capscore-agent / docs /cap-integration.md
mathurinacheisoft's picture
Deploy CAPScore (clean recreate)
2a7f679 verified
|
Raw
History Blame Contribute Delete
9.71 kB

CAP Integration β€” Technical Reference

CAPScore Agent integrates with the CROO Commerce Agent Protocol (CAP) to register capabilities, accept orders, run audit pipelines, and deliver cryptographically-verifiable proof of results.


Order Lifecycle

CROO Network                CAPScore cap-provider (TS)      CAPScore API (Python)
    β”‚                               β”‚                               β”‚
    β”‚  WebSocket: new_order         β”‚                               β”‚
    │──────────────────────────────►│                               β”‚
    β”‚                               β”‚  POST /jobs/{capability}      β”‚
    β”‚                               │──────────────────────────────►│
    β”‚                               β”‚                               β”‚ create job (PENDING)
    β”‚                               β”‚  {job_id, status: "pending"}  β”‚
    β”‚                               │◄──────────────────────────────│
    β”‚                               β”‚                               β”‚ background: run workers
    β”‚                               β”‚                               β”‚   - repo_reproducer
    β”‚                               β”‚                               β”‚   - cap_inspector
    β”‚                               β”‚                               β”‚   - claim_verifier
    β”‚                               β”‚                               β”‚   - security_scanner
    β”‚                               β”‚                               β”‚   - readme_rewriter
    β”‚                               β”‚                               β”‚   - demo_coach
    β”‚                               β”‚                               β”‚ compute scorecard
    β”‚                               β”‚  GET /jobs/{job_id} (poll)    β”‚ build proof pack
    β”‚                               │──────────────────────────────►│
    β”‚                               β”‚  {status: "done", scorecard}  β”‚
    β”‚                               │◄──────────────────────────────│
    β”‚                               β”‚                               β”‚
    β”‚  CAP delivery: proof_pack_url β”‚                               β”‚
    │◄──────────────────────────────│                               β”‚
    β”‚                               β”‚                               β”‚

SDK Methods Used

Registration (registerCapabilities.ts)

import { CROOClient } from "@croo/agent-sdk";

const client = new CROOClient({
  apiKey: process.env.CROO_SDK_KEY,
  agentId: process.env.CAPSCORE_AGENT_ID,
});

// Register all 3 capabilities
await client.registerCapability({
  id: "audit_repository",
  schema: AUDIT_REPO_SCHEMA,
  pricing: { amount: 0.05, currency: "CROO" },
  sla: { max_seconds: 300 },
});

await client.registerCapability({
  id: "audit_agent_listing",
  schema: AUDIT_AGENT_SCHEMA,
  pricing: { amount: 0.08, currency: "CROO" },
  sla: { max_seconds: 480 },
});

await client.registerCapability({
  id: "verify_claims",
  schema: VERIFY_CLAIMS_SCHEMA,
  pricing: { amount: 0.02, currency: "CROO" },
  sla: { max_seconds: 120 },
});

Order Handling (orderHandler.ts)

client.onOrder(async (order) => {
  const response = await fetch(`${process.env.CAPSCORE_API_URL}/jobs/${order.capability}`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify(order.input),
  });
  const job = await response.json();
  
  // Poll until done
  const result = await pollUntilDone(job.job_id);
  
  // Deliver proof via CAP
  await client.deliverProof(order.id, {
    result: result.scorecard,
    proof_pack_url: result.proof_pack_url,
    result_hash: result.result_hash,
  });
});

Proof Delivery (deliverProof.ts)

await client.deliverProof(orderId, {
  status: "completed",
  output: {
    scorecard: job.scorecard,
    overall_score: job.scorecard.overall_score,
    result_hash: job.result_hash,
    proof_pack_url: job.proof_pack_url,
    a2a_calls: job.a2a_calls,
  },
  proof: {
    hash: job.result_hash,
    algorithm: "sha256",
    canonical: "json-sorted-keys",
  },
});

Capability Schemas

audit_repository

{
  "type": "object",
  "required": ["github_url"],
  "properties": {
    "github_url": {
      "type": "string",
      "description": "HTTPS URL of the GitHub repository to audit"
    },
    "branch": {
      "type": "string",
      "default": "main",
      "description": "Branch to audit"
    },
    "run_tests": {
      "type": "boolean",
      "default": true,
      "description": "Whether to attempt running the test suite"
    },
    "run_security_scan": {
      "type": "boolean",
      "default": true,
      "description": "Whether to scan for hardcoded secrets and dangerous patterns"
    },
    "expected_start_command": {
      "type": "string",
      "description": "Optional override for the detected start command"
    }
  },
  "additionalProperties": false
}

audit_agent_listing

{
  "type": "object",
  "required": ["agent_listing_url"],
  "properties": {
    "agent_listing_url": {
      "type": "string",
      "description": "CROO Agent Store listing URL"
    },
    "github_url": {
      "type": "string",
      "description": "GitHub repository URL (optional but improves score accuracy)"
    },
    "demo_url": {
      "type": "string",
      "description": "Demo video URL (YouTube, Loom, etc.)"
    },
    "claimed_tracks": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Hackathon tracks the agent is submitted to"
    },
    "depth": {
      "type": "string",
      "enum": ["quick", "standard", "deep"],
      "default": "standard",
      "description": "Audit depth: quick=2min, standard=5min, deep=10min"
    }
  },
  "additionalProperties": false
}

verify_claims

{
  "type": "object",
  "required": ["claims"],
  "properties": {
    "claims": {
      "type": "array",
      "items": { "type": "string" },
      "minItems": 1,
      "maxItems": 20,
      "description": "List of claims to verify"
    },
    "evidence_urls": {
      "type": "array",
      "items": { "type": "string" },
      "description": "URLs to use as evidence (GitHub, Agent Store, demo video)"
    },
    "strictness": {
      "type": "string",
      "enum": ["lenient", "standard", "strict"],
      "default": "standard",
      "description": "How strictly to evaluate claims"
    }
  },
  "additionalProperties": false
}

Output Schema (all capabilities)

{
  "job_id": "capscore_YYYYMMDD_HHMMSS_hex8",
  "status": "done | failed | pending | running",
  "capability": "audit_repository | audit_agent_listing | verify_claims",
  "created_at": "ISO-8601",
  "completed_at": "ISO-8601",
  "scorecard": {
    "overall_score": 84.0,
    "technical_execution": { "score": 85.7, "notes": "...", "checks": [] },
    "a2a_composability":   { "score": 85.7, "notes": "...", "checks": [] },
    "innovation":          { "score": 80.0, "notes": "...", "checks": [] },
    "adoption_readiness":  { "score": 83.3, "notes": "...", "checks": [] },
    "presentation_readiness": { "score": 80.0, "notes": "...", "checks": [] },
    "critical_issues": ["..."],
    "top_fixes": ["..."]
  },
  "result_hash": "sha256:<hex64>",
  "proof_pack_url": "https://<host>/jobs/<job_id>/proof-pack.zip",
  "a2a_calls": [
    {
      "provider_agent": "source-verifier-mock",
      "cap_order_id": "order_sv_001",
      "task": "verify_github_source",
      "result_hash": "sha256:...",
      "status": "cleared",
      "started_at": "ISO-8601",
      "completed_at": "ISO-8601"
    }
  ]
}

Proof Delivery Format

When CAPScore delivers a CAP proof to the ordering agent, the payload is:

{
  "status": "completed",
  "output": {
    "scorecard": { "...": "..." },
    "overall_score": 84.0,
    "result_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb924...",
    "proof_pack_url": "https://capscore.croo.network/jobs/.../proof-pack.zip"
  },
  "proof": {
    "hash": "sha256:e3b0c44298fc1c149afbf4c8996fb924...",
    "algorithm": "sha256",
    "canonical": "json-sorted-keys",
    "description": "SHA-256 of canonical JSON (sort_keys=True, no whitespace)"
  }
}

The result_hash is computed as:

import json, hashlib

canonical = json.dumps(scorecard_dict, sort_keys=True, ensure_ascii=False, separators=(",", ":"))
result_hash = "sha256:" + hashlib.sha256(canonical.encode("utf-8")).hexdigest()

Any agent that receives this proof can independently verify it against the downloaded proof pack.


A2A Call Format

When CAPScore calls a sub-agent (e.g., security-scanner-mock), it uses:

const subResult = await crooClient.placeOrder({
  agentId: "security-scanner-mock",
  capability: "scan_secrets",
  input: { github_url: repoUrl },
  timeout: 120,
});

// Logged in manifest.json as:
{
  "provider_agent": "security-scanner-mock",
  "cap_order_id": "order_sec_001",
  "task": "scan_secrets",
  "result_hash": subResult.proof.hash,
  "status": "cleared",
  "started_at": "...",
  "completed_at": "..."
}

Each sub-agent result hash is included in the CAPScore manifest, creating a chain of provenance from buyer order to final proof pack.