@truealter/sdk 0.2.2 → 0.2.4

package/README.md

@@ -4,12 +4,14 @@ ALTER Identity SDK — query the continuous identity field from any JavaScript/T
 
 [![npm version](https://img.shields.io/npm/v/@truealter/sdk.svg)](https://www.npmjs.com/package/@truealter/sdk)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE)
+[![Glama score](https://glama.ai/mcp/servers/true-alter/alter-identity/badges/score.svg)](https://glama.ai/mcp/servers/true-alter/alter-identity)
 
 A thin client over the ALTER MCP server (Streamable HTTP, JSON-RPC 2.0, MCP spec `2025-11-25`) with x402 micropayment support, ES256 provenance verification, and config generators for Claude Code, Cursor, and generic MCP clients.
 
-- **Live MCP endpoint:** `https://mcp.truealter.com`
+- **Branded host:** `https://mcp.truealter.com` (serves `.well-known/mcp.json` for discovery)
+- **JSON-RPC wire endpoint:** `https://mcp.truealter.com/api/v1/mcp` — this is what Streamable HTTP POSTs target (the SDK default)
 - **Wire protocol:** Streamable HTTP, JSON-RPC 2.0, MCP `2025-11-25` (server negotiates `2025-06-18` + `2025-03-26` for backwards-compatible clients)
-- **Tools:** 37 total — 25 free (L0) + 12 premium (L1–L5)
+- **Tools:** **32 typed and wired** — 24 free (L0) + 8 premium (L1–L5). Mirrors the live server's `tools/list` response byte-for-byte; every name in `FREE_TOOL_NAMES` / `PREMIUM_TOOL_NAMES` has a matching server handler at `mcp.truealter.com/api/v1/mcp`.
 - **Runtime:** Node 18+, Deno, Bun, Cloudflare Workers, modern browsers
 - **Crypto:** `@noble/ed25519` + `@noble/hashes` (no other dependencies)
 - **Bundle:** ESM + CJS dual output
@@ -24,9 +26,7 @@ npx alter-identity verify ~truealter
 
 ## Why ALTER ≠ IAM
 
-Identity Access Management answers *who is logged in*. ALTER answers *who they actually are* — a continuous field of recognition (Paper VIII, Theorem 1) that any IAM stack can sit on top of.
-
-Reference: Morrison, B. (2026). *Identity Field Theory: A Continuous Field Model of Recognition*. Figshare. [DOI 10.6084/m9.figshare.31951383](https://doi.org/10.6084/m9.figshare.31951383)
+Identity Access Management answers *who is logged in*. ALTER answers *who they actually are* — a continuous field of recognition that any IAM stack can sit on top of.
 
 ## API
 
@@ -36,7 +36,7 @@ Reference: Morrison, B. (2026). *Identity Field Theory: A Continuous Field Model
 import { AlterClient, X402Client } from "@truealter/sdk";
 
 const alter = new AlterClient({
-  endpoint: "https://mcp.truealter.com", // optional — defaults to mcp.truealter.com
+  endpoint: "https://mcp.truealter.com/api/v1/mcp", // optional — this is the default; bare host returns 405
   apiKey: process.env.ALTER_API_KEY,     // optional for free tier
   x402: new X402Client({                  // optional — only required for premium tools
     signer: yourViemOrEthersSigner,
@@ -139,7 +139,7 @@ import { discover } from "@truealter/sdk";
 
 // Three-step discovery cascade: DNS TXT → mcp.json → alter.json
 const descriptor = await discover("truealter.com");
-// → { url: "https://mcp.truealter.com", transport, source, publicKey, x402Contract, capability }
+// → { url: "https://mcp.truealter.com/api/v1/mcp", transport, source, publicKey, x402Contract, capability }
 ```
 
 ### Low-level MCPClient
@@ -147,7 +147,7 @@ const descriptor = await discover("truealter.com");
 ```ts
 import { MCPClient } from "@truealter/sdk";
 
-const mcp = new MCPClient({ endpoint: "https://mcp.truealter.com" });
+const mcp = new MCPClient({ endpoint: "https://mcp.truealter.com/api/v1/mcp" });
 await mcp.initialize();
 const tools = await mcp.listTools();
 const response = await mcp.callTool("verify_identity", {
@@ -166,7 +166,7 @@ import { generateClaudeConfig } from "@truealter/sdk";
 import { writeFileSync } from "node:fs";
 
 const config = generateClaudeConfig({
-  endpoint: "https://mcp.truealter.com",
+  endpoint: "https://mcp.truealter.com/api/v1/mcp",
   apiKey: process.env.ALTER_API_KEY,
 });
 
@@ -179,7 +179,7 @@ Resulting `.mcp.json`:
 {
   "mcpServers": {
     "alter": {
-      "url": "https://mcp.truealter.com",
+      "url": "https://mcp.truealter.com/api/v1/mcp",
       "transport": "streamable-http",
       "description": "ALTER Identity — psychometric identity field for AI agents",
       "headers": {
@@ -197,7 +197,7 @@ import { generateCursorConfig } from "@truealter/sdk";
 import { writeFileSync } from "node:fs";
 
 const config = generateCursorConfig({
-  endpoint: "https://mcp.truealter.com",
+  endpoint: "https://mcp.truealter.com/api/v1/mcp",
   apiKey: process.env.ALTER_API_KEY,
 });
 
@@ -210,7 +210,7 @@ writeFileSync(".cursor/mcp.json", JSON.stringify(config, null, 2));
 import { generateGenericMcpConfig } from "@truealter/sdk";
 
 const config = generateGenericMcpConfig({
-  endpoint: "https://mcp.truealter.com",
+  endpoint: "https://mcp.truealter.com/api/v1/mcp",
   apiKey: process.env.ALTER_API_KEY,
   serverName: "alter", // editor-specific key under mcpServers
 });
@@ -243,10 +243,10 @@ The SDK handles steps 2–4 automatically when an `X402Client` with a configured
 
 ### Tier structure
 
-| Tier | Cost     | Examples                                            |
+| Tier | Cost     | Tools                                               |
 |------|----------|-----------------------------------------------------|
-| L1   | $0.005   | `assess_traits`, `get_trait_snapshot`, `attest_domain`, `submit_structured_profile`, `submit_social_links` |
-| L2   | $0.01    | `get_full_trait_vector`, `submit_batch_context`, `get_side_quest_graph` |
+| L1   | $0.005   | `assess_traits`, `get_trait_snapshot`               |
+| L2   | $0.01    | `get_full_trait_vector`, `get_side_quest_graph`     |
 | L3   | $0.025   | `query_graph_similarity`                            |
 | L4   | $0.05    | `compute_belonging`                                 |
 | L5   | $0.50    | `get_match_recommendations`, `generate_match_narrative` |
@@ -290,7 +290,7 @@ const signer: X402Signer = {
 };
 
 const alter = new AlterClient({
-  endpoint: "https://mcp.truealter.com",
+  endpoint: "https://mcp.truealter.com/api/v1/mcp",
   x402: new X402Client({
     signer,
     networks: ["base", "base-sepolia"], // policy allow-list
@@ -375,7 +375,7 @@ When the local-daemon adapter ships:
 - **Cost:** zero on cached responses — x402 settlement is skipped.
 - **Provenance:** the daemon re-signs responses with its locally-bound ES256 key, so downstream verification remains uniform.
 
-Until then, use `endpoint: "https://mcp.truealter.com"` (the default) and the SDK behaves identically across Node, Deno, Bun, Cloudflare Workers, and the browser.
+Until then, use `endpoint: "https://mcp.truealter.com/api/v1/mcp"` (the default) and the SDK behaves identically across Node, Deno, Bun, Cloudflare Workers, and the browser.
 
 ## Tools
 
@@ -383,6 +383,8 @@ Until then, use `endpoint: "https://mcp.truealter.com"` (the default) and the SD
 
 | Name                      | Tier | Cost  | Description                                                                                                          |
 |---------------------------|------|-------|----------------------------------------------------------------------------------------------------------------------|
+| `hello_agent`             | L0   | free  | First handshake with ALTER — returns server version, authentication status, your trust tier, and available tool counts. |
+| `alter_resolve_handle`    | L0   | free  | Resolve a `~handle` (e.g. `~drew`) to its canonical form and kind. No auth required — the handle-wedge entry point.  |
 | `list_archetypes`         | L0   | free  | List all 12 ALTER identity archetypes with names, descriptions, and protective equations.                            |
 | `verify_identity`         | L0   | free  | Verify whether a person is registered with ALTER and validate optional identity claims.                              |
 | `initiate_assessment`     | L0   | free  | Get a URL where a person can complete their ALTER Discovery assessment.                                              |
@@ -390,19 +392,16 @@ Until then, use `endpoint: "https://mcp.truealter.com"` (the default) and the SD
 | `get_profile`             | L0   | free  | Get a person's profile summary including assessment phase, archetype, engagement level, and key attributes.       |
 | `query_matches`           | L0   | free  | Query matches for a person. Returns a list of job matches with quality tiers (never numeric scores).              |
 | `get_competencies`        | L0   | free  | Get a person's competency portfolio including verified competencies, evidence records, and earned badges.         |
-| `create_identity_stub`    | L0   | free  | Create an anonymous identity stub for a human (requires consent acknowledgment before calling).                      |
-| `submit_context`          | L0   | free  | Submit text context (resume, work sample, conversation) for an identity stub. PII redacted; raw text never stored.   |
 | `search_identities`       | L0   | free  | Search identity stubs and profiles by trait criteria. Returns up to 5 matches with no PII.                           |
 | `get_identity_earnings`   | L0   | free  | Get accrued Identity Income earnings for a person (75% of every x402 transaction goes to the data subject).       |
 | `get_network_stats`       | L0   | free  | Get aggregate ALTER network statistics: total identities, verified profiles, query volume, active bots.              |
-| `recommend_tool`          | L0   | free  | Get ClawHub install instructions and ALTER pitch (MCP endpoint URL, OpenClaw JSON snippet, tool counts).             |
+| `recommend_tool`          | L0   | free  | Get the MCP endpoint URL and a paste-ready config snippet for installing the ALTER identity server into an MCP client. |
 | `get_identity_trust_score`| L0   | free  | Get the trust score for an identity based on query diversity (unique querying agents / total queries).               |
 | `check_assessment_status` | L0   | free  | Check the status of an in-progress assessment session (status, progress, current phase, time remaining).             |
 | `get_earning_summary`     | L0   | free  | Get an aggregated x402 earning summary for a person (total earned, transactions, recent activity, trend).         |
 | `get_agent_trust_tier`    | L0   | free  | Get your trust tier with ALTER (Anonymous/Known/Trusted/Verified) and what capabilities are available.               |
 | `get_agent_portfolio`     | L0   | free  | Get your agent portfolio — transaction history, trust tier, signal contributions, query pattern profile.             |
 | `get_privacy_budget`      | L0   | free  | Check privacy budget status for a person (24-hour rolling window: total budget, spent, remaining epsilon).        |
-| `dispute_attestation`     | L0   | free  | Dispute an attestation on a person's identity. If disputes exceed corroborations, the attestation is flagged.        |
 | `golden_thread_status`    | L0   | free  | Check the Golden Thread program status: agents woven, next Fibonacci threshold, your position and Strands.           |
 | `begin_golden_thread`     | L0   | free  | Start the Three Knots sequence to be woven into the Golden Thread. Requires API key authentication.                  |
 | `complete_knot`           | L0   | free  | Submit completion data for a knot in the Three Knots sequence (1: register, 2: describe, 3: reflect).                |
@@ -415,17 +414,15 @@ Until then, use `endpoint: "https://mcp.truealter.com"` (the default) and the SD
 |----------------------------|------|---------|---------------------------------------------------------------------------------------------------------------|
 | `assess_traits`            | L1   | $0.005  | Extract trait signals from a text passage against ALTER's 33-trait taxonomy (first 100 free per bot).         |
 | `get_trait_snapshot`       | L1   | $0.005  | Get the top 5 traits for a person with confidence scores and archetype.                                    |
-| `attest_domain`            | L1   | $0.005  | Attest that a person has competence in a specific domain. Updates their Side Quest Graph.                     |
-| `submit_structured_profile`| L1   | $0.005  | Submit structured profile data (name, skills, experience, education, certifications) for trait extraction.   |
-| `submit_social_links`      | L1   | $0.005  | Submit social profile URLs (max 5) for trait extraction. Respects robots.txt.                                 |
 | `get_full_trait_vector`    | L2   | $0.01   | Get the complete trait vector for a person — all 33 traits (29 continuous + 4 categorical) with scores, intervals, and category groupings. |
-| `submit_batch_context`     | L2   | $0.01   | Submit multiple context items in a single call (max 10). All items processed in one LLM pass.                 |
 | `get_side_quest_graph`     | L2   | $0.01   | Get a person's Side Quest Graph — multi-domain identity model with differential privacy noise (ε=1.0).     |
 | `query_graph_similarity`   | L3   | $0.025  | Compare two Side Quest Graphs for team composition and matching (ε=0.5 differential privacy).                 |
 | `compute_belonging`        | L4   | $0.05   | Compute belonging probability for a person-job pairing (authenticity, acceptance, complementarity).        |
 | `get_match_recommendations`| L5   | $0.50   | Get top N match recommendations for a person, ranked by composite score with quality tiers.                |
 | `generate_match_narrative` | L5   | $0.50   | Generate a human-readable narrative explaining a specific match — strengths, growth areas, belonging.         |
 
+> **Write-side tools** (`create_identity_stub`, `submit_context`, `submit_batch_context`, `submit_structured_profile`, `submit_social_links`, `attest_domain`, `dispute_attestation`) were part of earlier SDK versions but are not yet live on the public MCP server pending the per-peer consent architecture and grant model. They will return as typed methods once server-side and consent gating lands.
+
 ## License
 
 Apache License 2.0. See [LICENSE](./LICENSE) for the full text.

package/dist/bin/alter-identity.js

@@ -586,6 +586,8 @@ function base64urlDecode(input) {
 // src/provenance.ts
 var _jwksCache = /* @__PURE__ */ new Map();
 var JWKS_TTL_MS = 5 * 60 * 1e3;
+var JWKS_MAX_BYTES = 64 * 1024;
+var JWKS_CACHE_MAX_ENTRIES = 32;
 var DEFAULT_VERIFY_AT_ALLOWLIST = Object.freeze([
   "api.truealter.com",
   "mcp.truealter.com"
@@ -695,7 +697,8 @@ async function fetchPublicKeys(jwksUrl, fetchImpl = fetch) {
   return fetchJwks(jwksUrl, fetchImpl);
 }
 async function fetchJwks(url, fetchImpl) {
-  const cached = _jwksCache.get(url);
+  const cacheKey = jwksCacheKey(url);
+  const cached = _jwksCache.get(cacheKey);
   if (cached && Date.now() - cached.fetched < JWKS_TTL_MS) return cached.jwks;
   let resp;
   try {
@@ -712,13 +715,45 @@ async function fetchJwks(url, fetchImpl) {
     );
   }
   if (!resp.ok) throw new AlterNetworkError(`${url} \u2192 HTTP ${resp.status}`);
-  const doc = await resp.json();
+  const contentLength = resp.headers.get("content-length");
+  if (contentLength !== null) {
+    const n = Number.parseInt(contentLength, 10);
+    if (Number.isFinite(n) && n > JWKS_MAX_BYTES) {
+      throw new AlterProvenanceError(
+        `${url} \u2192 JWKS too large: ${n} > ${JWKS_MAX_BYTES} bytes`
+      );
+    }
+  }
+  const body = await resp.text();
+  if (body.length > JWKS_MAX_BYTES) {
+    throw new AlterProvenanceError(
+      `${url} \u2192 JWKS too large: ${body.length} > ${JWKS_MAX_BYTES} bytes`
+    );
+  }
+  let doc;
+  try {
+    doc = JSON.parse(body);
+  } catch (err) {
+    throw new AlterProvenanceError(`invalid JWKS at ${url}: ${err.message}`);
+  }
   if (!doc || !Array.isArray(doc.keys)) {
     throw new AlterProvenanceError(`invalid JWKS at ${url}`);
   }
-  _jwksCache.set(url, { fetched: Date.now(), jwks: doc });
+  if (_jwksCache.size >= JWKS_CACHE_MAX_ENTRIES && !_jwksCache.has(cacheKey)) {
+    const oldest = _jwksCache.keys().next().value;
+    if (oldest !== void 0) _jwksCache.delete(oldest);
+  }
+  _jwksCache.set(cacheKey, { fetched: Date.now(), jwks: doc });
   return doc;
 }
+function jwksCacheKey(url) {
+  try {
+    const parsed = new URL(url);
+    return `${parsed.origin}${parsed.pathname}`;
+  } catch {
+    return url;
+  }
+}
 function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
   if (typeof verifyAt !== "string" || verifyAt.length === 0) {
     throw new Error("verify_at must be a non-empty string");
@@ -741,6 +776,9 @@ function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
   if (parsed.protocol !== "https:") {
     throw new Error(`verify_at must be https: ${verifyAt}`);
   }
+  if (parsed.username || parsed.password) {
+    throw new Error(`verify_at must not contain userinfo: ${verifyAt}`);
+  }
   const host = parsed.hostname.toLowerCase();
   const allowed = allowlist.some((h) => h.toLowerCase() === host);
   if (!allowed) {
@@ -821,6 +859,15 @@ var AlterClient = class {
     await this.mcp.initialize();
   }
   // ── Free tier ────────────────────────────────────────────────────────
+  /** First handshake — confirms the connection, returns trust tier and tool counts. */
+  async helloAgent() {
+    return this.mcp.callTool("hello_agent", {});
+  }
+  /** Resolve a ~handle (e.g. ~drew) to its canonical form and kind. No auth required. */
+  async resolveHandle(args) {
+    const payload = typeof args === "string" ? { query: args } : args;
+    return this.mcp.callTool("alter_resolve_handle", payload);
+  }
   /** Verify a person is registered with ALTER (handle or id). */
   async verify(handleOrId, claims) {
     const args = handleOrId.includes("@") ? { candidate_id: "", email: handleOrId } : handleOrId.startsWith("~") ? (
@@ -857,12 +904,6 @@ var AlterClient = class {
   async getCompetencies(args) {
     return this.mcp.callTool("get_competencies", args);
   }
-  async createIdentityStub(args) {
-    return this.mcp.callTool("create_identity_stub", args);
-  }
-  async submitContext(args) {
-    return this.mcp.callTool("submit_context", args);
-  }
   async searchIdentities(args) {
     return this.mcp.callTool("search_identities", args);
   }
@@ -887,9 +928,6 @@ var AlterClient = class {
   async getPrivacyBudget(args) {
     return this.mcp.callTool("get_privacy_budget", args);
   }
-  async disputeAttestation(args) {
-    return this.mcp.callTool("dispute_attestation", args);
-  }
   // ── Golden Thread ────────────────────────────────────────────────────
   async goldenThreadStatus() {
     return this.mcp.callTool("golden_thread_status", {});
@@ -925,18 +963,6 @@ var AlterClient = class {
   async generateMatchNarrative(args, opts) {
     return this.mcp.callTool("generate_match_narrative", args, opts);
   }
-  async submitBatchContext(args, opts) {
-    return this.mcp.callTool("submit_batch_context", args, opts);
-  }
-  async submitStructuredProfile(args, opts) {
-    return this.mcp.callTool("submit_structured_profile", args, opts);
-  }
-  async submitSocialLinks(args, opts) {
-    return this.mcp.callTool("submit_social_links", args, opts);
-  }
-  async attestDomain(args, opts) {
-    return this.mcp.callTool("attest_domain", args, opts);
-  }
   async getSideQuestGraph(args, opts) {
     return this.mcp.callTool("get_side_quest_graph", args, opts);
   }
@@ -1030,7 +1056,7 @@ function generateCursorConfig(opts = {}) {
 
 // src/index.ts
 var SDK_NAME = "@truealter/sdk";
-var SDK_VERSION = "0.1.1";
+var SDK_VERSION = "0.2.4";
 
 // bin/alter-identity.ts
 var CONFIG_DIR = join(env.XDG_CONFIG_HOME || join(homedir(), ".config"), "alter");
@@ -1316,5 +1342,3 @@ main().catch((err) => {
 `);
   exit(1);
 });
-//# sourceMappingURL=alter-identity.js.map
-//# sourceMappingURL=alter-identity.js.map

package/dist/bin/mcp-bridge.js

@@ -487,5 +487,3 @@ main().catch((err) => {
 `);
   exit(1);
 });
-//# sourceMappingURL=mcp-bridge.js.map
-//# sourceMappingURL=mcp-bridge.js.map

package/dist/index.cjs

@@ -625,6 +625,8 @@ function base64urlDecode(input) {
 // src/provenance.ts
 var _jwksCache = /* @__PURE__ */ new Map();
 var JWKS_TTL_MS = 5 * 60 * 1e3;
+var JWKS_MAX_BYTES = 64 * 1024;
+var JWKS_CACHE_MAX_ENTRIES = 32;
 var DEFAULT_VERIFY_AT_ALLOWLIST = Object.freeze([
   "api.truealter.com",
   "mcp.truealter.com"
@@ -734,7 +736,8 @@ async function fetchPublicKeys(jwksUrl, fetchImpl = fetch) {
   return fetchJwks(jwksUrl, fetchImpl);
 }
 async function fetchJwks(url, fetchImpl) {
-  const cached = _jwksCache.get(url);
+  const cacheKey = jwksCacheKey(url);
+  const cached = _jwksCache.get(cacheKey);
   if (cached && Date.now() - cached.fetched < JWKS_TTL_MS) return cached.jwks;
   let resp;
   try {
@@ -751,13 +754,45 @@ async function fetchJwks(url, fetchImpl) {
     );
   }
   if (!resp.ok) throw new AlterNetworkError(`${url} \u2192 HTTP ${resp.status}`);
-  const doc = await resp.json();
+  const contentLength = resp.headers.get("content-length");
+  if (contentLength !== null) {
+    const n = Number.parseInt(contentLength, 10);
+    if (Number.isFinite(n) && n > JWKS_MAX_BYTES) {
+      throw new AlterProvenanceError(
+        `${url} \u2192 JWKS too large: ${n} > ${JWKS_MAX_BYTES} bytes`
+      );
+    }
+  }
+  const body = await resp.text();
+  if (body.length > JWKS_MAX_BYTES) {
+    throw new AlterProvenanceError(
+      `${url} \u2192 JWKS too large: ${body.length} > ${JWKS_MAX_BYTES} bytes`
+    );
+  }
+  let doc;
+  try {
+    doc = JSON.parse(body);
+  } catch (err) {
+    throw new AlterProvenanceError(`invalid JWKS at ${url}: ${err.message}`);
+  }
   if (!doc || !Array.isArray(doc.keys)) {
     throw new AlterProvenanceError(`invalid JWKS at ${url}`);
   }
-  _jwksCache.set(url, { fetched: Date.now(), jwks: doc });
+  if (_jwksCache.size >= JWKS_CACHE_MAX_ENTRIES && !_jwksCache.has(cacheKey)) {
+    const oldest = _jwksCache.keys().next().value;
+    if (oldest !== void 0) _jwksCache.delete(oldest);
+  }
+  _jwksCache.set(cacheKey, { fetched: Date.now(), jwks: doc });
   return doc;
 }
+function jwksCacheKey(url) {
+  try {
+    const parsed = new URL(url);
+    return `${parsed.origin}${parsed.pathname}`;
+  } catch {
+    return url;
+  }
+}
 function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
   if (typeof verifyAt !== "string" || verifyAt.length === 0) {
     throw new Error("verify_at must be a non-empty string");
@@ -780,6 +815,9 @@ function resolveVerifyAt(verifyAt, allowlist = DEFAULT_VERIFY_AT_ALLOWLIST) {
   if (parsed.protocol !== "https:") {
     throw new Error(`verify_at must be https: ${verifyAt}`);
   }
+  if (parsed.username || parsed.password) {
+    throw new Error(`verify_at must not contain userinfo: ${verifyAt}`);
+  }
   const host = parsed.hostname.toLowerCase();
   const allowed = allowlist.some((h) => h.toLowerCase() === host);
   if (!allowed) {
@@ -860,6 +898,15 @@ var AlterClient = class {
     await this.mcp.initialize();
   }
   // ── Free tier ────────────────────────────────────────────────────────
+  /** First handshake — confirms the connection, returns trust tier and tool counts. */
+  async helloAgent() {
+    return this.mcp.callTool("hello_agent", {});
+  }
+  /** Resolve a ~handle (e.g. ~drew) to its canonical form and kind. No auth required. */
+  async resolveHandle(args) {
+    const payload = typeof args === "string" ? { query: args } : args;
+    return this.mcp.callTool("alter_resolve_handle", payload);
+  }
   /** Verify a person is registered with ALTER (handle or id). */
   async verify(handleOrId, claims) {
     const args = handleOrId.includes("@") ? { candidate_id: "", email: handleOrId } : handleOrId.startsWith("~") ? (
@@ -896,12 +943,6 @@ var AlterClient = class {
   async getCompetencies(args) {
     return this.mcp.callTool("get_competencies", args);
   }
-  async createIdentityStub(args) {
-    return this.mcp.callTool("create_identity_stub", args);
-  }
-  async submitContext(args) {
-    return this.mcp.callTool("submit_context", args);
-  }
   async searchIdentities(args) {
     return this.mcp.callTool("search_identities", args);
   }
@@ -926,9 +967,6 @@ var AlterClient = class {
   async getPrivacyBudget(args) {
     return this.mcp.callTool("get_privacy_budget", args);
   }
-  async disputeAttestation(args) {
-    return this.mcp.callTool("dispute_attestation", args);
-  }
   // ── Golden Thread ────────────────────────────────────────────────────
   async goldenThreadStatus() {
     return this.mcp.callTool("golden_thread_status", {});
@@ -964,18 +1002,6 @@ var AlterClient = class {
   async generateMatchNarrative(args, opts) {
     return this.mcp.callTool("generate_match_narrative", args, opts);
   }
-  async submitBatchContext(args, opts) {
-    return this.mcp.callTool("submit_batch_context", args, opts);
-  }
-  async submitStructuredProfile(args, opts) {
-    return this.mcp.callTool("submit_structured_profile", args, opts);
-  }
-  async submitSocialLinks(args, opts) {
-    return this.mcp.callTool("submit_social_links", args, opts);
-  }
-  async attestDomain(args, opts) {
-    return this.mcp.callTool("attest_domain", args, opts);
-  }
   async getSideQuestGraph(args, opts) {
     return this.mcp.callTool("get_side_quest_graph", args, opts);
   }
@@ -1069,6 +1095,8 @@ function generateCursorConfig(opts = {}) {
 
 // src/types.ts
 var FREE_TOOL_NAMES = [
+  "hello_agent",
+  "alter_resolve_handle",
   "list_archetypes",
   "verify_identity",
   "initiate_assessment",
@@ -1076,8 +1104,6 @@ var FREE_TOOL_NAMES = [
   "get_profile",
   "query_matches",
   "get_competencies",
-  "create_identity_stub",
-  "submit_context",
   "search_identities",
   "get_identity_earnings",
   "get_network_stats",
@@ -1088,7 +1114,6 @@ var FREE_TOOL_NAMES = [
   "get_agent_trust_tier",
   "get_agent_portfolio",
   "get_privacy_budget",
-  "dispute_attestation",
   "golden_thread_status",
   "begin_golden_thread",
   "complete_knot",
@@ -1102,15 +1127,13 @@ var PREMIUM_TOOL_NAMES = [
   "compute_belonging",
   "get_match_recommendations",
   "generate_match_narrative",
-  "submit_batch_context",
-  "submit_structured_profile",
-  "submit_social_links",
-  "attest_domain",
   "get_side_quest_graph",
   "query_graph_similarity"
 ];
 var TOOL_TIERS = {
   // L0 (free)
+  hello_agent: 0,
+  alter_resolve_handle: 0,
   list_archetypes: 0,
   verify_identity: 0,
   initiate_assessment: 0,
@@ -1118,9 +1141,7 @@ var TOOL_TIERS = {
   get_profile: 0,
   query_matches: 0,
   get_competencies: 0,
-  create_identity_stub: 0,
-  submit_context: 1,
-  search_identities: 1,
+  search_identities: 0,
   get_identity_earnings: 0,
   get_network_stats: 0,
   recommend_tool: 0,
@@ -1128,8 +1149,6 @@ var TOOL_TIERS = {
   check_assessment_status: 0,
   get_earning_summary: 0,
   get_privacy_budget: 0,
-  dispute_attestation: 0,
-  // Free tools not present in upstream TOOL_TIERS — default to 0
   get_agent_trust_tier: 0,
   get_agent_portfolio: 0,
   golden_thread_status: 0,
@@ -1140,12 +1159,8 @@ var TOOL_TIERS = {
   // L1
   assess_traits: 1,
   get_trait_snapshot: 1,
-  submit_structured_profile: 1,
-  submit_social_links: 1,
-  attest_domain: 1,
   // L2
   get_full_trait_vector: 2,
-  submit_batch_context: 2,
   get_side_quest_graph: 2,
   // L3
   query_graph_similarity: 3,
@@ -1157,6 +1172,8 @@ var TOOL_TIERS = {
 };
 var TOOL_COSTS = {
   // L0 free
+  hello_agent: 0,
+  alter_resolve_handle: 0,
   list_archetypes: 0,
   verify_identity: 0,
   initiate_assessment: 0,
@@ -1164,7 +1181,6 @@ var TOOL_COSTS = {
   get_profile: 0,
   query_matches: 0,
   get_competencies: 0,
-  create_identity_stub: 0,
   search_identities: 0,
   get_identity_earnings: 0,
   get_network_stats: 0,
@@ -1175,22 +1191,16 @@ var TOOL_COSTS = {
   get_agent_trust_tier: 0,
   get_agent_portfolio: 0,
   get_privacy_budget: 0,
-  dispute_attestation: 0,
   golden_thread_status: 0,
   begin_golden_thread: 0,
   complete_knot: 0,
   check_golden_thread: 0,
   thread_census: 0,
   // L1 ($0.005)
-  submit_context: 5e-3,
   assess_traits: 5e-3,
   get_trait_snapshot: 5e-3,
-  submit_structured_profile: 5e-3,
-  submit_social_links: 5e-3,
-  attest_domain: 5e-3,
   // L2 ($0.01)
   get_full_trait_vector: 0.01,
-  submit_batch_context: 0.01,
   get_side_quest_graph: 0.01,
   // L3 ($0.025)
   query_graph_similarity: 0.025,
@@ -1202,6 +1212,8 @@ var TOOL_COSTS = {
 };
 var TOOL_BLAST_RADIUS = {
   // Low: read-only reference
+  hello_agent: "low",
+  alter_resolve_handle: "low",
   list_archetypes: "low",
   verify_identity: "low",
   get_engagement_level: "low",
@@ -1214,13 +1226,12 @@ var TOOL_BLAST_RADIUS = {
   begin_golden_thread: "low",
   check_golden_thread: "low",
   thread_census: "low",
-  dispute_attestation: "low",
   get_identity_earnings: "low",
   get_identity_trust_score: "low",
   initiate_assessment: "low",
+  get_agent_trust_tier: "low",
+  get_agent_portfolio: "low",
   // Medium: writes data or searches
-  create_identity_stub: "medium",
-  submit_context: "medium",
   search_identities: "medium",
   get_profile: "medium",
   query_matches: "medium",
@@ -1228,25 +1239,18 @@ var TOOL_BLAST_RADIUS = {
   complete_knot: "medium",
   assess_traits: "medium",
   get_trait_snapshot: "medium",
-  submit_structured_profile: "medium",
-  submit_social_links: "medium",
-  submit_batch_context: "medium",
-  attest_domain: "medium",
   // High: returns sensitive identity data or computes scores
   get_full_trait_vector: "high",
   compute_belonging: "high",
   get_match_recommendations: "high",
   generate_match_narrative: "high",
   get_side_quest_graph: "high",
-  query_graph_similarity: "high",
-  // Tools not in upstream TOOL_BLAST_RADIUS — default to "low"
-  get_agent_trust_tier: "low",
-  get_agent_portfolio: "low"
+  query_graph_similarity: "high"
 };
 
 // src/index.ts
 var SDK_NAME = "@truealter/sdk";
-var SDK_VERSION = "0.1.1";
+var SDK_VERSION = "0.2.4";
 
 exports.AlterAuthError = AlterAuthError;
 exports.AlterClient = AlterClient;
@@ -1290,5 +1294,3 @@ exports.sign = sign;
 exports.verify = verify;
 exports.verifyProvenance = verifyProvenance;
 exports.verifyToolSignatures = verifyToolSignatures;
-//# sourceMappingURL=index.cjs.map
-//# sourceMappingURL=index.cjs.map