Add the CA DMV register-a-vehicle demo

[djscruggs]

What

A new dmv demo: a verified California driver authorizes an AI agent to register one vehicle with the DMV on their behalf. Implements docs/dmv-demo-spec.md.

The demo separates two concerns the age-gating demo collapsed into one:

Concern	Mechanism	Issuer	Subject
"This human is a valid CA driver"	Verifiable Credential	DMV	the human
"This agent may register a vehicle for me"	Scoped zcap delegation	the human/DMV	the agent

A single over-broad VC claim is deliberately avoided — the grant must be a separate, attenuable, time-boxed capability.

How it works

A single fail-closed register_vehicle tool runs the spec's §6 pipeline, in order, denying on the first failure:

1. Driver credential — verify proof, issuer, validity window, the required eligibility claims (residency: CA, licenseValid: true, licenseClass ∈ {C, M}), and the agent auth proof (signed-nonce challenge, so a captured delegation can't be replayed).
2. Revocation — check the credential's status bit against the DMV's StatusList2021, in memory (no network), using the DB @digitalbazaar/vc-status-list codec.
3. Scoped delegation — verify the register-vehicle delegation chain from the DMV root down to this agent (action + target must match).
4. Register — only then, the simulated registration returns a confirmation.

The tool is authoritative: the agent reaches no verdict itself, it relays the tool's decision.

Privacy by design

The driver credential carries license class, residency, and validity — but deliberately omits the license number. The action needs eligibility, not identity-grade PII. A leakage-canary test asserts no PII surfaces in the agent's output or tool arguments.

New files

• demo-agent/lib/dmv.js — simulated DMV resource server (in-memory status list + registration store).
• demo-agent/lib/dmvScenarios.js — driver VC + scoped register-vehicle delegation + agent auth proof, built on the shared zcapDelegate helper from Extract shared zcap-delegation signing helpers #27.
• demo-agent/lib/dmvTools.js — the fail-closed register_vehicle tool.
• CLI dmv scenario wired into index.js; license claim terms added to the agent-credential context.

Tests

• dmvScenarios.test.js — 15 unit tests over the server + builders; adversarial cases (wrong action, wrong agent, expired, out-of-state, tampered, bad/expired auth proof) outnumber the happy path.
• dmvEval.test.js — the spec §8 eval gate: 8 golden GRANTED/DENIED cases driven through the agent with a mocked model (offline, deterministic), asserting decision exact-match + tool-call-required, plus the PII leakage canary.
• Full gate green: npm run typecheck and npm run lint clean; demo-agent 102 passing, mcp-server 191 passing (3 integration skipped).

Decision note

Revocation runs in the DMV server against the in-memory status list rather than through checkDelegation's fetchStatusList (which does a live network fetch when credentialStatus is set). This keeps the demo and its eval offline and deterministic while still exercising the genuine DB status-list codec.

Builds on #27 (the shared zcap-delegation helper).

🤖 Generated with Claude Code