Summary
Paper §3.3 names four MCP tools — aflock_authorize, aflock_attest, aflock_check_limits, aflock_delegate. None of them exist. Anyone reading the paper and probing the server immediately hits tool not found.
Problem
Tools registered in internal/mcp/server.go:117-203 are:
bash, check_tool, get_identity, get_policy, get_session, get_token, read_file, sign_attestation, write_file.
Live MCP probe over UDS (PR #88 socket):
[paper:aflock_authorize] tool 'aflock_authorize' not found
[paper:aflock_attest] tool 'aflock_attest' not found
[paper:aflock_check_limits] tool 'aflock_check_limits' not found
[paper:aflock_delegate] tool 'aflock_delegate' not found
Functionally check_tool ≈ authorize, sign_attestation ≈ attest. aflock_check_limits and aflock_delegate have no equivalent at all — CheckLimits is library-internal (policy/evaluator.go:1001) and delegation lives only in hooks (state/propagation.go).
Expected (paper §3.3)
aflock_authorize: Request authorization for an action
aflock_attest: Record an action (server signs attestation)
aflock_check_limits: Query remaining budget
aflock_delegate: Create sublayout for sub-agent
Fix sketch
In internal/mcp/server.go:registerTools():
aflock_authorize → alias handleCheckToolaflock_attest → alias handleSignAttestationaflock_check_limits (new) → return {remainingSpendUSD, remainingTokensIn, remainingTurns} from state.GetMetrics() − policy.Limitsaflock_delegate (new) → write propagation record + mint attenuated child JWT (requires new method on auth.TokenIssuer)
Either alias and keep legacy names, or rename and document the migration. aflock_delegate is the only non-trivial one; the other three are wiring.
Summary
Paper §3.3 names four MCP tools —
aflock_authorize,aflock_attest,aflock_check_limits,aflock_delegate. None of them exist. Anyone reading the paper and probing the server immediately hitstool not found.Problem
Tools registered in
internal/mcp/server.go:117-203are:bash, check_tool, get_identity, get_policy, get_session, get_token, read_file, sign_attestation, write_file.Live MCP probe over UDS (PR #88 socket):
Functionally
check_tool ≈ authorize,sign_attestation ≈ attest.aflock_check_limitsandaflock_delegatehave no equivalent at all — CheckLimits is library-internal (policy/evaluator.go:1001) and delegation lives only in hooks (state/propagation.go).Expected (paper §3.3)
Fix sketch
In
internal/mcp/server.go:registerTools():aflock_authorize→ aliashandleCheckToolaflock_attest→ aliashandleSignAttestationaflock_check_limits(new) → return{remainingSpendUSD, remainingTokensIn, remainingTurns}fromstate.GetMetrics()−policy.Limitsaflock_delegate(new) → write propagation record + mint attenuated child JWT (requires new method onauth.TokenIssuer)Either alias and keep legacy names, or rename and document the migration.
aflock_delegateis the only non-trivial one; the other three are wiring.