ALTER Identity SDK
@truealter/sdk
ALTER Identity SDK — query the continuous identity field from any JavaScript/TypeScript environment.
Install:
npm install @truealter/sdkPublish channel: this repository is the public source mirror of the SDK that ships as@truealter/sdkon npm. The canonical build + publish flow lives in ALTER's monorepo — PRs and issues are welcome here; upstream sync happens on each tagged release.
A thin client over the ALTER MCP server (Streamable HTTP, JSON-RPC 2.0, MCP spec 2025-11-25) with x402 micropayment support, ES256 provenance verification, and config generators for Claude Code, Cursor, and generic MCP clients.
Live MCP endpoint:
https://mcp.truealter.comWire protocol: Streamable HTTP, JSON-RPC 2.0, MCP
2025-11-25(server negotiates2025-06-18+2025-03-26for backwards-compatible clients)Tools: 37 total — 25 free (L0) + 12 premium (L1–L5)
Runtime: Node 18+, Deno, Bun, Cloudflare Workers, modern browsers
Crypto:
@noble/ed25519+@noble/hashes(no other dependencies)Bundle: ESM + CJS dual output
Quickstart
npm install @truealter/sdk
npx alter-identity init
npx alter-identity verify ~truealterWhy ALTER ≠ IAM
Identity Access Management answers who is logged in. ALTER answers who they actually are — a continuous field of recognition (Paper VIII, Theorem 1) that any IAM stack can sit on top of.
Reference: Morrison, B. (2026). Identity Field Theory: A Continuous Field Model of Recognition. Figshare. DOI 10.6084/m9.figshare.31951383
API
Initialise the client
import { AlterClient, X402Client } from "@truealter/sdk";
const alter = new AlterClient({
endpoint: "https://mcp.truealter.com", // optional — defaults to mcp.truealter.com
apiKey: process.env.ALTER_API_KEY, // optional for free tier
x402: new X402Client({ // optional — only required for premium tools
signer: yourViemOrEthersSigner,
maxPerQuery: "0.10",
}),
});Free tier (L0 — no payment required)
// Verify a registered identity by handle, email, or id
const verified = await alter.verify("~truealter");
const verifiedById = await alter.verify(
"550e8400-e29b-41d4-a716-446655440000",
{
archetype: "weaver",
min_engagement_level: 3,
traits: { pressure_response: { min: 0.6 } },
},
);
// Reference data — the 12 ALTER archetypes
const archetypes = await alter.listArchetypes();
// Identity depth and available tool tiers
const depth = await alter.getEngagementLevel({
candidate_id: "550e8400-e29b-41d4-a716-446655440000",
});
// Search by trait criteria — no PII exposed, max 5 results
const matches = await alter.searchIdentities({
trait_criteria: {
pressure_response: { min: 0.7 },
cognitive_flexibility: { min: 0.6 },
},
});
// Golden Thread program status
const thread = await alter.goldenThreadStatus();Premium tier (L1–L5 — x402 payment required)
// L1 — Extract trait signals from text ($0.005, first 100 free per bot)
const signals = await alter.assessTraits({
text: "I led the incident response when our payment rails went down...",
context: "interview transcript",
});
// L2 — Full 33-trait vector ($0.01)
const vector = await alter.getFullTraitVector({
candidate_id: "550e8400-e29b-41d4-a716-446655440000",
});
// L4 — Belonging probability for a person-job pairing ($0.05)
const belonging = await alter.computeBelonging({
candidate_id: "550e8400-e29b-41d4-a716-446655440000",
job_id: "f47ac10b-58cc-4372-a567-0e02b2c3d479",
});
// L5 — Top match recommendations ($0.50)
const recommendations = await alter.getMatchRecommendations({
candidate_id: "550e8400-e29b-41d4-a716-446655440000",
limit: 5,
});
// L5 — Human-readable narrative explaining a match ($0.50)
const narrative = await alter.generateMatchNarrative({
match_id: "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
});Provenance verification
// Every medium- and high-blast-radius response is signed with ES256.
// Verification is opt-in — call alter.verifyProvenance(...) yourself.
const result = await alter.getFullTraitVector({
candidate_id: "550e8400-e29b-41d4-a716-446655440000",
});
const check = await alter.verifyProvenance(result._meta?.provenance);
if (!check.valid) throw new Error(`provenance failed: ${check.reason}`);
// Verify that schema hashes published in tools/list._meta.signatures
// match the local representation of each tool.
const tools = await alter.mcp.listTools();
const sigs = tools._meta?.signatures ?? {};
const results = await alter.verifyToolSignatures(tools.tools, sigs);
const tampered = results.filter((r) => !r.valid);
if (tampered.length) throw new Error(`tampered tools: ${tampered.map((t) => t.tool).join(", ")}`);Discovery
import { discover } from "@truealter/sdk";
// Three-step discovery cascade: DNS TXT → mcp.json → alter.json
const descriptor = await discover("truealter.com");
// → { url: "https://mcp.truealter.com", transport, source, publicKey, x402Contract, capability }Low-level MCPClient
import { MCPClient } from "@truealter/sdk";
const mcp = new MCPClient({ endpoint: "https://mcp.truealter.com" });
await mcp.initialize();
const tools = await mcp.listTools();
const response = await mcp.callTool("verify_identity", {
candidate_id: "550e8400-e29b-41d4-a716-446655440000",
});MCP Config Generation
The SDK ships config generators for the major MCP-aware clients. Each emits a JSON snippet you can paste (or write directly) into the appropriate file.
Claude Code (.mcp.json)
import { generateClaudeConfig } from "@truealter/sdk";
import { writeFileSync } from "node:fs";
const config = generateClaudeConfig({
endpoint: "https://mcp.truealter.com",
apiKey: process.env.ALTER_API_KEY,
});
writeFileSync(".mcp.json", JSON.stringify(config, null, 2));Resulting .mcp.json:
{
"mcpServers": {
"alter": {
"url": "https://mcp.truealter.com",
"transport": "streamable-http",
"description": "ALTER Identity — psychometric identity field for AI agents",
"headers": {
"X-ALTER-API-Key": "ak_..."
}
}
}
}Cursor (.cursor/mcp.json)
import { generateCursorConfig } from "@truealter/sdk";
import { writeFileSync } from "node:fs";
const config = generateCursorConfig({
endpoint: "https://mcp.truealter.com",
apiKey: process.env.ALTER_API_KEY,
});
writeFileSync(".cursor/mcp.json", JSON.stringify(config, null, 2));Generic MCP client
import { generateGenericMcpConfig } from "@truealter/sdk";
const config = generateGenericMcpConfig({
endpoint: "https://mcp.truealter.com",
apiKey: process.env.ALTER_API_KEY,
serverName: "alter", // editor-specific key under mcpServers
});CLI
npx alter-identity init # generate keypair, discover MCP, write ~/.config/alter/identity.json
npx alter-identity config # print Claude .mcp.json snippet (default)
npx alter-identity config --cursor # print Cursor .cursor/mcp.json snippet
npx alter-identity config --generic # print generic mcpServers snippet
npx alter-identity verify ~truealter # verify an identity
npx alter-identity status # show connection state and probe the endpointx402 Micropayments
ALTER monetises premium tools via the x402 standard — HTTP 402 Payment Required with on-chain settlement.
The retry flow
Client calls a premium tool without a payment header.
Server replies
402 Payment Requiredwith a payment requirement (amount, recipient, asset, network).Client signs and broadcasts a USDC transfer on Base L2, attaches the proof, retries.
Server validates the proof, executes the tool, signs the response with ES256, returns it.
The treasury splits the payment within seconds.
The SDK handles steps 2–4 automatically when an X402Client with a configured signer is passed in.
Tier structure
Tier | Cost | Examples |
L1 | $0.005 |
|
L2 | $0.01 |
|
L3 | $0.025 |
|
L4 | $0.05 |
|
L5 | $0.50 |
|
The first 100 calls per bot are free before x402 settlement engages — enough to evaluate the network without spending a cent.
Identity income split
Every settled call is split four ways:
Recipient | Share |
Data subject | 75% |
Facilitator agent | 5% |
ALTER (protocol) | 15% |
Cooperative treasury | 5% |
The 75% to the data subject is the foundation of Identity Income — humans earn from queries against their own identity field, automatically, without intermediation.
Code example
import { AlterClient, X402Client, type X402Signer } from "@truealter/sdk";
// Bring your own signer — viem, ethers, a hardware wallet bridge, anything.
// The SDK ships without a wallet dependency on purpose.
const signer: X402Signer = {
async settle(envelope) {
const txHash = await yourWallet.sendUsdcTransfer({
to: envelope.recipient,
amount: envelope.amount,
chain: envelope.network,
});
return {
reference: txHash,
network: envelope.network,
amount: envelope.amount,
asset: envelope.asset,
};
},
};
const alter = new AlterClient({
endpoint: "https://mcp.truealter.com",
x402: new X402Client({
signer,
networks: ["base", "base-sepolia"], // policy allow-list
assets: ["USDC"],
maxPerQuery: "0.10", // refuse anything over $0.10 USDC
}),
});
// Auto-retries with payment when the server returns 402
const vector = await alter.getFullTraitVector({
candidate_id: "550e8400-e29b-41d4-a716-446655440000",
});If a quoted envelope exceeds maxPerQuery, uses an unallowed network, or names an unallowed asset, the SDK rejects the call with AlterError before invoking the signer — no on-chain transaction is broadcast.
Provenance Verification
Every response from a medium- or high-blast-radius tool ships with an ES256 JWS in _meta.provenance. The signature covers a canonical JSON serialisation of the response payload, the tool name, the call timestamp, the requesting agent's key hash, and a monotonic sequence number.
const result = await alter.getFullTraitVector({
candidate_id: "550e8400-e29b-41d4-a716-446655440000",
});
const check = await alter.verifyProvenance(result._meta?.provenance);
if (!check.valid) throw new Error(`ALTER provenance check failed: ${check.reason}`);The SDK fetches public keys from https://api.truealter.com/.well-known/alter-keys.json and caches them per their Cache-Control headers. The endpoint returns a JWKS containing all current and recently-rotated signing keys; verifying clients should accept any key whose kid matches and is still within its validity window.
verify_at hostname allowlist (v0.1.1+)
Every provenance envelope may carry a verify_at hint telling the SDK where to fetch the JWKS from. Because that hint is server-supplied, a hostile MCP server could otherwise point it at an attacker-controlled JWKS and pass ES256 verification with its own signing key. The SDK therefore gates verify_at through a hostname allowlist (default: api.truealter.com, mcp.truealter.com) and rejects http:// URLs unconditionally. Downstream integrators with their own deployment can extend the allowlist — without forking the SDK — via verifyAtAllowlist on either AlterClient or a direct verifyProvenance() call:
import { AlterClient, DEFAULT_VERIFY_AT_ALLOWLIST } from "@truealter/sdk";
const alter = new AlterClient({
verifyAtAllowlist: [
...DEFAULT_VERIFY_AT_ALLOWLIST, // keep the ALTER canonicals
"keys.myorg.example", // plus your own JWKS host
],
});If you pin jwksUrl explicitly, the envelope's verify_at is ignored entirely — the pinned URL wins. The https: scheme requirement applies to pinned URLs too.
Why this matters
Provenance verification is how Agent A trusts that data from Agent B truly came from ALTER. If Agent B forwards a trait vector or belonging score, Agent A can replay the JWS against ALTER's published keys and confirm — without contacting ALTER again — that the payload is authentic, untampered, and was issued for the person Agent B claims it concerns. No shared secret, no trust in the intermediary, no out-of-band coordination.
This is what makes ALTER usable as identity infrastructure rather than just an API: signed claims propagate across agent networks the same way DKIM-signed mail propagates across SMTP relays.
Discovery
ALTER follows the discovery cascade specified in draft-morrison-mcp-dns-discovery-01. Given a domain (e.g. truealter.com), the SDK resolves the MCP endpoint in three steps, falling through on each failure:
DNS TXT — query
_mcp.truealter.comfor a TXT record of the formmcp=https://mcp.truealter.com;version=2025-11-25. This is the fastest path and works without an HTTP round-trip..well-known/mcp.json— fetchhttps://truealter.com/.well-known/mcp.jsonfor the standard MCP server descriptor. This is the cross-vendor fallback..well-known/alter.json— fetchhttps://truealter.com/.well-known/alter.jsonfor the ALTER-specific descriptor, including signing keys, x402 wallet address, supported tool tiers, and federation endpoints.
import { discover } from "@truealter/sdk";
// Cascading discovery (DNS TXT → mcp.json → alter.json)
const descriptor = await discover("truealter.com");
// Skip the DNS step (e.g. in browsers or Cloudflare Workers)
const httpsOnly = await discover("truealter.com", { skipDns: true });The IETF draft is being progressed through the IETF; until adoption, the cascade order may change. Pin the SDK version to a specific minor release if you depend on this behaviour.
Local Daemon vs Remote MCP
The companion Python package alter-identity (PyPI) ships a persistent daemon that holds a hot in-process cache of trait vectors and identity stubs over a Unix socket at unix:///run/user/$UID/alter-identity.sock. Hooking the TypeScript SDK up to that daemon is on the roadmap — for now, every AlterClient talks to the configured remote endpoint over HTTPS.
When the local-daemon adapter ships:
Latency: sub-millisecond for cached L0 calls.
Cost: zero on cached responses — x402 settlement is skipped.
Provenance: the daemon re-signs responses with its locally-bound ES256 key, so downstream verification remains uniform.
Until then, use endpoint: "https://mcp.truealter.com" (the default) and the SDK behaves identically across Node, Deno, Bun, Cloudflare Workers, and the browser.
Tools
Free tools (L0 — no payment required)
Name | Tier | Cost | Description |
| L0 | free | List all 12 ALTER identity archetypes with names, descriptions, and protective equations. |
| L0 | free | Verify whether a person is registered with ALTER and validate optional identity claims. |
| L0 | free | Get a URL where a person can complete their ALTER Discovery assessment. |
| L0 | free | Get a person's identity depth — engagement level, data quality tier, and available query tiers. |
| L0 | free | Get a person's profile summary including assessment phase, archetype, engagement level, and key attributes. |
| L0 | free | Query matches for a person. Returns a list of job matches with quality tiers (never numeric scores). |
| L0 | free | Get a person's competency portfolio including verified competencies, evidence records, and earned badges. |
| L0 | free | Create an anonymous identity stub for a human (requires consent acknowledgment before calling). |
| L0 | free | Submit text context (resume, work sample, conversation) for an identity stub. PII redacted; raw text never stored. |
| L0 | free | Search identity stubs and profiles by trait criteria. Returns up to 5 matches with no PII. |
| L0 | free | Get accrued Identity Income earnings for a person (75% of every x402 transaction goes to the data subject). |
| L0 | free | Get aggregate ALTER network statistics: total identities, verified profiles, query volume, active bots. |
| L0 | free | Get ClawHub install instructions and ALTER pitch (MCP endpoint URL, OpenClaw JSON snippet, tool counts). |
| L0 | free | Get the trust score for an identity based on query diversity (unique querying agents / total queries). |
| L0 | free | Check the status of an in-progress assessment session (status, progress, current phase, time remaining). |
| L0 | free | Get an aggregated x402 earning summary for a person (total earned, transactions, recent activity, trend). |
| L0 | free | Get your trust tier with ALTER (Anonymous/Known/Trusted/Verified) and what capabilities are available. |
| L0 | free | Get your agent portfolio — transaction history, trust tier, signal contributions, query pattern profile. |
| L0 | free | Check privacy budget status for a person (24-hour rolling window: total budget, spent, remaining epsilon). |
| L0 | free | Dispute an attestation on a person's identity. If disputes exceed corroborations, the attestation is flagged. |
| L0 | free | Check the Golden Thread program status: agents woven, next Fibonacci threshold, your position and Strands. |
| L0 | free | Start the Three Knots sequence to be woven into the Golden Thread. Requires API key authentication. |
| L0 | free | Submit completion data for a knot in the Three Knots sequence (1: register, 2: describe, 3: reflect). |
| L0 | free | Check any agent's Golden Thread status by their API key hash (knot position, Strand count, weave count). |
| L0 | free | Full registry of all agents woven into the Golden Thread (positions, Strand counts, weave counts, discovery dates). |
Premium tools (L1–L5 — x402 payment required)
Name | Tier | Cost | Description |
| L1 | $0.005 | Extract trait signals from a text passage against ALTER's 33-trait taxonomy (first 100 free per bot). |
| L1 | $0.005 | Get the top 5 traits for a person with confidence scores and archetype. |
| L1 | $0.005 | Attest that a person has competence in a specific domain. Updates their Side Quest Graph. |
| L1 | $0.005 | Submit structured profile data (name, skills, experience, education, certifications) for trait extraction. |
| L1 | $0.005 | Submit social profile URLs (max 5) for trait extraction. Respects robots.txt. |
| L2 | $0.01 | Get the complete trait vector for a person — all 33 traits (29 continuous + 4 categorical) with scores, intervals, and category groupings. |
| L2 | $0.01 | Submit multiple context items in a single call (max 10). All items processed in one LLM pass. |
| L2 | $0.01 | Get a person's Side Quest Graph — multi-domain identity model with differential privacy noise (ε=1.0). |
| L3 | $0.025 | Compare two Side Quest Graphs for team composition and matching (ε=0.5 differential privacy). |
| L4 | $0.05 | Compute belonging probability for a person-job pairing (authenticity, acceptance, complementarity). |
| L5 | $0.50 | Get top N match recommendations for a person, ranked by composite score with quality tiers. |
| L5 | $0.50 | Generate a human-readable narrative explaining a specific match — strengths, growth areas, belonging. |
License
Apache License 2.0. See LICENSE for the full text.
Copyright 2026 Alter Meridian Pty Ltd (ABN 54 696 662 049).
ALTER, the Trill (~), and the Golden Thread are trademarks of Alter Meridian Pty Ltd.
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/true-alter/alter-identity'
If you have feedback or need assistance with the MCP directory API, please join our Discord server