npm - @unfragile/mcp-server - Versions diffs - 0.3.2 → 0.4.0 - Mend

@unfragile/mcp-server 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -59,6 +59,8 @@ Add to `~/.codeium/windsurf/mcp_config.json`:
 ## Tools
+### Discovery and trust (human-readable)
 | Tool | Description |
 |------|-------------|
 | `search` | Find AI tools by intent. "best framework for building AI agents" |
@@ -72,6 +74,16 @@ Add to `~/.codeium/windsurf/mcp_config.json`:
 | `subscribe` | Watch for new artifacts matching a capability need |
 | `unsubscribe` | Cancel a monitor |
+### Capability Protocol v1 (raw JSON, machine-readable)
+| Tool | Description |
+|------|-------------|
+| `unfragile_validate` | Validate an `unfragile.yml` manifest against the Capability Protocol v1 schema. Returns errors, warnings, and the parsed manifest. |
+| `unfragile_passport` | Fetch the raw `trust_passport_v1` JSON for an artifact by slug. Suitable for programmatic policy checks. |
+| `unfragile_resolve_capability` | Resolve a `capability://` URI or natural-language intent into ranked artifacts as raw JSON. Optional inline passports for one-call decisioning. |
+Learn more about the protocol: <https://unfragile.ai/protocol>.
 ## Examples
 Once installed, ask your agent:

package/dist/index.js CHANGED Viewed

@@ -7,16 +7,21 @@
 // the graph learns from every interaction.
 //
 // Tools:
-//   search         — Find AI tools by intent/query (with Match Proof)
-//   find_mcps      — Discover MCP servers by capability need
-//   get_artifact   — Get full details + capabilities for an artifact
-//   resolve_capability — Resolve capability:// URIs to trusted artifacts
-//   trust_passport — Get machine-readable trust passport for an artifact
-//   compare        — Compare two artifacts side-by-side
-//   find_stack     — Assemble a complete harness stack for a use case
-//   feedback       — Report success/failure to close the learning loop
-//   subscribe      — Set up persistent watch for new tools
-//   unsubscribe    — Cancel a persistent watch
+//   search                       — Find AI tools by intent/query (with Match Proof)
+//   find_mcps                    — Discover MCP servers by capability need
+//   get_artifact                 — Get full details + capabilities for an artifact
+//   resolve_capability           — Resolve capability:// URIs to trusted artifacts (formatted)
+//   trust_passport               — Get machine-readable trust passport for an artifact (formatted)
+//   compare                      — Compare two artifacts side-by-side
+//   find_stack                   — Assemble a complete harness stack for a use case
+//   feedback                     — Report success/failure to close the learning loop
+//   subscribe                    — Set up persistent watch for new tools
+//   unsubscribe                  — Cancel a persistent watch
+//
+// Protocol-native (raw JSON, Unfragile Capability Protocol v1):
+//   unfragile_validate           — Validate an unfragile.yml manifest
+//   unfragile_passport           — Raw trust passport JSON for an artifact
+//   unfragile_resolve_capability — Raw resolver JSON for a capability:// URI / intent
 // ─────────────────────────────────────────────────────────────
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
@@ -257,7 +262,7 @@ function formatResolve(data) {
 // ─── MCP Server ──────────────────────────────────────────────
 const server = new McpServer({
     name: "unfragile",
-    version: "0.3.0",
+    version: "0.4.0",
 });
 // Tool 1: General search
 server.tool("search", "Search the Unfragile match graph for AI tools, frameworks, APIs, MCP servers, agents, and more. Returns ranked results with capability matches and graph signals. Every query feeds the graph.", {
@@ -598,6 +603,111 @@ server.tool("subscribe", "Set up a persistent watch for new AI tools matching a
         };
     }
 });
+// ─── Protocol-native tools ──────────────────────────────────
+//
+// These three tools mirror the Unfragile Capability Protocol
+// endpoints 1:1 and return raw JSON. Use them when you want
+// machine-readable output rather than the formatted markdown
+// returned by `trust_passport` / `resolve_capability`.
+async function validateManifestAPI(body) {
+    const headers = {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+    };
+    if (API_KEY)
+        headers["X-API-Key"] = API_KEY;
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 15_000);
+    try {
+        const res = await fetch(`${API_BASE}/api/v1/validate`, {
+            method: "POST",
+            headers,
+            body: JSON.stringify(body),
+            signal: controller.signal,
+        });
+        const text = await res.text();
+        try {
+            return JSON.parse(text);
+        }
+        catch {
+            throw new Error(`Validator returned non-JSON (${res.status}): ${text.slice(0, 300)}`);
+        }
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+// Tool: unfragile_validate
+server.tool("unfragile_validate", "Validate an unfragile.yml manifest against the Unfragile Capability Protocol v1. Returns the structured validation result with errors, warnings, and the parsed manifest. Use this before submitting an artifact or in CI pipelines. Accepts raw YAML text via `yaml_content`.", {
+    yaml_content: z
+        .string()
+        .min(10)
+        .max(200_000)
+        .describe("Raw contents of the unfragile.yml file"),
+}, async ({ yaml_content }) => {
+    log("unfragile_validate", `${yaml_content.length} bytes`);
+    try {
+        const data = await validateManifestAPI({ yaml: yaml_content });
+        return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+    }
+    catch (err) {
+        return {
+            content: [
+                { type: "text", text: `Error validating manifest: ${err instanceof Error ? err.message : String(err)}` },
+            ],
+            isError: true,
+        };
+    }
+});
+// Tool: unfragile_passport — raw JSON trust passport
+server.tool("unfragile_passport", "Fetch the raw machine-readable trust passport for an artifact by slug (trust_passport_v1 schema). Returns JSON suitable for programmatic policy checks. Pair with `trust_passport` when you want a human-readable summary.", {
+    slug: z.string().min(1).max(200).describe("Artifact slug (e.g., 'cursor', 'langchain', 'postgres-mcp-server')"),
+}, async ({ slug }) => {
+    log("unfragile_passport", slug);
+    try {
+        const data = await passportAPI(slug);
+        return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+    }
+    catch (err) {
+        return {
+            content: [
+                { type: "text", text: `Error fetching passport: ${err instanceof Error ? err.message : String(err)}` },
+            ],
+            isError: true,
+        };
+    }
+});
+// Tool: unfragile_resolve_capability — raw JSON resolver
+server.tool("unfragile_resolve_capability", "Resolve a `capability://` URI or a natural-language capability into ranked artifacts, with trust signals and passport URLs. Returns raw JSON so an agent can make a programmatic selection. Pair with `resolve_capability` when you want a human-readable summary.", {
+    uri_or_intent: z
+        .string()
+        .min(2)
+        .max(500)
+        .describe("Capability URI like `capability://database.postgres.query.readonly`, or a natural-language capability description"),
+    limit: z.number().min(1).max(20).default(5).describe("Max resolutions"),
+    risk: z
+        .enum(["default", "production", "enterprise", "strict"])
+        .default("default")
+        .describe("Risk posture — stricter modes require stronger quality/status gates"),
+    passport: z
+        .boolean()
+        .default(false)
+        .describe("Inline the full trust passport for each resolution (larger response)"),
+}, async ({ uri_or_intent, limit, risk, passport }) => {
+    log("unfragile_resolve_capability", uri_or_intent);
+    try {
+        const data = await resolveAPI(uri_or_intent, { limit, risk, passport });
+        return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+    }
+    catch (err) {
+        return {
+            content: [
+                { type: "text", text: `Error resolving capability: ${err instanceof Error ? err.message : String(err)}` },
+            ],
+            isError: true,
+        };
+    }
+});
 // Tool 10: Unsubscribe — delete a monitor
 server.tool("unsubscribe", "Cancel a persistent watch (monitor). Use the monitor ID returned from subscribe.", {
     monitorId: z.string().min(1).describe("Monitor ID from subscribe (e.g., 'mon_...')"),

package/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "@unfragile/mcp-server",
-  "version": "0.3.2",
+  "version": "0.4.0",
   "mcpName": "io.github.Savirinc/unfragile",
-  "description": "Unfragile MCP Server — agent-native discovery, trust, and routing for AI artifacts.",
+  "description": "Unfragile MCP Server — agent-native discovery, trust, and routing for AI artifacts. Implements the Unfragile Capability Protocol v1.",
   "keywords": [
     "mcp",
     "ai",
@@ -12,7 +12,9 @@
     "routing",
     "capabilities",
     "unfragile",
-    "harness-engineering"
+    "harness-engineering",
+    "capability-protocol",
+    "unfragile.yml"
   ],
   "license": "MIT",
   "author": "Unfragile <hello@unfragile.ai>",