npm - @signet-auth/mcp-tools - Versions diffs - 0.4.5 → 0.5.0 - Mend

@signet-auth/mcp-tools 0.4.5 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/server.js CHANGED Viewed

@@ -2,10 +2,8 @@
 /**
  * @signet-auth/mcp-tools — Standalone MCP server exposing Signet crypto tools.
  *
- * Security note: signet_sign requires a secret key as input. This is inherent
- * to the signing operation. In production, use SIGNET_SECRET_KEY env var instead
- * of passing keys through tool arguments. The generate_keypair tool only returns
- * the public key — secret keys should be managed via the Signet CLI keystore.
+ * signet_sign reads the secret key from the SIGNET_SECRET_KEY environment
+ * variable. Keys are never accepted as tool arguments.
  */
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { createSignetToolsServer } from './tools.js';

package/dist/tools.js CHANGED Viewed

@@ -8,49 +8,48 @@ import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
 import { generateKeypair, sign, verifyAny, contentHash, } from '@signet-auth/core';
 export function createSignetToolsServer() {
-    const server = new Server({ name: 'signet-mcp-tools', version: '0.4.0' }, { capabilities: { tools: {} } });
+    const server = new Server({ name: 'signet-mcp-tools', version: '0.5.0' }, { capabilities: { tools: {} } });
     server.setRequestHandler(ListToolsRequestSchema, async () => ({
         tools: [
             {
                 name: 'signet_generate_keypair',
-                description: 'Generate a new Ed25519 keypair. Returns only the public key. Use Signet CLI to manage secret keys securely.',
+                description: 'Create a fresh Ed25519 identity for demos, tests, or agent bootstrapping. Returns JSON with {public_key, note}. The secret key is intentionally not returned by this MCP tool, so use Signet CLI or your own secure key storage for long-lived identities.',
                 inputSchema: { type: 'object', properties: {} },
             },
             {
                 name: 'signet_sign',
-                description: 'Sign an action (tool call) with an Ed25519 key, producing a cryptographic receipt. Uses SIGNET_SECRET_KEY env var if set, otherwise requires secret_key argument.',
+                description: 'Create a Signet receipt for a tool call before execution. The secret key is read from the SIGNET_SECRET_KEY environment variable (never passed as an argument). Returns the full signed receipt JSON.',
                 inputSchema: {
                     type: 'object',
                     properties: {
-                        secret_key: { type: 'string', description: 'Base64 secret key (optional if SIGNET_SECRET_KEY env is set)' },
-                        tool: { type: 'string', description: 'Tool name being called' },
-                        params: { description: 'Tool parameters (any JSON value)' },
-                        signer_name: { type: 'string', description: 'Agent name' },
-                        signer_owner: { type: 'string', description: 'Agent owner (optional)' },
-                        target: { type: 'string', description: 'Target MCP server URI' },
+                        tool: { type: 'string', description: 'Name of the tool or action being attested, for example github_create_issue or file_write.' },
+                        params: { description: 'Exact JSON arguments to bind into the receipt. Changing this JSON later will change the params hash and invalidate verification expectations.' },
+                        signer_name: { type: 'string', description: 'Stable signer or agent name that will appear in the receipt, such as ci-agent or research-bot.' },
+                        signer_owner: { type: 'string', description: 'Optional human, team, or org that owns the signer identity.' },
+                        target: { type: 'string', description: 'Optional target URI for the system where the action will run, such as mcp://github.local.' },
                     },
                     required: ['tool', 'signer_name'],
                 },
             },
             {
                 name: 'signet_verify',
-                description: 'Verify a Signet receipt signature. Returns {valid: true/false}. Accepts both bare base64 and ed25519:-prefixed public keys.',
+                description: 'Verify that a receipt was signed by the expected public key. Use this to validate receipts from agents, logs, tests, or exchanged MCP metadata. Returns JSON {valid: boolean}. This checks signature validity against the supplied key; it does not enforce freshness, authorization, or policy decisions.',
                 inputSchema: {
                     type: 'object',
                     properties: {
-                        receipt_json: { type: 'string', description: 'Receipt JSON string' },
-                        public_key: { type: 'string', description: 'Public key (base64 or ed25519:base64)' },
+                        receipt_json: { type: 'string', description: 'Serialized receipt JSON to verify. This should be the full receipt object as a string.' },
+                        public_key: { type: 'string', description: 'Expected signer public key, either bare base64 or ed25519:base64.' },
                     },
                     required: ['receipt_json', 'public_key'],
                 },
             },
             {
                 name: 'signet_content_hash',
-                description: 'Compute SHA-256 hash of canonical JSON (RFC 8785 JCS). Accepts any JSON value.',
+                description: 'Compute a deterministic SHA-256 hash over canonical JSON using RFC 8785 JCS. Use this when you need a stable digest for receipt params, audit records, or comparing semantically identical JSON with different formatting or key order. Returns JSON {hash: string}.',
                 inputSchema: {
                     type: 'object',
                     properties: {
-                        content: { description: 'JSON content to hash (object, array, string, number, boolean, or null)' },
+                        content: { description: 'Any JSON value to hash: object, array, string, number, boolean, or null.' },
                     },
                     required: ['content'],
                 },
@@ -65,14 +64,14 @@ export function createSignetToolsServer() {
                     const kp = generateKeypair();
                     // Only return public key — secret key management via CLI/env
                     return {
-                        content: [{ type: 'text', text: JSON.stringify({ public_key: kp.publicKey, note: 'Secret key generated but not returned. Use Signet CLI for key management.' }) }],
+                        content: [{ type: 'text', text: JSON.stringify({ public_key: kp.publicKey, note: 'This is an ephemeral keypair for demos/tests. The secret key was not returned for security. For persistent identities, use: signet identity generate --name <name>' }) }],
                     };
                 }
                 case 'signet_sign': {
-                    const secretKey = args?.secret_key ?? process.env.SIGNET_SECRET_KEY;
+                    const secretKey = process.env.SIGNET_SECRET_KEY;
                     if (!secretKey) {
                         return {
-                            content: [{ type: 'text', text: 'Error: no secret key. Set SIGNET_SECRET_KEY env var or pass secret_key argument.' }],
+                            content: [{ type: 'text', text: 'Error: SIGNET_SECRET_KEY environment variable is not set. Set it before starting the server.' }],
                             isError: true,
                         };
                     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@signet-auth/mcp-tools",
-  "version": "0.4.5",
+  "version": "0.5.0",
   "description": "Standalone MCP server exposing Signet signing, verification, and content hash tools",
   "keywords": [
     "mcp",
@@ -20,12 +20,16 @@
     "url": "git+https://github.com/Prismer-AI/signet.git",
     "directory": "packages/signet-mcp-tools"
   },
-  "mcpName": "io.github.Prismer-AI/signet-mcp-tools",
+  "mcpName": "io.github.prismer-ai/signet-mcp-tools",
   "type": "module",
   "bin": {
     "signet-mcp-tools": "dist/server.js"
   },
-  "files": ["dist/"],
+  "files": [
+    "dist/",
+    "server.json",
+    "README.md"
+  ],
   "scripts": {
     "build": "npx tsc",
     "test": "npx tsc -p tsconfig.test.json && node --test dist-test/tests/tools.test.js",
@@ -36,7 +40,7 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.10.0",
-    "@signet-auth/core": "^0.4.5"
+    "@signet-auth/core": "^0.5.0"
   },
   "devDependencies": {
     "@types/node": "^22",

package/server.json ADDED Viewed

@@ -0,0 +1,21 @@
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-10-17/server.schema.json",
+  "name": "io.github.prismer-ai/signet-mcp-tools",
+  "title": "Signet MCP Tools",
+  "description": "MCP server exposing Signet cryptographic signing, verification, and content hash tools over stdio.",
+  "version": "0.5.0",
+  "repository": {
+    "url": "https://github.com/Prismer-AI/signet",
+    "source": "github"
+  },
+  "packages": [
+    {
+      "registryType": "npm",
+      "identifier": "@signet-auth/mcp-tools",
+      "version": "0.5.0",
+      "transport": {
+        "type": "stdio"
+      }
+    }
+  ]
+}