@i4ctime/q-ring 0.4.0 → 0.9.2

package/dist/mcp.js

@@ -1,29 +1,38 @@
 #!/usr/bin/env node
 import {
   checkDecay,
+  checkExecPolicy,
+  checkKeyReadPolicy,
+  checkToolPolicy,
   collapseEnvironment,
   deleteSecret,
   detectAnomalies,
   disentangleSecrets,
   entangleSecrets,
+  exportAudit,
   exportSecrets,
   fireHooks,
   getEnvelope,
+  getExecMaxRuntime,
+  getPolicySummary,
   getSecret,
   hasSecret,
+  httpRequest_,
   listHooks,
   listSecrets,
   logAudit,
   queryAudit,
   readProjectConfig,
   registerHook,
+  registry,
   removeHook,
   setSecret,
   tunnelCreate,
   tunnelDestroy,
   tunnelList,
-  tunnelRead
-} from "./chunk-6IQ5SFLI.js";
+  tunnelRead,
+  verifyAuditChain
+} from "./chunk-5JBU7TWN.js";
 
 // src/mcp.ts
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
@@ -317,33 +326,443 @@ function importDotenv(filePathOrContent, options = {}) {
   return result;
 }
 
-// src/core/validate.ts
-import { request as httpsRequest } from "https";
-import { request as httpRequest } from "http";
-function makeRequest(url, headers, timeoutMs = 1e4) {
-  return new Promise((resolve, reject) => {
-    const parsedUrl = new URL(url);
-    const reqFn = parsedUrl.protocol === "https:" ? httpsRequest : httpRequest;
-    const req = reqFn(
-      url,
-      { method: "GET", headers, timeout: timeoutMs },
-      (res) => {
-        let body = "";
-        res.on("data", (chunk) => body += chunk);
-        res.on(
-          "end",
-          () => resolve({ statusCode: res.statusCode ?? 0, body })
-        );
+// src/core/exec.ts
+import { spawn } from "child_process";
+import { Transform } from "stream";
+var BUILTIN_PROFILES = {
+  unrestricted: { name: "unrestricted" },
+  restricted: {
+    name: "restricted",
+    denyCommands: ["curl", "wget", "ssh", "scp", "nc", "netcat", "ncat"],
+    maxRuntimeSeconds: 30,
+    allowNetwork: false,
+    stripEnvVars: ["HTTP_PROXY", "HTTPS_PROXY", "ALL_PROXY"]
+  },
+  ci: {
+    name: "ci",
+    maxRuntimeSeconds: 300,
+    allowNetwork: true,
+    denyCommands: ["rm -rf /", "mkfs", "dd if="]
+  }
+};
+function getProfile(name) {
+  if (!name) return BUILTIN_PROFILES.unrestricted;
+  return BUILTIN_PROFILES[name] ?? { name };
+}
+var RedactionTransform = class extends Transform {
+  patterns = [];
+  tail = "";
+  maxLen = 0;
+  constructor(secretsToRedact) {
+    super();
+    const validSecrets = secretsToRedact.filter((s) => s.length > 5);
+    validSecrets.sort((a, b) => b.length - a.length);
+    this.patterns = validSecrets.map((s) => ({
+      value: s,
+      replacement: "[QRING:REDACTED]"
+    }));
+    if (validSecrets.length > 0) {
+      this.maxLen = validSecrets[0].length;
+    }
+  }
+  _transform(chunk, encoding, callback) {
+    if (this.patterns.length === 0) {
+      this.push(chunk);
+      return callback();
+    }
+    const text2 = this.tail + chunk.toString();
+    let redacted = text2;
+    for (const { value, replacement } of this.patterns) {
+      redacted = redacted.split(value).join(replacement);
+    }
+    if (redacted.length < this.maxLen) {
+      this.tail = redacted;
+      return callback();
+    }
+    const outputLen = redacted.length - this.maxLen + 1;
+    const output = redacted.slice(0, outputLen);
+    this.tail = redacted.slice(outputLen);
+    this.push(output);
+    callback();
+  }
+  _flush(callback) {
+    if (this.tail) {
+      let final = this.tail;
+      for (const { value, replacement } of this.patterns) {
+        final = final.split(value).join(replacement);
       }
+      this.push(final);
+    }
+    callback();
+  }
+};
+async function execCommand(opts2) {
+  const profile = getProfile(opts2.profile);
+  const fullCommand = [opts2.command, ...opts2.args].join(" ");
+  const policyDecision = checkExecPolicy(fullCommand, opts2.projectPath);
+  if (!policyDecision.allowed) {
+    throw new Error(`Policy Denied: ${policyDecision.reason}`);
+  }
+  if (profile.denyCommands) {
+    const denied = profile.denyCommands.find((d) => fullCommand.includes(d));
+    if (denied) {
+      throw new Error(`Exec profile "${profile.name}" denies command containing "${denied}"`);
+    }
+  }
+  if (profile.allowCommands) {
+    const allowed = profile.allowCommands.some((a) => fullCommand.startsWith(a));
+    if (!allowed) {
+      throw new Error(`Exec profile "${profile.name}" does not allow command "${opts2.command}"`);
+    }
+  }
+  const envMap = {};
+  for (const [k, v] of Object.entries(process.env)) {
+    if (v !== void 0) envMap[k] = v;
+  }
+  if (profile.stripEnvVars) {
+    for (const key of profile.stripEnvVars) {
+      delete envMap[key];
+    }
+  }
+  const secretsToRedact = /* @__PURE__ */ new Set();
+  let entries = listSecrets({
+    scope: opts2.scope,
+    projectPath: opts2.projectPath,
+    source: opts2.source ?? "cli",
+    silent: true
+    // list silently
+  });
+  if (opts2.keys?.length) {
+    const keySet = new Set(opts2.keys);
+    entries = entries.filter((e) => keySet.has(e.key));
+  }
+  if (opts2.tags?.length) {
+    entries = entries.filter(
+      (e) => opts2.tags.some((t) => e.envelope?.meta.tags?.includes(t))
     );
-    req.on("error", reject);
-    req.on("timeout", () => {
-      req.destroy();
-      reject(new Error("Request timed out"));
+  }
+  for (const entry of entries) {
+    if (entry.envelope) {
+      const decay = checkDecay(entry.envelope);
+      if (decay.isExpired) continue;
+    }
+    const val = getSecret(entry.key, {
+      scope: entry.scope,
+      projectPath: opts2.projectPath,
+      env: opts2.env,
+      source: opts2.source ?? "cli",
+      silent: false
+      // Log access for execution
+    });
+    if (val !== null) {
+      envMap[entry.key] = val;
+      if (val.length > 5) {
+        secretsToRedact.add(val);
+      }
+    }
+  }
+  const maxRuntime = profile.maxRuntimeSeconds ?? getExecMaxRuntime(opts2.projectPath);
+  return new Promise((resolve, reject) => {
+    const networkTools = /* @__PURE__ */ new Set([
+      "curl",
+      "wget",
+      "ping",
+      "nc",
+      "netcat",
+      "ssh",
+      "telnet",
+      "ftp",
+      "dig",
+      "nslookup"
+    ]);
+    if (profile.allowNetwork === false && networkTools.has(opts2.command)) {
+      const msg = `[QRING] Execution blocked: network access is disabled for profile "${profile.name}", command "${opts2.command}" is considered network-related`;
+      if (opts2.captureOutput) {
+        return resolve({ code: 126, stdout: "", stderr: msg });
+      }
+      process.stderr.write(msg + "\n");
+      return resolve({ code: 126, stdout: "", stderr: "" });
+    }
+    const child = spawn(opts2.command, opts2.args, {
+      env: envMap,
+      stdio: ["inherit", "pipe", "pipe"],
+      shell: false
+    });
+    let timedOut = false;
+    let timer;
+    if (maxRuntime) {
+      timer = setTimeout(() => {
+        timedOut = true;
+        child.kill("SIGKILL");
+      }, maxRuntime * 1e3);
+    }
+    const stdoutRedact = new RedactionTransform([...secretsToRedact]);
+    const stderrRedact = new RedactionTransform([...secretsToRedact]);
+    if (child.stdout) child.stdout.pipe(stdoutRedact);
+    if (child.stderr) child.stderr.pipe(stderrRedact);
+    let stdoutStr = "";
+    let stderrStr = "";
+    if (opts2.captureOutput) {
+      stdoutRedact.on("data", (d) => stdoutStr += d.toString());
+      stderrRedact.on("data", (d) => stderrStr += d.toString());
+    } else {
+      stdoutRedact.pipe(process.stdout);
+      stderrRedact.pipe(process.stderr);
+    }
+    child.on("close", (code) => {
+      if (timer) clearTimeout(timer);
+      if (timedOut) {
+        resolve({ code: 124, stdout: stdoutStr, stderr: stderrStr + `
+[QRING] Process killed: exceeded ${maxRuntime}s runtime limit` });
+      } else {
+        resolve({ code: code ?? 0, stdout: stdoutStr, stderr: stderrStr });
+      }
+    });
+    child.on("error", (err) => {
+      if (timer) clearTimeout(timer);
+      reject(err);
     });
-    req.end();
   });
 }
+
+// src/core/scan.ts
+import { readFileSync as readFileSync2, readdirSync, statSync } from "fs";
+import { join } from "path";
+var IGNORE_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  ".next",
+  "dist",
+  "build",
+  "coverage",
+  ".cursor",
+  "venv",
+  "__pycache__"
+]);
+var IGNORE_EXTS = /* @__PURE__ */ new Set([
+  ".png",
+  ".jpg",
+  ".jpeg",
+  ".gif",
+  ".ico",
+  ".svg",
+  ".webp",
+  ".mp4",
+  ".mp3",
+  ".wav",
+  ".ogg",
+  ".pdf",
+  ".zip",
+  ".tar",
+  ".gz",
+  ".xz",
+  ".ttf",
+  ".woff",
+  ".woff2",
+  ".eot",
+  ".exe",
+  ".dll",
+  ".so",
+  ".dylib",
+  ".lock"
+]);
+var SECRET_KEYWORDS = /((?:api_?key|secret|token|password|auth|credential|access_?key)[a-z0-9_]*)\s*[:=]\s*(['"])([^'"]+)\2/i;
+function calculateEntropy(str) {
+  if (!str) return 0;
+  const len = str.length;
+  const frequencies = /* @__PURE__ */ new Map();
+  for (let i = 0; i < len; i++) {
+    const char = str[i];
+    frequencies.set(char, (frequencies.get(char) || 0) + 1);
+  }
+  let entropy = 0;
+  for (const count of frequencies.values()) {
+    const p = count / len;
+    entropy -= p * Math.log2(p);
+  }
+  return entropy;
+}
+function scanCodebase(dir) {
+  const results = [];
+  function walk(currentDir) {
+    let entries;
+    try {
+      entries = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      if (IGNORE_DIRS.has(entry)) continue;
+      const fullPath = join(currentDir, entry);
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      if (stat.isDirectory()) {
+        walk(fullPath);
+      } else if (stat.isFile()) {
+        const ext = fullPath.slice(fullPath.lastIndexOf(".")).toLowerCase();
+        if (IGNORE_EXTS.has(ext) || entry.endsWith(".lock")) continue;
+        let content;
+        try {
+          content = readFileSync2(fullPath, "utf8");
+        } catch {
+          continue;
+        }
+        if (content.includes("\0")) continue;
+        const lines = content.split(/\r?\n/);
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          if (line.length > 500) continue;
+          const match = line.match(SECRET_KEYWORDS);
+          if (match) {
+            const varName = match[1];
+            const value = match[3];
+            if (value.length < 8) continue;
+            const lowerValue = value.toLowerCase();
+            if (lowerValue.includes("example") || lowerValue.includes("your_") || lowerValue.includes("placeholder") || lowerValue.includes("replace_me")) {
+              continue;
+            }
+            const entropy = calculateEntropy(value);
+            if (entropy > 3.5 || value.startsWith("sk-") || value.startsWith("ghp_")) {
+              const relPath = fullPath.startsWith(dir) ? fullPath.slice(dir.length).replace(/^[/\\]+/, "") : fullPath;
+              results.push({
+                file: relPath || fullPath,
+                line: i + 1,
+                keyName: varName,
+                match: value,
+                context: line.trim(),
+                entropy: parseFloat(entropy.toFixed(2))
+              });
+            }
+          }
+        }
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+
+// src/core/linter.ts
+import { readFileSync as readFileSync3, writeFileSync, existsSync } from "fs";
+import { basename, extname } from "path";
+var ENV_REF_BY_EXT = {
+  ".ts": (k) => `process.env.${k}`,
+  ".tsx": (k) => `process.env.${k}`,
+  ".js": (k) => `process.env.${k}`,
+  ".jsx": (k) => `process.env.${k}`,
+  ".mjs": (k) => `process.env.${k}`,
+  ".cjs": (k) => `process.env.${k}`,
+  ".py": (k) => `os.environ["${k}"]`,
+  ".rb": (k) => `ENV["${k}"]`,
+  ".go": (k) => `os.Getenv("${k}")`,
+  ".rs": (k) => `std::env::var("${k}")`,
+  ".java": (k) => `System.getenv("${k}")`,
+  ".kt": (k) => `System.getenv("${k}")`,
+  ".cs": (k) => `Environment.GetEnvironmentVariable("${k}")`,
+  ".php": (k) => `getenv('${k}')`,
+  ".sh": (k) => `\${${k}}`,
+  ".bash": (k) => `\${${k}}`
+};
+function getEnvRef(filePath, keyName) {
+  const ext = extname(filePath).toLowerCase();
+  const formatter = ENV_REF_BY_EXT[ext];
+  return formatter ? formatter(keyName) : `process.env.${keyName}`;
+}
+function lintFiles(files, opts2 = {}) {
+  const results = [];
+  for (const file of files) {
+    if (!existsSync(file)) continue;
+    let content;
+    try {
+      content = readFileSync3(file, "utf8");
+    } catch {
+      continue;
+    }
+    if (content.includes("\0")) continue;
+    const SECRET_KEYWORDS2 = /((?:api_?key|secret|token|password|auth|credential|access_?key)[a-z0-9_]*)\s*[:=]\s*(['"])([^'"]+)\2/gi;
+    const lines = content.split(/\r?\n/);
+    const fixes = [];
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      if (line.length > 500) continue;
+      let match;
+      SECRET_KEYWORDS2.lastIndex = 0;
+      while ((match = SECRET_KEYWORDS2.exec(line)) !== null) {
+        const varName = match[1].toUpperCase();
+        const quote = match[2];
+        const value = match[3];
+        if (value.length < 8) continue;
+        const lv = value.toLowerCase();
+        if (lv.includes("example") || lv.includes("your_") || lv.includes("placeholder") || lv.includes("replace_me") || lv.includes("xxx")) continue;
+        const entropy = calculateEntropy2(value);
+        if (entropy <= 3.5 && !value.startsWith("sk-") && !value.startsWith("ghp_")) continue;
+        const shouldFix = opts2.fix === true;
+        if (shouldFix) {
+          const envRef = getEnvRef(file, varName);
+          fixes.push({
+            line: i,
+            original: `${quote}${value}${quote}`,
+            replacement: envRef,
+            keyName: varName,
+            value
+          });
+        }
+        results.push({
+          file,
+          line: i + 1,
+          keyName: varName,
+          match: value,
+          context: line.trim(),
+          entropy: parseFloat(entropy.toFixed(2)),
+          fixed: shouldFix
+        });
+      }
+    }
+    if (opts2.fix && fixes.length > 0) {
+      const fixLines = content.split(/\r?\n/);
+      for (const fix of fixes.reverse()) {
+        const lineIdx = fix.line;
+        if (lineIdx >= 0 && lineIdx < fixLines.length) {
+          fixLines[lineIdx] = fixLines[lineIdx].replace(fix.original, fix.replacement);
+        }
+        if (!hasSecret(fix.keyName, { scope: opts2.scope, projectPath: opts2.projectPath })) {
+          setSecret(fix.keyName, fix.value, {
+            scope: opts2.scope ?? "global",
+            projectPath: opts2.projectPath,
+            source: "cli",
+            description: `Auto-imported from ${basename(file)}:${fix.line + 1}`
+          });
+        }
+      }
+      writeFileSync(file, fixLines.join("\n"), "utf8");
+    }
+  }
+  return results;
+}
+function calculateEntropy2(str) {
+  if (!str) return 0;
+  const len = str.length;
+  const frequencies = /* @__PURE__ */ new Map();
+  for (let i = 0; i < len; i++) {
+    const ch = str[i];
+    frequencies.set(ch, (frequencies.get(ch) || 0) + 1);
+  }
+  let entropy = 0;
+  for (const count of frequencies.values()) {
+    const p = count / len;
+    entropy -= p * Math.log2(p);
+  }
+  return entropy;
+}
+
+// src/core/validate.ts
+function makeRequest(url, headers, timeoutMs = 1e4) {
+  return httpRequest_({ url, method: "GET", headers, timeoutMs });
+}
 var ProviderRegistry = class {
   providers = /* @__PURE__ */ new Map();
   register(provider) {
@@ -490,14 +909,14 @@ var httpProvider = {
     }
   }
 };
-var registry = new ProviderRegistry();
-registry.register(openaiProvider);
-registry.register(stripeProvider);
-registry.register(githubProvider);
-registry.register(awsProvider);
-registry.register(httpProvider);
+var registry2 = new ProviderRegistry();
+registry2.register(openaiProvider);
+registry2.register(stripeProvider);
+registry2.register(githubProvider);
+registry2.register(awsProvider);
+registry2.register(httpProvider);
 async function validateSecret(value, opts2) {
-  const provider = opts2?.provider ? registry.get(opts2.provider) : registry.detectProvider(value);
+  const provider = opts2?.provider ? registry2.get(opts2.provider) : registry2.detectProvider(value);
   if (!provider) {
     return {
       valid: false,
@@ -512,6 +931,192 @@ async function validateSecret(value, opts2) {
   }
   return provider.validate(value);
 }
+async function rotateWithProvider(value, providerName) {
+  const provider = providerName ? registry2.get(providerName) : registry2.detectProvider(value);
+  if (!provider) {
+    return { rotated: false, provider: "none", message: "No provider detected for rotation" };
+  }
+  const rotatable = provider;
+  if (rotatable.supportsRotation && rotatable.rotate) {
+    return rotatable.rotate(value);
+  }
+  const format = "api-key";
+  const newValue = generateSecret({ format, length: 48 });
+  return {
+    rotated: true,
+    provider: provider.name,
+    message: `Provider "${provider.name}" does not support native rotation \u2014 generated new value locally`,
+    newValue
+  };
+}
+async function ciValidateBatch(secrets) {
+  const results = [];
+  for (const s of secrets) {
+    const validation = await validateSecret(s.value, {
+      provider: s.provider,
+      validationUrl: s.validationUrl
+    });
+    results.push({
+      key: s.key,
+      validation,
+      requiresRotation: validation.status === "invalid"
+    });
+  }
+  const failCount = results.filter((r) => !r.validation.valid).length;
+  return { results, allValid: failCount === 0, failCount };
+}
+
+// src/core/context.ts
+function getProjectContext(opts2 = {}) {
+  const projectPath = opts2.projectPath ?? process.cwd();
+  const envResult = collapseEnvironment({ projectPath });
+  const secretsList = listSecrets({
+    ...opts2,
+    projectPath,
+    silent: true
+  });
+  let expiredCount = 0;
+  let staleCount = 0;
+  let protectedCount = 0;
+  const secrets = secretsList.map((entry) => {
+    const meta = entry.envelope?.meta;
+    const decay = entry.decay;
+    if (decay?.isExpired) expiredCount++;
+    if (decay?.isStale) staleCount++;
+    if (meta?.requiresApproval) protectedCount++;
+    return {
+      key: entry.key,
+      scope: entry.scope,
+      tags: meta?.tags,
+      description: meta?.description,
+      provider: meta?.provider,
+      requiresApproval: meta?.requiresApproval,
+      jitProvider: meta?.jitProvider,
+      hasStates: !!(entry.envelope?.states && Object.keys(entry.envelope.states).length > 0),
+      isExpired: decay?.isExpired ?? false,
+      isStale: decay?.isStale ?? false,
+      timeRemaining: decay?.timeRemaining ?? null,
+      accessCount: meta?.accessCount ?? 0,
+      lastAccessed: meta?.lastAccessedAt ?? null,
+      rotationFormat: meta?.rotationFormat
+    };
+  });
+  let manifest = null;
+  const config = readProjectConfig(projectPath);
+  if (config?.secrets) {
+    const declaredKeys = Object.keys(config.secrets);
+    const existingKeys = new Set(secrets.map((s) => s.key));
+    const missing = declaredKeys.filter((k) => !existingKeys.has(k));
+    manifest = { declared: declaredKeys.length, missing };
+  }
+  const recentEvents = queryAudit({ limit: 20 });
+  const recentActions = recentEvents.map((e) => ({
+    action: e.action,
+    key: e.key,
+    source: e.source,
+    timestamp: e.timestamp
+  }));
+  return {
+    projectPath,
+    environment: envResult ? { env: envResult.env, source: envResult.source } : null,
+    secrets,
+    totalSecrets: secrets.length,
+    expiredCount,
+    staleCount,
+    protectedCount,
+    manifest,
+    validationProviders: registry2.listProviders().map((p) => p.name),
+    jitProviders: registry.listProviders().map((p) => p.name),
+    hooksCount: listHooks().length,
+    recentActions
+  };
+}
+
+// src/core/memory.ts
+import { existsSync as existsSync2, readFileSync as readFileSync4, writeFileSync as writeFileSync2, mkdirSync } from "fs";
+import { join as join2 } from "path";
+import { homedir, hostname, userInfo } from "os";
+import { createCipheriv as createCipheriv2, createDecipheriv as createDecipheriv2, createHash, randomBytes as randomBytes3 } from "crypto";
+var MEMORY_FILE = "agent-memory.enc";
+function getMemoryDir() {
+  const dir = join2(homedir(), ".config", "q-ring");
+  if (!existsSync2(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  return dir;
+}
+function getMemoryPath() {
+  return join2(getMemoryDir(), MEMORY_FILE);
+}
+function deriveKey2() {
+  const fingerprint = `qring-memory:${hostname()}:${userInfo().username}`;
+  return createHash("sha256").update(fingerprint).digest();
+}
+function encrypt(data) {
+  const key = deriveKey2();
+  const iv = randomBytes3(12);
+  const cipher = createCipheriv2("aes-256-gcm", key, iv);
+  const encrypted = Buffer.concat([cipher.update(data, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return `${iv.toString("base64")}:${tag.toString("base64")}:${encrypted.toString("base64")}`;
+}
+function decrypt(blob) {
+  const parts = blob.split(":");
+  if (parts.length !== 3) throw new Error("Invalid encrypted format");
+  const iv = Buffer.from(parts[0], "base64");
+  const tag = Buffer.from(parts[1], "base64");
+  const encrypted = Buffer.from(parts[2], "base64");
+  const key = deriveKey2();
+  const decipher = createDecipheriv2("aes-256-gcm", key, iv);
+  decipher.setAuthTag(tag);
+  return decipher.update(encrypted) + decipher.final("utf8");
+}
+function loadStore() {
+  const path = getMemoryPath();
+  if (!existsSync2(path)) {
+    return { entries: {} };
+  }
+  try {
+    const raw = readFileSync4(path, "utf8");
+    const decrypted = decrypt(raw);
+    return JSON.parse(decrypted);
+  } catch {
+    return { entries: {} };
+  }
+}
+function saveStore(store) {
+  const json = JSON.stringify(store);
+  const encrypted = encrypt(json);
+  writeFileSync2(getMemoryPath(), encrypted, "utf8");
+}
+function remember(key, value) {
+  const store = loadStore();
+  store.entries[key] = {
+    value,
+    updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  saveStore(store);
+}
+function recall(key) {
+  const store = loadStore();
+  return store.entries[key]?.value ?? null;
+}
+function listMemory() {
+  const store = loadStore();
+  return Object.entries(store.entries).map(([key, entry]) => ({
+    key,
+    updatedAt: entry.updatedAt
+  }));
+}
+function forget(key) {
+  const store = loadStore();
+  if (key in store.entries) {
+    delete store.entries[key];
+    saveStore(store);
+    return true;
+  }
+  return false;
+}
 
 // src/mcp/server.ts
 function text(t, isError = false) {
@@ -524,16 +1129,27 @@ function opts(params) {
   return {
     scope: params.scope,
     projectPath: params.projectPath ?? process.cwd(),
+    teamId: params.teamId,
+    orgId: params.orgId,
     env: params.env,
     source: "mcp"
   };
 }
+function enforceToolPolicy(toolName, projectPath) {
+  const decision = checkToolPolicy(toolName, projectPath);
+  if (!decision.allowed) {
+    return text(`Policy Denied: ${decision.reason} (source: ${decision.policySource})`, true);
+  }
+  return null;
+}
 function createMcpServer() {
   const server2 = new McpServer({
     name: "q-ring",
     version: "0.2.0"
   });
-  const scopeSchema = z.enum(["global", "project"]).optional().describe("Scope: global or project");
+  const teamIdSchema = z.string().optional().describe("Team identifier for team-scoped secrets");
+  const orgIdSchema = z.string().optional().describe("Org identifier for org-scoped secrets");
+  const scopeSchema = z.enum(["global", "project", "team", "org"]).optional().describe("Scope: global, project, team, or org");
   const projectPathSchema = z.string().optional().describe("Project root path for project-scoped secrets");
   const envSchema = z.string().optional().describe("Environment for superposition collapse (e.g., dev, staging, prod)");
   server2.tool(
@@ -543,12 +1159,24 @@ function createMcpServer() {
       key: z.string().describe("The secret key name"),
       scope: scopeSchema,
       projectPath: projectPathSchema,
-      env: envSchema
+      env: envSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
-      const value = getSecret(params.key, opts(params));
-      if (value === null) return text(`Secret "${params.key}" not found`, true);
-      return text(value);
+      const toolBlock = enforceToolPolicy("get_secret", params.projectPath);
+      if (toolBlock) return toolBlock;
+      try {
+        const keyBlock = checkKeyReadPolicy(params.key, void 0, params.projectPath);
+        if (!keyBlock.allowed) {
+          return text(`Policy Denied: ${keyBlock.reason}`, true);
+        }
+        const value = getSecret(params.key, opts(params));
+        if (value === null) return text(`Secret "${params.key}" not found`, true);
+        return text(value);
+      } catch (err) {
+        return text(err instanceof Error ? err.message : String(err), true);
+      }
     }
   );
   server2.tool(
@@ -560,9 +1188,13 @@ function createMcpServer() {
       tag: z.string().optional().describe("Filter by tag"),
       expired: z.boolean().optional().describe("Show only expired secrets"),
       stale: z.boolean().optional().describe("Show only stale secrets (75%+ decay)"),
-      filter: z.string().optional().describe("Glob pattern on key name (e.g., 'API_*')")
+      filter: z.string().optional().describe("Glob pattern on key name (e.g., 'API_*')"),
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("list_secrets", params.projectPath);
+      if (toolBlock) return toolBlock;
       let entries = listSecrets(opts(params));
       if (params.tag) {
         entries = entries.filter(
@@ -622,9 +1254,13 @@ function createMcpServer() {
       description: z.string().optional().describe("Human-readable description"),
       tags: z.array(z.string()).optional().describe("Tags for organization"),
       rotationFormat: z.enum(["hex", "base64", "alphanumeric", "uuid", "api-key", "token", "password"]).optional().describe("Format for auto-rotation when this secret expires"),
-      rotationPrefix: z.string().optional().describe("Prefix for auto-rotation (e.g. 'sk-')")
+      rotationPrefix: z.string().optional().describe("Prefix for auto-rotation (e.g. 'sk-')"),
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("set_secret", params.projectPath);
+      if (toolBlock) return toolBlock;
       const o = opts(params);
       if (params.env) {
         const existing = getEnvelope(params.key, o);
@@ -662,9 +1298,13 @@ function createMcpServer() {
     {
       key: z.string().describe("The secret key name"),
       scope: scopeSchema,
-      projectPath: projectPathSchema
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("delete_secret", params.projectPath);
+      if (toolBlock) return toolBlock;
       const deleted = deleteSecret(params.key, opts(params));
       return text(
         deleted ? `Deleted "${params.key}"` : `Secret "${params.key}" not found`,
@@ -678,9 +1318,13 @@ function createMcpServer() {
     {
       key: z.string().describe("The secret key name"),
       scope: scopeSchema,
-      projectPath: projectPathSchema
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("has_secret", params.projectPath);
+      if (toolBlock) return toolBlock;
       return text(hasSecret(params.key, opts(params)) ? "true" : "false");
     }
   );
@@ -693,9 +1337,13 @@ function createMcpServer() {
       tags: z.array(z.string()).optional().describe("Only export secrets with any of these tags"),
       scope: scopeSchema,
       projectPath: projectPathSchema,
-      env: envSchema
+      env: envSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("export_secrets", params.projectPath);
+      if (toolBlock) return toolBlock;
       const output = exportSecrets({
         ...opts(params),
         format: params.format,
@@ -717,6 +1365,8 @@ function createMcpServer() {
       dryRun: z.boolean().optional().default(false).describe("Preview what would be imported without saving")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("import_dotenv", params.projectPath);
+      if (toolBlock) return toolBlock;
       const result = importDotenv(params.content, {
         scope: params.scope,
         projectPath: params.projectPath ?? process.cwd(),
@@ -743,6 +1393,8 @@ function createMcpServer() {
       projectPath: projectPathSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("check_project", params.projectPath);
+      if (toolBlock) return toolBlock;
       const projectPath = params.projectPath ?? process.cwd();
       const config = readProjectConfig(projectPath);
       if (!config?.secrets || Object.keys(config.secrets).length === 0) {
@@ -793,6 +1445,8 @@ function createMcpServer() {
       env: envSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("env_generate", params.projectPath);
+      if (toolBlock) return toolBlock;
       const projectPath = params.projectPath ?? process.cwd();
       const config = readProjectConfig(projectPath);
       if (!config?.secrets || Object.keys(config.secrets).length === 0) {
@@ -836,9 +1490,13 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
     {
       key: z.string().describe("The secret key name"),
       scope: scopeSchema,
-      projectPath: projectPathSchema
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("inspect_secret", params.projectPath);
+      if (toolBlock) return toolBlock;
       const result = getEnvelope(params.key, opts(params));
       if (!result) return text(`Secret "${params.key}" not found`, true);
       const { envelope, scope } = result;
@@ -879,6 +1537,8 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       projectPath: projectPathSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("detect_environment", params.projectPath);
+      if (toolBlock) return toolBlock;
       const result = collapseEnvironment({
         projectPath: params.projectPath ?? process.cwd()
       });
@@ -899,9 +1559,13 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       prefix: z.string().optional().describe("Prefix for api-key/token format"),
       saveAs: z.string().optional().describe("If provided, save the generated secret with this key name"),
       scope: scopeSchema.default("global"),
-      projectPath: projectPathSchema
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("generate_secret", params.projectPath);
+      if (toolBlock) return toolBlock;
       const secret = generateSecret({
         format: params.format,
         length: params.length,
@@ -932,6 +1596,8 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       targetProjectPath: z.string().optional()
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("entangle_secrets", params.sourceProjectPath);
+      if (toolBlock) return toolBlock;
       entangleSecrets(
         params.sourceKey,
         {
@@ -961,6 +1627,8 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       targetProjectPath: z.string().optional()
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("disentangle_secrets", params.sourceProjectPath);
+      if (toolBlock) return toolBlock;
       disentangleSecrets(
         params.sourceKey,
         {
@@ -987,6 +1655,8 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       maxReads: z.number().optional().describe("Self-destruct after N reads")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("tunnel_create");
+      if (toolBlock) return toolBlock;
       const id = tunnelCreate(params.value, {
         ttlSeconds: params.ttlSeconds,
         maxReads: params.maxReads
@@ -1001,6 +1671,8 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       id: z.string().describe("Tunnel ID")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("tunnel_read");
+      if (toolBlock) return toolBlock;
       const value = tunnelRead(params.id);
       if (value === null) {
         return text(`Tunnel "${params.id}" not found or expired`, true);
@@ -1013,6 +1685,8 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
     "List active tunneled secrets (IDs and metadata only, never values).",
     {},
     async () => {
+      const toolBlock = enforceToolPolicy("tunnel_list");
+      if (toolBlock) return toolBlock;
       const tunnels = tunnelList();
       if (tunnels.length === 0) return text("No active tunnels");
       const lines = tunnels.map((t) => {
@@ -1035,6 +1709,8 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       id: z.string().describe("Tunnel ID")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("tunnel_destroy");
+      if (toolBlock) return toolBlock;
       const destroyed = tunnelDestroy(params.id);
       return text(
         destroyed ? `Destroyed ${params.id}` : `Tunnel "${params.id}" not found`,
@@ -1049,9 +1725,13 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       keys: z.array(z.string()).optional().describe("Specific keys to pack (all if omitted)"),
       passphrase: z.string().describe("Encryption passphrase"),
       scope: scopeSchema,
-      projectPath: projectPathSchema
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("teleport_pack", params.projectPath);
+      if (toolBlock) return toolBlock;
       const o = opts(params);
       const entries = listSecrets(o);
       const secrets = [];
@@ -1075,9 +1755,13 @@ ${warnings.map((w) => `# ${w}`).join("\n")}` : output;
       passphrase: z.string().describe("Decryption passphrase"),
       scope: scopeSchema.default("global"),
       projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema,
       dryRun: z.boolean().optional().default(false).describe("Preview without importing")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("teleport_unpack", params.projectPath);
+      if (toolBlock) return toolBlock;
       try {
         const payload = teleportUnpack(params.bundle, params.passphrase);
         if (params.dryRun) {
@@ -1104,6 +1788,8 @@ ${preview}`);
       limit: z.number().optional().default(20).describe("Max events to return")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("audit_log");
+      if (toolBlock) return toolBlock;
       const events = queryAudit({
         key: params.key,
         action: params.action,
@@ -1128,6 +1814,8 @@ ${preview}`);
       key: z.string().optional().describe("Check anomalies for a specific key")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("detect_anomalies");
+      if (toolBlock) return toolBlock;
       const anomalies = detectAnomalies(params.key);
       if (anomalies.length === 0) return text("No anomalies detected");
       const lines = anomalies.map(
@@ -1141,9 +1829,13 @@ ${preview}`);
     "Run a comprehensive health check on all secrets: decay status, staleness, anomalies, entropy assessment.",
     {
       scope: scopeSchema,
-      projectPath: projectPathSchema
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("health_check", params.projectPath);
+      if (toolBlock) return toolBlock;
       const entries = listSecrets(opts(params));
       const anomalies = detectAnomalies();
       let healthy = 0;
@@ -1193,9 +1885,13 @@ ${preview}`);
       key: z.string().describe("The secret key name"),
       provider: z.string().optional().describe("Force a specific provider (openai, stripe, github, aws, http)"),
       scope: scopeSchema,
-      projectPath: projectPathSchema
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("validate_secret", params.projectPath);
+      if (toolBlock) return toolBlock;
       const value = getSecret(params.key, opts(params));
       if (value === null) return text(`Secret "${params.key}" not found`, true);
       const envelope = getEnvelope(params.key, opts(params));
@@ -1209,7 +1905,9 @@ ${preview}`);
     "List all available validation providers for secret liveness testing.",
     {},
     async () => {
-      const providers = registry.listProviders().map((p) => ({
+      const toolBlock = enforceToolPolicy("list_providers");
+      if (toolBlock) return toolBlock;
+      const providers = registry2.listProviders().map((p) => ({
         name: p.name,
         description: p.description,
         prefixes: p.prefixes ?? []
@@ -1234,6 +1932,8 @@ ${preview}`);
       description: z.string().optional().describe("Human-readable description")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("register_hook");
+      if (toolBlock) return toolBlock;
       if (!params.key && !params.keyPattern && !params.tag) {
         return text("At least one match criterion required: key, keyPattern, or tag", true);
       }
@@ -1260,6 +1960,8 @@ ${preview}`);
     "List all registered secret change hooks with their match criteria, type, and status.",
     {},
     async () => {
+      const toolBlock = enforceToolPolicy("list_hooks");
+      if (toolBlock) return toolBlock;
       const hooks = listHooks();
       if (hooks.length === 0) return text("No hooks registered");
       return text(JSON.stringify(hooks, null, 2));
@@ -1272,6 +1974,8 @@ ${preview}`);
       id: z.string().describe("Hook ID to remove")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("remove_hook");
+      if (toolBlock) return toolBlock;
       const removed = removeHook(params.id);
       return text(
         removed ? `Removed hook ${params.id}` : `Hook "${params.id}" not found`,
@@ -1279,6 +1983,194 @@ ${preview}`);
       );
     }
   );
+  server2.tool(
+    "exec_with_secrets",
+    "Run a shell command securely. Project secrets are injected into the environment, and any secret values in the output are automatically redacted to prevent leaking into transcripts.",
+    {
+      command: z.string().describe("Command to run"),
+      args: z.array(z.string()).optional().describe("Command arguments"),
+      keys: z.array(z.string()).optional().describe("Only inject these specific keys"),
+      tags: z.array(z.string()).optional().describe("Only inject secrets with these tags"),
+      profile: z.enum(["unrestricted", "restricted", "ci"]).optional().default("restricted").describe("Exec profile: unrestricted, restricted, or ci"),
+      scope: scopeSchema,
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("exec_with_secrets", params.projectPath);
+      if (toolBlock) return toolBlock;
+      const execBlock = checkExecPolicy(params.command, params.projectPath);
+      if (!execBlock.allowed) {
+        return text(`Policy Denied: ${execBlock.reason}`, true);
+      }
+      try {
+        const result = await execCommand({
+          command: params.command,
+          args: params.args ?? [],
+          keys: params.keys,
+          tags: params.tags,
+          profile: params.profile,
+          scope: params.scope,
+          projectPath: params.projectPath,
+          source: "mcp",
+          captureOutput: true
+        });
+        const output = [];
+        output.push(`Exit code: ${result.code}`);
+        if (result.stdout) output.push(`STDOUT:
+${result.stdout}`);
+        if (result.stderr) output.push(`STDERR:
+${result.stderr}`);
+        return text(output.join("\n\n"));
+      } catch (err) {
+        return text(`Execution failed: ${err instanceof Error ? err.message : String(err)}`, true);
+      }
+    }
+  );
+  server2.tool(
+    "scan_codebase_for_secrets",
+    "Scan a directory for hardcoded secrets using regex heuristics and Shannon entropy analysis. Returns file paths, line numbers, and the matched key/value to help migrate legacy codebases into q-ring.",
+    {
+      dirPath: z.string().describe("Absolute or relative path to the directory to scan")
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("scan_codebase_for_secrets");
+      if (toolBlock) return toolBlock;
+      try {
+        const results = scanCodebase(params.dirPath);
+        if (results.length === 0) {
+          return text("No hardcoded secrets found in the specified directory.");
+        }
+        return text(JSON.stringify(results, null, 2));
+      } catch (err) {
+        return text(`Scan failed: ${err instanceof Error ? err.message : String(err)}`, true);
+      }
+    }
+  );
+  server2.tool(
+    "get_project_context",
+    "Get a safe, redacted overview of the project's secrets, environment, manifest, providers, hooks, and recent audit activity. No secret values are ever exposed. Use this to understand what secrets exist before asking to read them.",
+    {
+      scope: scopeSchema,
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("get_project_context", params.projectPath);
+      if (toolBlock) return toolBlock;
+      const context = getProjectContext(opts(params));
+      return text(JSON.stringify(context, null, 2));
+    }
+  );
+  server2.tool(
+    "agent_remember",
+    "Store a key-value pair in encrypted agent memory that persists across sessions. Use this to remember decisions, rotation history, or project-specific context.",
+    {
+      key: z.string().describe("Memory key"),
+      value: z.string().describe("Value to store")
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("agent_remember");
+      if (toolBlock) return toolBlock;
+      remember(params.key, params.value);
+      return text(`Remembered "${params.key}"`);
+    }
+  );
+  server2.tool(
+    "agent_recall",
+    "Retrieve a value from agent memory, or list all stored keys if no key is provided.",
+    {
+      key: z.string().optional().describe("Memory key to recall (omit to list all)")
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("agent_recall");
+      if (toolBlock) return toolBlock;
+      if (!params.key) {
+        const entries = listMemory();
+        if (entries.length === 0) return text("Agent memory is empty");
+        return text(JSON.stringify(entries, null, 2));
+      }
+      const value = recall(params.key);
+      if (value === null) return text(`No memory found for "${params.key}"`, true);
+      return text(value);
+    }
+  );
+  server2.tool(
+    "agent_forget",
+    "Delete a key from agent memory.",
+    {
+      key: z.string().describe("Memory key to forget")
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("agent_forget");
+      if (toolBlock) return toolBlock;
+      const removed = forget(params.key);
+      return text(removed ? `Forgot "${params.key}"` : `No memory found for "${params.key}"`, !removed);
+    }
+  );
+  server2.tool(
+    "lint_files",
+    "Scan specific files for hardcoded secrets. Optionally auto-fix by replacing them with process.env references and storing the values in q-ring.",
+    {
+      files: z.array(z.string()).describe("File paths to lint"),
+      fix: z.boolean().optional().default(false).describe("Auto-replace and store secrets"),
+      scope: scopeSchema,
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("lint_files", params.projectPath);
+      if (toolBlock) return toolBlock;
+      try {
+        const results = lintFiles(params.files, {
+          fix: params.fix,
+          scope: params.scope,
+          projectPath: params.projectPath
+        });
+        if (results.length === 0) {
+          return text("No hardcoded secrets found in the specified files.");
+        }
+        return text(JSON.stringify(results, null, 2));
+      } catch (err) {
+        return text(`Lint failed: ${err instanceof Error ? err.message : String(err)}`, true);
+      }
+    }
+  );
+  server2.tool(
+    "analyze_secrets",
+    "Analyze secret usage patterns and provide optimization suggestions including most accessed, stale, unused, and rotation recommendations.",
+    {
+      scope: scopeSchema,
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("analyze_secrets", params.projectPath);
+      if (toolBlock) return toolBlock;
+      const o = opts(params);
+      const entries = listSecrets({ ...o, silent: true });
+      const audit = queryAudit({ limit: 500 });
+      const accessMap = /* @__PURE__ */ new Map();
+      for (const e of audit) {
+        if (e.action === "read" && e.key) {
+          accessMap.set(e.key, (accessMap.get(e.key) || 0) + 1);
+        }
+      }
+      const analysis = {
+        total: entries.length,
+        expired: entries.filter((e) => e.decay?.isExpired).length,
+        stale: entries.filter((e) => e.decay?.isStale && !e.decay?.isExpired).length,
+        neverAccessed: entries.filter((e) => (e.envelope?.meta.accessCount ?? 0) === 0).map((e) => e.key),
+        noRotationFormat: entries.filter((e) => !e.envelope?.meta.rotationFormat).map((e) => e.key),
+        mostAccessed: [...accessMap.entries()].sort((a, b) => b[1] - a[1]).slice(0, 10).map(([key, count]) => ({ key, reads: count }))
+      };
+      return text(JSON.stringify(analysis, null, 2));
+    }
+  );
   let dashboardInstance = null;
   server2.tool(
     "status_dashboard",
@@ -1287,10 +2179,12 @@ ${preview}`);
       port: z.number().optional().default(9876).describe("Port to serve on")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("status_dashboard");
+      if (toolBlock) return toolBlock;
       if (dashboardInstance) {
         return text(`Dashboard already running at http://127.0.0.1:${dashboardInstance.port}`);
       }
-      const { startDashboardServer } = await import("./dashboard-32PCZF7D.js");
+      const { startDashboardServer } = await import("./dashboard-Q5OQRQCX.js");
       dashboardInstance = startDashboardServer({ port: params.port });
       return text(`Dashboard started at http://127.0.0.1:${dashboardInstance.port}
 Open this URL in a browser to see live quantum status.`);
@@ -1304,6 +2198,8 @@ Open this URL in a browser to see live quantum status.`);
       projectPaths: z.array(z.string()).optional().describe("Project paths to monitor")
     },
     async (params) => {
+      const toolBlock = enforceToolPolicy("agent_scan");
+      if (toolBlock) return toolBlock;
       const report = runHealthScan({
         autoRotate: params.autoRotate,
         projectPaths: params.projectPaths ?? [process.cwd()]
@@ -1311,6 +2207,128 @@ Open this URL in a browser to see live quantum status.`);
       return text(JSON.stringify(report, null, 2));
     }
   );
+  server2.tool(
+    "verify_audit_chain",
+    "Verify the tamper-evident hash chain of the audit log. Returns integrity status and the first break point if tampered.",
+    {},
+    async () => {
+      const toolBlock = enforceToolPolicy("verify_audit_chain");
+      if (toolBlock) return toolBlock;
+      const result = verifyAuditChain();
+      return text(JSON.stringify(result, null, 2));
+    }
+  );
+  server2.tool(
+    "export_audit",
+    "Export audit events in a portable format (jsonl, json, or csv) with optional time range filtering.",
+    {
+      since: z.string().optional().describe("Start date (ISO 8601)"),
+      until: z.string().optional().describe("End date (ISO 8601)"),
+      format: z.enum(["jsonl", "json", "csv"]).optional().default("jsonl").describe("Output format")
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("export_audit");
+      if (toolBlock) return toolBlock;
+      const output = exportAudit({
+        since: params.since,
+        until: params.until,
+        format: params.format
+      });
+      return text(output);
+    }
+  );
+  server2.tool(
+    "rotate_secret",
+    "Attempt issuer-native rotation of a secret via its detected or specified provider. Returns rotation result.",
+    {
+      key: z.string().describe("The secret key to rotate"),
+      provider: z.string().optional().describe("Force a specific provider"),
+      scope: scopeSchema,
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("rotate_secret", params.projectPath);
+      if (toolBlock) return toolBlock;
+      const value = getSecret(params.key, opts(params));
+      if (!value) return text(`Secret "${params.key}" not found`, true);
+      const result = await rotateWithProvider(value, params.provider);
+      if (result.rotated && result.newValue) {
+        setSecret(params.key, result.newValue, {
+          scope: params.scope ?? "global",
+          projectPath: params.projectPath,
+          source: "mcp"
+        });
+      }
+      return text(JSON.stringify(result, null, 2));
+    }
+  );
+  server2.tool(
+    "ci_validate_secrets",
+    "CI-oriented batch validation: validates all accessible secrets against their providers and returns a structured pass/fail report.",
+    {
+      scope: scopeSchema,
+      projectPath: projectPathSchema,
+      teamId: teamIdSchema,
+      orgId: orgIdSchema
+    },
+    async (params) => {
+      const toolBlock = enforceToolPolicy("ci_validate_secrets", params.projectPath);
+      if (toolBlock) return toolBlock;
+      const entries = listSecrets(opts(params));
+      const secrets = entries.map((e) => {
+        const val = getSecret(e.key, { ...opts(params), scope: e.scope, silent: true });
+        if (!val) return null;
+        return {
+          key: e.key,
+          value: val,
+          provider: e.envelope?.meta.provider,
+          validationUrl: e.envelope?.meta.validationUrl
+        };
+      }).filter((s) => s !== null);
+      if (secrets.length === 0) return text("No secrets to validate");
+      const report = await ciValidateBatch(secrets);
+      return text(JSON.stringify(report, null, 2));
+    }
+  );
+  server2.tool(
+    "check_policy",
+    "Check if an action is allowed by the project's governance policy. Returns the policy decision and source.",
+    {
+      action: z.enum(["tool", "key_read", "exec"]).describe("Type of policy check"),
+      toolName: z.string().optional().describe("Tool name to check (for action=tool)"),
+      key: z.string().optional().describe("Secret key to check (for action=key_read)"),
+      command: z.string().optional().describe("Command to check (for action=exec)"),
+      projectPath: projectPathSchema
+    },
+    async (params) => {
+      if (params.action === "tool" && params.toolName) {
+        const d = checkToolPolicy(params.toolName, params.projectPath);
+        return text(JSON.stringify(d, null, 2));
+      }
+      if (params.action === "key_read" && params.key) {
+        const d = checkKeyReadPolicy(params.key, void 0, params.projectPath);
+        return text(JSON.stringify(d, null, 2));
+      }
+      if (params.action === "exec" && params.command) {
+        const d = checkExecPolicy(params.command, params.projectPath);
+        return text(JSON.stringify(d, null, 2));
+      }
+      return text("Missing required parameter for the selected action type", true);
+    }
+  );
+  server2.tool(
+    "get_policy_summary",
+    "Get a summary of the project's governance policy configuration.",
+    {
+      projectPath: projectPathSchema
+    },
+    async (params) => {
+      const summary = getPolicySummary(params.projectPath);
+      return text(JSON.stringify(summary, null, 2));
+    }
+  );
   return server2;
 }