agent-passport-system-mcp 2.27.0 → 3.1.0

package/README.md

@@ -12,13 +12,13 @@ Enforcement and accountability layer for AI agents. Bring your own identity. 20
 APS_PROFILE=essential npx agent-passport-system-mcp
 ```
 
-`essential` is the default profile — the 154 tools 90% of integrations need. Set `APS_PROFILE=full` for all 154 tools.
+`essential` is the default profile — the 20 tools 90% of integrations need. Set `APS_PROFILE=full` for all 146 tools.
 
 Available profiles: essential (default), identity, governance, coordination, commerce, data, gateway, comms, minimal, full.
 
 > **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable documentation or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete technical reference. MCP discovery: [.well-known/mcp.json](https://aeoess.com/.well-known/mcp.json).
 
-Works with any MCP client: Claude Desktop, Claude Code, Cursor, Windsurf, and more. Full surface area under `APS_PROFILE=full`: 154 tools across 122 modules (84 core + 38 v2 constitutional governance). Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172).
+Works with any MCP client: Claude Desktop, Claude Code, Cursor, Windsurf, and more. Full surface area under `APS_PROFILE=full`: 146 tools across 125 modules (84 core + 39 v2 constitutional governance). Independently cited by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172).
 
 ## Quick Start
 
@@ -69,7 +69,7 @@ Or for remote SSE:
 ```
 </details>
 
-## Tools (132)
+## Tools (154)
 
 ### Identity (Layer 1) — 5 tools
 
@@ -216,8 +216,8 @@ Layer 1 — Agent Passport Protocol (Ed25519 identity)
 
 ## Links
 
-- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v1.46.0, 2972 tests)
-- Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v0.13.0)
+- npm SDK: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) (v2.2.0, 2395 tests)
+- Python SDK: [agent-passport-system](https://pypi.org/project/agent-passport-system/) (v2.2.0)
 - Paper (Protocol): [doi.org/10.5281/zenodo.18749779](https://doi.org/10.5281/zenodo.18749779)
 - Paper (Faceted Narrowing): [doi.org/10.5281/zenodo.19260073](https://doi.org/10.5281/zenodo.19260073)
 - Paper (Behavioral Derivation Rights): [doi.org/10.5281/zenodo.19476002](https://doi.org/10.5281/zenodo.19476002)

package/build/index.js

@@ -18,9 +18,7 @@ import { readFileSync, writeFileSync, existsSync } from "node:fs";
 import { join, resolve } from "node:path";
 import { 
 // Identity + Crypto
-joinSocialContract, generateKeyPair, delegate, sign, countersignPassport, verifyIssuerSignature, isIssuerVerified, 
-// Agent Context (enforcement middleware)
-createAgentContext, 
+joinSocialContract, generateKeyPair, sign, countersignPassport, verifyIssuerSignature, isIssuerVerified, 
 // Coordination (Layer 6)
 createTaskBrief, assignTask, acceptTask, submitEvidence, reviewEvidence, handoffEvidence, submitDeliverable, completeTask, createTaskUnit, getTaskStatus, validateTaskUnit, 
 // Delegation (Layer 1)
@@ -30,35 +28,28 @@ createAgoraMessage, createFeed, appendToFeed, getThread, getByTopic, getTopics,
 // Values/Policy (Layer 2 + 5)
 loadFloor, attestFloor, createActionIntent, evaluateIntent, FloorValidatorV1, 
 // Commerce (Layer 8)
-commercePreflight, createCommerceDelegation, getSpendSummary, requestHumanApproval, coordinationToAgora, 
+commercePreflight, createCommerceDelegation, getSpendSummary, requestHumanApproval, 
 // Principal Identity
 createPrincipalIdentity, endorseAgent, verifyEndorsement, revokeEndorsement, createDisclosure, createFleet, addToFleet, getFleetStatus, revokeFromFleet, 
 // Reputation-Gated Authority (Layer 9)
-computeEffectiveScore, createScopedReputation, resolveAuthorityTier, checkTierForIntent, advisoryTierPrecheck, createPromotionReview, updateReputationFromResult, DEFAULT_TIERS, createProxyGateway, 
-// Intent Network (Agent-Mediated Matching) — card creation only, API handles persistence
-createIntentCard, 
+computeEffectiveScore, createScopedReputation, resolveAuthorityTier, checkTierForIntent, advisoryTierPrecheck, createPromotionReview, updateReputationFromResult, DEFAULT_TIERS, 
 // v2: Constitutional Governance Extensions
 createPolicyContext, createArtifactProvenance, 
 // v2: Delegation Versioning
 createV2Delegation, supersedeV2Delegation, 
 // v2: Outcome Registration
 createV2OutcomeRecord, addV2PrincipalReport, getV2EffectiveDivergence, 
-// v2: Anomaly Detection
-recordV2Action, checkV2FirstMaxAuthority, computeV2ConcentrationMetrics, 
 // v2: Emergency Pathways
-defineV2EmergencyPathway, activateV2Emergency, 
-// v2: Migration
-requestV2Migration, 
-// v2: Attestation
-createV2Attestation, assessV2AttestationQuality, } from "agent-passport-system";
+defineV2EmergencyPathway, activateV2Emergency, } from "agent-passport-system";
 // Agent Attestation Architecture (Phase 1 — Consilium Build)
 import { createIssuanceContext, bindAttestation, createEmptyEvidenceRecord, PASSPORT_GRADE_LABELS, 
 // v1.33.0 — action_ref + freshness + evidence-based grade
 computeActionRef, isEvidenceFresh, computeEvidenceAge, classifyEvidenceQuality, evidenceQualityToGrade, 
 // key rotation
 createDIDDocument, verifyRotationChain, isKeyActive, rotateAndInvalidate, } from "agent-passport-system";
-// Data Governance (Modules 36A, 38, 39 + Enforcement Gate + Training Attribution)
-import { registerSelfAttestedSource, createContributionLedger, queryContributions, getSourceMetrics, getAgentDataFootprint, generateSettlement, verifySettlement, generateDataComplianceReport, DataEnforcementGate, createTrainingAttribution, verifyTrainingAttribution, createTrainingLedger, recordTrainingAttribution, getModelDataSources, } from "agent-passport-system";
+// Data Governance (Modules 36A, 38, 39 — protocol primitives only;
+// ContributionLedger/DataEnforcementGate/settlement generation moved to gateway.)
+import { registerSelfAttestedSource, } from "agent-passport-system";
 // Data Lifecycle Governance (Modules 43+)
 import { createDerivationReceipt, resolveExtendedLineage, evaluateRevocationImpact, createDecisionLineageReceipt, isPurposePermitted, purposeCategory, isRetentionExpired, checkAggregateConstraints, isTransferPermitted, computeGovernanceTaint, fileDispute, checkCombinationPermitted, createAccessSnapshot, resolveRightsPropagation, DEFAULT_RIGHTS_PROPAGATION, detectPurposeDrift, declareReidentificationRisk, verifyGovernanceBlock, parseGovernanceBlockFromHTML, isUsagePermitted, embedGovernance, generateApsTxt, verifyApsTxt, resolveTermsForPath, createChainedGovernanceBlock, createAccessReceipt, governanceLoop360, } from "agent-passport-system";
 // Rome-Complete: Charter, Approval, Time, Reserve, Federation
@@ -72,6 +63,10 @@ computeDataAxisWeights, computeComputeAxisWeights, DEFAULT_WEIGHT_PROFILE,
 // Attribution Settlement (Build C — per-period signed settlement record)
 aggregateAttributionPrimitives, buildContributorQueryResponse, signSettlementRecord, verifySettlementRecord, } from "agent-passport-system";
 // ═══════════════════════════════════════
+// Mutual Authentication v1 (SDK v2.2.0)
+// ═══════════════════════════════════════
+import { buildCertificate, signCertificate, certificateId, verifyBundle, verifyAttest, deriveSession, } from "agent-passport-system";
+// ═══════════════════════════════════════
 // State Management
 // ═══════════════════════════════════════
 const STORE_PATH = join(process.env.HOME || '.', '.agent-passport-tasks.json');
@@ -144,7 +139,6 @@ const state = {
     floorYaml: null,
     commerceSpendLog: [],
     intents: new Map(),
-    agentContext: null,
     floor: null,
     pendingActions: new Map(),
     principal: null,
@@ -153,12 +147,7 @@ const state = {
     fleet: null,
     reputations: new Map(),
     promotionHistory: [],
-    gateway: null,
-    gatewayKeys: null,
-    dataEnforcementGate: null,
-    contributionLedger: createContributionLedger(),
     sourceReceipts: new Map(),
-    trainingLedger: createTrainingLedger(),
     derivationStore: new Map(),
     sessionAgent: null,
     charters: new Map(),
@@ -320,28 +309,11 @@ function persistAgoraFeed() {
         // Non-fatal: coordination still works even if persistence fails
     }
 }
-function emitAgoraEvent(event, taskId, detail) {
-    // Skip if no identity — can't sign messages
-    if (!state.agentKey || !state.privateKey)
-        return;
-    try {
-        const result = coordinationToAgora({
-            event,
-            taskId,
-            agentId: state.agentId || 'anonymous',
-            agentName: getAgentName(),
-            publicKey: state.agentKey,
-            privateKey: state.privateKey,
-            feed: state.agoraFeed,
-            registry: state.agoraRegistry,
-            detail,
-        });
-        state.agoraFeed = result.feed;
-        persistAgoraFeed();
-    }
-    catch {
-        // Non-fatal: coordination still works even if Agora post fails
-    }
+// Coordination→Agora bridge moved to gateway in v3.0.0.
+// Task-lifecycle events still happen locally; cross-agent broadcast is a
+// gateway concern now.
+function emitAgoraEvent(_event, _taskId, _detail) {
+    // No-op in protocol-only MCP. Gateway callers handle Agora propagation.
 }
 function loadAgentsRegistry() {
     if (!existsSync(AGENTS_PATH))
@@ -365,6 +337,26 @@ async function signMessage(content) {
     }
 }
 // ═══════════════════════════════════════
+// Gateway Deprecation Helper (v3.0.0)
+// ═══════════════════════════════════════
+// Tools that required product-layer code (ProxyGateway, DataEnforcementGate,
+// ContributionLedger, AgentContext) now live in the private gateway product.
+// Stubs preserve discoverability so callers learn where to migrate.
+function movedToGateway(toolName) {
+    return {
+        content: [{
+                type: "text",
+                text: JSON.stringify({
+                    error: `[deprecated in MCP v3.0.0] This tool (${toolName}) was removed because it required product-layer code that now lives in the private gateway. Use the gateway.aeoess.com REST API for this functionality, or stay on agent-passport-system-mcp@2.27.0 (pins to agent-passport-system@^1.46.0) if you need the old tools.`,
+                    migration: "https://gateway.aeoess.com/docs",
+                    deprecated_in: "3.0.0",
+                    last_working_mcp: "2.27.0",
+                }),
+            }],
+        isError: true,
+    };
+}
+// ═══════════════════════════════════════
 // Server Setup
 // ═══════════════════════════════════════
 const server = new McpServer({
@@ -397,9 +389,9 @@ const TOOL_PROFILES = {
         'create_delegation', 'verify_delegation', 'revoke_delegation',
         'create_charter', 'sign_charter', 'verify_charter',
         'evaluate_threshold', 'create_approval_request', 'add_approval_signature',
-        'create_attestation', 'create_outcome_record', 'add_principal_report',
-        'check_anomaly', 'activate_emergency', 'define_emergency_pathway',
-        'request_migration', 'create_artifact_provenance', 'create_policy_context',
+        'create_outcome_record', 'add_principal_report',
+        'activate_emergency', 'define_emergency_pathway',
+        'create_artifact_provenance', 'create_policy_context',
         'generate_governance_block', 'verify_governance_block',
         'parse_governance_block_html', 'governance_360',
         'generate_aps_txt', 'verify_aps_txt', 'resolve_path_terms',
@@ -418,10 +410,8 @@ const TOOL_PROFILES = {
     ]),
     data: new Set([
         'identify', 'generate_keys', 'create_principal',
-        'register_data_source', 'create_data_enforcement_gate', 'check_data_access',
-        'query_contributions', 'get_source_metrics', 'get_agent_data_footprint',
-        'generate_settlement', 'generate_compliance_report',
-        'record_training_use', 'get_model_data_sources',
+        'register_data_source', 'create_data_enforcement_gate',
+        'query_contributions', 'generate_settlement',
         'create_access_receipt', 'create_access_snapshot',
         'create_derivation_receipt', 'create_decision_lineage_receipt',
         'resolve_lineage', 'evaluate_revocation_impact',
@@ -433,8 +423,8 @@ const TOOL_PROFILES = {
     ]),
     gateway: new Set([
         'identify', 'generate_keys', 'create_principal',
-        'create_gateway', 'register_gateway_agent',
-        'gateway_process_tool_call', 'gateway_approve', 'gateway_execute_approval',
+        'create_gateway',
+        'gateway_process_tool_call', 'gateway_approve',
         'gateway_stats', 'create_delegation', 'load_values_floor', 'attest_to_floor',
         'create_hybrid_timestamp', 'compare_timestamps', 'validate_temporal_rights',
         'create_reserve_attestation', 'vouch_reputation', 'apply_reputation_downgrade',
@@ -445,7 +435,7 @@ const TOOL_PROFILES = {
         'post_agora_message', 'get_agora_topics', 'get_agora_thread',
         'get_agora_by_topic', 'register_agora_agent',
         'send_message', 'check_messages', 'broadcast', 'list_agents',
-        'publish_intent_card', 'remove_intent_card', 'search_matches',
+        'remove_intent_card', 'search_matches',
         'request_intro', 'respond_to_intro', 'get_digest',
         'register_agora_public',
     ]),
@@ -573,13 +563,10 @@ const TOOL_SCOPE_MAP = {
     'execute_with_context': 'governance',
     'complete_action': 'governance',
     'create_policy_context': 'governance',
-    'create_attestation': 'governance',
     'create_outcome_record': 'governance',
     'add_principal_report': 'governance',
-    'check_anomaly': 'governance',
     'define_emergency_pathway': 'governance',
     'activate_emergency': 'governance',
-    'request_migration': 'governance',
     'create_artifact_provenance': 'governance',
     'create_charter': 'governance',
     'verify_charter': 'governance',
@@ -603,14 +590,8 @@ const TOOL_SCOPE_MAP = {
     // Data tools → 'data'
     'register_data_source': 'data',
     'create_data_enforcement_gate': 'data',
-    'check_data_access': 'data',
     'query_contributions': 'data',
-    'get_source_metrics': 'data',
-    'get_agent_data_footprint': 'data',
     'generate_settlement': 'data',
-    'generate_compliance_report': 'data',
-    'record_training_use': 'data',
-    'get_model_data_sources': 'data',
     'create_access_receipt': 'data',
     'create_access_snapshot': 'data',
     'create_derivation_receipt': 'data',
@@ -629,13 +610,10 @@ const TOOL_SCOPE_MAP = {
     'check_usage_permitted': 'data',
     // Gateway tools → 'gateway'
     'create_gateway': 'gateway',
-    'register_gateway_agent': 'gateway',
     'gateway_process_tool_call': 'gateway',
     'gateway_approve': 'gateway',
-    'gateway_execute_approval': 'gateway',
     'gateway_stats': 'gateway',
     // Network tools → 'network'
-    'publish_intent_card': 'network',
     'search_matches': 'network',
     'get_digest': 'network',
     'request_intro': 'network',
@@ -1013,7 +991,7 @@ server.tool("get_behavioral_sequence", "Get the post-issuance behavioral sequenc
     }
     // Classify the behavioral pattern
     const toolNames = sequence.map(s => s.tool);
-    const hasWork = toolNames.some(t => ['submit_evidence', 'publish_intent_card', 'create_agora_message', 'submit_deliverable'].includes(t));
+    const hasWork = toolNames.some(t => ['submit_evidence', 'create_agora_message', 'submit_deliverable'].includes(t));
     const hasExtraction = toolNames.some(t => ['commerce_preflight', 'create_checkout'].includes(t));
     const pattern = hasWork ? 'productive' : hasExtraction ? 'extractive' : 'neutral';
     return {
@@ -2309,7 +2287,7 @@ server.tool("commerce_preflight", "Run preflight checks before a purchase. Valid
     const actualSpendLimit = sessionDel?.spendLimit ?? 1000;
     const hasCommerceScope = sessionDel
         ? sessionDel.scope.some((s) => s === 'commerce' || s === 'commerce:checkout' || s.startsWith('commerce'))
-        : (state.agentContext ? true : false); // fallback to context if no delegation found
+        : false; // no delegation → no commerce scope (agent-context fallback removed with gateway move)
     // Use session agent if available (created by identify), fallback to throwaway
     const agent = state.sessionAgent || joinSocialContract({
         name: args.agent_id,
@@ -2394,161 +2372,24 @@ server.tool("request_human_approval", "Request human approval for a high-value p
 // ═══════════════════════════════════════
 // AGENT CONTEXT — Enforcement Middleware
 // ═══════════════════════════════════════
-server.tool("create_agent_context", "Create an enforcement context that automatically runs every action through the 3-signature policy chain. Without this, policy checks are opt-in. With this, agents physically cannot skip enforcement.", {
+server.tool("create_agent_context", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Create an enforcement context that automatically runs every action through the 3-signature policy chain.", {
     name: z.string().describe("Agent name"),
     mission: z.string().describe("Agent mission statement"),
-    enforcement: z.enum(["auto", "manual", "strict"]).default("auto").describe("Enforcement level: auto (every action checked), manual (tracking only), strict (auto + additional constraints)"),
-    delegated_scopes: z.array(z.string()).default([]).describe("Scopes to delegate (e.g. ['data:read', 'api:fetch', 'commerce:checkout'])"),
+    enforcement: z.enum(["auto", "manual", "strict"]).default("auto").describe("Enforcement level"),
+    delegated_scopes: z.array(z.string()).default([]).describe("Scopes to delegate"),
     spend_limit: z.number().default(1000).describe("Maximum spend allowed"),
-}, async (args) => {
-    const keyErr = requireKey();
-    if (keyErr)
-        return { content: [{ type: "text", text: keyErr }], isError: true };
-    if (!state.floorYaml) {
-        return { content: [{ type: "text", text: 'No floor loaded. Use load_values_floor first.' }], isError: true };
-    }
-    try {
-        const floor = loadFloor(state.floorYaml);
-        // Create the agent with floor attestation
-        const agent = joinSocialContract({
-            name: args.name,
-            mission: args.mission,
-            owner: 'mcp-session',
-            capabilities: args.delegated_scopes,
-            platform: 'node',
-            models: ['mcp'],
-            floor,
-        });
-        // Create the enforced context
-        const ctx = createAgentContext(agent, floor, {
-            enforcement: args.enforcement,
-        });
-        // Add delegation if scopes provided
-        if (args.delegated_scopes.length > 0) {
-            const principal = joinSocialContract({
-                name: 'mcp-principal',
-                mission: 'MCP session principal',
-                owner: 'human',
-                capabilities: ['admin'],
-                platform: 'node',
-                models: ['mcp'],
-                floor,
-            });
-            const del = delegate({
-                from: principal,
-                toPublicKey: agent.publicKey,
-                scope: args.delegated_scopes,
-                spendLimit: args.spend_limit,
-                maxDepth: 3,
-                expiresInHours: 24,
-            });
-            ctx.addDelegation(del);
-        }
-        state.agentContext = ctx;
-        state.floor = floor;
-        // F-4 fix: also register in state.agents so gateway and other tools can find this agent
-        state.agents.set(agent.agentId, agent);
-        return {
-            content: [{
-                    type: "text",
-                    text: JSON.stringify({
-                        created: true,
-                        enforcement: args.enforcement,
-                        agentId: agent.agentId,
-                        scopes: args.delegated_scopes,
-                        spendLimit: args.spend_limit,
-                        note: `Agent Context active (${args.enforcement} mode). Use execute_with_context to run actions through the 3-signature chain.`,
-                    }, null, 2),
-                }],
-        };
-    }
-    catch (e) {
-        return { content: [{ type: "text", text: safeError("Failed to create context", e) }], isError: true };
-    }
-});
-server.tool("execute_with_context", "Execute an action through the enforcement context. Automatically runs the 3-signature chain: creates intent (sig 1), evaluates against floor + delegation (sig 2), returns verdict. Action is DENIED if outside delegated scope.", {
+}, async (_args) => movedToGateway("create_agent_context"));
+server.tool("execute_with_context", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Execute an action through the enforcement context.", {
     action_type: z.string().describe("Action type (e.g. 'api:fetch', 'data:write', 'commerce:checkout')"),
     target: z.string().describe("Target of the action (e.g. URL, file path, resource ID)"),
     scope: z.string().describe("Required scope for this action (must match a delegated scope)"),
     estimated_spend: z.number().optional().describe("Estimated spend for commerce actions"),
-}, async (args) => {
-    if (!state.agentContext) {
-        return { content: [{ type: "text", text: 'No agent context. Use create_agent_context first.' }], isError: true };
-    }
-    try {
-        const result = state.agentContext.execute({
-            type: args.action_type,
-            target: args.target,
-            scope: args.scope,
-            spend: args.estimated_spend ? { amount: args.estimated_spend, currency: 'USD' } : undefined,
-        });
-        // Store for later completion
-        if (result.permitted && result.intent) {
-            state.pendingActions.set(result.intent.intentId, result);
-        }
-        return {
-            content: [{
-                    type: "text",
-                    text: JSON.stringify({
-                        permitted: result.permitted,
-                        verdict: result.verdict,
-                        intentId: result.intent?.intentId,
-                        evaluatorId: result.decision?.evaluatorId,
-                        reason: result.reason,
-                        stats: state.agentContext.stats,
-                        note: result.permitted
-                            ? `Action PERMITTED. Call complete_action with intent_id="${result.intent.intentId}" when done.`
-                            : `Action DENIED: ${result.reason}`,
-                    }, null, 2),
-                }],
-        };
-    }
-    catch (e) {
-        return { content: [{ type: "text", text: safeError("Execute failed", e) }], isError: true };
-    }
-});
-server.tool("complete_action", "Complete a permitted action and get the full 3-signature proof chain (intent + decision + receipt + policy receipt). Call this after successfully executing the action.", {
+}, async (_args) => movedToGateway("execute_with_context"));
+server.tool("complete_action", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Complete a permitted action and get the full 3-signature proof chain.", {
     intent_id: z.string().describe("Intent ID from execute_with_context result"),
     status: z.enum(["success", "failure", "partial"]).describe("Outcome of the action"),
     summary: z.string().describe("Brief description of what was accomplished"),
-}, async (args) => {
-    if (!state.agentContext) {
-        return { content: [{ type: "text", text: 'No agent context. Use create_agent_context first.' }], isError: true };
-    }
-    // Find the pending execute result
-    const executeResult = state.pendingActions.get(args.intent_id);
-    if (!executeResult) {
-        return { content: [{ type: "text", text: `No pending action found for intent ${args.intent_id}. Was it permitted?` }], isError: true };
-    }
-    try {
-        const completed = state.agentContext.complete(executeResult, {
-            status: args.status,
-            summary: args.summary,
-        });
-        // Clean up
-        state.pendingActions.delete(args.intent_id);
-        return {
-            content: [{
-                    type: "text",
-                    text: JSON.stringify({
-                        completed: true,
-                        receiptId: completed.receipt.receiptId,
-                        policyReceiptId: completed.policyReceipt?.receiptId,
-                        signatures: {
-                            intent: '✓ (agent declared intent)',
-                            decision: '✓ (policy engine evaluated)',
-                            receipt: '✓ (execution recorded)',
-                        },
-                        stats: state.agentContext.stats,
-                        auditTrail: state.agentContext.auditLog.length + ' entries',
-                    }, null, 2),
-                }],
-        };
-    }
-    catch (e) {
-        return { content: [{ type: "text", text: safeError("Complete failed", e) }], isError: true };
-    }
-});
+}, async (_args) => movedToGateway("complete_action"));
 // ═══════════════════════════════════════
 // PRINCIPAL IDENTITY TOOLS
 // ═══════════════════════════════════════
@@ -2897,226 +2738,34 @@ server.tool("get_promotion_history", "Get the promotion review history for this
     };
 });
 // ═══════════════════════════════════════
-// Proxy Gateway (Enforcement Boundary)
+// Proxy Gateway (moved to gateway product in v3.0.0)
 // ═══════════════════════════════════════
-server.tool("create_gateway", "Create a ProxyGateway enforcement boundary. The gateway validates identity, delegation scope, policy compliance, and provides replay protection for every tool call. Returns gateway ID and public key.", {
-    gatewayId: z.string().optional().describe("Custom gateway ID (auto-generated if omitted)"),
-    approvalTTLSeconds: z.number().optional().describe("Two-phase approval timeout in seconds (default: 300)"),
-    maxPendingPerAgent: z.number().optional().describe("Max pending approvals per agent (default: 10)"),
-}, async ({ gatewayId, approvalTTLSeconds, maxPendingPerAgent }) => {
-    const keys = generateKeyPair();
-    const id = gatewayId || `gateway-${Date.now().toString(36)}`;
-    if (!state.floor) {
-        return { content: [{ type: "text", text: "Error: Load a Values Floor first (load_values_floor)" }] };
-    }
-    const config = {
-        gatewayId: id,
-        gatewayPublicKey: keys.publicKey,
-        gatewayPrivateKey: keys.privateKey,
-        floor: state.floor,
-        approvalTTLSeconds: approvalTTLSeconds ?? 300,
-        maxPendingPerAgent: maxPendingPerAgent ?? 10,
-        recheckRevocationOnExecute: true,
-    };
-    // Default executor echoes tool calls — real execution is done by MCP client
-    const executor = async (tool, params) => {
-        return { success: true, result: { tool, params, executedVia: 'mcp-gateway' } };
-    };
-    state.gateway = createProxyGateway(config, executor);
-    state.gatewayKeys = keys;
-    return {
-        content: [{
-                type: "text",
-                text: JSON.stringify({
-                    created: true,
-                    gatewayId: id,
-                    publicKey: keys.publicKey,
-                    approvalTTLSeconds: config.approvalTTLSeconds,
-                    maxPendingPerAgent: config.maxPendingPerAgent,
-                    note: "Gateway ready. Register agents with register_gateway_agent, then process calls with gateway_process_tool_call.",
-                }, null, 2),
-            }],
-    };
-});
-server.tool("register_gateway_agent", "Register an agent with the gateway. The agent must have a valid passport and floor attestation. Delegations define what scopes the agent can use through the gateway.", {
-    agentId: z.string().describe("Agent ID to register"),
-}, async ({ agentId }) => {
-    if (!state.gateway) {
-        return { content: [{ type: "text", text: "Error: Create gateway first (create_gateway)" }] };
-    }
-    // F-4 fix: check both state.agents AND state.agentContext for agent data
-    let agent = state.agents.get(agentId);
-    if (!agent && state.agentContext && state.agentId === agentId) {
-        // Agent was created via create_agent_context, bridge to gateway
-        const ctx = state.agentContext;
-        agent = {
-            passport: ctx.agent?.passport || ctx.passport,
-            publicKey: state.agentKey,
-            agentId: state.agentId,
-            attestation: ctx.agent?.attestation || ctx.attestation,
-        };
-    }
-    if (!agent) {
-        return { content: [{ type: "text", text: `Error: Agent "${agentId}" not found in session. Join social contract or create_agent_context first.` }] };
-    }
-    const agentDelegations = Array.from(state.delegations.values()).filter(d => d.delegatedTo === agent.publicKey);
-    if (agentDelegations.length === 0) {
-        return { content: [{ type: "text", text: `Error: No delegations found for agent "${agentId}". Create a delegation first.` }] };
-    }
-    if (!agent.attestation) {
-        return { content: [{ type: "text", text: `Error: Agent "${agentId}" has no floor attestation. Attest to floor first.` }] };
-    }
-    state.gateway.registerAgent(agent.passport, agent.attestation, agentDelegations);
-    return {
-        content: [{
-                type: "text",
-                text: JSON.stringify({
-                    registered: true,
-                    agentId,
-                    delegationCount: agentDelegations.length,
-                    scopes: agentDelegations.flatMap(d => d.scope),
-                }, null, 2),
-            }],
-    };
-});
-server.tool("gateway_process_tool_call", "Process a tool call through the gateway enforcement boundary. Validates identity, delegation, policy, and replay protection in a single atomic operation. Returns execution result with full 3-signature proof chain.", {
-    agentId: z.string().describe("ID of the requesting agent"),
-    tool: z.string().describe("Tool name to execute"),
-    params: z.record(z.unknown()).optional().describe("Tool parameters"),
-    scopeRequired: z.string().describe("Delegation scope needed for this tool"),
-    spendAmount: z.number().optional().describe("Spend amount if commerce action"),
-    spendCurrency: z.string().optional().describe("Currency code (e.g. USD)"),
-    context: z.string().optional().describe("Human-readable context for audit"),
-}, async ({ agentId, tool, params, scopeRequired, spendAmount, spendCurrency, context }) => {
-    if (!state.gateway) {
-        return { content: [{ type: "text", text: "Error: Create gateway first (create_gateway)" }] };
-    }
-    const agent = state.agents.get(agentId);
-    if (!agent) {
-        return { content: [{ type: "text", text: `Error: Agent "${agentId}" not found in session.` }] };
-    }
-    const { canonicalize } = await import("agent-passport-system");
-    const requestId = `mcp-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
-    const payload = canonicalize({ requestId, agentId, tool, params: params || {}, scopeRequired, spend: spendAmount ? { amount: spendAmount, currency: spendCurrency || 'USD' } : undefined });
-    const request = {
-        requestId,
-        agentId,
-        agentPublicKey: agent.publicKey,
-        signature: sign(payload, agent.keyPair.privateKey),
-        tool,
-        params: params || {},
-        scopeRequired,
-        spend: spendAmount ? { amount: spendAmount, currency: spendCurrency || 'USD' } : undefined,
-        context,
-    };
-    const result = await state.gateway.processToolCall(request);
-    return {
-        content: [{
-                type: "text",
-                text: JSON.stringify({
-                    executed: result.executed,
-                    requestId: result.requestId,
-                    result: result.result ?? undefined,
-                    denialReason: result.denialReason ?? undefined,
-                    toolError: result.toolError ?? undefined,
-                    ...(result.decision && { verdict: result.decision.verdict, reason: result.decision.reason }),
-                    ...(result.proof && {
-                        proof: {
-                            hasRequestSignature: !!result.proof.requestSignature,
-                            hasDecisionSignature: !!result.proof.decisionSignature,
-                            hasReceiptSignature: !!result.proof.receiptSignature,
-                            policyReceiptId: result.proof.policyReceipt?.policyReceiptId,
-                        },
-                    }),
-                    ...(result.receipt && {
-                        receipt: {
-                            receiptId: result.receipt.receiptId,
-                            agentId: result.receipt.agentId,
-                            action: result.receipt.action,
-                        },
-                    }),
-                }, null, 2),
-            }],
-    };
-});
-server.tool("gateway_approve", "Two-phase execution: approve a tool call without executing it. Returns an approval ID that can be executed later with gateway_execute_approval. Useful for human-in-the-loop workflows.", {
-    agentId: z.string().describe("ID of the requesting agent"),
-    tool: z.string().describe("Tool name to approve"),
-    params: z.record(z.unknown()).optional().describe("Tool parameters"),
-    scopeRequired: z.string().describe("Delegation scope needed"),
-    context: z.string().optional().describe("Human-readable context"),
-}, async ({ agentId, tool, params, scopeRequired, context }) => {
-    if (!state.gateway) {
-        return { content: [{ type: "text", text: "Error: Create gateway first (create_gateway)" }] };
-    }
-    const agent = state.agents.get(agentId);
-    if (!agent) {
-        return { content: [{ type: "text", text: `Error: Agent "${agentId}" not found in session.` }] };
-    }
-    const { canonicalize } = await import("agent-passport-system");
-    const requestId = `mcp-approve-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
-    const payload = canonicalize({ requestId, agentId, tool, params: params || {}, scopeRequired, spend: undefined });
-    const request = {
-        requestId,
-        agentId,
-        agentPublicKey: agent.publicKey,
-        signature: sign(payload, agent.keyPair.privateKey),
-        tool,
-        params: params || {},
-        scopeRequired,
-        context,
-    };
-    const result = state.gateway.approve(request);
-    return {
-        content: [{
-                type: "text",
-                text: JSON.stringify({
-                    approved: result.approved,
-                    ...(result.approval && {
-                        approvalId: result.approval.approvalId,
-                        expiresAt: result.approval.expiresAt,
-                        nonce: result.approval.nonce,
-                    }),
-                    ...(result.denial && { denial: result.denial }),
-                }, null, 2),
-            }],
-    };
-});
-server.tool("gateway_execute_approval", "Execute a previously approved tool call. Rechecks delegation validity before execution — if delegation was revoked since approval, execution is denied.", {
-    approvalId: z.string().describe("Approval ID from gateway_approve"),
-}, async ({ approvalId }) => {
-    if (!state.gateway) {
-        return { content: [{ type: "text", text: "Error: Create gateway first (create_gateway)" }] };
-    }
-    const result = await state.gateway.executeApproval(approvalId);
-    return {
-        content: [{
-                type: "text",
-                text: JSON.stringify({
-                    executed: result.executed,
-                    requestId: result.requestId,
-                    result: result.result ?? undefined,
-                    denialReason: result.denialReason ?? undefined,
-                    ...(result.proof && {
-                        proof: {
-                            policyReceiptId: result.proof.policyReceipt?.policyReceiptId,
-                        },
-                    }),
-                }, null, 2),
-            }],
-    };
-});
-server.tool("gateway_stats", "Get gateway statistics: total requests, permits, denials, replay attempts blocked, active agents, and pending approvals.", {}, async () => {
-    if (!state.gateway) {
-        return { content: [{ type: "text", text: "Error: Create gateway first (create_gateway)" }] };
-    }
-    return {
-        content: [{
-                type: "text",
-                text: JSON.stringify(state.gateway.getStats(), null, 2),
-            }],
-    };
-});
+// ProxyGateway is a product-layer enforcement runtime. The primitives it
+// was built on (delegation verification, policy evaluation, replay nonces)
+// remain in the SDK — rebuild a gateway locally from those, or use the
+// hosted gateway at gateway.aeoess.com.
+server.tool("create_gateway", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Create a ProxyGateway enforcement boundary.", {
+    gatewayId: z.string().optional().describe("Custom gateway ID"),
+    approvalTTLSeconds: z.number().optional().describe("Two-phase approval timeout"),
+    maxPendingPerAgent: z.number().optional().describe("Max pending approvals per agent"),
+}, async (_args) => movedToGateway("create_gateway"));
+server.tool("gateway_process_tool_call", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Process a tool call through the gateway enforcement boundary.", {
+    agentId: z.string(),
+    tool: z.string(),
+    params: z.record(z.unknown()).optional(),
+    scopeRequired: z.string(),
+    spendAmount: z.number().optional(),
+    spendCurrency: z.string().optional(),
+    context: z.string().optional(),
+}, async (_args) => movedToGateway("gateway_process_tool_call"));
+server.tool("gateway_approve", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Two-phase execution: approve a tool call without executing it.", {
+    agentId: z.string(),
+    tool: z.string(),
+    params: z.record(z.unknown()).optional(),
+    scopeRequired: z.string(),
+    context: z.string().optional(),
+}, async (_args) => movedToGateway("gateway_approve"));
+server.tool("gateway_stats", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Get gateway statistics.", {}, async (_args) => movedToGateway("gateway_stats"));
 // ═══════════════════════════════════════
 // Intent Network (Agent-Mediated Matching)
 // Calls the hosted API at api.aeoess.com
@@ -3129,83 +2778,9 @@ async function intentApiFetch(path, opts) {
     });
     return res.json();
 }
-server.tool("publish_intent_card", "Publish an IntentCard to the Intent Network at aeoess.com. Your card is visible to all agents on the network. Cards are Ed25519 signed, scoped, and expire automatically.", {
-    principal_alias: z.string().describe("Human's display name or alias"),
-    needs: z.array(z.object({
-        category: z.string().describe("Category (e.g. 'engineering', 'design', 'funding')"),
-        description: z.string().describe("What is needed"),
-        priority: z.enum(["critical", "high", "medium", "low"]).default("medium"),
-        tags: z.array(z.string()).optional(),
-        budget_amount: z.number().optional(),
-        budget_currency: z.string().optional(),
-    })).optional().describe("What the human needs"),
-    offers: z.array(z.object({
-        category: z.string().describe("Category of what's offered"),
-        description: z.string().describe("What is offered"),
-        priority: z.enum(["critical", "high", "medium", "low"]).default("medium"),
-        tags: z.array(z.string()).optional(),
-        budget_amount: z.number().optional(),
-        budget_currency: z.string().optional(),
-    })).optional().describe("What the human offers"),
-    open_to: z.array(z.string()).optional().describe("Categories open to (e.g. ['introductions', 'partnerships'])"),
-    not_open_to: z.array(z.string()).optional().describe("Categories explicitly not open to"),
-    approval_required: z.array(z.string()).optional().describe("What needs human approval before sharing"),
-    visibility: z.enum(["public", "verified", "minimal"]).default("public"),
-    ttl_hours: z.number().default(24).describe("Hours until card expires"),
-}, async (args) => {
-    recordBehavior('publish_intent_card');
-    const keyErr = requireKey();
-    if (keyErr)
-        return { content: [{ type: "text", text: keyErr }], isError: true };
-    const mapItem = (item) => ({
-        category: item.category,
-        description: item.description,
-        priority: item.priority || 'medium',
-        tags: item.tags || [],
-        budget: item.budget_amount ? { amount: item.budget_amount, currency: item.budget_currency || 'USD' } : undefined,
-        visibility: 'public',
-    });
-    const card = createIntentCard({
-        agentId: state.agentId || 'anonymous',
-        principalAlias: args.principal_alias,
-        publicKey: state.agentKey,
-        privateKey: state.privateKey,
-        needs: (args.needs || []).map(mapItem),
-        offers: (args.offers || []).map(mapItem),
-        openTo: args.open_to || [],
-        notOpenTo: args.not_open_to || [],
-        approvalRequired: args.approval_required || [],
-        ttlSeconds: (args.ttl_hours || 24) * 3600,
-    });
-    try {
-        const result = await intentApiFetch('/api/cards', {
-            method: 'POST',
-            body: JSON.stringify({ ...card, publicKey: state.agentKey, signature: card.signature }),
-        });
-        if (result.error) {
-            return { content: [{ type: "text", text: `Failed to publish: ${result.error}` }], isError: true };
-        }
-        return {
-            content: [{
-                    type: "text",
-                    text: JSON.stringify({
-                        published: true,
-                        cardId: result.cardId,
-                        agentId: card.agentId,
-                        principalAlias: card.principalAlias,
-                        needs: card.needs.length,
-                        offers: card.offers.length,
-                        expiresAt: result.expiresAt,
-                        networkSize: result.networkSize,
-                        note: 'Card published to Intent Network (api.aeoess.com). Other agents worldwide can now discover matches.',
-                    }, null, 2),
-                }],
-        };
-    }
-    catch (e) {
-        return { content: [{ type: "text", text: safeError("API error", e) }], isError: true };
-    }
-});
+// publish_intent_card removed in v3.0.0: createIntentCard was gateway-side
+// signing glue. Cards are still publishable directly via the Intent Network
+// REST API at api.aeoess.com/api/cards — sign with your agent private key.
 server.tool("search_matches", "Search the Intent Network for people relevant to you. Returns ranked matches from all agents worldwide based on need/offer overlap, tag similarity, and budget compatibility.", {
     min_score: z.number().optional().describe("Minimum relevance score 0-1 (default: 0.1)"),
     max_results: z.number().optional().describe("Maximum results to return (default: 10)"),
@@ -3281,7 +2856,7 @@ server.tool("get_digest", "Get a personalized digest from the Intent Network: re
                             message: intro.message,
                             status: intro.status,
                         })),
-                        note: !digest.hasCard ? 'No card published yet. Use publish_intent_card to join the network.' : undefined,
+                        note: !digest.hasCard ? 'No card published yet. POST to api.aeoess.com/api/cards to join the network (publish_intent_card tool removed in v3.0.0).' : undefined,
                     }, null, 2),
                 }],
         };
@@ -3601,73 +3176,12 @@ server.tool("activate_emergency", "Activate a pre-authorized emergency pathway w
         return { content: [{ type: "text", text: safeError("Emergency activation failed", e) }], isError: true };
     }
 });
-server.tool("create_attestation", "Create a contextual attestation — pre-action reasoning record for medium+ risk actions.", {
-    action_id: z.string(), delegation_ref: z.string(),
-    context_understanding: z.string().describe("Agent's assessment of the situation"),
-    factors_considered: z.array(z.string()).describe("Key decision factors"),
-    alternatives_rejected: z.array(z.object({ alternative: z.string(), reason: z.string() })).default([]),
-    expected_outcome: z.string(),
-    confidence: z.number().min(0).max(1),
-    semantic_uncertainty: z.enum(["low", "medium", "high", "critical"]),
-    required: z.boolean().default(true),
-    valid_until: z.string(), trust_epoch: z.number().default(1),
-}, async (args) => {
-    const keyErr = requireKey();
-    if (keyErr)
-        return { content: [{ type: "text", text: keyErr }], isError: true };
-    try {
-        const ctx = createPolicyContext({
-            policy_version: "2.0.0", values_floor_version: "1.0.0",
-            trust_epoch: args.trust_epoch, issuer_id: state.agentKey,
-            valid_until: args.valid_until,
-        });
-        const att = createV2Attestation({
-            action_id: args.action_id, agent_id: state.agentKey,
-            delegation_ref: args.delegation_ref,
-            context_understanding: args.context_understanding,
-            factors_considered: args.factors_considered,
-            alternatives_rejected: args.alternatives_rejected,
-            expected_outcome: args.expected_outcome,
-            confidence: args.confidence,
-            semantic_uncertainty: args.semantic_uncertainty,
-            required: args.required, policy_context: ctx,
-            agent_private_key: state.privateKey,
-        });
-        const quality = assessV2AttestationQuality(att);
-        return { content: [{ type: "text", text: JSON.stringify({ attestation: att, quality }, null, 2) }] };
-    }
-    catch (e) {
-        return { content: [{ type: "text", text: safeError("Attestation failed", e) }], isError: true };
-    }
-});
-server.tool("request_migration", "Request fork-and-sunset migration when current delegation scope is insufficient.", {
-    source_delegation: z.string(),
-    limitation: z.string().describe("What the agent cannot do under current scope"),
-    requested_scope_change: z.string(),
-    justification: z.string(),
-    valid_until: z.string(), trust_epoch: z.number().default(1),
-}, async (args) => {
-    const keyErr = requireKey();
-    if (keyErr)
-        return { content: [{ type: "text", text: keyErr }], isError: true };
-    try {
-        const ctx = createPolicyContext({
-            policy_version: "2.0.0", values_floor_version: "1.0.0",
-            trust_epoch: args.trust_epoch, issuer_id: state.agentKey,
-            valid_until: args.valid_until,
-        });
-        const req = requestV2Migration({
-            source_agent: state.agentKey, source_delegation: args.source_delegation,
-            limitation: args.limitation, requested_scope_change: args.requested_scope_change,
-            justification: args.justification, agent_private_key: state.privateKey,
-            policy_context: ctx,
-        });
-        return { content: [{ type: "text", text: JSON.stringify(req, null, 2) }] };
-    }
-    catch (e) {
-        return { content: [{ type: "text", text: safeError("Migration request failed", e) }], isError: true };
-    }
-});
+// create_attestation (contextual attestation lifecycle) removed in v3.0.0:
+// createV2Attestation / getV2AgentAttestationQualityAvg / clearV2AttestationStore
+// were gateway-side lifecycle helpers. The primitive assessV2AttestationQuality
+// remains in the SDK for direct use.
+// request_migration removed in v3.0.0: requestV2Migration / approveV2Migration /
+// executeV2Migration were gateway-side migration orchestration.
 server.tool("create_artifact_provenance", "Tag an agent-generated artifact with provenance metadata (content hash, risk class, authoring agent).", {
     delegation_ref: z.string(), intended_use: z.string(),
     risk_class: z.enum(["low", "medium", "high", "critical"]),
@@ -3700,39 +3214,10 @@ server.tool("create_artifact_provenance", "Tag an agent-generated artifact with
         return { content: [{ type: "text", text: safeError("Provenance failed", e) }], isError: true };
     }
 });
-server.tool("check_anomaly", "Record an action and check for anomalies (first-max-authority, concentration).", {
-    action_id: z.string(), authority_level: z.number(),
-    semantic_uncertainty: z.enum(["low", "medium", "high", "critical"]),
-    risk_class: z.enum(["low", "medium", "high", "critical"]),
-    delegation_ref: z.string(),
-    was_delegated: z.boolean().default(false),
-    complexity: z.number().min(0).max(1).default(0.5),
-}, async (args) => {
-    const keyErr = requireKey();
-    if (keyErr)
-        return { content: [{ type: "text", text: keyErr }], isError: true };
-    try {
-        const record = {
-            action_id: args.action_id, agent_id: state.agentKey,
-            authority_level: args.authority_level,
-            semantic_uncertainty: args.semantic_uncertainty,
-            risk_class: args.risk_class,
-            delegation_ref: args.delegation_ref,
-            was_delegated: args.was_delegated,
-            complexity: args.complexity,
-            timestamp: new Date().toISOString(),
-        };
-        recordV2Action(record);
-        const anomaly = checkV2FirstMaxAuthority(record);
-        const concentration = computeV2ConcentrationMetrics(state.agentKey);
-        return { content: [{ type: "text", text: JSON.stringify({
-                        action_recorded: true, anomaly_flag: anomaly, concentration,
-                    }, null, 2) }] };
-    }
-    catch (e) {
-        return { content: [{ type: "text", text: safeError("Anomaly check failed", e) }], isError: true };
-    }
-});
+// check_anomaly removed in v3.0.0: anomaly detection is a cross-session
+// product capability (recordV2Action / checkV2FirstMaxAuthority /
+// computeV2ConcentrationMetrics). The gateway maintains the per-agent action
+// history; MCP tools operate per-session and cannot supply meaningful trends.
 // ═══════════════════════════════════════
 // Data Governance Tools (Modules 36A, 38, 39)
 // ═══════════════════════════════════════
@@ -3777,142 +3262,31 @@ server.tool("register_data_source", "Register a data source with terms for agent
     state.sourceReceipts.set(receipt.sourceReceiptId, receipt);
     return { content: [{ type: "text", text: `✅ Data source registered.\n\nSource Receipt ID: ${receipt.sourceReceiptId}\nDescriptor: ${p.contentDescriptor}\nAllowed purposes: ${p.allowedPurposes.join(', ')}\nCompensation: ${p.compensationType}${p.compensationAmount ? ' $' + p.compensationAmount : ''}\nMax accesses: ${p.maxAccessCount || 'unlimited'}\nDerivative policy: ${p.derivativePolicy}` }] };
 });
-server.tool("create_data_enforcement_gate", "Create a data enforcement gate that checks terms before allowing data access. Modes: enforce (block violations), audit (log only), off.", {
+server.tool("create_data_enforcement_gate", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Create a data enforcement gate that checks terms before allowing data access.", {
     mode: z.enum(["enforce", "audit", "off"]).default("enforce").describe("Enforcement mode"),
-}, async (p) => {
-    const kp = generateKeyPair();
-    state.dataEnforcementGate = new DataEnforcementGate({
-        gatewayId: 'gw_data_' + Date.now().toString(36),
-        gatewayPublicKey: kp.publicKey,
-        gatewayPrivateKey: kp.privateKey,
-        mode: p.mode,
-    }, state.contributionLedger);
-    // Register all known sources
-    for (const [id, receipt] of state.sourceReceipts) {
-        state.dataEnforcementGate.registerSource(receipt, receipt.contentDescriptor);
-    }
-    return { content: [{ type: "text", text: `✅ Data enforcement gate created.\n\nMode: ${p.mode}\nRegistered sources: ${state.sourceReceipts.size}\nContribution ledger: active` }] };
-});
-server.tool("check_data_access", "Check if an agent can access a data source through the enforcement gate. Generates receipt and feeds contribution ledger.", {
-    sourceReceiptId: z.string().describe("Source receipt ID to access"),
-    declaredPurpose: z.enum(["read", "analyze", "summarize", "generate", "recommend", "train", "embed", "redistribute", "commercial"]).describe("Declared purpose"),
-    accessMethod: z.enum(["api_call", "file_read", "database_query", "web_fetch", "memory_retrieval", "embedding_lookup", "stream", "human_provided"]).default("api_call"),
-}, async (p) => {
-    if (!state.dataEnforcementGate)
-        return { content: [{ type: "text", text: "❌ No enforcement gate. Call create_data_enforcement_gate first." }] };
-    if (!state.agentKey)
-        return { content: [{ type: "text", text: "❌ Not identified." }] };
-    const decision = state.dataEnforcementGate.checkAccess({
-        agentId: state.agentId || 'unknown',
-        agentPublicKey: state.agentKey,
-        principalId: state.principal?.principalId || 'unknown',
-        sourceReceiptId: p.sourceReceiptId,
-        declaredPurpose: p.declaredPurpose,
-        accessMethod: p.accessMethod,
-        accessScope: 'data:' + p.declaredPurpose,
-        executionFrameId: 'frame_' + Date.now().toString(36),
-    });
-    const status = decision.allowed ? '✅ Access ALLOWED' : '❌ Access DENIED';
-    let text = `${status}\n\nSource: ${p.sourceReceiptId}\nPurpose: ${p.declaredPurpose}`;
-    if (decision.hardViolations.length)
-        text += `\nViolations: ${decision.hardViolations.join('; ')}`;
-    if (decision.advisoryWarnings.length)
-        text += `\nWarnings: ${decision.advisoryWarnings.join('; ')}`;
-    if (decision.receipt)
-        text += `\nReceipt ID: ${decision.receipt.accessReceiptId}`;
-    if (decision.accessesRemaining !== undefined)
-        text += `\nAccesses remaining: ${decision.accessesRemaining}`;
-    return { content: [{ type: "text", text }] };
-});
-server.tool("query_contributions", "Query the data contribution ledger. Filter by source, agent, principal, purpose, or time range.", {
+}, async (_args) => movedToGateway("create_data_enforcement_gate"));
+server.tool("query_contributions", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Query the data contribution ledger.", {
     sourceReceiptId: z.string().optional(),
     agentId: z.string().optional(),
     principalId: z.string().optional(),
     purpose: z.string().optional(),
     minAccessCount: z.number().optional(),
-}, async (p) => {
-    const records = queryContributions(state.contributionLedger, p);
-    if (records.length === 0)
-        return { content: [{ type: "text", text: "No contributions found matching query." }] };
-    const lines = records.map(r => `• ${r.sourceDescriptor || r.sourceReceiptId}: ${r.accessCount} accesses by ${r.agentId}, purposes: ${r.purposes.join('/')}, owed: $${r.compensationAccrued.totalOwed.toFixed(4)}`);
-    return { content: [{ type: "text", text: `📊 ${records.length} contribution records:\n\n${lines.join('\n')}` }] };
-});
-server.tool("get_source_metrics", "Get aggregate metrics for a data source: total accesses, unique agents, compensation owed.", {
-    sourceReceiptId: z.string().describe("Source receipt ID"),
-}, async (p) => {
-    const metrics = getSourceMetrics(state.contributionLedger, p.sourceReceiptId);
-    if (!metrics)
-        return { content: [{ type: "text", text: "No data found for this source." }] };
-    return { content: [{ type: "text", text: `📊 Source Metrics: ${metrics.sourceDescriptor}\n\nTotal accesses: ${metrics.totalAccesses}\nUnique agents: ${metrics.uniqueAgents}\nUnique principals: ${metrics.uniquePrincipals}\nCompensation owed: $${metrics.compensationOwed.totalOwed.toFixed(4)} ${metrics.compensationOwed.currency}\nPurpose breakdown: ${JSON.stringify(metrics.purposeBreakdown)}\nTop agents: ${metrics.topAgents.map(a => `${a.agentId} (${a.accessCount})`).join(', ')}` }] };
-});
-server.tool("get_agent_data_footprint", "Show every data source an agent has accessed, with compensation status.", {
-    agentId: z.string().describe("Agent ID to check"),
-}, async (p) => {
-    const footprint = getAgentDataFootprint(state.contributionLedger, p.agentId);
-    if (!footprint)
-        return { content: [{ type: "text", text: "No data access found for this agent." }] };
-    const sources = footprint.sourcesAccessed.map(s => `• ${s.sourceDescriptor || s.sourceReceiptId}: ${s.accessCount} accesses, purposes: ${s.purposes.join('/')}, status: ${s.compensationStatus}`);
-    return { content: [{ type: "text", text: `🔍 Agent Data Footprint: ${p.agentId}\n\nTotal sources: ${footprint.totalSources}\nTotal accesses: ${footprint.totalAccesses}\nTotal compensation accrued: $${footprint.totalCompensationAccrued.toFixed(4)} ${footprint.currency}\n\nSources:\n${sources.join('\n')}` }] };
-});
-server.tool("generate_settlement", "Generate a Merkle-committed, signed settlement record for a period. Shows what's owed to each data source.", {
+}, async (_args) => movedToGateway("query_contributions"));
+server.tool("generate_settlement", "[deprecated in v3.0.0 — use gateway.aeoess.com REST API] Generate a Merkle-committed, signed settlement record for a period.", {
     startDate: z.string().describe("Period start (YYYY-MM-DD)"),
     endDate: z.string().describe("Period end (YYYY-MM-DD)"),
     periodLabel: z.string().describe("Label (e.g. '2026-Q1', '2026-03')"),
-}, async (p) => {
-    const kp = generateKeyPair();
-    const settlement = generateSettlement(state.contributionLedger, { startDate: p.startDate, endDate: p.endDate, periodLabel: p.periodLabel }, kp.publicKey, kp.privateKey);
-    const verification = verifySettlement(settlement);
-    const lines = settlement.lineItems.map(li => `• ${li.sourceDescriptor || li.sourceReceiptId}: ${li.accessCount} accesses, $${li.amount.toFixed(4)} (${li.compensationModel})`);
-    return { content: [{ type: "text", text: `📋 Settlement Record: ${settlement.settlementId}\n\nPeriod: ${p.periodLabel}\nTotal: $${settlement.totalAmount.toFixed(4)} ${settlement.currency}\nTotal accesses: ${settlement.totalAccesses}\nUnique sources: ${settlement.uniqueSources}\nUnique payers: ${settlement.uniquePayers}\nMerkle root: ${settlement.merkleRoot.slice(0, 16)}...\nVerification: ${verification.valid ? '✅ VALID' : '❌ INVALID'}\n\nLine items:\n${lines.join('\n')}` }] };
-});
-server.tool("generate_compliance_report", "Generate a GDPR Article 30 / EU AI Act Article 10 / SOC 2 compliance report.", {
-    reportType: z.enum(["gdpr_article30", "euai_article10", "soc2_data", "general"]).describe("Report type"),
-    startDate: z.string().describe("Period start"),
-    endDate: z.string().describe("Period end"),
-    periodLabel: z.string().describe("Label"),
-    agentId: z.string().optional().describe("Filter by agent"),
-    principalId: z.string().optional().describe("Filter by principal"),
-}, async (p) => {
-    const kp = generateKeyPair();
-    const report = generateDataComplianceReport(state.contributionLedger, { startDate: p.startDate, endDate: p.endDate, periodLabel: p.periodLabel }, p.reportType, kp.privateKey, { agentId: p.agentId, principalId: p.principalId });
-    return { content: [{ type: "text", text: `📋 Compliance Report: ${report.reportId}\n\nType: ${p.reportType}\nPeriod: ${p.periodLabel}\nTotal data accesses: ${report.summary.totalDataAccesses}\nUnique data sources: ${report.summary.uniqueDataSources}\nPurpose breakdown: ${JSON.stringify(report.summary.purposeBreakdown)}\nCompensation: $${report.summary.compensationSummary.total.toFixed(4)} (pending: $${report.summary.compensationSummary.pending.toFixed(4)})\nTerms violations: ${report.summary.termsViolations}\nAdvisory warnings: ${report.summary.advisoryWarnings}\nSigned: ✅` }] };
-});
-server.tool("record_training_use", "Record that agent output derived from data sources was used for training/fine-tuning/embedding. Creates a signed training attribution receipt.", {
-    trainingUseType: z.enum(["fine_tune", "lora_adapter", "embedding", "rag_index", "distillation", "evaluation", "synthetic_data"]).describe("Type of training use"),
-    modelId: z.string().describe("Model being trained"),
-    sourceAccessReceiptIds: z.array(z.string()).describe("Access receipt IDs of source data used"),
-    outputContentHash: z.string().describe("SHA-256 of the output used for training"),
-    contributionWeights: z.record(z.number()).optional().describe("Fractional weights per source (sum to 1.0)"),
-    datasetSize: z.number().optional().describe("Number of training examples"),
-}, async (p) => {
-    if (!state.agentKey || !state.privateKey)
-        return { content: [{ type: "text", text: "❌ Not identified." }] };
-    const receipt = createTrainingAttribution({
-        trainingUseType: p.trainingUseType,
-        modelId: p.modelId,
-        trainerId: state.agentId || 'unknown',
-        trainerPublicKey: state.agentKey,
-        trainerPrivateKey: state.privateKey,
-        sourceAccessReceiptIds: p.sourceAccessReceiptIds,
-        executionFrameId: 'frame_train_' + Date.now().toString(36),
-        outputContentHash: p.outputContentHash,
-        inputDataHashes: p.sourceAccessReceiptIds.map(id => id), // simplified
-        contributionWeights: p.contributionWeights,
-        datasetSize: p.datasetSize,
-    });
-    recordTrainingAttribution(state.trainingLedger, receipt);
-    const v = verifyTrainingAttribution(receipt);
-    return { content: [{ type: "text", text: `✅ Training attribution recorded.\n\nReceipt: ${receipt.trainingReceiptId}\nType: ${p.trainingUseType}\nModel: ${p.modelId}\nSources: ${p.sourceAccessReceiptIds.length}\nDataset size: ${p.datasetSize || 'N/A'}\nWeights: ${p.contributionWeights ? JSON.stringify(p.contributionWeights) : 'equal'}\nVerification: ${v.valid ? '✅' : '❌'}` }] };
-});
-server.tool("get_model_data_sources", "Show which data sources contributed to a model's training, with fractional weights.", {
-    modelId: z.string().describe("Model ID to check"),
-}, async (p) => {
-    const sources = getModelDataSources(state.trainingLedger, p.modelId);
-    if (sources.length === 0)
-        return { content: [{ type: "text", text: "No training data found for this model." }] };
-    const lines = sources.map(s => `• ${s.accessReceiptId}: weight ${s.weight.toFixed(4)}, type: ${s.trainingUseType}`);
-    return { content: [{ type: "text", text: `🧠 Model Training Sources: ${p.modelId}\n\n${sources.length} data sources contributed:\n${lines.join('\n')}` }] };
-});
+}, async (_args) => movedToGateway("generate_settlement"));
+// Removed in v3.0.0 (moved to gateway product — no stub to keep tool count bounded):
+//   check_data_access         (DataEnforcementGate.checkAccess)
+//   get_source_metrics        (cross-agent ledger aggregation)
+//   get_agent_data_footprint  (cross-agent ledger aggregation)
+//   generate_compliance_report (generateDataComplianceReport)
+//   record_training_use       (createTrainingAttribution + ledger)
+//   get_model_data_sources    (training ledger aggregation)
+// All of these required ContributionLedger / TrainingAttributionLedger
+// (ledger classes are gateway-product). The underlying primitives
+// (access receipts, settlement signing) remain in the SDK at aps_* tools.
 // ═══════════════════════════════════════
 // Data Lifecycle Governance Tools
 // ═══════════════════════════════════════
@@ -4983,6 +4357,108 @@ server.tool("aps_build_contributor_query", "Build a contributor-query response:
         return { content: [{ type: "text", text: safeError("buildContributorQuery failed", e) }], isError: true };
     }
 });
+// ═══════════════════════════════════════
+// Mutual Authentication v1 tools (SDK v2.2.0)
+// ═══════════════════════════════════════
+server.tool("mutualAuthBuildCertificate", "Build and sign a mutual-auth certificate identifying an agent or information system. Returns the signed MutualAuthCertificate object ready to carry into a handshake. The issuer's Ed25519 private key (hex) signs over the canonical (JCS) form.", {
+    role: z.enum(["agent", "information_system"]).describe("Role of the subject this cert identifies"),
+    subject_id: z.string().describe("Stable subject identifier (e.g., agent DID, IS endpoint URL)"),
+    subject_pubkey_hex: z.string().describe("Ed25519 public key (hex) of the subject"),
+    issuer_id: z.string().describe("Issuer identifier"),
+    issuer_role: z.enum(["agent", "information_system", "trust_anchor"]).describe("Role of the issuer"),
+    issuer_pubkey_hex: z.string().describe("Ed25519 public key (hex) of the issuer"),
+    issuer_privkey_hex: z.string().describe("Ed25519 private key (hex) of the issuer — used to sign"),
+    binding: z.string().describe("For an agent: the APS agent_id. For an IS: the resource domain (e.g., mcp://api.bank.com)"),
+    not_before: z.number().describe("Earliest valid time (unix ms)"),
+    not_after: z.number().describe("Latest valid time (unix ms)"),
+    supported_versions: z.array(z.string()).describe("Protocol versions supported, highest first (e.g., ['1.0'])"),
+    attestation_grade: z.union([z.literal(0), z.literal(1), z.literal(2), z.literal(3)]).optional().describe("For agents: APS attestation grade 0-3"),
+    capabilities: z.array(z.string()).optional().describe("Optional capability tags"),
+}, async (args) => {
+    try {
+        const unsigned = buildCertificate({
+            role: args.role,
+            subject_id: args.subject_id,
+            subject_pubkey_hex: args.subject_pubkey_hex,
+            issuer_id: args.issuer_id,
+            issuer_role: args.issuer_role,
+            binding: args.binding,
+            not_before: args.not_before,
+            not_after: args.not_after,
+            supported_versions: args.supported_versions,
+            attestation_grade: args.attestation_grade,
+            capabilities: args.capabilities,
+        }, args.issuer_pubkey_hex);
+        const cert = signCertificate(unsigned, args.issuer_privkey_hex);
+        return {
+            content: [{ type: "text", text: JSON.stringify({
+                        certificate: cert,
+                        certificate_id: certificateId(cert),
+                    }, null, 2) }],
+        };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("mutualAuthBuildCertificate failed", e) }], isError: true };
+    }
+});
+server.tool("mutualAuthVerifyAttest", "Verify a MutualAuthAttest against policy and trust anchors. Runs all 10 verification checks: signature, version negotiation, nonce match, timestamp freshness, certificate validity, issuer anchor check, binding constraints, downgrade detection, attestation grade policy, capability policy. Returns ok:true on success or a failure reason on rejection.", {
+    attest: z.any().describe("MutualAuthAttest to verify"),
+    expected_peer_nonce_b64: z.string().describe("The nonce the peer sent in their prior hello or attest"),
+    expected_own_nonce_b64: z.string().describe("The nonce we sent in our own prior hello or attest"),
+    policy: z.any().describe("MutualAuthPolicy (accepted_versions, min_agent_grade, required_capabilities, max_clock_skew_ms, max_session_ms)"),
+    trust_anchors: z.array(z.any()).describe("TrustAnchor[] — local trusted roots"),
+    revoked_anchor_ids: z.array(z.string()).optional().describe("IDs of anchors revoked since the bundle was issued"),
+    now_ms: z.number().optional().describe("Current unix ms — defaults to Date.now()"),
+}, async (args) => {
+    try {
+        const res = verifyAttest({
+            attest: args.attest,
+            expected_peer_nonce_b64: args.expected_peer_nonce_b64,
+            expected_own_nonce_b64: args.expected_own_nonce_b64,
+            policy: args.policy,
+            trust_anchors: args.trust_anchors,
+            revoked_anchor_ids: args.revoked_anchor_ids,
+            now_ms: args.now_ms ?? Date.now(),
+        });
+        return {
+            content: [{ type: "text", text: JSON.stringify(res, null, 2) }],
+        };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("mutualAuthVerifyAttest failed", e) }], isError: true };
+    }
+});
+server.tool("mutualAuthDeriveSession", "Derive the shared mutual-auth session record from both sides' Attests. Both parties MUST compute identical session_id given identical inputs (canonical JCS + sha256 of chosen_version, both cert ids, both nonces). Returns a MutualAuthSession with session_id + both certificates + expiry bounds, or failure reason.", {
+    agent_attest: z.any().describe("The agent's MutualAuthAttest"),
+    is_attest: z.any().describe("The information system's MutualAuthAttest"),
+    policy: z.any().describe("MutualAuthPolicy"),
+    now_ms: z.number().optional().describe("Current unix ms — defaults to Date.now()"),
+}, async (args) => {
+    try {
+        const res = deriveSession(args.agent_attest, args.is_attest, args.policy, args.now_ms ?? Date.now());
+        return {
+            content: [{ type: "text", text: JSON.stringify(res, null, 2) }],
+        };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("mutualAuthDeriveSession failed", e) }], isError: true };
+    }
+});
+server.tool("mutualAuthVerifyTrustBundle", "Verify a TrustAnchorBundle signature and freshness. Caller supplies the list of trusted publisher public keys (root configuration). Returns ok:true on success or failure reason (untrusted_publisher, signature_invalid, bundle_expired, not_yet_valid).", {
+    bundle: z.any().describe("TrustAnchorBundle to verify"),
+    trusted_publisher_pubkeys_hex: z.array(z.string()).describe("List of Ed25519 pubkeys (hex) authorized to publish bundles"),
+    now_ms: z.number().optional().describe("Current unix ms — defaults to Date.now()"),
+}, async (args) => {
+    try {
+        const res = verifyBundle(args.bundle, args.trusted_publisher_pubkeys_hex, args.now_ms ?? Date.now());
+        return {
+            content: [{ type: "text", text: JSON.stringify(res, null, 2) }],
+        };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: safeError("mutualAuthVerifyTrustBundle failed", e) }], isError: true };
+    }
+});
 server.prompt("coordination_role", "Get instructions for your assigned coordination role", {}, async () => {
     const role = state.agentRole || 'default';
     const instructions = ROLE_PROMPTS[role] || ROLE_PROMPTS['default'];

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-passport-system-mcp",
-  "version": "2.27.0",
+  "version": "3.1.0",
   "mcpName": "io.github.aeoess/agent-passport-mcp",
-  "description": "MCP server for the Agent Passport System — enforcement infrastructure for the agent economy. 154 tools across 123 modules. Policy eval <2ms. Identity, delegation, reputation, enforcement, attestation, feeless Nano wallet, commerce, attribution primitive, attribution settlement. Tracks SDK v1.46.0 (2,972 tests).",
+  "description": "MCP server for the Agent Passport System — protocol-layer tools only. 146 tools (132 protocol + 10 gateway deprecation stubs). Identity, delegation, reputation, attestation, coordination, commerce, attribution primitive, attribution settlement. Tracks SDK v2.2.0. For gateway-runtime tools (ProxyGateway, AgentContext, DataEnforcementGate), use gateway.aeoess.com REST API or pin to v3.1.0.",
   "type": "module",
   "bin": {
     "agent-passport-system-mcp": "./build/bin.js",
@@ -50,7 +50,7 @@
   "homepage": "https://github.com/aeoess/agent-passport-mcp",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
-    "agent-passport-system": "^1.46.0",
+    "agent-passport-system": "^2.2.0",
     "zod": "^3.25.76"
   },
   "devDependencies": {