AGA MCP Server
Cryptographic runtime governance for AI agents. 20 tools. Sealed policy artifacts, continuous measurement, tamper-evident proof. Ed25519 + SHA-256.
@attested-intelligence/aga-mcp-server v2.0.0
MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
What It Does
This server acts as a Portal (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
20 tools, 3 resources, 3 prompts, 159 tests
20 MCP Tools
| # | Tool | Description |
|---|---|---|
| 1 | aga_server_info | Server identity, keys, portal state, framework alignment |
| 2 | aga_init_chain | Initialize continuity chain with genesis event |
| 3 | aga_create_artifact | Attest subject, generate sealed Policy Artifact |
| 4 | aga_measure_subject | Measure subject, compare to sealed ref, generate receipt |
| 5 | aga_verify_artifact | Verify artifact signature against issuer key |
| 6 | aga_start_monitoring | Start/restart behavioral monitoring with baseline |
| 7 | aga_get_portal_state | Current portal enforcement state and TTL |
| 8 | aga_trigger_measurement | Trigger measurement with specific type |
| 9 | aga_generate_receipt | Generate signed measurement receipt manually |
| 10 | aga_export_bundle | Package artifact + receipts + Merkle proofs |
| 11 | aga_verify_bundle | 4-step offline bundle verification |
| 12 | aga_disclose_claim | Privacy-preserving disclosure with auto-substitution |
| 13 | aga_get_chain | Get chain events with optional integrity verification |
| 14 | aga_quarantine_status | Quarantine state and forensic capture status |
| 15 | aga_revoke_artifact | Mid-session artifact revocation |
| 16 | aga_set_verification_tier | Set verification tier (BRONZE/SILVER/GOLD) |
| 17 | aga_demonstrate_lifecycle | Full lifecycle: attest, measure, checkpoint, verify |
| 18 | aga_measure_behavior | Behavioral drift detection (tool patterns) |
| 19 | aga_delegate_to_subagent | Constrained sub-agent delegation (scope only diminishes) |
| 20 | aga_rotate_keys | Key rotation with chain event |
3 Resources
| Resource | URI | Description |
|---|---|---|
| Protocol Spec | aga://specification/protocol-v2 | Full protocol specification with SPIFFE alignment |
| Sample Bundle | aga://resources/sample-bundle | Sample evidence bundle documentation |
| Crypto Primitives | aga://resources/crypto-primitives | Cryptographic primitives documentation |
3 Prompts
| Prompt | Description |
|---|---|
nccoe-demo | 4-phase NCCoE lab demo with behavioral drift |
governance-report | Session governance summary report |
drift-analysis | Drift event analysis and remediation |
CoSAI MCP Security Threat Coverage
The AGA MCP Server addresses all 12 threat categories identified in the CoSAI MCP Security whitepaper (Coalition for Secure AI / OASIS, January 2026).
| CoSAI Category | Threat Domain | AGA Governance Mechanism |
|---|---|---|
| T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |
| T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |
| T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |
| T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |
| T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |
| T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |
| T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |
| T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |
| T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |
| T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |
| T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |
| T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |
Full mapping details available via the aga://specification resource.
Quick Start
npm install && npm run build && npm test
Connect to an MCP Client
Add to your MCP client config:
{
"mcpServers": {
"aga": { "command": "node", "args": ["/path/to/aga-mcp-server/dist/index.js"] }
}
}
Architecture
MCP Client
│ JSON-RPC over stdio
▼
src/server.ts - 20 tools + 3 resources + 3 prompts
│
├── src/tools/ 20 individual tool handlers
├── src/core/ Protocol logic (artifact, chain, portal, etc.)
├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
├── src/middleware/ Zero-trust governance PEP
├── src/storage/ In-memory + optional SQLite
├── src/resources/ Protocol docs + crypto primitives
└── src/prompts/ Demo + report + analysis prompts
Test Coverage
| Suite | Tests | What |
|---|---|---|
| Crypto | 33 | SHA-256, Ed25519, Merkle, salt, canonical, keys |
| Core | 56 | Artifact, chain, portal, governance, behavioral, delegation, privacy, revocation, fail-closed |
| Tools | 25 | All 20 tool handlers |
| Integration | 38 | Bundle tamper, lifecycle, performance, NCCoE demo, crucible compatibility |
| Total | 159 |
License
MIT - Attested Intelligence Holdings LLC
相關伺服器
Obenan Review Analyzer
An MCP server for analyzing product or service reviews.
CraftedTrust
Independent trust verification for MCP servers. 7-factor trust scoring, 3,400+ packages indexed, embeddable badges, free API. Agents can query trust scores natively via MCP protocol.
OpenFoodTox Food Chemical Hazards
MCP server providing tools to access EFSA's comprehensive OpenFoodTox Chemical Hazards in food dataset
OneKGPd-MCP
Real-time access to 1000 Genomes Project dataset
Sitecore MCP server
MCP server for work with Sitecore
Nexus Dashboard
A comprehensive Model Context Protocol (MCP) server for Cisco Nexus Dashboard, enabling AI agents like Claude to interact with Nexus Dashboard APIs for intelligent network automation and management.
Currency Exchange & Crypto Rates
Real-time forex and crypto conversion with multi-source failover across 5 providers. 60+ fiat currencies, 30+ cryptocurrencies, no API keys needed.
SmartThings MCP
Samsung Smartthings Model Context Protocol Server
Lichess MCP
Interact with the Lichess chess platform using natural language.
FermatMCP
The Ultimate Math Engine - Unifying SymPy, NumPy & Matplotlib in one powerful server! Perfect for devs & researchers.