AGA MCP Server
Cryptographic runtime governance for AI agents. 20 tools. Sealed policy artifacts, continuous measurement, tamper-evident proof. Ed25519 + SHA-256.
AGA - Attested Governance Artifacts
Cryptographic runtime governance for AI agents and autonomous systems.
# Try it now
pip install aga-governance
python -m aga demo
python -m aga verify demo-bundle.json
What This Does
Every tool call an AI agent makes passes through the AGA gateway. Each call is evaluated against policy, and the decision (PERMITTED or DENIED) is recorded as a signed, hash-linked governance receipt. Receipts are collected into evidence bundles that any third party can verify offline using standard cryptography.
Record. Prove. Verify.
Use with Claude Desktop
Add to your Claude Desktop MCP config (claude_desktop_config.json):
{
"mcpServers": {
"aga": {
"command": "npx",
"args": ["-y", "@attested-intelligence/aga-mcp-server"]
}
}
}
Claude can then seal artifacts, measure integrity, generate evidence bundles, and verify compliance through natural language.
MCP Tools (20)
| Category | Tools |
|---|---|
| Identity | get_server_info, get_portal_state |
| Lifecycle | init_chain, attest_subject, revoke_artifact |
| Enforcement | measure_integrity, measure_behavior, verify_chain |
| Evidence | create_checkpoint, generate_evidence_bundle, verify_bundle_offline |
| Privacy | request_claim, list_claims |
| Delegation | delegate_to_subagent |
| Audit | get_receipts, get_chain_events |
Quick Start
Verify an evidence bundle (3 commands)
pip install aga-governance
curl -s https://aga-mcp-gateway.attestedintelligence.workers.dev/bundle -o evidence-bundle.json
python -m aga verify evidence-bundle.json
Or verify in your browser
Go to attestedintelligence.com/verify and click "Run Verification." Zero installs required.
How It Works
AI Agent AGA Gateway Verifier
| | |
|-- tools/call ----------->| |
| [Evaluate Policy] |
| [Sign Receipt] |
| [Chain to Previous] |
|<-- PERMITTED/DENIED -----| |
| | |
| [Export Bundle] |
| |--------- evidence.json ----->|
| | [Verify Signatures]
| | [Verify Chain]
| | [Verify Merkle Tree]
| | [PASS / FAIL]
MCP Governance Proxy
Run AGA as a transparent proxy between any MCP client and any MCP server. Every tool call gets evaluated against policy and produces a signed receipt.
# Start the proxy with an upstream MCP server
npx tsx src/proxy/index.ts start --upstream "npx -y @modelcontextprotocol/server-filesystem /tmp/test" --profile standard
# Export the evidence bundle
npx tsx src/proxy/index.ts export --output evidence.json
# Verify
npx tsx src/proxy/index.ts verify evidence.json
The proxy intercepts tools/call requests, evaluates them against a sealed policy artifact, and generates signed receipts. Permitted calls are forwarded to the downstream server. Denied calls return an MCP error. Every decision is hash-linked into a tamper-evident chain.
Three built-in policy profiles:
- permissive - log everything, block nothing (default)
- standard - rate limits + blocks destructive operations
- restrictive - explicit tool allowlist, all unknown tools denied
Verification (5 steps)
- Algorithm Check - Bundle declares Ed25519-SHA256-JCS, fail closed on anything else
- Receipt Signatures - Ed25519 over RFC 8785 canonical JSON (signature field excluded)
- Chain Integrity - Each receipt's
previous_receipt_hash= SHA-256 of the preceding receipt - Merkle Proofs - Walk siblings/directions to root, compare against bundle root
- Bundle Consistency - Proof count = receipt count, leaf hashes match receipt hashes
Cryptographic Primitives
| Primitive | Purpose |
|---|---|
| Ed25519 | Receipt signatures |
| SHA-256 | Hash chaining, Merkle trees, leaf computation |
| RFC 8785 (JCS) | Canonical JSON for deterministic signing |
| Merkle Trees | Binding all receipts to a single verifiable root |
Live Gateway
The demo gateway is deployed on Cloudflare Workers:
# Check status
curl https://aga-mcp-gateway.attestedintelligence.workers.dev/health
# Export evidence bundle
curl https://aga-mcp-gateway.attestedintelligence.workers.dev/bundle -o evidence-bundle.json
Python SDK
pip install aga-governance
from aga import AgentSession
with AgentSession(gateway_id="my-gateway") as session:
session.record_tool_call(
tool_name="search_web",
decision="PERMITTED",
reason="tool in allowlist",
request_id="req-1",
)
bundle = session.export_bundle()
result = session.verify()
assert result["overall_valid"]
Test Suite
355+ automated tests across TypeScript and Python:
- TypeScript MCP Server: 218 tests (vitest)
- Python SDK: 137 tests (pytest)
- Cross-language test vectors: 37 vectors across 9 categories
npm test # TypeScript tests
For the Python SDK, install aga-governance from PyPI: https://pypi.org/project/aga-governance/
Project Structure
src/ # Core protocol: artifacts, receipts, chain, Merkle, crypto, portal state machine
core/ # Governance primitives (artifact, receipt, chain, portal, bundle)
crypto/ # Ed25519, SHA-256, BLAKE2b, Merkle, JCS canonicalization
proxy/ # MCP governance proxy (transparent interception + policy enforcement)
tools/ # MCP tool handlers (20 tools)
middleware/ # Zero-trust governance enforcement wrapper
independent-verifier/ # Standalone verifier with zero AGA imports
scenarios/ # Deployment scenarios (SCADA, drone, AI agent)
tests/ # TypeScript test suite (218 tests)
Links
- Website
- Technology
- Live Verifier
- Trust and Scope
- Diligence Materials
- MCP Server (npm)
- Python SDK (PyPI)
Security
See SECURITY.md for vulnerability reporting.
Contributing
See CONTRIBUTING.md for development setup and guidelines.
License
Attested Intelligence Holdings LLC
संबंधित सर्वर
Earnings Feed
SEC filings and insider trades in real-time. 10-K, 10-Q, 8-K, Form 4, and company lookup.
MediaSage
Tracks movies, books, and TV shows to provide intelligent recommendations based on your preferences.
ReNoUn MCP Server
Structural observability for AI conversations. Detects loops, stuck states, and convergence patterns across 17 channels without analyzing content.
Tideways MCP Server
Enables AI assistants to query Tideways performance monitoring data and provide conversational performance insights
Stumpy
Persistent AI agents that run 24/7 in your Slack, Telegram, SMS, or email
NDI-MCP-Server
AI-powered commercial real estate deal search, comp lookup, and property scoring for the Northeast US — 14K+ active listings, 100K+ closed comps
Search Movie
一个基于 Model Context Protocol (MCP) 构建的智能电影和电视剧资源搜索工具,支持多源搜索和链接验证。An intelligent movie and TV series resource search tool based on Model Context Protocol (MCP), supporting multi-source search and link verification.
CryptoMinute
AI-powered crypto news intelligence MCP server with 8 tools: news search, narrative analytics, AI-clustered stories, Reddit sentiment, YouTube engagement, historical prices, token metadata, and Telegram flash posts.
Network - AI
Multi-agent orchestration MCP server with atomic shared blackboard, FSM governance, per-agent budget enforcement, and adapters for 12 AI frameworks including LangChain, AutoGen, CrewAI, and OpenAI Assistants.
FermatMCP
The Ultimate Math Engine - Unifying SymPy, NumPy & Matplotlib in one powerful server! Perfect for devs & researchers.