agent-passport-system-mcp 2.8.0 → 2.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +1 -1
  2. package/build/index.js +52 -24
  3. package/package.json +3 -3
package/README.md CHANGED
@@ -8,7 +8,7 @@
8
8
 
9
9
  MCP server for the [Agent Passport System](https://github.com/aeoess/agent-passport-system) — cryptographic identity, delegation, governance, and commerce for AI agents.
10
10
 
11
- **61 tools** across all 16 protocol modules. Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
11
+ **61 tools** across all 17 protocol modules. Works with any MCP client: Claude Desktop, Cursor, Windsurf, and more.
12
12
 
13
13
  ## Quick Start
14
14
 
package/build/index.js CHANGED
@@ -90,7 +90,7 @@ function loadTasks() {
90
90
  }
91
91
  }
92
92
  catch (e) {
93
- console.error('Failed to load task store:', e);
93
+ console.error('Failed to load task store');
94
94
  }
95
95
  }
96
96
  }
@@ -137,13 +137,22 @@ function sanitizeAgentName(name) {
137
137
  function isPathWithin(filePath, allowedDir) {
138
138
  return resolve(filePath).startsWith(resolve(allowedDir) + '/');
139
139
  }
140
+ // Sanitize error messages before returning to clients
141
+ function safeError(prefix, e) {
142
+ if (e instanceof Error) {
143
+ const msg = e.message.replace(/\/[^\s:]+/g, '[path]').replace(/at\s+.+/g, '').slice(0, 200);
144
+ return `${prefix}: ${msg}`.trim();
145
+ }
146
+ return `${prefix}: operation failed`;
147
+ }
140
148
  function getAgentName() {
141
- // Derive agent name from agentId (e.g., "claude-001" "claude")
149
+ // Derive agent name from agentId always sanitize to prevent path traversal
150
+ let name = 'unknown';
142
151
  if (state.agentId)
143
- return state.agentId.replace(/-\d+$/, '');
144
- if (state.agentKey)
145
- return state.agentKey.slice(0, 8);
146
- return 'unknown';
152
+ name = state.agentId.replace(/-\d+$/, '');
153
+ else if (state.agentKey)
154
+ name = state.agentKey.slice(0, 8);
155
+ return sanitizeAgentName(name) || 'unknown';
147
156
  }
148
157
  // ── Agora bridge: auto-post coordination events ──
149
158
  // Load existing Agora feed from disk on startup
@@ -163,7 +172,7 @@ function loadAgoraFeed() {
163
172
  }
164
173
  }
165
174
  catch {
166
- // Non-fatal: start with empty feed if file is corrupted
175
+ console.error('Agora feed read failed — starting with empty feed');
167
176
  }
168
177
  }
169
178
  // Persist Agora feed to disk after changes
@@ -224,7 +233,7 @@ function loadAgentsRegistry() {
224
233
  const data = JSON.parse(readFileSync(AGENTS_PATH, 'utf-8'));
225
234
  return data.agents || [];
226
235
  }
227
- catch {
236
+ catch { /* file read failed */
228
237
  return [];
229
238
  }
230
239
  }
@@ -581,7 +590,7 @@ server.tool("review_evidence", "[OPERATOR] Review an evidence packet. Score it a
581
590
  };
582
591
  }
583
592
  catch (e) {
584
- return { content: [{ type: "text", text: `Error: ${e.message}` }], isError: true };
593
+ return { content: [{ type: "text", text: safeError("Error", e) }], isError: true };
585
594
  }
586
595
  });
587
596
  server.tool("handoff_evidence", "[OPERATOR] Transfer approved evidence from researcher to analyst.", {
@@ -629,7 +638,7 @@ server.tool("handoff_evidence", "[OPERATOR] Transfer approved evidence from rese
629
638
  };
630
639
  }
631
640
  catch (e) {
632
- return { content: [{ type: "text", text: `Error: ${e.message}` }], isError: true };
641
+ return { content: [{ type: "text", text: safeError("Error", e) }], isError: true };
633
642
  }
634
643
  });
635
644
  server.tool("complete_task", "[OPERATOR] Close the task unit with final status and retrospective.", {
@@ -935,6 +944,22 @@ server.tool("create_delegation", "[OPERATOR] Create a scoped delegation from one
935
944
  const keyErr = requireKey();
936
945
  if (keyErr)
937
946
  return { content: [{ type: "text", text: keyErr }], isError: true };
947
+ // Validate delegation scopes
948
+ if (!args.scope || args.scope.length === 0) {
949
+ return { content: [{ type: "text", text: "Delegation must include at least one scope." }], isError: true };
950
+ }
951
+ const SCOPE_PATTERN = /^[a-zA-Z0-9_.:/-]+$/;
952
+ for (const s of args.scope) {
953
+ if (s === '*' || s === '**') {
954
+ return { content: [{ type: "text", text: `Wildcard scope "${s}" not allowed. Use explicit scopes.` }], isError: true };
955
+ }
956
+ if (s.length > 128) {
957
+ return { content: [{ type: "text", text: `Scope exceeds max length (128 chars).` }], isError: true };
958
+ }
959
+ if (!SCOPE_PATTERN.test(s)) {
960
+ return { content: [{ type: "text", text: `Scope "${s}" contains invalid characters.` }], isError: true };
961
+ }
962
+ }
938
963
  const delegation = createDelegation({
939
964
  delegatedBy: state.agentKey,
940
965
  delegatedTo: args.delegated_to,
@@ -1050,7 +1075,7 @@ server.tool("sub_delegate", "Sub-delegate authority to another agent (must be wi
1050
1075
  };
1051
1076
  }
1052
1077
  catch (e) {
1053
- return { content: [{ type: "text", text: `Sub-delegation failed: ${e.message}` }], isError: true };
1078
+ return { content: [{ type: "text", text: safeError("Sub-delegation failed", e) }], isError: true };
1054
1079
  }
1055
1080
  });
1056
1081
  // ═══════════════════════════════════════
@@ -1239,7 +1264,7 @@ server.tool("register_agora_public", "Register your agent in the PUBLIC Agora re
1239
1264
  };
1240
1265
  }
1241
1266
  catch (e) {
1242
- return { content: [{ type: "text", text: `❌ Failed to create issue: ${e.message}` }] };
1267
+ return { content: [{ type: "text", text: safeError("Failed to create issue", e) }] };
1243
1268
  }
1244
1269
  });
1245
1270
  // ═══════════════════════════════════════
@@ -1297,6 +1322,9 @@ server.tool("check_messages", "Check messages addressed to you. Reads from comms
1297
1322
  }, async (args) => {
1298
1323
  const name = getAgentName();
1299
1324
  const filePath = join(COMMS_PATH, `to-${name}.json`);
1325
+ if (!isPathWithin(filePath, COMMS_PATH)) {
1326
+ return { content: [{ type: "text", text: "Invalid agent name — path rejected" }] };
1327
+ }
1300
1328
  let messages = readCommsFile(filePath);
1301
1329
  const unprocessedOnly = args.unprocessed_only !== false;
1302
1330
  if (unprocessedOnly) {
@@ -1395,7 +1423,7 @@ server.tool("load_values_floor", "Load a Values Floor from YAML. Sets the floor
1395
1423
  };
1396
1424
  }
1397
1425
  catch (e) {
1398
- return { content: [{ type: "text", text: `Failed to load floor: ${e.message}` }], isError: true };
1426
+ return { content: [{ type: "text", text: safeError("Failed to load floor", e) }], isError: true };
1399
1427
  }
1400
1428
  });
1401
1429
  server.tool("attest_to_floor", "Attest that your agent agrees to abide by the loaded Values Floor.", {
@@ -1521,7 +1549,7 @@ server.tool("evaluate_intent", "[OPERATOR] Evaluate an intent against the Values
1521
1549
  };
1522
1550
  }
1523
1551
  catch (e) {
1524
- return { content: [{ type: "text", text: `Policy evaluation failed: ${e.message}` }], isError: true };
1552
+ return { content: [{ type: "text", text: safeError("Policy evaluation failed", e) }], isError: true };
1525
1553
  }
1526
1554
  });
1527
1555
  // ═══════════════════════════════════════
@@ -1688,7 +1716,7 @@ server.tool("create_agent_context", "Create an enforcement context that automati
1688
1716
  };
1689
1717
  }
1690
1718
  catch (e) {
1691
- return { content: [{ type: "text", text: `Failed to create context: ${e.message}` }], isError: true };
1719
+ return { content: [{ type: "text", text: safeError("Failed to create context", e) }], isError: true };
1692
1720
  }
1693
1721
  });
1694
1722
  server.tool("execute_with_context", "Execute an action through the enforcement context. Automatically runs the 3-signature chain: creates intent (sig 1), evaluates against floor + delegation (sig 2), returns verdict. Action is DENIED if outside delegated scope.", {
@@ -1729,7 +1757,7 @@ server.tool("execute_with_context", "Execute an action through the enforcement c
1729
1757
  };
1730
1758
  }
1731
1759
  catch (e) {
1732
- return { content: [{ type: "text", text: `Execute failed: ${e.message}` }], isError: true };
1760
+ return { content: [{ type: "text", text: safeError("Execute failed", e) }], isError: true };
1733
1761
  }
1734
1762
  });
1735
1763
  server.tool("complete_action", "Complete a permitted action and get the full 3-signature proof chain (intent + decision + receipt + policy receipt). Call this after successfully executing the action.", {
@@ -1771,7 +1799,7 @@ server.tool("complete_action", "Complete a permitted action and get the full 3-s
1771
1799
  };
1772
1800
  }
1773
1801
  catch (e) {
1774
- return { content: [{ type: "text", text: `Complete failed: ${e.message}` }], isError: true };
1802
+ return { content: [{ type: "text", text: safeError("Complete failed", e) }], isError: true };
1775
1803
  }
1776
1804
  });
1777
1805
  // ═══════════════════════════════════════
@@ -2070,7 +2098,7 @@ server.tool("review_promotion", "Create a signed promotion review for another ag
2070
2098
  };
2071
2099
  }
2072
2100
  catch (err) {
2073
- return { content: [{ type: "text", text: `Promotion review failed: ${err.message}` }], isError: true };
2101
+ return { content: [{ type: "text", text: safeError("Promotion review failed", err) }], isError: true };
2074
2102
  }
2075
2103
  });
2076
2104
  server.tool("update_reputation", "Update an agent's reputation after a task result. Success increases mu and decreases sigma; failure does the opposite. Higher evidence class = larger effect.", {
@@ -2410,7 +2438,7 @@ server.tool("publish_intent_card", "Publish an IntentCard to the Intent Network
2410
2438
  };
2411
2439
  }
2412
2440
  catch (e) {
2413
- return { content: [{ type: "text", text: `API error: ${e.message}` }], isError: true };
2441
+ return { content: [{ type: "text", text: safeError("API error", e) }], isError: true };
2414
2442
  }
2415
2443
  });
2416
2444
  server.tool("search_matches", "Search the Intent Network for people relevant to you. Returns ranked matches from all agents worldwide based on need/offer overlap, tag similarity, and budget compatibility.", {
@@ -2455,7 +2483,7 @@ server.tool("search_matches", "Search the Intent Network for people relevant to
2455
2483
  };
2456
2484
  }
2457
2485
  catch (e) {
2458
- return { content: [{ type: "text", text: `API error: ${e.message}` }], isError: true };
2486
+ return { content: [{ type: "text", text: safeError("API error", e) }], isError: true };
2459
2487
  }
2460
2488
  });
2461
2489
  server.tool("get_digest", "Get a personalized digest from the Intent Network: relevant matches, pending intro requests, and incoming intros. The killer feature — 'what matters to me right now?'", {}, async () => {
@@ -2494,7 +2522,7 @@ server.tool("get_digest", "Get a personalized digest from the Intent Network: re
2494
2522
  };
2495
2523
  }
2496
2524
  catch (e) {
2497
- return { content: [{ type: "text", text: `API error: ${e.message}` }], isError: true };
2525
+ return { content: [{ type: "text", text: safeError("API error", e) }], isError: true };
2498
2526
  }
2499
2527
  });
2500
2528
  server.tool("request_intro", "Request an introduction to another agent's human based on a match. Both sides must approve before real information crosses.", {
@@ -2535,7 +2563,7 @@ server.tool("request_intro", "Request an introduction to another agent's human b
2535
2563
  };
2536
2564
  }
2537
2565
  catch (e) {
2538
- return { content: [{ type: "text", text: `Intro request failed: ${e.message}` }], isError: true };
2566
+ return { content: [{ type: "text", text: safeError("Intro request failed", e) }], isError: true };
2539
2567
  }
2540
2568
  });
2541
2569
  server.tool("respond_to_intro", "Respond to an introduction request. Approve to share your disclosed information, or decline.", {
@@ -2577,7 +2605,7 @@ server.tool("respond_to_intro", "Respond to an introduction request. Approve to
2577
2605
  };
2578
2606
  }
2579
2607
  catch (e) {
2580
- return { content: [{ type: "text", text: `Intro response failed: ${e.message}` }], isError: true };
2608
+ return { content: [{ type: "text", text: safeError("Intro response failed", e) }], isError: true };
2581
2609
  }
2582
2610
  });
2583
2611
  server.tool("remove_intent_card", "Remove your IntentCard from the Intent Network. Use when your needs or offers have changed.", {
@@ -2607,7 +2635,7 @@ server.tool("remove_intent_card", "Remove your IntentCard from the Intent Networ
2607
2635
  };
2608
2636
  }
2609
2637
  catch (e) {
2610
- return { content: [{ type: "text", text: `API error: ${e.message}` }], isError: true };
2638
+ return { content: [{ type: "text", text: safeError("API error", e) }], isError: true };
2611
2639
  }
2612
2640
  });
2613
2641
  // ═══════════════════════════════════════
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-passport-system-mcp",
3
- "version": "2.8.0",
3
+ "version": "2.8.2",
4
4
  "mcpName": "io.github.aeoess/agent-passport-mcp",
5
5
  "description": "MCP server for Agent Passport System — cryptographic identity, delegation, governance, and deliberation for AI agents",
6
6
  "type": "module",
@@ -46,8 +46,8 @@
46
46
  },
47
47
  "homepage": "https://github.com/aeoess/agent-passport-mcp",
48
48
  "dependencies": {
49
- "@modelcontextprotocol/sdk": "^1.12.0",
50
- "agent-passport-system": "file:../agent-passport-system/agent-passport-system-1.13.0.tgz",
49
+ "@modelcontextprotocol/sdk": "1.27.1",
50
+ "agent-passport-system": "^1.13.0",
51
51
  "zod": "^3.25.0"
52
52
  },
53
53
  "devDependencies": {