@tideorg/mcp 1.4.2 → 1.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +81 -0
- package/GAP_REGISTER.md +18 -8
- package/PRIVACY.md +41 -0
- package/README.md +204 -197
- package/adapters/AGENTS.md +3 -2
- package/adapters/CLAUDE.md +1 -1
- package/canon/anti-patterns.md +55 -62
- package/canon/concepts.md +46 -34
- package/canon/custom-contracts.md +12 -8
- package/canon/feature-mapping.md +27 -75
- package/canon/framework-matrix.md +69 -22
- package/canon/hosting-options.md +111 -0
- package/canon/iga-change-requests-api.md +211 -0
- package/canon/invariants.md +33 -35
- package/canon/security-gap-mapping.md +506 -0
- package/canon/security-runtime-probes.md +177 -0
- package/canon/tidecloak-bootstrap.md +21 -16
- package/canon/tidecloak-endpoints.md +60 -98
- package/canon/troubleshooting.md +115 -53
- package/canon/version-policy.md +8 -12
- package/mcp-server/dist/server.js +221 -19
- package/package.json +48 -45
- package/playbooks/add-auth-nextjs-existing.md +33 -17
- package/playbooks/add-auth-nextjs-fresh.md +1 -1
- package/playbooks/add-rbac-nextjs.md +7 -2
- package/playbooks/bootstrap-realm-from-template.md +33 -18
- package/playbooks/deploy-tidecloak-docker.md +31 -28
- package/playbooks/diagnose-missing-roles-or-claims.md +2 -2
- package/playbooks/initialize-admin-and-link-account.md +22 -19
- package/playbooks/protect-api-nextjs.md +40 -1
- package/playbooks/protect-aspnet-core-asgard.md +313 -0
- package/playbooks/protect-routes-nextjs.md +24 -10
- package/playbooks/provision-tidecloak-skycloak.md +213 -0
- package/playbooks/setup-forseti-e2ee.md +32 -50
- package/playbooks/setup-iga-admin-panel.md +113 -171
- package/playbooks/verify-jwt-server-side.md +20 -1
- package/prompts/build-private-customer-portal.md +1 -1
- package/prompts/security-gap-analysis.md +55 -0
- package/reference-apps/encrypted-communication/anti-patterns.md +3 -3
- package/reference-apps/encrypted-communication/bootstrap-sequence.md +2 -2
- package/reference-apps/encrypted-communication/scenario.md +2 -2
- package/reference-apps/git-pr-signing-service/bootstrap-sequence.md +8 -8
- package/reference-apps/iga-admin-governance/anti-patterns.md +18 -16
- package/reference-apps/iga-admin-governance/bootstrap-sequence.md +10 -5
- package/reference-apps/iga-admin-governance/role-policy-matrix.md +12 -13
- package/reference-apps/iga-admin-governance/scenario.md +15 -13
- package/reference-apps/organisation-password-manager/bootstrap-sequence.md +5 -6
- package/reference-apps/policy-governed-signing/bootstrap-sequence.md +9 -9
- package/skills/tide-diagnostics/SKILL.md +1 -1
- package/skills/tide-integration/SKILL.md +9 -18
- package/skills/tide-mcp-qa/SKILL.md +139 -0
- package/skills/tide-rbac-and-e2ee/SKILL.md +5 -5
- package/skills/tide-reviewer/SKILL.md +1 -1
- package/skills/tide-security-analyst/SKILL.md +182 -0
- package/skills/tide-setup/SKILL.md +1 -1
- package/canon/delegation.md +0 -195
- package/playbooks/setup-server-delegation.md +0 -142
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable changes to `@tideorg/mcp` (the Tide Agent Pack) are documented here.
|
|
4
|
+
|
|
5
|
+
## 1.9.0 — 2026-07-15
|
|
6
|
+
|
|
7
|
+
The largest release since the pack's initial cut. It broadens the MCP from an
|
|
8
|
+
*integration helper* into a *security and hosting advisor*, migrates the IGA API
|
|
9
|
+
to the current surface, and adds a real pre-release quality gate. Also makes the
|
|
10
|
+
pack ready to list in the Claude directory.
|
|
11
|
+
|
|
12
|
+
### Highlights
|
|
13
|
+
|
|
14
|
+
- **Security gap analysis** — audit an existing (even non-Tide) system and map
|
|
15
|
+
its weaknesses to Tide capabilities.
|
|
16
|
+
- **Partner-hosted TideCloak via Skycloak** — a managed-hosting path alongside
|
|
17
|
+
self-hosting.
|
|
18
|
+
- **IGA API migration** to `/iga/change-requests/...` (replaces the legacy
|
|
19
|
+
`/tide-admin/change-set/...`).
|
|
20
|
+
- **Pre-release QA gate** (`npm test`) + GitHub Actions CI.
|
|
21
|
+
- **Read-only tool annotations** and a privacy policy — Claude-directory ready.
|
|
22
|
+
|
|
23
|
+
### New capabilities
|
|
24
|
+
|
|
25
|
+
- **`tide_security_analysis` tool** + `tide-security-analysis` prompt. Backed by
|
|
26
|
+
`canon/security-gap-mapping.md` (SG-01 … SG-18: a trust-concentration → Tide
|
|
27
|
+
capability → remediation → honesty-note table, plus a mandatory "what Tide does
|
|
28
|
+
NOT fix" section), `canon/security-runtime-probes.md` (opt-in, authorization-
|
|
29
|
+
gated live probing), and the `tide-security-analyst` skill.
|
|
30
|
+
- **`tide_hosting` tool** + `canon/hosting-options.md` and the
|
|
31
|
+
`provision-tidecloak-skycloak` playbook: self-host vs partner-hosted decision,
|
|
32
|
+
the trust model (partner-hosting is an availability/metadata trust, not an
|
|
33
|
+
integrity trust — the host can't forge tokens or decrypt data), and the
|
|
34
|
+
Skycloak provisioning API reference.
|
|
35
|
+
- **`tide-mcp-qa` skill + prompt** — the QA Engineer role that runs the gate,
|
|
36
|
+
audits for overclaiming, and issues a SHIP / BLOCK verdict.
|
|
37
|
+
|
|
38
|
+
The MCP now exposes **16 tools** and **5 prompts** (was 14 / 3).
|
|
39
|
+
|
|
40
|
+
### Changed
|
|
41
|
+
|
|
42
|
+
- **IGA change-request API** migrated to `/iga/change-requests/{id}/authorize|commit`
|
|
43
|
+
(per-id, `bulk-authorize` for batches), replacing the legacy
|
|
44
|
+
`/tide-admin/change-set/*/batch`. New authoritative reference
|
|
45
|
+
`canon/iga-change-requests-api.md`; reconciled across canon, playbooks,
|
|
46
|
+
bootstrap scripts, and reference-apps. Captures the **Tide vs Tideless** mode
|
|
47
|
+
split — IGA is cryptographic only in Tide (licensed) mode.
|
|
48
|
+
- **All tools now carry `readOnlyHint` annotations** (they are read-only).
|
|
49
|
+
|
|
50
|
+
### Fixed / internal
|
|
51
|
+
|
|
52
|
+
- **Deterministic QA gate** (`mcp-server/test/`, `npm test`): protocol smoke
|
|
53
|
+
tests (tools/prompts present, annotated, return sane content) + content
|
|
54
|
+
consistency (no stray legacy endpoints, referenced playbooks exist, SG-01…18
|
|
55
|
+
present, GAP counts sum, manifests valid, versions in sync). **113/113.**
|
|
56
|
+
- **GitHub Actions** `qa-gate.yml` runs the gate on every PR and on pushes to
|
|
57
|
+
`main`.
|
|
58
|
+
- **Claude directory readiness**: `PRIVACY.md` (no data collected), corrected +
|
|
59
|
+
validated plugin manifests (`claude plugin validate` passes), version
|
|
60
|
+
reconciliation so `server.ts`, both `package.json`s, and `plugin.json` all read
|
|
61
|
+
**1.9.0**.
|
|
62
|
+
- `npm run test:remote` verifies a live/hosted endpoint (tool count, annotation
|
|
63
|
+
coverage, version).
|
|
64
|
+
|
|
65
|
+
### Known follow-ups (require a live stack)
|
|
66
|
+
|
|
67
|
+
- **IGA bootstrap loop** (`bulk-authorize → commit`) is verified against the spec
|
|
68
|
+
but `REQUIRES_RUNTIME_VALIDATION` on a live iga-core instance. (GAP-065)
|
|
69
|
+
- **Skycloak-hosted Tide vendor surface** unconfirmed — provisioning is verified,
|
|
70
|
+
but whether a hosted cluster exposes `setUpTideRealm`/IGA/adapter-with-Tide-
|
|
71
|
+
extensions must be checked on a live cluster (`scripts/skycloak-smoke.sh`).
|
|
72
|
+
(GAP-066)
|
|
73
|
+
- Provisioning a **TideCloak** cluster via the Skycloak API needs the identity-
|
|
74
|
+
platform selector field confirmed with Skycloak; the documented API path
|
|
75
|
+
defaults to vanilla Keycloak.
|
|
76
|
+
|
|
77
|
+
### Upgrade notes
|
|
78
|
+
|
|
79
|
+
- If you script the TideCloak bootstrap, switch IGA approvals to the new
|
|
80
|
+
`/iga/change-requests/...` surface — see `canon/iga-change-requests-api.md`.
|
|
81
|
+
- No changes required to app-side SDK wiring.
|
package/GAP_REGISTER.md
CHANGED
|
@@ -10,6 +10,7 @@ Controlled status set:
|
|
|
10
10
|
- `RESOLVED_BY_MULTI_EXEMPLAR` — answered by consistent evidence across two or more exemplars
|
|
11
11
|
- `PARTIALLY_RESOLVED_BY_KEYLESSH` — exemplar provides partial evidence; gaps remain
|
|
12
12
|
- `PARTIALLY_RESOLVED_BY_MULTI_EXEMPLAR` — multiple exemplars provide partial evidence; gaps remain
|
|
13
|
+
- `PARTIALLY_RESOLVED_BY_VENDOR` — vendor confirmed the direction/decision; some detail (e.g., exact payloads) still needed before full drafting
|
|
13
14
|
- `STILL_UNRESOLVED` — no evidence from any source
|
|
14
15
|
- `DOCS_ONLY_CONTRADICTION` — docs say one thing, implementation says another
|
|
15
16
|
- `REQUIRES_RUNTIME_VALIDATION` — exemplar suggests an answer but single-app evidence is insufficient to generalize
|
|
@@ -20,7 +21,7 @@ Controlled status set:
|
|
|
20
21
|
|
|
21
22
|
| Gap ID | Description | Status | Evidence Source | Next Action |
|
|
22
23
|
|--------|------------|--------|-----------------|-------------|
|
|
23
|
-
| GAP-001 | Authentication API omits all Tide-specific flows | RESOLVED_BY_VENDOR | `init-tidecloak.sh` reveals undocumented admin endpoints. `server/auth.ts` shows DPoP verification. `canon/tidecloak-endpoints.md` now documents 94 endpoints across 8 resource classes
|
|
24
|
+
| GAP-001 | Authentication API omits all Tide-specific flows | RESOLVED_BY_VENDOR | `init-tidecloak.sh` reveals undocumented admin endpoints. `server/auth.ts` shows DPoP verification. `canon/tidecloak-endpoints.md` now documents 94 endpoints across 8 resource classes (including the token-exchange endpoint). | Resolved. All Tide-specific auth endpoints documented in `canon/tidecloak-endpoints.md`. Source API docs remain incomplete but pack has full operational coverage. |
|
|
24
25
|
| GAP-002 | Management API omits IGA endpoints | RESOLVED_BY_NORMATIVE_DOC | CHANGE_REQUEST_API.md provides complete REST API with request/response schemas for all change-set operations, policy management, TS client. | Resolved. Canon updated. |
|
|
25
26
|
| GAP-003 | Quorum threshold formula inconsistency | PARTIALLY_RESOLVED_BY_KEYLESSH | `start.sh`: threshold is deployment-configurable. Three distinct concepts: admin quorum (70%), Fabric operational threshold (T/N), SSH policy threshold (per-role). | Document the three-layer distinction. CHANGE_REQUEST_API.md confirms SSH policy `threshold` is distinct from IGA admin quorum. |
|
|
26
27
|
| GAP-004 | Error handling undocumented across all SDKs | RESOLVED_BY_VENDOR | No formal error code taxonomy. One custom class: `NetworkError` (extends `Error`, includes `.response`). All other errors are plain `Error` with string messages. Retryable: `NetworkError`, `enclave.networkFailure`, `enclave.throttled`, `enclave.thresholdTimeoutFailure`, `authRefreshError` (once). Fatal: init errors, input validation, missing roles (`"User has not been given any access to '${tag}'"`), policy violations (`BadPolicy.*`, `OutOfGasException`, `PolicyDecision.Deny()`), mode restrictions. Token/auth errors require re-login. Event listeners (`authError`, `authRefreshError`, `initError`) are the primary async error channel. No built-in retry logic in SDK. | Resolved. Canon updated with error catalog. Adapters pending. |
|
|
@@ -77,13 +78,15 @@ Controlled status set:
|
|
|
77
78
|
| GAP-055 | `oauth2-dpop` npm package for DPoP verification | PARTIALLY_RESOLVED_BY_MULTI_EXEMPLAR | test-cases `dpop-protected/route.ts` uses `oauth2-dpop` package for server-side DPoP proof verification. Simpler than manual verification. | Document as alternative to manual DPoP verification in canon. |
|
|
78
79
|
| GAP-056 | `deleteStatus` semantics for ACTIVE change-set records | STILL_UNRESOLVED | CHANGE_REQUEST_API.md: ACTIVE records have a `deleteStatus` field tracking pending deletion. Does deletion require the same quorum? | Needs vendor clarification. |
|
|
79
80
|
| GAP-057 | Licensing change requests use different path prefix | STILL_UNRESOLVED | CHANGE_REQUEST_API.md: `GET /tideAdminResources/change-set/licensing/requests` vs `GET /tide-admin/change-set/users/requests`. Path inconsistency suggests separate implementations. | Needs clarification on whether licensing requests follow the same sign/commit flow. |
|
|
80
|
-
| GAP-058 | Server-side delegation flow undocumented in pack |
|
|
81
|
+
| GAP-058 | Server-side delegation flow undocumented in pack | UNSHIPPED_REMOVED | Server-side delegation is an asgard feature (the `asgard-tide` Node SDK, as used by keylessh) + two-hop chain of trust (TideMtlsAuthenticator Java, DelegationTokenSignRequest C#); exists only on unmerged asgard/keylessh feature branches and ork `asgard-implementation`; nothing on `origin/main`. | Removed from pack 2026-07-07 — was documenting unshipped behavior. Re-document only after asgard-tide delegation merges to main. |
|
|
81
82
|
| GAP-059 | TideCloak extension endpoints not comprehensively documented | RESOLVED_BY_VENDOR | 94 endpoints across 8 resource classes (VendorResource, VoucherResource, PublicResource, TideIdpResource, TideIdpAdminRealmResource, IGARealmResource, TideAdminRealmResource, PolicyResourceProvider). | Resolved. Canon `tidecloak-endpoints.md` created with full endpoint reference. |
|
|
82
|
-
| GAP-060 |
|
|
83
|
-
| GAP-061 | Scoped delegation (requested_roles) undocumented |
|
|
83
|
+
| GAP-060 | Server-side delegation SDK not documented in pack | UNSHIPPED_REMOVED | The delegation SDK is an asgard (`asgard-tide`) Node package, unmerged/experimental and unpublished; lives only on asgard/keylessh feature branches, not `main`. (There is no `@tidecloak/*` server package — that was a mis-attribution.) | Removed from pack 2026-07-07 — unshipped. |
|
|
84
|
+
| GAP-061 | Scoped delegation (requested_roles) undocumented | UNSHIPPED_REMOVED | Scoped-delegation role filtering is part of the unshipped asgard (`asgard-tide`) delegation surface (feature-branch only). | Removed from pack 2026-07-07 — unshipped. |
|
|
84
85
|
| GAP-062 | Custom Forseti contract creation guide missing from pack | RESOLVED_BY_VENDOR | Ork.Forseti.Sdk README, IAccessPolicy interface, DecisionBuilder, DokenDto, PolicyParam, ForsetiSdk runtime, sandbox restrictions, deployment, policy signing. | Resolved. Canon `custom-contracts.md` created. |
|
|
85
86
|
| GAP-063 | No Go/REST SDK for ORK threshold signing operations | STILL_UNRESOLVED | LEARNINGS-cosign-batch-001 L-01: ORK signing (`createTideRequest` → `executeSignRequest`) only available via JS SDK. No Go, Python, or REST API for direct ORK interaction. Resolved for web apps (JS SDK); blocks CLI tools and non-JS server-side signing. | Needs vendor clarification on ORK REST API or multi-language SDK plans. |
|
|
86
87
|
| GAP-064 | No CLI/terminal authentication flow (PRISM requires browser SWE iframe) | STILL_UNRESOLVED | LEARNINGS-cosign-batch-001 L-02: all TideCloak auth flows require browser context for PRISM zero-knowledge proof via SWE iframe. No device auth grant, service account, or headless flow exists. Browser-bridge (localhost page) is a workaround, not a native flow. | Needs vendor clarification on device auth grant or service account model. |
|
|
88
|
+
| GAP-065 | IGA/QEA change-request API surface migrated: `/iga/change-requests/...` replaces `/tide-admin/change-set/...` | RESOLVED_BY_VENDOR | **CONFIRMED by Tide (2026-07-07)** and spec obtained (`tide-foundation/tidecloak-iga-extensions/docs/qea-iga-api.md`). iga-core's `/iga/change-requests/...` surface replaces the legacy `/tide-admin/change-set/...`. Surface: write captured as HTTP 202 + change-request `id`; per-id `POST .../{id}/authorize` (body `{}`; 409=four-eyes) → `POST .../{id}/commit` (412=under threshold/unmet dependency); `POST .../{id}/deny` (204); batch `POST /iga/change-requests/bulk-authorize` (`{actionTypeIn,limit}`, 429 mutex); `GET /iga/change-requests?status=PENDING` (objects keyed by `id`, with `entityType`/`readyToCommit`/`threshold`/`dependsOn`); Tide-mode enclave two-phase `GET`/`POST .../{id}/approval-model`; comments + `POST /iga/adopt`. Toggle unchanged (`POST /tide-admin/toggle-iga`). Two-mode split — Tide (`iga.attestor=tide`, cryptographic VRK→Midgard→ORK) vs Tideless (`iga.attestor=simple`/unset, username attestation, NO crypto). | **Resolved.** New authoritative reference `canon/iga-change-requests-api.md` created (full spec + old→new map + bootstrap authorize→commit loop). Reconciled across: `canon/feature-mapping.md`, `canon/invariants.md` (I-10), `canon/tidecloak-endpoints.md`, `canon/concepts.md`, `canon/troubleshooting.md`, `canon/tidecloak-bootstrap.md`, `canon/anti-patterns.md`, `canon/security-gap-mapping.md`; playbooks (`deploy-tidecloak-docker`, `bootstrap-realm-from-template`, `initialize-admin-and-link-account`, `setup-iga-admin-panel`, `setup-forseti-e2ee`); bootstrap scripts (`templates/*/scripts/init-tidecloak.sh`, `templates/shared/bootstrap-tidecloak.sh`); reference-apps bootstrap-sequences + `iga-admin-governance`. **Bootstrap loop is REQUIRES_RUNTIME_VALIDATION** — verify end-to-end on a live iga-core instance. Historical `notes/` and `sources/` retain the legacy surface intentionally (audit record). |
|
|
89
|
+
| GAP-066 | Tide vendor surface on Skycloak-hosted TideCloak clusters unconfirmed | STILL_UNRESOLVED | `canon/hosting-options.md` + `playbooks/provision-tidecloak-skycloak.md`: Skycloak (`api.skycloak.io`, partner) offers TideCloak as a cluster identity platform, but the public docs (`skycloak.io/docs/api/`, API-Version 2026-06-01.beta) do not confirm that a hosted TideCloak cluster exposes the Tide vendor endpoints the pack's bootstrap depends on (`vendorResources/setUpTideRealm`, `tide-admin/toggle-iga`, the change-request governance API, adapter export enriched with `jwk`/`vendorId`/`homeOrkUrl`), nor how Tide licensing (Stripe free-tier flow) is handled in the hosted context. Cluster provisioning IS verified via the Skycloak API; the Tide-realm bootstrap on top is ASSUMED and must be verified on a live instance. | Verify against a live Skycloak-hosted TideCloak cluster: probe `setUpTideRealm`, confirm exported adapter has Tide extensions. If absent, Skycloak hosts the broker but Tide-realm provisioning/licensing needs the partner's Tide-specific path — raise with the Tide/Skycloak teams. |
|
|
87
90
|
|
|
88
91
|
---
|
|
89
92
|
|
|
@@ -92,22 +95,29 @@ Controlled status set:
|
|
|
92
95
|
| Status | Count |
|
|
93
96
|
|--------|-------|
|
|
94
97
|
| RESOLVED_BY_KEYLESSH | 1 |
|
|
95
|
-
| RESOLVED_BY_VENDOR |
|
|
98
|
+
| RESOLVED_BY_VENDOR | 34 |
|
|
96
99
|
| RESOLVED_BY_NORMATIVE_DOC | 3 |
|
|
97
100
|
| RESOLVED_BY_MULTI_EXEMPLAR | 2 |
|
|
98
101
|
| PARTIALLY_RESOLVED_BY_KEYLESSH | 4 |
|
|
99
102
|
| PARTIALLY_RESOLVED_BY_MULTI_EXEMPLAR | 4 |
|
|
103
|
+
| PARTIALLY_RESOLVED_BY_VENDOR | 0 |
|
|
100
104
|
| RESOLVED_FOR_EVALS | 1 |
|
|
101
105
|
| RESOLVED_BY_WHITEPAPER | 1 |
|
|
102
|
-
| STILL_UNRESOLVED |
|
|
106
|
+
| STILL_UNRESOLVED | 15 |
|
|
103
107
|
| DOCS_ONLY_CONTRADICTION | 0 |
|
|
104
108
|
| RESOLVED_FOR_TEMPLATES | 1 |
|
|
105
109
|
| REQUIRES_RUNTIME_VALIDATION | 0 |
|
|
106
|
-
| **Total** | **
|
|
110
|
+
| **Total** | **66** |
|
|
111
|
+
|
|
112
|
+
Security-analysis sync (2026-07-06): GAP-065 added for the IGA/QEA API-surface + Tide/Tideless mode-split divergence between pack canon and current staging. Canon `security-gap-mapping.md` + `security-runtime-probes.md` and skill `tide-security-analyst` added.
|
|
113
|
+
|
|
114
|
+
Hosting-integration sync (2026-07-07): GAP-066 added for the unconfirmed Tide vendor surface on Skycloak-hosted TideCloak clusters. Canon `hosting-options.md` and playbook `provision-tidecloak-skycloak.md` added.
|
|
115
|
+
|
|
116
|
+
IGA API-migration sync (2026-07-07): GAP-065 reclassified STILL_UNRESOLVED → PARTIALLY_RESOLVED_BY_VENDOR → **RESOLVED_BY_VENDOR** once the iga-core spec (`qea-iga-api.md`) was obtained. New authoritative reference `canon/iga-change-requests-api.md`; the `/iga/change-requests/...` surface reconciled across canon, playbooks, bootstrap scripts, and reference-apps. Bootstrap approve→commit loop is REQUIRES_RUNTIME_VALIDATION. `PARTIALLY_RESOLVED_BY_VENDOR` status added to the controlled set (currently 0). Historical `notes/`/`sources/` intentionally retain the legacy surface.
|
|
107
117
|
|
|
108
118
|
Full sync pass (2026-04-13): GAP-001 upgraded from PARTIALLY_RESOLVED_BY_KEYLESSH to RESOLVED_BY_VENDOR (all auth endpoints now documented in `canon/tidecloak-endpoints.md`). GAP-029 upgraded from PARTIALLY_RESOLVED_BY_MULTI_EXEMPLAR to RESOLVED_BY_VENDOR (`get-required-action-link` schema now documented). RESOLVED_BY_VENDOR count corrected to 32. No new gaps.
|
|
109
119
|
|
|
110
|
-
Integration-focus sync (2026-04-13): 4 new gaps added (GAP-058 through GAP-061) for server-side delegation, endpoint documentation,
|
|
120
|
+
Integration-focus sync (2026-04-13): 4 new gaps added (GAP-058 through GAP-061) for server-side delegation, endpoint documentation, the asgard-tide delegation SDK, and scoped delegation. Canon updated with `tidecloak-endpoints.md`. (The server-side delegation canon + playbook added in this pass were removed 2026-07-07 as unshipped; GAP-058/060/061 reopened as UNSHIPPED_REMOVED.) See `notes/test-findings/tidecloak-integration-focus.md`.
|
|
111
121
|
|
|
112
122
|
Batch-01 adjudication (2026-03-25): 14 gaps resolved by vendor answers.
|
|
113
123
|
Batch-02 adjudication (2026-03-25): 5 gaps resolved by vendor answers. GAP-029 strengthened. 5 assumptions resolved (A-21, A-22, A-25, A-26, A-28).
|
package/PRIVACY.md
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# Privacy Policy — Tide Agent Pack MCP Server (`@tideorg/mcp`)
|
|
2
|
+
|
|
3
|
+
_Last updated: 2026-07-14_
|
|
4
|
+
|
|
5
|
+
The Tide Agent Pack MCP server exposes read-only operational guidance (canon, playbooks, skills, prompts, scenarios) to AI coding agents. This policy explains what the server does and does not do with data.
|
|
6
|
+
|
|
7
|
+
## Summary
|
|
8
|
+
|
|
9
|
+
**The server collects no personal data, requires no account, stores nothing, and shares nothing with third parties.** Every tool is read-only: it reads guidance files bundled with the server and returns text. It performs no writes, no external network calls, and no tracking.
|
|
10
|
+
|
|
11
|
+
## What the server processes
|
|
12
|
+
|
|
13
|
+
- **Tool arguments.** Some tools accept short text arguments — a file name (e.g. `tide_canon name="invariants"`) or a free-text situation (e.g. `tide_choose_scenario situation="..."`). These arguments are used **transiently, in memory**, to select which bundled guidance to return. They are not stored, logged as content, analyzed, profiled, sold, or used to train any model.
|
|
14
|
+
- **Bundled content only.** The server's responses come entirely from static files shipped with the package (`canon/`, `playbooks/`, `skills/`, `prompts/`, `reference-apps/`, `GAP_REGISTER.md`). It does not read your source code, files, or environment, and it does not fetch anything from the internet at request time.
|
|
15
|
+
|
|
16
|
+
## What the server does NOT do
|
|
17
|
+
|
|
18
|
+
- No user accounts, authentication of end users, or identity collection.
|
|
19
|
+
- No collection of personal data or PII.
|
|
20
|
+
- No persistence of tool arguments or responses.
|
|
21
|
+
- No analytics, telemetry, tracking, or advertising.
|
|
22
|
+
- No sharing or sale of data to third parties.
|
|
23
|
+
- No use of any input for model training.
|
|
24
|
+
|
|
25
|
+
## Deployment modes
|
|
26
|
+
|
|
27
|
+
- **Local (stdio).** When run locally by a coding agent (the default), the server runs entirely on your machine. No data leaves your device through this server.
|
|
28
|
+
- **Hosted (HTTP).** When run as a hosted HTTPS endpoint, tool arguments are sent to the server over TLS and processed in memory to select guidance. The application persists no request bodies. Standard infrastructure/operational logs at the hosting layer may record request metadata (e.g. timestamps, IP address, response codes) for reliability and abuse prevention; these contain no bundled-content responses and are subject to the hosting provider's retention. The server itself writes no such logs.
|
|
29
|
+
|
|
30
|
+
## Data retention
|
|
31
|
+
|
|
32
|
+
The application retains **no** user data. There is nothing to export or delete because nothing is stored.
|
|
33
|
+
|
|
34
|
+
## Changes
|
|
35
|
+
|
|
36
|
+
Material changes to this policy will be published in this file with an updated date.
|
|
37
|
+
|
|
38
|
+
## Contact
|
|
39
|
+
|
|
40
|
+
Tide Foundation — <info@tide.org>
|
|
41
|
+
Source and issues: <https://github.com/tide-foundation/tide-agent-pack>
|
package/README.md
CHANGED
|
@@ -1,197 +1,204 @@
|
|
|
1
|
-
# Tide Agent Pack
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
```
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
}
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
}
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
}
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
}
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
- **
|
|
119
|
-
- **
|
|
120
|
-
- **
|
|
121
|
-
- **
|
|
122
|
-
- **
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
>
|
|
131
|
-
|
|
132
|
-
>
|
|
133
|
-
|
|
134
|
-
>
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
|
141
|
-
|
|
142
|
-
|
|
|
143
|
-
|
|
|
144
|
-
|
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
}
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
```
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
```
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
- **
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
-
|
|
1
|
+
# Tide Agent Pack
|
|
2
|
+
|
|
3
|
+
[](https://github.com/tide-foundation/tide-agent-pack/actions/workflows/qa-gate.yml)
|
|
4
|
+
|
|
5
|
+
AI coding agents that know how to implement [TideCloak](https://tidecloak.com) correctly.
|
|
6
|
+
|
|
7
|
+
This MCP server gives your AI assistant deep knowledge of Tide authentication, threshold cryptography, Forseti smart contracts, and server-side security patterns. Instead of guessing, your AI follows verified playbooks.
|
|
8
|
+
|
|
9
|
+
## Quick Start
|
|
10
|
+
|
|
11
|
+
### Claude Code (CLI or VS Code extension)
|
|
12
|
+
|
|
13
|
+
Run this one command:
|
|
14
|
+
|
|
15
|
+
```bash
|
|
16
|
+
claude mcp add tide-pack -- npx -y @tideorg/mcp
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
Done. Start a conversation and ask your agent to add Tide auth to your app.
|
|
20
|
+
|
|
21
|
+
### Project-level config (any MCP client)
|
|
22
|
+
|
|
23
|
+
Add a `.mcp.json` file to your project root:
|
|
24
|
+
|
|
25
|
+
```json
|
|
26
|
+
{
|
|
27
|
+
"mcpServers": {
|
|
28
|
+
"tide-pack": {
|
|
29
|
+
"command": "npx",
|
|
30
|
+
"args": ["-y", "@tideorg/mcp"]
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
Works with: Claude Code, Cursor, Windsurf, Cline, and any MCP-compatible tool.
|
|
37
|
+
|
|
38
|
+
### Claude Desktop
|
|
39
|
+
|
|
40
|
+
Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
|
|
41
|
+
|
|
42
|
+
```json
|
|
43
|
+
{
|
|
44
|
+
"mcpServers": {
|
|
45
|
+
"tide-pack": {
|
|
46
|
+
"command": "npx",
|
|
47
|
+
"args": ["-y", "@tideorg/mcp"]
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
### Cursor
|
|
54
|
+
|
|
55
|
+
Open Settings > MCP Servers > Add Server:
|
|
56
|
+
- Name: `tide-pack`
|
|
57
|
+
- Command: `npx`
|
|
58
|
+
- Args: `-y @tideorg/mcp`
|
|
59
|
+
|
|
60
|
+
Or add to `.cursor/mcp.json` in your project root.
|
|
61
|
+
|
|
62
|
+
### Windsurf
|
|
63
|
+
|
|
64
|
+
Add to `~/.codeium/windsurf/mcp_config.json`:
|
|
65
|
+
|
|
66
|
+
```json
|
|
67
|
+
{
|
|
68
|
+
"mcpServers": {
|
|
69
|
+
"tide": {
|
|
70
|
+
"url": "https://mcp.tide.org/mcp"
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
Or for local: `"command": "npx", "args": ["-y", "@tideorg/mcp"]`
|
|
77
|
+
|
|
78
|
+
### Zed
|
|
79
|
+
|
|
80
|
+
Add to your Zed settings (`~/.config/zed/settings.json`):
|
|
81
|
+
|
|
82
|
+
```json
|
|
83
|
+
{
|
|
84
|
+
"context_servers": {
|
|
85
|
+
"tide": {
|
|
86
|
+
"command": {
|
|
87
|
+
"path": "npx",
|
|
88
|
+
"args": ["-y", "@tideorg/mcp"]
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
Note: Zed uses `context_servers` (not `mcpServers`) and doesn't yet support remote URL-based MCP servers — use the npx command.
|
|
96
|
+
|
|
97
|
+
### OpenAI Codex CLI
|
|
98
|
+
|
|
99
|
+
Add to `~/.codex/config.json`:
|
|
100
|
+
|
|
101
|
+
```json
|
|
102
|
+
{
|
|
103
|
+
"mcpServers": {
|
|
104
|
+
"tide": {
|
|
105
|
+
"command": "npx",
|
|
106
|
+
"args": ["-y", "@tideorg/mcp"]
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
Note: Codex CLI currently supports stdio-based MCP servers only — use the npx command.
|
|
113
|
+
|
|
114
|
+
## What your AI can do with this
|
|
115
|
+
|
|
116
|
+
Once connected, your AI assistant can:
|
|
117
|
+
|
|
118
|
+
- **Add Tide auth** to a new or existing Next.js/React app
|
|
119
|
+
- **Protect API routes** with server-side JWT + DPoP verification
|
|
120
|
+
- **Set up role-based access** with Tide's IGA governance
|
|
121
|
+
- **Deploy Forseti smart contracts** for policy-governed encryption and signing
|
|
122
|
+
- **Bootstrap TideCloak** from Docker to fully configured realm
|
|
123
|
+
- **Diagnose issues** like broken login, missing roles, CORS errors
|
|
124
|
+
- **Follow security invariants** that prevent common auth mistakes
|
|
125
|
+
|
|
126
|
+
## Try it
|
|
127
|
+
|
|
128
|
+
After setup, try these prompts in your AI coding tool:
|
|
129
|
+
|
|
130
|
+
> Add Tide authentication to my Next.js app
|
|
131
|
+
|
|
132
|
+
> I have an existing app with auth — help me migrate to Tide
|
|
133
|
+
|
|
134
|
+
> Set up encrypted data sharing between users with Tide
|
|
135
|
+
|
|
136
|
+
> Help me create a Forseti contract for multi-admin approval
|
|
137
|
+
|
|
138
|
+
## What's inside
|
|
139
|
+
|
|
140
|
+
| Category | Count | Examples |
|
|
141
|
+
|----------|-------|---------|
|
|
142
|
+
| Canon doctrine | 12 files | Security invariants, anti-patterns, framework matrix, troubleshooting |
|
|
143
|
+
| Playbooks | 17 step-by-step guides | Add auth, protect APIs, verify JWTs, deploy TideCloak, set up E2EE |
|
|
144
|
+
| Skills | 9 composable roles | Setup, integration, security review, learning capture |
|
|
145
|
+
| Scenarios | 5 reference architectures | Password manager, signing service, encrypted chat, governance panel |
|
|
146
|
+
| Prompts | 4 starter prompts | Secure existing app, migrate auth, admin approval, customer portal |
|
|
147
|
+
|
|
148
|
+
## Remote Server (no install required)
|
|
149
|
+
|
|
150
|
+
We host the MCP server so you don't have to install anything. Just add the URL:
|
|
151
|
+
|
|
152
|
+
```json
|
|
153
|
+
{
|
|
154
|
+
"mcpServers": {
|
|
155
|
+
"tide": {
|
|
156
|
+
"url": "https://mcp.tide.org/mcp"
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
```
|
|
161
|
+
|
|
162
|
+
No Node.js required. No npx. Works with any MCP client that supports remote servers.
|
|
163
|
+
|
|
164
|
+
## Self-hosting
|
|
165
|
+
|
|
166
|
+
Want to run your own instance? Pull from Docker Hub:
|
|
167
|
+
|
|
168
|
+
```bash
|
|
169
|
+
docker run -p 3000:3000 tideorg/mcp
|
|
170
|
+
```
|
|
171
|
+
|
|
172
|
+
Or build from source:
|
|
173
|
+
|
|
174
|
+
```bash
|
|
175
|
+
docker build -t tideorg/mcp .
|
|
176
|
+
docker run -p 3000:3000 tideorg/mcp
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
Then point your MCP client at `http://localhost:3000/mcp`.
|
|
180
|
+
|
|
181
|
+
Optional: set `API_TOKEN` environment variable to require Bearer token auth:
|
|
182
|
+
|
|
183
|
+
```bash
|
|
184
|
+
docker run -p 3000:3000 -e API_TOKEN=your-secret tideorg/mcp
|
|
185
|
+
```
|
|
186
|
+
|
|
187
|
+
## Requirements
|
|
188
|
+
|
|
189
|
+
- **Remote server**: None (just an MCP client that supports remote URLs)
|
|
190
|
+
- **npm/npx install**: Node.js 18+
|
|
191
|
+
- **Self-hosted Docker**: Docker
|
|
192
|
+
|
|
193
|
+
No TideCloak instance needed to start — the agent will guide you through setup.
|
|
194
|
+
|
|
195
|
+
## Privacy
|
|
196
|
+
|
|
197
|
+
The MCP server is **read-only** and collects no data — no accounts, no telemetry, no storage, no third-party sharing. Tool arguments are used transiently in memory to select bundled guidance. See [PRIVACY.md](PRIVACY.md).
|
|
198
|
+
|
|
199
|
+
## Links
|
|
200
|
+
|
|
201
|
+
- [TideCloak](https://tidecloak.com) — The identity platform
|
|
202
|
+
- [npm package](https://www.npmjs.com/package/@tideorg/mcp) — `@tideorg/mcp`
|
|
203
|
+
- [Privacy policy](PRIVACY.md)
|
|
204
|
+
- [Tide Foundation](https://tide.org) — The organisation behind Tide
|
package/adapters/AGENTS.md
CHANGED
|
@@ -53,7 +53,7 @@ Do not do these. Each defeats a specific invariant or creates a real vulnerabili
|
|
|
53
53
|
- **Do not** create single-admin bypass paths around IGA. (AP-05)
|
|
54
54
|
- **Do not** skip DPoP verification on protected APIs. (AP-06)
|
|
55
55
|
- **Do not** store plain-text role cookies, ad hoc local auth logic, or fake auth helpers.
|
|
56
|
-
- **Do not**
|
|
56
|
+
- **Do not** disable DPoP. It is enabled/enforced by default. `IAMService` (the shipped singleton) supports DPoP via `useDPoP: { mode: 'strict', alg: 'ES256' }` in its config — there is no `enableDpop` flag and no separate `TideCloak` class requirement.
|
|
57
57
|
- **Do not** use named ESM imports from `@tidecloak/verify` — it is CJS. Use default import with defensive interop.
|
|
58
58
|
- **Do not** import `Models`, `PolicySignRequest`, `BaseTideRequest`, `ApprovalType`, or `ExecutionType` from `@tidecloak/nextjs`. That package is the Next.js integration layer only. Import `Models` from `@tideorg/js` and `PolicySignRequest` from `heimdall-tide`. Importing from `@tidecloak/nextjs` returns `undefined` at runtime.
|
|
59
59
|
- **Do not** call `createTideRequest()`, `requestTideOperatorApproval()`, or `executeSignRequest()` on `IAMService`. These methods live on the underlying TideCloak instance at `IAMService._tc`. Calling them on `IAMService` throws `is not a function`.
|
|
@@ -79,6 +79,7 @@ This agent operates as a virtual development team. The **Tech Lead** decides rou
|
|
|
79
79
|
| **IAM / Policy Engineer** | `tide-rbac-and-e2ee` | Roles, hasRealmRole vs hasClientRole, self vs shared encryption, policy signing, Forseti, IGA governance |
|
|
80
80
|
| **Solutions Architect** | `tide-solutions-architect` | Pattern exploration when no existing scenario/playbook covers the request |
|
|
81
81
|
| **Reviewer / QA Engineer** | `tide-reviewer` | Compliance checking, invariant validation, anti-pattern detection, scenario correctness |
|
|
82
|
+
| **Security Analyst** | `tide-security-analyst` | Read-only gap analysis of an **existing** (possibly non-Tide) system; maps weaknesses to Tide capabilities. Entry point for "audit my app" / migration scoping. Runs before and independently of the build flow — reports, does not build. |
|
|
82
83
|
| **Learnings / Pack Curator** | `tide-diagnostics` | Troubleshooting, finding extraction, learnings, regression proposals |
|
|
83
84
|
|
|
84
85
|
### How the Tech Lead works
|
|
@@ -238,4 +239,4 @@ These are implementation pitfalls not covered by invariants or anti-patterns. Fo
|
|
|
238
239
|
- **Token refresh delay**: After IGA commit, roles appear in JWT/doken after next token refresh (up to 120s).
|
|
239
240
|
- **`tide-realm-admin`**: Client role on `realm-management`, not a realm role.
|
|
240
241
|
- **Post-auth redirect handler**: Must exist at configured `redirectUri` path. Missing handler = login appears to fail (404 after auth). See `canon/redirect-handler.md`.
|
|
241
|
-
- **Version policy**: All `@tidecloak/*` packages pin to `0.13.
|
|
242
|
+
- **Version policy**: All `@tidecloak/*` packages pin to `0.13.33`. No 0.99.x. See `canon/version-policy.md`.
|