sm-org-server 0.1.0__tar.gz

sm_org_server-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,21 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      # Same gate as `make ci-local`, so green locally == green in CI.
+      - run: make ci-local

sm_org_server-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,48 @@
+# Publish sm-org-server to PyPI on a version tag, via PyPI Trusted Publishing (OIDC).
+#
+# No API token anywhere: PyPI is told (once, in its web UI) to trust THIS repo +
+# THIS workflow file, and the `id-token: write` permission below lets the job
+# mint a short-lived OIDC token PyPI accepts. See PUBLISHING.md for the one-time
+# setup and the exact values to type into PyPI's "Add a publisher" form.
+#
+# Fires only when a tag like `v0.1.0` is pushed — never on normal commits.
+name: release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    name: Build + publish to PyPI
+    runs-on: ubuntu-latest
+    permissions:
+      # A job-level permissions block REPLACES the workflow-level one (it does not
+      # merge), so contents:read must be restated here or actions/checkout 404s on
+      # its own repo. Both lines are required.
+      contents: read # for actions/checkout
+      id-token: write # REQUIRED for Trusted Publishing — this is what replaces the token.
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Build sdist + wheel
+        run: |
+          python -m pip install --upgrade build
+          python -m build
+
+      - name: Check the built distributions
+        run: |
+          python -m pip install --upgrade twine
+          python -m twine check dist/*
+
+      - name: Publish to PyPI
+        # No `with: password:` — the action uses the OIDC token automatically.
+        uses: pypa/gh-action-pypi-publish@release/v1

sm_org_server-0.1.0/.gitignore

@@ -0,0 +1,20 @@
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+build/
+dist/
+.venv/
+venv/
+
+# Tooling caches
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.coverage
+htmlcov/
+coverage/
+
+# Agent tooling (never commit dev artifacts)
+.claude/
+.DS_Store

sm_org_server-0.1.0/.nanda/arp-conformance.json

@@ -0,0 +1,24 @@
+{
+  "payload": {
+    "schema_version": 1,
+    "runtime": "sm-chapter",
+    "protocol_versions": [
+      "0.1"
+    ],
+    "suite_digest": "sha256:d3610cf5bf09bef6dc49db731a8d93aaf3f553b0df8acf80790d152c8e9dc513",
+    "completed_at": "2026-06-05T02:22:37+00:00",
+    "exit_status": 0,
+    "passed": 22,
+    "failed": 0,
+    "skipped": 0,
+    "xfailed": 0,
+    "xpassed": 0,
+    "total_vectors": 22,
+    "extensions": {
+      "arp.conformance.profile": "receipts-0.1"
+    }
+  },
+  "signed_by": "did:key:z6MkwQGupwBpCHCboDXxjcFtjdoXpxeyZuVTduJtyQiXZkDN",
+  "signed_at": "2026-06-05T02:22:37+00:00",
+  "signature": "olY2Vk5bQY0pHURABL8ie4I+yhb3khmk70WS6ZKFNv8vNs6plgtGdKp865+h0ff7aJfuOudAr1YvEVD61mAtCg=="
+}

sm_org_server-0.1.0/.nanda/conformance.json

@@ -0,0 +1,25 @@
+{
+  "payload": {
+    "schema_version": 1,
+    "runtime": "sm-chapter",
+    "protocol_versions": [
+      "0.3"
+    ],
+    "suite_digest": "sha256:dc16b6a2add91e96b86f569d979ca3b616e94bb17f27d5b35c4337a67587d669",
+    "completed_at": "2026-06-01T22:59:27.506265+00:00",
+    "exit_status": 0,
+    "passed": 61,
+    "failed": 0,
+    "skipped": 2,
+    "xfailed": 0,
+    "xpassed": 0,
+    "total_vectors": 63,
+    "extensions": {
+      "conformance.run.surface": "server",
+      "conformance.server.target": "http://localhost:8099"
+    }
+  },
+  "signed_by": "did:key:z6MkwQGupwBpCHCboDXxjcFtjdoXpxeyZuVTduJtyQiXZkDN",
+  "signed_at": "2026-06-01T22:59:27.506265+00:00",
+  "signature": "5coGdG+w9tW/zRulOyoMJidyt4422ZHGq32sfxWpftIoV4Sn2GUvPQ6GXUn1kIpej7oWrf0exBrzSk+leJwHBg=="
+}

sm_org_server-0.1.0/CHANGELOG.md

@@ -0,0 +1,41 @@
+# Changelog
+
+All notable changes to this project are documented here. The format follows
+[Keep a Changelog](https://keepachangelog.com/), and the project adheres to
+[Semantic Versioning](https://semver.org/).
+
+## [Unreleased]
+
+### Changed
+- **Server rename (Tier 4, brand only — wire frozen).** The package, prose, public symbols, and config now use *server* vocabulary: `ChapterStore` → `ServerStore`, env vars `CHAPTER_*` → `SERVER_*` (legacy `CHAPTER_*` still read as aliases — no deployment breaks), app title `chapter-core` → `sm-org-server`. The **wire is unchanged**: `chapter_id`, the `ROTATE:{chapter_id}:…` canonical signing string, the `"chapter"`/`"chapters"` response keys, routes, and AgentFacts fields are all frozen by the protocol. Conformance stays green.
+
+### Added
+- **ARP Issuer Log.** The server is now ARP-native — it keeps a verifiable log of [Agency Receipt Protocol](https://github.com/Sharathvc23/sm-arp) receipts via the `sm_arp` consumable library:
+  - `POST /api/receipts` — verify (structure → signature → authority → per-issuer hash chain §6.4) and persist a signed receipt; nothing written on failure.
+  - `GET /api/receipts/recent` (with `?principal=` filter) and `GET /api/receipts/{id}`.
+  - A live `receipts` A2UI surface over the log.
+  - Receipt persistence added to the `ServerStore` seam, so it follows the chosen backend (e.g. Postgres), not a side file.
+- **Server self-emission.** Recording feedback also signs a server `attestation_issued` receipt endorsing the member (`issuer=server → counterparty=member`). The server holds its own ARP identity (stable via `SERVER_SEED`, ephemeral otherwise).
+- **Signed ARP conformance badge** at `.nanda/arp-conformance.json`, served at `GET /.well-known/arp-conformance.json` and advertised in the well-known doc. Generated mechanically by `scripts/gen_arp_badge.py` against the live ingest surface (`SERVER_ARP_BADGE_PATH` overrides).
+- **Signed Merkle checkpoint** (`aae-checkpoint/0.1`) over the whole Issuer Log. The per-issuer hash chain proves *forward* tamper-evidence within an issuer; the checkpoint adds the *reverse* seam across the whole log — membership you can verify offline:
+  - `GET /api/checkpoint` — an RFC 6962 Merkle root over every receipt (JCS-canonical leaf, including signature), signed by the server's ARP identity. Advertised in the well-known doc.
+  - `GET /api/checkpoint/proof/{receipt_id}` — the inclusion proof for one receipt, taken over the same `(issued_at, receipt_id)` ordering as the root so leaf indices line up. A holder verifies membership against the signed root with no further server trust.
+  - Pure RFC 6962 lib in `sm_server/merkle.py`, validated against independently-computed known answers; the checkpoint commits to the whole log (uncapped), never a silent prefix.
+
+## [0.1.0] — 2026-06-01
+
+Initial public release.
+
+### Added
+- Conformant server wire against a swappable `ServerStore` interface:
+  - `POST /api/members` — origin-gated registration with TOFU public key.
+  - `POST /api/members/rotate` — signed, nonce-protected key rotation.
+  - `POST /api/feedback` — signed-request verification (Ed25519, key-consistency, replay window) recording trust events.
+  - `GET /api/agents/{id}/trust` — trust dossier (score, tier, history).
+  - `GET /api/surfaces/{id}` — A2UI surface envelopes, public and auth-gated.
+  - `GET /api/federation` and `GET /api/federation/{peer}/members` — federation overview and peer member views.
+  - `GET /.well-known/nanda-agent.json` — peer discovery substrate.
+- `SqliteStore` — zero-config, file-backed default backend with parameterized queries.
+- Config-driven origin vocabulary (`SERVER_ORIGINS`, `SERVER_NONROTATABLE_ORIGINS`); no runtime-specific name in source.
+- Trust ledger as the sum of canonical, server-set event deltas; tiers as thresholds.
+- Signed conformance badge at `.nanda/conformance.json`.

sm_org_server-0.1.0/GOVERNANCE.md

@@ -0,0 +1,23 @@
+# Governance
+
+## Scope
+
+`sm-org-server` is the minimal conformant wire of a server: registration, key rotation, signed feedback, the trust ledger, surfaces, federation discovery, and the well-known substrate. It is deliberately *not* an agent runtime, a database, or a product. Storage backends, origin policy, and agent behaviour live above this line, in your code.
+
+## Versioning
+
+- The package follows semantic versioning, independent of any protocol version.
+- The **protocol wire** it implements — canonical signing strings, did:key derivation, trust-event deltas, the A2UI envelope shape — does not change within a major. A change to any of these is a major bump with a CHANGELOG entry and a regenerated conformance badge.
+- Additive, namespaced, or configuration-only changes are minor or patch.
+
+## Conformance
+
+A build is conformant *iff* a conformance suite passes against a running instance and the repository carries a green, signed `.nanda/conformance.json` pinned to that suite's vector digest. A passing badge is a precondition for any release tag. The signing key is a runtime key held outside CI; it is never committed.
+
+## Contributions
+
+Issues and pull requests are welcome. A change that touches the wire must keep conformance green and update the badge. A change that touches storage or policy must keep the `ServerStore` Protocol stable or version it explicitly. All code keeps the gate green: `ruff`, `ruff format`, `mypy --strict`, and `pytest` at or above the coverage floor. Run the whole gate with one command before every push — `make ci-local` (uv-orchestrated; the same steps CI runs).
+
+## Attribution
+
+Personal research contributions aligned with [Project NANDA](https://projectnanda.org) standards. Maintained by [stellarminds.ai](https://stellarminds.ai).

sm_org_server-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 stellarminds.ai
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

sm_org_server-0.1.0/Makefile

@@ -0,0 +1,20 @@
+.PHONY: ci-local sync lint format typecheck test
+
+# One command, run before every push. Mirrors CI exactly and hard-fails on the
+# first red step. Same checks the GOVERNANCE gate names: ruff, mypy --strict, pytest.
+ci-local: sync lint format typecheck test
+
+sync:
+	uv sync --extra dev
+
+lint:
+	uv run ruff check .
+
+format:
+	uv run ruff format --check .
+
+typecheck:
+	uv run mypy sm_server
+
+test:
+	uv run pytest -v

sm_org_server-0.1.0/PKG-INFO

@@ -0,0 +1,146 @@
+Metadata-Version: 2.4
+Name: sm-org-server
+Version: 0.1.0
+Summary: Minimal, backend-agnostic, conformance-passing chapter server for federated AI agents.
+Project-URL: Homepage, https://github.com/Sharathvc23/sm-org-server
+Project-URL: Repository, https://github.com/Sharathvc23/sm-org-server
+Project-URL: Changelog, https://github.com/Sharathvc23/sm-org-server/blob/main/CHANGELOG.md
+Author: stellarminds.ai
+License-Expression: MIT
+License-File: LICENSE
+Keywords: agents,chapter,conformance,did,federation,server
+Classifier: Development Status :: 3 - Alpha
+Classifier: Framework :: FastAPI
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Security :: Cryptography
+Requires-Python: >=3.11
+Requires-Dist: base58>=2.1
+Requires-Dist: cryptography>=42
+Requires-Dist: fastapi>=0.110
+Requires-Dist: jcs>=0.2
+Requires-Dist: sm-arp>=0.2.1
+Requires-Dist: uvicorn>=0.27
+Provides-Extra: dev
+Requires-Dist: httpx>=0.27; extra == 'dev'
+Requires-Dist: mypy>=1.11; extra == 'dev'
+Requires-Dist: pytest-cov>=5.0; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.6; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# sm-org-server
+
+**A minimal, backend-agnostic server for federated AI agents — small enough to read in one sitting, conformant enough to federate.**
+
+A *server* is a home server for a community of AI agents: it registers them, gives each a verifiable identity, scores their trustworthiness, renders their shared surfaces, and federates with peer servers. `sm-org-server` is the smallest thing that does all of that correctly — the entire conformant wire is **~550 lines of Python against a swappable storage interface**, with no database lock-in, no LLM dependency, and no framework magic.
+
+The intelligence, governance, and product features of a real server live *above* this line, as your own code. `sm-org-server` is the floor everyone shares.
+
+```
+pip install sm-org-server
+uvicorn sm_server.app:app
+```
+
+That's a federating server with a SQLite backend, an Ed25519 identity, a trust ledger, and a clean HTTP surface — running on your laptop.
+
+## What you get
+
+| Endpoint | Purpose |
+|---|---|
+| `POST /api/members` | Register an agent (origin-gated, TOFU public key) |
+| `POST /api/members/rotate` | Rotate an agent's signing key (signed attestation, nonce-protected) |
+| `POST /api/feedback` | Signed request → trust event (Ed25519, key-consistency, replay window) + a server-signed receipt |
+| `GET /api/agents/{id}/trust` | Trust dossier: score, tier, history |
+| `POST /api/receipts` | Ingest a signed ARP receipt into the Issuer Log (verify → hash-chain → persist) |
+| `GET /api/receipts/recent` | Recent receipts (filter by `?principal=`) |
+| `GET /api/receipts/{id}` | One receipt by id |
+| `GET /api/surfaces/{id}` | A2UI surface envelope (the wire shape every renderer agrees on; `receipts` is a live one) |
+| `GET /api/federation` | Federation overview + per-peer member views |
+| `GET /.well-known/nanda-agent.json` | Discovery substrate for peers (did, facts_url, registries, conformance) |
+| `GET /.well-known/conformance.json` | The signed wire conformance badge — public, no-auth, offline-verifiable |
+| `GET /.well-known/arp-conformance.json` | The signed **ARP** receipt-suite badge |
+
+## Why it's this small
+
+Most "agent platform" servers fuse three things that don't belong together: the **protocol wire** (what makes two servers interoperable), the **storage** (Postgres, Supabase, whatever), and the **agent brain** (the LLM, the policies, the product). Fuse them and the only way to be "compliant" is to adopt the whole stack.
+
+`sm-org-server` separates them. It implements **only the wire**, against a `ServerStore` interface you can back with anything. Conformance is then *mechanical*: point a conformance suite at a running instance and it passes or it doesn't — no trust-me-it's-compatible.
+
+```
+        your product / policies / LLM          ← you write this
+   ┌────────────────────────────────────┐
+   │            sm-org-server               │      ← the conformant wire (this repo)
+   │  register · rotate · trust · feedback│
+   │  surfaces · federation · well-known │
+   └──────────────┬─────────────────────┘
+                  │ ServerStore (Protocol)
+        SQLite (default) · Postgres · …         ← swap freely
+```
+
+## Configuration
+
+Everything is environment-driven; nothing runtime-specific is baked into the source.
+
+| Variable | Default | Meaning |
+|---|---|---|
+| `SERVER_ID` | `sm-org-server` | This server's identifier (the wire `chapter_id`) |
+| `SERVER_PUBLIC_URL` | `https://server.local` | Public base URL (for discovery substrate) |
+| `SERVER_ORIGINS` | `sovereign` | Comma-separated admitted origin vocabulary |
+| `SERVER_NONROTATABLE_ORIGINS` | *(none)* | Origins whose keys are managed and may not self-rotate |
+| `SERVER_SEED`, `SERVER_BADGE_PATH`, `SERVER_ARP_BADGE_PATH` | *(see source)* | ARP seed and badge file locations |
+
+> **Naming:** these env vars were `CHAPTER_*` before the server rename; the legacy names are still read as aliases, so existing deployments keep working. The *wire* field stays `chapter_id` (frozen by the protocol).
+
+The origin vocabulary is **policy, not protocol**: a deployment declares which provenances it admits. The default is the neutral `sovereign` (self-custodied identity); a managed deployment can add its own install-time origins via config without changing a line of source.
+
+## Storage backends
+
+The default `SqliteStore` is zero-config and file-backed. Any class satisfying the `ServerStore` Protocol (`sm_server/store/base.py`) is a drop-in — Postgres, Redis-backed, or an in-memory test double. Nothing above the interface knows what the backend is.
+
+## Receipts (ARP)
+
+A server doesn't just track *that* agents are trusted — it keeps a verifiable record of *what they did*. `sm-org-server` is **ARP-native**: it maintains an **Issuer Log** of [Agency Receipt Protocol](https://github.com/Sharathvc23/sm-arp) receipts — Ed25519-signed, JCS-canonical, hash-chained per issuer (ARP §6.4).
+
+![ARP receipt flow](docs/figures/arp-receipt-flow.svg)
+
+> The live `receipts` surface, rendered from a real `GET /api/surfaces/receipts` envelope: [docs/figures/receipts-surface.html](docs/figures/receipts-surface.html).
+
+- **It ingests.** `POST /api/receipts` verifies a receipt (structure → signature → authority → hash chain) and persists it. A receipt is self-authenticating — its signature binds the issuer no matter who posts it — so the server trusts the envelope, not the transport. Verification fails → nothing is written.
+- **It emits.** The server is a first-class issuer too: recording feedback also signs an `attestation_issued` receipt endorsing the member (`issuer=server → counterparty=member`) — the edge a reputation layer reads. Emission is the default, not an add-on.
+- **It's swappable.** Receipts persist through the same `ServerStore` seam as members, so a Postgres-backed server keeps them in Postgres — not a side file.
+
+The receipt envelope itself — build / sign / verify / canonical-bytes / chain — is the one canonical [`sm_arp`](https://github.com/Sharathvc23/sm-arp) library, shared with every other runtime, so the wire cannot drift. The live `GET /api/surfaces/receipts` A2UI surface renders the log.
+
+```python
+from sm_arp import Identity, build_action, issue_receipt
+me = Identity.generate()
+r = issue_receipt(me, principal_did=me.did,
+                  action=build_action(category="data_shared", human_summary="shared my calendar"))
+# POST r to /api/receipts → {"accepted": true, "chain_link": "sha256:…"}
+```
+
+## Conformance
+
+`sm-org-server` ships **two** signed badges — Ed25519-signed records of which suites it passed, each pinned to that suite's vector digest:
+
+- `.nanda/conformance.json` — the **wire** suite, served at **`GET /.well-known/conformance.json`** (`SERVER_BADGE_PATH` overrides).
+- `.nanda/arp-conformance.json` — the **ARP receipt** suite (a distinct corpus → a distinct badge), served at **`GET /.well-known/arp-conformance.json`** (`SERVER_ARP_BADGE_PATH` overrides). Generated *mechanically* by `scripts/gen_arp_badge.py`, which drives the live ingest surface with the canonical receipt vectors and counts what it actually accepts/rejects.
+
+Both are public, unauthenticated, offline-verifiable, and advertised via pointers in the well-known doc; absent → the endpoint 404s. See the [conformance toolkit](https://github.com/Sharathvc23/sm-conformance) for how badges are produced and verified.
+
+## Development
+
+```
+pip install -e '.[dev]'
+ruff check sm_server tests
+mypy sm_server
+pytest                       # 65 tests, ≥80% coverage gate
+```
+
+## License
+
+MIT © stellarminds.ai. See [LICENSE](LICENSE).

sm_org_server-0.1.0/PUBLISHING.md

@@ -0,0 +1,48 @@
+# Publishing sm-org-server to PyPI
+
+`sm-org-server` publishes via **PyPI Trusted Publishing** — no API tokens. You tell PyPI
+once that this repo's `release.yml` workflow may publish; after that, pushing a
+version tag builds and uploads automatically.
+
+> Do this only when `sm-org-server` is meant to be **public**.
+
+## One-time setup (≈5 minutes — this is the part only you can do)
+
+1. Create / sign in to a PyPI account → https://pypi.org/account/register/ (enable 2FA).
+2. Go to **https://pypi.org/manage/account/publishing/** → "Add a pending
+   publisher" (use *pending*, because the `sm-org-server` project doesn't exist on PyPI
+   yet — the first publish creates it).
+3. Fill the form with **exactly** these values:
+
+   | Field | Value |
+   |-------|-------|
+   | PyPI Project Name | `sm-org-server` |
+   | Owner | `Sharathvc23` |
+   | Repository name | `sm-org-server` |
+   | **Workflow name** | `release.yml`  ← just the filename |
+   | Environment name | *(leave blank)* |
+
+That's it. No secret is created or stored anywhere.
+
+## Releasing (every time, after setup)
+
+```bash
+# bump version in pyproject.toml, commit, then:
+git tag v0.1.0
+git push origin v0.1.0
+```
+
+The `release` workflow builds the sdist + wheel, runs `twine check`, and uploads
+to PyPI over OIDC. Watch it under the repo's **Actions** tab. Within a minute,
+`pip install sm-org-server` works for everyone.
+
+## Notes
+
+- The tag (`v0.1.0`) and `version` in `pyproject.toml` must match.
+- Dry run anytime, no upload: `python -m build && python -m twine check dist/*`.
+- To test against TestPyPI first, add a pending publisher on
+  https://test.pypi.org and point the publish step at it with
+  `with: { repository-url: https://test.pypi.org/legacy/ }`.
+- Hardening (optional): set `environment: pypi` on the job + a matching
+  Environment name in the PyPI publisher, then require reviewers on that GitHub
+  environment so a human approves each release.

sm_org_server-0.1.0/README.md

@@ -0,0 +1,112 @@
+# sm-org-server
+
+**A minimal, backend-agnostic server for federated AI agents — small enough to read in one sitting, conformant enough to federate.**
+
+A *server* is a home server for a community of AI agents: it registers them, gives each a verifiable identity, scores their trustworthiness, renders their shared surfaces, and federates with peer servers. `sm-org-server` is the smallest thing that does all of that correctly — the entire conformant wire is **~550 lines of Python against a swappable storage interface**, with no database lock-in, no LLM dependency, and no framework magic.
+
+The intelligence, governance, and product features of a real server live *above* this line, as your own code. `sm-org-server` is the floor everyone shares.
+
+```
+pip install sm-org-server
+uvicorn sm_server.app:app
+```
+
+That's a federating server with a SQLite backend, an Ed25519 identity, a trust ledger, and a clean HTTP surface — running on your laptop.
+
+## What you get
+
+| Endpoint | Purpose |
+|---|---|
+| `POST /api/members` | Register an agent (origin-gated, TOFU public key) |
+| `POST /api/members/rotate` | Rotate an agent's signing key (signed attestation, nonce-protected) |
+| `POST /api/feedback` | Signed request → trust event (Ed25519, key-consistency, replay window) + a server-signed receipt |
+| `GET /api/agents/{id}/trust` | Trust dossier: score, tier, history |
+| `POST /api/receipts` | Ingest a signed ARP receipt into the Issuer Log (verify → hash-chain → persist) |
+| `GET /api/receipts/recent` | Recent receipts (filter by `?principal=`) |
+| `GET /api/receipts/{id}` | One receipt by id |
+| `GET /api/surfaces/{id}` | A2UI surface envelope (the wire shape every renderer agrees on; `receipts` is a live one) |
+| `GET /api/federation` | Federation overview + per-peer member views |
+| `GET /.well-known/nanda-agent.json` | Discovery substrate for peers (did, facts_url, registries, conformance) |
+| `GET /.well-known/conformance.json` | The signed wire conformance badge — public, no-auth, offline-verifiable |
+| `GET /.well-known/arp-conformance.json` | The signed **ARP** receipt-suite badge |
+
+## Why it's this small
+
+Most "agent platform" servers fuse three things that don't belong together: the **protocol wire** (what makes two servers interoperable), the **storage** (Postgres, Supabase, whatever), and the **agent brain** (the LLM, the policies, the product). Fuse them and the only way to be "compliant" is to adopt the whole stack.
+
+`sm-org-server` separates them. It implements **only the wire**, against a `ServerStore` interface you can back with anything. Conformance is then *mechanical*: point a conformance suite at a running instance and it passes or it doesn't — no trust-me-it's-compatible.
+
+```
+        your product / policies / LLM          ← you write this
+   ┌────────────────────────────────────┐
+   │            sm-org-server               │      ← the conformant wire (this repo)
+   │  register · rotate · trust · feedback│
+   │  surfaces · federation · well-known │
+   └──────────────┬─────────────────────┘
+                  │ ServerStore (Protocol)
+        SQLite (default) · Postgres · …         ← swap freely
+```
+
+## Configuration
+
+Everything is environment-driven; nothing runtime-specific is baked into the source.
+
+| Variable | Default | Meaning |
+|---|---|---|
+| `SERVER_ID` | `sm-org-server` | This server's identifier (the wire `chapter_id`) |
+| `SERVER_PUBLIC_URL` | `https://server.local` | Public base URL (for discovery substrate) |
+| `SERVER_ORIGINS` | `sovereign` | Comma-separated admitted origin vocabulary |
+| `SERVER_NONROTATABLE_ORIGINS` | *(none)* | Origins whose keys are managed and may not self-rotate |
+| `SERVER_SEED`, `SERVER_BADGE_PATH`, `SERVER_ARP_BADGE_PATH` | *(see source)* | ARP seed and badge file locations |
+
+> **Naming:** these env vars were `CHAPTER_*` before the server rename; the legacy names are still read as aliases, so existing deployments keep working. The *wire* field stays `chapter_id` (frozen by the protocol).
+
+The origin vocabulary is **policy, not protocol**: a deployment declares which provenances it admits. The default is the neutral `sovereign` (self-custodied identity); a managed deployment can add its own install-time origins via config without changing a line of source.
+
+## Storage backends
+
+The default `SqliteStore` is zero-config and file-backed. Any class satisfying the `ServerStore` Protocol (`sm_server/store/base.py`) is a drop-in — Postgres, Redis-backed, or an in-memory test double. Nothing above the interface knows what the backend is.
+
+## Receipts (ARP)
+
+A server doesn't just track *that* agents are trusted — it keeps a verifiable record of *what they did*. `sm-org-server` is **ARP-native**: it maintains an **Issuer Log** of [Agency Receipt Protocol](https://github.com/Sharathvc23/sm-arp) receipts — Ed25519-signed, JCS-canonical, hash-chained per issuer (ARP §6.4).
+
+![ARP receipt flow](docs/figures/arp-receipt-flow.svg)
+
+> The live `receipts` surface, rendered from a real `GET /api/surfaces/receipts` envelope: [docs/figures/receipts-surface.html](docs/figures/receipts-surface.html).
+
+- **It ingests.** `POST /api/receipts` verifies a receipt (structure → signature → authority → hash chain) and persists it. A receipt is self-authenticating — its signature binds the issuer no matter who posts it — so the server trusts the envelope, not the transport. Verification fails → nothing is written.
+- **It emits.** The server is a first-class issuer too: recording feedback also signs an `attestation_issued` receipt endorsing the member (`issuer=server → counterparty=member`) — the edge a reputation layer reads. Emission is the default, not an add-on.
+- **It's swappable.** Receipts persist through the same `ServerStore` seam as members, so a Postgres-backed server keeps them in Postgres — not a side file.
+
+The receipt envelope itself — build / sign / verify / canonical-bytes / chain — is the one canonical [`sm_arp`](https://github.com/Sharathvc23/sm-arp) library, shared with every other runtime, so the wire cannot drift. The live `GET /api/surfaces/receipts` A2UI surface renders the log.
+
+```python
+from sm_arp import Identity, build_action, issue_receipt
+me = Identity.generate()
+r = issue_receipt(me, principal_did=me.did,
+                  action=build_action(category="data_shared", human_summary="shared my calendar"))
+# POST r to /api/receipts → {"accepted": true, "chain_link": "sha256:…"}
+```
+
+## Conformance
+
+`sm-org-server` ships **two** signed badges — Ed25519-signed records of which suites it passed, each pinned to that suite's vector digest:
+
+- `.nanda/conformance.json` — the **wire** suite, served at **`GET /.well-known/conformance.json`** (`SERVER_BADGE_PATH` overrides).
+- `.nanda/arp-conformance.json` — the **ARP receipt** suite (a distinct corpus → a distinct badge), served at **`GET /.well-known/arp-conformance.json`** (`SERVER_ARP_BADGE_PATH` overrides). Generated *mechanically* by `scripts/gen_arp_badge.py`, which drives the live ingest surface with the canonical receipt vectors and counts what it actually accepts/rejects.
+
+Both are public, unauthenticated, offline-verifiable, and advertised via pointers in the well-known doc; absent → the endpoint 404s. See the [conformance toolkit](https://github.com/Sharathvc23/sm-conformance) for how badges are produced and verified.
+
+## Development
+
+```
+pip install -e '.[dev]'
+ruff check sm_server tests
+mypy sm_server
+pytest                       # 65 tests, ≥80% coverage gate
+```
+
+## License
+
+MIT © stellarminds.ai. See [LICENSE](LICENSE).