agent-passport-system-mcp 2.24.0 → 2.25.0

package/README.md

@@ -12,13 +12,13 @@ Enforcement and accountability layer for AI agents. Bring your own identity. 20
 APS_PROFILE=essential npx agent-passport-system-mcp
 ```
 
-`essential` is the default profile — the 20 tools 90% of integrations need. Set `APS_PROFILE=full` for all 143 tools.
+`essential` is the default profile — the 149 tools 90% of integrations need. Set `APS_PROFILE=full` for all 149 tools.
 
 Available profiles: essential (default), identity, governance, coordination, commerce, data, gateway, comms, minimal, full.
 
 > **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable documentation or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete technical reference. MCP discovery: [.well-known/mcp.json](https://aeoess.com/.well-known/mcp.json).
 
-Works with any MCP client: Claude Desktop, Claude Code, Cursor, Windsurf, and more. Full surface area under `APS_PROFILE=full`: 143 tools across 103 modules (71 core + 32 v2 constitutional governance). Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172).
+Works with any MCP client: Claude Desktop, Claude Code, Cursor, Windsurf, and more. Full surface area under `APS_PROFILE=full`: 149 tools across 103 modules (71 core + 32 v2 constitutional governance). Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172).
 
 ## Quick Start
 
@@ -216,7 +216,7 @@ Layer 1 — Agent Passport Protocol (Ed25519 identity)
 
 ## Links
 
-- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.42.0, 2844 tests)
+- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.44.0, 2910 tests)
 - Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.8.0)
 - Paper (Protocol): [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
 - Paper (Faceted Narrowing): [doi.org/10.5281/zenodo.19260073](https://doi.org/10.5281/zenodo.19260073)

package/build/index.js

@@ -64,7 +64,9 @@ import { createDerivationReceipt, resolveExtendedLineage, evaluateRevocationImpa
 // Rome-Complete: Charter, Approval, Time, Reserve, Federation
 import { createCharter, signCharter, verifyCharter, evaluateThreshold, createApprovalRequest, addApprovalSignature, createHybridTimestamp, compareTimestamps, validateTemporalRights, createReserveAttestation, vouchReputation, applyReputationDowngrade, 
 // v2 boundary primitives (AttributionConsent, ProvisionalStatement, HumanEscalationFlag)
-createAttributionReceipt, signAttributionConsent, verifyAttributionConsent, checkArtifactCitations, receiptCore, createProvisional, promoteStatement, verifyPromotion, withdrawProvisional, withdrawalPayload, isBinding, checkEscalationRequired, requestOwnerConfirmation, recordOwnerConfirmation, } from "agent-passport-system";
+createAttributionReceipt, signAttributionConsent, verifyAttributionConsent, checkArtifactCitations, receiptCore, createProvisional, promoteStatement, verifyPromotion, withdrawProvisional, withdrawalPayload, isBinding, checkEscalationRequired, requestOwnerConfirmation, recordOwnerConfirmation, 
+// Attribution Primitive (unified four-axis signed Merkle receipt)
+computeAttributionActionRef, constructAttributionPrimitive, projectAttribution, verifyAttributionProjection, verifyAttributionPrimitive, checkProjectionConsistency, } from "agent-passport-system";
 // ═══════════════════════════════════════
 // State Management
 // ═══════════════════════════════════════
@@ -649,6 +651,13 @@ const TOOL_SCOPE_MAP = {
     'aps_withdraw_provisional': 'coordination',
     'aps_check_escalation_required': 'delegation',
     'aps_record_owner_confirmation': 'delegation',
+    // Attribution Primitive (unified four-axis signed Merkle receipt)
+    'aps_construct_attribution_primitive': 'governance',
+    'aps_project_attribution': 'governance',
+    'aps_verify_attribution_projection': 'governance',
+    'aps_verify_attribution_primitive': 'governance',
+    'aps_check_projection_consistency': 'governance',
+    'aps_compute_attribution_action_ref': 'identity',
 };
 // ═══════════════════════════════════════
 // TOOL: list_profiles
@@ -4738,6 +4747,109 @@ server.tool("aps_record_owner_confirmation", "Escalation boundary: owner signs a
         return { content: [{ type: "text", text: safeError("recordOwnerConfirmation failed", e) }], isError: true };
     }
 });
+// ═══════════════════════════════════════
+// Attribution Primitive — unified four-axis signed Merkle receipt
+// Spec: ATTRIBUTION-PRIMITIVE-v1.1.md. One signed object per action with
+// four axis projections (D, P, G, C) that verify independently.
+// ═══════════════════════════════════════
+server.tool("aps_construct_attribution_primitive", "Build and sign a four-axis AttributionPrimitive for an action. Axes: D (data sources), P (protocol modules), G (delegation chain), C (compute providers). Returns the complete signed object.", {
+    action: z.object({
+        agentId: z.string(),
+        actionType: z.string(),
+        params: z.record(z.any()),
+        nonce: z.string(),
+    }).describe("Action identity tuple; the action_ref is derived as sha256(canonical(this))"),
+    axes: z.object({
+        D: z.array(z.any()),
+        P: z.array(z.any()),
+        G: z.array(z.any()),
+        C: z.array(z.any()),
+    }).describe("Four-axis content. See spec §1.2 for entry shapes per axis."),
+    issuer: z.string().describe("Issuer DID (gateway or agent producing the receipt)"),
+    issuer_private_key: z.string().describe("Ed25519 private key hex that signs the envelope"),
+    timestamp: z.string().optional().describe("ISO-8601 UTC with ms precision + Z (§2.5). Defaults to now()."),
+}, async (args) => {
+    try {
+        const primitive = constructAttributionPrimitive({
+            action: args.action,
+            axes: args.axes,
+            issuer: args.issuer,
+            issuerPrivateKey: args.issuer_private_key,
+            timestamp: args.timestamp,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(primitive, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("constructAttributionPrimitive failed", e) }], isError: true };
+    }
+});
+server.tool("aps_project_attribution", "Extract a single-axis projection from an AttributionPrimitive. The projection carries the axis content plus a two-hop Merkle path that lets a downstream verifier reconstruct the signed root without seeing the other three axes. axis: 'D' | 'P' | 'G' | 'C'.", {
+    primitive: z.any().describe("An AttributionPrimitive (from aps_construct_attribution_primitive)"),
+    axis: z.enum(["D", "P", "G", "C"]).describe("Axis to project"),
+}, async (args) => {
+    try {
+        const projection = projectAttribution(args.primitive, args.axis);
+        return { content: [{ type: "text", text: JSON.stringify(projection, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("projectAttribution failed", e) }], isError: true };
+    }
+});
+server.tool("aps_verify_attribution_projection", "Verify a single-axis AttributionProjection under the issuer's Ed25519 public key. Returns {valid: true} or {valid: false, reason: 'INVALID_AXIS_TAG'|'MERKLE_MISMATCH'|'SIGNATURE_INVALID'|'MALFORMED'}. Verification is purely local — no other axes required.", {
+    projection: z.any().describe("An AttributionProjection (from aps_project_attribution)"),
+    issuer_public_key: z.string().describe("Issuer Ed25519 public key hex"),
+}, async (args) => {
+    try {
+        const result = verifyAttributionProjection(args.projection, args.issuer_public_key);
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("verifyAttributionProjection failed", e) }], isError: true };
+    }
+});
+server.tool("aps_verify_attribution_primitive", "End-to-end verify of a full AttributionPrimitive: constructs projections for all four axes and verifies each one. Useful as a post-construction sanity check or for verifying a primitive received from a peer.", {
+    primitive: z.any().describe("An AttributionPrimitive"),
+    issuer_public_key: z.string().describe("Issuer Ed25519 public key hex"),
+}, async (args) => {
+    try {
+        const result = verifyAttributionPrimitive(args.primitive, args.issuer_public_key);
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("verifyAttributionPrimitive failed", e) }], isError: true };
+    }
+});
+server.tool("aps_check_projection_consistency", "Cross-projection consistency check (§2.4): given two projections, confirm they originate from the same signed receipt. Returns {same_receipt: true} or {same_receipt: false, reason: 'DIFFERENT_ACTIONS'|'DIFFERENT_RECEIPTS'|'DIFFERENT_SIGNATURES'|'METADATA_MISMATCH'}.", {
+    projection_a: z.any().describe("First AttributionProjection"),
+    projection_b: z.any().describe("Second AttributionProjection"),
+}, async (args) => {
+    try {
+        const result = checkProjectionConsistency(args.projection_a, args.projection_b);
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("checkProjectionConsistency failed", e) }], isError: true };
+    }
+});
+server.tool("aps_compute_attribution_action_ref", "Derive the action_ref (hex sha256) for an action tuple. action_ref is the content-addressed anchor that all four axis projections bind to. Useful for indexing primitives by action without constructing the full primitive.", {
+    agentId: z.string(),
+    actionType: z.string(),
+    params: z.record(z.any()),
+    nonce: z.string(),
+}, async (args) => {
+    try {
+        const action_ref = computeAttributionActionRef({
+            agentId: args.agentId,
+            actionType: args.actionType,
+            params: args.params,
+            nonce: args.nonce,
+        });
+        return { content: [{ type: "text", text: JSON.stringify({ action_ref }, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("computeAttributionActionRef failed", e) }], isError: true };
+    }
+});
 server.prompt("coordination_role", "Get instructions for your assigned coordination role", {}, async () => {
     const role = state.agentRole || 'default';
     const instructions = ROLE_PROMPTS[role] || ROLE_PROMPTS['default'];

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-passport-system-mcp",
-  "version": "2.24.0",
+  "version": "2.25.0",
   "mcpName": "io.github.aeoess/agent-passport-mcp",
-  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 143 tools across 103 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce. Tracks SDK v1.42.0 (2,843 tests).",
+  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 149 tools across 122 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce, attribution primitive. Tracks SDK v1.44.0 (2,910 tests).",
   "type": "module",
   "bin": {
     "agent-passport-system-mcp": "./build/bin.js",
@@ -50,7 +50,7 @@
   "homepage": "https://github.com/aeoess/agent-passport-mcp",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
-    "agent-passport-system": "^1.42.0",
+    "agent-passport-system": "^1.44.0",
     "zod": "^3.25.76"
   },
   "devDependencies": {