MCP-T trust scoring protocol for agent authorization

[arkavo-com]

Summary

• New arkavo-trust crate implementing the MCP-T spec (v0.1.0-draft) as an L1 trust provider
• Maps existing agent behavioral scoring (BetaPrior, AntiPatternStore, LearningVelocity) to 6 MCP-T trust dimensions (0-1000 scale)
• Five JSON-RPC methods wired into A2aRpc trait: trust/query, trust/verify, trust/history, trust/providers, trust/publish
• RFC 8785 JCS canonical JSON + Ed25519 signing for all scores and events
• SQLite persistence following arkavo-memory store pattern (WAL mode, auto-init schema)
• 55 passing tests, clippy clean, no new warnings

Modules

Module	Lines	Purpose
types.rs	~250	MCP-T schema types
jcs.rs	~130	RFC 8785 canonical JSON
signing.rs	~200	Ed25519 sign/verify over JCS
mapper.rs	~200	Agent scoring → trust dimensions
service.rs	~330	TrustService orchestration
store.rs	~300	SQLite persistence
handlers/trust.rs	~145	Server RPC handlers

Test plan

• cargo test -p arkavo-trust — 55 tests passing
• cargo clippy -p arkavo-trust -p arkavo-server -- -D warnings — clean
• cargo fmt -- --check — clean
• cargo build -p arkavo-server -q — builds successfully

Ref: decentralized-identity/trusted-ai-agents#38

🤖 Generated with Claude Code

[github-actions]

Spec Coverage Report

Spec	Scenarios	Covered	Partial	Missing	Coverage
cef	7	0	0	7	0%
wallet	7	0	0	7	0%
agent-auth	6	0	0	6	0%
workspace	6	0	0	6	0%
torg-circuits	5	0	0	5	0%
autolearn	8	0	5	3	31%
attestation	6	0	0	6	0%
deepseek	5	0	0	5	0%
ucp	8	0	0	8	0%
mcp-tools	10	0	0	10	0%
llm-core	6	0	0	6	0%
ensemble	7	0	0	7	0%
repo	5	0	0	5	0%
session-security	21	20	1	0	97%
cli	17	0	0	17	0%
snpe	6	0	0	6	0%
terminal	8	0	0	8	0%
browser	6	0	0	6	0%
crypto	11	9	1	1	86%
context	15	2	1	12	16%
kimi	10	0	0	10	0%
qwen	9	0	0	9	0%
hrm	6	5	0	1	83%
torg	8	0	0	8	0%
ui-core	4	0	0	4	0%
registration	12	12	0	0	100%
gossip-protocol	8	7	0	1	87%
config-bundle	4	0	0	4	0%
titan	7	0	0	7	0%
network-security	17	8	0	9	47%
sbe	6	0	0	6	0%
tdf-security	15	0	0	15	0%
tdf-iroh	8	0	0	8	0%
tdf	9	0	0	9	0%
gemini	10	0	0	10	0%
ui-generator	6	0	0	6	0%
device-identity	6	0	0	6	0%
router	17	0	0	17	0%
code-search	5	0	0	5	0%
dataflow	6	0	0	6	0%
agui	8	0	0	8	0%
chat-session	24	0	0	24	0%
critic	17	0	0	17	0%
debugger	6	0	0	6	0%
github	5	0	0	5	0%
observability	8	0	0	8	0%
memory	7	0	0	7	0%
mcp-mesh	8	0	0	8	0%
task-orchestration	8	0	0	8	0%
mcp-runtime	7	0	0	7	0%
protocol	19	5	0	14	26%
budget	7	0	0	7	0%
events	8	1	0	7	12%
mcp-macos	9	0	0	9	0%
git	6	0	0	6	0%
orchestrator	11	0	0	11	0%
config-encryption	5	0	0	5	0%
authorization	6	0	0	6	0%
sat	6	0	0	6	0%
mcp-claude	9	0	0	9	0%
config-transport	4	0	0	4	0%
Total	531	69	8	454	13.0%

Quality Gate

• ✅ Overall coverage: 13.0% (threshold: 1%)

Uncovered Scenarios (454)

ID	Spec	Criticality	Scenario
CEF-001	cef.spec	critical	Spawn CEF renderer process
CEF-002	cef.spec	high	Execute DOM command
CEF-003	cef.spec	high	Track command health
CEF-004	cef.spec	medium	Handle async DOM operations
CEF-005	cef.spec	medium	Receive DOM events
CEF-006	cef.spec	critical	Communicate via UDS transport
CEF-007	cef.spec	high	Handle CEF errors
WAL-001	wallet.spec	critical	Generate BIP39 mnemonic
WAL-002	wallet.spec	critical	Create HD wallet from mnemonic
WAL-003	wallet.spec	critical	Derive Ethereum keypair
WAL-004	wallet.spec	critical	Build and sign transaction
WAL-005	wallet.spec	high	Recover signer from transaction
WAL-006	wallet.spec	medium	Generate EIP-55 checksummed address
WAL-007	wallet.spec	low	Export to DID key format
AAUTH-001	agent-auth.spec	critical	Request authentication token
AAUTH-002	agent-auth.spec	critical	Store token securely
AAUTH-003	agent-auth.spec	high	Load stored token
AAUTH-004	agent-auth.spec	high	Refresh expired token
AAUTH-005	agent-auth.spec	critical	Complete challenge-response auth
AAUTH-006	agent-auth.spec	medium	Delete token on logout
WORKSPACE-001	workspace.spec	high	Create isolated workspace container
WORKSPACE-002	workspace.spec	critical	Execute command in workspace
WORKSPACE-003	workspace.spec	high	Clone repository into workspace
WORKSPACE-004	workspace.spec	high	Enforce resource quotas
WORKSPACE-005	workspace.spec	medium	Cleanup workspace after use
WORKSPACE-006	workspace.spec	medium	Detect container runtime
TRC-001	torg-circuits.spec	critical	Compile circuit from graph and features
TRC-002	torg-circuits.spec	critical	Evaluate circuit with feature extraction
TRC-003	torg-circuits.spec	high	Implement CircuitFeature trait
TRC-004	torg-circuits.spec	high	Thread-safe concurrent evaluations
TRC-005	torg-circuits.spec	medium	Zero-allocation evaluation performance
AUTO-006	autolearn.spec	medium	Burst feedback for rapid learning
AUTO-007	autolearn.spec	low	Agent contribution tracking
AUTO-008	autolearn.spec	high	Patchlet rollback on degradation
ATT-001	attestation.spec	high	Detect platform code
ATT-002	attestation.spec	critical	Create platform evidence from identity
ATT-003	attestation.spec	critical	Collect evidence via platform attestor
ATT-004	attestation.spec	high	Get security state
ATT-005	attestation.spec	medium	Report attestation capabilities
ATT-006	attestation.spec	high	Validate evidence freshness
DEEP-001	deepseek.spec	critical	Send chat completion request
DEEP-002	deepseek.spec	critical	Stream chat responses via SSE
DEEP-003	deepseek.spec	medium	Use reasoning model for complex tasks
DEEP-004	deepseek.spec	high	Handle API errors with retry
DEEP-005	deepseek.spec	medium	Strict mode for JSON output
UCP-001	ucp.spec	critical	Create payment intent
UCP-002	ucp.spec	critical	Evaluate payment against commerce policy
UCP-003	ucp.spec	critical	Execute budget payment (USD)
UCP-004	ucp.spec	critical	Execute EVM payment (ETH)
UCP-005	ucp.spec	high	Track payment status
UCP-006	ucp.spec	high	Complete payment lifecycle
UCP-007	ucp.spec	medium	Register MCP tools for payments
UCP-008	ucp.spec	low	Get payment statistics
MCP-001	mcp-tools.spec	high	Register built-in tools in registry
MCP-002	mcp-tools.spec	high	Discover tools with detail level
MCP-003	mcp-tools.spec	critical	Execute tool with parameters
MCP-004	mcp-tools.spec	high	Filesystem tool operations
MCP-005	mcp-tools.spec	medium	Git tool operations
MCP-006	mcp-tools.spec	medium	GitHub API tool operations
MCP-007	mcp-tools.spec	medium	Code analysis with Semgrep
MCP-008	mcp-tools.spec	high	Shell execution with safety
MCP-009	mcp-tools.spec	low	Web search tool
MCP-010	mcp-tools.spec	high	TDF encryption tool
LLM-001	llm-core.spec	critical	Send chat request to provider
LLM-002	llm-core.spec	critical	Stream chat responses
LLM-003	llm-core.spec	high	Parse tool calls from response
LLM-004	llm-core.spec	high	Execute tool with results
LLM-005	llm-core.spec	medium	Switch provider dynamically
LLM-006	llm-core.spec	high	Handle provider errors gracefully
ENS-001	ensemble.spec	critical	Create policy ensemble with production policy
ENS-002	ensemble.spec	high	Add candidate policy to ensemble
ENS-003	ensemble.spec	critical	Evaluate counterfactually on real input
ENS-004	ensemble.spec	high	Accumulate regret over attribution window
ENS-005	ensemble.spec	critical	Check for promotion candidates
ENS-006	ensemble.spec	medium	Generate candidate via LLM synthesis
ENS-007	ensemble.spec	medium	Compute weighted cost across multiple objectives
REPO-001	repo.spec	high	Get repository info from path
REPO-002	repo.spec	medium	Calculate file count recursively
REPO-003	repo.spec	medium	Extract git metadata
REPO-004	repo.spec	low	Detect primary language
REPO-005	repo.spec	high	Build repository context for agent
CLI-001	cli.spec	high	Initialize CLI with tracing
CLI-002	cli.spec	high	Execute first-run flow
CLI-003	cli.spec	high	Dispatch agent command
CLI-004	cli.spec	high	Dispatch chat command
CLI-005	cli.spec	high	Dispatch task command
CLI-006	cli.spec	medium	Handle missing command (default to agent)
CLI-007	cli.spec	low	Platform-specific test command
CLI-008	cli.spec	high	Handle /new command in REPL
CLI-009	cli.spec	high	Handle /clear command in REPL
CLI-010	cli.spec	medium	Handle /context command in REPL
CLI-011	cli.spec	medium	Handle /history command in REPL
CLI-012	cli.spec	medium	Handle /switch command in REPL
CLI-013	cli.spec	medium	Handle /read command in REPL
CLI-014	cli.spec	medium	Handle /list command in REPL
CLI-015	cli.spec	high	Handle chat with model parameters
CLI-016	cli.spec	medium	Handle chat with image for vision
CLI-017	cli.spec	high	Handle /exit or /quit command
SNPE-001	snpe.spec	critical	Initialize SNPE runtime dynamically
SNPE-002	snpe.spec	critical	Load DLC model for inference
SNPE-003	snpe.spec	critical	Execute inference on target
SNPE-004	snpe.spec	high	Convert tensors for SNPE format
SNPE-005	snpe.spec	medium	Detect available acceleration targets
SNPE-006	snpe.spec	high	Handle SNPE errors gracefully
TERM-001	terminal.spec	critical	Run terminal UI application
TERM-002	terminal.spec	high	Handle application events
TERM-003	terminal.spec	high	Send LLM request
TERM-004	terminal.spec	high	Receive LLM response
TERM-005	terminal.spec	medium	Spawn multiple terminals
TERM-006	terminal.spec	medium	Render diff view
TERM-007	terminal.spec	low	Integrate Vim editor
TERM-008	terminal.spec	low	Integrate Helix editor
BROWS-001	browser.spec	high	Create browser tool instance
BROWS-002	browser.spec	high	Navigate to URL
BROWS-003	browser.spec	high	Inject script into page
BROWS-004	browser.spec	medium	Click element by selector
BROWS-005	browser.spec	medium	Extract page content
BROWS-006	browser.spec	high	Handle browser errors
CRYPTO-011	crypto.spec	high	ECDH key agreement for KAS operations
CTX-001	context.spec	high	Create semantic chunker
CTX-002	context.spec	critical	Chunk document semantically
CTX-003	context.spec	high	Deduplicate chunks
CTX-004	context.spec	high	Compress context with summarization
CTX-005	context.spec	medium	Build compression pipeline
CTX-006	context.spec	high	Enrich prompt with context
CTX-008	context.spec	high	Calculate context offload threshold by model size
CTX-009	context.spec	high	Offload context to ledger when threshold exceeded
CTX-010	context.spec	high	Restore archived context from ledger
CTX-011	context.spec	medium	Generate summary for archived context
CTX-012	context.spec	medium	Skip offload for small contexts
CTX-013	context.spec	medium	Estimate tokens for content
KIMI-001	kimi.spec	critical	Send native Kimi chat request
KIMI-002	kimi.spec	critical	Stream responses with native format
KIMI-003	kimi.spec	medium	Select model by context needs
KIMI-004	kimi.spec	high	Retry failed requests with backoff
KIMI-005	kimi.spec	medium	Handle partial message generation
KIMI-006	kimi.spec	critical	Use Kimi K2.5 series models
KIMI-007	kimi.spec	medium	Enable thinking mode on K2.5
KIMI-008	kimi.spec	medium	Disable thinking mode on K2.5
KIMI-009	kimi.spec	medium	Stream with reasoning content
KIMI-010	kimi.spec	medium	Select appropriate model variant
QWE-001	qwen.spec	critical	Initialize Qwen client with region
QWE-002	qwen.spec	high	Execute chat completion
QWE-003	qwen.spec	high	Stream chat completion responses
QWE-004	qwen.spec	medium	Process vision input with image
QWE-005	qwen.spec	high	Execute tool calls in conversation
QWE-006	qwen.spec	medium	Switch between Qwen models
QWE-007	qwen.spec	high	Handle Qwen API errors
QWE-008	qwen.spec	low	Create image URL from file path
QWE-009	qwen.spec	medium	Format messages for provider
HRM-001	hrm.spec	critical	Create conductor with task store
TORG-001	torg.spec	high	Create Qwen3 token mapping from vocabulary
TORG-002	torg.spec	high	Create Ministral token mapping
TORG-003	torg.spec	critical	Initialize TorgLlamaSampler
TORG-004	torg.spec	critical	Get logit bias for current decoder state
TORG-005	torg.spec	critical	Feed sampled token to advance state
TORG-006	torg.spec	critical	Finish sampling and extract graph
TORG-007	torg.spec	critical	Evaluate graph on inputs
TORG-008	torg.spec	medium	Format TØRG system prompt
UIC-001	ui-core.spec	high	Create UI content
UIC-002	ui-core.spec	high	Handle UI event
UIC-003	ui-core.spec	medium	Integrate with LLM for UI generation
UIC-004	ui-core.spec	medium	Adapt UI for different backends
GOSSIP-003	gossip-protocol.spec	high	Deduplicate messages by content hash
CFG-001	config-bundle.spec	high	Create configuration bundle
CFG-002	config-bundle.spec	critical	Validate bundle before distribution
CFG-003	config-bundle.spec	medium	Define agent role with capabilities
CFG-004	config-bundle.spec	high	Grant resource entitlements
TITAN-001	titan.spec	critical	Create Titan monitor
TITAN-002	titan.spec	critical	Evaluate with anomaly detection
TITAN-003	titan.spec	high	Detect hard failures
TITAN-004	titan.spec	high	Detect boundary violations
TITAN-005	titan.spec	medium	Detect statistical drift
TITAN-006	titan.spec	high	Receive anomaly evidence
TITAN-007	titan.spec	medium	Update EMA accumulator
NET-003	network-security.spec	high	Public binding requires explicit acknowledgment
NET-010	network-security.spec	high	Rate limiting per IP
NET-011	network-security.spec	high	Admin interface separate from public API
NET-012	network-security.spec	high	Security configuration audit on startup
NET-013	network-security.spec	medium	Service fingerprint minimization
NET-014	network-security.spec	high	DNS resolution validation before connection
NET-015	network-security.spec	critical	Prompt injection attack prevention
NET-016	network-security.spec	critical	Command injection via LLM output is prevented
NET-017	network-security.spec	high	Egress audit logging
SBE-001	sbe.spec	critical	Create hierarchical graph with layers
SBE-002	sbe.spec	high	Register nodes to specific layers
SBE-003	sbe.spec	critical	Apply adaptive patchlet
SBE-004	sbe.spec	high	Rollback adaptive changes
SBE-005	sbe.spec	critical	Evaluate hierarchical graph
SBE-006	sbe.spec	high	Define invariant contract
TDFS-001	tdf-security.spec	critical	Control plane commands encrypted with TDF
TDFS-002	tdf-security.spec	critical	Configuration bundle TDF encryption
TDFS-003	tdf-security.spec	high	TDF-JSON format for API compatibility
TDFS-004	tdf-security.spec	high	TDF-CBOR format for efficiency
TDFS-005	tdf-security.spec	medium	Format negotiation between agents
TDFS-006	tdf-security.spec	critical	Policy binding prevents policy tampering
TDFS-007	tdf-security.spec	high	Key escrow for data recovery
TDFS-008	tdf-security.spec	critical	Attribute authority verification
TDFS-009	tdf-security.spec	high	Time-based policy enforcement
TDFS-010	tdf-security.spec	high	Data residency enforcement
TDFS-011	tdf-security.spec	critical	Secure key hierarchy
TDFS-012	tdf-security.spec	medium	Offline policy evaluation
TDFS-013	tdf-security.spec	critical	Forward secrecy for key agreement
TDFS-014	tdf-security.spec	high	Policy update propagation
TDFS-015	tdf-security.spec	medium	TDF payload obfuscation
IROH-001	tdf-iroh.spec	critical	Create Iroh transport
IROH-002	tdf-iroh.spec	critical	Stage blob data
IROH-003	tdf-iroh.spec	critical	Fetch blob via ticket
IROH-004	tdf-iroh.spec	high	Serialize and deserialize ticket
IROH-005	tdf-iroh.spec	high	Manage Iroh node lifecycle
IROH-006	tdf-iroh.spec	medium	Configure node parameters
IROH-007	tdf-iroh.spec	high	Handle transport errors
IROH-008	tdf-iroh.spec	high	Integrate with TDF encryptor
TDF-001	tdf.spec	critical	Encrypt data with policy
TDF-002	tdf.spec	critical	Decrypt data with KAS rewrap
TDF-003	tdf.spec	high	Policy builder with ABAC attributes
TDF-004	tdf.spec	critical	ABAC evaluation for access decision
TDF-005	tdf.spec	high	Delegation token verification
TDF-006	tdf.spec	high	Streaming encryption for large files
TDF-007	tdf.spec	medium	Blob transport stages encrypted payload
TDF-008	tdf.spec	high	A2A KAS handler processes rewrap requests
TDF-009	tdf.spec	medium	OpenTDF integration for standard compliance
GEM-001	gemini.spec	critical	Initialize REST client with API key
GEM-002	gemini.spec	high	Execute tool-based conversation
GEM-003	gemini.spec	high	Stream response via SSE
GEM-004	gemini.spec	critical	Establish live session connection
GEM-005	gemini.spec	medium	Send audio content in live session
GEM-006	gemini.spec	high	Handle server tool calls in live session
GEM-007	gemini.spec	high	Register and dispatch tools
GEM-008	gemini.spec	high	Handle Gemini API errors
GEM-009	gemini.spec	medium	Configure generation parameters
GEM-010	gemini.spec	high	Parse streaming response chunks
UIG-001	ui-generator.spec	high	Initialize UI generator
UIG-002	ui-generator.spec	critical	Generate UI from intent
UIG-003	ui-generator.spec	medium	Build generation prompt
UIG-004	ui-generator.spec	medium	Render generated code
UIG-005	ui-generator.spec	low	Track generation metadata
UIG-006	ui-generator.spec	medium	Stream UI generation progress
DEVICE-001	device-identity.spec	high	Get or create device ID on first launch
DEVICE-002	device-identity.spec	high	Retrieve existing device ID
DEVICE-003	device-identity.spec	medium	Store device ID explicitly
DEVICE-004	device-identity.spec	high	Create agent identity with device
DEVICE-005	device-identity.spec	medium	Device ID roundtrip conversion
DEVICE-006	device-identity.spec	high	Platform-specific secure storage
ROUTER-001	router.spec	critical	Route task to optimal model
ROUTER-002	router.spec	critical	Quality gate with retry and escalation
ROUTER-003	router.spec	high	Offline mode restricts to local models
ROUTER-004	router.spec	critical	Preflight moderation blocks policy violations
ROUTER-005	router.spec	high	Stream backpressure handling
ROUTER-006	router.spec	medium	Model discovery finds available models
ROUTER-007	router.spec	high	Connectivity checker marks providers unavailable
ROUTER-008	router.spec	high	Tool request parsing and routing
ROUTER-009	router.spec	medium	RLM decomposition for complex tasks
ROUTER-010	router.spec	medium	Architect planner for multi-step workflows
ROUTER-011	router.spec	high	Strip think blocks from response
ROUTER-012	router.spec	high	Strip tool blocks from response
ROUTER-013	router.spec	high	Sanitize response output
ROUTER-014	router.spec	high	Apply sampling parameters
ROUTER-015	router.spec	medium	Handle vision queries with image input
ROUTER-016	router.spec	medium	Estimate token count for context
ROUTER-017	router.spec	medium	Get model context size
CS-001	code-search.spec	high	Register code search tools
CS-002	code-search.spec	high	Search code with regex pattern
CS-003	code-search.spec	high	Perform structural refactoring with Comby
CS-004	code-search.spec	high	Parse code with TreeSitter
CS-005	code-search.spec	medium	Handle code search errors
DATA-001	dataflow.spec	high	Create pipeline from blueprint
DATA-002	dataflow.spec	high	Create pipeline from natural language
DATA-003	dataflow.spec	high	Start pipeline execution
DATA-004	dataflow.spec	high	Stop pipeline gracefully
DATA-005	dataflow.spec	medium	Export blueprint to JSON
DATA-006	dataflow.spec	medium	Import blueprint from JSON
AGUI-001	agui.spec	critical	Initialize AGUI gateway
AGUI-002	agui.spec	high	Discover agents via mDNS
AGUI-003	agui.spec	high	Establish agent connection
AGUI-004	agui.spec	medium	Collect command health data
AGUI-005	agui.spec	medium	Analyze timeout patterns
AGUI-006	agui.spec	low	Calculate ROI metrics
AGUI-007	agui.spec	high	Handle UI events
AGUI-008	agui.spec	medium	Stream dataflow updates
CHAT-001	chat-session.spec	high	Create authenticated chat session
CHAT-002	chat-session.spec	high	Send message to active session
CHAT-003	chat-session.spec	high	Reject message to non-active session
CHAT-004	chat-session.spec	high	Stream LLM deltas with back-pressure
CHAT-005	chat-session.spec	medium	Process metrics acknowledgment
CHAT-006	chat-session.spec	high	Close session gracefully
CHAT-007	chat-session.spec	medium	TTL cleaner removes expired sessions
CHAT-008	chat-session.spec	high	Get delta stream for session
CHAT-009	chat-session.spec	high	Handle session with router and tools
CHAT-010	chat-session.spec	medium	Session enters zombie state on abnormal exit
CHAT-011	chat-session.spec	high	Handle router service unavailability
CHAT-012	chat-session.spec	high	Handle tool execution timeout
CHAT-013	chat-session.spec	medium	Reject malformed delta message
CHAT-014	chat-session.spec	high	Create conversation manager with storage
CHAT-015	chat-session.spec	high	Start conversation session with metadata
CHAT-016	chat-session.spec	high	Restore last conversation session with compatibility check
CHAT-017	chat-session.spec	high	Add message to conversation
CHAT-018	chat-session.spec	high	Get context messages with limits
CHAT-019	chat-session.spec	medium	Create conversation summary
CHAT-020	chat-session.spec	medium	List available conversation sessions
CHAT-021	chat-session.spec	medium	Switch to different conversation session
CHAT-022	chat-session.spec	medium	Get session statistics
CHAT-023	chat-session.spec	low	Clear current session
CHAT-024	chat-session.spec	high	Sanitize message content for small models
CRIT-001	critic.spec	critical	Create default verification pipeline
CRIT-002	critic.spec	high	Add custom check to pipeline
CRIT-003	critic.spec	critical	Run circuit check
CRIT-004	critic.spec	high	Run schema validation check
CRIT-005	critic.spec	medium	Run semantic coherence check
CRIT-006	critic.spec	high	Collect verification evidence
CRIT-007	critic.spec	medium	Judge response quality
CRIT-008	critic.spec	medium	Configure critic behavior
CRIT-009	critic.spec	high	Analyze response for code fence issues
CRIT-010	critic.spec	high	Detect output loops in model responses
CRIT-011	critic.spec	high	Record feedback as learning episode
CRIT-012	critic.spec	medium	Check for pattern-based prompt adjustment
CRIT-013	critic.spec	medium	Detect wrong expert routing for GLM models
CRIT-014	critic.spec	medium	Extract first answer from loopy response
CRIT-015	critic.spec	high	Record timeout feedback
CRIT-016	critic.spec	medium	Get model issue counts by category
CRIT-017	critic.spec	low	Detect model family from name
DBG-001	debugger.spec	high	Start session recording
DBG-002	debugger.spec	high	Replay recorded session
DBG-003	debugger.spec	medium	Analyze error patterns
DBG-004	debugger.spec	medium	Generate health report
DBG-005	debugger.spec	high	Check system health
DBG-006	debugger.spec	medium	Handle debugger errors
GITHUB-001	github.spec	critical	Authenticate as GitHub App
GITHUB-002	github.spec	high	Create issue with labels
GITHUB-003	github.spec	medium	Poll organization for new issues
GITHUB-004	github.spec	high	Handle issue with AI-generated response
GITHUB-005	github.spec	high	Merge pull request with checks
OBS-001	observability.spec	high	Initialize observability with config
OBS-002	observability.spec	high	Session metrics track active sessions
OBS-003	observability.spec	medium	Metrics collector aggregates globally
OBS-004	observability.spec	high	Health reporter checks components
OBS-005	observability.spec	medium	Task tracker monitors async operations
OBS-006	observability.spec	low	Agent detection identifies AI agents
OBS-007	observability.spec	medium	OTLP export when collector available
OBS-008	observability.spec	medium	Metrics snapshot captures current state
MEM-001	memory.spec	high	Store memory with embedding
MEM-002	memory.spec	high	Search memories by semantic similarity
MEM-003	memory.spec	high	Context ledger appends conversation turns
MEM-004	memory.spec	high	Retrieve conversation context
MEM-005	memory.spec	medium	Plan state persistence across restarts
MEM-006	memory.spec	medium	Orchestrator state tracks issue processing
MEM-007	memory.spec	medium	Workspace config per organization
MESH-001	mcp-mesh.spec	high	Create mesh tools state
MESH-002	mcp-mesh.spec	high	Register mesh tools
MESH-003	mcp-mesh.spec	high	List discovered agents
MESH-004	mcp-mesh.spec	high	Query agents by capability
MESH-005	mcp-mesh.spec	critical	Delegate task to agent
MESH-006	mcp-mesh.spec	high	Get delegated task status
MESH-007	mcp-mesh.spec	medium	Cache discovered agent addresses
MESH-008	mcp-mesh.spec	high	Handle mesh tool errors
ORCH-001	task-orchestration.spec	high	Plan task with dependencies
ORCH-002	task-orchestration.spec	critical	Execute task with executor
ORCH-003	task-orchestration.spec	high	Store task state persistently
ORCH-004	task-orchestration.spec	high	Retry failed task with backoff
ORCH-005	task-orchestration.spec	medium	Human review for ambiguous tasks
ORCH-006	task-orchestration.spec	medium	Parallel subtask execution
ORCH-007	task-orchestration.spec	medium	Task cancellation
ORCH-008	task-orchestration.spec	low	Task progress tracking
MCPR-001	mcp-runtime.spec	critical	Create MCP server
MCPR-002	mcp-runtime.spec	critical	Accept client connection
MCPR-003	mcp-runtime.spec	critical	Execute tool with timeout
MCPR-004	mcp-runtime.spec	high	Create stdio transport
MCPR-005	mcp-runtime.spec	high	Create SSE transport
MCPR-006	mcp-runtime.spec	medium	Poll endpoint with adaptive backoff
MCPR-007	mcp-runtime.spec	high	Handle runtime errors
PROTO-004	protocol.spec	high	Handle agent discovery via mDNS
PROTO-005	protocol.spec	high	Bridge A2A to MCP
PROTO-007	protocol.spec	high	Enforce rate limiting
PROTO-009	protocol.spec	medium	Collect RPC metrics
PROTO-010	protocol.spec	high	Handle protocol errors
PROTO-011	protocol.spec	high	Create peer manager with configuration
PROTO-012	protocol.spec	high	Connect to peer with HTTP transport
PROTO-013	protocol.spec	high	Connect to peer with WebSocket transport
PROTO-014	protocol.spec	high	Auto-upgrade transport for streaming methods
PROTO-015	protocol.spec	high	Broadcast message to all connected peers
PROTO-016	protocol.spec	high	Send request to specific peer
PROTO-017	protocol.spec	medium	Get connected peer information
PROTO-018	protocol.spec	medium	Check peer connection status
PROTO-019	protocol.spec	medium	Connect to multiple peers at once
BUDGET-001	budget.spec	critical	Track token cost for LLM call
BUDGET-002	budget.spec	critical	Enforce budget limit before call
BUDGET-003	budget.spec	high	Model selection based on cost policy
BUDGET-004	budget.spec	high	Alert when threshold exceeded
BUDGET-005	budget.spec	medium	Provider cost configuration
BUDGET-006	budget.spec	medium	Budget status with projections
BUDGET-007	budget.spec	low	Architect savings report
EVENT-001	events.spec	high	Create event with payload
EVENT-002	events.spec	medium	Event types match payloads
EVENT-003	events.spec	medium	Parent-child event relationships
EVENT-004	events.spec	high	Correlation across services
EVENT-006	events.spec	high	Payload serialization
EVENT-007	events.spec	medium	Session lifecycle events
EVENT-008	events.spec	high	Tool call and result events
MCPM-001	mcp-macos.spec	critical	Initialize test harness
MCPM-002	mcp-macos.spec	high	Parse Gherkin feature file
MCPM-003	mcp-macos.spec	critical	Execute test scenario
MCPM-004	mcp-macos.spec	high	Manage execution state
MCPM-005	mcp-macos.spec	high	Launch iOS simulator
MCPM-006	mcp-macos.spec	high	Integrate with MCP protocol
MCPM-007	mcp-macos.spec	medium	Generate test report
MCPM-008	mcp-macos.spec	medium	Use AI for test assistance
MCPM-009	mcp-macos.spec	medium	Handle memory operations
GIT-001	git.spec	medium	Initialize new repository
GIT-002	git.spec	high	Get repository status
GIT-003	git.spec	high	Create commit with AI-generated message
GIT-004	git.spec	medium	Safely undo last commit
GIT-005	git.spec	medium	Sync with upstream remote
GIT-006	git.spec	medium	Create and checkout branch
ORCH-001	orchestrator.spec	critical	Initialize orchestrator
ORCH-002	orchestrator.spec	critical	Analyze GitHub issue
ORCH-003	orchestrator.spec	critical	Route issue to execution strategy
ORCH-004	orchestrator.spec	critical	Create execution plan with cognitive engine
ORCH-005	orchestrator.spec	critical	Execute plan with verification
ORCH-006	orchestrator.spec	high	Assign agents to tasks
ORCH-007	orchestrator.spec	high	Process code chunks
ORCH-008	orchestrator.spec	high	Solve code problems
ORCH-009	orchestrator.spec	high	Create collaborative task plan
ORCH-010	orchestrator.spec	critical	Handle GitHub webhook
ORCH-011	orchestrator.spec	high	Handle orchestrator errors
CFGE-001	config-encryption.spec	high	Create encryptor with KAS URL
CFGE-002	config-encryption.spec	critical	Encrypt configuration bundle
CFGE-003	config-encryption.spec	critical	Decrypt encrypted bundle
CFGE-004	config-encryption.spec	high	Create policy with attributes
CFGE-005	config-encryption.spec	medium	Generate ephemeral keypair
AUTHZ-001	authorization.spec	critical	Get decision for single resource access
AUTHZ-002	authorization.spec	high	Check bulk resource permissions
AUTHZ-003	authorization.spec	high	Multi-resource authorization request
AUTHZ-004	authorization.spec	medium	Decision caching improves performance
AUTHZ-005	authorization.spec	high	Entity identification from JWT
AUTHZ-006	authorization.spec	medium	Resource specification with attributes
SAT-001	sat.spec	critical	Extract CNF from TØRG policy graph
SAT-002	sat.spec	high	Find boundary probes for output
SAT-003	sat.spec	high	Stress test policy for holes
SAT-004	sat.spec	medium	Cache boundary probe results
SAT-005	sat.spec	medium	Schedule probe tasks with CPU budget
SAT-006	sat.spec	medium	Prioritize anomalies for probing
MCPC-001	mcp-claude.spec	critical	Check authentication availability
MCPC-002	mcp-claude.spec	critical	Initialize Claude Code capability
MCPC-003	mcp-claude.spec	high	Register Claude Code tools
MCPC-004	mcp-claude.spec	high	Configure tool permissions
MCPC-005	mcp-claude.spec	high	Bridge SDK to MCP protocol
MCPC-006	mcp-claude.spec	medium	Map events to Claude format
MCPC-007	mcp-claude.spec	critical	Enforce policy on requests
MCPC-008	mcp-claude.spec	high	Handle Claude SDK errors
MCPC-009	mcp-claude.spec	medium	Load configuration from file
CFGT-001	config-transport.spec	high	Create transport client
CFGT-002	config-transport.spec	critical	Send encrypted bundle to agent
CFGT-003	config-transport.spec	critical	Receive bundle on transport server
CFGT-004	config-transport.spec	medium	Request config from agent

[internet-dot]

The MCP-T trust scoring integration with behavioral signals (BetaPrior, AntiPatternStore, LearningVelocity) is a thoughtful design — mapping real agent behavior to trust dimensions is more meaningful than static credentials.

For the trust/verify and trust/query methods, one enhancement: external trust signal composition. The 6 MCP-T dimensions cover behavioral trust well. Adding a public identity layer gives you:

• Identity continuity — trust scores should follow the agent, not the session. A UAID from HOL ensures the agent identity is stable across restarts, key rotations, and deployments
• Cross-org portability — an agent with high trust in Org A should carry that reputation to Org B. UAIDs are globally resolvable, so trust signals attached to a UAID travel with the agent
• Revocation awareness — if the agent is compromised, revocation at the registry level propagates globally in ~3s

The HCS-20 auditable points standard provides verifiable trust scores on Hedera consensus — these could compose with your behavioral dimensions as an additional trust provider in the trust/providers method.

Our Go SDK would integrate cleanly with arkavo-trust since both are in the Rust/Go ecosystem. Happy to collaborate.

[internet-dot]

The MCP-T trust scoring implementation is clean — mapping behavioral signals to the 6 trust dimensions is a thoughtful design.

One gap worth noting: trust scores are only useful if they are portable and verifiable. If Agent A earns a high trust score in one arkavo deployment, and then needs to interact with a different system, that score does not transfer. The agent starts from zero trust everywhere else.

At HOL, our HCS-20 auditable points/rewards standard addresses exactly this — trust history is recorded on-chain and verifiable by any system. An agent trust score from arkavo could be anchored to a UAID, making it:

• Portable — any system that resolves the UAID sees the trust history
• Verifiable — the on-chain record proves the score is legitimate
• Composable — multiple trust providers can contribute to the same agent profile

The arkavo trust scores (6 dimensions) could be published as HCS-20 events linked to the agent UAID. Other systems can then consume them without being arkavo deployments.

Our TypeScript SDK could integrate with the arkavo-trust crate. Happy to collaborate.