@unfragile/mcp-server 0.2.0 → 0.3.0

package/README.md

@@ -1,6 +1,8 @@
 # @unfragile/mcp-server
 
-Query the [Unfragile match graph](https://unfragile.ai) from any AI agent. Find AI tools, assemble harness stacks, compare artifacts — every query feeds the graph.
+Query the [Unfragile match graph](https://unfragile.ai) from any AI agent. Find AI artifacts, discover MCP servers, assemble stacks, compare alternatives, and fetch trust passports. Every query feeds the graph.
+
+Unfragile is built for the agent era: humans click links, agents call capabilities. This server gives Claude Code, Cursor, Windsurf, Claude Desktop, and custom MCP clients a runtime discovery and trust layer for AI artifacts.
 
 ## Install
 
@@ -62,24 +64,31 @@ Add to `~/.codeium/windsurf/mcp_config.json`:
 | `search` | Find AI tools by intent. "best framework for building AI agents" |
 | `find_mcps` | Discover MCP servers by capability. "Postgres + Slack integration" |
 | `get_artifact` | Get full details + capabilities for a specific artifact |
+| `resolve_capability` | Resolve a `capability://...` URI to ranked trusted artifacts |
+| `trust_passport` | Get machine-readable trust evidence: capability URIs, permissions, data access risk, failure modes |
 | `compare` | Compare two artifacts side-by-side |
 | `find_stack` | Assemble a complete harness stack for a use case |
+| `feedback` | Report success/failure to improve future routing |
+| `subscribe` | Watch for new artifacts matching a capability need |
+| `unsubscribe` | Cancel a monitor |
 
 ## Examples
 
 Once installed, ask your agent:
 
 - "Find me MCP servers for Postgres and Slack"
+- "Resolve capability://database.postgres.query.readonly"
 - "What's the best framework for building AI agents?"
 - "Compare LangChain vs CrewAI"
+- "Get the trust passport for Cursor"
 - "I'm building a customer support agent — what tools do I need?"
 - "Get details on Cursor's capabilities"
 
 ## How it works
 
-The MCP server calls the [Unfragile API](https://unfragile.ai/api/v1/search) under the hood. Every query becomes a match record in the graph — the graph learns from every interaction, regardless of where it happens.
+The MCP server calls the [Unfragile API](https://unfragile.ai/docs) under the hood. Search and stack queries become match records in the graph. Trust passport requests use `/api/v1/passport/{slug}` to return artifact identity, capability URIs, constraints, permissions, data access risk, observed outcomes, and UnfragileRank evidence.
 
-10,000+ AI artifacts. 33,000+ capabilities. The match graph for AI.
+13,160 active AI artifacts. 106,955 capabilities. 24 populated software categories. The match graph for AI.
 
 ## Environment Variables
 

package/dist/index.js

@@ -10,6 +10,8 @@
 //   search         — Find AI tools by intent/query (with Match Proof)
 //   find_mcps      — Discover MCP servers by capability need
 //   get_artifact   — Get full details + capabilities for an artifact
+//   resolve_capability — Resolve capability:// URIs to trusted artifacts
+//   trust_passport — Get machine-readable trust passport for an artifact
 //   compare        — Compare two artifacts side-by-side
 //   find_stack     — Assemble a complete harness stack for a use case
 //   feedback       — Report success/failure to close the learning loop
@@ -55,6 +57,57 @@ async function searchAPI(query, options = {}) {
         clearTimeout(timeout);
     }
 }
+async function passportAPI(slug) {
+    const headers = { Accept: "application/json" };
+    if (API_KEY)
+        headers["X-API-Key"] = API_KEY;
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 15_000);
+    try {
+        const res = await fetch(`${API_BASE}/api/v1/passport/${encodeURIComponent(slug)}`, {
+            headers,
+            signal: controller.signal,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`Unfragile passport API error ${res.status}: ${text}`);
+        }
+        return res.json();
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+async function resolveAPI(capability, options = {}) {
+    const params = new URLSearchParams({ capability, source: SOURCE });
+    if (options.limit)
+        params.set("limit", String(options.limit));
+    if (options.type)
+        params.set("type", options.type);
+    if (options.risk)
+        params.set("risk", options.risk);
+    if (options.passport)
+        params.set("passport", "true");
+    const headers = { Accept: "application/json" };
+    if (API_KEY)
+        headers["X-API-Key"] = API_KEY;
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 15_000);
+    try {
+        const res = await fetch(`${API_BASE}/api/v1/resolve?${params}`, {
+            headers,
+            signal: controller.signal,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`Unfragile resolver API error ${res.status}: ${text}`);
+        }
+        return res.json();
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
 // ─── Formatters ──────────────────────────────────────────────
 /** Extract a readable name from a URL when artifact.name is a raw URL */
 function cleanName(name, url) {
@@ -135,10 +188,76 @@ function formatResults(data) {
     }
     return lines.join("\n");
 }
+function formatPassport(data) {
+    const p = data.unfragile;
+    const lines = [];
+    lines.push(`# Trust Passport: ${p.artifact.name}`);
+    lines.push(`**Type:** ${p.artifact.type} | **Trust Score:** ${p.trust.score}/100 | **Verified:** ${p.trust.verified ? "Yes ✓" : "No"}`);
+    lines.push(`**Data access risk:** ${p.trust.data_access_risk}`);
+    lines.push(`**URL:** ${p.artifact.url}`);
+    if (p.trust.permissions.length > 0) {
+        lines.push(`\n## Permissions / Requirements`);
+        for (const permission of p.trust.permissions)
+            lines.push(`- ${permission}`);
+    }
+    if (p.trust.failure_modes.length > 0) {
+        lines.push(`\n## Known Failure Modes`);
+        for (const failure of p.trust.failure_modes)
+            lines.push(`- ${failure}`);
+    }
+    lines.push(`\n## Observed Outcomes`);
+    lines.push(`- Matches: ${p.trust.observed_outcomes.matches}`);
+    lines.push(`- Success rate: ${Math.round(p.trust.observed_outcomes.success_rate * 100)}%`);
+    lines.push(`- Avg confidence: ${Math.round(p.trust.observed_outcomes.avg_confidence * 100)}%`);
+    if (p.trust.observed_outcomes.top_intents.length > 0) {
+        lines.push(`- Top intents: ${p.trust.observed_outcomes.top_intents.join(", ")}`);
+    }
+    if (p.capabilities.length > 0) {
+        lines.push(`\n## Capability URIs`);
+        for (const cap of p.capabilities.slice(0, 8)) {
+            lines.push(`- \`${cap.uri}\` — ${cap.name} (${Math.round(cap.confidence * 100)}% confidence)`);
+        }
+    }
+    lines.push(`\n→ Full passport JSON: ${data._links.self}`);
+    lines.push(`→ Artifact page: ${p.artifact.page_url}`);
+    return lines.join("\n");
+}
+function formatResolve(data) {
+    const lines = [];
+    lines.push(`# Resolve: ${data.capability}`);
+    lines.push(`Normalized query: ${data.normalizedQuery}`);
+    lines.push(`Mode: ${data.resolver.mode} | Risk mode: ${data.resolver.riskMode}`);
+    if (data.resolutions.length === 0) {
+        lines.push("\nNo trusted artifacts resolved for this capability. This is a demand gap.");
+        return lines.join("\n");
+    }
+    for (let i = 0; i < data.resolutions.length; i++) {
+        const r = data.resolutions[i];
+        const verified = r.artifact.verified ? " ✓" : "";
+        lines.push(`\n## ${i + 1}. ${r.artifact.name}${verified}`);
+        lines.push(`**Type:** ${r.artifact.type} | **Resolver score:** ${r.resolverScore}/100 | **Trust:** ${r.trust.score}/100 | **Risk:** ${r.dataAccessRisk}`);
+        lines.push(`**URL:** ${r.artifact.url}`);
+        if (r.capabilities.length > 0) {
+            lines.push("**Matched capabilities:**");
+            for (const cap of r.capabilities.slice(0, 4)) {
+                lines.push(`- ${cap.name} (${Math.round(cap.matchScore * 100)}% match)`);
+                if (cap.requires.length > 0)
+                    lines.push(`  Requires: ${cap.requires.join(", ")}`);
+                if (cap.limitations.length > 0)
+                    lines.push(`  Limitations: ${cap.limitations.join(", ")}`);
+            }
+        }
+        if (r.trust.observedMatches > 0) {
+            lines.push(`Observed outcomes: ${r.trust.observedMatches} matches, ${Math.round(r.trust.successRate * 100)}% success`);
+        }
+        lines.push(`Passport: ${r.artifact.passportUrl}`);
+    }
+    return lines.join("\n");
+}
 // ─── MCP Server ──────────────────────────────────────────────
 const server = new McpServer({
     name: "unfragile",
-    version: "0.2.0",
+    version: "0.3.0",
 });
 // Tool 1: General search
 server.tool("search", "Search the Unfragile match graph for AI tools, frameworks, APIs, MCP servers, agents, and more. Returns ranked results with capability matches and graph signals. Every query feeds the graph.", {
@@ -219,7 +338,36 @@ server.tool("get_artifact", "Get full details and capabilities for a specific AI
         return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
     }
 });
-// Tool 4: Compare artifacts
+// Tool 4: Resolve capability
+server.tool("resolve_capability", "Resolve a capability:// URI or natural-language capability into ranked AI artifacts. This is Unfragile's capability DNS primitive. Use when an agent knows what capability it needs and must choose the safest current artifact at runtime.", {
+    capability: z.string().min(2).max(500).describe("Capability URI or phrase, e.g. 'capability://database.postgres.query.readonly' or 'read-only Postgres database access'"),
+    limit: z.number().min(1).max(20).default(5).describe("Max resolutions"),
+    type: z.enum(["agent", "api", "app", "benchmark", "cli", "dataset", "extension", "finetune", "framework", "mcp", "model", "platform", "product", "prompt", "repo", "skill", "template", "webapp", "workflow"]).optional().describe("Filter by artifact type"),
+    risk: z.enum(["default", "production", "enterprise", "strict"]).default("default").describe("Risk posture. production/enterprise/strict require stronger quality/status gates."),
+}, async ({ capability, limit, type, risk }) => {
+    log("resolve_capability", capability);
+    try {
+        const data = await resolveAPI(capability, { limit, type, risk });
+        return { content: [{ type: "text", text: formatResolve(data) }] };
+    }
+    catch (err) {
+        return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
+    }
+});
+// Tool 5: Trust passport
+server.tool("trust_passport", "Get the machine-readable trust passport for an AI artifact. Use this before an agent selects a tool, API, MCP server, model, repo, or framework for a task. Returns capability URIs, permissions, data access risk, known failure modes, observed outcomes, and trust score.", {
+    slug: z.string().min(1).max(200).describe("Artifact slug (e.g., 'cursor', 'claude-code', 'langchain')"),
+}, async ({ slug }) => {
+    log("trust_passport", slug);
+    try {
+        const data = await passportAPI(slug);
+        return { content: [{ type: "text", text: formatPassport(data) }] };
+    }
+    catch (err) {
+        return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
+    }
+});
+// Tool 6: Compare artifacts
 server.tool("compare", "Compare two AI artifacts side-by-side. Shows capabilities, pricing, rank, and graph signals for each. Uses search-based lookup (best-effort name matching). Use this when deciding between alternatives.", {
     artifact_a: z.string().min(1).max(200).describe("First artifact name (e.g., 'cursor')"),
     artifact_b: z.string().min(1).max(200).describe("Second artifact name (e.g., 'windsurf')"),
@@ -265,7 +413,7 @@ server.tool("compare", "Compare two AI artifacts side-by-side. Shows capabilitie
         return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
     }
 });
-// Tool 5: Find harness stack
+// Tool 7: Find harness stack
 server.tool("find_stack", "Assemble a complete AI harness stack for a use case. Given a description of what you're building, returns recommended tools across harness layers: orchestration, tools/MCPs, memory, guardrails, context assembly, and evaluation. This is the key differentiator — Unfragile understands that modern AI systems are composed of 5-15 tools working together.", {
     description: z.string().min(10).max(1000).describe("What you're building (e.g., 'a customer support agent that connects to our Postgres database and Slack, with memory of past conversations')"),
     focus: z.enum(["full", "tools-only", "infrastructure"]).default("full").describe("Stack focus: 'full' = all layers, 'tools-only' = just MCPs and integrations, 'infrastructure' = frameworks and platforms"),
@@ -339,7 +487,7 @@ server.tool("find_stack", "Assemble a complete AI harness stack for a use case.
         return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
     }
 });
-// Tool 6: Feedback — close the learning loop
+// Tool 8: Feedback — close the learning loop
 server.tool("feedback", "Report whether a recommended tool worked or not. This closes the learning loop — the Unfragile graph uses this feedback to improve future recommendations. Call this after trying a tool from search results.", {
     matchRecordId: z.string().min(1).describe("Match record ID from search results (shown at the bottom of search output)"),
     outcome: z.enum(["success", "failure"]).describe("Did the recommended tool work for your use case?"),
@@ -386,7 +534,7 @@ server.tool("feedback", "Report whether a recommended tool worked or not. This c
         return { content: [{ type: "text", text: `Error sending feedback: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
     }
 });
-// Tool 7: Subscribe — create a monitor
+// Tool 9: Subscribe — create a monitor
 server.tool("subscribe", "Set up a persistent watch for new AI tools matching a query. Get notified daily when something new appears in the Unfragile graph. Requires at least one notification channel (email or webhook).", {
     query: z.string().min(2).max(500).describe("What to watch for (e.g., 'new MCP server for Postgres', 'framework for building AI agents')"),
     type: z.enum(["agent", "api", "app", "benchmark", "cli", "dataset", "extension", "finetune", "framework", "mcp", "model", "platform", "product", "prompt", "repo", "skill", "template", "webapp", "workflow"]).optional().describe("Only watch for this artifact type"),
@@ -450,7 +598,7 @@ server.tool("subscribe", "Set up a persistent watch for new AI tools matching a
         };
     }
 });
-// Tool 8: Unsubscribe — delete a monitor
+// Tool 10: Unsubscribe — delete a monitor
 server.tool("unsubscribe", "Cancel a persistent watch (monitor). Use the monitor ID returned from subscribe.", {
     monitorId: z.string().min(1).describe("Monitor ID from subscribe (e.g., 'mon_...')"),
 }, async ({ monitorId }) => {

package/package.json

@@ -1,12 +1,15 @@
 {
   "name": "@unfragile/mcp-server",
-  "version": "0.2.0",
-  "description": "Unfragile MCP Server — query the match graph for AI from any agent. Find AI tools, assemble harness stacks, compare artifacts.",
+  "version": "0.3.0",
+  "description": "Unfragile MCP Server — agent-native discovery, trust, and routing for AI artifacts.",
   "keywords": [
     "mcp",
     "ai",
     "tools",
     "discovery",
+    "trust",
+    "routing",
+    "capabilities",
     "unfragile",
     "harness-engineering"
   ],