agent-passport-system-mcp 2.24.0 → 2.26.0

package/README.md

@@ -12,13 +12,13 @@ Enforcement and accountability layer for AI agents. Bring your own identity. 20
 APS_PROFILE=essential npx agent-passport-system-mcp
 ```
 
-`essential` is the default profile — the 20 tools 90% of integrations need. Set `APS_PROFILE=full` for all 143 tools.
+`essential` is the default profile — the 151 tools 90% of integrations need. Set `APS_PROFILE=full` for all 151 tools.
 
 Available profiles: essential (default), identity, governance, coordination, commerce, data, gateway, comms, minimal, full.
 
 > **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable documentation or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete technical reference. MCP discovery: [.well-known/mcp.json](https://aeoess.com/.well-known/mcp.json).
 
-Works with any MCP client: Claude Desktop, Claude Code, Cursor, Windsurf, and more. Full surface area under `APS_PROFILE=full`: 143 tools across 103 modules (71 core + 32 v2 constitutional governance). Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172).
+Works with any MCP client: Claude Desktop, Claude Code, Cursor, Windsurf, and more. Full surface area under `APS_PROFILE=full`: 151 tools across 122 modules (84 core + 38 v2 constitutional governance). Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172).
 
 ## Quick Start
 
@@ -216,8 +216,8 @@ Layer 1 — Agent Passport Protocol (Ed25519 identity)
 
 ## Links
 
-- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.42.0, 2844 tests)
-- Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.8.0)
+- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.45.0, 2937 tests)
+- Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.13.0)
 - Paper (Protocol): [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
 - Paper (Faceted Narrowing): [doi.org/10.5281/zenodo.19260073](https://doi.org/10.5281/zenodo.19260073)
 - Paper (Behavioral Derivation Rights): [doi.org/10.5281/zenodo.19476002](https://doi.org/10.5281/zenodo.19476002)

package/build/index.js

@@ -64,7 +64,11 @@ import { createDerivationReceipt, resolveExtendedLineage, evaluateRevocationImpa
 // Rome-Complete: Charter, Approval, Time, Reserve, Federation
 import { createCharter, signCharter, verifyCharter, evaluateThreshold, createApprovalRequest, addApprovalSignature, createHybridTimestamp, compareTimestamps, validateTemporalRights, createReserveAttestation, vouchReputation, applyReputationDowngrade, 
 // v2 boundary primitives (AttributionConsent, ProvisionalStatement, HumanEscalationFlag)
-createAttributionReceipt, signAttributionConsent, verifyAttributionConsent, checkArtifactCitations, receiptCore, createProvisional, promoteStatement, verifyPromotion, withdrawProvisional, withdrawalPayload, isBinding, checkEscalationRequired, requestOwnerConfirmation, recordOwnerConfirmation, } from "agent-passport-system";
+createAttributionReceipt, signAttributionConsent, verifyAttributionConsent, checkArtifactCitations, receiptCore, createProvisional, promoteStatement, verifyPromotion, withdrawProvisional, withdrawalPayload, isBinding, checkEscalationRequired, requestOwnerConfirmation, recordOwnerConfirmation, 
+// Attribution Primitive (unified four-axis signed Merkle receipt)
+computeAttributionActionRef, constructAttributionPrimitive, projectAttribution, verifyAttributionProjection, verifyAttributionPrimitive, checkProjectionConsistency, 
+// Attribution Weights (Build B — fractional D/C axis weight formulas)
+computeDataAxisWeights, computeComputeAxisWeights, DEFAULT_WEIGHT_PROFILE, } from "agent-passport-system";
 // ═══════════════════════════════════════
 // State Management
 // ═══════════════════════════════════════
@@ -460,6 +464,9 @@ const TOOL_PROFILES = {
         'aps_create_attribution_receipt',
         'aps_create_provisional',
         'aps_check_escalation_required',
+        // Build A attribution primitive — most-used entry points
+        'aps_construct_attribution_primitive',
+        'aps_verify_attribution_primitive',
     ]),
 };
 const activeProfile = (process.env.APS_PROFILE || 'full').toLowerCase();
@@ -649,6 +656,18 @@ const TOOL_SCOPE_MAP = {
     'aps_withdraw_provisional': 'coordination',
     'aps_check_escalation_required': 'delegation',
     'aps_record_owner_confirmation': 'delegation',
+    // Attribution Primitive (unified four-axis signed Merkle receipt)
+    'aps_construct_attribution_primitive': 'governance',
+    'aps_project_attribution': 'governance',
+    'aps_verify_attribution_projection': 'governance',
+    'aps_verify_attribution_primitive': 'governance',
+    'aps_check_projection_consistency': 'governance',
+    'aps_compute_attribution_action_ref': 'identity',
+    // Attribution Weights — Build B (fractional D/C axis formulas). Spec
+    // calls for a dedicated 'attribution' scope; integration-layer tools,
+    // not in the essential profile.
+    'aps_compute_data_axis_weights': 'attribution',
+    'aps_compute_compute_axis_weights': 'attribution',
 };
 // ═══════════════════════════════════════
 // TOOL: list_profiles
@@ -660,7 +679,7 @@ server.tool("list_profiles", "Show available tool profiles. Set APS_PROFILE env
 // ═══════════════════════════════════════
 // TOOL: list_tools_for_scope (Primitive #9: Tool Pool Assembly)
 // ═══════════════════════════════════════
-server.tool("list_tools_for_scope", "List available MCP tools filtered by delegation scope. Pass your delegation scopes to see which tools you can use. Scopes: identity, delegation, principal, reputation, coordination, communication, governance, commerce, data, gateway, network, temporal. Use ['*'] for all tools.", {
+server.tool("list_tools_for_scope", "List available MCP tools filtered by delegation scope. Pass your delegation scopes to see which tools you can use. Scopes: identity, delegation, principal, reputation, coordination, communication, governance, commerce, data, gateway, network, temporal, attribution. Use ['*'] for all tools.", {
     scopes: z.array(z.string()).describe("Your delegation scopes, e.g. ['identity', 'delegation', 'commerce']"),
 }, async ({ scopes }) => {
     const allTools = Object.entries(TOOL_SCOPE_MAP);
@@ -4738,6 +4757,160 @@ server.tool("aps_record_owner_confirmation", "Escalation boundary: owner signs a
         return { content: [{ type: "text", text: safeError("recordOwnerConfirmation failed", e) }], isError: true };
     }
 });
+// ═══════════════════════════════════════
+// Attribution Primitive — unified four-axis signed Merkle receipt
+// Spec: ATTRIBUTION-PRIMITIVE-v1.1.md. One signed object per action with
+// four axis projections (D, P, G, C) that verify independently.
+// ═══════════════════════════════════════
+server.tool("aps_construct_attribution_primitive", "Build and sign a four-axis AttributionPrimitive for an action. Axes: D (data sources), P (protocol modules), G (delegation chain), C (compute providers). Returns the complete signed object.", {
+    action: z.object({
+        agentId: z.string(),
+        actionType: z.string(),
+        params: z.record(z.any()),
+        nonce: z.string(),
+    }).describe("Action identity tuple; the action_ref is derived as sha256(canonical(this))"),
+    axes: z.object({
+        D: z.array(z.any()),
+        P: z.array(z.any()),
+        G: z.array(z.any()),
+        C: z.array(z.any()),
+    }).describe("Four-axis content. See spec §1.2 for entry shapes per axis."),
+    issuer: z.string().describe("Issuer DID (gateway or agent producing the receipt)"),
+    issuer_private_key: z.string().describe("Ed25519 private key hex that signs the envelope"),
+    timestamp: z.string().optional().describe("ISO-8601 UTC with ms precision + Z (§2.5). Defaults to now()."),
+}, async (args) => {
+    try {
+        const primitive = constructAttributionPrimitive({
+            action: args.action,
+            axes: args.axes,
+            issuer: args.issuer,
+            issuerPrivateKey: args.issuer_private_key,
+            timestamp: args.timestamp,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(primitive, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("constructAttributionPrimitive failed", e) }], isError: true };
+    }
+});
+server.tool("aps_project_attribution", "Extract a single-axis projection from an AttributionPrimitive. The projection carries the axis content plus a two-hop Merkle path that lets a downstream verifier reconstruct the signed root without seeing the other three axes. axis: 'D' | 'P' | 'G' | 'C'.", {
+    primitive: z.any().describe("An AttributionPrimitive (from aps_construct_attribution_primitive)"),
+    axis: z.enum(["D", "P", "G", "C"]).describe("Axis to project"),
+}, async (args) => {
+    try {
+        const projection = projectAttribution(args.primitive, args.axis);
+        return { content: [{ type: "text", text: JSON.stringify(projection, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("projectAttribution failed", e) }], isError: true };
+    }
+});
+server.tool("aps_verify_attribution_projection", "Verify a single-axis AttributionProjection under the issuer's Ed25519 public key. Returns {valid: true} or {valid: false, reason: 'INVALID_AXIS_TAG'|'MERKLE_MISMATCH'|'SIGNATURE_INVALID'|'MALFORMED'}. Verification is purely local — no other axes required.", {
+    projection: z.any().describe("An AttributionProjection (from aps_project_attribution)"),
+    issuer_public_key: z.string().describe("Issuer Ed25519 public key hex"),
+}, async (args) => {
+    try {
+        const result = verifyAttributionProjection(args.projection, args.issuer_public_key);
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("verifyAttributionProjection failed", e) }], isError: true };
+    }
+});
+server.tool("aps_verify_attribution_primitive", "End-to-end verify of a full AttributionPrimitive: constructs projections for all four axes and verifies each one. Useful as a post-construction sanity check or for verifying a primitive received from a peer.", {
+    primitive: z.any().describe("An AttributionPrimitive"),
+    issuer_public_key: z.string().describe("Issuer Ed25519 public key hex"),
+}, async (args) => {
+    try {
+        const result = verifyAttributionPrimitive(args.primitive, args.issuer_public_key);
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("verifyAttributionPrimitive failed", e) }], isError: true };
+    }
+});
+server.tool("aps_check_projection_consistency", "Cross-projection consistency check (§2.4): given two projections, confirm they originate from the same signed receipt. Returns {same_receipt: true} or {same_receipt: false, reason: 'DIFFERENT_ACTIONS'|'DIFFERENT_RECEIPTS'|'DIFFERENT_SIGNATURES'|'METADATA_MISMATCH'}.", {
+    projection_a: z.any().describe("First AttributionProjection"),
+    projection_b: z.any().describe("Second AttributionProjection"),
+}, async (args) => {
+    try {
+        const result = checkProjectionConsistency(args.projection_a, args.projection_b);
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("checkProjectionConsistency failed", e) }], isError: true };
+    }
+});
+server.tool("aps_compute_attribution_action_ref", "Derive the action_ref (hex sha256) for an action tuple. action_ref is the content-addressed anchor that all four axis projections bind to. Useful for indexing primitives by action without constructing the full primitive.", {
+    agentId: z.string(),
+    actionType: z.string(),
+    params: z.record(z.any()),
+    nonce: z.string(),
+}, async (args) => {
+    try {
+        const action_ref = computeAttributionActionRef({
+            agentId: args.agentId,
+            actionType: args.actionType,
+            params: args.params,
+            nonce: args.nonce,
+        });
+        return { content: [{ type: "text", text: JSON.stringify({ action_ref }, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("computeAttributionActionRef failed", e) }], isError: true };
+    }
+});
+// ═══════════════════════════════════════
+// Attribution Weights — Build B fractional weight formulas
+// Spec: BUILD-B-FRACTIONAL-WEIGHTS.md. Upstream of constructAttributionPrimitive:
+// compute canonical D/C axis weights from raw per-source / per-provider records,
+// then hand the resulting axis entries to aps_construct_attribution_primitive.
+// ═══════════════════════════════════════
+server.tool("aps_compute_data_axis_weights", "Compute the D-axis fractional weight vector from a list of AccessReceipt records with role, timestamp, and content length. Returns canonical DataAxisEntry[] with 6-digit decimal contribution_weight strings that sum to ~1.0 and feed directly into aps_construct_attribution_primitive. Empty input → empty array; all-zero raw weights → error. Weights = role × recency_decay × length_weight, normalized per spec BUILD-B §'The D-axis formula'. Parameter names match the SDK: `sources`, `action_timestamp`, optional `profile`.", {
+    sources: z.array(z.object({
+        source_did: z.string(),
+        access_receipt_hash: z.string(),
+        role: z.enum([
+            'primary_source', 'supporting_evidence', 'context_only', 'background_retrieval',
+        ]),
+        timestamp: z.string().describe("ISO-8601 UTC with millisecond precision + Z (t_source)"),
+        content_length: z.number().nonnegative().describe("Tokens"),
+    })).describe("Per-source records with retrieval metadata"),
+    action_timestamp: z.string().describe("ISO-8601 UTC ms when the action ran (t_action)"),
+    profile: z.any().optional().describe("Optional WeightProfile override; defaults to DEFAULT_WEIGHT_PROFILE"),
+}, async (args) => {
+    try {
+        const entries = computeDataAxisWeights(args.sources, {
+            action_timestamp: args.action_timestamp,
+            profile: args.profile,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(entries, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("computeDataAxisWeights failed", e) }], isError: true };
+    }
+});
+server.tool("aps_compute_compute_axis_weights", "Compute the C-axis fractional weight vector from a list of inference billing records (prompt_tokens, completion_tokens). Returns canonical ComputeAxisEntry[] with 6-digit decimal compute_share strings that sum to ~1.0 and feed directly into aps_construct_attribution_primitive. Weights = prompt_tokens + completion_tokens × COMPLETION_MULTIPLIER (default 3.0), normalized per spec BUILD-B §'The C-axis formula'. Parameter names match the SDK: `providers`, optional `profile`.", {
+    providers: z.array(z.object({
+        provider_did: z.string(),
+        hardware_attestation_hash: z.string(),
+        prompt_tokens: z.number().nonnegative(),
+        completion_tokens: z.number().nonnegative(),
+    })).describe("Per-provider billing records"),
+    profile: z.any().optional().describe("Optional WeightProfile override; defaults to DEFAULT_WEIGHT_PROFILE"),
+}, async (args) => {
+    try {
+        const entries = computeComputeAxisWeights(args.providers, { profile: args.profile });
+        return { content: [{ type: "text", text: JSON.stringify(entries, null, 2) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("computeComputeAxisWeights failed", e) }], isError: true };
+    }
+});
+// Keep DEFAULT_WEIGHT_PROFILE referenced so tree-shakers don't drop it
+// from the compiled bundle — consumers of the two tools above will want
+// to introspect the defaults.
+void DEFAULT_WEIGHT_PROFILE;
 server.prompt("coordination_role", "Get instructions for your assigned coordination role", {}, async () => {
     const role = state.agentRole || 'default';
     const instructions = ROLE_PROMPTS[role] || ROLE_PROMPTS['default'];

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-passport-system-mcp",
-  "version": "2.24.0",
+  "version": "2.26.0",
   "mcpName": "io.github.aeoess/agent-passport-mcp",
-  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 143 tools across 103 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce. Tracks SDK v1.42.0 (2,843 tests).",
+  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 151 tools across 122 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce, attribution primitive. Tracks SDK v1.45.0 (2,910 tests).",
   "type": "module",
   "bin": {
     "agent-passport-system-mcp": "./build/bin.js",
@@ -15,10 +15,10 @@
   ],
   "scripts": {
     "build": "npx tsc && chmod 755 build/bin.js build/index.js build/setup.js",
-    "test": "node --test tests/",
+    "test": "node --test tests/*.test.mjs",
     "watch": "tsc --watch",
     "inspector": "npx @modelcontextprotocol/inspector build/index.js",
-    "prepublishOnly": "npm run build",
+    "prepublishOnly": "npm run build && npm test",
     "postinstall": "echo '\\n🔑 Agent Passport MCP installed! Run: npx agent-passport-system-mcp setup\\n   Or for zero-install remote: npx agent-passport-system-mcp setup --remote\\n'",
     "postpublish": "cd ~/aeoess_web && node scripts/propagate.mjs --apply --commit 2>/dev/null || echo 'Propagation skipped (aeoess_web not found)'"
   },
@@ -50,7 +50,7 @@
   "homepage": "https://github.com/aeoess/agent-passport-mcp",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
-    "agent-passport-system": "^1.42.0",
+    "agent-passport-system": "^1.45.0",
     "zod": "^3.25.76"
   },
   "devDependencies": {