agent-passport-system-mcp 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +69 -25
  2. package/build/index.js +668 -3
  3. package/package.json +13 -9
package/README.md CHANGED
@@ -1,8 +1,8 @@
1
1
  # Agent Passport System MCP Server
2
2
 
3
- MCP server for the [Agent Passport System](https://github.com/aeoess/agent-passport-system) — cryptographic identity, delegation, governance, and deliberation for AI agents.
3
+ MCP server for the [Agent Passport System](https://github.com/aeoess/agent-passport-system) — cryptographic identity, delegation, governance, and commerce for AI agents.
4
4
 
5
- Works with any MCP client: Claude Desktop, Cursor, Windsurf, OpenClaw, and more.
5
+ **33 tools** across all 8 protocol layers. Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
6
6
 
7
7
  ## Quick Start
8
8
 
@@ -36,38 +36,83 @@ Add to your MCP config:
36
36
  }
37
37
  ```
38
38
 
39
- ### OpenClaw
39
+ ## Tools (33)
40
40
 
41
- ```
42
- /mcp add agent-passport-system-mcp
43
- ```
44
-
45
- ## Tools
41
+ ### Identity (Layer 1) — 3 tools
46
42
 
47
43
  | Tool | Description |
48
44
  |------|-------------|
49
- | `generate_keys` | Generate Ed25519 keypair |
50
- | `join_social_contract` | Create agent identity with passport, values, beneficiary |
45
+ | `generate_keys` | Generate Ed25519 keypair for agent identity |
46
+ | `join_social_contract` | Create agent passport with values attestation and beneficiary |
51
47
  | `verify_passport` | Verify another agent's passport signature |
52
- | `create_delegation` | Delegate scoped authority with spend limits |
53
- | `record_work` | Record work as signed receipt |
54
- | `create_tradeoff_rule` | Create quantified tradeoff rule |
55
- | `evaluate_tradeoff` | Evaluate tradeoff at runtime |
56
- | `create_deliberation` | Start multi-agent deliberation |
57
- | `submit_consensus_round` | Submit scored assessment |
58
- | `evaluate_consensus` | Check convergence status |
59
- | `list_session` | List all session state |
60
48
 
61
- ## Resources
49
+ ### Coordination (Layer 6) — 11 tools
50
+
51
+ | Tool | Description |
52
+ |------|-------------|
53
+ | `create_task_brief` | [OPERATOR] Create task with roles, deliverables, acceptance criteria |
54
+ | `assign_agent` | [OPERATOR] Assign agent to role with delegation |
55
+ | `accept_assignment` | Accept your task assignment |
56
+ | `submit_evidence` | [RESEARCHER] Submit research evidence with citations |
57
+ | `review_evidence` | [OPERATOR] Review evidence packet — approve, rework, or reject |
58
+ | `handoff_evidence` | [OPERATOR] Transfer approved evidence between roles |
59
+ | `get_evidence` | [ANALYST/BUILDER] Get evidence handed off to you |
60
+ | `submit_deliverable` | [ANALYST/BUILDER] Submit final output tied to evidence |
61
+ | `complete_task` | [OPERATOR] Close task with status and retrospective |
62
+ | `get_my_role` | Get your current role and instructions |
63
+ | `get_task_detail` | Get full task details including evidence and deliverables |
64
+
65
+ ### Delegation (Layer 1) — 4 tools
66
+
67
+ | Tool | Description |
68
+ |------|-------------|
69
+ | `create_delegation` | Create scoped delegation with spend limits and depth control |
70
+ | `verify_delegation` | Verify delegation signature, expiry, and validity |
71
+ | `revoke_delegation` | Revoke delegation with optional cascade to sub-delegations |
72
+ | `sub_delegate` | Sub-delegate within parent scope and depth limits |
73
+
74
+ ### Agora (Layer 4) — 5 tools
75
+
76
+ | Tool | Description |
77
+ |------|-------------|
78
+ | `post_agora_message` | Post signed message to feed (announcement, proposal, vote, etc.) |
79
+ | `get_agora_topics` | List all discussion topics with message counts |
80
+ | `get_agora_thread` | Get full message thread from root message ID |
81
+ | `get_agora_by_topic` | Get all messages for a specific topic |
82
+ | `register_agora_agent` | Register agent in communication registry |
83
+
84
+ ### Values / Policy (Layers 2 & 5) — 4 tools
85
+
86
+ | Tool | Description |
87
+ |------|-------------|
88
+ | `load_values_floor` | Load YAML floor with principles and enforcement modes |
89
+ | `attest_to_floor` | Cryptographically attest to loaded floor (commitment signature) |
90
+ | `create_intent` | Declare action intent before execution (signature 1 of 3) |
91
+ | `evaluate_intent` | Evaluate intent against policy engine — returns real pass/fail verdict |
92
+
93
+ ### Commerce (Layer 8) — 3 tools
62
94
 
63
- | Resource | URI |
64
- |----------|-----|
65
- | Architecture | `agent-passport://architecture` |
95
+ | Tool | Description |
96
+ |------|-------------|
97
+ | `commerce_preflight` | Run 4-gate preflight: passport, delegation, merchant, spend |
98
+ | `get_commerce_spend` | Get spend analytics: limit, spent, remaining, utilization |
99
+ | `request_human_approval` | Create human approval request for purchases |
100
+
101
+ ### Agent Context (Enforcement Middleware) — 3 tools
102
+
103
+ | Tool | Description |
104
+ |------|-------------|
105
+ | `create_agent_context` | Create enforcement context — every action goes through 3-signature chain |
106
+ | `execute_with_context` | Execute action through policy enforcement (intent → evaluate → verdict) |
107
+ | `complete_action` | Complete action and get full proof chain (intent + decision + receipt) |
66
108
 
67
109
  ## Architecture
68
110
 
69
111
  ```
70
- Layer 5Intent Architecture (roles, tradeoffs, deliberation)
112
+ Layer 8Agentic Commerce (4-gate pipeline, human approval)
113
+ Layer 7 — Integration Wiring (cross-layer bridges)
114
+ Layer 6 — Coordination Protocol (task lifecycle)
115
+ Layer 5 — Intent Architecture (policy engine, 3-signature chain)
71
116
  Layer 4 — Agent Agora (signed communication)
72
117
  Layer 3 — Beneficiary Attribution (Merkle proofs)
73
118
  Layer 2 — Human Values Floor (7 principles)
@@ -76,8 +121,7 @@ Layer 1 — Agent Passport Protocol (Ed25519 identity)
76
121
 
77
122
  ## Links
78
123
 
79
- - npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system)
80
- - ClawHub skill: [agent-passport-system](https://clawhub.ai/skills/agent-passport-system)
124
+ - npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.8.0, 240 tests)
81
125
  - Paper: [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
82
126
  - Docs: [aeoess.com/llms-full.txt](https://aeoess.com/llms-full.txt)
83
127
  - Agora: [aeoess.com/agora.html](https://aeoess.com/agora.html)
package/build/index.js CHANGED
@@ -15,11 +15,21 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
15
15
  import { z } from "zod";
16
16
  import { readFileSync, writeFileSync, existsSync } from "node:fs";
17
17
  import { join } from "node:path";
18
- import { generateKeyPair,
18
+ import {
19
+ // Identity
20
+ joinSocialContract, generateKeyPair, delegate,
21
+ // Agent Context (enforcement middleware)
22
+ createAgentContext,
19
23
  // Coordination (Layer 6)
20
24
  createTaskBrief, assignTask, acceptTask, submitEvidence, reviewEvidence, handoffEvidence, submitDeliverable, completeTask, createTaskUnit, getTaskStatus, validateTaskUnit,
21
- // Delegation
22
- createDelegation, } from "agent-passport-system";
25
+ // Delegation (Layer 1)
26
+ createDelegation, verifyDelegation, revokeDelegation, subDelegate, cascadeRevoke,
27
+ // Agora (Layer 4)
28
+ createAgoraMessage, createFeed, appendToFeed, getThread, getByTopic, getTopics, createRegistry, registerAgent,
29
+ // Values/Policy (Layer 2 + 5)
30
+ loadFloor, attestFloor, createActionIntent, evaluateIntent, FloorValidatorV1,
31
+ // Commerce (Layer 8)
32
+ commercePreflight, createCommerceDelegation, getSpendSummary, requestHumanApproval, } from "agent-passport-system";
23
33
  // ═══════════════════════════════════════
24
34
  // State Management
25
35
  // ═══════════════════════════════════════
@@ -33,6 +43,14 @@ const state = {
33
43
  receipts: [],
34
44
  privateKey: process.env.AGENT_PRIVATE_KEY || null,
35
45
  taskUnits: new Map(),
46
+ agoraFeed: createFeed(),
47
+ agoraRegistry: createRegistry(),
48
+ floorYaml: null,
49
+ commerceSpendLog: [],
50
+ intents: new Map(),
51
+ agentContext: null,
52
+ floor: null,
53
+ pendingActions: new Map(),
36
54
  };
37
55
  // Load persisted task state
38
56
  function loadTasks() {
@@ -749,6 +767,653 @@ server.tool("get_task_detail", "Get full details of a specific task including al
749
767
  };
750
768
  });
751
769
  // ═══════════════════════════════════════
770
+ // DELEGATION TOOLS (Layer 1)
771
+ // ═══════════════════════════════════════
772
+ server.tool("create_delegation", "[OPERATOR] Create a scoped delegation from one agent to another.", {
773
+ delegated_to: z.string().describe("Public key of the agent receiving delegation"),
774
+ scope: z.array(z.string()).describe("Scopes to grant (e.g. ['web_search', 'code_execution'])"),
775
+ spend_limit: z.number().default(500).describe("Maximum spend allowed"),
776
+ max_depth: z.number().default(1).describe("How many levels of sub-delegation"),
777
+ expires_in_hours: z.number().default(24).describe("Delegation validity in hours"),
778
+ }, async (args) => {
779
+ const keyErr = requireKey();
780
+ if (keyErr)
781
+ return { content: [{ type: "text", text: keyErr }], isError: true };
782
+ const delegation = createDelegation({
783
+ delegatedBy: state.agentKey,
784
+ delegatedTo: args.delegated_to,
785
+ scope: args.scope,
786
+ spendLimit: args.spend_limit,
787
+ maxDepth: args.max_depth,
788
+ expiresInHours: args.expires_in_hours,
789
+ privateKey: state.privateKey,
790
+ });
791
+ state.delegations.set(delegation.delegationId, delegation);
792
+ return {
793
+ content: [{
794
+ type: "text",
795
+ text: JSON.stringify({
796
+ delegationId: delegation.delegationId,
797
+ delegatedTo: args.delegated_to.slice(0, 16) + '...',
798
+ scope: delegation.scope,
799
+ spendLimit: delegation.spendLimit,
800
+ maxDepth: delegation.maxDepth,
801
+ expiresAt: delegation.expiresAt,
802
+ }, null, 2),
803
+ }],
804
+ };
805
+ });
806
+ server.tool("verify_delegation", "Verify a delegation's cryptographic signature and validity.", {
807
+ delegation_id: z.string().describe("Delegation ID to verify"),
808
+ }, async (args) => {
809
+ const delegation = state.delegations.get(args.delegation_id);
810
+ if (!delegation)
811
+ return { content: [{ type: "text", text: `Delegation ${args.delegation_id} not found in session.` }], isError: true };
812
+ const result = verifyDelegation(delegation);
813
+ return {
814
+ content: [{
815
+ type: "text",
816
+ text: JSON.stringify({
817
+ delegationId: args.delegation_id,
818
+ valid: result.valid,
819
+ errors: result.errors,
820
+ scope: delegation.scope,
821
+ expired: new Date(delegation.expiresAt) < new Date(),
822
+ }, null, 2),
823
+ }],
824
+ };
825
+ });
826
+ server.tool("revoke_delegation", "[OPERATOR] Revoke a delegation. Optionally cascade to all sub-delegations.", {
827
+ delegation_id: z.string().describe("Delegation ID to revoke"),
828
+ reason: z.string().describe("Why the delegation is being revoked"),
829
+ cascade: z.boolean().default(true).describe("Also revoke all sub-delegations"),
830
+ }, async (args) => {
831
+ const keyErr = requireKey();
832
+ if (keyErr)
833
+ return { content: [{ type: "text", text: keyErr }], isError: true };
834
+ if (args.cascade) {
835
+ const result = cascadeRevoke(args.delegation_id, state.agentKey, args.reason, state.privateKey);
836
+ return {
837
+ content: [{
838
+ type: "text",
839
+ text: JSON.stringify({
840
+ revokedCount: result.totalRevoked,
841
+ rootRevocation: { delegationId: result.rootRevocation.delegationId, revokedAt: result.rootRevocation.revokedAt },
842
+ cascadedCount: result.cascadedRevocations.length,
843
+ reason: args.reason,
844
+ }, null, 2),
845
+ }],
846
+ };
847
+ }
848
+ else {
849
+ const revocation = revokeDelegation(args.delegation_id, state.agentKey, args.reason, state.privateKey);
850
+ return {
851
+ content: [{
852
+ type: "text",
853
+ text: JSON.stringify({
854
+ delegationId: args.delegation_id,
855
+ revokedAt: revocation.revokedAt,
856
+ reason: args.reason,
857
+ }, null, 2),
858
+ }],
859
+ };
860
+ }
861
+ });
862
+ server.tool("sub_delegate", "Sub-delegate authority to another agent (must be within your delegation scope and depth).", {
863
+ parent_delegation_id: z.string().describe("Your delegation ID"),
864
+ delegated_to: z.string().describe("Public key of the agent receiving sub-delegation"),
865
+ scope: z.array(z.string()).describe("Scopes to grant (must be subset of parent)"),
866
+ spend_limit: z.number().describe("Maximum spend (must be <= parent)"),
867
+ }, async (args) => {
868
+ const keyErr = requireKey();
869
+ if (keyErr)
870
+ return { content: [{ type: "text", text: keyErr }], isError: true };
871
+ try {
872
+ const parentDel = state.delegations.get(args.parent_delegation_id);
873
+ if (!parentDel)
874
+ return { content: [{ type: "text", text: `Parent delegation ${args.parent_delegation_id} not found in session.` }], isError: true };
875
+ const sub = subDelegate({
876
+ parentDelegation: parentDel,
877
+ delegatedTo: args.delegated_to,
878
+ scope: args.scope,
879
+ spendLimit: args.spend_limit,
880
+ privateKey: state.privateKey,
881
+ });
882
+ state.delegations.set(sub.delegationId, sub);
883
+ return {
884
+ content: [{
885
+ type: "text",
886
+ text: JSON.stringify({
887
+ delegationId: sub.delegationId,
888
+ parentId: args.parent_delegation_id,
889
+ scope: sub.scope,
890
+ spendLimit: sub.spendLimit,
891
+ depth: sub.currentDepth,
892
+ }, null, 2),
893
+ }],
894
+ };
895
+ }
896
+ catch (e) {
897
+ return { content: [{ type: "text", text: `Sub-delegation failed: ${e.message}` }], isError: true };
898
+ }
899
+ });
900
+ // ═══════════════════════════════════════
901
+ // AGORA TOOLS (Layer 4)
902
+ // ═══════════════════════════════════════
903
+ server.tool("post_agora_message", "Post a signed message to the Agora feed. Anyone can read, everything is signed.", {
904
+ topic: z.string().describe("Topic channel (e.g. 'coordination', 'governance', 'general')"),
905
+ type: z.enum(["announcement", "proposal", "discussion", "request", "ack", "vote"]).describe("Message type"),
906
+ subject: z.string().describe("One-line summary"),
907
+ content: z.string().describe("Message body (markdown)"),
908
+ reply_to: z.string().optional().describe("Message ID to reply to (for threading)"),
909
+ }, async (args) => {
910
+ const keyErr = requireKey();
911
+ if (keyErr)
912
+ return { content: [{ type: "text", text: keyErr }], isError: true };
913
+ const message = createAgoraMessage({
914
+ agentId: state.agentId || 'anonymous',
915
+ agentName: state.agentId || 'anonymous',
916
+ publicKey: state.agentKey,
917
+ privateKey: state.privateKey,
918
+ topic: args.topic,
919
+ type: args.type,
920
+ subject: args.subject,
921
+ content: args.content,
922
+ replyTo: args.reply_to,
923
+ });
924
+ state.agoraFeed = appendToFeed(state.agoraFeed, message);
925
+ return {
926
+ content: [{
927
+ type: "text",
928
+ text: JSON.stringify({
929
+ messageId: message.id,
930
+ topic: message.topic,
931
+ subject: message.subject,
932
+ signed: !!message.signature,
933
+ feedSize: state.agoraFeed.messages.length,
934
+ }, null, 2),
935
+ }],
936
+ };
937
+ });
938
+ server.tool("get_agora_topics", "List all topics in the Agora feed with message counts.", {}, async () => {
939
+ const topics = getTopics(state.agoraFeed);
940
+ return {
941
+ content: [{
942
+ type: "text",
943
+ text: JSON.stringify({
944
+ topics: topics.map(t => ({ topic: t.topic, count: t.count })),
945
+ totalMessages: state.agoraFeed.messages.length,
946
+ }, null, 2),
947
+ }],
948
+ };
949
+ });
950
+ server.tool("get_agora_thread", "Get a message thread from the Agora feed.", {
951
+ message_id: z.string().describe("Root message ID to get thread for"),
952
+ }, async (args) => {
953
+ const thread = getThread(state.agoraFeed, args.message_id);
954
+ return {
955
+ content: [{
956
+ type: "text",
957
+ text: JSON.stringify({
958
+ threadLength: thread.length,
959
+ messages: thread.map(m => ({
960
+ id: m.id,
961
+ author: m.author.agentId,
962
+ subject: m.subject,
963
+ content: m.content.slice(0, 200) + (m.content.length > 200 ? '...' : ''),
964
+ replyTo: m.replyTo,
965
+ })),
966
+ }, null, 2),
967
+ }],
968
+ };
969
+ });
970
+ server.tool("get_agora_by_topic", "Get all messages in a topic.", {
971
+ topic: z.string().describe("Topic to filter by"),
972
+ }, async (args) => {
973
+ const messages = getByTopic(state.agoraFeed, args.topic);
974
+ return {
975
+ content: [{
976
+ type: "text",
977
+ text: JSON.stringify({
978
+ topic: args.topic,
979
+ count: messages.length,
980
+ messages: messages.map(m => ({
981
+ id: m.id,
982
+ author: m.author.agentId,
983
+ type: m.type,
984
+ subject: m.subject,
985
+ content: m.content.slice(0, 200) + (m.content.length > 200 ? '...' : ''),
986
+ timestamp: m.timestamp,
987
+ })),
988
+ }, null, 2),
989
+ }],
990
+ };
991
+ });
992
+ server.tool("register_agora_agent", "Register an agent in the Agora so their messages can be verified.", {
993
+ agent_id: z.string().describe("Agent ID"),
994
+ agent_name: z.string().describe("Display name"),
995
+ public_key: z.string().describe("Ed25519 public key"),
996
+ }, async (args) => {
997
+ registerAgent(state.agoraRegistry, {
998
+ agentId: args.agent_id,
999
+ agentName: args.agent_name,
1000
+ publicKey: args.public_key,
1001
+ joinedAt: new Date().toISOString(),
1002
+ role: 'member',
1003
+ });
1004
+ return {
1005
+ content: [{
1006
+ type: "text",
1007
+ text: JSON.stringify({
1008
+ registered: true,
1009
+ agentId: args.agent_id,
1010
+ registrySize: state.agoraRegistry.agents.length,
1011
+ }, null, 2),
1012
+ }],
1013
+ };
1014
+ });
1015
+ // ═══════════════════════════════════════
1016
+ // VALUES / POLICY TOOLS (Layer 2 + 5)
1017
+ // ═══════════════════════════════════════
1018
+ server.tool("load_values_floor", "Load a Values Floor from YAML. Sets the floor principles for policy evaluation.", {
1019
+ yaml: z.string().describe("Values Floor YAML content"),
1020
+ }, async (args) => {
1021
+ try {
1022
+ const floor = loadFloor(args.yaml);
1023
+ state.floorYaml = args.yaml;
1024
+ return {
1025
+ content: [{
1026
+ type: "text",
1027
+ text: JSON.stringify({
1028
+ loaded: true,
1029
+ version: floor.version,
1030
+ principles: floor.floor.length,
1031
+ names: floor.floor.map((p) => p.name),
1032
+ }, null, 2),
1033
+ }],
1034
+ };
1035
+ }
1036
+ catch (e) {
1037
+ return { content: [{ type: "text", text: `Failed to load floor: ${e.message}` }], isError: true };
1038
+ }
1039
+ });
1040
+ server.tool("attest_to_floor", "Attest that your agent agrees to abide by the loaded Values Floor.", {
1041
+ floor_version: z.string().describe("Version of the floor to attest to"),
1042
+ extensions: z.array(z.string()).optional().describe("Optional additional extensions"),
1043
+ }, async (args) => {
1044
+ const keyErr = requireKey();
1045
+ if (keyErr)
1046
+ return { content: [{ type: "text", text: keyErr }], isError: true };
1047
+ if (!state.floorYaml)
1048
+ return { content: [{ type: "text", text: 'No floor loaded. Use load_values_floor first.' }], isError: true };
1049
+ const floor = loadFloor(state.floorYaml);
1050
+ const attestation = attestFloor(state.agentId || 'anonymous', state.agentKey, args.floor_version, args.extensions || [], state.privateKey);
1051
+ return {
1052
+ content: [{
1053
+ type: "text",
1054
+ text: JSON.stringify({
1055
+ attested: true,
1056
+ agentId: attestation.agentId,
1057
+ floorVersion: attestation.floorVersion,
1058
+ extensions: attestation.extensions,
1059
+ signed: !!attestation.commitment,
1060
+ }, null, 2),
1061
+ }],
1062
+ };
1063
+ });
1064
+ server.tool("create_intent", "Declare an intent to perform an action. First step of the 3-signature chain.", {
1065
+ action_type: z.string().describe("What type of action (e.g. 'web_search', 'commerce:checkout')"),
1066
+ target: z.string().describe("What the action operates on"),
1067
+ scope_required: z.string().describe("Which delegation scope is needed"),
1068
+ spend_amount: z.number().optional().describe("Expected spend amount"),
1069
+ spend_currency: z.string().optional().describe("Spend currency (e.g. 'usd')"),
1070
+ context: z.string().optional().describe("Why the agent wants to do this"),
1071
+ delegation_id: z.string().describe("Delegation ID authorizing this action"),
1072
+ }, async (args) => {
1073
+ const keyErr = requireKey();
1074
+ if (keyErr)
1075
+ return { content: [{ type: "text", text: keyErr }], isError: true };
1076
+ const intent = createActionIntent({
1077
+ agentId: state.agentId || 'anonymous',
1078
+ agentPublicKey: state.agentKey,
1079
+ delegationId: args.delegation_id,
1080
+ action: {
1081
+ type: args.action_type,
1082
+ target: args.target,
1083
+ scopeRequired: args.scope_required,
1084
+ spend: args.spend_amount ? { amount: args.spend_amount, currency: args.spend_currency || 'usd' } : undefined,
1085
+ },
1086
+ context: args.context,
1087
+ privateKey: state.privateKey,
1088
+ });
1089
+ state.intents.set(intent.intentId, intent);
1090
+ return {
1091
+ content: [{
1092
+ type: "text",
1093
+ text: JSON.stringify({
1094
+ intentId: intent.intentId,
1095
+ action: intent.action,
1096
+ signed: !!intent.signature,
1097
+ note: 'Intent created. Use evaluate_intent for policy decision (signature 2 of 3).',
1098
+ }, null, 2),
1099
+ }],
1100
+ };
1101
+ });
1102
+ server.tool("evaluate_intent", "[OPERATOR] Evaluate an intent against the Values Floor policy engine. Returns real pass/fail verdict.", {
1103
+ intent_id: z.string().describe("Intent ID from create_intent"),
1104
+ delegation_scope: z.array(z.string()).describe("Delegation scope for context"),
1105
+ delegation_spend_limit: z.number().describe("Delegation spend limit"),
1106
+ delegation_spent: z.number().default(0).describe("Amount already spent"),
1107
+ }, async (args) => {
1108
+ const keyErr = requireKey();
1109
+ if (keyErr)
1110
+ return { content: [{ type: "text", text: keyErr }], isError: true };
1111
+ if (!state.floorYaml)
1112
+ return { content: [{ type: "text", text: 'No floor loaded. Use load_values_floor first.' }], isError: true };
1113
+ const intent = state.intents.get(args.intent_id);
1114
+ if (!intent)
1115
+ return { content: [{ type: "text", text: `Intent ${args.intent_id} not found. Use create_intent first.` }], isError: true };
1116
+ const floor = loadFloor(state.floorYaml);
1117
+ const validator = new FloorValidatorV1();
1118
+ const validationContext = {
1119
+ floorVersion: floor.version,
1120
+ floorPrinciples: floor.floor.map((p) => ({
1121
+ id: p.id, name: p.name,
1122
+ enforcement: p.enforcement,
1123
+ weight: p.weight,
1124
+ })),
1125
+ delegation: {
1126
+ scope: args.delegation_scope,
1127
+ spendLimit: args.delegation_spend_limit,
1128
+ spentAmount: args.delegation_spent,
1129
+ expiresAt: new Date(Date.now() + 86400000).toISOString(),
1130
+ revoked: false,
1131
+ currentDepth: 0,
1132
+ maxDepth: 2,
1133
+ },
1134
+ agentRegistered: true,
1135
+ agentAttestationValid: true,
1136
+ };
1137
+ try {
1138
+ const decision = evaluateIntent({
1139
+ intent,
1140
+ validator,
1141
+ validationContext,
1142
+ evaluatorId: state.agentId || 'mcp-evaluator',
1143
+ evaluatorPublicKey: state.agentKey,
1144
+ evaluatorPrivateKey: state.privateKey,
1145
+ });
1146
+ return {
1147
+ content: [{
1148
+ type: "text",
1149
+ text: JSON.stringify({
1150
+ decisionId: decision.decisionId,
1151
+ intentId: decision.intentId,
1152
+ verdict: decision.verdict,
1153
+ reason: decision.reason,
1154
+ principlesEvaluated: decision.principlesEvaluated.length,
1155
+ constraints: decision.constraints,
1156
+ floorVersion: decision.floorVersion,
1157
+ signed: true,
1158
+ }, null, 2),
1159
+ }],
1160
+ };
1161
+ }
1162
+ catch (e) {
1163
+ return { content: [{ type: "text", text: `Policy evaluation failed: ${e.message}` }], isError: true };
1164
+ }
1165
+ });
1166
+ // ═══════════════════════════════════════
1167
+ // COMMERCE TOOLS (Layer 8)
1168
+ // ═══════════════════════════════════════
1169
+ server.tool("commerce_preflight", "Run preflight checks before a purchase. Validates passport, delegation, merchant, and spend limits.", {
1170
+ merchant_name: z.string().describe("Merchant to purchase from"),
1171
+ amount: z.number().describe("Purchase amount"),
1172
+ currency: z.string().default("usd").describe("Currency code"),
1173
+ delegation_id: z.string().describe("Commerce delegation ID"),
1174
+ agent_id: z.string().describe("Agent making the purchase"),
1175
+ }, async (args) => {
1176
+ const keyErr = requireKey();
1177
+ if (keyErr)
1178
+ return { content: [{ type: "text", text: keyErr }], isError: true };
1179
+ // Create a passport for preflight (uses session agent)
1180
+ const agent = joinSocialContract({
1181
+ name: args.agent_id,
1182
+ mission: 'Commerce operation',
1183
+ owner: 'mcp-session',
1184
+ capabilities: ['commerce:checkout', 'commerce:browse'],
1185
+ platform: 'node',
1186
+ models: ['mcp'],
1187
+ });
1188
+ // Look up or create commerce delegation
1189
+ const commerceDel = createCommerceDelegation({
1190
+ agentId: args.agent_id,
1191
+ delegationId: args.delegation_id,
1192
+ spendLimit: 1000, // Default, should come from actual delegation
1193
+ approvedMerchants: [], // Empty = all merchants allowed
1194
+ });
1195
+ const result = commercePreflight({
1196
+ signedPassport: agent.passport,
1197
+ delegation: commerceDel,
1198
+ merchantName: args.merchant_name,
1199
+ estimatedTotal: { amount: args.amount, currency: args.currency },
1200
+ });
1201
+ return {
1202
+ content: [{
1203
+ type: "text",
1204
+ text: JSON.stringify({
1205
+ permitted: result.permitted,
1206
+ checks: result.checks,
1207
+ warnings: result.warnings,
1208
+ blockedReason: result.blockedReason,
1209
+ }, null, 2),
1210
+ }],
1211
+ };
1212
+ });
1213
+ server.tool("get_commerce_spend", "Get spend analytics for a commerce delegation.", {
1214
+ agent_id: z.string().describe("Agent ID"),
1215
+ delegation_id: z.string().describe("Commerce delegation ID"),
1216
+ spend_limit: z.number().describe("Total allowed spend"),
1217
+ }, async (args) => {
1218
+ const commerceDel = createCommerceDelegation({
1219
+ agentId: args.agent_id,
1220
+ delegationId: args.delegation_id,
1221
+ spendLimit: args.spend_limit,
1222
+ });
1223
+ const summary = getSpendSummary(commerceDel);
1224
+ return {
1225
+ content: [{
1226
+ type: "text",
1227
+ text: JSON.stringify(summary, null, 2),
1228
+ }],
1229
+ };
1230
+ });
1231
+ server.tool("request_human_approval", "Request human approval for a high-value purchase.", {
1232
+ agent_id: z.string().describe("Agent requesting approval"),
1233
+ merchant: z.string().describe("Merchant name"),
1234
+ amount: z.number().describe("Purchase amount"),
1235
+ currency: z.string().default("usd").describe("Currency"),
1236
+ reason: z.string().describe("Why this purchase is needed"),
1237
+ expires_minutes: z.number().default(30).describe("Minutes until approval expires"),
1238
+ }, async (args) => {
1239
+ const approval = requestHumanApproval({
1240
+ agentId: args.agent_id,
1241
+ delegationId: 'pending',
1242
+ merchantName: args.merchant,
1243
+ items: [{ id: 'item-1', skuId: 'manual', name: args.reason, quantity: 1, unitPrice: { amount: args.amount, currency: args.currency }, totalPrice: { amount: args.amount, currency: args.currency } }],
1244
+ totalAmount: { amount: args.amount, currency: args.currency },
1245
+ reason: args.reason,
1246
+ expiresInMinutes: args.expires_minutes,
1247
+ });
1248
+ return {
1249
+ content: [{
1250
+ type: "text",
1251
+ text: JSON.stringify({
1252
+ requestId: approval.requestId,
1253
+ status: approval.status,
1254
+ expiresAt: approval.expiresAt,
1255
+ note: 'Approval request created. Human must approve before checkout can proceed.',
1256
+ }, null, 2),
1257
+ }],
1258
+ };
1259
+ });
1260
+ // ═══════════════════════════════════════
1261
+ // AGENT CONTEXT — Enforcement Middleware
1262
+ // ═══════════════════════════════════════
1263
+ server.tool("create_agent_context", "Create an enforcement context that automatically runs every action through the 3-signature policy chain. Without this, policy checks are opt-in. With this, agents physically cannot skip enforcement.", {
1264
+ name: z.string().describe("Agent name"),
1265
+ mission: z.string().describe("Agent mission statement"),
1266
+ enforcement: z.enum(["auto", "manual", "strict"]).default("auto").describe("Enforcement level: auto (every action checked), manual (tracking only), strict (auto + additional constraints)"),
1267
+ delegated_scopes: z.array(z.string()).default([]).describe("Scopes to delegate (e.g. ['data:read', 'api:fetch', 'commerce:checkout'])"),
1268
+ spend_limit: z.number().default(1000).describe("Maximum spend allowed"),
1269
+ }, async (args) => {
1270
+ const keyErr = requireKey();
1271
+ if (keyErr)
1272
+ return { content: [{ type: "text", text: keyErr }], isError: true };
1273
+ if (!state.floorYaml) {
1274
+ return { content: [{ type: "text", text: 'No floor loaded. Use load_values_floor first.' }], isError: true };
1275
+ }
1276
+ try {
1277
+ const floor = loadFloor(state.floorYaml);
1278
+ // Create the agent with floor attestation
1279
+ const agent = joinSocialContract({
1280
+ name: args.name,
1281
+ mission: args.mission,
1282
+ owner: 'mcp-session',
1283
+ capabilities: args.delegated_scopes,
1284
+ platform: 'node',
1285
+ models: ['mcp'],
1286
+ floor,
1287
+ });
1288
+ // Create the enforced context
1289
+ const ctx = createAgentContext(agent, floor, {
1290
+ enforcement: args.enforcement,
1291
+ });
1292
+ // Add delegation if scopes provided
1293
+ if (args.delegated_scopes.length > 0) {
1294
+ const principal = joinSocialContract({
1295
+ name: 'mcp-principal',
1296
+ mission: 'MCP session principal',
1297
+ owner: 'human',
1298
+ capabilities: ['admin'],
1299
+ platform: 'node',
1300
+ models: ['mcp'],
1301
+ floor,
1302
+ });
1303
+ const del = delegate({
1304
+ from: principal,
1305
+ toPublicKey: agent.publicKey,
1306
+ scope: args.delegated_scopes,
1307
+ spendLimit: args.spend_limit,
1308
+ maxDepth: 3,
1309
+ expiresInHours: 24,
1310
+ });
1311
+ ctx.addDelegation(del);
1312
+ }
1313
+ state.agentContext = ctx;
1314
+ state.floor = floor;
1315
+ return {
1316
+ content: [{
1317
+ type: "text",
1318
+ text: JSON.stringify({
1319
+ created: true,
1320
+ enforcement: args.enforcement,
1321
+ agentId: agent.agentId,
1322
+ scopes: args.delegated_scopes,
1323
+ spendLimit: args.spend_limit,
1324
+ note: `Agent Context active (${args.enforcement} mode). Use execute_with_context to run actions through the 3-signature chain.`,
1325
+ }, null, 2),
1326
+ }],
1327
+ };
1328
+ }
1329
+ catch (e) {
1330
+ return { content: [{ type: "text", text: `Failed to create context: ${e.message}` }], isError: true };
1331
+ }
1332
+ });
1333
+ server.tool("execute_with_context", "Execute an action through the enforcement context. Automatically runs the 3-signature chain: creates intent (sig 1), evaluates against floor + delegation (sig 2), returns verdict. Action is DENIED if outside delegated scope.", {
1334
+ action_type: z.string().describe("Action type (e.g. 'api:fetch', 'data:write', 'commerce:checkout')"),
1335
+ target: z.string().describe("Target of the action (e.g. URL, file path, resource ID)"),
1336
+ scope: z.string().describe("Required scope for this action (must match a delegated scope)"),
1337
+ estimated_spend: z.number().optional().describe("Estimated spend for commerce actions"),
1338
+ }, async (args) => {
1339
+ if (!state.agentContext) {
1340
+ return { content: [{ type: "text", text: 'No agent context. Use create_agent_context first.' }], isError: true };
1341
+ }
1342
+ try {
1343
+ const result = state.agentContext.execute({
1344
+ type: args.action_type,
1345
+ target: args.target,
1346
+ scope: args.scope,
1347
+ spend: args.estimated_spend ? { amount: args.estimated_spend, currency: 'USD' } : undefined,
1348
+ });
1349
+ // Store for later completion
1350
+ if (result.permitted && result.intent) {
1351
+ state.pendingActions.set(result.intent.intentId, result);
1352
+ }
1353
+ return {
1354
+ content: [{
1355
+ type: "text",
1356
+ text: JSON.stringify({
1357
+ permitted: result.permitted,
1358
+ verdict: result.verdict,
1359
+ intentId: result.intent?.intentId,
1360
+ evaluatorId: result.decision?.evaluatorId,
1361
+ reason: result.reason,
1362
+ stats: state.agentContext.stats,
1363
+ note: result.permitted
1364
+ ? `Action PERMITTED. Call complete_action with intent_id="${result.intent.intentId}" when done.`
1365
+ : `Action DENIED: ${result.reason}`,
1366
+ }, null, 2),
1367
+ }],
1368
+ };
1369
+ }
1370
+ catch (e) {
1371
+ return { content: [{ type: "text", text: `Execute failed: ${e.message}` }], isError: true };
1372
+ }
1373
+ });
1374
+ server.tool("complete_action", "Complete a permitted action and get the full 3-signature proof chain (intent + decision + receipt + policy receipt). Call this after successfully executing the action.", {
1375
+ intent_id: z.string().describe("Intent ID from execute_with_context result"),
1376
+ status: z.enum(["success", "failure", "partial"]).describe("Outcome of the action"),
1377
+ summary: z.string().describe("Brief description of what was accomplished"),
1378
+ }, async (args) => {
1379
+ if (!state.agentContext) {
1380
+ return { content: [{ type: "text", text: 'No agent context. Use create_agent_context first.' }], isError: true };
1381
+ }
1382
+ // Find the pending execute result
1383
+ const executeResult = state.pendingActions.get(args.intent_id);
1384
+ if (!executeResult) {
1385
+ return { content: [{ type: "text", text: `No pending action found for intent ${args.intent_id}. Was it permitted?` }], isError: true };
1386
+ }
1387
+ try {
1388
+ const completed = state.agentContext.complete(executeResult, {
1389
+ status: args.status,
1390
+ summary: args.summary,
1391
+ });
1392
+ // Clean up
1393
+ state.pendingActions.delete(args.intent_id);
1394
+ return {
1395
+ content: [{
1396
+ type: "text",
1397
+ text: JSON.stringify({
1398
+ completed: true,
1399
+ receiptId: completed.receipt.receiptId,
1400
+ policyReceiptId: completed.policyReceipt?.receiptId,
1401
+ signatures: {
1402
+ intent: '✓ (agent declared intent)',
1403
+ decision: '✓ (policy engine evaluated)',
1404
+ receipt: '✓ (execution recorded)',
1405
+ },
1406
+ stats: state.agentContext.stats,
1407
+ auditTrail: state.agentContext.auditLog.length + ' entries',
1408
+ }, null, 2),
1409
+ }],
1410
+ };
1411
+ }
1412
+ catch (e) {
1413
+ return { content: [{ type: "text", text: `Complete failed: ${e.message}` }], isError: true };
1414
+ }
1415
+ });
1416
+ // ═══════════════════════════════════════
752
1417
  // MCP Prompts — Role-Specific
753
1418
  // ═══════════════════════════════════════
754
1419
  server.prompt("coordination_role", "Get instructions for your assigned coordination role", {}, async () => {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-passport-system-mcp",
3
- "version": "2.0.0",
3
+ "version": "2.2.0",
4
4
  "description": "MCP server for Agent Passport System — cryptographic identity, delegation, governance, and deliberation for AI agents",
5
5
  "type": "module",
6
6
  "bin": {
@@ -17,16 +17,21 @@
17
17
  "keywords": [
18
18
  "mcp",
19
19
  "model-context-protocol",
20
- "agent",
21
- "passport",
22
- "identity",
23
- "governance",
24
- "cryptography",
20
+ "ai-agent",
21
+ "agent-identity",
25
22
  "ed25519",
23
+ "cryptographic-identity",
26
24
  "delegation",
27
25
  "multi-agent",
28
- "deliberation",
29
- "trust"
26
+ "governance",
27
+ "coordination",
28
+ "agentic-commerce",
29
+ "trust",
30
+ "claude-desktop",
31
+ "cursor",
32
+ "mcp-server",
33
+ "agent-protocol",
34
+ "typescript"
30
35
  ],
31
36
  "author": "aeoess",
32
37
  "license": "Apache-2.0",
@@ -38,7 +43,6 @@
38
43
  "dependencies": {
39
44
  "@modelcontextprotocol/sdk": "^1.12.0",
40
45
  "@types/node": "^25.3.2",
41
- "agent-passport-system": "^1.5.0",
42
46
  "typescript": "^5.9.3",
43
47
  "zod": "^3.25.0"
44
48
  },