AGA-mcp-server

Instructions

Implementation Reference

• src/tools/revoke-artifact.ts:12-34 (handler)

  The core handler function for the `aga_revoke_artifact` tool.

  export async function handleRevokeArtifact(args: RevokeArtifactArgs, ctx: ServerContext) {
    const sealedHash = args.sealed_hash ?? ctx.activeArtifact?.sealed_hash;
    if (!sealedHash) return ctx.error('No sealed_hash provided and no active artifact.');
  
    const transition = args.transition_to ?? 'TERMINATED';
    ctx.portal.revoke(sealedHash, transition);
  
    const record: RevocationRecord = {
      artifact_sealed_hash: sealedHash,
      reason: args.reason,
      revoked_by: pkToHex(ctx.issuerKP.publicKey),
      timestamp: utcNow(),
    };
    await ctx.appendToChain('REVOCATION', { ...record, transition_to: transition });
  
    return ctx.json({
      success: true,
      revoked: sealedHash,
      portal_state: ctx.portal.state,
      reason: args.reason,
      transition_to: transition,
    });
  }

• src/tools/revoke-artifact.ts:6-10 (schema)

  Input argument interface for the `aga_revoke_artifact` tool.

  export interface RevokeArtifactArgs {
    sealed_hash?: string;
    reason: string;
    transition_to?: 'TERMINATED' | 'SAFE_STATE';
  }

• src/server.ts:255-265 (registration)

  Registration of the `aga_revoke_artifact` tool in `src/server.ts`, which maps the MCP tool name to `handleRevokeArtifact`.

  // 15. aga_revoke_artifact (governed)
  governedTool('aga_revoke_artifact',
    'Revoke an active policy artifact mid-session. Supports TERMINATED or SAFE_STATE transition. (NCCoE Phase 3b)',
    {
      sealed_hash: z.string().optional().describe('Sealed hash of artifact to revoke'),
      reason: z.string().describe('Reason for revocation'),
      transition_to: z.enum(['TERMINATED', 'SAFE_STATE']).optional(),
    },
    async (args) => handleRevokeArtifact(args, ctx),
  );