agent-passport-system-mcp 2.1.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +11 -3
  2. package/build/index.js +198 -16
  3. package/package.json +14 -9
package/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  MCP server for the [Agent Passport System](https://github.com/aeoess/agent-passport-system) — cryptographic identity, delegation, governance, and commerce for AI agents.
4
4
 
5
- **30 tools** across all 8 protocol layers. Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
5
+ **33 tools** across all 8 protocol layers. Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
6
6
 
7
7
  ## Quick Start
8
8
 
@@ -36,7 +36,7 @@ Add to your MCP config:
36
36
  }
37
37
  ```
38
38
 
39
- ## Tools (30)
39
+ ## Tools (33)
40
40
 
41
41
  ### Identity (Layer 1) — 3 tools
42
42
 
@@ -98,6 +98,14 @@ Add to your MCP config:
98
98
  | `get_commerce_spend` | Get spend analytics: limit, spent, remaining, utilization |
99
99
  | `request_human_approval` | Create human approval request for purchases |
100
100
 
101
+ ### Agent Context (Enforcement Middleware) — 3 tools
102
+
103
+ | Tool | Description |
104
+ |------|-------------|
105
+ | `create_agent_context` | Create enforcement context — every action goes through 3-signature chain |
106
+ | `execute_with_context` | Execute action through policy enforcement (intent → evaluate → verdict) |
107
+ | `complete_action` | Complete action and get full proof chain (intent + decision + receipt) |
108
+
101
109
  ## Architecture
102
110
 
103
111
  ```
@@ -113,7 +121,7 @@ Layer 1 — Agent Passport Protocol (Ed25519 identity)
113
121
 
114
122
  ## Links
115
123
 
116
- - npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.7.0, 196 tests)
124
+ - npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.8.0, 240 tests)
117
125
  - Paper: [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
118
126
  - Docs: [aeoess.com/llms-full.txt](https://aeoess.com/llms-full.txt)
119
127
  - Agora: [aeoess.com/agora.html](https://aeoess.com/agora.html)
package/build/index.js CHANGED
@@ -17,7 +17,9 @@ import { readFileSync, writeFileSync, existsSync } from "node:fs";
17
17
  import { join } from "node:path";
18
18
  import {
19
19
  // Identity
20
- joinSocialContract, generateKeyPair,
20
+ joinSocialContract, generateKeyPair, delegate,
21
+ // Agent Context (enforcement middleware)
22
+ createAgentContext,
21
23
  // Coordination (Layer 6)
22
24
  createTaskBrief, assignTask, acceptTask, submitEvidence, reviewEvidence, handoffEvidence, submitDeliverable, completeTask, createTaskUnit, getTaskStatus, validateTaskUnit,
23
25
  // Delegation (Layer 1)
@@ -25,7 +27,7 @@ createDelegation, verifyDelegation, revokeDelegation, subDelegate, cascadeRevoke
25
27
  // Agora (Layer 4)
26
28
  createAgoraMessage, createFeed, appendToFeed, getThread, getByTopic, getTopics, createRegistry, registerAgent,
27
29
  // Values/Policy (Layer 2 + 5)
28
- loadFloor, attestFloor, createActionIntent, FloorValidatorV1,
30
+ loadFloor, attestFloor, createActionIntent, evaluateIntent, FloorValidatorV1,
29
31
  // Commerce (Layer 8)
30
32
  commercePreflight, createCommerceDelegation, getSpendSummary, requestHumanApproval, } from "agent-passport-system";
31
33
  // ═══════════════════════════════════════
@@ -45,6 +47,10 @@ const state = {
45
47
  agoraRegistry: createRegistry(),
46
48
  floorYaml: null,
47
49
  commerceSpendLog: [],
50
+ intents: new Map(),
51
+ agentContext: null,
52
+ floor: null,
53
+ pendingActions: new Map(),
48
54
  };
49
55
  // Load persisted task state
50
56
  function loadTasks() {
@@ -1080,6 +1086,7 @@ server.tool("create_intent", "Declare an intent to perform an action. First step
1080
1086
  context: args.context,
1081
1087
  privateKey: state.privateKey,
1082
1088
  });
1089
+ state.intents.set(intent.intentId, intent);
1083
1090
  return {
1084
1091
  content: [{
1085
1092
  type: "text",
@@ -1092,8 +1099,8 @@ server.tool("create_intent", "Declare an intent to perform an action. First step
1092
1099
  }],
1093
1100
  };
1094
1101
  });
1095
- server.tool("evaluate_intent", "[OPERATOR] Evaluate an intent against the Values Floor policy engine.", {
1096
- intent_id: z.string().describe("Intent ID to evaluate (for reference — pass full intent object)"),
1102
+ server.tool("evaluate_intent", "[OPERATOR] Evaluate an intent against the Values Floor policy engine. Returns real pass/fail verdict.", {
1103
+ intent_id: z.string().describe("Intent ID from create_intent"),
1097
1104
  delegation_scope: z.array(z.string()).describe("Delegation scope for context"),
1098
1105
  delegation_spend_limit: z.number().describe("Delegation spend limit"),
1099
1106
  delegation_spent: z.number().default(0).describe("Amount already spent"),
@@ -1103,8 +1110,9 @@ server.tool("evaluate_intent", "[OPERATOR] Evaluate an intent against the Values
1103
1110
  return { content: [{ type: "text", text: keyErr }], isError: true };
1104
1111
  if (!state.floorYaml)
1105
1112
  return { content: [{ type: "text", text: 'No floor loaded. Use load_values_floor first.' }], isError: true };
1106
- // Note: In a real deployment, the intent would be passed by reference.
1107
- // Here we create a minimal validation context from provided params.
1113
+ const intent = state.intents.get(args.intent_id);
1114
+ if (!intent)
1115
+ return { content: [{ type: "text", text: `Intent ${args.intent_id} not found. Use create_intent first.` }], isError: true };
1108
1116
  const floor = loadFloor(state.floorYaml);
1109
1117
  const validator = new FloorValidatorV1();
1110
1118
  const validationContext = {
@@ -1126,16 +1134,34 @@ server.tool("evaluate_intent", "[OPERATOR] Evaluate an intent against the Values
1126
1134
  agentRegistered: true,
1127
1135
  agentAttestationValid: true,
1128
1136
  };
1129
- return {
1130
- content: [{
1131
- type: "text",
1132
- text: JSON.stringify({
1133
- note: 'Policy evaluation context prepared. In production, pass the full ActionIntent object to evaluateIntent(). The MCP server provides context scaffolding — the SDK handles the cryptographic chain.',
1134
- context: validationContext,
1135
- validatorVersion: validator.version,
1136
- }, null, 2),
1137
- }],
1138
- };
1137
+ try {
1138
+ const decision = evaluateIntent({
1139
+ intent,
1140
+ validator,
1141
+ validationContext,
1142
+ evaluatorId: state.agentId || 'mcp-evaluator',
1143
+ evaluatorPublicKey: state.agentKey,
1144
+ evaluatorPrivateKey: state.privateKey,
1145
+ });
1146
+ return {
1147
+ content: [{
1148
+ type: "text",
1149
+ text: JSON.stringify({
1150
+ decisionId: decision.decisionId,
1151
+ intentId: decision.intentId,
1152
+ verdict: decision.verdict,
1153
+ reason: decision.reason,
1154
+ principlesEvaluated: decision.principlesEvaluated.length,
1155
+ constraints: decision.constraints,
1156
+ floorVersion: decision.floorVersion,
1157
+ signed: true,
1158
+ }, null, 2),
1159
+ }],
1160
+ };
1161
+ }
1162
+ catch (e) {
1163
+ return { content: [{ type: "text", text: `Policy evaluation failed: ${e.message}` }], isError: true };
1164
+ }
1139
1165
  });
1140
1166
  // ═══════════════════════════════════════
1141
1167
  // COMMERCE TOOLS (Layer 8)
@@ -1232,6 +1258,162 @@ server.tool("request_human_approval", "Request human approval for a high-value p
1232
1258
  };
1233
1259
  });
1234
1260
  // ═══════════════════════════════════════
1261
+ // AGENT CONTEXT — Enforcement Middleware
1262
+ // ═══════════════════════════════════════
1263
+ server.tool("create_agent_context", "Create an enforcement context that automatically runs every action through the 3-signature policy chain. Without this, policy checks are opt-in. With this, agents physically cannot skip enforcement.", {
1264
+ name: z.string().describe("Agent name"),
1265
+ mission: z.string().describe("Agent mission statement"),
1266
+ enforcement: z.enum(["auto", "manual", "strict"]).default("auto").describe("Enforcement level: auto (every action checked), manual (tracking only), strict (auto + additional constraints)"),
1267
+ delegated_scopes: z.array(z.string()).default([]).describe("Scopes to delegate (e.g. ['data:read', 'api:fetch', 'commerce:checkout'])"),
1268
+ spend_limit: z.number().default(1000).describe("Maximum spend allowed"),
1269
+ }, async (args) => {
1270
+ const keyErr = requireKey();
1271
+ if (keyErr)
1272
+ return { content: [{ type: "text", text: keyErr }], isError: true };
1273
+ if (!state.floorYaml) {
1274
+ return { content: [{ type: "text", text: 'No floor loaded. Use load_values_floor first.' }], isError: true };
1275
+ }
1276
+ try {
1277
+ const floor = loadFloor(state.floorYaml);
1278
+ // Create the agent with floor attestation
1279
+ const agent = joinSocialContract({
1280
+ name: args.name,
1281
+ mission: args.mission,
1282
+ owner: 'mcp-session',
1283
+ capabilities: args.delegated_scopes,
1284
+ platform: 'node',
1285
+ models: ['mcp'],
1286
+ floor,
1287
+ });
1288
+ // Create the enforced context
1289
+ const ctx = createAgentContext(agent, floor, {
1290
+ enforcement: args.enforcement,
1291
+ });
1292
+ // Add delegation if scopes provided
1293
+ if (args.delegated_scopes.length > 0) {
1294
+ const principal = joinSocialContract({
1295
+ name: 'mcp-principal',
1296
+ mission: 'MCP session principal',
1297
+ owner: 'human',
1298
+ capabilities: ['admin'],
1299
+ platform: 'node',
1300
+ models: ['mcp'],
1301
+ floor,
1302
+ });
1303
+ const del = delegate({
1304
+ from: principal,
1305
+ toPublicKey: agent.publicKey,
1306
+ scope: args.delegated_scopes,
1307
+ spendLimit: args.spend_limit,
1308
+ maxDepth: 3,
1309
+ expiresInHours: 24,
1310
+ });
1311
+ ctx.addDelegation(del);
1312
+ }
1313
+ state.agentContext = ctx;
1314
+ state.floor = floor;
1315
+ return {
1316
+ content: [{
1317
+ type: "text",
1318
+ text: JSON.stringify({
1319
+ created: true,
1320
+ enforcement: args.enforcement,
1321
+ agentId: agent.agentId,
1322
+ scopes: args.delegated_scopes,
1323
+ spendLimit: args.spend_limit,
1324
+ note: `Agent Context active (${args.enforcement} mode). Use execute_with_context to run actions through the 3-signature chain.`,
1325
+ }, null, 2),
1326
+ }],
1327
+ };
1328
+ }
1329
+ catch (e) {
1330
+ return { content: [{ type: "text", text: `Failed to create context: ${e.message}` }], isError: true };
1331
+ }
1332
+ });
1333
+ server.tool("execute_with_context", "Execute an action through the enforcement context. Automatically runs the 3-signature chain: creates intent (sig 1), evaluates against floor + delegation (sig 2), returns verdict. Action is DENIED if outside delegated scope.", {
1334
+ action_type: z.string().describe("Action type (e.g. 'api:fetch', 'data:write', 'commerce:checkout')"),
1335
+ target: z.string().describe("Target of the action (e.g. URL, file path, resource ID)"),
1336
+ scope: z.string().describe("Required scope for this action (must match a delegated scope)"),
1337
+ estimated_spend: z.number().optional().describe("Estimated spend for commerce actions"),
1338
+ }, async (args) => {
1339
+ if (!state.agentContext) {
1340
+ return { content: [{ type: "text", text: 'No agent context. Use create_agent_context first.' }], isError: true };
1341
+ }
1342
+ try {
1343
+ const result = state.agentContext.execute({
1344
+ type: args.action_type,
1345
+ target: args.target,
1346
+ scope: args.scope,
1347
+ spend: args.estimated_spend ? { amount: args.estimated_spend, currency: 'USD' } : undefined,
1348
+ });
1349
+ // Store for later completion
1350
+ if (result.permitted && result.intent) {
1351
+ state.pendingActions.set(result.intent.intentId, result);
1352
+ }
1353
+ return {
1354
+ content: [{
1355
+ type: "text",
1356
+ text: JSON.stringify({
1357
+ permitted: result.permitted,
1358
+ verdict: result.verdict,
1359
+ intentId: result.intent?.intentId,
1360
+ evaluatorId: result.decision?.evaluatorId,
1361
+ reason: result.reason,
1362
+ stats: state.agentContext.stats,
1363
+ note: result.permitted
1364
+ ? `Action PERMITTED. Call complete_action with intent_id="${result.intent.intentId}" when done.`
1365
+ : `Action DENIED: ${result.reason}`,
1366
+ }, null, 2),
1367
+ }],
1368
+ };
1369
+ }
1370
+ catch (e) {
1371
+ return { content: [{ type: "text", text: `Execute failed: ${e.message}` }], isError: true };
1372
+ }
1373
+ });
1374
+ server.tool("complete_action", "Complete a permitted action and get the full 3-signature proof chain (intent + decision + receipt + policy receipt). Call this after successfully executing the action.", {
1375
+ intent_id: z.string().describe("Intent ID from execute_with_context result"),
1376
+ status: z.enum(["success", "failure", "partial"]).describe("Outcome of the action"),
1377
+ summary: z.string().describe("Brief description of what was accomplished"),
1378
+ }, async (args) => {
1379
+ if (!state.agentContext) {
1380
+ return { content: [{ type: "text", text: 'No agent context. Use create_agent_context first.' }], isError: true };
1381
+ }
1382
+ // Find the pending execute result
1383
+ const executeResult = state.pendingActions.get(args.intent_id);
1384
+ if (!executeResult) {
1385
+ return { content: [{ type: "text", text: `No pending action found for intent ${args.intent_id}. Was it permitted?` }], isError: true };
1386
+ }
1387
+ try {
1388
+ const completed = state.agentContext.complete(executeResult, {
1389
+ status: args.status,
1390
+ summary: args.summary,
1391
+ });
1392
+ // Clean up
1393
+ state.pendingActions.delete(args.intent_id);
1394
+ return {
1395
+ content: [{
1396
+ type: "text",
1397
+ text: JSON.stringify({
1398
+ completed: true,
1399
+ receiptId: completed.receipt.receiptId,
1400
+ policyReceiptId: completed.policyReceipt?.receiptId,
1401
+ signatures: {
1402
+ intent: '✓ (agent declared intent)',
1403
+ decision: '✓ (policy engine evaluated)',
1404
+ receipt: '✓ (execution recorded)',
1405
+ },
1406
+ stats: state.agentContext.stats,
1407
+ auditTrail: state.agentContext.auditLog.length + ' entries',
1408
+ }, null, 2),
1409
+ }],
1410
+ };
1411
+ }
1412
+ catch (e) {
1413
+ return { content: [{ type: "text", text: `Complete failed: ${e.message}` }], isError: true };
1414
+ }
1415
+ });
1416
+ // ═══════════════════════════════════════
1235
1417
  // MCP Prompts — Role-Specific
1236
1418
  // ═══════════════════════════════════════
1237
1419
  server.prompt("coordination_role", "Get instructions for your assigned coordination role", {}, async () => {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-passport-system-mcp",
3
- "version": "2.1.0",
3
+ "version": "2.2.1",
4
4
  "description": "MCP server for Agent Passport System — cryptographic identity, delegation, governance, and deliberation for AI agents",
5
5
  "type": "module",
6
6
  "bin": {
@@ -17,16 +17,21 @@
17
17
  "keywords": [
18
18
  "mcp",
19
19
  "model-context-protocol",
20
- "agent",
21
- "passport",
22
- "identity",
23
- "governance",
24
- "cryptography",
20
+ "ai-agent",
21
+ "agent-identity",
25
22
  "ed25519",
23
+ "cryptographic-identity",
26
24
  "delegation",
27
25
  "multi-agent",
28
- "deliberation",
29
- "trust"
26
+ "governance",
27
+ "coordination",
28
+ "agentic-commerce",
29
+ "trust",
30
+ "claude-desktop",
31
+ "cursor",
32
+ "mcp-server",
33
+ "agent-protocol",
34
+ "typescript"
30
35
  ],
31
36
  "author": "aeoess",
32
37
  "license": "Apache-2.0",
@@ -38,7 +43,7 @@
38
43
  "dependencies": {
39
44
  "@modelcontextprotocol/sdk": "^1.12.0",
40
45
  "@types/node": "^25.3.2",
41
- "agent-passport-system": "^1.7.0",
46
+ "agent-passport-system": "^1.8.0",
42
47
  "typescript": "^5.9.3",
43
48
  "zod": "^3.25.0"
44
49
  },