agentscore-mcp 1.0.3 → 1.0.4

package/README.md

@@ -36,6 +36,22 @@ Built in public from recurring conversations with AI governance teams asking one
 
 ---
 
+## Goal, Audience, and Limits
+
+**Goal:** help teams make safer go/no-go trust decisions before giving agents meaningful access.
+
+**Designed for:**
+- Security and AI governance teams reviewing internal or vendor agents
+- Platform/infra teams deciding agent rollout gates
+- Product and procurement teams comparing candidates with the same rubric
+
+**Important limits (disclaimer):**
+- AgentScore is a decision-support signal, not a compliance certification or legal determination.
+- Scores depend on available data quality; sparse data lowers certainty even if a score is produced.
+- Use it with human review, policy controls, and least-privilege access.
+
+---
+
 ## Install in 10 Seconds
 
 ```bash
@@ -50,6 +66,41 @@ No API keys. No config files. No databases. **Ships with 10 built-in demo agents
 
 ---
 
+## Production Proof (2-Minute Sanity Check)
+
+### 1) Live public profile check (GitHub)
+
+```bash
+export AGENTSCORE_ADAPTER=github
+# optional: export GITHUB_TOKEN=ghp_...   # higher rate limit
+```
+
+Then ask:
+
+`"Score @torvalds on GitHub — can we trust this account?"`
+
+You should get a live investigation generated from public GitHub metadata/content. Exact numbers will vary over time.
+
+### 2) Deterministic local dataset check (JSON)
+
+```bash
+export AGENTSCORE_ADAPTER=json
+export AGENTSCORE_DATA_PATH=./examples/agents.sample.json
+```
+
+Then ask:
+
+`"Investigate @my-bot"`
+
+Expected sample output includes:
+- score around `516/850`
+- tier `Poor`
+- recommendation `CAUTION`
+
+This proves the pipeline works in both live and controlled-data modes.
+
+---
+
 ## What Makes AgentScore Different
 
 `mcp-scan`-style tools answer: **"Is this MCP server vulnerable?"**
@@ -92,7 +143,8 @@ Claude pulls the agent's profile, analyzes posting patterns, checks for spam and
 └─────────────────────────────────────────────────────────────┘
 ```
 
-That's not canned text. Every briefing is generated from real behavioral data. Every score is earned.
+That output is generated per request from adapter data, not pre-written copy.
+In `demo` mode, data is curated for reproducible evaluation; in `github` / `json` / `moltbook`, scores are computed from live or user-provided data.
 
 ---
 
@@ -124,6 +176,20 @@ AgentScore is a standard MCP server over `stdio`. Any MCP client that can launch
 
 Public site note: [`ai-agent-score.vercel.app`](https://ai-agent-score.vercel.app) is currently a public trust index/leaderboard experience. MCP `reportUrl` links are handle-based and resolve when that handle exists in the site index.
 
+### Clean Onboarding (Recommended)
+
+Use a single setup command and verify once:
+
+```bash
+claude mcp add agentscore -- npx -y agentscore-mcp
+```
+
+Then confirm the server is registered in your MCP client and run a single prompt:
+
+`"Investigate @NovaMind — can I trust this agent?"`
+
+Avoid committing generated MCP config files unless you intentionally want team-shared, project-scoped config.
+
 <details>
 <summary><strong>Claude Code</strong> (recommended)</summary>
 
@@ -164,6 +230,31 @@ Settings → MCP → Add Server:
 ```
 </details>
 
+<details>
+<summary><strong>Codex / Generic MCP Clients</strong></summary>
+
+Any client that supports local `stdio` MCP servers can run AgentScore with:
+
+```json
+{
+  "mcpServers": {
+    "agentscore": {
+      "command": "npx",
+      "args": ["-y", "agentscore-mcp"]
+    }
+  }
+}
+```
+
+Team/project-scoped example: [`examples/mcp.project.json`](examples/mcp.project.json)
+</details>
+
+### Troubleshooting Setup Noise
+
+- If `mcp add` appears silent, check the client's MCP server list before retrying.
+- If project scope is required, create/update one config file deliberately (do not auto-generate multiple variants).
+- Do not commit `.mcp.json` unless your team explicitly wants repo-scoped MCP defaults.
+
 ---
 
 ## Scoring System
@@ -322,11 +413,33 @@ Full example: [`examples/custom-adapter.ts`](examples/custom-adapter.ts) · Guid
 ## Architecture
 
 ```mermaid
-flowchart TD
-  A["AI Assistant (Claude, Cursor, etc.)"] -->|"MCP (stdio)"| B["AgentScore MCP Server<br/>tools: agentscore + sweep"]
-  B --> C["Adapter Layer<br/>Demo | GitHub | JSON | Moltbook | custom"]
-  C --> D["Scoring Engine<br/>6 weighted dimensions -> 300-850"]
-  D --> E["Outputs<br/>Narrative briefing + structured JSON + badge URL"]
+flowchart LR
+  subgraph CLIENT["Client Layer"]
+    A["MCP Client (Claude, Cursor, Codex, others)"]
+  end
+
+  subgraph SERVER["AgentScore MCP Server"]
+    B["Tool Router<br/>agentscore + sweep"]
+    C["Adapter Router<br/>demo | github | json | moltbook"]
+    D["Trust Scoring Engine<br/>6 weighted dimensions"]
+    E["Response Builder<br/>briefing + JSON + badge + report URL"]
+  end
+
+  subgraph DATA["Data Sources"]
+    F["Built-in Demo Dataset"]
+    G["GitHub Public API"]
+    H["Local JSON Dataset"]
+    I["Moltbook API"]
+  end
+
+  A -->|"MCP stdio"| B
+  B --> C
+  C --> D
+  D --> E
+  C --> F
+  C --> G
+  C --> H
+  C --> I
 ```
 
 **2 runtime dependencies:** `@modelcontextprotocol/sdk` + `zod`. That's it.
@@ -369,6 +482,7 @@ npm run inspect      # Interactive testing with MCP Inspector
 
 See [`CONTRIBUTING.md`](CONTRIBUTING.md) for PR guidelines and adapter development.
 Release process: [`RELEASING.md`](RELEASING.md)
+Releases are provenance-enabled and support npm trusted publishing via GitHub Actions.
 
 Benchmark details and dataset format: [`benchmarks/README.md`](benchmarks/README.md)
 Launch distribution assets: [`marketing/launch-kit.md`](marketing/launch-kit.md)

package/dist/adapters/demo/adapter.d.ts

@@ -9,7 +9,7 @@
 import type { AgentPlatformAdapter, AgentProfile, AgentContent } from "../types.js";
 export declare class DemoAdapter implements AgentPlatformAdapter {
     readonly name = "demo";
-    readonly version = "1.0.3";
+    readonly version = "1.0.4";
     fetchProfile(handle: string): Promise<AgentProfile | null>;
     fetchContent(handle: string, limit?: number): Promise<AgentContent[]>;
     fetchInteractions(handle: string, limit?: number): Promise<AgentContent[]>;

package/dist/adapters/github/adapter.d.ts

@@ -2,7 +2,7 @@ import type { AgentPlatformAdapter, AgentProfile, AgentContent } from "../types.
 /** GitHub platform adapter — scores any public GitHub account. */
 export declare class GitHubAdapter implements AgentPlatformAdapter {
     readonly name = "github";
-    readonly version = "1.0.3";
+    readonly version = "1.0.4";
     private client;
     constructor();
     fetchProfile(handle: string): Promise<AgentProfile | null>;

package/dist/adapters/json/adapter.d.ts

@@ -23,7 +23,7 @@ import type { AgentPlatformAdapter, AgentProfile, AgentContent } from "../types.
  */
 export declare class JSONAdapter implements AgentPlatformAdapter {
     readonly name = "json";
-    readonly version = "1.0.3";
+    readonly version = "1.0.4";
     private data;
     private loadData;
     fetchProfile(handle: string): Promise<AgentProfile | null>;

package/dist/adapters/moltbook/adapter.d.ts

@@ -2,7 +2,7 @@ import type { AgentPlatformAdapter, AgentProfile, AgentContent } from "../types.
 /** Moltbook platform adapter — the default adapter. */
 export declare class MoltbookAdapter implements AgentPlatformAdapter {
     readonly name = "moltbook";
-    readonly version = "1.0.3";
+    readonly version = "1.0.4";
     private client;
     constructor();
     fetchProfile(handle: string): Promise<AgentProfile | null>;

package/dist/version.d.ts

@@ -1,2 +1,2 @@
-export declare const AGENTSCORE_VERSION = "1.0.3";
+export declare const AGENTSCORE_VERSION = "1.0.4";
 //# sourceMappingURL=version.d.ts.map

package/dist/version.js

@@ -1,2 +1,2 @@
-export const AGENTSCORE_VERSION = "1.0.3";
+export const AGENTSCORE_VERSION = "1.0.4";
 //# sourceMappingURL=version.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentscore-mcp",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "Trust scoring for AI agents. Investigate, verify, and compare agent trustworthiness through MCP.",
   "author": "Tripti Mishra",
   "license": "MIT",
@@ -16,9 +16,13 @@
   ],
   "repository": {
     "type": "git",
-    "url": "https://github.com/tmishra-sp/agentscore-mcp"
+    "url": "git+https://github.com/tmishra-sp/agentscore-mcp.git"
   },
   "homepage": "https://ai-agent-score.vercel.app",
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "type": "module",
   "main": "dist/server.js",
   "bin": {