Metadata-Version: 2.4
Name: aos-compliance-validator-mcp
Version: 0.1.0
Summary: MCP compliance gate — pass/fail AOS validation. Default advisory; opt-in blocking.
License: MIT
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: mcp>=1.0.0

# AOS Compliance Validator MCP

Drop-in MCP server that validates **AOS-v0.1** zone boundary declarations in `manifest.json` or `agent_card.json`.

## Install

```bash
python3 -m venv .venv
source .venv/bin/activate
pip install .
```

## CLI entry

```bash
aos-compliance-validator          # MCP stdio server
aos-compliance-gate               # CI gate (default blocking, exit 1 on fail)
```

### CI blocking gate

```bash
aos-compliance-gate --gate-mode blocking --target-dir .
# compliant → exit 0 / non-compliant → exit 1
```

## MCP tools

- `aos_compliance_validate` — validate one MCP server directory (`target_dir` required; `tool_id` optional label)
- `aos_compliance_self_test` — wiring smoke test

Default `gate_mode=advisory`. Use `gate_mode=blocking` in CI to fail on violations.

## Environment

| Variable | Purpose |
|----------|---------|
| `AOS_VALIDATOR_TARGET_DIR` | Default scan root when `target_dir` is omitted |
| `AOS_VALIDATOR_MCP_LOG` | JSONL path for tool call telemetry |
| `AOS_VALIDATOR_CALLER` | Caller label (`ci`, `smoke_self_call`, etc.) |

## What is checked (AOS-v0.1 §8)

- `aos_compliant` or `aos_compliance` equals `v0.1`
- `permitted_output_paths` — required non-empty list of safe relative paths
- `oracle_paths` — recommended; defaults to `evals/` and `config/` when omitted

Violation codes use external vocabulary, e.g. `AOS_UNDECLARED`, `PERMITTED_PATHS_MISSING`, `ORACLE_PATH_INVALID`.

## Example

```bash
aos_compliance_validate target_dir=/path/to/my-mcp-server gate_mode=blocking
```

## License

MIT
