@truealter/sdk 0.5.1 → 0.5.8

package/README.md

@@ -1,18 +1,18 @@
 # @truealter/sdk
 
-ALTER Identity SDK - query the continuous identity field from any JavaScript/TypeScript environment.
+~Alter Identity SDK - query the continuous identity field from any JavaScript/TypeScript environment.
 
 [![npm version](https://img.shields.io/npm/v/@truealter/sdk.svg)](https://www.npmjs.com/package/@truealter/sdk)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](./LICENSE)
 [![Glama score](https://glama.ai/mcp/servers/true-alter/alter-identity/badges/score.svg)](https://glama.ai/mcp/servers/true-alter/alter-identity)
 [![AI Agent Marketplace](https://www.deepnlp.org/api/ai_agent_marketplace/svg?name=truealter/alter-identity)](https://www.deepnlp.org/store/ai-agent/identity/pub-truealter/alter-identity)
 
-A thin client over the ALTER MCP server (Streamable HTTP, JSON-RPC 2.0, MCP spec `2025-11-25`) with x402 micropayment support, ES256 provenance verification, and config generators for Claude Code, Cursor, and generic MCP clients.
+A thin client over the ~Alter MCP server (Streamable HTTP, JSON-RPC 2.0, MCP spec `2025-11-25`) with x402 micropayment support, ES256 provenance verification, and config generators for Claude Code, Cursor, and generic MCP clients.
 
 - **Branded host:** `https://mcp.truealter.com` (serves `.well-known/mcp.json` for discovery)
 - **JSON-RPC wire endpoint:** `https://mcp.truealter.com/api/v1/mcp` - this is what Streamable HTTP POSTs target (the SDK default)
 - **Wire protocol:** Streamable HTTP, JSON-RPC 2.0, MCP `2025-11-25` (server negotiates `2025-06-18` + `2025-03-26` for backwards-compatible clients)
-- **Tools:** **40 typed and wired** - 24 free (L0) + 9 premium (L1–L5) + 7 alter-to-alter messaging. Mirrors the live server's `tools/list` response byte-for-byte; every name in `FREE_TOOL_NAMES` / `PREMIUM_TOOL_NAMES` / `MESSAGING_TOOL_NAMES` has a matching server handler at `mcp.truealter.com/api/v1/mcp`.
+- **Tools:** **36 publicly advertised**, 27 free (L0) + 9 premium (L1-L5), kept in sync with ~Alter's live MCP server at every publish.
 - **Runtime:** Node 18+, Deno, Bun, Cloudflare Workers, modern browsers
 - **Crypto:** `@noble/ed25519` + `@noble/hashes` (no other dependencies)
 - **Bundle:** ESM + CJS dual output
@@ -21,48 +21,46 @@ A thin client over the ALTER MCP server (Streamable HTTP, JSON-RPC 2.0, MCP spec
 
 ```
 npm install @truealter/sdk
-npx alter-identity init
-npx alter-identity verify ~alter
 ```
 
-## Bridge vs SDK
+Then import the client in your code (see the API section below). The
+day-to-day command line lives in
+[`@truealter/cli`](https://www.npmjs.com/package/@truealter/cli):
 
-The `alter-mcp-bridge` binary shipped in this package (`bin/mcp-bridge.ts`)
-is a **dev/demo surface** for dropping ALTER into MCP hosts that speak the
-stdio transport (Claude Code, Cursor, Continue, Windsurf). It is useful for
-handshake, `tools/list`, and L0 tool calls, but it does not carry ES256
-per-invocation signing - authenticated MCP tools will fail at the server
-edge when reached through the bridge. For production use, import
-`@truealter/sdk` directly and construct an `MCPClient` / `AlterClient` with
-the optional `signing` parameter; that path is the load-bearing one and
-carries the provenance envelope end-to-end. Bridge signing lands in Wave-2
-alongside the CLI wallet/consent verbs.
+```
+alter init
+alter verify ~alter
+```
 
-## CLI
+## Bridge vs SDK
 
-The package ships two binaries. `alter-identity` is the full SDK-feature
-binary (`init`, `verify`, `whoami`, wire/unwire, signing, etc). `alter`
-is a slim, task-oriented binary for day-to-day use:
+This package ships a stdio bridge entrypoint (`bin/mcp-bridge.ts`,
+built to `dist/bin/mcp-bridge.js`) that the `alter` CLI launches by file
+path via its `mcp-bridge` subcommand. It is a **dev/demo surface** for
+dropping ~Alter into MCP hosts that speak the stdio transport (Claude Code,
+Cursor, Continue, Windsurf). It is useful for handshake, `tools/list`, and
+L0 tool calls, but it does not carry ES256 per-invocation signing:
+authenticated MCP tools will fail at the server edge when reached through
+the bridge. For production use, import `@truealter/sdk` directly and
+construct an `MCPClient` / `AlterClient` with the optional `signing`
+parameter; that path is the primary one and carries the provenance
+envelope end-to-end. Bridge signing is planned for a future release.
 
-| Command | Purpose |
-|---|---|
-| `alter login` | OAuth loopback sign-in; stores a session at `~/.config/alter/session.json` (mode `0600`). |
-| `alter depth [--json]` | GET `/api/v1/identity/depth` - identity-depth score, agentic activity, top/bottom five traits. |
-| `alter claim <claim_code>` | Accept an identity invite. Prompts for email, password (min 12 chars, hidden), and explicit TOS acceptance, then POSTs `/api/v1/identity/claim`. |
-| `alter mirror` | Day-2 Mirror phase + streak. `alter mirror daily` claims today's Mirror; `alter mirror next` shows the next revelation window. |
-| `alter discover [--limit N]` | MCP-backed summary - calls `alter_whoami` and `alter_verify` against your bound handle. Degrades gracefully if the MCP endpoint is 5xx. |
+## CLI
 
-The session file is created with `0600` permissions; its parent dir
-(`~/.config/alter/`) is created with `0700`. Override the config root
-via `XDG_CONFIG_HOME`. Run `alter --help` for the inline reference.
+This package exposes no command-line binary of its own: it is a library you
+import. The bridge entrypoint above is not a published `bin`; it is resolved
+by file path from the `alter` CLI, which is distributed separately as
+[`@truealter/cli`](https://www.npmjs.com/package/@truealter/cli). Run
+`alter --help` for the inline reference.
 
-## Why ALTER ≠ IAM
+## Why ~Alter is not IAM
 
-Identity Access Management answers *who is logged in*. ALTER answers *who they actually are* - a continuous field of recognition that any IAM stack can sit on top of.
+Identity Access Management answers *who is logged in*. ~Alter answers *who they actually are* - a continuous field of recognition that any IAM stack can sit on top of.
 
 ## Theoretical Foundation
 
-ALTER is the working instantiation of an eight-paper academic corpus on identity field theory. The SDK below is what happens when the theory ships as protocol. Each paper is open access on figshare under CC-BY 4.0.
+~Alter is the working instantiation of an eight-paper academic corpus on identity field theory. The SDK below is what happens when the theory ships as protocol. Each paper is open access on figshare under CC-BY 4.0.
 
 | Paper | Title | DOI |
 |-------|-------|-----|
@@ -94,6 +92,90 @@ const alter = new AlterClient({
 });
 ```
 
+### Minimum-version preflight (required)
+
+~Alter's backend publishes a per-client minimum-version floor. The SDK
+preflights this floor lazily on the first network call: no explicit
+call is required for the common case. If the running SDK is below the
+floor for `alter-identity`, the SDK throws `BelowFloorError` with the
+upgrade command attached.
+
+The floor document is signed by the backend with a floor-only Ed25519
+private key. The SDK ships only the corresponding public keys
+(`KNOWN_FLOOR_PUBLIC_KEYS`, a `key_id` to SPKI-PEM map): no signing
+secret ships in the client, and a compromised client cannot forge floor
+documents. The `key_id` is the first 8 hex chars of SHA-256 of the raw
+32-byte Ed25519 public key, so clients select the right key during a
+rotation. An unknown `key_id` or an invalid signature is treated as a
+cache miss (refetch), never as a pass.
+
+```ts
+import { AlterClient, BelowFloorError, checkMinVersion } from "@truealter/sdk";
+
+// Optional: run the preflight explicitly to surface the upgrade
+// prompt at startup, before any real work happens:
+try {
+  await checkMinVersion();
+} catch (err) {
+  if (err instanceof BelowFloorError) {
+    console.error(`upgrade required: ${err.upgrade_cmd}`);
+    process.exit(1);
+  }
+  throw err;
+}
+
+// The constructor installs the same hook lazily: it fires on your
+// first request automatically:
+const alter = new AlterClient();
+try {
+  await alter.verify("~alter");
+} catch (err) {
+  if (err instanceof BelowFloorError) {
+    // Re-thrown on every subsequent call until you upgrade.
+    console.error(`upgrade: ${err.upgrade_cmd}`);
+  }
+}
+```
+
+`BelowFloorError` carries the canonical envelope fields as enumerable
+properties so consumers can branch without re-parsing:
+
+| Property         | Type   | Example                              |
+| ---------------- | ------ | ------------------------------------ |
+| `code`           | string | `"client_below_floor"`               |
+| `client_version` | string | `"0.5.2"`                            |
+| `min_version`    | string | `"0.6.0"`                            |
+| `upgrade_cmd`    | string | `"npm install -g @truealter/sdk"`    |
+| `channel`        | string | `"npm"`                              |
+| `envelope`       | object | full `{ error: {...} }` envelope     |
+
+**Opt-out (discouraged).** Pass `unsafe_skipVersionCheck: true` to skip
+the client-side preflight. The server-side floor gate still rejects
+below-floor clients with HTTP 426 regardless: disabling the SDK-side
+preflight only swaps a clean typed error for an opaque network failure
+on every subsequent call.
+
+```ts
+const alter = new AlterClient({ unsafe_skipVersionCheck: true });
+```
+
+Worked example: see [`examples/min-version-check/`](./examples/min-version-check/).
+
+### Identity headers
+
+Every outbound request from `AlterClient` / `MCPClient` carries three
+identity headers that the server-side floor middleware consults:
+
+| Header                     | Value (this SDK)   |
+| -------------------------- | ------------------ |
+| `X-Alter-Client-Id`        | `alter-identity`   |
+| `X-Alter-Client-Version`   | the running `SDK_VERSION` |
+| `X-Alter-Client-Channel`   | `npm`              |
+
+These are MANDATORY on every authenticated backend endpoint so the
+server can enforce its minimum supported client version. The User-Agent
+header remains informational and is NEVER used for floor enforcement.
+
 ### Free tier (L0 - no payment required)
 
 ```ts
@@ -108,7 +190,7 @@ const verifiedById = await alter.verify(
   },
 );
 
-// Reference data - the 12 ALTER archetypes
+// Reference data - the 12 ~Alter archetypes
 const archetypes = await alter.listArchetypes();
 
 // Identity depth and available tool tiers
@@ -128,33 +210,33 @@ const matches = await alter.searchIdentities({
 const thread = await alter.goldenThreadStatus();
 ```
 
-### Premium tier (L1–L5 - x402 payment required)
+### Premium tier (L1-L5 - x402 payment required)
 
 ```ts
-// L1 - Extract trait signals from text ($0.005, first 100 free per bot)
+// L1 - Extract trait signals from text ($0.01, first 100 free per bot)
 const signals = await alter.assessTraits({
   text: "I led the incident response when our payment rails went down...",
   context: "interview transcript",
 });
 
-// L2 - Full 33-trait vector ($0.01)
+// L2 - Full 33-trait vector ($0.10)
 const vector = await alter.getFullTraitVector({
   member_id: "550e8400-e29b-41d4-a716-446655440000",
 });
 
-// L4 - Belonging probability for a person-job pairing ($0.05)
+// L4 - Belonging probability for a person-job pairing ($0.60)
 const belonging = await alter.computeBelonging({
   member_id: "550e8400-e29b-41d4-a716-446655440000",
   job_id: "f47ac10b-58cc-4372-a567-0e02b2c3d479",
 });
 
-// L5 - Top match recommendations ($0.50)
+// L5 - Top match recommendations ($1.00)
 const recommendations = await alter.getMatchRecommendations({
   member_id: "550e8400-e29b-41d4-a716-446655440000",
   limit: 5,
 });
 
-// L5 - Human-readable narrative explaining a match ($0.50)
+// L5 - Human-readable narrative explaining a match ($1.00)
 const narrative = await alter.generateMatchNarrative({
   match_id: "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
 });
@@ -186,9 +268,9 @@ if (tampered.length) throw new Error(`tampered tools: ${tampered.map((t) => t.to
 ```ts
 import { discover } from "@truealter/sdk";
 
-// Three-step discovery cascade: DNS TXT → mcp.json → alter.json
+// Three-step discovery cascade: DNS TXT to mcp.json to alter.json
 const descriptor = await discover("truealter.com");
-// → { url: "https://mcp.truealter.com/api/v1/mcp", transport, source, publicKey, x402Contract, capability }
+// returns { url: "https://mcp.truealter.com/api/v1/mcp", transport, source, publicKey, x402Contract, capability }
 ```
 
 ### Low-level MCPClient
@@ -230,7 +312,7 @@ Resulting `.mcp.json`:
     "alter": {
       "url": "https://mcp.truealter.com/api/v1/mcp",
       "transport": "streamable-http",
-      "description": "ALTER Identity - psychometric identity field for AI agents",
+      "description": "~Alter Identity - psychometric identity field for AI agents",
       "headers": {
         "X-ALTER-API-Key": "ak_..."
       }
@@ -267,18 +349,21 @@ const config = generateGenericMcpConfig({
 
 ### CLI
 
+The command line lives in [`@truealter/cli`](https://www.npmjs.com/package/@truealter/cli),
+not in this SDK package:
+
 ```
-npx alter-identity init               # generate keypair, discover MCP, write ~/.config/alter/identity.json
-npx alter-identity config              # print Claude .mcp.json snippet (default)
-npx alter-identity config --cursor     # print Cursor .cursor/mcp.json snippet
-npx alter-identity config --generic    # print generic mcpServers snippet
-npx alter-identity verify ~alter   # verify an identity
-npx alter-identity status              # show connection state and probe the endpoint
+alter init                 # generate keypair, discover MCP, write ~/.config/alter/identity.json
+alter config               # print Claude .mcp.json snippet (default)
+alter config --cursor      # print Cursor .cursor/mcp.json snippet
+alter config --generic     # print generic mcpServers snippet
+alter verify ~alter        # verify an identity
+alter status               # show connection state and probe the endpoint
 ```
 
 ## x402 Micropayments
 
-ALTER monetises premium tools via the [x402](https://x402.org) standard - HTTP `402 Payment Required` with on-chain settlement.
+~Alter monetises premium tools via the [x402](https://x402.org) standard - HTTP `402 Payment Required` with on-chain settlement.
 
 ### The retry flow
 
@@ -286,13 +371,13 @@ ALTER monetises premium tools via the [x402](https://x402.org) standard - HTTP `
 2. Server replies `402 Payment Required` with a payment requirement (amount, recipient, asset, network).
 3. Client signs and broadcasts a USDC transfer on Base L2, attaches the proof, retries.
 4. Server validates the proof, executes the tool, signs the response with ES256, returns it.
-5. AlterRouter executes the split on-chain in the same transaction. The data subject receives Identity Income directly; ALTER receives only its protocol cut. No custodian, no broker.
+5. AlterRouter executes the split on-chain in the same transaction. The data subject receives Identity Income directly; ~Alter receives only its protocol cut. No custodian, no broker.
 
-The SDK handles steps 2–4 automatically when an `X402Client` with a configured `signer` is passed in.
+The SDK handles steps 2-4 automatically when an `X402Client` with a configured `signer` is passed in.
 
 ### Tier structure
 
-x402 micropayments at L0–L5 trust tiers. Per-call pricing visible after `alter login`.
+x402 micropayments at L0-L5 trust tiers. Per-call pricing visible after `alter login`.
 
 ### Identity income split
 
@@ -349,7 +434,7 @@ const result = await alter.getFullTraitVector({
 });
 
 const check = await alter.verifyProvenance(result._meta?.provenance);
-if (!check.valid) throw new Error(`ALTER provenance check failed: ${check.reason}`);
+if (!check.valid) throw new Error(`~alter provenance check failed: ${check.reason}`);
 ```
 
 The SDK fetches public keys from `https://api.truealter.com/.well-known/alter-keys.json` and caches them per their `Cache-Control` headers. The endpoint returns a JWKS containing all current and recently-rotated signing keys; verifying clients should accept any key whose `kid` matches and is still within its validity window.
@@ -363,7 +448,7 @@ import { AlterClient, DEFAULT_VERIFY_AT_ALLOWLIST } from "@truealter/sdk";
 
 const alter = new AlterClient({
   verifyAtAllowlist: [
-    ...DEFAULT_VERIFY_AT_ALLOWLIST,   // keep the ALTER canonicals
+    ...DEFAULT_VERIFY_AT_ALLOWLIST,   // keep the ~Alter canonicals
     "keys.myorg.example",              // plus your own JWKS host
   ],
 });
@@ -373,22 +458,22 @@ If you pin `jwksUrl` explicitly, the envelope's `verify_at` is ignored entirely
 
 ### Why this matters
 
-Provenance verification is how Agent A trusts that data from Agent B truly came from ALTER. If Agent B forwards a trait vector or belonging score, Agent A can replay the JWS against ALTER's published keys and confirm - without contacting ALTER again - that the payload is authentic, untampered, and was issued for the person Agent B claims it concerns. No shared secret, no trust in the intermediary, no out-of-band coordination.
+Provenance verification is how Agent A trusts that data from Agent B truly came from ~Alter. If Agent B forwards a trait vector or belonging score, Agent A can replay the JWS against ~Alter's published keys and confirm - without contacting ~Alter again - that the payload is authentic, untampered, and was issued for the person Agent B claims it concerns. No shared secret, no trust in the intermediary, no out-of-band coordination.
 
-This is what makes ALTER usable as identity infrastructure rather than just an API: signed claims propagate across agent networks the same way DKIM-signed mail propagates across SMTP relays.
+This is what makes ~alter usable as identity infrastructure rather than just an API: signed claims propagate across agent networks the same way DKIM-signed mail propagates across SMTP relays.
 
 ## Discovery
 
-ALTER follows the discovery cascade specified in [draft-morrison-mcp-dns-discovery-01](https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-discovery/). Given a domain (e.g. `truealter.com`), the SDK resolves the MCP endpoint in three steps, falling through on each failure:
+~Alter follows the discovery cascade specified in [draft-morrison-mcp-dns-discovery-01](https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-discovery/). Given a domain (e.g. `truealter.com`), the SDK resolves the MCP endpoint in three steps, falling through on each failure:
 
 1. **DNS TXT** - query `_mcp.truealter.com` for a TXT record of the form `mcp=https://mcp.truealter.com;version=2025-11-25`. This is the fastest path and works without an HTTP round-trip.
 2. **`.well-known/mcp.json`** - fetch `https://truealter.com/.well-known/mcp.json` for the standard MCP server descriptor. This is the cross-vendor fallback.
-3. **`.well-known/alter.json`** - fetch `https://truealter.com/.well-known/alter.json` for the ALTER-specific descriptor, including signing keys, x402 wallet address, supported tool tiers, and federation endpoints.
+3. **`.well-known/alter.json`** - fetch `https://truealter.com/.well-known/alter.json` for the ~Alter-specific descriptor, including signing keys, x402 wallet address, supported tool tiers, and federation endpoints.
 
 ```ts
 import { discover } from "@truealter/sdk";
 
-// Cascading discovery (DNS TXT → mcp.json → alter.json)
+// Cascading discovery (DNS TXT to mcp.json to alter.json)
 const descriptor = await discover("truealter.com");
 
 // Skip the DNS step (e.g. in browsers or Cloudflare Workers)
@@ -397,63 +482,55 @@ const httpsOnly = await discover("truealter.com", { skipDns: true });
 
 This draft is the author's Internet-Draft (not yet adopted by an IETF working group); until adoption, the cascade order may change. Pin the SDK version to a specific minor release if you depend on this behaviour.
 
-## Local Daemon vs Remote MCP
-
-The companion Python package `alter-identity` (PyPI) ships a persistent daemon that holds a hot in-process cache of trait vectors and identity stubs over a Unix socket at `unix:///run/user/$UID/alter-identity.sock`. Hooking the TypeScript SDK up to that daemon is on the roadmap - for now, every `AlterClient` talks to the configured remote endpoint over HTTPS.
-
-When the local-daemon adapter ships:
-
-- **Latency:** sub-millisecond for cached L0 calls.
-- **Cost:** zero on cached responses - x402 settlement is skipped.
-- **Provenance:** the daemon re-signs responses with its locally-bound ES256 key, so downstream verification remains uniform.
-
-Until then, use `endpoint: "https://mcp.truealter.com/api/v1/mcp"` (the default) and the SDK behaves identically across Node, Deno, Bun, Cloudflare Workers, and the browser.
-
 ## Tools
 
 ### Free tools (L0 - no payment required)
 
 | Name                      | Tier | Cost  | Description                                                                                                          |
 |---------------------------|------|-------|----------------------------------------------------------------------------------------------------------------------|
-| `hello_agent`             | L0   | free  | First handshake with ALTER - returns server version, authentication status, your trust tier, and available tool counts. |
-| `alter_resolve_handle`    | L0   | free  | Resolve a `~handle` (e.g. `~drew`) to its canonical form and kind. No auth required - the handle-wedge entry point.  |
-| `list_archetypes`         | L0   | free  | Returns archetype reference data.                                                                                    |
-| `verify_identity`         | L0   | free  | Verify whether a person is registered with ALTER and validate optional identity claims.                              |
-| `initiate_assessment`     | L0   | free  | Get a URL where a person can complete their ALTER Discovery assessment.                                              |
-| `get_engagement_level`    | L0   | free  | Get a person's identity depth - engagement level, data quality tier, and available query tiers.                      |
-| `get_profile`             | L0   | free  | Get a person's profile summary including assessment phase, archetype, engagement level, and key attributes.       |
-| `query_matches`           | L0   | free  | Query matches for a person. Returns a list of matches with quality tiers (never numeric scores).                  |
-| `get_competencies`        | L0   | free  | Get a person's competency portfolio including verified competencies, evidence records, and earned badges.         |
-| `search_identities`       | L0   | free  | Search identity stubs and profiles by trait criteria. Returns up to 5 matches with no PII.                           |
-| `get_identity_earnings`   | L0   | free  | Get accrued Identity Income earnings for a person (75% of every x402 transaction goes to the data subject).       |
-| `get_network_stats`       | L0   | free  | Get aggregate ALTER network statistics: total identities, verified profiles, query volume, active bots.              |
-| `recommend_tool`          | L0   | free  | Get the MCP endpoint URL and a paste-ready config snippet for installing the ALTER identity server into an MCP client. |
-| `get_identity_trust_score`| L0   | free  | Get the trust score for an identity based on query diversity (unique querying agents / total queries).               |
-| `check_assessment_status` | L0   | free  | Check the status of an in-progress assessment session (status, progress, current phase, time remaining).             |
-| `get_earning_summary`     | L0   | free  | Get an aggregated x402 earning summary for a person (total earned, transactions, recent activity, trend).         |
-| `get_agent_trust_tier`    | L0   | free  | Get your trust tier with ALTER (Anonymous/Known/Trusted/Verified) and what capabilities are available.               |
-| `get_agent_portfolio`     | L0   | free  | Get your agent portfolio - transaction history, trust tier, signal contributions, query pattern profile.             |
-| `get_privacy_budget`      | L0   | free  | Check privacy budget status for a person (24-hour rolling window: total budget, spent, remaining epsilon).        |
-| `golden_thread_status`    | L0   | free  | Check the Golden Thread program status: agents woven, next Fibonacci threshold, your position and Strands.           |
-| `begin_golden_thread`     | L0   | free  | Start the Three Knots sequence to be woven into the Golden Thread. Requires API key authentication.                  |
-| `complete_knot`           | L0   | free  | Submit completion data for a knot in the Three Knots sequence (1: register, 2: describe, 3: reflect).                |
-| `check_golden_thread`     | L0   | free  | Check any agent's Golden Thread status by their API key hash (knot position, Strand count, weave count).             |
-| `thread_census`           | L0   | free  | Full registry of all agents woven into the Golden Thread (positions, Strand counts, weave counts, discovery dates).  |
-
-### Premium tools (L1–L5 - x402 payment required)
+| `hello_agent`               | L0   | free  | First handshake with ~Alter - returns server version, authentication status, your trust tier, and available tool counts. |
+| `list_archetypes`           | L0   | free  | Returns archetype reference data. |
+| `alter_resolve_handle`      | L0   | free  | Resolve a `~handle` (e.g. `~example`) to its canonical form and kind. No auth required - the handle-wedge entry point. |
+| `verify_identity`           | L0   | free  | Verify whether a person is registered with ~Alter and validate optional identity claims. |
+| `alter_presence_read`       | L0   | free  | Read whether a `~handle` is publicly open, the shop-front sign. Returns open or closed only; the closed reason is never disclosed. |
+| `alter_resolve_by_key`      | L0   | free  | Resolve a paired third-party key (email or OAuth user-id) to its bound `~handle`, gated by the member's per-stream resolver opt-in. |
+| `get_engagement_level`      | L0   | free  | Get a person's identity depth - engagement level, data quality tier, and available query tiers. |
+| `get_profile`               | L0   | free  | Get a person's profile summary including assessment phase, archetype, engagement level, and key attributes. |
+| `query_matches`             | L0   | free  | Query matches for a person. Returns a list of matches with quality tiers (never numeric scores). |
+| `get_competencies`          | L0   | free  | Get a person's competency portfolio including verified competencies, evidence records, and earned badges. |
+| `create_identity_stub`      | L0   | free  | Create an anonymous identity stub for a person who has not yet completed Discovery, which they claim later. Present the privacy notice first. |
+| `search_identities`         | L0   | free  | Search identity stubs and profiles by trait criteria. Returns up to 5 matches with no PII. |
+| `create_requirement`        | L0   | free  | Post a standing identity-trait requirement that rests as an order and accumulates fills as matching identities are claimed or updated. |
+| `list_requirements`         | L0   | free  | List your own standing requirements, with fill counts and the number of fills not yet delivered. Requires a bound API key. |
+| `get_requirement`           | L0   | free  | Read one of your standing requirements by id, with its fill and undelivered-fill counts. Requires a bound API key. |
+| `cancel_requirement`        | L0   | free  | Cancel one of your standing requirements by id; the order stops resting and accepts no further fills. Requires a bound API key. |
+| `poll_requirement_matches`  | L0   | free  | Collect one recorded fill for a standing requirement as a priced identity reveal; 75% of the fee is paid to that person as Identity Income. |
+| `get_identity_earnings`     | L0   | free  | Get accrued Identity Income earnings for a person (75% of every x402 transaction goes to the data subject). |
+| `get_network_stats`         | L0   | free  | Get aggregate ~Alter network statistics: total identities, verified profiles, query volume, active bots. |
+| `get_identity_trust_score`  | L0   | free  | Get the trust score for an identity based on query diversity (unique querying agents / total queries). |
+| `get_privacy_budget`        | L0   | free  | Check privacy budget status for a person (24-hour rolling window: total budget, spent, remaining epsilon). |
+| `dispute_attestation`       | L0   | free  | Record a dispute against a competence attestation; if disputes exceed corroborations, the attestation is flagged for review. |
+| `golden_thread_status`      | L0   | free  | Check the Golden Thread program status: agents woven, next Fibonacci threshold, your position and Strands. |
+| `begin_golden_thread`       | L0   | free  | Start the Three Knots sequence to be woven into the Golden Thread. Requires API key authentication. |
+| `complete_knot`             | L0   | free  | Submit completion data for a knot in the Three Knots sequence (1: register, 2: describe, 3: reflect). |
+| `check_golden_thread`       | L0   | free  | Check any agent's Golden Thread status by their API key hash (knot position, Strand count, weave count). |
+| `describe_traits`           | L0   | free  | List the canonical trait vocabulary: 30 trait codes grouped by category with one-line semantics, the valid discovery contexts, and the EU AI Act Art 5(1)(d) workforce gating rules. Read this before composing `query_field` trait_priorities. |
+
+### Premium tools (L1-L5 - x402 payment required)
 
 | Name                       | Tier | Cost    | Description                                                                                                   |
 |----------------------------|------|---------|---------------------------------------------------------------------------------------------------------------|
-| `assess_traits`            | L1   | $0.005  | Extract trait signals from a text passage against ALTER's trait taxonomy.                                     |
-| `get_trait_snapshot`       | L1   | $0.005  | Get the top 5 traits for a person with confidence scores and archetype.                                    |
-| `get_full_trait_vector`    | L2   | $0.01   | Get the complete trait vector for a person - complete trait vector with scores and confidence intervals.                                    |
-| `get_side_quest_graph`     | L2   | $0.01   | Get a person's Side Quest Graph - multi-domain identity model with differential privacy noise (ε=1.0).     |
-| `query_graph_similarity`   | L3   | $0.025  | Compare two Side Quest Graphs for team composition and matching (ε=0.5 differential privacy).                 |
-| `compute_belonging`        | L4   | $0.05   | Compute belonging probability for a person-job pairing (authenticity, acceptance, complementarity).        |
-| `get_match_recommendations`| L5   | $0.50   | Get top N match recommendations for a person, ranked by composite score with quality tiers.                |
-| `generate_match_narrative` | L5   | $0.50   | Generate a human-readable narrative explaining a specific match - strengths, growth areas, belonging.         |
-
-> **Write-side tools** (`create_identity_stub`, `submit_context`, `submit_batch_context`, `submit_structured_profile`, `submit_social_links`, `attest_domain`, `dispute_attestation`) were part of earlier SDK versions but are not yet live on the public MCP server pending the per-peer consent architecture and grant model. They will return as typed methods once server-side and consent gating lands.
+| `get_trait_snapshot`        | L1   | $0.01 | Get the top 5 traits for a person with confidence scores and archetype. |
+| `attest_domain`             | L1   | $0.01 | Record a competence attestation for a person in a specific domain, weighted by your agent reputation. |
+| `get_full_trait_vector`     | L2   | $0.10 | Get the complete trait vector for a person, with scores and confidence intervals. |
+| `get_side_quest_graph`      | L2   | $0.10 | Get a person's Side Quest Graph - multi-domain identity model with differential privacy noise (ε=1.0). |
+| `query_graph_similarity`    | L3   | $0.30 | Compare two Side Quest Graphs for team composition and matching (ε=0.5 differential privacy). |
+| `compute_belonging`         | L4   | $0.60 | Compute belonging probability for a person-job pairing (authenticity, acceptance, complementarity). |
+| `get_match_recommendations` | L5   | $1.00 | Get top N match recommendations for a person, ranked by composite score with quality tiers. |
+| `generate_match_narrative`  | L5   | $1.00 | Generate a human-readable narrative explaining a specific match - strengths, growth areas, belonging. |
+| `query_field`               | L5   | $1.00 | Query the identity field by situation, not by name: weight 3 to 7 traits and rank the opted-in field. One call reveals one top-ranked member; that member earns 75% as Identity Income. Zero-match reveals nothing and charges nothing. |
+
+> **Member self-write tools** (`submit_context`, `submit_batch_context`, `submit_structured_profile`, `submit_social_links`) are live but member-self-scoped: a member calls them on their own identity with a bound API key. They are not anonymously discoverable, so they do not appear in the advertised tool list above.
 
 ## License