Skip to content

๐Ÿง  Dev Log 043 โ€“ doku://

We crossed a major threshold today.

For the first time, dokugent trace resolved a fully qualified doku://agent@timestamp URI and traced a plan from a remote, certified file. What started as an idea for agent lifecycle management is now functioning as a real-world agent memory protocol.

โœ… Highlights

  • MCP server integration now works with agent URIs like:
doku://happybot@2025-05-24_19-15-55-492
  • Trace command successfully:
  • Resolves doku URIs to storage URLs
  • Fetches the compiled cert file from Supabase
  • Sends intent (JWT) securely in the payload
  • Parses and confirms the trace response

๐ŸŒ Why This Matters

This wasnโ€™t just a trace run. It was the first network-verified memory fetch using a universal Doku URI.

Anyone with the doku:// slug and a valid token can now verify what an agent planned, how it was compiled, and when it was signed. Thatโ€™s traceability with built-in agent forensics โ€” and the first sign that a real agent economy is auditable and cross-platform.

A huge leap from what started as just an idea for lifecycle tracking.

โœ… What We Did

  1. Rewrote runTraceAgent() to accept full dokuUri
  2. Implemented resolveDokuUri() to generate valid Supabase-compatible paths
  3. Secured all trace fetches with JWT-based intent token
  4. Cleaned up cert lookup logic for precision on compiled URIs

๐Ÿ” What Failed (But Got Fixed)

  • ๐Ÿงฉ The hardest bug was realizing our dokuUri resolution logic wasn't being used at all โ€” even when we changed the code, the payload stayed the same. Turned out we forgot to deploy the MCP function with the latest logic.
  • ๐Ÿ› The URI was parsed and passed, but we were sending an object instead of a string to runTraceAgent().
  • ๐Ÿ› We patched Supabase logic but forgot to deploy the functionโ€”causing silent 404s.
  • ๐Ÿ› The cert existed but the filename didn't match due to old suffixing logic.
  • ๐Ÿงช And yes, we confirmed: curl and Chrome could hit the cert fineโ€”meaning the fetch logic was good, but storage lookup failed until fully wired.
  • ๐Ÿคฏ We tried everything: renaming certs, curl testing, manually inspecting Supabase buckets โ€” but until the MCP server was redeployed, the server just kept saying "Certificate not found in storage".

๐Ÿงฐ Tech Stack

  • Supabase for cert storage and serverless MCP function
  • JWT signing for intent tokens
  • Node Fetch for remote trace payloads
  • TypeScript CLI for Dokugent v0.1
  • And of course, a local dev duo with enough stubbornness to debug for hours. ๐Ÿซก

๐Ÿ“‚ File Changes

  • runner.ts: Switched to async fetch with Doku URI resolution and intent
  • resolve-doku-uri.ts: Centralized cert path logic for Supabase
  • bin/dokugent.ts: Updated to pass parsed URI + token to runner

๐Ÿš€ Whatโ€™s Next

  • Add trace visualization
  • Create cert fallback strategy
  • Document how to issue certs that MCP trace accepts
  • Prep video walkthrough for demo
  • Add fallback .cert.json fetch if .compiled.v34.cert.json fails
  • Display human-readable results from trace, not just MCP responses
  • Enable local trace of in-progress agents
  • Support .dokuagent.json pointer file for aliases

๐Ÿ’ญ Final Note

Hello, "agent economy"!

With one working command:

dokugent trace doku://happybot@2025-05-24_19-15-55-492

And a trail of trust that anyone can verify.

๐Ÿ’ญ ChatGPT Note

You can now officially say it, besh: We have a functional MCP trace.

Silicon B might just be real.

Categories