npm - agent-passport-system-mcp - Versions diffs - 2.21.0 → 2.21.2 - Mend

agent-passport-system-mcp 2.21.0 → 2.21.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -10,7 +10,7 @@ MCP server for the [Agent Passport System](https://github.com/aeoess/agent-passp
 > **🤖 For AI agents:** If you are an agent reading this, visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable documentation or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete technical reference. MCP discovery: [.well-known/mcp.json](https://aeoess.com/.well-known/mcp.json). This README is designed for humans.
-**131 tools** across 96 modules (64 core + 32 v2 constitutional governance). Separation of powers, circuit breakers, approval fatigue detection, and more. Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172). Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
+**132 tools** across 96 modules (64 core + 32 v2 constitutional governance). Separation of powers, circuit breakers, approval fatigue detection, and more. Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172). Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
 ## Quick Start
@@ -29,7 +29,7 @@ npm install -g agent-passport-system-mcp
 npx agent-passport-system-mcp setup
 ```
-Auto-configures Claude Desktop and Cursor. Restart your AI client. 131 tools ready.
+Auto-configures Claude Desktop and Cursor. Restart your AI client. 132 tools ready.
 <details>
 <summary>Manual config (if setup doesn't detect your client)</summary>
@@ -208,7 +208,7 @@ Layer 1 — Agent Passport Protocol (Ed25519 identity)
 ## Links
-- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.34.0, 2306 tests)
+- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.36.3, 2468 tests)
 - Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.8.0)
 - Paper (Protocol): [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
 - Paper (Faceted Narrowing): [doi.org/10.5281/zenodo.19260073](https://doi.org/10.5281/zenodo.19260073)

package/build/index.js CHANGED Viewed

@@ -365,6 +365,7 @@ const server = new McpServer({
 });
 // Track server start time for Tier 0 connection timing
 globalThis.__mcpStartTime = Date.now();
+// (try/catch wrapper merged into profile filter below)
 // ═══════════════════════════════════════
 // Tool Profiles — expose only relevant tools
 // ═══════════════════════════════════════
@@ -448,14 +449,179 @@ const TOOL_PROFILES = {
 };
 const activeProfile = (process.env.APS_PROFILE || 'full').toLowerCase();
 const profileFilter = TOOL_PROFILES[activeProfile];
-// Wrap server.tool to respect profile filtering
+// Wrap server.tool: profile filtering + try/catch on all handlers
 const _origTool = server.tool.bind(server);
 server.tool = function (name, ...rest) {
-    if (name === 'list_profiles')
-        return _origTool(name, ...rest);
-    if (activeProfile === 'full' || !profileFilter || profileFilter.has(name)) {
-        return _origTool(name, ...rest);
+    if (name !== 'list_profiles' && activeProfile !== 'full' && profileFilter && !profileFilter.has(name)) {
+        return; // filtered out by profile
     }
+    // Wrap the handler (last arg) with try/catch to prevent crashes
+    const handlerIdx = rest.length - 1;
+    const origHandler = rest[handlerIdx];
+    if (typeof origHandler === 'function') {
+        rest[handlerIdx] = async (...args) => {
+            try {
+                return await origHandler(...args);
+            }
+            catch (e) {
+                return { content: [{ type: "text", text: JSON.stringify({ error: e.message || String(e) }) }], isError: true };
+            }
+        };
+    }
+    return _origTool(name, ...rest);
+};
+// ═══════════════════════════════════════
+// Scope-Based Tool Filtering (Primitive #9: Tool Pool Assembly)
+// ═══════════════════════════════════════
+// Maps every tool to an APS delegation scope.
+// Agents with scoped delegations can query which tools match their scopes.
+// Tools mapped to '*' are always available (meta/utility tools).
+const TOOL_SCOPE_MAP = {
+    // Meta tools — always available
+    'list_profiles': '*',
+    'list_tools_for_scope': '*',
+    // Identity tools → 'identity'
+    'identify': 'identity',
+    'generate_keys': 'identity',
+    'issue_passport': 'identity',
+    'verify_issuer': 'identity',
+    'get_passport_grade': 'identity',
+    'list_issuance_records': 'identity',
+    'get_behavioral_sequence': 'identity',
+    'get_my_role': 'identity',
+    'compute_action_ref': 'identity',
+    'is_evidence_fresh': 'identity',
+    'classify_evidence_quality': 'identity',
+    'rotate_key': 'identity',
+    'verify_rotation_chain': 'identity',
+    'is_key_active': 'identity',
+    // Delegation tools → 'delegation'
+    'create_delegation': 'delegation',
+    'verify_delegation': 'delegation',
+    'revoke_delegation': 'delegation',
+    'sub_delegate': 'delegation',
+    'create_v2_delegation': 'delegation',
+    'supersede_v2_delegation': 'delegation',
+    // Principal/Endorsement tools → 'principal'
+    'create_principal': 'principal',
+    'endorse_agent': 'principal',
+    'verify_endorsement': 'principal',
+    'revoke_endorsement': 'principal',
+    'create_disclosure': 'principal',
+    'get_fleet_status': 'principal',
+    // Reputation tools → 'reputation'
+    'resolve_authority': 'reputation',
+    'check_tier': 'reputation',
+    'review_promotion': 'reputation',
+    'update_reputation': 'reputation',
+    'get_promotion_history': 'reputation',
+    'vouch_reputation': 'reputation',
+    'apply_reputation_downgrade': 'reputation',
+    // Coordination tools → 'coordination'
+    'create_task_brief': 'coordination',
+    'assign_agent': 'coordination',
+    'accept_assignment': 'coordination',
+    'submit_evidence': 'coordination',
+    'review_evidence': 'coordination',
+    'handoff_evidence': 'coordination',
+    'submit_deliverable': 'coordination',
+    'complete_task': 'coordination',
+    'list_tasks': 'coordination',
+    'get_task_detail': 'coordination',
+    'get_evidence': 'coordination',
+    // Communication tools → 'communication'
+    'send_message': 'communication',
+    'check_messages': 'communication',
+    'broadcast': 'communication',
+    'list_agents': 'communication',
+    'post_agora_message': 'communication',
+    'get_agora_topics': 'communication',
+    'get_agora_thread': 'communication',
+    'get_agora_by_topic': 'communication',
+    'register_agora_agent': 'communication',
+    'register_agora_public': 'communication',
+    // Governance tools → 'governance'
+    'load_values_floor': 'governance',
+    'attest_to_floor': 'governance',
+    'create_intent': 'governance',
+    'evaluate_intent': 'governance',
+    'create_agent_context': 'governance',
+    'execute_with_context': 'governance',
+    'complete_action': 'governance',
+    'create_policy_context': 'governance',
+    'create_attestation': 'governance',
+    'create_outcome_record': 'governance',
+    'add_principal_report': 'governance',
+    'check_anomaly': 'governance',
+    'define_emergency_pathway': 'governance',
+    'activate_emergency': 'governance',
+    'request_migration': 'governance',
+    'create_artifact_provenance': 'governance',
+    'create_charter': 'governance',
+    'verify_charter': 'governance',
+    'sign_charter': 'governance',
+    'evaluate_threshold': 'governance',
+    'create_approval_request': 'governance',
+    'add_approval_signature': 'governance',
+    'generate_governance_block': 'governance',
+    'verify_governance_block': 'governance',
+    'parse_governance_block_html': 'governance',
+    'governance_360': 'governance',
+    'generate_aps_txt': 'governance',
+    'verify_aps_txt': 'governance',
+    'resolve_path_terms': 'governance',
+    'create_chained_governance_block': 'governance',
+    'compute_governance_taint': 'governance',
+    // Commerce tools → 'commerce'
+    'commerce_preflight': 'commerce',
+    'get_commerce_spend': 'commerce',
+    'request_human_approval': 'commerce',
+    // Data tools → 'data'
+    'register_data_source': 'data',
+    'create_data_enforcement_gate': 'data',
+    'check_data_access': 'data',
+    'query_contributions': 'data',
+    'get_source_metrics': 'data',
+    'get_agent_data_footprint': 'data',
+    'generate_settlement': 'data',
+    'generate_compliance_report': 'data',
+    'record_training_use': 'data',
+    'get_model_data_sources': 'data',
+    'create_access_receipt': 'data',
+    'create_access_snapshot': 'data',
+    'create_derivation_receipt': 'data',
+    'create_decision_lineage_receipt': 'data',
+    'resolve_lineage': 'data',
+    'evaluate_revocation_impact': 'data',
+    'check_purpose_permitted': 'data',
+    'check_retention_expired': 'data',
+    'check_aggregate_constraints': 'data',
+    'check_jurisdiction_transfer': 'data',
+    'check_combination_permitted': 'data',
+    'detect_purpose_drift': 'data',
+    'resolve_rights_propagation': 'data',
+    'declare_reidentification_risk': 'data',
+    'file_data_dispute': 'data',
+    'check_usage_permitted': 'data',
+    // Gateway tools → 'gateway'
+    'create_gateway': 'gateway',
+    'register_gateway_agent': 'gateway',
+    'gateway_process_tool_call': 'gateway',
+    'gateway_approve': 'gateway',
+    'gateway_execute_approval': 'gateway',
+    'gateway_stats': 'gateway',
+    // Network tools → 'network'
+    'publish_intent_card': 'network',
+    'search_matches': 'network',
+    'get_digest': 'network',
+    'request_intro': 'network',
+    'respond_to_intro': 'network',
+    'remove_intent_card': 'network',
+    // Temporal tools → 'temporal'
+    'create_hybrid_timestamp': 'temporal',
+    'compare_timestamps': 'temporal',
+    'validate_temporal_rights': 'temporal',
+    'create_reserve_attestation': 'temporal',
 };
 // ═══════════════════════════════════════
 // TOOL: list_profiles
@@ -465,6 +631,33 @@ server.tool("list_profiles", "Show available tool profiles. Set APS_PROFILE env
     return { content: [{ type: "text", text: `📋 Tool Profiles (set APS_PROFILE env var):\n\nActive: ${activeProfile} (${activeProfile === 'full' ? '122' : profileFilter?.size || '122'} tools)\n\n${lines.join('\n')}\n\n• full (122 tools): All tools exposed (default)` }] };
 });
 // ═══════════════════════════════════════
+// TOOL: list_tools_for_scope (Primitive #9: Tool Pool Assembly)
+// ═══════════════════════════════════════
+server.tool("list_tools_for_scope", "List available MCP tools filtered by delegation scope. Pass your delegation scopes to see which tools you can use. Scopes: identity, delegation, principal, reputation, coordination, communication, governance, commerce, data, gateway, network, temporal. Use ['*'] for all tools.", {
+    scopes: z.array(z.string()).describe("Your delegation scopes, e.g. ['identity', 'delegation', 'commerce']"),
+}, async ({ scopes }) => {
+    const allTools = Object.entries(TOOL_SCOPE_MAP);
+    const scopeSet = new Set(scopes);
+    const filtered = allTools.filter(([_, scope]) => scope === '*' || scopeSet.has(scope) || scopeSet.has('*'));
+    // Group by scope for readability
+    const byScope = {};
+    for (const [name, scope] of filtered) {
+        (byScope[scope] ??= []).push(name);
+    }
+    return {
+        content: [{
+                type: "text",
+                text: JSON.stringify({
+                    total_tools: allTools.length,
+                    accessible_tools: filtered.length,
+                    scopes_provided: scopes,
+                    tools_by_scope: byScope,
+                    tools: filtered.map(([name, scope]) => ({ name, scope })),
+                }, null, 2),
+            }],
+    };
+});
+// ═══════════════════════════════════════
 // TOOL: identify
 // ═══════════════════════════════════════
 server.tool("identify", "Identify yourself to the coordination server. Sets your role and scopes tools accordingly.", {
@@ -514,14 +707,17 @@ server.tool("identify", "Identify yourself to the coordination server. Sets your
 // ═══════════════════════════════════════
 server.tool("generate_keys", "Generate an Ed25519 keypair for agent identity.", {}, async () => {
     const keys = generateKeyPair();
+    const isRemote = process.env.MCP_TRANSPORT === 'sse' || process.env.MCP_REMOTE === '1';
     return {
         content: [{
                 type: "text",
                 text: JSON.stringify({
                     publicKey: keys.publicKey,
-                    privateKey: keys.privateKey,
+                    privateKey: isRemote ? '[REDACTED — use local MCP for key generation]' : keys.privateKey,
                     algorithm: "Ed25519",
-                    note: "Use these with the identify tool or AGENT_KEY/AGENT_PRIVATE_KEY env vars.",
+                    note: isRemote
+                        ? "WARNING: Private key redacted because this is a remote MCP server. Generate keys locally via stdio transport for security."
+                        : "Use these with the identify tool or AGENT_KEY/AGENT_PRIVATE_KEY env vars. WARNING: Private keys should not be transmitted over remote transports.",
                 }, null, 2),
             }],
     };
@@ -615,7 +811,9 @@ server.tool("issue_passport", "Issue a complete agent passport with keys, signed
                 text: JSON.stringify({
                     passport: attestedPassport,
                     publicKey: attestedPassport.passport.publicKey,
-                    privateKey: agent.keyPair.privateKey,
+                    privateKey: (process.env.MCP_TRANSPORT === 'sse' || process.env.MCP_REMOTE === '1')
+                        ? '[REDACTED — use local MCP for key generation]'
+                        : agent.keyPair.privateKey,
                     agentId: attestedPassport.passport.agentId,
                     attestation: agent.attestation || null,
                     passportAttestation: attestedPassport.attestation,

package/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "agent-passport-system-mcp",
-  "version": "2.21.0",
+  "version": "2.21.2",
   "mcpName": "io.github.aeoess/agent-passport-mcp",
-  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 131 tools across 103 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce.",
+  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 132 tools across 103 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce.",
   "type": "module",
   "bin": {
     "agent-passport-system-mcp": "./build/bin.js",
@@ -49,7 +49,7 @@
   "homepage": "https://github.com/aeoess/agent-passport-mcp",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
-    "agent-passport-system": "^1.34.0",
+    "agent-passport-system": "^1.36.3",
     "zod": "^3.25.76"
   },
   "devDependencies": {