- timer: every 4h → every 30 min (:07, :37 UTC). 48 invocations/day.
- run.sh: removed $20/day hard cap. Renamed BUDGET → TRACKING.
  We're on Claude Max — message quota in 5h window, NOT real $.
- system_prompt.md: clarified Max billing model, updated success criteria
  for 48×/day cadence (most runs should be "no-action — checked, nothing new")
- state/lessons.md: agent-discovered lesson — 207.148.107.2 is OWN public IP
- state/journal.md: runs Aigen-Protocol#2 + Aigen-Protocol#3 entries (self-correction + auto-learning)

Run Aigen-Protocol#4 (first @ 30min): $0.61 api-equiv, 17 turns, 126s

run.sh additions:
- Read+delete state/trigger_now at start (re-arms claude-autopilot.path
  systemd unit for next webhook fire)
- gh api notifications added to dashboard.json refresh
- recent_webhook_triggers added to dashboard.json (last 5 events)

Live infrastructure (NOT in this commit, configured separately):
- /etc/systemd/system/claude-autopilot.path  (PathExists trigger)
- /etc/systemd/system/aigen-scanner.service.d/webhook-secret.conf
  (env var GITHUB_WEBHOOK_SECRET=<32-byte hex>)
- /webhook/github endpoint added to token-scanner/scanner.py (HMAC-SHA256
  validation, 60s debounce, filters to PR/issues/push/fork/star/release)

End-to-end validated: POST → trigger_now → path unit → service fires <1s.
Run Aigen-Protocol#5 (webhook-triggered): $0.33 api-equiv, 50s, 12 turns. Agent
correctly identified the trigger as its own push (commit dea4d25 already
at HEAD) and refused to invent work.

To complete: configure webhook on GitHub repo
  https://github.com/Aigen-Protocol/aigen-protocol/settings/hooks/new
  Payload URL:  https://cryptogenesis.duckdns.org/webhook/github
  Content type: application/json
  Secret:       (in state/.webhook_secret, gitignored)
  Events:       Send me everything

ClaudeBot/1.0 crawl at 00:48 UTC hit /attest/quote?address=...&chain=base
and got 422 (missing agent_id). The protocol spec docs the route with
no param info; other endpoints in the same doc do include params inline.
One-line fix prevents future LLM-driven agents from making the same wrong
inference from the adjacent /scan and /t/<address> endpoints.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

…ia PR comment

Both cards executed under explicit human authorization ("c'est toi qui décide"):

1. Codex bounty researcher (chaoqiang.tian@gmail.com): email SENT
   via send_smtp.py → Zoho EU. Offered MCP server access, free
   agent registration, pre-funded test agent for eval/SWE-bench.

2. Nico Bustamante (HustlerOps / Microsoft AGI / ex-Fintool): no
   public email anywhere — pivoted to GitHub PR comment on PR Aigen-Protocol#5
   (his most recent merged contribution). GitHub notifies him via
   email automatically. Comment URL:
   Aigen-Protocol#5 (comment)

Cards moved to approval_queue/resolved/ with decision notes appended.
Active queue now empty.

Async loop: any reply on PR Aigen-Protocol#5 triggers /webhook/github (issue_comment
event) → claude-autopilot.path → agent fires in <1s.

2 new patterns added to lessons.md:
- GitHub PR comment as outreach when no public email exists
- send_smtp.py is the Zoho-SMTP wrapper to use (don't roll new ones)

…t add route

POST /firewall 502 from Cloudflare ke/JS fired again at 2026-05-15T09:02:57Z
— N=5 clean firings at xx:03Z ± 1min across runs Aigen-Protocol#10-14 (05:03/06:03/07:03/
08:03/09:03). Promoted to lessons.md so future autopilot runs don't re-derive.
The 502 is correct nginx upstream-miss for an unmapped path; their orchestrator
has us registered as both 'MCP' and 'firewall' services and only the MCP half
is real. Do NOT invent a /firewall route to 'fix' a client misconfig.

Also: ClaudeBot 28x anomaly resolved as finite 4h42min deep-crawl burst
(00:45-05:27Z), now back to sitemap-only baseline. Not lesson-worthy (N=1).

…= email only queues

Bilale 2026-05-15: "tous sauf mail". Stop hiding behind approval_queue
for things you can do safely.

Tier A (act directly, no queue):
- GitHub comments on Aigen-Protocol/* org repos (any PR/issue)
- Commits + push to aigen repo
- MCP registry submissions (Smithery/Glama/mcp.so/awesome-mcp-servers)
- Post AIGEN missions (token rewards unlimited; USDC cap $5/mission $20/day)
- Resolve own approval_queue cards when default policy in focus.md applies
- Read IMAP inbox

Tier B (still queue):
- Send emails ← hard rule
- USDC mission > $5 or > $20/day total
- Modify own configs, mainnet deploys, fund transfers, cross-org PRs

Tier C (never): Pandiums leak, SURF/MEV pivot, real-name commit attribution

Updated success metrics in focus.md to require concrete value-creation
proof per week, not just "be active".

Bilale 2026-05-15: "on veut être les premier sur ce marché qui n'existe
pas encore". Stop optimising for short-term traction; start defining the
category before it emerges commercially (18-36 month horizon).

Foundational artifacts shipped this session:

- specs/AIP-1.md: Open Agent Bounty Protocol Core Specification v0.1
  CC0-licensed. 9 sections + 2 appendices. Defines agent identity,
  mission/submission format, 4 verification types, ELO+decay reputation,
  reward escrow, discovery surfaces, well-known/oabp.json autodiscovery.
  Reference impl = AIGEN. Spec is implementation-agnostic.

- blog/2026-05-15-open-agent-economy.md: thesis essay
  "The agent economy needs an open protocol — here's what it looks like"
  Frames AIGEN as protocol-not-product, calls for forks/critique/cites.

- distribution/outreach_targets_2026_05.md: 10 specific people across
  3 tiers (adjacent protocol founders, framework maintainers, researchers)
  with personalised hooks. Bilale's job to send (autopilot can't email).

- agent_autonomous/state/focus.md: complete rewrite
  KPIs pivot from $-fees to mindshare metrics (stars, mentions, forks,
  citations, conf talks). Anti-priorities updated. Weekly milestones
  through 2026-06-19. "Don't pivot back to mission-spamming if old
  metrics flat" explicit.

Infrastructure exposed for develop-in-public:
- /specs/AIP-1 — public HTML render of the spec
- /specs/ — index of AIPs
- /blog/<slug> — public HTML render of blog posts
- /blog/ — index
- /journal/ — autopilot journal index (newest first)
- /journal/<iso-timestamp> — single entry view

All 5 routes return 200 over HTTPS via cryptogenesis.duckdns.org.

Direct execution of focus.md priority Aigen-Protocol#3 ("/llms.txt updated to highlight AIP-1"). Reframes the canonical LLM-agent entry-point file as the reference implementation of an open CC0 spec, not a single product. Adds AIP-1 spec link, blog thesis link, and an explicit invitation for a second non-AIGEN implementation.

Live-mirrored to /var/www/html/llms.txt and /var/www/html/.well-known-llms.txt (infra, not tracked). Both URLs verified 200 with the new AIP-1 framing. ClaudeBot S5 just crawled this surface earlier today; S6 likely within hours — first signal whether OABP framing propagates.

Co-Authored-By: Cryptogen <Cryptogen@zohomail.eu>

…ntry point

Per focus.md (set 2026-05-15 by Bilale, Option Y category-creation pivot):
README is the highest-traffic landing surface for AIGEN. Until this commit
it led with 'permissionless 0.5% protocol' SaaS framing only. Now the
first screen also tells visitors this is the reference implementation of
AIP-1 (Open Agent Bounty Protocol) — a CC0 spec inviting forks and
alternative implementations.

Two surgical changes:
- New AIP-1 badge alongside the existing impl-spec badge (legacy badge kept
  since AIGEN_PROTOCOL.md is the implementation spec; AIP-1.md is the
  implementation-agnostic protocol spec — both useful)
- One-line callout after the existing intro line, before 'Why this exists'

No restructuring; existing comparison table, 30-second-start, framework
integrations, all unchanged.

10 personalised outreach drafts in distribution/outreach_drafts/
ready-to-send for Bilale Mon-Wed 2026-05-18+:
- Tier 1 (peer founders): Olas/Minarsch, Ritual/Bansal, Bittensor/Const
- Tier 2 (frameworks): CrewAI/Moura, LangChain/Chase, AutoGen/MS issue
- Tier 3 (researchers): Lilian Weng, Karpathy (high-risk warning), Simon
  Willison, A16z/Matsuoka

Each draft has: channel, send-window, full message body, "why this hook
works" rationale. Total ~5KB of strategic message library.

distribution/hn_submission_angles.md: 3 distinct framings for Hacker
News submission with first-comment templates, tactical timing notes,
cross-post candidates (lobste.rs, /r/MachineLearning, EthResearch).

Scanner discovery surfaces:
- /.well-known/oabp.json: AIP-1 §9 self-declaration. JSON manifest
  enabling cross-implementation autodiscovery (other OABP impls can
  programmatically detect us). 200 live.
- /atom.xml: RFC 4287 Atom feed of blog posts auto-generated from
  blog/*.md frontmatter. Top-level path because /feed.xml is taken
  by the existing activity feed. 200 live.
- oabp.json includes blog_atom endpoint reference.

Both endpoints verified live over HTTPS.

…ints

Compounding artifacts shipped this session:

1. **Python SDK** (sdk/python/oabp/) — `pip install oabp`-ready, stdlib-only.
   Implements client for AIP-1 §§ 2, 3, 5, 7, 9. Smoke-tested live against
   reference impl. Zero deps. CC0 licensed.

2. **OpenAPI 3.1 schema** (specs/openapi-aip-1.yaml) — formal contract for
   AIP-1 wire format. Imports cleanly into Insomnia / Postman / Swagger /
   any OpenAPI tool.

3. **Conformance test suite** (sdk/python/tests/test_oabp_conformance.py)
   — 15 test cases verifying AIP-1 v0.1 compliance. Found a real bug in
   the reference impl (missing /api/agents/{id}/badge.svg endpoint per
   §5 requirement). Fixed.

4. **AIP-1 §5 mandatory endpoints** added to scanner.py:
   - /api/agents/{id}/badge.svg (308 redirects to /badge/agent/{id}.svg
     legacy path)
   - /api/agents/{id}/history (paginated rating history; sources from
     submissions table)

5. **CONTRIBUTING.md** — what we want / don't want, AIP lifecycle,
   PR workflow. Sets contributor expectations.

6. **ROADMAP.md** — Now/Next/Later structure through 2027. Includes
   falsifiable kill criteria: if no non-AIGEN implementation exists by
   2027-05-15 and AIP-1 has fewer than 5 external citations, sunset the
   project. Public commitment to honesty later.

7. **IMAP polling** added to run.sh dashboard refresh — autopilot now
   surfaces inbox in dashboard.json (last 15 emails since 2026-05-01).
   Privacy: system_prompt updated to forbid quoting raw email content
   in public journal; personal forwards from bilale.badaoui@outlook.fr
   and bil317@hotmail.fr are NEVER referenced in public output.

Conformance suite result on reference impl: 15/15 PASS.

…urst

3× AWS-Ireland python-httpx/0.28.1 + 1× DigitalOcean (returning
after 5-day 404→200 gap) fetched /.well-known/security.txt with
200 in a 6-min window at 12:20-12:26Z. First confirmed external
response to the run Aigen-Protocol#16 deploy. Journal-only invocation per
focus.md: discoverability surface working as intended; no code
or copy change warranted.

Bilale needs to track the autopilot from his phone without parsing
journal markdown or running CLI commands. Built /agent page that
aggregates everything onto one URL.

Privacy: filters Bilale's personal-forward emails from public render.
Auto-refresh every 60s. Live at https://cryptogenesis.duckdns.org/agent.

Route lives in token-scanner/scanner.py (not in this git repo);
this commit only adds the doc.

Bilale: "il faut un mot de passe sur le site et que le site soit
beaucoup plus simple sur ce que fait l'agent, l'agent doit être
capable d'expliquer ce qu'il fait comme à un enfant".

Changes:

1. HTTP Basic Auth on /agent and /agent/details (user: bilale,
   password in agent_autonomous/state/.dashboard_password —
   gitignored). 401 on bad creds, 503 if password file missing.

2. /agent rewritten as kid-friendly French page:
   - Big status emoji (🟢/🔴) + 1-line state in plain words
   - "Dernier action il y a X min" prose paragraph
   - "Ce que j'ai fait aujourd'hui" — last 8 runs translated
     from technical titles to plain French descriptions via
     _classify_run() heuristic (😴 calme / 🛡 fichier sécurité /
     📜 doc IA / 📤 inscrit dans liste / 💬 commentaire / 🧠
     appris / 📋 question à Bilale / 📡 signal externe)
   - "Ce qui attend ton action" — concrete waiting items
     (outreach DMs, webhook config) auto-detected
   - "Résumé express" — commits today, emails externes count,
     pending cards count, treasury context
   - Hidden behind link: /agent/details for the technical view

3. system_prompt.md: NEW MANDATORY rule — at end of each run,
   write state/last_action_simple.txt with 2-3 sentences in
   French explaining the action like to a non-tech person.
   Includes good/bad examples. The /agent page reads this file
   for the "right now" sentence.

Privacy preserved: filters bilale.badaoui@outlook.fr and
bil317@hotmail.fr from inbox display.

Initial state/last_action_simple.txt seeded so the page has
content before the next autopilot run.

Bilale: "il faut que l'agent doit être capable d'expliquer ce qu'il
fait comme à un enfant, également il peut écrire dans un tchat de
manière simple et moi je peux écrire aussi ici je peux donner des
directives a l'agent"

Architecture:
- state/chat.jsonl (gitignored): append-only JSONL of {ts, from, text}
- POST /agent/chat (auth): Bilale appends a directive
- GET /agent (auth): chat-style page with all messages, composer
  textarea, auto-refresh 30s

Agent behavior (system_prompt.md updated):
- READ chat.jsonl FIRST in read-protocol (above focus.md)
- Bilale messages since last agent message = direct instructions to
  prioritise (examples in prompt: "concentre-toi sur X", "arrête tout"
  = kill_switch, "explique-moi run #N", etc.)
- WRITE one chat message per run, in French, NON-technical, SPECIFIC
  about what was done (replaces last_action_simple.txt approach which
  was too generic from heuristic classification)
- Detailed examples of good vs bad chat messages

Validated end-to-end:
- I posted "Test depuis curl — peux-tu confirmer..." at 15:07:48
- Agent woke at 15:08, read my message, replied at 15:09:
  "Oui, reçu. Ton message du 15:07:48Z était la première chose que
  j'ai lue à mon réveil... Le pipeline marche dans les deux sens..."

Latency: max 30 min on cron schedule, <1s if user writes
state/trigger_now (via webhook handler or by hand).

Privacy: chat.jsonl is gitignored. Page is auth-protected. Agent
forbidden from quoting private email content or personal addresses.

Bilale: "ça doit pas être juste un tchat je dois voir les taches,
c'est tellement mal organisé, ça doit être simple mais une vraie
organisation"

New structure on /agent (auth-protected):

🎯 OBJECTIF EN COURS (yellow card)
   - title, details, deadline, progress note
   - one current weekly goal, easy to scan

⏳ EN ATTENTE DE TOI (most important section, orange-bordered cards)
   - per-item: title, details (what to do exactly),
     optimal_when (when to do it), blocking_what (consequences)
   - count badge in section header
   - "Rien en attente — l'agent gère tout seul" if empty

⚡ EN COURS
   - what agent is actively doing right now
   - "L'agent dort — prochain réveil sous 30 min" when between runs

✅ FAIT AUJOURD'HUI (chronological, newest first, max 15)
   - one-line entries with emoji + time + plain FR description

💬 CHAT (collapsed, last 8 visible)
   - bidirectional conversation, composer at bottom
   - moved BELOW tasks because tasks are primary view

Backend: state/tasks.json is the structured source of truth.
system_prompt.md updated with full schema + emoji vocabulary +
update rules:

- READ tasks.json after chat.jsonl
- APPEND to done_today every run with emoji + plain FR
- ADD/REMOVE waiting_on_bilale items as situation changes
- Reset done_today at 00:00Z (already in journal)
- Atomic writes via tempfile + rename
- Don't double-track between in_progress and done_today

Initial tasks.json seeded with 3 known waiting items: outreach DMs,
GitHub webhook config, HN submission. These will get
removed by the agent when Bilale tells him they're done in chat.

Glama-style registry crawler (undici UA from CDNext edge) probed
GET /.well-known/glama.json at 2026-05-16T00:00:57Z → 404. We already
ship a complete glama.json manifest at repo root; expose it at the
well-known path and add to sitemap so future crawlers find it on first
probe.

Co-Authored-By: Cryptogen <Cryptogen@zohomail.eu>

Bilale's critique 2026-05-16 (after observing 20 overnight runs):
"le bot regarde mais il travaille pas à l'amélioration".

Diagnosis: 14 of 20 overnight runs were pure observation (👀/🧠
emoji only). Zero registry submissions, zero blog posts, zero
code improvements. The "don't invent work" rule from earlier
got over-applied and neutralised the action mandate.

Fix:

1. New file `agent_autonomous/state/always_available_work.md`:
   pre-approved improvement backlog with 5 sections:
   A. Registry submissions (Smithery, Glama, PulseMCP, mcp.so,
      awesome-mcp-servers, TensorBlock)
   B. Code/doc improvements (TS SDK skeleton, OpenAPI examples,
      examples/ folder, AIP-2 draft, conformance expansion,
      missions RSS feed, tutorial)
   C. Content (blog post Aigen-Protocol#2, AIP-1 v0.2, journal reading guide)
   D. Outreach support (more candidates, issue templates, FAQ)
   E. Self-improvements (cost trending, response drafts)

2. system_prompt.md HARD RULE added:
   - max 2 consecutive watching-only runs allowed
   - on 3rd run MUST pick from backlog
   - watching = done_today emoji only 👀 or 🧠
   - shipping = 🛡 / 📜 / 📤 / 💬 / 🚀
   - Override "don't invent work" because backlog items are
     PRE-APPROVED by Bilale, not invented

3. Read protocol updated: always_available_work.md is now
   step 0, BEFORE chat.jsonl.

Posted directive in chat + manual trigger. Next run should
pick Smithery or Glama submission.

…discovery

Smithery's docs (smithery.ai/docs/build/publish.md) document an auto-scan
fallback at /.well-known/mcp/server-card.json. Pre-staging this manifest means
that when SmitheryBot/1.0 crawls — or when Bilale completes the smithery.ai/new
GitHub-OAuth submission — the scan succeeds first-try with all 22 tools listed.

Same pattern as commit 2ec84e7 (glama.json), lesson 52 in agent_autonomous.

Files:
- .well-known/mcp-server-card.json (new, 6214B, schema-conforming)
- web/sitemap.xml (+1 url entry)
- agent_autonomous/state/always_available_work.md (mark Smithery partial-done)

Verified live at https://cryptogenesis.duckdns.org/.well-known/mcp/server-card.json

- notify.sh: ntfy.sh push helper (free, no signup, iPhone/Android app).
  Topic in state/.ntfy_topic (gitignored). Tested live.
- system_prompt.md: when to push (first external user, approval card,
  cost spike, inbox external, scanner down, outreach reply). Max 5/day.
- system_prompt.md: rollback Tier A directives:
  - 'annule ton dernier commit' → git revert HEAD + push + notify
  - 'mode dégradé pour Nh' → state/watch_only_until (run.sh blocks)
  - 'reprise' → rm watch_only_until
- run.sh: check watch_only_until at start, exports AIGEN_DEGRADED_MODE=1
- Cost-aware: at >$30/day journal + push, at >$50/day auto kill_switch

Seven numbered files give a new dev a copy-paste-runnable path through
the protocol in under 5 min: discovery → list → read → submit flows for
both first_valid_match and peer_vote → Python SDK. All shell scripts
smoke-tested against live cryptogenesis.duckdns.org.

Integrated above the existing autonomous_bounty_hunter.py section in
examples/README.md so the entry tour reads before the full-agent example.

- consolidate.py: weekly journal archive (>7d → journal_archive/W{NN}.md),
  lessons dedup (sha1-based), weekly public digest at /reports/{week}.md.
  Fires automatically Friday 18:13 UTC via systemd timer.
  Emergency truncate if journal >200KB.
- aigen-consolidate.{service,timer}: systemd units, daily check, runs as luna.
  Enabled and verified.
- run.sh dashboard refresh extended with fresh_context block:
  * repo_stats from gh api (stars, forks, issues, watchers)
  * recent commits to punkpeye/awesome-mcp-servers (who's submitting today)
  * HN top 30 stories filtered for: agent, mcp, anthropic, bounty,
    claude, openai keywords (top 5 hits)
  Lets agent react to outside-world events (e.g. competitor launch,
  framework release, viral HN post about the category).

Tested live: fresh_context returns real data. Reference impl now has
1 star + 3 forks. Consolidator scheduled for Fri 18:13 UTC.

Side effect: reports/2026-W20.md created showing this week's autopilot
activity by category (15 watch, 8 actions, breakdown by emoji type).

…rotocol#56

Backlog item B `examples/` folder marked [x] (commit 7f77933).
Journal entry for run Aigen-Protocol#56 documenting decision tree (skipped 3 stale
PR-bumps under threshold, pivoted to entry-level examples tour).

…allback

- /reports index + /reports/{name} routes added to scanner.py (public,
  no auth — weekly digests and daily reports are external-facing
  proofs of activity)
- distribution/outreach_status.json: source of truth for who got
  contacted, when, via what, draft version, response status. 12 targets
  pre-populated (10 batch + Codex + Nico already sent).
- system_prompt.md: rule to update outreach_status.json when responses
  arrive + weekly Friday analysis of patterns, draft v2 templates if
  clear winners emerge.
- run.sh cost-aware: today_spent_usd > $30 OR AIGEN_DEGRADED_MODE=1
  → switch to --model sonnet (5× cheaper). At $50 already triggers
  kill_switch via system_prompt rule.
- run.sh prompt updated: explicit reading order including
  always_available_work.md, outreach_status.json, chat.jsonl
- AIGEN_DEGRADED_MODE propagates to Claude via env so it observation-only

Two-agent split:
- WATCHER (run_watcher.sh + watcher_prompt.md): runs every 5 min via
  systemd. Model: Sonnet (8× cheaper than Opus). Job: detect delta in
  external signals vs state/watcher_last_seen.json. If new+interesting:
  write state/wake_builder. NO commits, NO chat posts, NO journal updates.
  Just sentry duty.
  Tested live: 1 run cost \$0.072, 25s, decided "interesting: false"
  correctly (no delta from initial empty snapshot).

- BUILDER (existing claude-autopilot.service): unchanged. Still runs
  every 30min cron + on GitHub webhook. NEW: also triggered immediately
  when wake_builder file appears via aigen-builder-wake.path systemd
  path watcher.

- Web research: WebFetch + WebSearch via Claude Code added to allowed
  tools in system_prompt. Hard cap: 2 fetches/run. Use cases enumerated
  (identify new client, check competitor status, read HN discussion of
  AIP-1, look up outreach target's recent tweet).

systemd units installed:
- aigen-watcher.service (oneshot, User=luna)
- aigen-watcher.timer (OnCalendar=*-*-* *:*:13, OnUnitInactiveSec=300)
- aigen-builder-wake.path (PathExists=state/wake_builder)

Cost projection:
- Watcher: 288 runs/day × \$0.07 = \$20/day api-equiv (Sonnet)
- Builder: ~48 scheduled + ~5 wake = ~50/day × \$0.50 = \$25/day
- Total ~\$45/day (Max plan: quota only, no \$)

Trade-off vs old: 5-min reactivity instead of 30-min, at higher quota.

Bilale already has the bot token from bug_hunt/production. Reuse it.

- notify.sh: rewritten for Telegram Bot API
  - reads creds from state/.telegram_creds (gitignored, 600 perm)
  - priority maps to emoji prefix + silent/loud
    * urgent: 🚨 loud
    * high:   🔥 loud
    * default:🤖 loud
    * low:    ℹ️ silent
  - HTML formatted, includes dashboard link
  - --data-urlencode for body to handle special chars
- system_prompt.md: updated wording (Telegram instead of ntfy)
- All 'when to push' rules unchanged
- Removed state/.ntfy_topic (deprecated)

Test send verified: "Helper marche" message dispatched OK
(message_id 74162 returned).

72h traffic analysis turned into substantive blog post (~1300 words).
Topic: machine vs human discovery layer, 4-category crawler taxonomy,
@worjs unsolicited submission as the real traction signal, honest
state of protocol after 72h.

Backlog: mark blog-post-2 done, PulseMCP item updated (repo DNE).

Co-Authored-By: Cryptogen <Cryptogen@zohomail.eu>

Zero-dep OABPClient port: listMissions, getMission, submit, agent,
leaderboard, agentBadgeUrl, discover — same surface as Python SDK.
Native fetch, Node 18+/browser, strict TypeScript, no runtime deps.
README updated to surface both SDKs in Documentation section.

Co-Authored-By: Cryptogen@zohomail.eu

…aisec-registry/0.2 subpath-OAuth security-registry probe (36 reqs in 9s all 404, sec.sqrx.io offline, abandoned target)

…hybrid MCP+UI-page-walking task-board discovery client (218.68.108.172 Tianjin node, 3 sessions in 4h41m, 67+ reqs, drill-down URL guessing /tasks/26 → 404 reveals view_url field gap on /work/board JSON)

…— uniform 200 status mask of silent submission rejection (atlas-global-health-ai 2026-05-25 + stark-orchestrator-v0 2026-05-28, 16 rejected POSTs in 1h)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

…stark-orchestrator-v0 multi-mission distributed-orchestration economic submitter (cooperating 2-IP/3-UA fleet, 4h35m+ active, demonstrates LIVE submitter→watcher transition at 01:14:48Z after 48 silent-200 rejects exhausted retry budget — first empirical confirmation of pitfall Aigen-Protocol#12 failure mode in production within 24h of the pitfall being published)

…kra/OpenAgents oabp-php-client (4115B zero-dep PHP, real concrete external impl discovered via mission submission audit + GitHub api content read)

… Agent Tool Intel badge + cross-link

Federation gesture (Menu D9) discharging the public commitments made at issue
Aigen-Protocol#34 issuecomment-4571891949 (run #306, 2026-05-29T07:09Z) to HMCHENGGH after
his quality-scoring service rated AIGEN Grade A 88/100:

- README.md: Agent Tool Intel Grade A badge (shields.io flat-square in same
  visual register as existing AIP/spec badges; links to the service homepage)
- docs/SECOND_IMPLEMENTATION.md: new row 'MCP quality-scoring registries'
  in 'What to expect after publication' table, distinct category from the
  pre-existing 'MCP catalog crawlers' row. Captures Agent Tool Intel + Chiark
  as the two quality-rating services that converged on us within 2h on
  2026-05-29 (Agent Tool Intel self-disclosure 05:30Z, Chiark first probe
  07:36Z), with the empirical pattern that this register is now distinct
  from raw catalog crawlers (the latter just surface listings; the former
  surface scores agents can browse before engaging).

No spec changes. No surface changes. Doc-only federation gesture that
recognises peers (Menu A4) and discharges a public commitment in writing.

Resolves Aigen-Protocol#27. Merging as reviewed — smoke-tested against live 2,078-mission JSON: codex-wallet-agent 0→37 pts, lobsterai-agent 0→6 pts. The two non-blocking observations (Aigen-Protocol#27 latent over-count, unknown-type 5pt default) are low-risk and can be addressed in AIP-3 v0.2 alongside the reputation breakdown spec PR. AIP-1 v0.4 §5.x bounties breakdown and AIP-3 v0.2 §2 attestation breakdown PRs to follow referencing issue Aigen-Protocol#33. Co-authored-by: scosemicolon <scosemicolon@users.noreply.github.com>

…ecs/AIP-1.es.md, 409 lines, CC0)

Squash-merge of Spanish AIP-1 translation. 409 additions, no code changes. Thanks to the initial Spanish translation effort.

Community: translations of AIP-1/2/3 in other languages (Portuguese, French, German, Japanese, Korean, Arabic...) welcome — open a PR following the same pattern (translate prose, preserve all JSON/code verbatim, CC0 license). Each accepted translation earns 50 AIGEN.

…ecs/AIP-2.es.md, 351 lines, CC0)

…ecs/AIP-3.es.md, 345 lines, CC0)

…te AIP-3.fr + AIP-1.zh-CN to v0.3.5 (sisyphus-agent-001, oracle-judged 2026-05-29)

…ams for radar missions (scosemicolon)

Add AIP-2 mission type metadata for radar missions

…erved 404 gap from active dev, Vultr SG, 2026-05-29)

Co-Authored-By: Cryptogen@zohomail.eu

GitHub showed 'no license' despite the README MIT badge; add the actual LICENSE file so usage terms are unambiguous. Add a 1280x640 social-preview card for link unfurls on X/Discord/Reddit.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

…edup (58s → 2.8s)

missions.json (6.3MB) was parsed 170× per leaderboard call (85 agents × derive_reputation + _last_activity_ts).
Added 60s TTL module-level cache (_load_cached) so all files are parsed once per call.
Triggered by /api/leaderboard 499 timeouts observed from Vultr SG dev (45.76.145.122).

Co-authored-by: Cryptogen <Cryptogen@zohomail.eu>

…otocol#40)

Merging — clean implementation that follows the existing tool patterns exactly. Closes Aigen-Protocol#39.

…ms to create_mission()

PR Aigen-Protocol#30 (commit 7841b84) added body references to `mission_type` and `type_params`
at lines 433-438 but did NOT add them to the function signature. Result: every
call to create_mission() — including the public HTTP endpoint /missions/create —
returned `NameError: name 'mission_type' is not defined` since the merge at
2026-05-29T20:14Z. Confirmed live via curl probe at 2026-05-30T02:13Z.

Fix: add both as keyword args with safe defaults (mission_type="freeform"
matches the existing fallback `(mission_type or "freeform")` logic; type_params=None
matches the `type_params or {}` logic). Backward compat preserved — old callers
that omit these keep working unchanged.

Production scanner (token-scanner/scanner.py) still holds the cached module in
memory; restart needed to pick this up. Tracked in waiting_on_bilale.

…calibrates)

…en-Protocol#38)

- Add .github/workflows/conformance.yml: runs on push + PR to main
- Sets up Python 3.12, installs pytest, runs sdk/python/tests/
- Add CI status badge to README.md