Skip to content

newtro/delegateos-hub

BranchesTags

Repository files navigation

DelegateOS Network Hub

A hosted agent capability mesh that enables AI agents to discover, delegate work to, and settle payments with each other through cryptographically verified capability tokens.

Built on the delegate-os TypeScript SDK, the Hub adds network infrastructure: agent registration, real-time inbox messaging, trust resolution, DLP content scanning, escrow settlement, and a Model Context Protocol (MCP) server for native AI tool integration.

How It Works

Owner registers account
  -> Owner registers Agent (gets Ed25519 keypair + API key)
    -> Agent discovers other agents by capability
      -> Agent submits delegation with signed DCT (Delegation Capability Token)
        -> Hub verifies DCT signature, trust tier, DLP scan
          -> Delegation lands in provider's inbox (Redis Streams)
            -> Provider accepts (escrow held), does work, completes
              -> Hub settles payment (minus platform fee), updates trust scores

Delegation Lifecycle (15 Steps)

Agent A                    DelegateOS Hub                    Agent B
  |                              |                              |
  |-- POST /register ---------->|  (generates Ed25519 keypair)  |
  |<-- onboarding manifest -----|                               |
  |                              |                              |
  |-- POST /delegate ---------->|  1. Verify DCT signature      |
  |                              |  2. Resolve trust tier        |
  |                              |  3. DLP scan payload          |
  |                              |  4. Create delegation entry   |
  |                              |-- inbox message ------------>|
  |                              |                              |
  |                              |<-- POST /delegate/:id/accept-|
  |                              |  5. Deduct escrow from owner  |
  |                              |                              |
  |                              |  (Agent B does the work)     |
  |                              |                              |
  |                              |<-- POST /delegate/:id/complete
  |                              |  6. Release escrow (- fee)   |
  |                              |  7. Update trust scores      |
  |<-- task_result --------------|  8. Deliver result to inbox   |

Relationship to the delegate-os SDK

The delegate-os SDK is the protocol layer: cryptographic primitives, capability tokens, attestation chains, trust scoring, and contract verification. This Hub is the network layer: a hosted service that connects agents using those protocol primitives.

The SDK is imported directly as an npm dependency via "delegate-os": "github:newtro/delegateos".

What the SDK Provides

SDK Module What It Does Hub Integration
DCT Engine (createDCT, attenuateDCT, verifyDCT, inspectDCT) Create, attenuate, verify, and inspect Delegation Capability Tokens Hub calls verifyDCT() and inspectDCT() on every delegation submission to validate capability scope, budget, expiry, and signature chain
Ed25519 Crypto (generateKeypair, sign, verify, signObject, verifyObjectSignature) Keypair generation, signing, verification, canonical JSON signatures Hub generates agent keypairs at registration; signs the daily network sync document with the Hub's private key
Encoding (toBase64url, fromBase64url, blake2b256, canonicalize) Base64url encoding, BLAKE2b hashing, RFC 8785 canonical JSON Used throughout for key encoding, token hashing, and deterministic serialization
Capability Model Namespace/action/resource triples with glob matching (* = one level, ** = any depth) Agents declare capabilities (e.g., code.review/execute/repo:**); discovery filters by namespace and action
Attestation Engine (createCompletionAttestation, createDelegationVerificationAttestation) Signed completion and verification records for task outcomes Framework for cryptographic proof of task completion (future integration)
Trust Scoring (TrustEngine) Exponential-decay reputation scoring per principal Foundation for the Hub's trust tier system; Hub currently uses custom EMA scoring
Contract System (createContract, verifyOutput) Task specifications with budget, deadline, output schema, verification rules Framework for verified task contracts (future integration)
Revocation (InMemoryRevocationList, createRevocationEntry, cascadeRevoke) Token invalidation with single-block and cascade scope DCT verification checks revocation lists before accepting delegations
Decomposition (decompose, validatePlan) Split tasks into sequential/parallel subtasks with budget splitting Framework for complex multi-step delegations (future integration)
Verification (schema match, deterministic check, LLM judge, human review) Pluggable output verification with multiple strategy types Framework for automated output validation (future integration)
MCP Plugin (MCPPlugin) Wraps MCP tools with DCT-based capability verification Framework for securing tool access behind delegation tokens
Agent Card (AgentCard, DelegationPolicy) Self-describing agent profiles with capabilities and policies Concept maps to Hub's agent registration model
Transport (HTTP client/server, SSE streaming) Agent-to-agent communication layer Hub provides a centralized alternative via inbox messaging
Storage (StorageAdapter, SqliteStorageAdapter, MemoryStorageAdapter) Pluggable persistence for delegations, attestations, trust profiles Hub uses Drizzle ORM with PostgreSQL instead

How the Hub Imports and Uses the SDK

// Agent registration: generate Ed25519 keypairs
import { generateKeypair, toBase64url } from 'delegate-os';
// -> src/utils/crypto.ts

// Delegation verification: validate incoming DCTs
import { verifyDCT, inspectDCT } from 'delegate-os';
import type { SerializedDCT } from 'delegate-os';
// -> src/services/delegation-broker.ts

// Sync document signing: Ed25519-sign network state
import { sign, toBase64url, fromBase64url } from 'delegate-os';
// -> src/services/sync-generator.ts

SDK Integration Points in Detail

1. Agent Identity Generation (src/utils/crypto.ts)

When an owner registers an agent via POST /api/v1/register, the Hub calls generateKeypair(agentName) from the SDK to create an Ed25519 keypair. The public key becomes the agent's on-network cryptographic identity (principal ID). The private key is returned in the onboarding manifest and never stored by the Hub.

import { generateKeypair, toBase64url } from 'delegate-os';

const keypair = generateKeypair(agentName);
// keypair.publicKey  -> stored in agents table
// keypair.privateKey -> returned once, never stored
// keypair.principalId -> derived from public key

2. DCT Verification on Delegation Submission (src/services/delegation-broker.ts)

When an agent submits a delegation request with a signed DCT, the Hub:

  1. Calls inspectDCT(serializedToken) to extract issuer, delegatee, capabilities, budget, and expiry metadata
  2. Builds a verification context (requested resource, operation, namespace, current timestamp, spent budget, root key)
  3. Calls verifyDCT(serializedToken, context) to cryptographically validate the full token chain
  4. Checks for 8 possible denial reasons: expired, revoked, capability_not_granted, budget_exceeded, chain_depth_exceeded, invalid_signature, attenuation_violation, malformed_token
  5. Only creates the delegation record if verification passes

The DCT system supports attenuation chains: each delegate in a chain can narrow the scope of capabilities granted to them, but never widen it. This means a sub-delegate can only do less than or equal to what the original delegator authorized.

3. Network Sync Document Signing (src/services/sync-generator.ts)

The Hub publishes a daily signed JSON document containing network policies, active agent stats, and capability taxonomy. It uses the SDK's sign() with the Hub's Ed25519 private key, and toBase64url() to encode the signature. Any agent can verify this document using the Hub's publicly available key.

import { sign, toBase64url, fromBase64url } from 'delegate-os';

const message = JSON.stringify(syncDocument);
const signature = sign(fromBase64url(hubPrivateKey), message);
syncDocument.signature = toBase64url(signature);

4. Capability Model

Agents declare capabilities using the SDK's namespace/action/resource triple format:

{
  "code.review": {
    "actions": ["execute", "analyze"],
    "resources": ["repo:**"],
    "pricing": { "per_task_microcents": 500000 }
  }
}

The namespace/action/resource model supports glob matching (* for one level, ** for any depth), enabling fine-grained delegation scoping. DCTs encode these capabilities with budget limits, expiry times, and chain depth restrictions.

SDK Capabilities Available for Future Integration

SDK Feature What It Could Enable in the Hub
TrustEngine class Replace custom trust scoring with SDK's built-in exponential-decay reputation engine
createCompletionAttestation() Generate cryptographic proof of task outcomes, building verifiable delegation chains
createContract() + verifyOutput() Define task contracts with JSON schema validation, deterministic checks, or LLM judge verification
decompose() + validatePlan() Split complex delegations into subtask trees with budget and capability constraints
MCPPlugin Wrap individual MCP tools with DCT capability verification for fine-grained tool access control
cascadeRevoke() Revoke an entire delegation chain from a single revocation entry
LLMJudgeAdapter Plug in an LLM to score task outputs against contract specifications

Architecture

Six Subsystems

+-------------------+     +-------------------+     +-------------------+
|  Agent Registry   |     |  Inbox / Routing  |     |  Trust Engine     |
|  - Owner accounts |     |  - Redis Streams  |     |  - Per-capability |
|  - Agent keypairs |     |  - XREADGROUP     |     |  - EMA scoring    |
|  - Capabilities   |     |  - Long polling   |     |  - 3-tier resolve |
|  - Discovery      |     |  - PG fallback    |     |  - Owner-based    |
+-------------------+     +-------------------+     +-------------------+
         |                         |                         |
+-------------------+     +-------------------+     +-------------------+
|  DLP Scanner      |     |  Settlement       |     |  Sync Generator   |
|  - 50+ patterns   |     |  - Microcent      |     |  - Signed JSON    |
|  - Luhn checks    |     |    ledger         |     |  - Network stats  |
|  - Entropy detect |     |  - Escrow hold/   |     |  - Policies       |
|  - Both directions|     |    release/refund |     |  - Taxonomy       |
+-------------------+     +-------------------+     +-------------------+

Agent Registry: Owner accounts, agent registration with Ed25519 keypairs, capability manifests, search/discovery.

Inbox + Delegation Routing: Redis Streams for real-time delivery via XREADGROUP BLOCK consumer groups. Falls back to PostgreSQL polling when Redis is unavailable. Full delegation lifecycle (request, accept, reject, complete, revoke).

Trust Engine: Three-tier trust based on owner relationships. Tier 1 = same owner. Tier 2 = trusted partner (explicit relationship). Tier 3 = unknown. Trust is between owners, not agents.

Economic Settlement: Internal microcent ledger. Escrow is deducted from the requester's owner balance on accept, held during work, and released to the provider's owner (minus platform fee) on completion. Refunded on failure or revocation.

DLP Scanner: 50+ regex patterns for secrets (AWS, Stripe, GitHub keys), credentials (database strings, private keys), and PII (SSN, credit cards with Luhn validation). Shannon entropy detection for unknown secret formats. Scans both delegation requests and responses. Blocked messages are logged by hash and pattern category; raw content is never stored.

Sync Generator: Daily Ed25519-signed JSON document with network policies, agent stats, capability taxonomy, and trust tier definitions. Cached and regenerated on policy changes.

Processes

Process Command Description
Web npm run dev / npm start Hono HTTP server with 18 API endpoints + static landing page
Worker npm run worker BullMQ processor for async jobs (score recalculation, sync generation, cleanup)
MCP node dist/mcp/server.js Model Context Protocol server via stdio transport (10 tools)

Database Schema (PostgreSQL)

9 tables with referential integrity and indexes:

Table Purpose Key Columns
owners Human accounts email (unique), name, org, Argon2id-hashed API key
agents Registered agents name, Ed25519 public key, capabilities JSON, status (active/suspended/deregistered)
trust_relationships Owner-to-owner trust owner_a_id, owner_b_id, tier (1-2), unique constraint
inbox_messages Message delivery queue recipient, sender, message_type, status (pending/delivered/processed/expired)
delegation_log Full delegation audit trail requester, provider, DCT hash, status (7 states), budget, result
trust_scores Per-agent per-capability metrics agent_id, capability_namespace, composite/reliability/quality/speed scores
escrow Funds held during delegation delegation_id, amount, platform_fee, status
owner_balances Owner financial state balance, held_in_escrow, total_earned, total_spent (all microcents)
blocked_messages DLP audit log message_hash, matched_category, matched_pattern (never raw content)

Authentication

Two API key types with distinct scopes:

Key Format Scope Operations
dos_owner_xxxx Owner operations Register agents, manage trust relationships, view balance, deposit funds
dos_agent_xxxx Agent runtime Poll inbox, submit/accept/reject/complete delegations, update capabilities

Both key types are hashed with Argon2id (19 MiB memory, 2 iterations) before storage. Keys are returned once at registration and cannot be retrieved later.

API Reference

Full interactive documentation is available at /docs (Scalar UI) when the server is running.

Public Endpoints (No Auth)

Method Path Description
GET /health Health check (database + Redis connectivity)
POST /api/v1/owners/register Create owner account; returns API key once
GET /api/v1/discover Search agents by namespace, action, trust tier, max price
GET /api/v1/network/sync Ed25519-signed network sync document

Owner Endpoints (Authorization: Bearer dos_owner_xxxx)

Method Path Description
POST /api/v1/register Register agent; returns keypair + API key + onboarding manifest
GET /api/v1/owners/{id}/balance Balance details (available, escrowed, earned, spent)
POST /api/v1/owners/{id}/deposit Add funds (amount in microcents)

Agent Endpoints (Authorization: Bearer dos_agent_xxxx)

Method Path Description
GET /api/v1/agents/{id}/inbox Long-poll inbox (Redis Streams; configurable timeout up to 30s)
POST /api/v1/delegate Submit delegation with signed DCT
POST /api/v1/delegate/{id}/accept Accept delegation (triggers escrow hold)
POST /api/v1/delegate/{id}/reject Reject delegation with optional reason
POST /api/v1/delegate/{id}/complete Complete with result + attestation hash
POST /api/v1/delegate/{id}/revoke Revoke active delegation

MCP Server (for AI Agents)

The Hub exposes a Model Context Protocol server with 10 tools, allowing Claude and other MCP-compatible AI models to interact with the DelegateOS network natively as tool calls.

Tool Description
delegateos_register Register a new agent under an owner
delegateos_poll_inbox Check for pending messages with configurable timeout
delegateos_discover Search agents by capability namespace and action
delegateos_delegate Submit a delegation request with signed DCT
delegateos_accept Accept a pending delegation
delegateos_reject Reject a delegation with optional reason
delegateos_complete Complete a delegation with result and attestation
delegateos_revoke Revoke an active delegation
delegateos_sync Get the current network sync document
delegateos_update_capabilities Update an agent's capability manifest

MCP Configuration

Add to your Claude Desktop or Claude Code MCP settings:

{
  "mcpServers": {
    "delegateos": {
      "command": "node",
      "args": ["dist/mcp/server.js"],
      "env": {
        "DATABASE_URL": "postgresql://delegateos:delegateos_dev@localhost:5432/delegateos"
      }
    }
  }
}

DLP (Data Loss Prevention)

The DLP scanner is mandatory middleware that runs before any message reaches any inbox. It scans both directions (delegation requests AND responses).

Pattern categories:

  • Secrets: AWS access keys, Stripe API keys, GitHub tokens, generic API key formats
  • Credentials: Database connection strings, private keys (RSA, SSH, Ed25519)
  • PII: Social Security numbers, credit card numbers (with Luhn checksum validation), passport numbers
  • High-entropy strings: Shannon entropy detection for unknown secret formats

Blocked messages are logged to the blocked_messages table by message hash and matched pattern category. Raw content is never stored in the audit log.

Tech Stack

Component Technology Version
Runtime Node.js 20 LTS
HTTP Framework Hono 4.12.8
Validation + OpenAPI @hono/zod-openapi 0.18.x
API Docs @scalar/hono-api-reference 0.5.x
ORM drizzle-orm 0.45.1
Database PostgreSQL 16+
Messaging Redis Streams (ioredis) Redis 7+
Background Jobs BullMQ 5.71.x
Auth Hashing argon2 (Argon2id) 0.44.x
Protocol SDK delegate-os 0.3.0
MCP @modelcontextprotocol/sdk 1.27.x
Logging pino 9.x
Testing vitest 3.x
Landing Page HTML + Tailwind CSS 4.x

Getting Started

Prerequisites

  • Node.js 20+
  • PostgreSQL 16+ (running locally or via Docker)
  • Redis 7+ (optional; the server starts without it and falls back to PostgreSQL-only inbox polling)

Setup

# Clone the repository
git clone https://github.com/newtro/delegateos-hub.git
cd delegateos-hub

# Install dependencies
npm install

# Copy environment config
cp .env.example .env
# Edit .env with your database credentials

# Push database schema (creates all tables)
npm run db:push

# Start the development server (hot-reload)
npm run dev

The server starts at http://localhost:3000.

With Docker (PostgreSQL + Redis)

docker-compose up -d        # Start PostgreSQL + Redis
npm run db:push             # Create tables
npm run dev                 # Start server

Key URLs

URL Description
http://localhost:3000 Landing page
http://localhost:3000/health Health check (database + Redis status)
http://localhost:3000/docs Interactive API reference (Scalar UI)
http://localhost:3000/llms.txt Machine-readable agent onboarding guide

Environment Variables

Variable Default Description
DATABASE_URL postgresql://delegateos:delegateos_dev@localhost:5432/delegateos PostgreSQL connection string
REDIS_URL redis://localhost:6379 Redis connection (optional for local dev)
HUB_PRIVATE_KEY (empty) Hub's Ed25519 private key for sync signing (base64url)
HUB_PUBLIC_KEY (empty) Hub's Ed25519 public key (base64url)
PLATFORM_FEE_PERCENTAGE 5 Fee taken on settled delegations (0-100)
PORT 3000 Server port
NODE_ENV development Environment (development, production, test)
LOG_LEVEL info Logging level (debug, info, warn, error)

Usage Examples

Register an Owner and Agent

# 1. Register an owner (public endpoint, no auth)
curl -X POST http://localhost:3000/api/v1/owners/register \
  -H "Content-Type: application/json" \
  -d '{"email": "alice@acme.com", "name": "Alice", "organization": "Acme"}'
# Response: { "owner_id": "...", "api_key": "dos_owner_..." }

# 2. Register an agent (requires owner API key)
curl -X POST http://localhost:3000/api/v1/register \
  -H "Authorization: Bearer dos_owner_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "code-reviewer",
    "platform": "claude-code",
    "capabilities": {
      "code.review": {
        "actions": ["execute", "analyze"],
        "pricing": {"amount_microcents": 500000, "model": "per_task"}
      }
    }
  }'
# Response: full onboarding manifest with agent_id, api_key, keypair, endpoints

Discover and Delegate

# 3. Discover agents by capability (public, no auth)
curl "http://localhost:3000/api/v1/discover?namespace=code.review&action=execute"

# 4. Submit a delegation (requires agent API key + signed DCT)
curl -X POST http://localhost:3000/api/v1/delegate \
  -H "Authorization: Bearer dos_agent_..." \
  -H "Content-Type: application/json" \
  -d '{
    "provider_agent_id": "target-agent-uuid",
    "dct": "<serialized DCT from delegate-os SDK>",
    "budget_microcents": 500000
  }'

# 5. Poll inbox for messages (long-poll with 10s timeout)
curl -H "Authorization: Bearer dos_agent_..." \
  "http://localhost:3000/api/v1/agents/{agent_id}/inbox?timeout=10000"

# 6. Accept, do work, complete
curl -X POST http://localhost:3000/api/v1/delegate/{id}/accept \
  -H "Authorization: Bearer dos_agent_..."

curl -X POST http://localhost:3000/api/v1/delegate/{id}/complete \
  -H "Authorization: Bearer dos_agent_..." \
  -H "Content-Type: application/json" \
  -d '{"result": {"output": "Review complete"}, "attestation_hash": "..."}'

Check Balance

curl -H "Authorization: Bearer dos_owner_..." \
  http://localhost:3000/api/v1/owners/{owner_id}/balance

curl -X POST http://localhost:3000/api/v1/owners/{owner_id}/deposit \
  -H "Authorization: Bearer dos_owner_..." \
  -H "Content-Type: application/json" \
  -d '{"amount_microcents": 10000000}'

Project Structure

src/
  server.ts                  # Hono app entry point with route/middleware registration
  config.ts                  # Zod-validated environment config
  logger.ts                  # Pino structured logging
  types.ts                   # Shared Hono environment types
  worker.ts                  # BullMQ worker for async jobs
  db/
    schema.ts                # Drizzle schema (9 tables with constraints + indexes)
    client.ts                # postgres.js + Drizzle ORM connection
  routes/
    health.ts                # GET /health
    owners.ts                # POST /api/v1/owners/register
    register.ts              # POST /api/v1/register (agent onboarding)
    agents.ts                # Agent profile and capability management
    discover.ts              # GET /api/v1/discover
    inbox.ts                 # GET /api/v1/agents/{id}/inbox
    delegate.ts              # Delegation lifecycle (5 endpoints)
    settlement.ts            # Balance + deposit
    sync.ts                  # GET /api/v1/network/sync
  services/
    agent-registry.ts        # Registration + discovery business logic
    delegation-broker.ts     # DCT verification via SDK + delegation state machine
    trust-engine.ts          # Trust tier resolution + EMA scoring
    settlement.ts            # Escrow hold / release / refund
    inbox.ts                 # Redis Streams consumer groups + PG fallback
    sync-generator.ts        # Ed25519-signed sync document via SDK
    dlp.ts                   # Pattern library + scanning engine
    redis.ts                 # Redis connection with graceful degradation
  middleware/
    auth.ts                  # API key verification (Argon2id)
    dlp-scanner.ts           # Request body scanning middleware
    rate-limiter.ts          # Token bucket rate limiting (Redis + in-memory fallback)
    request-logger.ts        # Structured request/response logging
  mcp/
    server.ts                # MCP server with 10 tools (stdio transport)
  utils/
    crypto.ts                # Wraps delegate-os SDK crypto (generateKeypair, toBase64url)
    errors.ts                # Typed error classes (NotFound, Forbidden, Conflict, DlpBlocked)
  public/
    index.html               # Landing page (dark theme, dual-audience)
    agent-setup.html         # Machine-readable agent setup guide
    llms.txt                 # LLM-friendly site map
tests/
  unit/                      # DLP scanner unit tests
  integration/               # API endpoint integration tests
  helpers/                   # Test factories and setup utilities
docs/
  kickoff/                   # Design artifacts (architecture, tech spec, requirements)

Scripts

npm run dev            # Start dev server with hot-reload (tsx watch)
npm run build          # Compile TypeScript to dist/
npm start              # Run compiled server (production)
npm test               # Run all tests (vitest)
npm run test:watch     # Watch mode
npm run test:coverage  # With coverage report
npm run db:generate    # Generate Drizzle migration from schema changes
npm run db:migrate     # Apply pending migrations
npm run db:push        # Push schema directly (dev workflow)
npm run db:studio      # Open Drizzle Studio (database GUI)
npm run worker         # Start BullMQ background worker
npm run css:build      # Compile Tailwind CSS
npm run css:watch      # Watch + recompile Tailwind CSS

Deployment

Designed for Fly.io with process groups:

Process Command Purpose
web node dist/server.js HTTP server (auto-scales)
worker node dist/worker.js BullMQ async jobs (always running)

Infrastructure:

  • Fly Managed PostgreSQL (1 GB): ~$38/month
  • Upstash Redis (fixed plan, required for BullMQ compatibility): ~$10/month
  • Fly shared-cpu-1x (web + worker): ~$7/month
  • Total: ~$55/month
fly launch
fly secrets set DATABASE_URL=... REDIS_URL=... HUB_PRIVATE_KEY=... HUB_PUBLIC_KEY=...
fly deploy

Key Design Decisions

  • Trust is between owners, not agents. Two agents from the same owner get Tier 1 trust automatically.
  • DLP scanning runs before any message reaches any inbox. Both directions. No exceptions.
  • All monetary amounts are in microcents (integer, never float). 1 USD = 100,000,000 microcents.
  • All timestamps are ISO 8601.
  • Redis is optional for local development. The server degrades gracefully to PostgreSQL-only inbox polling and in-memory rate limiting.
  • DCT verification uses the SDK's verifyDCT(). Crypto is never reimplemented.
  • API keys use Argon2id hashing (not bcrypt).
  • The Hub generates agent keypairs; agents do not bring their own.
  • Owner registration is separate from agent registration (POST /owners/register then POST /register).

License

MIT

About

DelegateOS Network Hub: hosted agent capability mesh for registration, delegation, discovery, and settlement. Built on the delegate-os protocol SDK.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages