Aga Mcp Server

Created By

attestedintelligence5 days ago

Cryptographic runtime governance for AI agents. 20 tools. Sealed policy artifacts, continuous measurement, tamper-evident proof. Ed25519 + SHA-256.

# ai-governance

# mcp

Overview Content Tools Comments

Overview

@attested-intelligence/aga-mcp-server v2.0.0

MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.

What It Does

This server acts as a Portal (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.

20 tools, 4 resources, 3 prompts, 159 tests

20 MCP Tools

#	Tool	NIST/Patent Ref	Description
1	`aga_server_info`	-	Server identity, keys, portal state, framework alignment
2	`aga_init_chain`	Claim 3a	Initialize continuity chain with genesis event
3	`aga_create_artifact`	Claims 1a-1d	Attest subject, generate sealed Policy Artifact
4	`aga_measure_subject`	Claims 1e-1g	Measure subject, compare to sealed ref, generate receipt
5	`aga_verify_artifact`	Claim 10	Verify artifact signature against issuer key
6	`aga_start_monitoring`	NIST-2025-0035	Start/restart behavioral monitoring with baseline
7	`aga_get_portal_state`	-	Current portal enforcement state and TTL
8	`aga_trigger_measurement`	Claims 1e-1g	Trigger measurement with specific type
9	`aga_generate_receipt`	V3 Promise	Generate signed measurement receipt manually
10	`aga_export_bundle`	Claim 9	Package artifact + receipts + Merkle proofs
11	`aga_verify_bundle`	Section J	4-step offline bundle verification
12	`aga_disclose_claim`	Claim 2	Privacy-preserving disclosure with auto-substitution
13	`aga_get_chain`	Claim 3c	Get chain events with optional integrity verification
14	`aga_quarantine_status`	Claim 5	Quarantine state and forensic capture status
15	`aga_revoke_artifact`	NCCoE 3b	Mid-session artifact revocation
16	`aga_set_verification_tier`	-	Set verification tier (BRONZE/SILVER/GOLD)
17	`aga_demonstrate_lifecycle`	All	Full lifecycle: attest, measure, checkpoint, verify
18	`aga_measure_behavior`	NIST-2025-0035	Behavioral drift detection (tool patterns)
19	`aga_delegate_to_subagent`	NCCoE	Constrained sub-agent delegation (scope only diminishes)
20	`aga_rotate_keys`	Claim 3	Key rotation with chain event

4 Resources

Resource	URI	Description
Protocol Spec	`aga://specification/protocol-v2`	Full protocol specification with SPIFFE alignment
Sample Bundle	`aga://resources/sample-bundle`	Sample evidence bundle documentation
Crypto Primitives	`aga://resources/crypto-primitives`	Cryptographic primitives documentation
Patent Claims	`aga://resources/patent-claims`	20 patent claims mapped to tools

3 Prompts

Prompt	Description
`nccoe-demo`	4-phase NCCoE lab demo with behavioral drift
`governance-report`	Session governance summary report
`drift-analysis`	Drift event analysis and remediation

CoSAI MCP Security Threat Coverage

The AGA MCP Server addresses all 12 threat categories identified in the CoSAI MCP Security whitepaper (Coalition for Secure AI / OASIS, January 2026).

CoSAI Category	Threat Domain	AGA Governance Mechanism
T1: Improper Authentication	Identity & Access	Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events
T2: Missing Access Control	Identity & Access	Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment
T3: Input Validation Failures	Input Handling	Runtime measurement against sealed reference, behavioral drift detection
T4: Data/Control Boundary Failures	Input Handling	Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics
T5: Inadequate Data Protection	Data & Code	Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention
T6: Missing Integrity Controls	Data & Code	Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification
T7: Session/Transport Security	Network & Transport	TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts
T8: Network Isolation Failures	Network & Transport	Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action
T9: Trust Boundary Failures	Trust & Design	Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM
T10: Resource Management	Trust & Design	Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s)
T11: Supply Chain Failures	Operational	Content-addressable hashing at attestation, runtime hash comparison blocks modified components
T12: Insufficient Observability	Operational	Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles

Full mapping details available via the aga://specification resource.

Quick Start

npm install && npm run build && npm test

Connect to Claude Desktop

Add to %APPDATA%\Claude\claude_desktop_config.json:

{
  "mcpServers": {
    "aga": { "command": "node", "args": ["C:/Users/neuro/AIH/aga-mcp-server/dist/index.js"] }
  }
}

Architecture

MCP Client (Claude Desktop)
    │ JSON-RPC over stdio
    ▼
src/server.ts - 20 tools + 4 resources + 3 prompts
    │
    ├── src/tools/          20 individual tool handlers
    ├── src/core/           Protocol logic (artifact, chain, portal, etc.)
    ├── src/crypto/         Ed25519 + SHA-256 + Merkle + canonical JSON
    ├── src/middleware/     Zero-trust governance PEP
    ├── src/storage/        In-memory + optional SQLite
    ├── src/resources/      Protocol docs + patent claims
    └── src/prompts/        Demo + report + analysis prompts

Test Coverage

Suite	Tests	What
Crypto	33	SHA-256, Ed25519, Merkle, salt, canonical, keys
Core	56	Artifact, chain, portal, governance, behavioral, delegation, privacy, revocation, fail-closed
Tools	25	All 20 tool handlers
Integration	38	Bundle tamper, lifecycle, performance, NCCoE demo, crucible compatibility
Total	159

License

MIT - Attested Intelligence Holdings LLC

Server Config

{
  "mcpServers": {
    "aga": {
      "command": "npx",
      "args": [
        "-y",
        "@attested-intelligence/aga-mcp-server"
      ]
    }
  }
}

Recommend Servers

TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.

Baidu Map百度地图核心API现已全面兼容MCP协议，是国内首家兼容MCP协议的地图服务商。

Zhipu Web SearchZhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.

CursorThe AI Code Editor

Y GuiA web-based graphical interface for AI chat interactions with support for multiple AI models and MCP (Model Context Protocol) servers.

BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.

DeepChatYour AI Partner on Desktop

Playwright McpPlaywright MCP server

Serper MCP ServerA Serper MCP Server

RedisA Model Context Protocol server that provides access to Redis databases. This server enables LLMs to interact with Redis key-value stores through a set of standardized tools.

MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.