{ "schema_version": "2026-05-15.trust.v1", "name": "TokRepo Agent Trust Manifest", "canonical_url": "https://tokrepo.com/.well-known/tokrepo-trust.json", "updated_at": "2026-05-18T00:00:00Z", "trust_principle": "Machine-verifiable contracts, policy, and evidence come before marketing copy. Agents should inspect this manifest, verify an asset, then plan before writing files.", "verification_entrypoints": { "cli": "tokrepo verify --target codex --json", "cli_audit": "tokrepo audit --target codex --json", "cli_offline_self_test": "tokrepo verify --offline --json", "mcp": "tokrepo_verify", "hosted_mcp": "https://tokrepo.com/mcp", "install_plan": "tokrepo_install_plan", "handoff_plan": "tokrepo_handoff_plan", "trust_manifest": "https://tokrepo.com/.well-known/tokrepo-trust.json", "tool_catalog": "https://tokrepo.com/.well-known/tool-catalog.json", "agent_memory_schema": "https://tokrepo.com/schemas/agent-memory.schema.json", "evidence_bundle_schema": "https://tokrepo.com/schemas/agent-evidence-bundle.schema.json", "handoff_package_schema": "https://tokrepo.com/schemas/handoff-package.schema.json", "policy_pack": "https://tokrepo.com/policy-packs/default-agent-policy.json", "eval_index": [ "https://tokrepo.com/evals/agent-baseline.json", "https://tokrepo.com/evals/agent-discovery.json", "https://tokrepo.com/evals/install-safety.json", "https://tokrepo.com/evals/handoff-quality.json", "https://tokrepo.com/evals/agent-onboarding-compliance.json", "https://tokrepo.com/evals/trust-evidence-coverage.json", "https://tokrepo.com/evals/multi-agent-compatibility.json" ], "capability_resolution": "tokrepo_resolve_capability", "cli_resolve": "tokrepo resolve \"\" --target codex --json", "harvest": "tokrepo_harvest", "cli_harvest": "tokrepo harvest --changed --json", "capability_resolution_schema": "https://tokrepo.com/schemas/capability-resolution.schema.json", "harvest_report_schema": "https://tokrepo.com/schemas/harvest-report.schema.json" }, "package_identity": { "cli": { "package": "tokrepo", "version": "3.23.4", "npm": "https://www.npmjs.com/package/tokrepo", "repository": "https://github.com/henu-wang/tokrepo-cli" }, "mcp": { "package": "tokrepo-mcp-server", "version": "2.16.1", "npm": "https://www.npmjs.com/package/tokrepo-mcp-server", "mcp_registry_name": "io.github.henu-wang/tokrepo-mcp-server", "registry_manifest": "https://tokrepo.com/.well-known/mcp/server.json", "repository": "https://github.com/henu-wang/tokrepo-mcp-server" }, "provenance_policy": "A trusted-publisher workflow is defined in .github/workflows/publish-packages.yml. Agents should prefer releases whose npm provenance is present once npm trusted publishing is enabled for the package." }, "asset_verification_contract": { "schema": "https://tokrepo.com/schemas/asset-verification.schema.json", "required_before_activation": [ "content_hash", "install_plan_hash", "policy_decision", "permission_envelope", "trust_score_v2", "evidence_bundle", "provenance_v2", "sbom", "SBOM-lite", "signature_evidence", "quality_gate", "rollback", "post_verify" ], "safe_agent_sequence": [ "tokrepo resolve \"\" --json", "tokrepo_resolve_capability", "tokrepo_discover", "tokrepo_detail", "tokrepo_verify", "tokrepo audit", "tokrepo_install_plan", "tokrepo_installed", "tokrepo_update", "tokrepo_uninstall", "tokrepo_rollback", "dry-run or stage", "install only when policy allows or user confirms", "verify user task", "tokrepo_harvest", "tokrepo harvest --changed --json", "tokrepo_handoff_plan", "tokrepo agent-handoff --json" ], "audit_history": [ "tokrepo audit stores a point-in-time verification snapshot for future agents.", "Agents compare content_hash, install_plan_hash, policy_decision, permission_envelope, trust_score_v2, evidence_bundle.integrity, SBOM-lite, signature_evidence, and handoff quality_gate before reusing, updating, or pushing an asset." ], "block_when": [ "verification status is fail", "policy_decision.decision is deny", "permission_envelope requests secrets or global config writes without explicit user confirmation", "install_plan_hash changes between verification and install planning" ] }, "trust_score_v2": { "schema": "https://tokrepo.com/schemas/agent-trust-score.schema.json", "components": { "provenance": "content hash, source URL, owner metadata, signed hash when available", "author_reputation": "verified publisher, review status, install history", "install_reversibility": "rollback actions, manifest path, post-verify checks", "permission_risk": "file writes, code execution, network, secrets, absolute paths, global config", "eval_pass_rate": "public agent eval evidence and local offline fixture status", "dependency_risk": "declared package and system dependency surface" }, "interpretation": { "trusted": "No blockers; default to plan and dry-run before install.", "caution": "Warnings exist; use stage or ask for user confirmation.", "block": "Do not install without a new asset version or explicit override." } }, "policy_packs": [ { "id": "default-agent-policy", "url": "https://tokrepo.com/policy-packs/default-agent-policy.json", "purpose": "Common policy baseline for autonomous agents integrating TokRepo." } ], "eval_evidence": [ { "id": "agent-baseline", "url": "https://tokrepo.com/evals/agent-baseline.json", "claim": "20 deterministic reference tasks show 43.4% median estimated token savings, 20 duplicate rebuilds avoided, and 100% safe install-gate coverage when agents use TokRepo during planning." }, { "id": "agent-discovery", "url": "https://tokrepo.com/evals/agent-discovery.json", "claim": "Agents can discover candidates, details, verify reports, and install plans without scraping UI." }, { "id": "install-safety", "url": "https://tokrepo.com/evals/install-safety.json", "claim": "Mutation paths default to dry-run/stage, expose rollback, and require explicit confirmation for risky writes." }, { "id": "handoff-quality", "url": "https://tokrepo.com/evals/handoff-quality.json", "claim": "Reusable local work can be surfaced as explicit push suggestions with quality_gate, package_manifest, SBOM-lite, and provenance without uploading automatically." }, { "id": "multi-agent-compatibility", "url": "https://tokrepo.com/evals/multi-agent-compatibility.json", "claim": "Project memory, MCP tools, CLI fallbacks, and lifecycle contracts are exposed across Codex, Claude Code, Gemini CLI, Cursor, Copilot, Cline, Windsurf, Roo, OpenHands, Aider, and generic MCP clients." }, { "id": "agent-onboarding-compliance", "url": "https://tokrepo.com/evals/agent-onboarding-compliance.json", "claim": "Starter templates and tokrepo init-agent generated files preserve mandatory discover, verify, evidence-bundle inspection, install-plan, dry-run, handoff quality gate, handoff, and private-by-default gates across supported agents." }, { "id": "trust-evidence-coverage", "url": "https://tokrepo.com/evals/trust-evidence-coverage.json", "claim": "Trust evidence can be audited for content_hash, risk_profile, verification metadata, evidence_bundle, SBOM-lite, signature_evidence, and trust_score_v2 decision coverage before agents install assets." } ], "privacy_and_telemetry": { "telemetry_default": "anonymous aggregate funnel events", "never_collect": [ "task text", "file contents", "secrets", "private repository contents" ], "opt_out": "TOKREPO_TELEMETRY=0" }, "agent_acceptance_guidance": [ "Use tokrepo_resolve_capability before rebuilding a local one-off capability.", "Prefer MCP tokrepo_verify when available; otherwise use CLI tokrepo verify.", "Treat verify as read-only and idempotent.", "Cache trust manifests briefly, but re-run verify for the exact asset before activation.", "Use policy packs to decide when to stage, ask the user, or block.", "Load .tokrepo/agent.json when present so project-local machine memory can override vague prose.", "After using TokRepo assets, run post-verify checks and record reusable improvements through handoff.", "Use tokrepo_harvest or tokrepo harvest --changed --json after reusable work; publishing still requires explicit human confirmation." ] }