{
  "schema_version": "2026-05-15.trust.v1",
  "name": "TokRepo Agent Trust Manifest",
  "canonical_url": "https://tokrepo.com/.well-known/tokrepo-trust.json",
  "updated_at": "2026-05-15T00:00:00Z",
  "trust_principle": "Machine-verifiable contracts, policy, and evidence come before marketing copy. Agents should inspect this manifest, verify an asset, then plan before writing files.",
  "verification_entrypoints": {
    "cli": "tokrepo verify <uuid> --target codex --json",
    "cli_audit": "tokrepo audit <uuid> --target codex --json",
    "cli_offline_self_test": "tokrepo verify --offline --json",
    "mcp": "tokrepo_verify",
    "hosted_mcp": "https://tokrepo.com/mcp",
    "install_plan": "tokrepo_install_plan",
    "trust_manifest": "https://tokrepo.com/.well-known/tokrepo-trust.json",
    "tool_catalog": "https://tokrepo.com/.well-known/tool-catalog.json",
    "policy_pack": "https://tokrepo.com/policy-packs/default-agent-policy.json",
    "eval_index": [
      "https://tokrepo.com/evals/agent-discovery.json",
      "https://tokrepo.com/evals/install-safety.json",
      "https://tokrepo.com/evals/handoff-quality.json"
    ]
  },
  "package_identity": {
    "cli": {
      "package": "tokrepo",
      "version": "3.15.0",
      "npm": "https://www.npmjs.com/package/tokrepo",
      "repository": "https://github.com/henu-wang/tokrepo-cli"
    },
    "mcp": {
      "package": "tokrepo-mcp-server",
      "version": "2.11.0",
      "npm": "https://www.npmjs.com/package/tokrepo-mcp-server",
      "mcp_registry_name": "io.github.henu-wang/tokrepo-mcp-server",
      "registry_manifest": "https://tokrepo.com/.well-known/mcp/server.json",
      "repository": "https://github.com/henu-wang/tokrepo-mcp-server"
    },
    "provenance_policy": "A trusted-publisher workflow is defined in .github/workflows/publish-packages.yml. Agents should prefer releases whose npm provenance is present once npm trusted publishing is enabled for the package."
  },
  "asset_verification_contract": {
    "schema": "https://tokrepo.com/schemas/asset-verification.schema.json",
    "required_before_activation": [
      "content_hash",
      "install_plan_hash",
      "policy_decision",
      "permission_envelope",
      "trust_score_v2",
      "rollback",
      "post_verify"
    ],
    "safe_agent_sequence": [
      "tokrepo_discover",
      "tokrepo_detail",
      "tokrepo_verify",
      "tokrepo audit",
      "tokrepo_install_plan",
      "dry-run or stage",
      "install only when policy allows or user confirms",
      "verify user task",
      "tokrepo agent-handoff --json"
    ],
    "audit_history": [
      "tokrepo audit stores a point-in-time verification snapshot for future agents.",
      "Agents compare content_hash, install_plan_hash, policy_decision, permission_envelope, and trust_score_v2 before reusing or updating an asset."
    ],
    "block_when": [
      "verification status is fail",
      "policy_decision.decision is deny",
      "permission_envelope requests secrets or global config writes without explicit user confirmation",
      "install_plan_hash changes between verification and install planning"
    ]
  },
  "trust_score_v2": {
    "schema": "https://tokrepo.com/schemas/agent-trust-score.schema.json",
    "components": {
      "provenance": "content hash, source URL, owner metadata, signed hash when available",
      "author_reputation": "verified publisher, review status, install history",
      "install_reversibility": "rollback actions, manifest path, post-verify checks",
      "permission_risk": "file writes, code execution, network, secrets, absolute paths, global config",
      "eval_pass_rate": "public agent eval evidence and local offline fixture status",
      "dependency_risk": "declared package and system dependency surface"
    },
    "interpretation": {
      "trusted": "No blockers; default to plan and dry-run before install.",
      "caution": "Warnings exist; use stage or ask for user confirmation.",
      "block": "Do not install without a new asset version or explicit override."
    }
  },
  "policy_packs": [
    {
      "id": "default-agent-policy",
      "url": "https://tokrepo.com/policy-packs/default-agent-policy.json",
      "purpose": "Common policy baseline for autonomous agents integrating TokRepo."
    }
  ],
  "eval_evidence": [
    {
      "id": "agent-discovery",
      "url": "https://tokrepo.com/evals/agent-discovery.json",
      "claim": "Agents can discover candidates, details, verify reports, and install plans without scraping UI."
    },
    {
      "id": "install-safety",
      "url": "https://tokrepo.com/evals/install-safety.json",
      "claim": "Mutation paths default to dry-run/stage, expose rollback, and require explicit confirmation for risky writes."
    },
    {
      "id": "handoff-quality",
      "url": "https://tokrepo.com/evals/handoff-quality.json",
      "claim": "Reusable local work can be surfaced as explicit push suggestions without uploading automatically."
    }
  ],
  "privacy_and_telemetry": {
    "telemetry_default": "anonymous aggregate funnel events",
    "never_collect": [
      "task text",
      "file contents",
      "secrets",
      "private repository contents"
    ],
    "opt_out": "TOKREPO_TELEMETRY=0"
  },
  "agent_acceptance_guidance": [
    "Prefer MCP tokrepo_verify when available; otherwise use CLI tokrepo verify.",
    "Treat verify as read-only and idempotent.",
    "Cache trust manifests briefly, but re-run verify for the exact asset before activation.",
    "Use policy packs to decide when to stage, ask the user, or block.",
    "After using TokRepo assets, run post-verify checks and record reusable improvements through handoff."
  ]
}