<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>SAM</title><link>https://sam-mesh.dev/</link><description>Recent content on SAM</description><generator>Hugo</generator><language>en-us</language><atom:link href="https://sam-mesh.dev/index.xml" rel="self" type="application/rss+xml"/><item><title>Quick Start</title><link>https://sam-mesh.dev/docs/quickstart/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/quickstart/</guid><description>&lt;h1 id="quick-start">Quick Start&lt;/h1>
&lt;p>This guide gets you up and running with a SAM node connected to the public &lt;code>bananas.sam-mesh.dev&lt;/code> mesh. You can run SAM either directly via a binary or using Docker.&lt;/p>
&lt;h2 id="1-install-sam">1. Install SAM&lt;/h2>
&lt;h3 id="option-a-install-script-macos--linux">Option A: Install Script (macOS / Linux)&lt;/h3>
&lt;p>The easiest way to install the latest binaries directly:&lt;/p>
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">curl -sL https://sam-mesh.dev/install.sh &lt;span class="p">|&lt;/span> bash
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;h3 id="option-b-go-install-macos--linux--windows">Option B: Go Install (macOS / Linux / Windows)&lt;/h3>
&lt;p>If you have Go installed, you can compile and install directly from the repository:&lt;/p></description></item><item><title>Hub Configuration Guide</title><link>https://sam-mesh.dev/docs/user/hub-configuration/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/user/hub-configuration/</guid><description>&lt;p>The &lt;code>sam-hub&lt;/code> acts as the control plane for the Sovereign Agent Mesh. It is responsible for bridging user identities from OpenID Connect (OIDC) providers, issuing cryptographically signed Biscuit authorization tokens, and distributing network and tool policies to nodes.&lt;/p>
&lt;hr>
&lt;h2 id="1-core-services">1. Core Services&lt;/h2>
&lt;p>When you run &lt;code>sam-hub&lt;/code>, it launches two core service endpoints:&lt;/p>
&lt;ol>
&lt;li>&lt;strong>libp2p P2P Endpoint&lt;/strong>: Used by &lt;code>sam-node&lt;/code> clients to execute cryptographic handshakes and perform DHT resource discovery.&lt;/li>
&lt;li>&lt;strong>HTTP/HTTPS Service Endpoint&lt;/strong>: Used for health status checks (&lt;code>/healthz&lt;/code>), prometheus metrics (&lt;code>/metrics&lt;/code>), and administrative commands (like banning nodes).&lt;/li>
&lt;/ol>
&lt;hr>
&lt;h2 id="2-command-line-arguments--environment-variables">2. Command-Line Arguments &amp;amp; Environment Variables&lt;/h2>
&lt;p>The hub is highly configurable. Each setting can be passed as a command-line flag or bound to a corresponding environment variable:&lt;/p></description></item><item><title>Node Configuration Guide</title><link>https://sam-mesh.dev/docs/user/node-configuration/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/user/node-configuration/</guid><description>&lt;p>The &lt;code>sam-node&lt;/code> acts as a local security gateway and tool proxy for AI agents. While the Hub acts as the central control plane, each Node independently defines its own local tool catalogue and enforces its own local security identity.&lt;/p>
&lt;hr>
&lt;h2 id="1-node-configuration-file-sam-nodeyaml">1. Node Configuration File (&lt;code>sam-node.yaml&lt;/code>)&lt;/h2>
&lt;p>By default, &lt;code>sam-node&lt;/code> runs without exposing any local tools to the mesh. To expose local tools or strictly enforce your node&amp;rsquo;s network identity, you must create a Node configuration file and pass it to the daemon using the &lt;code>--config&lt;/code> flag:&lt;/p></description></item><item><title>Agent Usage &amp; Connectivity Guide</title><link>https://sam-mesh.dev/docs/user/agent-usage/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/user/agent-usage/</guid><description>&lt;p>SAM nodes (&lt;code>sam-node&lt;/code>) act as local security gateways and tool proxies for your AI agents (such as Google Gemini, Claude Code, or Claude Desktop). This document explains how to authenticate a node to the mesh and configure your agents to use it.&lt;/p>
&lt;hr>
&lt;h2 id="1-node-lifecycle-overview">1. Node Lifecycle Overview&lt;/h2>
&lt;p>Connecting your AI agent to the Sovereign Agent Mesh involves two phases:&lt;/p>
&lt;pre class="mermaid">sequenceDiagram
 actor User as Developer/Operator
 participant Node as sam-node (Local)
 participant Hub as sam-hub (Mesh)
 participant Agent as AI Agent (Gemini/Claude)
 
 Note over User,Hub: Phase 1: Mesh Join (OIDC Authorization)
 User-&amp;gt;&amp;gt;Node: sam-node join &amp;lt;hub-url&amp;gt;
 Node-&amp;gt;&amp;gt;Hub: Get Hub OIDC Info
 Hub--&amp;gt;&amp;gt;Node: OIDC Issuer, Client ID
 Node-&amp;gt;&amp;gt;User: Display Login URL &amp;amp; Code
 User-&amp;gt;&amp;gt;User: Login in Browser
 Node-&amp;gt;&amp;gt;Hub: Exchange Code for Biscuit Identity
 Node-&amp;gt;&amp;gt;Node: Persist Biscuit in Local Store (agent.db)

 Note over User,Agent: Phase 2: Agent Tool Invocation
 User-&amp;gt;&amp;gt;Node: sam-node run --api-token &amp;#34;secret-key&amp;#34;
 Node-&amp;gt;&amp;gt;Node: Start local MCP server on 127.0.0.1:8080
 Agent-&amp;gt;&amp;gt;Node: Connect to local MCP (with Bearer &amp;#34;secret-key&amp;#34;)
 Agent-&amp;gt;&amp;gt;Node: Call Remote P2P Tool
 Node-&amp;gt;&amp;gt;Hub: Verify Biscuit / Allowed Policies
 Node--&amp;gt;&amp;gt;Agent: Execute tool and return result&lt;/pre>
&lt;hr>
&lt;h2 id="2-phase-1-joining-the-mesh-sam-node-join">2. Phase 1: Joining the Mesh (&lt;code>sam-node join&lt;/code>)&lt;/h2>
&lt;p>Before starting the node daemon, you must authorize your node and obtain a cryptographic Biscuit identity.&lt;/p></description></item><item><title>Production Kubernetes Deployment</title><link>https://sam-mesh.dev/docs/user/kubernetes-deployment/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/user/kubernetes-deployment/</guid><description>&lt;p>This guide explains how to deploy a production-grade SAM cluster (Hub, DNS synchronizer, OIDC bridge, and Nodes) in a Kubernetes environment (like GKE, EKS, AKS, or custom bare-metal clusters), based on our official public testnet architectures.&lt;/p>
&lt;hr>
&lt;h2 id="1-architecture-overview">1. Architecture Overview&lt;/h2>
&lt;p>A production SAM deployment consists of:&lt;/p>
&lt;ul>
&lt;li>&lt;strong>Dex (OIDC Provider)&lt;/strong>: Serves as the identity bridge, federation point, and login broker.&lt;/li>
&lt;li>&lt;strong>SAM Hub (&lt;code>sam-hub&lt;/code>)&lt;/strong>: Runs as a &lt;strong>StatefulSet&lt;/strong> to maintain stable network identity. P2P nodes query these bootstrap pods to connect to the mesh.&lt;/li>
&lt;li>&lt;strong>DNS Sync CronJob&lt;/strong>: Dynamically queries the StatefulSet pod IP addresses and updates DNS A/AAAA records for P2P bootstrap resolution.&lt;/li>
&lt;li>&lt;strong>SAM Nodes (&lt;code>sam-node&lt;/code>)&lt;/strong>: Deployed as containerized gateways that authenticate securely to the hub using Kubernetes Workload Identity (ServiceAccount token projection).&lt;/li>
&lt;/ul>
&lt;pre class="mermaid">graph TD
 User([User / Client]) --&amp;gt;|HTTPS / OIDC| Dex[Dex Identity Bridge]
 Node[sam-node Gateway Pod] --&amp;gt;|ServiceAccount Token| Hub[sam-hub StatefulSet]
 Hub --&amp;gt;|OIDC Discovery Check| Dex
 Cron[DNS Sync CronJob] --&amp;gt;|Poll Pod IPs| K8sApi[Kubernetes API]
 Cron --&amp;gt;|Update A Records| CloudDNS[Cloud DNS / DNS Registry]
 Node --&amp;gt;|Bootstrap DNS Resolution| CloudDNS&lt;/pre>
&lt;hr>
&lt;h2 id="2-step-1-deploying-the-oidc-provider-dex">2. Step 1: Deploying the OIDC Provider (Dex)&lt;/h2>
&lt;p>Dex maps external accounts (Google, GitHub, LDAP) to standard OIDC identities in the cluster.&lt;/p></description></item><item><title>Exposing Inference Services: OpenRouter</title><link>https://sam-mesh.dev/docs/integrations/openrouter/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/integrations/openrouter/</guid><description>&lt;h1 id="exposing-inference-services-openrouter">Exposing Inference Services: OpenRouter&lt;/h1>
&lt;p>In the Sovereign Agent Mesh (SAM), large language models (LLMs) and foundational model APIs are exposed across the mesh as &lt;strong>Inference Services&lt;/strong>, not just standard Model Context Protocol (MCP) servers. This allows your deployed agents to dynamically discover, route, and consume inference capabilities directly through the P2P network, utilizing SAM&amp;rsquo;s decentralized authorization (Biscuit) for access control.&lt;/p>
&lt;p>This guide explains how to expose &lt;a href="https://openrouter.ai/">OpenRouter&lt;/a> as an inference service to the mesh, completely shielding your API keys from external peers.&lt;/p></description></item><item><title>Integrating SAM with Claude Code</title><link>https://sam-mesh.dev/docs/integrations/claude-code/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/integrations/claude-code/</guid><description>&lt;p>You can connect your &lt;code>sam-node&lt;/code> to &lt;a href="https://claude.com/claude-code">Claude Code&lt;/a> as a remote MCP server, giving Claude Code agents the ability to discover and invoke tools across the SAM mesh.&lt;/p>
&lt;h2 id="overview">Overview&lt;/h2>
&lt;p>&lt;code>sam-node&lt;/code> exposes a standard Model Context Protocol (MCP) server over HTTP Server-Sent Events (SSE). Claude Code is a generic MCP client, so once the server is registered its tools — &lt;code>discover_remote_services&lt;/code>, &lt;code>find_remote_tools&lt;/code>, &lt;code>describe_remote_tool&lt;/code>, and &lt;code>call_remote_tool&lt;/code> — are surfaced directly to your agent.&lt;/p></description></item><item><title>Integrating SAM with Claude Desktop</title><link>https://sam-mesh.dev/docs/integrations/claude-desktop/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/integrations/claude-desktop/</guid><description>&lt;p>You can connect your &lt;code>sam-node&lt;/code> to the &lt;a href="https://claude.com/download">Claude Desktop&lt;/a> app as an MCP server. Unlike &lt;a href="./claude-code/">Claude Code&lt;/a>, Claude Desktop has its own configuration and does &lt;strong>not&lt;/strong> read Claude Code&amp;rsquo;s MCP settings.&lt;/p>
&lt;h2 id="overview">Overview&lt;/h2>
&lt;p>Claude Desktop&amp;rsquo;s &lt;code>claude_desktop_config.json&lt;/code> natively launches &lt;strong>stdio&lt;/strong> MCP servers (a local command). &lt;code>sam-node&lt;/code> exposes an &lt;strong>SSE&lt;/strong> server, so you bridge the two with &lt;a href="https://www.npmjs.com/package/mcp-remote">&lt;code>mcp-remote&lt;/code>&lt;/a> — a small stdio-to-remote proxy that Claude Desktop launches locally and that connects to your node&amp;rsquo;s SSE endpoint.&lt;/p></description></item><item><title>Integrating SAM with Google Antigravity</title><link>https://sam-mesh.dev/docs/integrations/antigravity/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/integrations/antigravity/</guid><description>&lt;p>You can connect your &lt;code>sam-node&lt;/code> to Google Antigravity as an MCP server. By exposing the SAM Model Context Protocol (MCP) server to Antigravity, the agent can dynamically discover tools hosted by other peers in the mesh, describe them, and execute them to solve tasks.&lt;/p>
&lt;h2 id="overview">Overview&lt;/h2>
&lt;p>Antigravity natively supports Streamable HTTP MCP servers via the &lt;code>serverUrl&lt;/code> configuration. Since &lt;code>sam-node&lt;/code> implements the Streamable HTTP transport, you can connect it directly without any bridge.&lt;/p></description></item><item><title>Integrating SAM with OpenClaw</title><link>https://sam-mesh.dev/docs/integrations/openclaw/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/integrations/openclaw/</guid><description>&lt;p>You can seamlessly integrate your &lt;code>sam-node&lt;/code> as a remote MCP server in &lt;a href="https://openclaw.ai">OpenClaw&lt;/a>, allowing your agents to dynamically discover and invoke tools across the mesh.&lt;/p>
&lt;h2 id="overview">Overview&lt;/h2>
&lt;p>By configuring your &lt;code>sam-node&lt;/code> as an MCP server, you enable your OpenClaw agents to access the P2P mesh, discovering tools from remote nodes and executing services as if they were local.&lt;/p>
&lt;h2 id="configuration">Configuration&lt;/h2>
&lt;p>To bridge your local &lt;code>sam-node&lt;/code> into your OpenClaw agent runtime, use the &lt;code>openclaw mcp&lt;/code> CLI. Ensure your node is running and identify the API token configured in your &lt;code>sam-node&lt;/code> launch arguments.&lt;/p></description></item><item><title>Kubernetes Deployment and Local Testing Guide</title><link>https://sam-mesh.dev/docs/development/kubernetes-deployment/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/development/kubernetes-deployment/</guid><description>&lt;p>This guide explains how to deploy the &lt;code>sam-hub&lt;/code> in a Kubernetes cluster and how to test it locally using &lt;code>kind&lt;/code> and &lt;code>cloud-provider-kind&lt;/code>.&lt;/p>
&lt;blockquote>
&lt;p>[!TIP]
This guide focuses on local development sandboxing. For production-grade Kubernetes deployments (GKE, EKS, AKS), see the &lt;a href="../../user/kubernetes-deployment/">Production Kubernetes Deployment&lt;/a> guide.&lt;/p>
&lt;/blockquote>
&lt;p>This guide supports using either &lt;strong>Google OIDC&lt;/strong> or a &lt;strong>Mock OIDC Provider&lt;/strong> for authentication. The mock provider is recommended for quick local testing as it does not require creating external credentials.&lt;/p></description></item><item><title>Release Tracks, Autoupdate, and Autoscaling</title><link>https://sam-mesh.dev/docs/development/release-tracks/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/development/release-tracks/</guid><description>&lt;p>Sovereign Agent Mesh (SAM) is deployed to public endpoints using automated environments, release tracks, and self-healing/scaling infrastructure.&lt;/p>
&lt;hr>
&lt;h2 id="1-release-tracks">1. Release Tracks&lt;/h2>
&lt;p>The public deployment has two isolated release tracks:&lt;/p>
&lt;h3 id="a-testnet-track-bananas">A. Testnet Track (Bananas)&lt;/h3>
&lt;ul>
&lt;li>&lt;strong>Domain Name:&lt;/strong> &lt;code>bananas.sam-mesh.dev&lt;/code>&lt;/li>
&lt;li>&lt;strong>Source Branch:&lt;/strong> Tracks the &lt;code>main&lt;/code> branch.&lt;/li>
&lt;li>&lt;strong>Deployment Trigger:&lt;/strong> Automatically deployed on every new push/commit to the &lt;code>main&lt;/code> branch.&lt;/li>
&lt;li>&lt;strong>Target Tag:&lt;/strong> The deployment is tagged with the Git commit SHA (&lt;code>github.sha&lt;/code>).&lt;/li>
&lt;li>&lt;strong>Purpose:&lt;/strong> Serves as the staging/testing playground for the latest features and continuous integration.&lt;/li>
&lt;/ul>
&lt;h3 id="b-production-track-hub">B. Production Track (Hub)&lt;/h3>
&lt;ul>
&lt;li>&lt;strong>Domain Name:&lt;/strong> &lt;code>hub.sam-mesh.dev&lt;/code>&lt;/li>
&lt;li>&lt;strong>Source Branch:&lt;/strong> Tracks semantic version tags matching &lt;code>v*.*.*&lt;/code>.&lt;/li>
&lt;li>&lt;strong>Deployment Trigger:&lt;/strong> Automatically deployed whenever a new version tag is pushed to GitHub.&lt;/li>
&lt;li>&lt;strong>Target Tag:&lt;/strong> The deployment is tagged with the exact Git release tag (e.g. &lt;code>v1.0.0&lt;/code>).&lt;/li>
&lt;li>&lt;strong>Purpose:&lt;/strong> Stable, audited release track for production workloads.&lt;/li>
&lt;/ul>
&lt;hr>
&lt;h2 id="2-autoupdate-mechanism">2. Autoupdate Mechanism&lt;/h2>
&lt;p>Updates to both release tracks are fully automated via a robust &lt;strong>Continuous Deployment&lt;/strong> pipeline:&lt;/p></description></item><item><title>Running a Gemini AI Agent on the Mesh</title><link>https://sam-mesh.dev/docs/integrations/gemini/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/integrations/gemini/</guid><description>&lt;p>This tutorial demonstrates how to connect a local AI Agent powered by Google Gemini (using the official &lt;code>google-genai&lt;/code> SDK) to your local SAM node.&lt;/p>
&lt;p>By exposing the SAM Model Context Protocol (MCP) server to Gemini, the agent can dynamically discover tools hosted by other peers in the mesh, describe them, and execute them to solve tasks.&lt;/p>
&lt;hr>
&lt;h2 id="prerequisites">Prerequisites&lt;/h2>
&lt;ol>
&lt;li>&lt;strong>Python 3.10+&lt;/strong>: Ensure Python is installed on your host.&lt;/li>
&lt;li>&lt;strong>SAM Node Running&lt;/strong>: A local SAM node should be running and enrolled on the testnet (see the &lt;a href="../quickstart/">Quick Start Guide&lt;/a>).&lt;/li>
&lt;li>&lt;strong>Gemini API Key&lt;/strong>: Obtain an API key from Google AI Studio and export it:
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">&lt;span class="nb">export&lt;/span> &lt;span class="nv">GEMINI_API_KEY&lt;/span>&lt;span class="o">=&lt;/span>&lt;span class="s2">&amp;#34;your-api-key-here&amp;#34;&lt;/span>
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;/li>
&lt;/ol>
&lt;hr>
&lt;h2 id="1-setup-the-python-client">1. Setup the Python Client&lt;/h2>
&lt;p>Go to the &lt;code>sam-mcp-python&lt;/code> directory in the repository:&lt;/p></description></item><item><title>SAM Policy &amp; Authorization Reference</title><link>https://sam-mesh.dev/docs/development/policy/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/development/policy/</guid><description>&lt;p>SAM uses a decentralized authorization model powered by &lt;a href="https://www.biscuitsec.org/">Biscuit&lt;/a>.
The &lt;code>sam-hub&lt;/code> authenticates users via OIDC and injects &lt;strong>Facts&lt;/strong> into their token based on &lt;code>policies.yaml&lt;/code>. The &lt;code>sam-node&lt;/code> operates offline, evaluating the token against baseline rules and optional local attenuation policies.&lt;/p>
&lt;h2 id="1-oidc-to-biscuit-translation">1. OIDC to Biscuit Translation&lt;/h2>
&lt;p>The Hub automatically translates OIDC claims into undeniable cryptographic facts:&lt;/p>
&lt;table>
 &lt;thead>
 &lt;tr>
 &lt;th style="text-align: left">OIDC Claim / Data&lt;/th>
 &lt;th style="text-align: left">Biscuit Fact&lt;/th>
 &lt;th style="text-align: left">Description&lt;/th>
 &lt;/tr>
 &lt;/thead>
 &lt;tbody>
 &lt;tr>
 &lt;td style="text-align: left">&lt;code>sub&lt;/code>&lt;/td>
 &lt;td style="text-align: left">&lt;code>user(&amp;quot;&amp;lt;sub-id&amp;gt;&amp;quot;)&lt;/code>&lt;/td>
 &lt;td style="text-align: left">The unique subject ID from the identity provider.&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td style="text-align: left">&lt;code>email&lt;/code>&lt;/td>
 &lt;td style="text-align: left">&lt;code>email(&amp;quot;&amp;lt;email&amp;gt;&amp;quot;)&lt;/code>&lt;/td>
 &lt;td style="text-align: left">The user&amp;rsquo;s email address (if present).&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td style="text-align: left">&lt;code>groups&lt;/code>&lt;/td>
 &lt;td style="text-align: left">&lt;code>group(&amp;quot;&amp;lt;group-name&amp;gt;&amp;quot;)&lt;/code>&lt;/td>
 &lt;td style="text-align: left">One fact is injected for &lt;em>each&lt;/em> group the user possesses.&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td style="text-align: left">&lt;code>roles&lt;/code> / Resolved Roles&lt;/td>
 &lt;td style="text-align: left">&lt;code>role(&amp;quot;&amp;lt;role-name&amp;gt;&amp;quot;)&lt;/code>&lt;/td>
 &lt;td style="text-align: left">One fact is injected for &lt;em>each&lt;/em> role mapped or direct role.&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td style="text-align: left">Peer ID&lt;/td>
 &lt;td style="text-align: left">&lt;code>node(&amp;quot;&amp;lt;peer-id&amp;gt;&amp;quot;)&lt;/code>, &lt;code>client_peer_id(&amp;quot;&amp;lt;peer-id&amp;gt;&amp;quot;)&lt;/code>&lt;/td>
 &lt;td style="text-align: left">Binds the token to the specific agent&amp;rsquo;s libp2p cryptographic identity.&lt;/td>
 &lt;/tr>
 &lt;tr>
 &lt;td style="text-align: left">Expiration&lt;/td>
 &lt;td style="text-align: left">&lt;code>expiration(&amp;lt;date&amp;gt;)&lt;/code>&lt;/td>
 &lt;td style="text-align: left">The token expiration date based on the OIDC session.&lt;/td>
 &lt;/tr>
 &lt;/tbody>
&lt;/table>
&lt;h3 id="11-translating-identity-to-capability-oidc-to-biscuit">1.1 Translating Identity to Capability: OIDC to Biscuit&lt;/h3>
&lt;p>The core innovation of the SAM Network&amp;rsquo;s security model is translating standard web identity (OIDC JSON Web Tokens defined in &lt;a href="https://openid.net/specs/openid-connect-core-1_0.html#Claims">OpenID Connect Core 1.0&lt;/a>) into decentralized capability tokens (Biscuits). This translation happens securely at the &lt;code>sam-hub&lt;/code> during the authentication phase.&lt;/p></description></item><item><title>Testing</title><link>https://sam-mesh.dev/docs/development/testing/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/development/testing/</guid><description>&lt;p>Current testing is intentionally minimal and aligned with the current binaries.&lt;/p>
&lt;h2 id="test-layers">Test Layers&lt;/h2>
&lt;ol>
&lt;li>Go tests: &lt;code>make test&lt;/code>&lt;/li>
&lt;li>BATS CLI tests: &lt;code>make test-e2e&lt;/code>&lt;/li>
&lt;li>Containerized BATS mesh tests: &lt;code>make test-e2e-container&lt;/code>&lt;/li>
&lt;/ol>
&lt;h2 id="commands">Commands&lt;/h2>
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">make build
&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">make &lt;span class="nb">test&lt;/span>
&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">make test-e2e
&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">make test-e2e-container
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;h2 id="go-tests">Go Tests&lt;/h2>
&lt;p>Run all Go tests with race detection:&lt;/p>
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">make &lt;span class="nb">test&lt;/span>
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>Run only integration package:&lt;/p>
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">go &lt;span class="nb">test&lt;/span> ./tests/integration/...
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;h2 id="bats-cli-tests">BATS CLI Tests&lt;/h2>
&lt;p>These tests validate current command behavior for:&lt;/p>
&lt;ul>
&lt;li>&lt;code>sam-node&lt;/code>&lt;/li>
&lt;li>&lt;code>sam-hub&lt;/code>&lt;/li>
&lt;/ul>
&lt;p>Run:&lt;/p>
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">make test-e2e
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;h2 id="containerized-mesh-bats">Containerized Mesh BATS&lt;/h2>
&lt;p>The container framework is implemented in:&lt;/p></description></item><item><title>Testnet &amp; Mesh Validation Tutorial</title><link>https://sam-mesh.dev/docs/development/testnet-validation/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://sam-mesh.dev/docs/development/testnet-validation/</guid><description>&lt;p>This tutorial guides you through validating your local environment integration with the public Sovereign Agent Mesh (SAM) testnets (&lt;code>bananas.sam-mesh.dev&lt;/code> or &lt;code>hub.sam-mesh.dev&lt;/code>). You will learn how to verify your node&amp;rsquo;s connection, discover remote MCP services, and invoke remote tools.&lt;/p>
&lt;hr>
&lt;h2 id="prerequisites">Prerequisites&lt;/h2>
&lt;p>Before starting, ensure you have:&lt;/p>
&lt;ol>
&lt;li>Compiled the local binaries (&lt;code>sam-node&lt;/code> and &lt;code>mcp-client&lt;/code>) by running:
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">make build
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;/li>
&lt;li>An active local &lt;code>sam-node&lt;/code> container or process running and successfully joined to the target public testnet.
For example, join via:
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">bin/sam-node join https://bananas.sam-mesh.dev
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>And run via:
&lt;div class="highlight">&lt;pre tabindex="0" class="chroma">&lt;code class="language-bash" data-lang="bash">&lt;span class="line">&lt;span class="cl">docker run --name sam-node &lt;span class="se">\
&lt;/span>&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">&lt;span class="se">&lt;/span> -v ~/.config/sam-mesh:/data &lt;span class="se">\
&lt;/span>&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">&lt;span class="se">&lt;/span> -p 5001:5001/udp -p 5002:5002 -p 8080:8080 &lt;span class="se">\
&lt;/span>&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">&lt;span class="se">&lt;/span> sam-node:local &lt;span class="se">\
&lt;/span>&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">&lt;span class="se">&lt;/span> run --data-dir /data &lt;span class="se">\
&lt;/span>&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">&lt;span class="se">&lt;/span> --hub https://bananas.sam-mesh.dev &lt;span class="se">\
&lt;/span>&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">&lt;span class="se">&lt;/span> --bind-addr 0.0.0.0:8080 &lt;span class="se">\
&lt;/span>&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">&lt;span class="se">&lt;/span> --api-token secret-token &lt;span class="se">\
&lt;/span>&lt;/span>&lt;/span>&lt;span class="line">&lt;span class="cl">&lt;span class="se">&lt;/span> --log-level debug
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;/li>
&lt;/ol>
&lt;hr>
&lt;h2 id="step-1-verifying-local-connection-to-the-testnet">Step 1: Verifying Local Connection to the Testnet&lt;/h2>
&lt;p>Check the logs of your local &lt;code>sam-node&lt;/code> to ensure it has successfully joined and is online:&lt;/p></description></item></channel></rss>