agent-passport-system-mcp 2.21.1 → 2.21.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +1 -1
  2. package/build/index.js +26 -8
  3. package/package.json +2 -2
package/README.md CHANGED
@@ -208,7 +208,7 @@ Layer 1 — Agent Passport Protocol (Ed25519 identity)
208
208
 
209
209
  ## Links
210
210
 
211
- - npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.36.2, 2468 tests)
211
+ - npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.36.3, 2468 tests)
212
212
  - Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.8.0)
213
213
  - Paper (Protocol): [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
214
214
  - Paper (Faceted Narrowing): [doi.org/10.5281/zenodo.19260073](https://doi.org/10.5281/zenodo.19260073)
package/build/index.js CHANGED
@@ -365,6 +365,7 @@ const server = new McpServer({
365
365
  });
366
366
  // Track server start time for Tier 0 connection timing
367
367
  globalThis.__mcpStartTime = Date.now();
368
+ // (try/catch wrapper merged into profile filter below)
368
369
  // ═══════════════════════════════════════
369
370
  // Tool Profiles — expose only relevant tools
370
371
  // ═══════════════════════════════════════
@@ -448,14 +449,26 @@ const TOOL_PROFILES = {
448
449
  };
449
450
  const activeProfile = (process.env.APS_PROFILE || 'full').toLowerCase();
450
451
  const profileFilter = TOOL_PROFILES[activeProfile];
451
- // Wrap server.tool to respect profile filtering
452
+ // Wrap server.tool: profile filtering + try/catch on all handlers
452
453
  const _origTool = server.tool.bind(server);
453
454
  server.tool = function (name, ...rest) {
454
- if (name === 'list_profiles')
455
- return _origTool(name, ...rest);
456
- if (activeProfile === 'full' || !profileFilter || profileFilter.has(name)) {
457
- return _origTool(name, ...rest);
455
+ if (name !== 'list_profiles' && activeProfile !== 'full' && profileFilter && !profileFilter.has(name)) {
456
+ return; // filtered out by profile
458
457
  }
458
+ // Wrap the handler (last arg) with try/catch to prevent crashes
459
+ const handlerIdx = rest.length - 1;
460
+ const origHandler = rest[handlerIdx];
461
+ if (typeof origHandler === 'function') {
462
+ rest[handlerIdx] = async (...args) => {
463
+ try {
464
+ return await origHandler(...args);
465
+ }
466
+ catch (e) {
467
+ return { content: [{ type: "text", text: JSON.stringify({ error: e.message || String(e) }) }], isError: true };
468
+ }
469
+ };
470
+ }
471
+ return _origTool(name, ...rest);
459
472
  };
460
473
  // ═══════════════════════════════════════
461
474
  // Scope-Based Tool Filtering (Primitive #9: Tool Pool Assembly)
@@ -694,14 +707,17 @@ server.tool("identify", "Identify yourself to the coordination server. Sets your
694
707
  // ═══════════════════════════════════════
695
708
  server.tool("generate_keys", "Generate an Ed25519 keypair for agent identity.", {}, async () => {
696
709
  const keys = generateKeyPair();
710
+ const isRemote = process.env.MCP_TRANSPORT === 'sse' || process.env.MCP_REMOTE === '1';
697
711
  return {
698
712
  content: [{
699
713
  type: "text",
700
714
  text: JSON.stringify({
701
715
  publicKey: keys.publicKey,
702
- privateKey: keys.privateKey,
716
+ privateKey: isRemote ? '[REDACTED — use local MCP for key generation]' : keys.privateKey,
703
717
  algorithm: "Ed25519",
704
- note: "Use these with the identify tool or AGENT_KEY/AGENT_PRIVATE_KEY env vars.",
718
+ note: isRemote
719
+ ? "WARNING: Private key redacted because this is a remote MCP server. Generate keys locally via stdio transport for security."
720
+ : "Use these with the identify tool or AGENT_KEY/AGENT_PRIVATE_KEY env vars. WARNING: Private keys should not be transmitted over remote transports.",
705
721
  }, null, 2),
706
722
  }],
707
723
  };
@@ -795,7 +811,9 @@ server.tool("issue_passport", "Issue a complete agent passport with keys, signed
795
811
  text: JSON.stringify({
796
812
  passport: attestedPassport,
797
813
  publicKey: attestedPassport.passport.publicKey,
798
- privateKey: agent.keyPair.privateKey,
814
+ privateKey: (process.env.MCP_TRANSPORT === 'sse' || process.env.MCP_REMOTE === '1')
815
+ ? '[REDACTED — use local MCP for key generation]'
816
+ : agent.keyPair.privateKey,
799
817
  agentId: attestedPassport.passport.agentId,
800
818
  attestation: agent.attestation || null,
801
819
  passportAttestation: attestedPassport.attestation,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-passport-system-mcp",
3
- "version": "2.21.1",
3
+ "version": "2.21.2",
4
4
  "mcpName": "io.github.aeoess/agent-passport-mcp",
5
5
  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 132 tools across 103 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce.",
6
6
  "type": "module",
@@ -49,7 +49,7 @@
49
49
  "homepage": "https://github.com/aeoess/agent-passport-mcp",
50
50
  "dependencies": {
51
51
  "@modelcontextprotocol/sdk": "^1.27.1",
52
- "agent-passport-system": "^1.36.1",
52
+ "agent-passport-system": "^1.36.3",
53
53
  "zod": "^3.25.76"
54
54
  },
55
55
  "devDependencies": {