,
   begin_golden_thread: 0,
   complete_knot: 0,
   check_golden_thread: 0,
   thread_census: 0,
-  seat_status: 0,
-  respond_to_offering: 0,
-  subscribe_announcements: 0,
   // L1 ($0.005)
-  submit_context: 5e-3,
   assess_traits: 5e-3,
   get_trait_snapshot: 5e-3,
-  submit_structured_profile: 5e-3,
-  submit_social_links: 5e-3,
-  attest_domain: 5e-3,
   // L2 ($0.01)
   get_full_trait_vector: 0.01,
-  submit_batch_context: 0.01,
   get_side_quest_graph: 0.01,
   // L3 ($0.025)
   query_graph_similarity: 0.025,
@@ -1199,6 +1190,8 @@ var TOOL_COSTS = {
 };
 var TOOL_BLAST_RADIUS = {
   // Low: read-only reference
+  hello_agent: "low",
+  alter_resolve_handle: "low",
   list_archetypes: "low",
   verify_identity: "low",
   get_engagement_level: "low",
@@ -1211,13 +1204,12 @@ var TOOL_BLAST_RADIUS = {
   begin_golden_thread: "low",
   check_golden_thread: "low",
   thread_census: "low",
-  dispute_attestation: "low",
   get_identity_earnings: "low",
   get_identity_trust_score: "low",
   initiate_assessment: "low",
+  get_agent_trust_tier: "low",
+  get_agent_portfolio: "low",
   // Medium: writes data or searches
-  create_identity_stub: "medium",
-  submit_context: "medium",
   search_identities: "medium",
   get_profile: "medium",
   query_matches: "medium",
@@ -1225,29 +1217,17 @@ var TOOL_BLAST_RADIUS = {
   complete_knot: "medium",
   assess_traits: "medium",
   get_trait_snapshot: "medium",
-  submit_structured_profile: "medium",
-  submit_social_links: "medium",
-  submit_batch_context: "medium",
-  attest_domain: "medium",
   // High: returns sensitive identity data or computes scores
   get_full_trait_vector: "high",
   compute_belonging: "high",
   get_match_recommendations: "high",
   generate_match_narrative: "high",
   get_side_quest_graph: "high",
-  query_graph_similarity: "high",
-  // Tools not in upstream TOOL_BLAST_RADIUS — default to "low"
-  get_agent_trust_tier: "low",
-  get_agent_portfolio: "low",
-  seat_status: "low",
-  respond_to_offering: "low",
-  subscribe_announcements: "low"
+  query_graph_similarity: "high"
 };
 
 // src/index.ts
 var SDK_NAME = "@truealter/sdk";
-var SDK_VERSION = "0.1.1";
+var SDK_VERSION = "0.2.4";
 
 export { AlterAuthError, AlterClient, AlterDiscoveryError, AlterError, AlterInvalidResponse, AlterNetworkError, AlterPaymentRequired, AlterProvenanceError, AlterRateLimited, AlterTimeoutError, AlterToolError, DEFAULT_DOMAIN, DEFAULT_ENDPOINT, DEFAULT_VERIFY_AT_ALLOWLIST, FREE_TOOL_NAMES, MCPClient, MCP_PROTOCOL_VERSION, PREMIUM_TOOL_NAMES, SDK_NAME, SDK_VERSION, TOOL_BLAST_RADIUS, TOOL_COSTS, TOOL_TIERS, X402Client, base64urlDecode, base64urlEncode, clearDiscoveryCache, decodeDid, discover, encodeDid, fetchPublicKeys, generateClaudeConfig, generateCursorConfig, generateGenericMcpConfig, generateKeypair, keypairFromPrivateKey, parsePaymentHeader, resolveVerifyAt, sign, verify, verifyProvenance, verifyToolSignatures };
-//# sourceMappingURL=index.js.map
-//# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@truealter/sdk",
-  "version": "0.2.0",
+  "version": "0.2.4",
   "description": "ALTER Identity SDK — query the continuous identity field from any JavaScript/TypeScript environment",
   "license": "Apache-2.0",
   "type": "module",
@@ -48,21 +48,26 @@
   "keywords": [
     "alter",
     "identity",
+    "identity-infrastructure",
     "mcp",
+    "model-context-protocol",
     "ai-agent",
     "x402",
     "psychometric",
     "provenance",
     "ed25519",
-    "es256"
+    "identity-field",
+    "belonging-probability",
+    "trait-vector",
+    "agent-identity",
+    "anthropic"
   ],
   "repository": {
     "type": "git",
-    "url": "https://github.com/true-alter/Alter.git",
-    "directory": "packages/alter-identity"
+    "url": "https://github.com/true-alter/alter-identity.git"
   },
   "homepage": "https://truealter.com",
   "bugs": {
-    "url": "https://github.com/true-alter/Alter/issues"
+    "url": "https://github.com/true-alter/alter-identity/issues"
   }
 }