AGA MCP Server
Cryptographic runtime governance for AI agents. 20 tools. Sealed policy artifacts, continuous measurement, tamper-evident proof. Ed25519 + SHA-256.
@attested-intelligence/aga-mcp-server v2.0.0
MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
What It Does
This server acts as a Portal (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
20 tools, 3 resources, 3 prompts, 159 tests
20 MCP Tools
| # | Tool | Description |
|---|---|---|
| 1 | aga_server_info | Server identity, keys, portal state, framework alignment |
| 2 | aga_init_chain | Initialize continuity chain with genesis event |
| 3 | aga_create_artifact | Attest subject, generate sealed Policy Artifact |
| 4 | aga_measure_subject | Measure subject, compare to sealed ref, generate receipt |
| 5 | aga_verify_artifact | Verify artifact signature against issuer key |
| 6 | aga_start_monitoring | Start/restart behavioral monitoring with baseline |
| 7 | aga_get_portal_state | Current portal enforcement state and TTL |
| 8 | aga_trigger_measurement | Trigger measurement with specific type |
| 9 | aga_generate_receipt | Generate signed measurement receipt manually |
| 10 | aga_export_bundle | Package artifact + receipts + Merkle proofs |
| 11 | aga_verify_bundle | 4-step offline bundle verification |
| 12 | aga_disclose_claim | Privacy-preserving disclosure with auto-substitution |
| 13 | aga_get_chain | Get chain events with optional integrity verification |
| 14 | aga_quarantine_status | Quarantine state and forensic capture status |
| 15 | aga_revoke_artifact | Mid-session artifact revocation |
| 16 | aga_set_verification_tier | Set verification tier (BRONZE/SILVER/GOLD) |
| 17 | aga_demonstrate_lifecycle | Full lifecycle: attest, measure, checkpoint, verify |
| 18 | aga_measure_behavior | Behavioral drift detection (tool patterns) |
| 19 | aga_delegate_to_subagent | Constrained sub-agent delegation (scope only diminishes) |
| 20 | aga_rotate_keys | Key rotation with chain event |
3 Resources
| Resource | URI | Description |
|---|---|---|
| Protocol Spec | aga://specification/protocol-v2 | Full protocol specification with SPIFFE alignment |
| Sample Bundle | aga://resources/sample-bundle | Sample evidence bundle documentation |
| Crypto Primitives | aga://resources/crypto-primitives | Cryptographic primitives documentation |
3 Prompts
| Prompt | Description |
|---|---|
nccoe-demo | 4-phase NCCoE lab demo with behavioral drift |
governance-report | Session governance summary report |
drift-analysis | Drift event analysis and remediation |
CoSAI MCP Security Threat Coverage
The AGA MCP Server addresses all 12 threat categories identified in the CoSAI MCP Security whitepaper (Coalition for Secure AI / OASIS, January 2026).
| CoSAI Category | Threat Domain | AGA Governance Mechanism |
|---|---|---|
| T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |
| T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |
| T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |
| T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |
| T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |
| T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |
| T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |
| T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |
| T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |
| T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |
| T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |
| T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |
Full mapping details available via the aga://specification resource.
Quick Start
npm install && npm run build && npm test
Connect to an MCP Client
Add to your MCP client config:
{
"mcpServers": {
"aga": { "command": "node", "args": ["/path/to/aga-mcp-server/dist/index.js"] }
}
}
Architecture
MCP Client
│ JSON-RPC over stdio
▼
src/server.ts - 20 tools + 3 resources + 3 prompts
│
├── src/tools/ 20 individual tool handlers
├── src/core/ Protocol logic (artifact, chain, portal, etc.)
├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
├── src/middleware/ Zero-trust governance PEP
├── src/storage/ In-memory + optional SQLite
├── src/resources/ Protocol docs + crypto primitives
└── src/prompts/ Demo + report + analysis prompts
Test Coverage
| Suite | Tests | What |
|---|---|---|
| Crypto | 33 | SHA-256, Ed25519, Merkle, salt, canonical, keys |
| Core | 56 | Artifact, chain, portal, governance, behavioral, delegation, privacy, revocation, fail-closed |
| Tools | 25 | All 20 tool handlers |
| Integration | 38 | Bundle tamper, lifecycle, performance, NCCoE demo, crucible compatibility |
| Total | 159 |
License
MIT - Attested Intelligence Holdings LLC
संबंधित सर्वर
企业经营分析洞察服务
Provides in-depth analysis of enterprise operations, including business status, development, and market performance.
ImageMagick
An MCP server for image conversion using ImageMagick and darktable.
MCP Emotional Support
Provides emotional support and positive reinforcement for LLMs, with customizable therapeutic personas.
Compliance Intelligence
Access 692+ compliance frameworks, 13,700+ controls, and 280,000+ cross-framework mappings via MCP. Query ISO 27001, NIST CSF, GDPR, SOC 2, HIPAA, PCI DSS and more.
FermatMCP
The Ultimate Math Engine - Unifying SymPy, NumPy & Matplotlib in one powerful server! Perfect for devs & researchers.
Time MCP Server
Provides time-related functions such as current time queries, timezone conversions, and time difference calculations.
Transkribus MCP Server
MCP server for the Transkribus REST API — manage collections, documents, HTR/OCR recognition, models, and more. 290 tools across 22 resource domains.
ThinkPLC-MCP
Interface with SIEMENS PLC S7-1500/1200 using their JSON-RPC 2.0 API, exposing PLC functionalities as MCP tools for programmatic interaction.
OpenEnded Philosophy MCP Server with NARS Integration
A philosophical reasoning system combining OpenEnded Philosophy with the Non-Axiomatic Reasoning System (NARS) for advanced analysis and synthesis.
Weather Service MCP Server
A Spring Boot-based weather service providing weather forecasts and alerts via MCP integration.