mpl-proxy 0.1.2

MPL sidecar proxy for MCP/A2A traffic
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295

# MPL: Meaning Protocol Layer

[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
[![Docs](https://img.shields.io/badge/docs-mkdocs-blue.svg)](https://skelf-research.github.io/mpl)
[![Tests](https://img.shields.io/badge/tests-144%20passing-brightgreen.svg)](#status)

### Contracts, quality measurement, and audit trails for AI agent communication.

MPL sits between your agents and their tools. It makes every interaction **typed**, **measurable**, and **provable** — so you can move from prototype to production without rewriting your stack.

```
┌─────────────────────────────────────────────────────────┐
│                    Your Agent Logic                      │
├─────────────────────────────────────────────────────────┤
│                    MPL (this layer)                      │
│   Contracts  ·  Quality Metrics  ·  Policies  ·  Proofs │
├─────────────────────────────────────────────────────────┤
│            MCP (client-server)  |  A2A (peer-to-peer)   │
└─────────────────────────────────────────────────────────┘
```

---

## Get Running in 2 Minutes

```bash
cargo install mplx
mpl proxy http://your-mcp-server:8080
```

Your agents keep working exactly as before — MPL observes, validates, and records everything passing through. Open http://localhost:9080 for the dashboard.

When you're ready to enforce:

```bash
mpl schemas generate        # Learn contracts from live traffic
mpl schemas approve --all   # Lock them in
mpl proxy http://your-mcp-server:8080 --mode production
```

Now malformed requests get blocked before they reach your server.

---

## What This Does For You

| Your problem | How MPL helps |
|-------------|---------------|
| Agent outputs are unpredictable | Define contracts for every message type — invalid payloads are caught immediately |
| "It worked in testing" doesn't satisfy compliance | Every interaction gets a tamper-proof hash and quality score you can point to |
| Breaking changes surface in production | Schema validation catches structural errors at the protocol layer |
| No visibility into what agents actually did | Full provenance chain — which agent, what intent, which inputs, what quality score |
| Compliance review blocks your deployment | Audit trails map directly to SOX, GDPR, HIPAA, and EU AI Act requirements |

---

## This Is Not a Guardrail

Guardrails are reactive safety nets — they block bad outputs after generation. MPL is different:

| | Guardrails | MPL |
|-|-----------|-----|
| **When** | After the agent responds | Before, during, and after |
| **What** | Filters harmful content | Defines what correct looks like, measures quality, records proof |
| **Scope** | Single agent output | Entire communication chain across agents |
| **Output** | Pass/block decision | Typed contracts, quality scores, provenance records, audit trails |
| **Adapts to** | Safety policies | Your domain schemas, your quality thresholds, your compliance requirements |

MPL doesn't ask "is this safe?" — it asks **"did this meet the contract, and can you prove it?"**

---

## Adapt It To Your Domain

### Define Your Own Contracts

Create a schema for any message type your agents handle:

```json
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Support Ticket",
  "type": "object",
  "required": ["title", "priority", "description"],
  "properties": {
    "title": { "type": "string", "minLength": 1 },
    "priority": { "enum": ["low", "medium", "high", "critical"] },
    "description": { "type": "string", "minLength": 10 },
    "assignee": { "type": "string" }
  }
}
```

Save it as `registry/stypes/org/support/Ticket/v1/schema.json` — done. Your agents now validate against it.

### Set Your Own Quality Thresholds

Pick which metrics matter for your use case:

```yaml
# qom-my-profile.json
name: "my-production-profile"
metrics:
  schema_fidelity: { min: 1.0 }          # Must match contract perfectly
  instruction_compliance: { min: 0.95 }   # Must follow constraints
  groundedness: { min: 0.90 }             # Claims must cite sources
```

### Write Your Own Policies

Enforce organizational rules at the protocol layer:

```yaml
policies:
  - name: "require-provenance"
    match: { stypes: ["org.finance.*"] }
    rules:
      - deny_if_missing: ["provenance.agent_id"]
      - require_profile: "my-production-profile"
```

### 25+ Contracts Ship Out of the Box

Get started without defining anything — use the pre-built types and extend from there:

| Namespace | Examples |
|-----------|----------|
| `org.*` | Calendar events, task plans, tool calls, workflows |
| `data.*` | Tables, records, queries, file metadata |
| `eval.*` | RAG queries, search results, feedback |
| `ai.*` | Prompt templates, completions, reasoning traces |

---

## SDK Examples

### Python

```bash
pip install mpl-sdk
```

```python
from mpl_sdk import Client, Mode

async with Client("http://localhost:9443", mode=Mode.PRODUCTION) as client:
    result = await client.call("calendar.create", {
        "title": "Quarterly Review",
        "start": "2025-03-15T14:00:00Z",
        "end": "2025-03-15T15:00:00Z"
    })

    result.valid       # True  — matched the contract
    result.qom_passed  # True  — met quality thresholds
    result.data        # The response payload
```

### TypeScript

```bash
npm install @mpl/sdk
```

```typescript
import { MplClient, Mode } from '@mpl/sdk';

const client = new MplClient('http://localhost:9443', { mode: Mode.Production });

const result = await client.call('calendar.create', {
  title: 'Quarterly Review',
  start: '2025-03-15T14:00:00Z',
  end: '2025-03-15T15:00:00Z',
});

result.valid;     // true  — matched the contract
result.qomPassed; // true  — met quality thresholds
```

### Docker

```bash
git clone https://github.com/Skelf-Research/mpl.git && cd mpl
docker compose up -d
curl http://localhost:9443/health  # {"status": "healthy"}
```

---

## How It Works

**1. Contracts**

Every message declares what it is — a versioned identifier backed by a JSON Schema:

```json
{
  "stype": "org.calendar.Event.v1",
  "payload": { "title": "Meeting", "start": "2025-01-15T10:00:00Z", "end": "..." },
  "sem_hash": "blake3:7f2a...",
  "provenance": { "agent_id": "scheduler", "intent": "create-event" }
}
```

If the payload doesn't match the contract, it's rejected before reaching the server.

**2. Quality Measurement**

Six metrics you can mix and match into profiles:

| Metric | What it answers |
|--------|----------------|
| Schema Fidelity | Does the payload match the contract? |
| Instruction Compliance | Were the constraints followed? |
| Groundedness | Are claims backed by sources? |
| Determinism | Is the output stable across runs? |
| Ontology Adherence | Are domain rules respected? |
| Tool Outcome | Did the side effects match expectations? |

Use `qom-basic` while developing. Switch to `qom-strict-argcheck` for production. Or define your own.

**3. No Code Changes Required**

MPL runs as a proxy alongside your existing setup:

```
Agent  ──▶  MPL Proxy  ──▶  MCP/A2A Server
              ├── Validates contracts
              ├── Measures quality
              ├── Applies policies
              └── Records everything
```

Start in transparent mode (observe only), graduate to strict (enforce) when you're ready.

**4. Compliance You Can Point To**

Every message through MPL carries a BLAKE3 hash (tamper detection), provenance metadata (who did what), and a quality report (did it meet thresholds). These map to:

| Requirement | What MPL provides |
|-------------|-------------------|
| Tamper-evident records (SOX) | Cryptographic hash on every payload |
| Data handling proof (GDPR) | Consent references + policy enforcement |
| Accuracy controls (HIPAA) | Quality thresholds on clinical outputs |
| Transparency (EU AI Act) | Quality scores + full provenance chain |

---

## Documentation

Full docs at **[skelf-research.github.io/mpl](https://skelf-research.github.io/mpl)**

| I want to... | Start here |
|--------------|-----------|
| Get running quickly | [Quick Start](https://skelf-research.github.io/mpl/getting-started/quick-start/) |
| Understand the architecture | [How It Works](https://skelf-research.github.io/mpl/overview/how-it-works/) |
| Follow a tutorial end-to-end | [Guides](https://skelf-research.github.io/mpl/guides/) |
| Create my own contracts | [Custom SType Tutorial](https://skelf-research.github.io/mpl/guides/tutorials/custom-stype/) |
| Look up SDK methods | [Python](https://skelf-research.github.io/mpl/reference/python/) / [TypeScript](https://skelf-research.github.io/mpl/reference/typescript/) |
| Deploy to Kubernetes | [Deployment](https://skelf-research.github.io/mpl/deployment/) |
| Understand the compliance story | [Security & Compliance](https://skelf-research.github.io/mpl/security/) |

---

## Status

| Phase | What's in it |
|-------|-------------|
| **Phase 1** — Complete | Core protocol, Python SDK, Sidecar Proxy, Schema Registry |
| **Phase 2** — Complete | TypeScript SDK, Registry API, Helm Chart, Policy Engine |
| **Phase 3** — In Progress | Conformance suite, A2A hardening, Production readiness |

---

## Repository

```
crates/mpl-protocol/    Core protocol (Rust)
crates/mpl-proxy/       Sidecar proxy
crates/mplx/            CLI tooling
python/                 Python SDK
typescript/             TypeScript SDK
registry/stypes/        Pre-built contract definitions
helm/mpl-proxy/         Kubernetes Helm chart
examples/               Tutorials and demos
documentation/          Documentation site (MkDocs)
```

## Contributing

See the [Contributing Guide](https://skelf-research.github.io/mpl/community/contributing/) for development setup and workflow.

## License

MIT — [Open an issue](https://github.com/Skelf-Research/mpl/issues) if you have questions.