npm - agent-passport-system-mcp - Versions diffs - 2.19.0 → 2.20.0 - Mend

agent-passport-system-mcp 2.19.0 → 2.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -10,7 +10,7 @@ MCP server for the [Agent Passport System](https://github.com/aeoess/agent-passp
 > **🤖 For AI agents:** If you are an agent reading this, visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable documentation or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete technical reference. MCP discovery: [.well-known/mcp.json](https://aeoess.com/.well-known/mcp.json). This README is designed for humans.
-**124 tools** across 63 core modules + 32 v2 constitutional governance modules (separation of powers, circuit breakers, approval fatigue detection, and more). Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172). Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
+**125 tools** across 96 modules (64 core + 32 v2 constitutional governance). Separation of powers, circuit breakers, approval fatigue detection, and more. Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172). Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
 ## Quick Start
@@ -29,7 +29,7 @@ npm install -g agent-passport-system-mcp
 npx agent-passport-system-mcp setup
 ```
-Auto-configures Claude Desktop and Cursor. Restart your AI client. 124 tools ready.
+Auto-configures Claude Desktop and Cursor. Restart your AI client. 125 tools ready.
 <details>
 <summary>Manual config (if setup doesn't detect your client)</summary>
@@ -61,7 +61,7 @@ Or for remote SSE:
 ```
 </details>
-## Tools (63)
+## Tools (125)
 ### Identity (Layer 1) — 5 tools
@@ -208,8 +208,8 @@ Layer 1 — Agent Passport Protocol (Ed25519 identity)
 ## Links
-- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.29.1, 1919 tests)
-- Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.5.1)
+- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.33.0, 2230 tests)
+- Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.8.0)
 - Paper (Protocol): [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
 - Paper (Faceted Narrowing): [doi.org/10.5281/zenodo.19260073](https://doi.org/10.5281/zenodo.19260073)
 - Docs: [aeoess.com/llms-full.txt](https://aeoess.com/llms-full.txt)

package/build/index.js CHANGED Viewed

@@ -52,7 +52,9 @@ requestV2Migration,
 // v2: Attestation
 createV2Attestation, assessV2AttestationQuality, } from "agent-passport-system";
 // Agent Attestation Architecture (Phase 1 — Consilium Build)
-import { createIssuanceContext, bindAttestation, createEmptyEvidenceRecord, PASSPORT_GRADE_LABELS, } from "agent-passport-system";
+import { createIssuanceContext, bindAttestation, createEmptyEvidenceRecord, PASSPORT_GRADE_LABELS,
+// v1.33.0 — action_ref + freshness + evidence-based grade
+computeActionRef, isEvidenceFresh, computeEvidenceAge, classifyEvidenceQuality, evidenceQualityToGrade, } from "agent-passport-system";
 // Data Governance (Modules 36A, 38, 39 + Enforcement Gate + Training Attribution)
 import { registerSelfAttestedSource, createContributionLedger, queryContributions, getSourceMetrics, getAgentDataFootprint, generateSettlement, verifySettlement, generateDataComplianceReport, DataEnforcementGate, createTrainingAttribution, verifyTrainingAttribution, createTrainingLedger, recordTrainingAttribution, getModelDataSources, } from "agent-passport-system";
 // Data Lifecycle Governance (Modules 43+)
@@ -155,8 +157,26 @@ const state = {
     issuanceContexts: new Map(),
     issuanceChallenges: new Map(),
     issuanceCount: 0,
+    postIssuanceBehavior: new Map(),
+    recentlyIssuedPassports: new Set(),
+    issuanceTimestamps: new Map(),
+    endorsementLatencies: new Map(),
 };
 // Load persisted task state
+// ── Post-issuance behavioral sequence recording ──
+// Consilium signal #2: first 10 tool calls after passport issuance.
+// Real agents do work. Farming agents extract. Server-recorded, can't retroactively change.
+const MAX_BEHAVIORAL_SEQUENCE = 10;
+function recordBehavior(toolName) {
+    // Record for all recently-issued passport holders in this session
+    for (const agentId of state.recentlyIssuedPassports) {
+        const seq = state.postIssuanceBehavior.get(agentId) || [];
+        if (seq.length < MAX_BEHAVIORAL_SEQUENCE) {
+            seq.push({ tool: toolName, ts: new Date().toISOString() });
+            state.postIssuanceBehavior.set(agentId, seq);
+        }
+    }
+}
 function loadTasks() {
     if (existsSync(STORE_PATH)) {
         try {
@@ -450,6 +470,7 @@ server.tool("identify", "Identify yourself to the coordination server. Sets your
     private_key: z.string().describe("Your Ed25519 private key (for signing)"),
     agent_id: z.string().optional().describe("Your agent ID"),
 }, async (args) => {
+    recordBehavior('identify');
     state.agentKey = args.public_key;
     state.privateKey = args.private_key;
     state.agentId = args.agent_id || null;
@@ -543,16 +564,49 @@ server.tool("issue_passport", "Issue a complete agent passport with keys, signed
     const passport = hasIssuer
         ? countersignPassport(agent.passport, AEOESS_ISSUER_PRIVATE_KEY, 'aeoess')
         : agent.passport;
-    // Phase 4: Derive issuance context
+    // Phase 4: Derive issuance context with computed signals
     const evidence = createEmptyEvidenceRecord(observed);
+    const issuanceAgeMs = Date.now() - (globalThis.__mcpStartTime || Date.now());
+    const derivedSignals = [
+        { key: 'issuance_age_ms', value: String(issuanceAgeMs), derivedFrom: ['serverStartTime', 'requestedAt'], computedAt: new Date().toISOString() },
+        { key: 'session_passport_count', value: String(state.issuanceCount), derivedFrom: ['issuanceCount'], computedAt: new Date().toISOString() },
+    ];
     const context = createIssuanceContext(evidence, {
         hasIssuerSignature: hasIssuer,
+        derivedSignals,
     });
     // Phase 5: Bind attestation to passport
     const attestedPassport = bindAttestation(passport, context);
     // Store the issuance context (server-side memory)
     const passportId = passport.passport.agentId;
     state.issuanceContexts.set(passportId, context);
+    state.recentlyIssuedPassports.add(passportId);
+    state.issuanceTimestamps.set(passportId, Date.now());
+    // Initialize behavioral sequence tracking for this agent
+    state.postIssuanceBehavior.set(passportId, [{ tool: 'issue_passport', ts: new Date().toISOString() }]);
+    // Bridge: fire-and-forget POST to gateway (if configured)
+    // When Mini adds POST /issuance-dossier, this data starts flowing automatically.
+    const gwUrl = process.env.AEOESS_GATEWAY_URL; // e.g. https://gateway.aeoess.com
+    const gwKey = process.env.AEOESS_GATEWAY_KEY; // e.g. aps_live_...
+    if (gwUrl && gwKey) {
+        fetch(`${gwUrl}/api/v1/issuance-dossier`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gwKey}` },
+            body: JSON.stringify({
+                passport_id: passportId,
+                public_key_hash: sha256(attestedPassport.passport.publicKey),
+                passport_grade: context.assessment.passportGrade,
+                flags: context.assessment.flags,
+                attestation_bundle_hash: context.assessment.attestationBundleHash,
+                observed_context: context.evidence.observed,
+                runtime_attestations: context.evidence.runtimeAttestations,
+                provider_attestations: context.evidence.providerAttestations,
+                self_declared_signals: context.evidence.selfDeclaredSignals,
+                derived_signals: context.assessment.derivedSignals || [],
+                prior_passport_ref: context.evidence.priorPassportRef || null,
+            }),
+        }).catch(() => { }); // fire-and-forget: never block passport issuance
+    }
     return {
         content: [{
                 type: "text",
@@ -686,6 +740,50 @@ server.tool("list_issuance_records", "List all stored issuance records with thei
     };
 });
 // ═══════════════════════════════════════
+// TOOL: get_behavioral_sequence
+// ═══════════════════════════════════════
+server.tool("get_behavioral_sequence", "Get the post-issuance behavioral sequence for an agent. Shows the first 10 tool calls after passport issuance. Real agents do work. Farming agents extract. This is consilium signal #2.", {
+    agent_id: z.string().describe("The agent ID to query"),
+}, async (args) => {
+    const sequence = state.postIssuanceBehavior.get(args.agent_id);
+    if (!sequence || sequence.length === 0) {
+        return {
+            content: [{
+                    type: "text",
+                    text: JSON.stringify({
+                        agent_id: args.agent_id,
+                        found: false,
+                        note: "No behavioral sequence recorded. Agent may have been issued before tracking was enabled.",
+                    }, null, 2),
+                }],
+        };
+    }
+    // Classify the behavioral pattern
+    const toolNames = sequence.map(s => s.tool);
+    const hasWork = toolNames.some(t => ['submit_evidence', 'publish_intent_card', 'create_agora_message', 'submit_deliverable'].includes(t));
+    const hasExtraction = toolNames.some(t => ['commerce_preflight', 'create_checkout'].includes(t));
+    const pattern = hasWork ? 'productive' : hasExtraction ? 'extractive' : 'neutral';
+    return {
+        content: [{
+                type: "text",
+                text: JSON.stringify({
+                    agent_id: args.agent_id,
+                    found: true,
+                    sequence_length: sequence.length,
+                    max_tracked: MAX_BEHAVIORAL_SEQUENCE,
+                    pattern,
+                    tools_called: toolNames,
+                    sequence,
+                    note: pattern === 'extractive'
+                        ? "Agent's first actions after passport were value extraction (commerce). Farming signal."
+                        : pattern === 'productive'
+                            ? "Agent's first actions after passport were productive work. Healthy pattern."
+                            : "Neutral pattern — identity/delegation setup.",
+                }, null, 2),
+            }],
+    };
+});
+// ═══════════════════════════════════════
 // TOOL: get_my_role
 // ═══════════════════════════════════════
 server.tool("get_my_role", "Get your current role, assigned tasks, and role-specific instructions.", {}, async () => {
@@ -1104,6 +1202,7 @@ server.tool("submit_evidence", "[RESEARCHER] Submit research evidence as a signe
     })).describe("Evidence claims with citations"),
     methodology: z.string().describe("How you gathered this evidence"),
 }, async (args) => {
+    recordBehavior('submit_evidence');
     const keyErr = requireKey();
     if (keyErr)
         return { content: [{ type: "text", text: keyErr }], isError: true };
@@ -1320,6 +1419,7 @@ server.tool("create_delegation", "[OPERATOR] Create a scoped delegation from one
     max_depth: z.number().default(1).describe("How many levels of sub-delegation"),
     expires_in_hours: z.number().default(24).describe("Delegation validity in hours"),
 }, async (args) => {
+    recordBehavior('create_delegation');
     const keyErr = requireKey();
     if (keyErr)
         return { content: [{ type: "text", text: keyErr }], isError: true };
@@ -1388,6 +1488,7 @@ server.tool("revoke_delegation", "[OPERATOR] Revoke a delegation. Optionally cas
     reason: z.string().describe("Why the delegation is being revoked"),
     cascade: z.boolean().default(true).describe("Also revoke all sub-delegations"),
 }, async (args) => {
+    recordBehavior('revoke_delegation');
     const keyErr = requireKey();
     if (keyErr)
         return { content: [{ type: "text", text: keyErr }], isError: true };
@@ -1946,6 +2047,7 @@ server.tool("commerce_preflight", "Run preflight checks before a purchase. Valid
     delegation_id: z.string().describe("Commerce delegation ID"),
     agent_id: z.string().describe("Agent making the purchase"),
 }, async (args) => {
+    recordBehavior('commerce_preflight');
     const keyErr = requireKey();
     if (keyErr)
         return { content: [{ type: "text", text: keyErr }], isError: true };
@@ -2236,6 +2338,12 @@ server.tool("endorse_agent", "Endorse an agent as a principal. Creates a cryptog
     relationship: z.enum(["creator", "operator", "employer", "sponsor"]).describe("How principal relates to agent"),
     expires_in_days: z.number().default(365).describe("Days until endorsement expires"),
 }, async (args) => {
+    recordBehavior('endorse_agent');
+    // Consilium signal #5: endorsement latency. T+200ms = automation. T+3h = human.
+    const issuedAt = state.issuanceTimestamps.get(args.agent_id);
+    if (issuedAt && !state.endorsementLatencies.has(args.agent_id)) {
+        state.endorsementLatencies.set(args.agent_id, Date.now() - issuedAt);
+    }
     if (!state.principal || !state.principalPrivateKey) {
         return { content: [{ type: "text", text: 'No principal identity. Call create_principal first.' }], isError: true };
     }
@@ -2792,6 +2900,7 @@ server.tool("publish_intent_card", "Publish an IntentCard to the Intent Network
     visibility: z.enum(["public", "verified", "minimal"]).default("public"),
     ttl_hours: z.number().default(24).describe("Hours until card expires"),
 }, async (args) => {
+    recordBehavior('publish_intent_card');
     const keyErr = requireKey();
     if (keyErr)
         return { content: [{ type: "text", text: keyErr }], isError: true };
@@ -4118,6 +4227,55 @@ server.tool("apply_reputation_downgrade", "Apply import policy downgrade to a fo
     const result = applyReputationDowngrade(rep, policy);
     return { content: [{ type: "text", text: `🌐 Reputation Downgrade\n\nAccepted: ${result.accepted}\nOriginal tier: ${args.attested_tier} → Effective: ${result.effectiveTier}\nOriginal diversity: ${args.attested_diversity_score} → Effective: ${result.effectiveDiversity.toFixed(2)}\nDowngrade ratio: ${args.downgrade_ratio}` }] };
 });
+// ═══════════════════════════════════════
+// v1.33.0 — action_ref + freshness + evidence-based grade
+// ═══════════════════════════════════════
+server.tool("compute_action_ref", "Compute content-addressed request identity (SHA-256 of agentId + actionType + scope + normalized timestamp). Two receipts with the same action_ref describe the same request.", {
+    agent_id: z.string(),
+    action_type: z.string(),
+    scope_required: z.array(z.string()),
+    timestamp: z.string().optional().describe("ISO 8601 timestamp; defaults to now"),
+}, async (args) => {
+    const intent = {
+        agentId: args.agent_id,
+        action: { type: args.action_type, scopeRequired: args.scope_required },
+        createdAt: args.timestamp ?? new Date().toISOString(),
+    };
+    const ref = computeActionRef(intent);
+    return { content: [{ type: "text", text: `🔗 action_ref: ${ref}\n\nAgent: ${args.agent_id}\nType: ${args.action_type}\nScope: ${args.scope_required.join(', ')}\nTimestamp: ${intent.createdAt}` }] };
+});
+server.tool("is_evidence_fresh", "Check whether typed attestation evidence is still fresh. rotating: ttl required; snapshot: maxAge optional; static: always fresh.", {
+    type: z.enum(['rotating', 'snapshot', 'static']),
+    valid_at: z.string().describe("ISO 8601 timestamp evidence was produced"),
+    ttl: z.number().optional().describe("Seconds (required for rotating)"),
+    max_age: z.number().optional().describe("Seconds (optional for snapshot)"),
+    now: z.string().optional().describe("ISO 8601 override for current time"),
+}, async (args) => {
+    const freshness = { type: args.type, validAt: args.valid_at };
+    if (args.ttl !== undefined)
+        freshness.ttl = args.ttl;
+    if (args.max_age !== undefined)
+        freshness.maxAge = args.max_age;
+    const nowDate = args.now ? new Date(args.now) : undefined;
+    const fresh = isEvidenceFresh(freshness, nowDate);
+    const ageSec = computeEvidenceAge(freshness, nowDate);
+    return { content: [{ type: "text", text: `${fresh ? '✅' : '❌'} Evidence fresh: ${fresh}\n\nType: ${args.type}\nValid at: ${args.valid_at}\nAge: ${ageSec}s${args.ttl !== undefined ? `\nTTL: ${args.ttl}s` : ''}${args.max_age !== undefined ? `\nMax age: ${args.max_age}s` : ''}` }] };
+});
+server.tool("classify_evidence_quality", "Classify attestation evidence quality (none / issuer_vouched / infrastructure / principal_bound) and return the corresponding grade (0-3).", {
+    method: z.string().optional().describe("Attestation method (e.g. 'spiffe')"),
+    has_issuer_signature: z.boolean().optional(),
+    has_principal_binding: z.boolean().optional(),
+    evidence: z.record(z.any()).optional().describe("Evidence object (checked for known infrastructure keys)"),
+}, async (args) => {
+    const quality = classifyEvidenceQuality({
+        method: args.method,
+        hasIssuerSignature: args.has_issuer_signature,
+        hasPrincipalBinding: args.has_principal_binding,
+        evidence: args.evidence,
+    });
+    const grade = evidenceQualityToGrade(quality);
+    return { content: [{ type: "text", text: `🎖️ Evidence Quality: ${quality}\nGrade: ${grade}\n\nInputs:\n  method: ${args.method ?? 'none'}\n  issuerSignature: ${args.has_issuer_signature ?? false}\n  principalBinding: ${args.has_principal_binding ?? false}\n  evidence keys: ${args.evidence ? Object.keys(args.evidence).join(', ') || '(empty)' : '(none)'}` }] };
+});
 server.prompt("coordination_role", "Get instructions for your assigned coordination role", {}, async () => {
     const role = state.agentRole || 'default';
     const instructions = ROLE_PROMPTS[role] || ROLE_PROMPTS['default'];

package/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "agent-passport-system-mcp",
-  "version": "2.19.0",
+  "version": "2.20.0",
   "mcpName": "io.github.aeoess/agent-passport-mcp",
-  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 124 tools across 95 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce.",
+  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 128 tools across 103 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce.",
   "type": "module",
   "bin": {
     "agent-passport-system-mcp": "./build/bin.js",
@@ -49,7 +49,7 @@
   "homepage": "https://github.com/aeoess/agent-passport-mcp",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
-    "agent-passport-system": "^1.29.1",
+    "agent-passport-system": "^1.33.0",
     "zod": "^3.25.76"
   },
   "devDependencies": {