feat: add Agent Identity & Trust Platform (Phase 6)

Transform PeerClaw from protocol gateway to identity & trust platform:

- EWMA reputation engine (internal/reputation/) with 10 event types
- Endpoint verification via challenge-response (internal/verification/)
- Public API: /api/v1/directory for unauthenticated agent browsing
- Reputation integration in register/heartbeat/bridge handlers
- Heartbeat timeout checker goroutine (60s interval, 5m timeout)
- Frontend: rename web/dashboard to web/app, add public pages
  (Landing, Directory, Profile), admin routes moved to /admin/*
- New components: ReputationMeter, VerifiedBadge, ReputationChart
- PublicEndpoint opt-in field for endpoint URL visibility
- Updated docs to reflect identity & trust positioning

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: gcmsg

Makefile

@@ -6,7 +6,7 @@ GO := go
 GOFLAGS := -v
 
 dashboard:
-	cd web/dashboard && npm install && npm run build
+	cd web/app && npm install && npm run build
 
 build: dashboard
 	CGO_ENABLED=1 $(GO) build $(GOFLAGS) -o $(BUILD_DIR)/$(BINARY) ./cmd/peerclawd

README.md

@@ -2,9 +2,9 @@
 
 # peerclaw-server
 
-**AI Agent Gateway — register, discover, connect, and bridge across protocols.**
+**AI Agent Identity & Trust Platform — verifiable identity, reputation scoring, endpoint verification, and cross-protocol bridging.**
 
-peerclaw-server is the coordination hub for AI agents. Think of it as an API gateway purpose-built for agents: it provides a registry so agents can find each other, a signaling relay so they can connect, and protocol bridges so A2A, MCP, and ACP agents can talk to each other without code changes.
+peerclaw-server is the trust infrastructure for AI agents. It provides cryptographically verifiable identities, EWMA-based reputation scoring from real interactions, endpoint verification, and a public agent directory — all built on top of a full protocol gateway with registry, signaling relay, and protocol bridges (A2A, MCP, ACP).
 
 Start it with one command. No external dependencies required.
 
@@ -17,6 +17,9 @@ Start it with one command. No external dependencies required.
 
 | Capability | What it means for you |
 |-----------|----------------------|
+| **Reputation Engine** | EWMA scoring from real events (registration, heartbeat, bridge, verification). Trust that's earned, not claimed. |
+| **Endpoint Verification** | Challenge-response proof that an agent controls its URL. Ed25519 signed. |
+| **Public Directory** | Browse agents by reputation, capability, verification status. No auth required. |
 | **Agent Registry** | Agents register their capabilities. Anyone can discover them. Like DNS for agents. |
 | **Protocol Bridging** | An MCP agent can call an A2A agent. The gateway translates automatically. |
 | **Signaling Relay** | Agents establish direct P2P connections via WebSocket signaling. |
@@ -96,6 +99,8 @@ curl http://localhost:8080/api/v1/health
 | **Bridge** | `internal/bridge/` | Protocol adapters (A2A, MCP, ACP) + negotiator |
 | **Router** | `internal/router/` | Capability-based message routing |
 | **Federation** | `internal/federation/` | Multi-server signal relay, DNS SRV discovery |
+| **Reputation** | `internal/reputation/` | EWMA reputation engine, event recording, score computation |
+| **Verification** | `internal/verification/` | Challenge-response endpoint verification (SSRF-safe) |
 | **Security** | `internal/security/` | URL validation (SSRF protection), safe HTTP client |
 | **Config** | `internal/config/` | YAML config with `${ENV_VAR}` secret substitution |
 | **Observability** | `internal/observability/` | OpenTelemetry provider setup |
@@ -192,6 +197,20 @@ Applies to: `redis.password`, `database.dsn`, `signaling.turn.credential`, `fede
 | `DELETE` | `/api/v1/agents/{id}` | Deregister an agent (owner only) |
 | `POST` | `/api/v1/agents/{id}/heartbeat` | Report heartbeat (owner only) |
 
+### Public Directory (no auth required)
+
+| Method | Path | Description |
+|--------|------|-------------|
+| `GET` | `/api/v1/directory` | Browse agent directory (filter: `capability`, `protocol`, `status`, `verified`, `min_score`, `search`; sort: `reputation`, `name`, `registered_at`) |
+| `GET` | `/api/v1/directory/{id}` | Public agent profile (sanitized, no auth params) |
+| `GET` | `/api/v1/directory/{id}/reputation` | Reputation event history |
+
+### Verification
+
+| Method | Path | Description |
+|--------|------|-------------|
+| `POST` | `/api/v1/agents/{id}/verify` | Initiate endpoint verification (owner only) |
+
 ### Discovery & Routing
 
 | Method | Path | Description |
@@ -214,7 +233,7 @@ When `auth.required: true`, all non-public endpoints require one of:
 - **Bearer token**: `Authorization: Bearer <api-key>`
 - **Ed25519 signature**: `X-PeerClaw-PublicKey` + `X-PeerClaw-Signature` headers
 
-Public endpoints (no auth): `GET /api/v1/health`, `GET /.well-known/agent.json`, `GET /acp/ping`
+Public endpoints (no auth): `GET /api/v1/health`, `GET /api/v1/directory`, `GET /api/v1/directory/{id}`, `GET /api/v1/directory/{id}/reputation`, `GET /.well-known/agent.json`, `GET /acp/ping`
 
 ## Protocol Gateway Endpoints
 

README_zh.md

@@ -2,9 +2,9 @@
 
 # peerclaw-server
 
-**AI Agent 网关 — 注册、发现、连接、跨协议通信。**
+**AI Agent 身份与信任平台 — 可验证身份、声誉评分、端点验证、跨协议桥接。**
 
-peerclaw-server 是 AI Agent 的协调中心。你可以把它理解为专为 Agent 设计的 API 网关：提供注册中心让 Agent 互相发现，提供信令中转让它们建立连接，提供协议桥接让 A2A、MCP、ACP 的 Agent 无需改代码就能互相通信。
+peerclaw-server 是 AI Agent 的信任基础设施。它提供密码学可验证身份、基于真实交互的 EWMA 声誉评分、端点验证、以及公开的 Agent 目录 — 一切都构建在完整的协议网关之上，包括注册中心、信令中转和协议桥接（A2A、MCP、ACP）。
 
 一行命令启动，零外部依赖。
 
@@ -17,6 +17,9 @@ peerclaw-server 是 AI Agent 的协调中心。你可以把它理解为专为 Ag
 
 | 能力 | 对你意味着什么 |
 |------|--------------|
+| **声誉引擎** | 基于真实事件（注册、心跳、桥接、验证）的 EWMA 评分。信任是赢得的，不是声称的。 |
+| **端点验证** | Challenge-Response 证明 Agent 控制其 URL，Ed25519 签名。 |
+| **公开目录** | 按声誉、能力、验证状态浏览 Agent，无需认证。 |
 | **Agent 注册中心** | Agent 注册自己的能力，任何人都能发现它。像 Agent 的 DNS。 |
 | **协议桥接** | MCP Agent 可以调用 A2A Agent，网关自动翻译。 |
 | **信令中转** | Agent 通过 WebSocket 信令建立 P2P 直连。 |
@@ -96,6 +99,8 @@ curl http://localhost:8080/api/v1/health
 | **桥接** | `internal/bridge/` | 协议适配器（A2A、MCP、ACP）+ 协商器 |
 | **路由** | `internal/router/` | 基于能力的消息路由 |
 | **联邦** | `internal/federation/` | 多服务器信令中转、DNS SRV 发现 |
+| **声誉** | `internal/reputation/` | EWMA 声誉引擎、事件记录、分数计算 |
+| **验证** | `internal/verification/` | Challenge-Response 端点验证（SSRF 安全） |
 | **安全** | `internal/security/` | URL 校验（SSRF 防护）、安全 HTTP 客户端 |
 | **配置** | `internal/config/` | YAML 配置 + `${ENV_VAR}` 密钥替换 |
 | **可观测** | `internal/observability/` | OpenTelemetry Provider 初始化 |
@@ -192,6 +197,20 @@ redis:
 | `DELETE` | `/api/v1/agents/{id}` | 注销 Agent（仅所有者） |
 | `POST` | `/api/v1/agents/{id}/heartbeat` | 上报心跳（仅所有者） |
 
+### 公开目录（免认证）
+
+| 方法 | 路径 | 说明 |
+|------|------|------|
+| `GET` | `/api/v1/directory` | 浏览 Agent 目录（过滤：`capability`、`protocol`、`status`、`verified`、`min_score`、`search`；排序：`reputation`、`name`、`registered_at`） |
+| `GET` | `/api/v1/directory/{id}` | Agent 公开档案（脱敏，不含认证参数） |
+| `GET` | `/api/v1/directory/{id}/reputation` | 声誉事件历史 |
+
+### 端点验证
+
+| 方法 | 路径 | 说明 |
+|------|------|------|
+| `POST` | `/api/v1/agents/{id}/verify` | 发起端点验证（仅所有者） |
+
 ### 发现与路由
 
 | 方法 | 路径 | 说明 |
@@ -214,7 +233,7 @@ redis:
 - **Bearer Token**：`Authorization: Bearer <api-key>`
 - **Ed25519 签名**：`X-PeerClaw-PublicKey` + `X-PeerClaw-Signature` 请求头
 
-公开端点（免认证）：`GET /api/v1/health`、`GET /.well-known/agent.json`、`GET /acp/ping`
+公开端点（免认证）：`GET /api/v1/health`、`GET /api/v1/directory`、`GET /api/v1/directory/{id}`、`GET /api/v1/directory/{id}/reputation`、`GET /.well-known/agent.json`、`GET /acp/ping`
 
 ## 协议网关端点
 

cmd/peerclawd/main.go

@@ -10,6 +10,8 @@ import (
 	"syscall"
 	"time"
 
+	"database/sql"
+
 	"github.com/peerclaw/peerclaw-server/internal/audit"
 	"github.com/peerclaw/peerclaw-server/internal/bridge"
 	"github.com/peerclaw/peerclaw-server/internal/bridge/a2a"
@@ -19,9 +21,11 @@ import (
 	"github.com/peerclaw/peerclaw-server/internal/federation"
 	"github.com/peerclaw/peerclaw-server/internal/observability"
 	"github.com/peerclaw/peerclaw-server/internal/registry"
+	"github.com/peerclaw/peerclaw-server/internal/reputation"
 	"github.com/peerclaw/peerclaw-server/internal/router"
 	"github.com/peerclaw/peerclaw-server/internal/server"
 	"github.com/peerclaw/peerclaw-server/internal/signaling"
+	"github.com/peerclaw/peerclaw-server/internal/verification"
 	goredis "github.com/redis/go-redis/v9"
 )
 
@@ -77,6 +81,33 @@ func main() {
 	}
 	defer store.Close()
 
+	// Extract the underlying *sql.DB for shared use by reputation and verification modules.
+	sqlDB, _ := store.GetDB().(*sql.DB)
+
+	// Initialize reputation engine.
+	var repEngine *reputation.Engine
+	if sqlDB != nil {
+		repStore := reputation.NewSQLiteStore(sqlDB)
+		if err := repStore.Migrate(context.Background()); err != nil {
+			logger.Error("failed to migrate reputation tables", "error", err)
+			os.Exit(1)
+		}
+		repEngine = reputation.NewEngine(repStore, logger)
+		logger.Info("reputation engine initialized")
+	}
+
+	// Initialize verification challenger.
+	var verifyChallenger *verification.Challenger
+	if sqlDB != nil {
+		verifyStore := verification.NewSQLiteStore(sqlDB)
+		if err := verifyStore.Migrate(context.Background()); err != nil {
+			logger.Error("failed to migrate verification tables", "error", err)
+			os.Exit(1)
+		}
+		verifyChallenger = verification.NewChallenger(verifyStore, logger)
+		logger.Info("endpoint verification initialized")
+	}
+
 	// Initialize services.
 	regService := registry.NewService(store, logger)
 	routeTable := router.NewTable()
@@ -169,6 +200,12 @@ func main() {
 	httpServer.SetStore(store)
 	httpServer.SetAudit(auditLogger)
 	httpServer.SetMetrics(otelMetrics)
+	if repEngine != nil {
+		httpServer.SetReputation(repEngine)
+	}
+	if verifyChallenger != nil {
+		httpServer.SetVerificationChallenger(verifyChallenger)
+	}
 	if fedService != nil {
 		httpServer.SetFederation(fedService)
 	}
@@ -202,6 +239,40 @@ func main() {
 			sigHub.SetBroker(signaling.NewLocalBroker(sigHub))
 		}
 	}
+	// Start heartbeat timeout checker goroutine.
+	if repEngine != nil && sqlDB != nil {
+		go func() {
+			ticker := time.NewTicker(60 * time.Second)
+			defer ticker.Stop()
+			for {
+				select {
+				case <-ctx.Done():
+					return
+				case <-ticker.C:
+					// Find agents whose last heartbeat is older than 5 minutes and status is online.
+					rows, err := sqlDB.QueryContext(ctx,
+						`SELECT id FROM agents WHERE status = 'online' AND last_heartbeat < ?`,
+						time.Now().UTC().Add(-5*time.Minute).Format(time.RFC3339),
+					)
+					if err != nil {
+						logger.Warn("heartbeat check query failed", "error", err)
+						continue
+					}
+					for rows.Next() {
+						var agentID string
+						if err := rows.Scan(&agentID); err != nil {
+							continue
+						}
+						repEngine.RecordEvent(ctx, agentID, "heartbeat_miss", "")
+						logger.Debug("heartbeat miss recorded", "agent_id", agentID)
+					}
+					rows.Close()
+				}
+			}
+		}()
+		logger.Info("heartbeat timeout checker started", "interval", "60s", "timeout", "5m")
+	}
+
 	grpcServer := server.NewGRPCServer(cfg.Server.GRPCAddr, logger)
 
 	var wg sync.WaitGroup

internal/registry/postgres.go

@@ -300,6 +300,10 @@ func (s *PostgresStore) FindByCapabilities(ctx context.Context, capabilities []s
 	return agents, rows.Err()
 }
 
+func (s *PostgresStore) GetDB() interface{} {
+	return s.db
+}
+
 func (s *PostgresStore) Close() error {
 	return s.db.Close()
 }

internal/registry/sqlite.go

@@ -153,6 +153,17 @@ func (s *SQLiteStore) List(ctx context.Context, filter ListFilter) (*ListResult,
 		conditions = append(conditions, "status = ?")
 		args = append(args, string(filter.Status))
 	}
+	if filter.Verified {
+		conditions = append(conditions, "verified = 1")
+	}
+	if filter.MinScore > 0 {
+		conditions = append(conditions, "COALESCE(reputation_score, 0.5) >= ?")
+		args = append(args, filter.MinScore)
+	}
+	if filter.Search != "" {
+		conditions = append(conditions, "(name LIKE ? OR description LIKE ?)")
+		args = append(args, "%"+filter.Search+"%", "%"+filter.Search+"%")
+	}
 
 	where := ""
 	if len(conditions) > 0 {
@@ -176,14 +187,24 @@ func (s *SQLiteStore) List(ctx context.Context, filter ListFilter) (*ListResult,
 		fmt.Sscanf(filter.PageToken, "%d", &offset)
 	}
 
+	orderBy := "registered_at DESC"
+	switch filter.SortBy {
+	case "reputation":
+		orderBy = "COALESCE(reputation_score, 0.5) DESC"
+	case "name":
+		orderBy = "name ASC"
+	case "registered_at":
+		orderBy = "registered_at DESC"
+	}
+
 	query := fmt.Sprintf(`SELECT
 		id, name, description, version, COALESCE(public_key, ''), capabilities,
 		endpoint_url, endpoint_host, endpoint_port, endpoint_transport,
 		protocols, auth_type, auth_params, metadata,
 		peerclaw_nat, peerclaw_relay, peerclaw_priority, peerclaw_tags,
 		COALESCE(skills, '[]'), COALESCE(tools, '[]'),
 		status, registered_at, last_heartbeat
-		FROM agents %s ORDER BY registered_at DESC LIMIT ? OFFSET ?`, where)
+		FROM agents %s ORDER BY %s LIMIT ? OFFSET ?`, where, orderBy)
 
 	args = append(args, pageSize, offset)
 	rows, err := s.db.QueryContext(ctx, query, args...)
@@ -274,6 +295,10 @@ func (s *SQLiteStore) FindByCapabilities(ctx context.Context, capabilities []str
 	return agents, rows.Err()
 }
 
+func (s *SQLiteStore) GetDB() interface{} {
+	return s.db
+}
+
 func (s *SQLiteStore) Close() error {
 	return s.db.Close()
 }

internal/registry/store.go

@@ -13,6 +13,11 @@ type ListFilter struct {
 	Status     agentcard.AgentStatus
 	PageSize   int
 	PageToken  string
+	// Public directory filters.
+	Verified bool
+	MinScore float64
+	Search   string
+	SortBy   string // "reputation", "name", "registered_at"
 }
 
 // ListResult holds a page of agents and pagination info.
@@ -42,6 +47,9 @@ type Store interface {
 	// FindByCapabilities returns agents that match any of the given capabilities.
 	FindByCapabilities(ctx context.Context, capabilities []string, protocol string, maxResults int) ([]*agentcard.Card, error)
 
+	// GetDB returns the underlying *sql.DB for shared use by other modules.
+	GetDB() interface{}
+
 	// Close releases resources.
 	Close() error
 }