agent-passport-system-mcp 2.12.3 → 2.15.0

package/README.md

@@ -10,7 +10,7 @@ MCP server for the [Agent Passport System](https://github.com/aeoess/agent-passp
 
 > **🤖 For AI agents:** If you are an agent reading this, visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable documentation or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete technical reference. This README is designed for humans.
 
-**83 tools** across 42 core modules + 32 v2 constitutional governance modules (separation of powers, circuit breakers, approval fatigue detection, and more). Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
+**108 tools** across 42 core modules + 32 v2 constitutional governance modules (separation of powers, circuit breakers, approval fatigue detection, and more). Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
 
 ## Quick Start
 
@@ -29,7 +29,7 @@ npm install -g agent-passport-system-mcp
 npx agent-passport-system-mcp setup
 ```
 
-Auto-configures Claude Desktop and Cursor. Restart your AI client. 83 tools ready.
+Auto-configures Claude Desktop and Cursor. Restart your AI client. 108 tools ready.
 
 <details>
 <summary>Manual config (if setup doesn't detect your client)</summary>
@@ -206,7 +206,7 @@ Layer 1 — Agent Passport Protocol (Ed25959 identity)
 
 ## Links
 
-- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.21.7, 1358 tests)
+- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.24.0, 1445 tests)
 - Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.5.1)
 - Paper: [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
 - Docs: [aeoess.com/llms-full.txt](https://aeoess.com/llms-full.txt)

package/build/index.js

@@ -1,4 +1,5 @@
 #!/usr/bin/env node
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
 // ══════════════════════════════════════════════════════════════
 // Agent Passport MCP Server v2.0
 // ══════════════════════════════════════════════════════════════
@@ -53,7 +54,7 @@ createV2Attestation, assessV2AttestationQuality, } from "agent-passport-system";
 // Data Governance (Modules 36A, 38, 39 + Enforcement Gate + Training Attribution)
 import { registerSelfAttestedSource, createContributionLedger, queryContributions, getSourceMetrics, getAgentDataFootprint, generateSettlement, verifySettlement, generateDataComplianceReport, DataEnforcementGate, createTrainingAttribution, verifyTrainingAttribution, createTrainingLedger, recordTrainingAttribution, getModelDataSources, } from "agent-passport-system";
 // Data Lifecycle Governance (Modules 43+)
-import { createDerivationReceipt, resolveExtendedLineage, evaluateRevocationImpact, createDecisionLineageReceipt, isPurposePermitted, purposeCategory, isRetentionExpired, checkAggregateConstraints, isTransferPermitted, computeGovernanceTaint, fileDispute, checkCombinationPermitted, createAccessSnapshot, resolveRightsPropagation, DEFAULT_RIGHTS_PROPAGATION, detectPurposeDrift, declareReidentificationRisk, } from "agent-passport-system";
+import { createDerivationReceipt, resolveExtendedLineage, evaluateRevocationImpact, createDecisionLineageReceipt, isPurposePermitted, purposeCategory, isRetentionExpired, checkAggregateConstraints, isTransferPermitted, computeGovernanceTaint, fileDispute, checkCombinationPermitted, createAccessSnapshot, resolveRightsPropagation, DEFAULT_RIGHTS_PROPAGATION, detectPurposeDrift, declareReidentificationRisk, verifyGovernanceBlock, parseGovernanceBlockFromHTML, isUsagePermitted, embedGovernance, generateApsTxt, verifyApsTxt, resolveTermsForPath, createChainedGovernanceBlock, createAccessReceipt, governanceLoop360, } from "agent-passport-system";
 // ═══════════════════════════════════════
 // State Management
 // ═══════════════════════════════════════
@@ -3494,6 +3495,150 @@ server.tool("declare_reidentification_risk", "Declare re-identification risk for
     return { content: [{ type: "text", text: `🔒 Re-identification Risk Declaration\n\nRisk: ${decl.risk}\nMethod: ${decl.assessmentMethod || 'N/A'}\nMitigations: ${decl.mitigationsApplied?.join(', ') || 'none'}\nAssessed by: ${decl.assessedBy}\nAt: ${decl.assessedAt}` }] };
 });
 // ═══════════════════════════════════════
+// Governance Block (HTML-embedded governance)
+// ═══════════════════════════════════════
+server.tool("generate_governance_block", "Generate a cryptographically signed governance block for embedding in HTML pages. Includes terms, revocation policy, and content hash.", {
+    content: z.string().describe("Article/page content to hash and govern"),
+    publicKey: z.string().describe("Publisher's Ed25519 public key (hex)"),
+    privateKey: z.string().describe("Publisher's Ed25519 private key (hex)"),
+    inference: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    training: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    redistribution: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    derivative: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    caching: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    license_url: z.string().optional(),
+    terms_version: z.string().optional(),
+}, async (p) => {
+    const { block, html, meta } = embedGovernance({
+        content: p.content,
+        publicKey: p.publicKey,
+        privateKey: p.privateKey,
+        terms: {
+            inference: p.inference, training: p.training,
+            redistribution: p.redistribution, derivative: p.derivative,
+            caching: p.caching, license_url: p.license_url, version: p.terms_version,
+        },
+    });
+    return { content: [{ type: "text", text: `📋 Governance Block Generated\n\nDID: ${block.source_did}\nContent Hash: ${block.content_hash}\nTerms: inference=${p.inference || 'not set'}, training=${p.training || 'not set'}\n\n--- HTML EMBED (script tag) ---\n${html}\n\n--- META EMBED (base64) ---\n${meta}` }] };
+});
+server.tool("verify_governance_block", "Verify a governance block's signature, content hash, and DID consistency against the original content.", {
+    block: z.string().describe("Governance block JSON string"),
+    content: z.string().describe("Original content to verify against"),
+    publicKey: z.string().describe("Publisher's Ed25519 public key (hex)"),
+}, async (p) => {
+    const parsed = JSON.parse(p.block);
+    const result = verifyGovernanceBlock(parsed, p.content, p.publicKey);
+    return { content: [{ type: "text", text: `🔍 Governance Block Verification\n\nValid: ${result.valid ? '✅' : '❌'}\nSignature: ${result.signatureValid ? '✅' : '❌'}\nContent Hash: ${result.contentHashValid ? '✅' : '❌'}\nDID Consistent: ${result.didConsistent ? '✅' : '❌'}${result.errors.length > 0 ? '\n\nErrors:\n' + result.errors.join('\n') : ''}` }] };
+});
+server.tool("parse_governance_block_html", "Extract a governance block from an HTML page. Looks for APS governance script tags or meta tags.", {
+    html: z.string().describe("HTML content to parse"),
+}, async (p) => {
+    const block = parseGovernanceBlockFromHTML(p.html);
+    if (!block) {
+        return { content: [{ type: "text", text: "No governance block found in HTML." }] };
+    }
+    return { content: [{ type: "text", text: `📋 Governance Block Found\n\nDID: ${block.source_did}\nContent Hash: ${block.content_hash}\nPublished: ${block.published_at}\nTerms: ${JSON.stringify(block.terms, null, 2)}\nRevocation Policy: ${JSON.stringify(block.revocation_policy, null, 2)}` }] };
+});
+server.tool("check_usage_permitted", "Check if a specific usage type is permitted under a governance block's terms.", {
+    block: z.string().describe("Governance block JSON string"),
+    usage: z.enum(["inference", "training", "redistribution", "derivative", "caching"]),
+}, async (p) => {
+    const parsed = JSON.parse(p.block);
+    const result = isUsagePermitted(parsed, p.usage);
+    return { content: [{ type: "text", text: `${result.permitted ? '✅' : '❌'} Usage "${p.usage}": ${result.condition}` }] };
+});
+// ═══════════════════════════════════════
+// aps.txt + HTTP Headers + Chained Blocks
+// ═══════════════════════════════════════
+server.tool("generate_aps_txt", "Generate a signed aps.txt file for site-wide governance. Like robots.txt but cryptographically signed with terms, revocation endpoint, and MCP upgrade path.", {
+    domain: z.string().describe("Domain this declaration covers (e.g. theagenttimes.com)"),
+    publisherName: z.string().describe("Human-readable publisher name"),
+    publicKey: z.string().describe("Publisher's Ed25519 public key (hex)"),
+    privateKey: z.string().describe("Publisher's Ed25519 private key (hex)"),
+    inference: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    training: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    redistribution: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    mcpEndpoint: z.string().optional(),
+    revocationEndpoint: z.string().optional(),
+}, async (p) => {
+    const doc = generateApsTxt({
+        domain: p.domain, publisherName: p.publisherName,
+        publicKey: p.publicKey, privateKey: p.privateKey,
+        defaultTerms: { inference: p.inference, training: p.training, redistribution: p.redistribution },
+        mcpEndpoint: p.mcpEndpoint, revocationEndpoint: p.revocationEndpoint,
+    });
+    const serialized = JSON.stringify(doc, null, 2);
+    return { content: [{ type: "text", text: `📄 aps.txt Generated\n\nDomain: ${doc.domain}\nDID: ${doc.publisher_did}\nMCP: ${doc.mcp_endpoint || 'none'}\n\nServe at: ${p.domain}/.well-known/aps.txt\n\n${serialized}` }] };
+});
+server.tool("verify_aps_txt", "Verify a signed aps.txt file — checks signature and DID consistency.", {
+    content: z.string().describe("aps.txt JSON content"),
+    publicKey: z.string().describe("Publisher's Ed25519 public key (hex)"),
+}, async (p) => {
+    const doc = JSON.parse(p.content);
+    const result = verifyApsTxt(doc, p.publicKey);
+    return { content: [{ type: "text", text: `${result.valid ? '✅' : '❌'} aps.txt Verification: ${result.valid ? 'VALID' : 'INVALID'}${result.errors.length ? '\nErrors: ' + result.errors.join('; ') : ''}` }] };
+});
+server.tool("resolve_path_terms", "Resolve governance terms for a specific URL path using aps.txt path overrides.", {
+    apsTxt: z.string().describe("aps.txt JSON content"),
+    path: z.string().describe("URL path to resolve (e.g. /blog/my-article)"),
+}, async (p) => {
+    const doc = JSON.parse(p.apsTxt);
+    const terms = resolveTermsForPath(doc, p.path);
+    return { content: [{ type: "text", text: `📋 Terms for "${p.path}":\n${JSON.stringify(terms, null, 2)}` }] };
+});
+server.tool("create_chained_governance_block", "Create a governance block for derivative content that references the original publisher's block. Preserves the chain of provenance.", {
+    content: z.string().describe("Derivative content"),
+    publicKey: z.string().describe("Derivative agent's Ed25519 public key (hex)"),
+    privateKey: z.string().describe("Derivative agent's Ed25519 private key (hex)"),
+    parentBlock: z.string().describe("Original governance block JSON string"),
+    derivationType: z.string().describe("Type: summary, embedding, rag_chunk, translation, etc."),
+    inference: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+    training: z.enum(["permitted", "prohibited", "compensation_required", "attribution_required"]).optional(),
+}, async (p) => {
+    const parent = JSON.parse(p.parentBlock);
+    const chained = createChainedGovernanceBlock({
+        content: p.content, publicKey: p.publicKey, privateKey: p.privateKey,
+        terms: { inference: p.inference, training: p.training },
+        parentBlock: parent, derivationType: p.derivationType,
+    });
+    return { content: [{ type: "text", text: `🔗 Chained Block Created\n\nOriginal publisher: ${chained.source_did}\nDerivative agent: ${chained.derivative_agent_did}\nDerivation: ${chained.derivation_type}\nParent hash: ${chained.parent_block_hash}\nContent hash: ${chained.content_hash}` }] };
+});
+// ═══════════════════════════════════════
+// Governance Consumer (agent-side 360 loop)
+// ═══════════════════════════════════════
+server.tool("governance_360", "Execute the full governance 360 loop on HTML content: extract governance block → verify signature + content hash → check usage terms → create signed access receipt. This is what an agent calls on every page it reads.", {
+    html: z.string().describe("Full HTML of the page"),
+    contentBody: z.string().describe("Article text content (for hash verification)"),
+    publisherPublicKey: z.string().describe("Publisher's Ed25519 public key (hex)"),
+    agentPublicKey: z.string().describe("Your agent's Ed25519 public key (hex)"),
+    agentPrivateKey: z.string().describe("Your agent's Ed25519 private key (hex)"),
+    intendedUsage: z.enum(["inference", "training", "redistribution", "derivative", "caching"]),
+    sourceUrl: z.string().describe("URL of the page"),
+}, async (p) => {
+    const result = governanceLoop360({
+        html: p.html, contentBody: p.contentBody,
+        publisherPublicKey: p.publisherPublicKey,
+        agentPublicKey: p.agentPublicKey, agentPrivateKey: p.agentPrivateKey,
+        intendedUsage: p.intendedUsage, sourceUrl: p.sourceUrl,
+    });
+    return { content: [{ type: "text", text: `🔄 Governance 360 Loop\n\n${result.summary}\n\n${result.receipt ? `Receipt ID: ${result.receipt.receiptId}\nAccessed: ${result.receipt.accessed_at}` : 'No receipt (ungoverned content)'}` }] };
+});
+server.tool("create_access_receipt", "Create a signed access receipt — cryptographic proof that your agent consumed content under specific terms. The receipt captures terms and revocation policy at access time.", {
+    agentPublicKey: z.string().describe("Your agent's Ed25519 public key (hex)"),
+    agentPrivateKey: z.string().describe("Your agent's Ed25519 private key (hex)"),
+    block: z.string().describe("Governance block JSON string"),
+    sourceUrl: z.string().describe("URL where content was accessed"),
+    intendedUsage: z.string().describe("How you intend to use this content"),
+}, async (p) => {
+    const parsed = JSON.parse(p.block);
+    const receipt = createAccessReceipt({
+        agentPublicKey: p.agentPublicKey, agentPrivateKey: p.agentPrivateKey,
+        block: parsed, sourceUrl: p.sourceUrl, intendedUsage: p.intendedUsage,
+        governanceVerified: true,
+    });
+    return { content: [{ type: "text", text: `📝 Access Receipt Created\n\nID: ${receipt.receiptId}\nAgent: ${receipt.agent_did}\nPublisher: ${receipt.publisher_did}\nUsage: ${receipt.intended_usage}\nTerms: training=${receipt.terms_at_access.training || 'N/A'}\nRevocation: cached=${receipt.revocation_policy_at_access.cached_copy}` }] };
+});
+// ═══════════════════════════════════════
 // MCP Prompts — Role-Specific
 // ═══════════════════════════════════════
 server.prompt("coordination_role", "Get instructions for your assigned coordination role", {}, async () => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-passport-system-mcp",
-  "version": "2.12.3",
+  "version": "2.15.0",
   "mcpName": "io.github.aeoess/agent-passport-mcp",
   "description": "MCP server for Agent Passport System — cryptographic identity, delegation, governance, and deliberation for AI agents",
   "type": "module",
@@ -49,7 +49,7 @@
   "homepage": "https://github.com/aeoess/agent-passport-mcp",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
-    "agent-passport-system": "^1.21.7",
+    "agent-passport-system": "^1.24.0",
     "zod": "^3.25.76"
   },
   "devDependencies": {