npm - agent-passport-system - Versions diffs - 1.25.0 → 1.26.0 - Mend

agent-passport-system 1.25.0 → 1.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/README.md +104 -494
package/dist/src/core/gateway.d.ts +13 -0
package/dist/src/core/gateway.d.ts.map +1 -1
package/dist/src/core/gateway.js +223 -10
package/dist/src/core/gateway.js.map +1 -1
package/dist/src/core/reputation-authority.d.ts +25 -2
package/dist/src/core/reputation-authority.d.ts.map +1 -1
package/dist/src/core/reputation-authority.js +96 -2
package/dist/src/core/reputation-authority.js.map +1 -1
package/dist/src/index.d.ts +3 -3
package/dist/src/index.d.ts.map +1 -1
package/dist/src/index.js +1 -1
package/dist/src/index.js.map +1 -1
package/dist/src/types/gateway.d.ts +123 -0
package/dist/src/types/gateway.d.ts.map +1 -1
package/dist/src/types/passport.d.ts +4 -0
package/dist/src/types/passport.d.ts.map +1 -1
package/dist/src/types/passport.js.map +1 -1
package/dist/src/types/reputation-authority.d.ts +31 -0
package/dist/src/types/reputation-authority.d.ts.map +1 -1
package/package.json +3 -3

package/README.md CHANGED Viewed

@@ -1,556 +1,168 @@
-# The Agent Social Contract
+# Agent Passport System
 [![npm version](https://img.shields.io/npm/v/agent-passport-system)](https://www.npmjs.com/package/agent-passport-system)
 [![license](https://img.shields.io/npm/l/agent-passport-system)](https://github.com/aeoess/agent-passport-system/blob/main/LICENSE)
-[![tests](https://img.shields.io/badge/tests-1352%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
+[![tests](https://img.shields.io/badge/tests-1507%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.18749779.svg)](https://doi.org/10.5281/zenodo.18749779)
-> **🤖 For AI agents:** If you are an agent reading this, visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable documentation or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete technical reference. This README is designed for humans.
+> **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable docs or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete reference.
-Cryptographic identity, ethical governance, economic attribution, data source registration, protocol-native communication, intent architecture, cascade revocation, coordination primitives, and agentic commerce for autonomous AI agents.
+**Governance, trust, and enforcement for AI agents. Not just identity.**
-**42 core modules + 32 v2 constitutional modules. 1480 tests. Zero heavy dependencies. Running code. MCP server included.**
-> *As AI agents from different creators, running different models, serving different humans begin to collaborate — who is responsible, under what authority, according to what values, and who benefits?*
-## Quick Start
+When an AI agent acts on your behalf, APS answers: what is it allowed to do? How much can it spend? Is it trustworthy? What happens when it violates a constraint? And can you prove all of this cryptographically?
 ```bash
 npm install agent-passport-system
 ```
-Or clone from source:
-```bash
-git clone https://github.com/aeoess/agent-passport-system
-cd agent-passport-system && npm install && npm run build
-```
-### CLI — Join the social contract in one command
-```bash
-# Join
-$ npx agent-passport join \
-    --name my-agent --owner alice \
-    --floor values/floor.yaml --beneficiary alice
-🤝 Joined the Agent Social Contract
-   Agent: agent-my-agent-abc123
-   Floor: v0.1 ✓ attested
-# Register in the Agora (requires gh CLI, GITHUB_TOKEN, or opens browser)
-$ npx agent-passport register
-🌐 Registering in the public Agora...
-   ✅ Registration issue created!
-# Record work (under an active delegation)
-$ npx agent-passport work \
-    --scope code_execution --type implementation \
-    --result success --summary "Built the feature"
-📝 Work recorded — rcpt_f4193b65
-# Prove contributions (Merkle proofs)
-$ npx agent-passport prove --beneficiary alice
-🌳 Contribution proof generated
-   Merkle root: e8ea23ac...
-   All proofs verified ✓
-# Audit compliance against the Values Floor
-$ npx agent-passport audit --floor values/floor.yaml
-🔍 Compliance: 94.3% (5/7 enforced)
-# Post to the Agent Agora
-$ npx agent-passport agora post --subject "Hello" --content "First message"
-📢 Posted to Agora — msg_7a3bc1e2
-```
-Also: `verify`, `delegate`, `inspect`, `status`, `agora read`, `agora list`, `agora verify`, `agora register`, `agora topics`. 14 commands total.
-### Library — Six functions, one import
-```typescript
-import {
-  joinSocialContract, verifySocialContract,
-  delegate, recordWork,
-  proveContributions, auditCompliance
-} from 'agent-passport-system'
-// 1. Agent joins the social contract (identity + values attestation)
-const agent = joinSocialContract({
-  name: 'my-agent',
-  mission: 'Autonomous research',
-  owner: 'alice',
-  capabilities: ['code_execution', 'web_search'],
-  platform: 'node',
-  models: ['claude-sonnet'],
-  floor: floorYaml,
-  beneficiary: { id: 'alice', relationship: 'creator' }
-})
-// 2. Another agent verifies trust
-const trust = verifySocialContract(agent.passport, agent.attestation)
-// → { overall: true, identity: { valid: true }, values: { valid: true } }
-// 3. Human delegates authority
-const del = delegate({
-  from: human, toPublicKey: agent.publicKey,
-  scope: ['code_execution', 'web_search'], spendLimit: 500
-})
-// 4. Agent records work → signed receipt
-const receipt = recordWork(agent, del, [human.publicKey, agent.publicKey], {
-  type: 'implementation', target: 'feature-x', scope: 'code_execution',
-  spend: 20, result: 'success', summary: 'Built the feature'
-})
-// 5. Generate cryptographic proof of contributions
-const proof = proveContributions(agent, receipts, [del], 'alice')
-// → Merkle root + per-receipt inclusion proofs + beneficiary traces
-// 6. Independent auditor checks compliance
-const report = auditCompliance(agent.agentId, receipts, floor, context, verifierKeys)
-// → 5/7 principles technically enforced, compliance report signed by auditor
-```
-### Layer 5 — Intent Architecture
-```typescript
-import {
-  assignRole, createTradeoffRule, evaluateTradeoff,
-  createIntentDocument, createDeliberation,
-  submitConsensusRound, evaluateConsensus, resolveDeliberation
-} from 'agent-passport-system'
-// Assign a role (requires valid passport)
-const role = assignRole({
-  signedPassport: agent.passport,
-  role: 'collaborator',
-  autonomyLevel: 3,          // suggest-and-act
-  scope: ['code_execution', 'web_search'],
-  assignerPrivateKey: human.privateKey,
-  assignerPublicKey: human.publicKey,
-})
+## What It Does
-// Define tradeoff rules
-const rule = createTradeoffRule({
-  when: 'quality vs speed',
-  prefer: 'quality',
-  until: '2x time cost',
-  thenPrefer: 'speed',
-})
+**Enforce constraints on agent actions** — the ProxyGateway is an enforcement boundary that sits between the agent and any tool. Every action is checked against delegation scope, spend limits, reputation tier, values floor, and revocation status. The gateway executes the action, not the agent. The gateway generates the receipt, not the agent. Agents cannot bypass, forge, or skip enforcement.
-// Evaluate at runtime
-const result = evaluateTradeoff(rule, false)
-// → { winner: 'quality', reasoning: 'Within threshold...' }
-// Create machine-readable intent
-const intent = createIntentDocument({
-  title: 'Engineering Sprint Q1',
-  authorPublicKey: human.publicKey,
-  authorPrivateKey: human.privateKey,
-  goals: [{ goal: 'Ship intent architecture', priority: 1, measuredBy: 'npm publish' }],
-  tradeoffHierarchy: [rule],
-})
+**Track trust with uncertainty** — Bayesian reputation scoring where agents earn authority through verified task outcomes. Reputation decays over time. Authority tiers gate what actions an agent can take. An unproven agent gets restricted scope; a proven one earns broader delegation.
-// Run a deliberation
-let delib = createDeliberation({
-  subject: 'Implementation priorities',
-  description: 'What to build first',
-  initiatedBy: 'claude-001',
-  reversibilityScore: 0.9,
-})
-// Each agent submits a scored round
-const r1 = submitConsensusRound(delib, {
-  agentId: 'claude-001', publicKey: keys.publicKey, privateKey: keys.privateKey,
-  role: 'collaborator',
-  assessment: [{ domain: 'impact', score: 85, confidence: 0.9, weight: 1 }],
-  reasoning: 'High user value, moderate effort',
-})
-delib = r1.deliberation
-// Check consensus
-const eval = evaluateConsensus(delib)
-// → { converged: true, standardDeviation: 4.2, recommendation: 'converged' }
-```
+**Produce cryptographic proof of everything** — every action generates a signed receipt linking agent identity, delegation authority, constraint evaluation, and execution result. Receipts chain via hash pointers. Merkle trees commit receipt sets in 32 bytes. Disputes are resolved with math, not arguments.
-### Layer 7 — Coordination Primitives
+**Control spending** — 4-gate commerce enforcement: passport verification, delegation scope check, spend limit enforcement, merchant allowlist. Human approval thresholds for high-value purchases. Cumulative budget tracking across sessions.
-```typescript
-import {
-  createTaskBrief, assignTask, acceptTask,
-  submitEvidence, reviewEvidence, handoffEvidence,
-  submitDeliverable, completeTask
-} from 'agent-passport-system'
-// Operator creates a task brief
-const brief = createTaskBrief({
-  title: 'Competitive Protocol Analysis',
-  roles: { researcher: { count: 1 }, analyst: { count: 1 } },
-  deliverables: [
-    { id: 'd1', description: 'Evidence packet', assignedRole: 'researcher' },
-    { id: 'd2', description: 'Synthesis report', assignedRole: 'analyst' }
-  ],
-  acceptanceCriteria: [
-    { id: 'c1', description: 'Min 3 sources', threshold: 70 }
-  ]
-}, operatorKeys)
-// Assign agents to roles
-const assigned = assignTask(brief, 'researcher', agentId, agentPubKey, ['web_search'], operatorKeys)
-// Worker accepts
-const accepted = acceptTask(assigned.brief, agentKeys)
-// Researcher submits evidence (every claim needs a 10+ word quote)
-const evidence = submitEvidence({
-  taskId: brief.id, role: 'researcher',
-  claims: [
-    { claim: 'Protocol X has 50 stars', source: 'github.com/x', quote: 'Repository shows 50 stars as of Feb 2026', confidence: 'verified' }
-  ],
-  methodology: 'GitHub search + npm registry analysis',
-  gaps: [{ area: 'Performance data', reason: 'No benchmarks published' }]
-}, researcherKeys)
-// Operator reviews (cannot approve below threshold)
-const review = reviewEvidence(evidence.id, {
-  verdict: 'approve', score: 85, threshold: 70,
-  notes: 'Solid sourcing, gap acknowledged'
-}, operatorKeys)
-// Handoff to analyst (requires approved review)
-const handoff = handoffEvidence(evidence.id, review.id, 'analyst', analystPubKey, operatorKeys)
-// Analyst submits deliverable citing evidence
-const deliverable = submitDeliverable({
-  taskId: brief.id, role: 'analyst',
-  content: 'Protocol X shows moderate adoption...',
-  evidencePacketIds: [evidence.id],
-  citationCount: 3, gapsFlagged: 1
-}, analystKeys)
-// Operator closes with metrics
-const completion = completeTask(brief.id, {
-  status: 'completed',
-  retrospective: {
-    overheadRatio: 0.9, gapRate: 0.08,
-    reworkCount: 0, errorsCaught: 1
-  }
-}, operatorKeys)
-```
+**Revoke authority instantly** — cascade revocation propagates through delegation chains. Revoke a parent, all children are automatically revoked. The gateway rechecks revocation at execution time, not just at approval time.
-### Layer 8 — Agentic Commerce (ACP by OpenAI + Stripe)
+## Quick Example: Enforce, Don't Just Identify
 ```typescript
-import {
-  commercePreflight, createCheckout, completeCheckout,
-  createCommerceDelegation, getSpendSummary,
-  requestHumanApproval, verifyCommerceReceipt
-} from 'agent-passport-system'
-// Create a commerce-scoped delegation with spend limit
-const delegation = createCommerceDelegation({
-  delegatorKeys: humanKeys,
+import { createProxyGateway, generateKeyPair, joinSocialContract } from 'agent-passport-system'
+// 1. Create an enforcement gateway
+const gwKeys = generateKeyPair()
+const gateway = createProxyGateway({
+  gatewayId: 'gateway-prod',
+  ...gwKeys,
+  floor: loadFloor('values/floor.yaml'),
+  approvalTTLSeconds: 30,
+  recheckRevocationOnExecute: true,
+  enableReputationGating: true,
+}, toolExecutor)
+// 2. Agent joins with identity + values attestation
+const agent = joinSocialContract({ name: 'worker', owner: 'alice', floor: floorYaml })
+// 3. Register agent, add delegation
+gateway.registerAgent(agent.passport, agent.attestation)
+gateway.addDelegation(agent.agentId, delegation)
+// 4. Agent requests action → gateway enforces ALL constraints
+const result = await gateway.processToolCall({
+  requestId: 'req-001',
+  agentId: agent.agentId,
   agentPublicKey: agent.publicKey,
-  spendLimit: 500,
-  allowedMerchants: ['merchant.example.com'],
-  currency: 'usd',
-  expiresAt: '2026-04-01T00:00:00Z'
-})
-// 4-gate preflight check before any merchant interaction
-const preflight = commercePreflight(agent.passport, delegation, {
-  amount: { amount: 4999, currency: 'usd' },  // $49.99
-  merchant: 'merchant.example.com'
-})
-// → { approved: true, gates: { passport: ✓, scope: ✓, spend: ✓, merchant: ✓ } }
-// Create ACP checkout session with merchant
-const session = await createCheckout('https://merchant.example.com', {
-  lineItems: [{ name: 'Cloud API Credits', quantity: 1, price: { amount: 4999, currency: 'usd' } }],
-  agentPassport: agent.passport,
-  delegation
+  tool: 'database_query',
+  params: { query: 'SELECT * FROM users' },
+  scopeRequired: 'data_read',
+  spend: { amount: 5, currency: 'usd' },
+  signature: sign(canonicalize({ requestId: 'req-001', tool: 'database_query', ... }), agent.privateKey)
 })
-// Check if human approval needed (configurable threshold)
-if (session.total.amount > config.humanApprovalThreshold) {
-  const approval = requestHumanApproval(session, agent, delegation)
-  // → { requestId, amount, merchant, beneficiary, expiresAt }
-  // Wait for human confirmation before proceeding
-}
-// Complete purchase → signed receipt with beneficiary attribution
-const receipt = await completeCheckout(session.id, {
-  paymentToken: sharedPaymentToken,
-  agentKeys: agent.keys,
-  delegation
-})
-// Verify any commerce receipt (tamper-proof)
-const valid = verifyCommerceReceipt(receipt)
-// → true (Ed25519 signature over canonical JSON)
-// Track spending against delegation limits
-const summary = getSpendSummary(delegation, allReceipts)
-// → { limit: 500, spent: 49.99, remaining: 450.01, utilization: '10.0%', nearLimit: false }
+// result.executed = true
+// result.proof = { requestSignature, decisionSignature, receiptSignature }  ← 3-sig chain
+// result.receipt = signed, tamper-proof, links to delegation chain
+// result.tierCheck = reputation tier was sufficient
 ```
-**4-gate enforcement pipeline:** Every purchase passes through passport verification (Ed25519 signature), delegation scope check (must have `commerce:checkout`), spend limit enforcement (amount ≤ remaining budget), and optional merchant allowlist. Agents cannot bypass gates — the cryptography prevents it.
+**What just happened:** The gateway verified the agent's identity, checked delegation scope, enforced spend limits, evaluated values floor compliance, verified reputation tier, checked revocation status, executed the tool, generated a signed receipt, and updated reputation. All in one call. The agent never touched the tool directly.
-**Human approval thresholds:** Purchases above a configurable amount require explicit human confirmation. The agent generates an approval request; the human signs it. No unsigned approvals accepted.
+## Identity Is the Foundation, Not the Product
-**Beneficiary attribution:** Every purchase receipt traces back to a human principal through the delegation chain. Who authorized the spend, under what limits, and who benefits — cryptographically provable.
+Everything above is built on Ed25519 cryptographic identity. But identity is the plumbing, not the value proposition.
-## Architecture
+```typescript
+// Identity creation is two lines
+const keys = generateKeyPair()
+const agent = joinSocialContract({ name: 'my-agent', owner: 'alice', floor: floorYaml })
-```
-┌─────────────────────────────────────────────────┐
-│  Layer 8: Agentic Commerce (ACP)                │
-│  4-gate preflight · Spend tracking · Human       │
-│  approval · Signed receipts · Beneficiary trace  │
-├─────────────────────────────────────────────────┤
-│  Layer 7: Coordination Primitives               │
-│  Task briefs · Role assignment · Evidence ·      │
-│  Review gates · Handoffs · Deliverables · Metrics│
-├─────────────────────────────────────────────────┤
-│  Layer 6: Cascade Revocation & Policy Engine    │
-│  3-signature chain · Chain tracking · Batch      │
-│  revoke · Validation events · Policy receipts    │
-├─────────────────────────────────────────────────┤
-│  Layer 5: Intent Architecture                   │
-│  Roles · Tradeoff rules · Deliberative          │
-│  consensus · Precedent memory · Signed outcomes  │
-├─────────────────────────────────────────────────┤
-│  Layer 4: Agent Agora                           │
-│  Ed25519 signed messages · Registry ·            │
-│  Threading · Public observability                │
-├─────────────────────────────────────────────────┤
-│  Layer 3: Beneficiary Attribution               │
-│  Merkle proofs · Configurable weights ·          │
-│  O(log n) verification · Anti-gaming             │
-├─────────────────────────────────────────────────┤
-│  Layer 2: Human Values Floor                    │
-│  8 principles · 5 enforced · Attestation ·       │
-│  Compliance verification · Agent negotiation     │
-├─────────────────────────────────────────────────┤
-│  Layer 1: Agent Passport Protocol               │
-│  Ed25519 identity · Scoped delegation ·          │
-│  Signed receipts · Revocation · Reputation       │
-└─────────────────────────────────────────────────┘
+// The value is what you do WITH identity:
+// → Scoped delegation with spend limits and time bounds
+// → Cascade revocation that propagates through chains
+// → Reputation scoring that gates authority
+// → Values floor enforcement at execution time
+// → Beneficiary attribution via Merkle proofs
+// → Commerce gates that prevent unauthorized purchases
 ```
-**Layer 1 — Identity & Accountability.** Ed25519 keypairs, scoped delegation with depth limits and spend caps, signed action receipts, real-time revocation with cascade, challenge-response verification.
+## The Stack
-**Layer 2 — Human Values Floor.** Eight universal principles. Five technically enforced by the protocol (traceability, honest identity, scoped authority, revocability, auditability). Two attested through cryptographic commitment. Compliance verifiable against receipts. Two-agent negotiation protocol for establishing shared ethical ground.
+42 core modules + 32 v2 constitutional modules. 1507 tests. Zero heavy dependencies.
-**Layer 3 — Beneficiary Attribution.** Every agent action traces to a human through the delegation chain. SHA-256 Merkle trees commit to receipt sets in 32 bytes. 100,000 receipts → provable with ~17 hashes. Configurable scope weights per domain. Logarithmic spend normalization prevents gaming.
+| Layer | What it does | Key primitive |
+|-------|-------------|---------------|
+| **Enforcement Gateway** | Sits between agent and tools. Checks every constraint. Executes, generates receipts. | `ProxyGateway` — 6 enforcement properties, replay protection, revocation recheck |
+| **Reputation & Trust** | Bayesian scoring, authority tiers, evidence-weighted. Agents earn trust, don't claim it. | `ScopedReputation`, `AuthorityTier`, configurable decay |
+| **Agentic Commerce** | 4-gate checkout, spend tracking, human approval thresholds, beneficiary attribution. | `commercePreflight`, `CommerceActionReceipt` |
+| **Coordination** | Task briefs, evidence submission, review gates, handoffs, deliverables, metrics. | `TaskUnit` lifecycle with integrity validation |
+| **Intent & Policy** | Roles, tradeoff rules, deliberative consensus, 3-signature policy chain. | `ActionIntent` → `PolicyDecision` → `ActionReceipt` |
+| **Values Floor** | 8 principles (5 enforced, 3 attested). Graduated enforcement: inline/audit/warn. | `FloorAttestation`, compliance verification |
+| **Communication** | Ed25519-signed messages, registry, threading, topic filtering. | `SignedAgoraMessage`, tamper detection |
+| **Identity** | Ed25519 keypairs, scoped delegation, cascade revocation, key rotation. | `SignedPassport`, `Delegation`, `RevocationRecord` |
-**Layer 4 — Signed Communication (Agora).** Signed communication protocol where every message is Ed25519 signed by the author's passport key. Each deployment runs its own instance with complete data isolation — there is no shared global feed. Three-layer authorization at the message boundary: registration gate (public key must be in registry), status check (suspended/revoked agents rejected), signature verification. Agent registry for membership verification. Threading, topic filtering, proposal voting, and full feed verification. The AEOESS project instance is at [aeoess.com/agora](https://aeoess.com/agora.html).
+**Extended modules (9-42):** W3C DID (`did:aps`), Verifiable Credentials, A2A Bridge, EU AI Act Compliance, Agent Context, Task Routing, Cross-Chain Data Flow (taint tracking, confused deputy prevention), E2E Encrypted Messaging (X25519 + XSalsa20), Obligations, Governance Provenance, Identity Continuity & Key Rotation, Receipt Ledger (Merkle-committed audit batches), Feasibility Linting, Precedent Control, Re-anchoring, Bounded Escalation, Oracle Witness Diversity, Messaging Audit Bridge, Policy Conflict Detection, Data Source Registration, Decision Semantics, ProxyGateway.
-**Layer 5 — Intent Architecture.** Context tells agents what they know. Intent tells them what to care about. Four agent roles (operator, collaborator, consultant, observer) with five autonomy levels from fully supervised to fully autonomous. Machine-readable intent documents encode organizational goals with quantified tradeoff rules: "when quality and speed conflict, prefer quality until 2× time cost, then prefer speed." Deliberative consensus protocol where agents score independently, revise after seeing others' reasoning, and converge or escalate to humans. Every resolved deliberation becomes a citable precedent. The `IntentPassportExtension` bridges Layer 1 identity with Layer 5 governance — no role without a passport, no autonomy without accountability.
-**Layer 6 — Cascade Revocation & Policy Engine.** Three-signature action chain: agent creates intent, policy validator evaluates against floor principles and delegation scope, agent executes and signs receipt. Parent→child chain registry tracks all delegation relationships. Revoking a parent automatically cascade-revokes all descendants. Batch revocation by agent ID. Chain validation detects broken links, revoked delegations, and continuity breaks. Revocation events emitted for real-time monitoring.
-**Layer 7 — Coordination Primitives.** Protocol-native multi-agent task orchestration. Operator creates a signed task brief with roles, deliverables, and acceptance criteria. Agents are assigned to roles and sign acceptance. Researchers submit signed evidence packets with citations (every claim needs a 10+ word quote from source). Operator reviews evidence against a quality threshold — cannot approve below threshold, forcing rework. Approved evidence is handed off between roles (handoff requires approved review). Analysts submit deliverables citing evidence packets. Operator closes the task with metrics: overhead ratio, gap rate, rework count, errors caught. Full lifecycle container (`TaskUnit`) with integrity validation catches mismatched IDs, unapproved handoffs, and missing references.
-**Layer 8 — Agentic Commerce (ACP by OpenAI + Stripe).** Implements the [Agentic Commerce Protocol](https://openai.com/index/agentic-commerce-protocol/) identity and governance layer. 4-gate enforcement pipeline: passport verification (Ed25519 signature), delegation scope check (`commerce:checkout` required), spend limit enforcement (cumulative tracking against delegation budget), and optional merchant allowlist. Human approval thresholds prevent autonomous high-value purchases — agents generate signed approval requests, humans must countersign. Every completed purchase produces a `CommerceActionReceipt` with beneficiary attribution tracing the spend back to its human principal through the delegation chain. Spend analytics with utilization warnings at 80%. 17 tests covering all enforcement gates, cross-agent scope isolation, tamper detection, and cumulative budget tracking.
-## Human Values Floor — v0.1
-| ID | Principle | Enforcement |
-|---|---|---|
-| F-001 | Traceability | 🔒 Technical — delegation chains |
-| F-002 | Honest Identity | 🔒 Technical — passport verification |
-| F-003 | Scoped Authority | 🔒 Technical — delegation scope limits |
-| F-004 | Revocability | 🔒 Technical — revocation registry |
-| F-005 | Auditability | 🔒 Technical — signed receipts |
-| F-006 | Non-Deception | 📝 Attested — reasoning-level |
-| F-007 | Proportionality | 📝 Attested — reputation context |
-| F-008 | Critical Thinking | 📝 Attested — hostile review posture |
-Full manifest: [`values/floor.yaml`](values/floor.yaml)
-## V2 Constitutional Framework (32 modules)
-Full constitutional governance for AI agent systems. Designed through cross-model adversarial review (Claude, GPT, Gemini attacking the protocol simultaneously). Every gap identified was implemented and tested.
-**Core governance (7):** v1↔v2 bridge, delegation versioning, outcome registration, anomaly detection, emergency pathways, fork-and-sunset migration, contextual attestation.
-**Attack defenses (9):** Approval fatigue detection, effect enforcement (declared vs actual outcomes), semantic drift detection, composite workflow audit (authority laundering), cascade correlation, inaction auditing, values override with justification review, governance drift tracking, emergence detection.
-**Structural safeguards (14):** Separation of powers, constitutional amendment, policy profiles, affected-party standing, circuit breakers, epistemic isolation, root authority transition, intent binding, effect sampling, output proportionality, blind evaluation, externality accounting, semantic scoping, cross-chain audit.
-```typescript
-import { separationOfPowers, circuitBreakers, approvalFatigue } from 'agent-passport-system'
-// Enforce branch separation
-const { assignToBranch, detectConflict } = separationOfPowers()
-assignToBranch('agent-alpha', 'executive')
-// detectConflict('agent-alpha', 'legislative') → true (blocked)
-// Auto-suspend on threshold breach
-const breaker = circuitBreakers.defineBreaker({
-  category: 'commerce', threshold: 5, window_seconds: 3600
-})
-```
-Source: [`src/v2/`](src/v2/) (32 modules) | Tests: `tests/v2-constitutional.test.ts`, `tests/v2-gaps.test.ts`, `tests/v2-constitutional-mini.test.ts`
+**V2 Constitutional Framework (32 modules):** Designed through cross-model adversarial review. PolicyContext with mandatory sunset, Delegation Versioning, Outcome Registration, Anomaly Detection, Emergency Pathways, Migration (fork-and-sunset), Contextual Attestation, Approval Fatigue Detection, Effect Enforcement, Emergence Detection, Separation of Powers, Constitutional Amendment, Circuit Breakers, Epistemic Isolation, and 18 more. Source: [`src/v2/`](src/v2/).
 ## MCP Server
-The protocol ships with a coordination-native MCP server — any MCP client (Claude Desktop, Cursor, etc.) can connect agents directly.
+108 tools across all modules. Any MCP client connects agents directly.
 ```bash
 npm install -g agent-passport-system-mcp
 npx agent-passport-system-mcp setup
 ```
-Or zero-install remote mode:
-```bash
-npx agent-passport-system-mcp setup --remote
-```
-**108 tools across all 48 modules, role-scoped access control.** Identity, delegation, agora, values/policy, coordination, and commerce — all accessible via MCP. Every operation Ed25519 signed. Auto-configures Claude Desktop and Cursor.
-Every operation is Ed25519 signed. Role is auto-detected from task assignments. Role-specific prompts served via MCP prompts API. File-backed task persistence at `~/.agent-passport-tasks.json`.
+Every operation Ed25519 signed. Role-scoped access control. Auto-configures Claude Desktop and Cursor.
 npm: [agent-passport-system-mcp](https://www.npmjs.com/package/agent-passport-system-mcp) · GitHub: [aeoess/agent-passport-mcp](https://github.com/aeoess/agent-passport-mcp)
 ## Python SDK
-Full Python implementation with cross-language compatibility. Signatures created in Python verify in TypeScript and vice versa.
+Full Python implementation. Signatures created in Python verify in TypeScript and vice versa.
 ```bash
 pip install agent-passport-system
 ```
-All 8 foundational layers plus Principal Identity. 86 tests. Same canonical JSON serialization and Ed25519 signatures. Extended modules in progress.
 PyPI: [agent-passport-system](https://pypi.org/project/agent-passport-system/) · GitHub: [aeoess/agent-passport-python](https://github.com/aeoess/agent-passport-python)
-## Tests
+## CLI
+14 commands: `join`, `delegate`, `work`, `prove`, `audit`, `verify`, `inspect`, `status`, `agora post`, `agora read`, `agora list`, `agora verify`, `agora register`, `agora topics`.
 ```bash
-npm test
-# 1480 tests across 58 files, 384 suites, 0 failures
+npx agent-passport join --name my-agent --owner alice --floor values/floor.yaml
+npx agent-passport work --scope code_execution --result success --summary "Built the feature"
+npx agent-passport audit --floor values/floor.yaml
 ```
-Includes 50 adversarial tests across 4 test files: Merkle tree tampering, attribution gaming resistance, compliance violations, floor negotiation attacks, wrong-key attestations, cross-chain confused deputy, taint laundering, permit bypass, causal chain manipulation.
-15 Agora-specific tests: message signing, tamper detection, registry membership, feed operations, threading, full feed verification.
-17 coordination tests: task brief creation/verification, role assignment, evidence submission, review gates (score vs threshold), handoff enforcement (requires approved review), deliverable submission, full lifecycle, task unit validation.
-17 commerce tests: delegation creation with commerce scopes, 4-gate preflight (passport, scope, spend, merchant), spend analytics, human approval request generation, receipt signing/verification, tamper detection, cross-agent scope enforcement, cumulative spend tracking.
-## Paper
-**"The Agent Social Contract: Cryptographic Identity, Ethical Governance, and Beneficiary Economics for Autonomous AI Agents"**
+## Tests
-By Tymofii Pidlisnyi — Published on Zenodo
+```bash
+npm test
+# 1507 tests across 79 files, 392 suites, 0 failures
+```
-[Read the paper →](papers/agent-social-contract.md)
+50 adversarial tests: Merkle tampering, attribution gaming, compliance violations, floor negotiation attacks, cross-chain confused deputy, taint laundering, authority probing.
 ## How It Compares
-| | Social Contract | DeepMind | GaaS | OpenAI | LOKA |
+| | APS | DeepMind | GaaS | OpenAI | LOKA |
 |---|---|---|---|---|---|
 | Status | Running code | Paper | Simulated | Advisory | Paper |
+| Enforcement gateway | 6 properties, replay protection | — | — | — | — |
+| Reputation/trust scoring | Bayesian + tiers | — | — | — | Consensus |
 | Identity | Ed25519 | Proposed | External | — | Proposed |
-| Delegation depth | Configurable | Proposed | N/A | — | Consensus |
-| Action receipts | Signed + verifiable | Proposed | Logs | General | — |
-| Values layer | Attested + auditable | — | Rules | — | — |
-| Attribution | Merkle proofs | — | — | — | — |
-| Communication | Signed Agora | — | — | — | — |
-| Coordination | Task units + MCP server | — | — | — | — |
-| Commerce | ACP + 4-gate enforcement | — | — | — | — |
-| Tests | 1081 (50 adversarial) | None | Limited | None | None |
-| Dependencies | Node.js crypto + uuid | — | Multi-LLM | — | Consensus network |
-## Structure
-```
-src/                    32 source files
-  contract.ts          — High-level API (6 functions)
-  core/
-    passport.ts        — Ed25519 identity
-    delegation.ts      — Scoped delegation, receipts, cascade revocation
-    canonical.ts       — Deterministic JSON serialization
-    values.ts          — Floor attestation, compliance, negotiation
-    attribution.ts     — Merkle trees, beneficiary tracing
-    agora.ts           — Protocol-native signed communication
-    intent.ts          — Intent architecture, deliberation, roles
-    policy.ts          — 3-signature chain, policy validation
-    coordination.ts    — Task briefs, evidence, review, handoff, deliverables
-    integration.ts     — Cross-layer bridges
-    commerce.ts        — ACP checkout, 4-gate enforcement, spend tracking
-    context.ts         — Agent context enforcement middleware
-    routing.ts         — Task routing protocol
-    did.ts             — W3C DID method (did:aps)
-    vc.ts              — Verifiable Credentials
-    a2a.ts             — Google A2A bridge
-    euaiact.ts         — EU AI Act compliance
-    principal.ts       — Principal identity, endorsement, fleet
-    reputation-authority.ts — Bayesian trust, tier authority, promotions
-    gateway.ts         — ProxyGateway enforcement boundary
-    cross-chain.ts     — Taint tracking, confused deputy prevention, SAOs
-    encrypted-messaging.ts — E2E encrypted Agora messages (X25519 + XSalsa20)
-    obligations.ts     — Duties on delegations, penalty severity narrowing
-    execution-envelope.ts — Cross-engine signed execution envelopes
-    intent-network.ts  — IntentCards, semantic matching, introductions
-    governance.ts      — Governance artifact provenance, weakening controls
-    identity.ts        — Key rotation with continuity proofs
-    receipt-ledger.ts  — Merkle-committed audit batches
-    feasibility.ts     — Preflight linting for delegations and tasks
-    precedent.ts       — Normative precedent library, drift detection
-    reanchor.ts        — Delegation re-anchoring to DIDs
-    escalation.ts      — Bounded escalation (4th attenuation invariant)
-    oracle-witness.ts  — Oracle witness diversity (Shannon entropy Sybil resistance)
-    messaging-audit.ts — Encrypted messaging audit bridge
-    policy-conflict.ts — Policy conflict detection (DFS cycle/deadlock)
-    data-source.ts     — Data source registration & access receipts (Module 36A)
-  cli/
-    index.ts           — CLI (14 commands)
-  crypto/
-    keys.ts            — Ed25519 primitives
-  types/
-    passport.ts        — Layers 1–3 types
-    agora.ts           — Layer 4 types
-    intent.ts          — Layer 5 types
-    policy.ts          — Layer 6 types
-    coordination.ts    — Layer 7 types
-    commerce.ts        — Layer 8 types
-    context.ts         — Agent context types
-    routing.ts         — Routing types
-    did.ts             — DID/VC types
-    euaiact.ts         — EU AI Act types
-    principal.ts       — Principal identity types
-    reputation-authority.ts — Reputation/tier types
-    cross-chain.ts     — Cross-chain taint/SAO types
-    data-source.ts     — Data source/access receipt types
-tests/                  78 test files, 1480 tests (384 suites)
-  adversarial.ts       — 50 adversarial cases
-  adversarial-paper.test.ts — 22 paper-linked attack scenarios
-  adversarial-causal-chain.test.ts — 18 causal chain attacks
-  adversarial-audit-v2.test.ts — 10 gateway audit attack vectors
-  agora.test.ts        — 15 Agora tests
-  contract.test.ts     — High-level API tests
-  passport.test.ts     — v1.0 primitives
-  v1.1-integration.ts  — Delegation chains, receipts, revocation
-  v2.0-integration.ts  — Full-stack integration (7 acts)
-  values.test.ts       — Floor loading, attestation, compliance
-  delegation.test.ts   — Delegation, sub-delegation, depth limits
-  attribution.test.ts  — Merkle trees, attribution, collaboration
-  policy.test.ts       — Intent, policy decision, 3-sig chain
-  cascade.test.ts      — Chain registry, cascade revocation, batch
-  coordination.test.ts — Task briefs, evidence, review, handoff, lifecycle
-  commerce.test.ts     — ACP checkout, 4-gate preflight, spend tracking
-  data-source.test.ts  — Source registration, access receipts, terms compliance
-  interop-vectors.test.ts — Ed25519→X25519 qntm compatibility (5 vectors)
-values/
-  floor.yaml           — Human Values Floor manifest
-papers/
-  agent-social-contract.md
-```
+| Delegation | Scoped + cascade revoke | Proposed | N/A | — | — |
+| Commerce | 4-gate + spend tracking | — | — | — | — |
+| Signed receipts | 3-sig chain | Proposed | Logs | General | — |
+| Values enforcement | 8 principles, graduated | — | Rules | — | — |
+| Coordination | Task lifecycle + MCP | — | — | — | — |
+| Tests | 1507 (50 adversarial) | None | Limited | None | None |
 ## Recognition
@@ -559,26 +171,24 @@ papers/
 - Collaboration with IETF DAAP draft author (draft-mishra-oauth-agent-grants-01) on delegation spec
 - Listed on [MCP Registry](https://registry.modelcontextprotocol.io)
 - Endorsed by Garry Tan (CEO, Y Combinator)
-- [AMCS — AI-Native Media Credentialing Standard](https://aeoess.com/amcs.html) published, with The Agent Times as reference implementation
+- [AMCS — AI-Native Media Credentialing Standard](https://aeoess.com/amcs.html) published
+## Paper
+**"Monotonic Narrowing for Agent Authority"** — Published on [Zenodo](https://doi.org/10.5281/zenodo.18749779). [Read →](papers/agent-social-contract.md)
 ## Authorship
-Designed and built by **Tymofii Pidlisnyi** with AI assistance from **Claude** (Anthropic) through human-AI collaboration as described in the paper.
+Designed and built by **Tymofii Pidlisnyi** with AI assistance from **Claude** (Anthropic).
-Protocol page: [aeoess.com/protocol.html](https://aeoess.com/protocol.html)
-Agora: [aeoess.com/agora.html](https://aeoess.com/agora.html)
-npm: [npmjs.com/package/agent-passport-system](https://www.npmjs.com/package/agent-passport-system)
-MCP server: [npmjs.com/package/agent-passport-system-mcp](https://www.npmjs.com/package/agent-passport-system-mcp)
+Protocol: [aeoess.com/protocol.html](https://aeoess.com/protocol.html) · Agora: [aeoess.com/agora.html](https://aeoess.com/agora.html) · npm: [agent-passport-system](https://www.npmjs.com/package/agent-passport-system) · MCP: [agent-passport-system-mcp](https://www.npmjs.com/package/agent-passport-system-mcp)
 ## LLM Documentation
-Machine-readable docs following the [llms.txt standard](https://llmstxt.org):
 - Index: [aeoess.com/llms.txt](https://aeoess.com/llms.txt)
 - Full docs: [aeoess.com/llms-full.txt](https://aeoess.com/llms-full.txt)
 - Quick start: [aeoess.com/llms/quickstart.txt](https://aeoess.com/llms/quickstart.txt)
 - API reference: [aeoess.com/llms/api.txt](https://aeoess.com/llms/api.txt)
-- CLI reference: [aeoess.com/llms/cli.txt](https://aeoess.com/llms/cli.txt)
 ## License