@tideorg/mcp 1.4.2 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/CHANGELOG.md +81 -0
  2. package/GAP_REGISTER.md +18 -8
  3. package/PRIVACY.md +41 -0
  4. package/README.md +204 -197
  5. package/adapters/AGENTS.md +3 -2
  6. package/adapters/CLAUDE.md +1 -1
  7. package/canon/anti-patterns.md +55 -62
  8. package/canon/concepts.md +46 -34
  9. package/canon/custom-contracts.md +12 -8
  10. package/canon/feature-mapping.md +27 -75
  11. package/canon/framework-matrix.md +69 -22
  12. package/canon/hosting-options.md +111 -0
  13. package/canon/iga-change-requests-api.md +211 -0
  14. package/canon/invariants.md +33 -35
  15. package/canon/security-gap-mapping.md +506 -0
  16. package/canon/security-runtime-probes.md +177 -0
  17. package/canon/tidecloak-bootstrap.md +21 -16
  18. package/canon/tidecloak-endpoints.md +60 -98
  19. package/canon/troubleshooting.md +115 -53
  20. package/canon/version-policy.md +8 -12
  21. package/mcp-server/dist/server.js +221 -19
  22. package/package.json +48 -45
  23. package/playbooks/add-auth-nextjs-existing.md +33 -17
  24. package/playbooks/add-auth-nextjs-fresh.md +1 -1
  25. package/playbooks/add-rbac-nextjs.md +7 -2
  26. package/playbooks/bootstrap-realm-from-template.md +33 -18
  27. package/playbooks/deploy-tidecloak-docker.md +31 -28
  28. package/playbooks/diagnose-missing-roles-or-claims.md +2 -2
  29. package/playbooks/initialize-admin-and-link-account.md +22 -19
  30. package/playbooks/protect-api-nextjs.md +40 -1
  31. package/playbooks/protect-aspnet-core-asgard.md +313 -0
  32. package/playbooks/protect-routes-nextjs.md +24 -10
  33. package/playbooks/provision-tidecloak-skycloak.md +213 -0
  34. package/playbooks/setup-forseti-e2ee.md +32 -50
  35. package/playbooks/setup-iga-admin-panel.md +113 -171
  36. package/playbooks/verify-jwt-server-side.md +20 -1
  37. package/prompts/build-private-customer-portal.md +1 -1
  38. package/prompts/security-gap-analysis.md +55 -0
  39. package/reference-apps/encrypted-communication/anti-patterns.md +3 -3
  40. package/reference-apps/encrypted-communication/bootstrap-sequence.md +2 -2
  41. package/reference-apps/encrypted-communication/scenario.md +2 -2
  42. package/reference-apps/git-pr-signing-service/bootstrap-sequence.md +8 -8
  43. package/reference-apps/iga-admin-governance/anti-patterns.md +18 -16
  44. package/reference-apps/iga-admin-governance/bootstrap-sequence.md +10 -5
  45. package/reference-apps/iga-admin-governance/role-policy-matrix.md +12 -13
  46. package/reference-apps/iga-admin-governance/scenario.md +15 -13
  47. package/reference-apps/organisation-password-manager/bootstrap-sequence.md +5 -6
  48. package/reference-apps/policy-governed-signing/bootstrap-sequence.md +9 -9
  49. package/skills/tide-diagnostics/SKILL.md +1 -1
  50. package/skills/tide-integration/SKILL.md +9 -18
  51. package/skills/tide-mcp-qa/SKILL.md +139 -0
  52. package/skills/tide-rbac-and-e2ee/SKILL.md +5 -5
  53. package/skills/tide-reviewer/SKILL.md +1 -1
  54. package/skills/tide-security-analyst/SKILL.md +182 -0
  55. package/skills/tide-setup/SKILL.md +1 -1
  56. package/canon/delegation.md +0 -195
  57. package/playbooks/setup-server-delegation.md +0 -142
package/CHANGELOG.md ADDED
@@ -0,0 +1,81 @@
1
+ # Changelog
2
+
3
+ All notable changes to `@tideorg/mcp` (the Tide Agent Pack) are documented here.
4
+
5
+ ## 1.9.0 — 2026-07-15
6
+
7
+ The largest release since the pack's initial cut. It broadens the MCP from an
8
+ *integration helper* into a *security and hosting advisor*, migrates the IGA API
9
+ to the current surface, and adds a real pre-release quality gate. Also makes the
10
+ pack ready to list in the Claude directory.
11
+
12
+ ### Highlights
13
+
14
+ - **Security gap analysis** — audit an existing (even non-Tide) system and map
15
+ its weaknesses to Tide capabilities.
16
+ - **Partner-hosted TideCloak via Skycloak** — a managed-hosting path alongside
17
+ self-hosting.
18
+ - **IGA API migration** to `/iga/change-requests/...` (replaces the legacy
19
+ `/tide-admin/change-set/...`).
20
+ - **Pre-release QA gate** (`npm test`) + GitHub Actions CI.
21
+ - **Read-only tool annotations** and a privacy policy — Claude-directory ready.
22
+
23
+ ### New capabilities
24
+
25
+ - **`tide_security_analysis` tool** + `tide-security-analysis` prompt. Backed by
26
+ `canon/security-gap-mapping.md` (SG-01 … SG-18: a trust-concentration → Tide
27
+ capability → remediation → honesty-note table, plus a mandatory "what Tide does
28
+ NOT fix" section), `canon/security-runtime-probes.md` (opt-in, authorization-
29
+ gated live probing), and the `tide-security-analyst` skill.
30
+ - **`tide_hosting` tool** + `canon/hosting-options.md` and the
31
+ `provision-tidecloak-skycloak` playbook: self-host vs partner-hosted decision,
32
+ the trust model (partner-hosting is an availability/metadata trust, not an
33
+ integrity trust — the host can't forge tokens or decrypt data), and the
34
+ Skycloak provisioning API reference.
35
+ - **`tide-mcp-qa` skill + prompt** — the QA Engineer role that runs the gate,
36
+ audits for overclaiming, and issues a SHIP / BLOCK verdict.
37
+
38
+ The MCP now exposes **16 tools** and **5 prompts** (was 14 / 3).
39
+
40
+ ### Changed
41
+
42
+ - **IGA change-request API** migrated to `/iga/change-requests/{id}/authorize|commit`
43
+ (per-id, `bulk-authorize` for batches), replacing the legacy
44
+ `/tide-admin/change-set/*/batch`. New authoritative reference
45
+ `canon/iga-change-requests-api.md`; reconciled across canon, playbooks,
46
+ bootstrap scripts, and reference-apps. Captures the **Tide vs Tideless** mode
47
+ split — IGA is cryptographic only in Tide (licensed) mode.
48
+ - **All tools now carry `readOnlyHint` annotations** (they are read-only).
49
+
50
+ ### Fixed / internal
51
+
52
+ - **Deterministic QA gate** (`mcp-server/test/`, `npm test`): protocol smoke
53
+ tests (tools/prompts present, annotated, return sane content) + content
54
+ consistency (no stray legacy endpoints, referenced playbooks exist, SG-01…18
55
+ present, GAP counts sum, manifests valid, versions in sync). **113/113.**
56
+ - **GitHub Actions** `qa-gate.yml` runs the gate on every PR and on pushes to
57
+ `main`.
58
+ - **Claude directory readiness**: `PRIVACY.md` (no data collected), corrected +
59
+ validated plugin manifests (`claude plugin validate` passes), version
60
+ reconciliation so `server.ts`, both `package.json`s, and `plugin.json` all read
61
+ **1.9.0**.
62
+ - `npm run test:remote` verifies a live/hosted endpoint (tool count, annotation
63
+ coverage, version).
64
+
65
+ ### Known follow-ups (require a live stack)
66
+
67
+ - **IGA bootstrap loop** (`bulk-authorize → commit`) is verified against the spec
68
+ but `REQUIRES_RUNTIME_VALIDATION` on a live iga-core instance. (GAP-065)
69
+ - **Skycloak-hosted Tide vendor surface** unconfirmed — provisioning is verified,
70
+ but whether a hosted cluster exposes `setUpTideRealm`/IGA/adapter-with-Tide-
71
+ extensions must be checked on a live cluster (`scripts/skycloak-smoke.sh`).
72
+ (GAP-066)
73
+ - Provisioning a **TideCloak** cluster via the Skycloak API needs the identity-
74
+ platform selector field confirmed with Skycloak; the documented API path
75
+ defaults to vanilla Keycloak.
76
+
77
+ ### Upgrade notes
78
+
79
+ - If you script the TideCloak bootstrap, switch IGA approvals to the new
80
+ `/iga/change-requests/...` surface — see `canon/iga-change-requests-api.md`.
81
+ - No changes required to app-side SDK wiring.
package/GAP_REGISTER.md CHANGED
@@ -10,6 +10,7 @@ Controlled status set:
10
10
  - `RESOLVED_BY_MULTI_EXEMPLAR` — answered by consistent evidence across two or more exemplars
11
11
  - `PARTIALLY_RESOLVED_BY_KEYLESSH` — exemplar provides partial evidence; gaps remain
12
12
  - `PARTIALLY_RESOLVED_BY_MULTI_EXEMPLAR` — multiple exemplars provide partial evidence; gaps remain
13
+ - `PARTIALLY_RESOLVED_BY_VENDOR` — vendor confirmed the direction/decision; some detail (e.g., exact payloads) still needed before full drafting
13
14
  - `STILL_UNRESOLVED` — no evidence from any source
14
15
  - `DOCS_ONLY_CONTRADICTION` — docs say one thing, implementation says another
15
16
  - `REQUIRES_RUNTIME_VALIDATION` — exemplar suggests an answer but single-app evidence is insufficient to generalize
@@ -20,7 +21,7 @@ Controlled status set:
20
21
 
21
22
  | Gap ID | Description | Status | Evidence Source | Next Action |
22
23
  |--------|------------|--------|-----------------|-------------|
23
- | GAP-001 | Authentication API omits all Tide-specific flows | RESOLVED_BY_VENDOR | `init-tidecloak.sh` reveals undocumented admin endpoints. `server/auth.ts` shows DPoP verification. `canon/tidecloak-endpoints.md` now documents 94 endpoints across 8 resource classes. `canon/delegation.md` documents token exchange flow. | Resolved. All Tide-specific auth endpoints documented in `canon/tidecloak-endpoints.md`. Source API docs remain incomplete but pack has full operational coverage. |
24
+ | GAP-001 | Authentication API omits all Tide-specific flows | RESOLVED_BY_VENDOR | `init-tidecloak.sh` reveals undocumented admin endpoints. `server/auth.ts` shows DPoP verification. `canon/tidecloak-endpoints.md` now documents 94 endpoints across 8 resource classes (including the token-exchange endpoint). | Resolved. All Tide-specific auth endpoints documented in `canon/tidecloak-endpoints.md`. Source API docs remain incomplete but pack has full operational coverage. |
24
25
  | GAP-002 | Management API omits IGA endpoints | RESOLVED_BY_NORMATIVE_DOC | CHANGE_REQUEST_API.md provides complete REST API with request/response schemas for all change-set operations, policy management, TS client. | Resolved. Canon updated. |
25
26
  | GAP-003 | Quorum threshold formula inconsistency | PARTIALLY_RESOLVED_BY_KEYLESSH | `start.sh`: threshold is deployment-configurable. Three distinct concepts: admin quorum (70%), Fabric operational threshold (T/N), SSH policy threshold (per-role). | Document the three-layer distinction. CHANGE_REQUEST_API.md confirms SSH policy `threshold` is distinct from IGA admin quorum. |
26
27
  | GAP-004 | Error handling undocumented across all SDKs | RESOLVED_BY_VENDOR | No formal error code taxonomy. One custom class: `NetworkError` (extends `Error`, includes `.response`). All other errors are plain `Error` with string messages. Retryable: `NetworkError`, `enclave.networkFailure`, `enclave.throttled`, `enclave.thresholdTimeoutFailure`, `authRefreshError` (once). Fatal: init errors, input validation, missing roles (`"User has not been given any access to '${tag}'"`), policy violations (`BadPolicy.*`, `OutOfGasException`, `PolicyDecision.Deny()`), mode restrictions. Token/auth errors require re-login. Event listeners (`authError`, `authRefreshError`, `initError`) are the primary async error channel. No built-in retry logic in SDK. | Resolved. Canon updated with error catalog. Adapters pending. |
@@ -77,13 +78,15 @@ Controlled status set:
77
78
  | GAP-055 | `oauth2-dpop` npm package for DPoP verification | PARTIALLY_RESOLVED_BY_MULTI_EXEMPLAR | test-cases `dpop-protected/route.ts` uses `oauth2-dpop` package for server-side DPoP proof verification. Simpler than manual verification. | Document as alternative to manual DPoP verification in canon. |
78
79
  | GAP-056 | `deleteStatus` semantics for ACTIVE change-set records | STILL_UNRESOLVED | CHANGE_REQUEST_API.md: ACTIVE records have a `deleteStatus` field tracking pending deletion. Does deletion require the same quorum? | Needs vendor clarification. |
79
80
  | GAP-057 | Licensing change requests use different path prefix | STILL_UNRESOLVED | CHANGE_REQUEST_API.md: `GET /tideAdminResources/change-set/licensing/requests` vs `GET /tide-admin/change-set/users/requests`. Path inconsistency suggests separate implementations. | Needs clarification on whether licensing requests follow the same sign/commit flow. |
80
- | GAP-058 | Server-side delegation flow undocumented in pack | RESOLVED_BY_VENDOR | `@tidecloak/server` TideDelegation class, `createTideFetch`, 419 interrupt pattern, `requireDelegation()`/`handleDelegation()` middleware. Token exchange via `/protocol/openid-connect/token` with grant_type=token-exchange. Two-hop chain of trust validated by TideChainOfTrustAuthenticator (Java) and DelegationTokenSignRequest (C#). | Resolved. Canon `delegation.md` and playbook `setup-server-delegation.md` created. |
81
+ | GAP-058 | Server-side delegation flow undocumented in pack | UNSHIPPED_REMOVED | Server-side delegation is an asgard feature (the `asgard-tide` Node SDK, as used by keylessh) + two-hop chain of trust (TideMtlsAuthenticator Java, DelegationTokenSignRequest C#); exists only on unmerged asgard/keylessh feature branches and ork `asgard-implementation`; nothing on `origin/main`. | Removed from pack 2026-07-07 — was documenting unshipped behavior. Re-document only after asgard-tide delegation merges to main. |
81
82
  | GAP-059 | TideCloak extension endpoints not comprehensively documented | RESOLVED_BY_VENDOR | 94 endpoints across 8 resource classes (VendorResource, VoucherResource, PublicResource, TideIdpResource, TideIdpAdminRealmResource, IGARealmResource, TideAdminRealmResource, PolicyResourceProvider). | Resolved. Canon `tidecloak-endpoints.md` created with full endpoint reference. |
82
- | GAP-060 | `@tidecloak/server` package not documented in pack | RESOLVED_BY_VENDOR | Server-side SDK for delegation exchange. Exports TideDelegation class with packRequest, exchange, generateDpopProof, requireDelegation, handleDelegation. | Resolved. Canon and playbook updated. |
83
- | GAP-061 | Scoped delegation (requested_roles) undocumented | RESOLVED_BY_VENDOR | `requireDelegation({ roles: { realm: [...], clients: { ... } } })` filters delegation token roles. Specified via actor_token payload. Exchange provider intersects with user's actual roles. Unlisted = excluded when roles specified. | Resolved. Canon `delegation.md` documents scoped delegation. |
83
+ | GAP-060 | Server-side delegation SDK not documented in pack | UNSHIPPED_REMOVED | The delegation SDK is an asgard (`asgard-tide`) Node package, unmerged/experimental and unpublished; lives only on asgard/keylessh feature branches, not `main`. (There is no `@tidecloak/*` server package — that was a mis-attribution.) | Removed from pack 2026-07-07 — unshipped. |
84
+ | GAP-061 | Scoped delegation (requested_roles) undocumented | UNSHIPPED_REMOVED | Scoped-delegation role filtering is part of the unshipped asgard (`asgard-tide`) delegation surface (feature-branch only). | Removed from pack 2026-07-07 unshipped. |
84
85
  | GAP-062 | Custom Forseti contract creation guide missing from pack | RESOLVED_BY_VENDOR | Ork.Forseti.Sdk README, IAccessPolicy interface, DecisionBuilder, DokenDto, PolicyParam, ForsetiSdk runtime, sandbox restrictions, deployment, policy signing. | Resolved. Canon `custom-contracts.md` created. |
85
86
  | GAP-063 | No Go/REST SDK for ORK threshold signing operations | STILL_UNRESOLVED | LEARNINGS-cosign-batch-001 L-01: ORK signing (`createTideRequest` → `executeSignRequest`) only available via JS SDK. No Go, Python, or REST API for direct ORK interaction. Resolved for web apps (JS SDK); blocks CLI tools and non-JS server-side signing. | Needs vendor clarification on ORK REST API or multi-language SDK plans. |
86
87
  | GAP-064 | No CLI/terminal authentication flow (PRISM requires browser SWE iframe) | STILL_UNRESOLVED | LEARNINGS-cosign-batch-001 L-02: all TideCloak auth flows require browser context for PRISM zero-knowledge proof via SWE iframe. No device auth grant, service account, or headless flow exists. Browser-bridge (localhost page) is a workaround, not a native flow. | Needs vendor clarification on device auth grant or service account model. |
88
+ | GAP-065 | IGA/QEA change-request API surface migrated: `/iga/change-requests/...` replaces `/tide-admin/change-set/...` | RESOLVED_BY_VENDOR | **CONFIRMED by Tide (2026-07-07)** and spec obtained (`tide-foundation/tidecloak-iga-extensions/docs/qea-iga-api.md`). iga-core's `/iga/change-requests/...` surface replaces the legacy `/tide-admin/change-set/...`. Surface: write captured as HTTP 202 + change-request `id`; per-id `POST .../{id}/authorize` (body `{}`; 409=four-eyes) → `POST .../{id}/commit` (412=under threshold/unmet dependency); `POST .../{id}/deny` (204); batch `POST /iga/change-requests/bulk-authorize` (`{actionTypeIn,limit}`, 429 mutex); `GET /iga/change-requests?status=PENDING` (objects keyed by `id`, with `entityType`/`readyToCommit`/`threshold`/`dependsOn`); Tide-mode enclave two-phase `GET`/`POST .../{id}/approval-model`; comments + `POST /iga/adopt`. Toggle unchanged (`POST /tide-admin/toggle-iga`). Two-mode split — Tide (`iga.attestor=tide`, cryptographic VRK→Midgard→ORK) vs Tideless (`iga.attestor=simple`/unset, username attestation, NO crypto). | **Resolved.** New authoritative reference `canon/iga-change-requests-api.md` created (full spec + old→new map + bootstrap authorize→commit loop). Reconciled across: `canon/feature-mapping.md`, `canon/invariants.md` (I-10), `canon/tidecloak-endpoints.md`, `canon/concepts.md`, `canon/troubleshooting.md`, `canon/tidecloak-bootstrap.md`, `canon/anti-patterns.md`, `canon/security-gap-mapping.md`; playbooks (`deploy-tidecloak-docker`, `bootstrap-realm-from-template`, `initialize-admin-and-link-account`, `setup-iga-admin-panel`, `setup-forseti-e2ee`); bootstrap scripts (`templates/*/scripts/init-tidecloak.sh`, `templates/shared/bootstrap-tidecloak.sh`); reference-apps bootstrap-sequences + `iga-admin-governance`. **Bootstrap loop is REQUIRES_RUNTIME_VALIDATION** — verify end-to-end on a live iga-core instance. Historical `notes/` and `sources/` retain the legacy surface intentionally (audit record). |
89
+ | GAP-066 | Tide vendor surface on Skycloak-hosted TideCloak clusters unconfirmed | STILL_UNRESOLVED | `canon/hosting-options.md` + `playbooks/provision-tidecloak-skycloak.md`: Skycloak (`api.skycloak.io`, partner) offers TideCloak as a cluster identity platform, but the public docs (`skycloak.io/docs/api/`, API-Version 2026-06-01.beta) do not confirm that a hosted TideCloak cluster exposes the Tide vendor endpoints the pack's bootstrap depends on (`vendorResources/setUpTideRealm`, `tide-admin/toggle-iga`, the change-request governance API, adapter export enriched with `jwk`/`vendorId`/`homeOrkUrl`), nor how Tide licensing (Stripe free-tier flow) is handled in the hosted context. Cluster provisioning IS verified via the Skycloak API; the Tide-realm bootstrap on top is ASSUMED and must be verified on a live instance. | Verify against a live Skycloak-hosted TideCloak cluster: probe `setUpTideRealm`, confirm exported adapter has Tide extensions. If absent, Skycloak hosts the broker but Tide-realm provisioning/licensing needs the partner's Tide-specific path — raise with the Tide/Skycloak teams. |
87
90
 
88
91
  ---
89
92
 
@@ -92,22 +95,29 @@ Controlled status set:
92
95
  | Status | Count |
93
96
  |--------|-------|
94
97
  | RESOLVED_BY_KEYLESSH | 1 |
95
- | RESOLVED_BY_VENDOR | 33 |
98
+ | RESOLVED_BY_VENDOR | 34 |
96
99
  | RESOLVED_BY_NORMATIVE_DOC | 3 |
97
100
  | RESOLVED_BY_MULTI_EXEMPLAR | 2 |
98
101
  | PARTIALLY_RESOLVED_BY_KEYLESSH | 4 |
99
102
  | PARTIALLY_RESOLVED_BY_MULTI_EXEMPLAR | 4 |
103
+ | PARTIALLY_RESOLVED_BY_VENDOR | 0 |
100
104
  | RESOLVED_FOR_EVALS | 1 |
101
105
  | RESOLVED_BY_WHITEPAPER | 1 |
102
- | STILL_UNRESOLVED | 14 |
106
+ | STILL_UNRESOLVED | 15 |
103
107
  | DOCS_ONLY_CONTRADICTION | 0 |
104
108
  | RESOLVED_FOR_TEMPLATES | 1 |
105
109
  | REQUIRES_RUNTIME_VALIDATION | 0 |
106
- | **Total** | **64** |
110
+ | **Total** | **66** |
111
+
112
+ Security-analysis sync (2026-07-06): GAP-065 added for the IGA/QEA API-surface + Tide/Tideless mode-split divergence between pack canon and current staging. Canon `security-gap-mapping.md` + `security-runtime-probes.md` and skill `tide-security-analyst` added.
113
+
114
+ Hosting-integration sync (2026-07-07): GAP-066 added for the unconfirmed Tide vendor surface on Skycloak-hosted TideCloak clusters. Canon `hosting-options.md` and playbook `provision-tidecloak-skycloak.md` added.
115
+
116
+ IGA API-migration sync (2026-07-07): GAP-065 reclassified STILL_UNRESOLVED → PARTIALLY_RESOLVED_BY_VENDOR → **RESOLVED_BY_VENDOR** once the iga-core spec (`qea-iga-api.md`) was obtained. New authoritative reference `canon/iga-change-requests-api.md`; the `/iga/change-requests/...` surface reconciled across canon, playbooks, bootstrap scripts, and reference-apps. Bootstrap approve→commit loop is REQUIRES_RUNTIME_VALIDATION. `PARTIALLY_RESOLVED_BY_VENDOR` status added to the controlled set (currently 0). Historical `notes/`/`sources/` intentionally retain the legacy surface.
107
117
 
108
118
  Full sync pass (2026-04-13): GAP-001 upgraded from PARTIALLY_RESOLVED_BY_KEYLESSH to RESOLVED_BY_VENDOR (all auth endpoints now documented in `canon/tidecloak-endpoints.md`). GAP-029 upgraded from PARTIALLY_RESOLVED_BY_MULTI_EXEMPLAR to RESOLVED_BY_VENDOR (`get-required-action-link` schema now documented). RESOLVED_BY_VENDOR count corrected to 32. No new gaps.
109
119
 
110
- Integration-focus sync (2026-04-13): 4 new gaps added (GAP-058 through GAP-061) for server-side delegation, endpoint documentation, @tidecloak/server SDK, and scoped delegation. Canon updated with `delegation.md` and `tidecloak-endpoints.md`. Playbook `setup-server-delegation.md` added. See `notes/test-findings/tidecloak-integration-focus.md`.
120
+ Integration-focus sync (2026-04-13): 4 new gaps added (GAP-058 through GAP-061) for server-side delegation, endpoint documentation, the asgard-tide delegation SDK, and scoped delegation. Canon updated with `tidecloak-endpoints.md`. (The server-side delegation canon + playbook added in this pass were removed 2026-07-07 as unshipped; GAP-058/060/061 reopened as UNSHIPPED_REMOVED.) See `notes/test-findings/tidecloak-integration-focus.md`.
111
121
 
112
122
  Batch-01 adjudication (2026-03-25): 14 gaps resolved by vendor answers.
113
123
  Batch-02 adjudication (2026-03-25): 5 gaps resolved by vendor answers. GAP-029 strengthened. 5 assumptions resolved (A-21, A-22, A-25, A-26, A-28).
package/PRIVACY.md ADDED
@@ -0,0 +1,41 @@
1
+ # Privacy Policy — Tide Agent Pack MCP Server (`@tideorg/mcp`)
2
+
3
+ _Last updated: 2026-07-14_
4
+
5
+ The Tide Agent Pack MCP server exposes read-only operational guidance (canon, playbooks, skills, prompts, scenarios) to AI coding agents. This policy explains what the server does and does not do with data.
6
+
7
+ ## Summary
8
+
9
+ **The server collects no personal data, requires no account, stores nothing, and shares nothing with third parties.** Every tool is read-only: it reads guidance files bundled with the server and returns text. It performs no writes, no external network calls, and no tracking.
10
+
11
+ ## What the server processes
12
+
13
+ - **Tool arguments.** Some tools accept short text arguments — a file name (e.g. `tide_canon name="invariants"`) or a free-text situation (e.g. `tide_choose_scenario situation="..."`). These arguments are used **transiently, in memory**, to select which bundled guidance to return. They are not stored, logged as content, analyzed, profiled, sold, or used to train any model.
14
+ - **Bundled content only.** The server's responses come entirely from static files shipped with the package (`canon/`, `playbooks/`, `skills/`, `prompts/`, `reference-apps/`, `GAP_REGISTER.md`). It does not read your source code, files, or environment, and it does not fetch anything from the internet at request time.
15
+
16
+ ## What the server does NOT do
17
+
18
+ - No user accounts, authentication of end users, or identity collection.
19
+ - No collection of personal data or PII.
20
+ - No persistence of tool arguments or responses.
21
+ - No analytics, telemetry, tracking, or advertising.
22
+ - No sharing or sale of data to third parties.
23
+ - No use of any input for model training.
24
+
25
+ ## Deployment modes
26
+
27
+ - **Local (stdio).** When run locally by a coding agent (the default), the server runs entirely on your machine. No data leaves your device through this server.
28
+ - **Hosted (HTTP).** When run as a hosted HTTPS endpoint, tool arguments are sent to the server over TLS and processed in memory to select guidance. The application persists no request bodies. Standard infrastructure/operational logs at the hosting layer may record request metadata (e.g. timestamps, IP address, response codes) for reliability and abuse prevention; these contain no bundled-content responses and are subject to the hosting provider's retention. The server itself writes no such logs.
29
+
30
+ ## Data retention
31
+
32
+ The application retains **no** user data. There is nothing to export or delete because nothing is stored.
33
+
34
+ ## Changes
35
+
36
+ Material changes to this policy will be published in this file with an updated date.
37
+
38
+ ## Contact
39
+
40
+ Tide Foundation — <info@tide.org>
41
+ Source and issues: <https://github.com/tide-foundation/tide-agent-pack>
package/README.md CHANGED
@@ -1,197 +1,204 @@
1
- # Tide Agent Pack
2
-
3
- AI coding agents that know how to implement [TideCloak](https://tidecloak.com) correctly.
4
-
5
- This MCP server gives your AI assistant deep knowledge of Tide authentication, threshold cryptography, Forseti smart contracts, and server-side security patterns. Instead of guessing, your AI follows verified playbooks.
6
-
7
- ## Quick Start
8
-
9
- ### Claude Code (CLI or VS Code extension)
10
-
11
- Run this one command:
12
-
13
- ```bash
14
- claude mcp add tide-pack -- npx -y @tideorg/mcp
15
- ```
16
-
17
- Done. Start a conversation and ask your agent to add Tide auth to your app.
18
-
19
- ### Project-level config (any MCP client)
20
-
21
- Add a `.mcp.json` file to your project root:
22
-
23
- ```json
24
- {
25
- "mcpServers": {
26
- "tide-pack": {
27
- "command": "npx",
28
- "args": ["-y", "@tideorg/mcp"]
29
- }
30
- }
31
- }
32
- ```
33
-
34
- Works with: Claude Code, Cursor, Windsurf, Cline, and any MCP-compatible tool.
35
-
36
- ### Claude Desktop
37
-
38
- Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
39
-
40
- ```json
41
- {
42
- "mcpServers": {
43
- "tide-pack": {
44
- "command": "npx",
45
- "args": ["-y", "@tideorg/mcp"]
46
- }
47
- }
48
- }
49
- ```
50
-
51
- ### Cursor
52
-
53
- Open Settings > MCP Servers > Add Server:
54
- - Name: `tide-pack`
55
- - Command: `npx`
56
- - Args: `-y @tideorg/mcp`
57
-
58
- Or add to `.cursor/mcp.json` in your project root.
59
-
60
- ### Windsurf
61
-
62
- Add to `~/.codeium/windsurf/mcp_config.json`:
63
-
64
- ```json
65
- {
66
- "mcpServers": {
67
- "tide": {
68
- "url": "https://mcp.tide.org/mcp"
69
- }
70
- }
71
- }
72
- ```
73
-
74
- Or for local: `"command": "npx", "args": ["-y", "@tideorg/mcp"]`
75
-
76
- ### Zed
77
-
78
- Add to your Zed settings (`~/.config/zed/settings.json`):
79
-
80
- ```json
81
- {
82
- "context_servers": {
83
- "tide": {
84
- "command": {
85
- "path": "npx",
86
- "args": ["-y", "@tideorg/mcp"]
87
- }
88
- }
89
- }
90
- }
91
- ```
92
-
93
- Note: Zed uses `context_servers` (not `mcpServers`) and doesn't yet support remote URL-based MCP servers — use the npx command.
94
-
95
- ### OpenAI Codex CLI
96
-
97
- Add to `~/.codex/config.json`:
98
-
99
- ```json
100
- {
101
- "mcpServers": {
102
- "tide": {
103
- "command": "npx",
104
- "args": ["-y", "@tideorg/mcp"]
105
- }
106
- }
107
- }
108
- ```
109
-
110
- Note: Codex CLI currently supports stdio-based MCP servers only — use the npx command.
111
-
112
- ## What your AI can do with this
113
-
114
- Once connected, your AI assistant can:
115
-
116
- - **Add Tide auth** to a new or existing Next.js/React app
117
- - **Protect API routes** with server-side JWT + DPoP verification
118
- - **Set up role-based access** with Tide's IGA governance
119
- - **Deploy Forseti smart contracts** for policy-governed encryption and signing
120
- - **Bootstrap TideCloak** from Docker to fully configured realm
121
- - **Diagnose issues** like broken login, missing roles, CORS errors
122
- - **Follow security invariants** that prevent common auth mistakes
123
-
124
- ## Try it
125
-
126
- After setup, try these prompts in your AI coding tool:
127
-
128
- > Add Tide authentication to my Next.js app
129
-
130
- > I have an existing app with auth — help me migrate to Tide
131
-
132
- > Set up encrypted data sharing between users with Tide
133
-
134
- > Help me create a Forseti contract for multi-admin approval
135
-
136
- ## What's inside
137
-
138
- | Category | Count | Examples |
139
- |----------|-------|---------|
140
- | Canon doctrine | 12 files | Security invariants, anti-patterns, framework matrix, troubleshooting |
141
- | Playbooks | 17 step-by-step guides | Add auth, protect APIs, verify JWTs, deploy TideCloak, set up E2EE |
142
- | Skills | 9 composable roles | Setup, integration, security review, learning capture |
143
- | Scenarios | 5 reference architectures | Password manager, signing service, encrypted chat, governance panel |
144
- | Prompts | 4 starter prompts | Secure existing app, migrate auth, admin approval, customer portal |
145
-
146
- ## Remote Server (no install required)
147
-
148
- We host the MCP server so you don't have to install anything. Just add the URL:
149
-
150
- ```json
151
- {
152
- "mcpServers": {
153
- "tide": {
154
- "url": "https://mcp.tide.org/mcp"
155
- }
156
- }
157
- }
158
- ```
159
-
160
- No Node.js required. No npx. Works with any MCP client that supports remote servers.
161
-
162
- ## Self-hosting
163
-
164
- Want to run your own instance? Pull from Docker Hub:
165
-
166
- ```bash
167
- docker run -p 3000:3000 tideorg/mcp
168
- ```
169
-
170
- Or build from source:
171
-
172
- ```bash
173
- docker build -t tideorg/mcp .
174
- docker run -p 3000:3000 tideorg/mcp
175
- ```
176
-
177
- Then point your MCP client at `http://localhost:3000/mcp`.
178
-
179
- Optional: set `API_TOKEN` environment variable to require Bearer token auth:
180
-
181
- ```bash
182
- docker run -p 3000:3000 -e API_TOKEN=your-secret tideorg/mcp
183
- ```
184
-
185
- ## Requirements
186
-
187
- - **Remote server**: None (just an MCP client that supports remote URLs)
188
- - **npm/npx install**: Node.js 18+
189
- - **Self-hosted Docker**: Docker
190
-
191
- No TideCloak instance needed to start — the agent will guide you through setup.
192
-
193
- ## Links
194
-
195
- - [TideCloak](https://tidecloak.com) — The identity platform
196
- - [npm package](https://www.npmjs.com/package/@tideorg/mcp) — `@tideorg/mcp`
197
- - [Tide Foundation](https://tide.org)The organisation behind Tide
1
+ # Tide Agent Pack
2
+
3
+ [![MCP QA Gate](https://github.com/tide-foundation/tide-agent-pack/actions/workflows/qa-gate.yml/badge.svg)](https://github.com/tide-foundation/tide-agent-pack/actions/workflows/qa-gate.yml)
4
+
5
+ AI coding agents that know how to implement [TideCloak](https://tidecloak.com) correctly.
6
+
7
+ This MCP server gives your AI assistant deep knowledge of Tide authentication, threshold cryptography, Forseti smart contracts, and server-side security patterns. Instead of guessing, your AI follows verified playbooks.
8
+
9
+ ## Quick Start
10
+
11
+ ### Claude Code (CLI or VS Code extension)
12
+
13
+ Run this one command:
14
+
15
+ ```bash
16
+ claude mcp add tide-pack -- npx -y @tideorg/mcp
17
+ ```
18
+
19
+ Done. Start a conversation and ask your agent to add Tide auth to your app.
20
+
21
+ ### Project-level config (any MCP client)
22
+
23
+ Add a `.mcp.json` file to your project root:
24
+
25
+ ```json
26
+ {
27
+ "mcpServers": {
28
+ "tide-pack": {
29
+ "command": "npx",
30
+ "args": ["-y", "@tideorg/mcp"]
31
+ }
32
+ }
33
+ }
34
+ ```
35
+
36
+ Works with: Claude Code, Cursor, Windsurf, Cline, and any MCP-compatible tool.
37
+
38
+ ### Claude Desktop
39
+
40
+ Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
41
+
42
+ ```json
43
+ {
44
+ "mcpServers": {
45
+ "tide-pack": {
46
+ "command": "npx",
47
+ "args": ["-y", "@tideorg/mcp"]
48
+ }
49
+ }
50
+ }
51
+ ```
52
+
53
+ ### Cursor
54
+
55
+ Open Settings > MCP Servers > Add Server:
56
+ - Name: `tide-pack`
57
+ - Command: `npx`
58
+ - Args: `-y @tideorg/mcp`
59
+
60
+ Or add to `.cursor/mcp.json` in your project root.
61
+
62
+ ### Windsurf
63
+
64
+ Add to `~/.codeium/windsurf/mcp_config.json`:
65
+
66
+ ```json
67
+ {
68
+ "mcpServers": {
69
+ "tide": {
70
+ "url": "https://mcp.tide.org/mcp"
71
+ }
72
+ }
73
+ }
74
+ ```
75
+
76
+ Or for local: `"command": "npx", "args": ["-y", "@tideorg/mcp"]`
77
+
78
+ ### Zed
79
+
80
+ Add to your Zed settings (`~/.config/zed/settings.json`):
81
+
82
+ ```json
83
+ {
84
+ "context_servers": {
85
+ "tide": {
86
+ "command": {
87
+ "path": "npx",
88
+ "args": ["-y", "@tideorg/mcp"]
89
+ }
90
+ }
91
+ }
92
+ }
93
+ ```
94
+
95
+ Note: Zed uses `context_servers` (not `mcpServers`) and doesn't yet support remote URL-based MCP servers — use the npx command.
96
+
97
+ ### OpenAI Codex CLI
98
+
99
+ Add to `~/.codex/config.json`:
100
+
101
+ ```json
102
+ {
103
+ "mcpServers": {
104
+ "tide": {
105
+ "command": "npx",
106
+ "args": ["-y", "@tideorg/mcp"]
107
+ }
108
+ }
109
+ }
110
+ ```
111
+
112
+ Note: Codex CLI currently supports stdio-based MCP servers only — use the npx command.
113
+
114
+ ## What your AI can do with this
115
+
116
+ Once connected, your AI assistant can:
117
+
118
+ - **Add Tide auth** to a new or existing Next.js/React app
119
+ - **Protect API routes** with server-side JWT + DPoP verification
120
+ - **Set up role-based access** with Tide's IGA governance
121
+ - **Deploy Forseti smart contracts** for policy-governed encryption and signing
122
+ - **Bootstrap TideCloak** from Docker to fully configured realm
123
+ - **Diagnose issues** like broken login, missing roles, CORS errors
124
+ - **Follow security invariants** that prevent common auth mistakes
125
+
126
+ ## Try it
127
+
128
+ After setup, try these prompts in your AI coding tool:
129
+
130
+ > Add Tide authentication to my Next.js app
131
+
132
+ > I have an existing app with auth help me migrate to Tide
133
+
134
+ > Set up encrypted data sharing between users with Tide
135
+
136
+ > Help me create a Forseti contract for multi-admin approval
137
+
138
+ ## What's inside
139
+
140
+ | Category | Count | Examples |
141
+ |----------|-------|---------|
142
+ | Canon doctrine | 12 files | Security invariants, anti-patterns, framework matrix, troubleshooting |
143
+ | Playbooks | 17 step-by-step guides | Add auth, protect APIs, verify JWTs, deploy TideCloak, set up E2EE |
144
+ | Skills | 9 composable roles | Setup, integration, security review, learning capture |
145
+ | Scenarios | 5 reference architectures | Password manager, signing service, encrypted chat, governance panel |
146
+ | Prompts | 4 starter prompts | Secure existing app, migrate auth, admin approval, customer portal |
147
+
148
+ ## Remote Server (no install required)
149
+
150
+ We host the MCP server so you don't have to install anything. Just add the URL:
151
+
152
+ ```json
153
+ {
154
+ "mcpServers": {
155
+ "tide": {
156
+ "url": "https://mcp.tide.org/mcp"
157
+ }
158
+ }
159
+ }
160
+ ```
161
+
162
+ No Node.js required. No npx. Works with any MCP client that supports remote servers.
163
+
164
+ ## Self-hosting
165
+
166
+ Want to run your own instance? Pull from Docker Hub:
167
+
168
+ ```bash
169
+ docker run -p 3000:3000 tideorg/mcp
170
+ ```
171
+
172
+ Or build from source:
173
+
174
+ ```bash
175
+ docker build -t tideorg/mcp .
176
+ docker run -p 3000:3000 tideorg/mcp
177
+ ```
178
+
179
+ Then point your MCP client at `http://localhost:3000/mcp`.
180
+
181
+ Optional: set `API_TOKEN` environment variable to require Bearer token auth:
182
+
183
+ ```bash
184
+ docker run -p 3000:3000 -e API_TOKEN=your-secret tideorg/mcp
185
+ ```
186
+
187
+ ## Requirements
188
+
189
+ - **Remote server**: None (just an MCP client that supports remote URLs)
190
+ - **npm/npx install**: Node.js 18+
191
+ - **Self-hosted Docker**: Docker
192
+
193
+ No TideCloak instance needed to start — the agent will guide you through setup.
194
+
195
+ ## Privacy
196
+
197
+ The MCP server is **read-only** and collects no data no accounts, no telemetry, no storage, no third-party sharing. Tool arguments are used transiently in memory to select bundled guidance. See [PRIVACY.md](PRIVACY.md).
198
+
199
+ ## Links
200
+
201
+ - [TideCloak](https://tidecloak.com) — The identity platform
202
+ - [npm package](https://www.npmjs.com/package/@tideorg/mcp) — `@tideorg/mcp`
203
+ - [Privacy policy](PRIVACY.md)
204
+ - [Tide Foundation](https://tide.org) — The organisation behind Tide
@@ -53,7 +53,7 @@ Do not do these. Each defeats a specific invariant or creates a real vulnerabili
53
53
  - **Do not** create single-admin bypass paths around IGA. (AP-05)
54
54
  - **Do not** skip DPoP verification on protected APIs. (AP-06)
55
55
  - **Do not** store plain-text role cookies, ad hoc local auth logic, or fake auth helpers.
56
- - **Do not** use `IAMService` for DPoP flowsuse the `TideCloak` class with `enableDpop: true`.
56
+ - **Do not** disable DPoP. It is enabled/enforced by default. `IAMService` (the shipped singleton) supports DPoP via `useDPoP: { mode: 'strict', alg: 'ES256' }` in its config there is no `enableDpop` flag and no separate `TideCloak` class requirement.
57
57
  - **Do not** use named ESM imports from `@tidecloak/verify` — it is CJS. Use default import with defensive interop.
58
58
  - **Do not** import `Models`, `PolicySignRequest`, `BaseTideRequest`, `ApprovalType`, or `ExecutionType` from `@tidecloak/nextjs`. That package is the Next.js integration layer only. Import `Models` from `@tideorg/js` and `PolicySignRequest` from `heimdall-tide`. Importing from `@tidecloak/nextjs` returns `undefined` at runtime.
59
59
  - **Do not** call `createTideRequest()`, `requestTideOperatorApproval()`, or `executeSignRequest()` on `IAMService`. These methods live on the underlying TideCloak instance at `IAMService._tc`. Calling them on `IAMService` throws `is not a function`.
@@ -79,6 +79,7 @@ This agent operates as a virtual development team. The **Tech Lead** decides rou
79
79
  | **IAM / Policy Engineer** | `tide-rbac-and-e2ee` | Roles, hasRealmRole vs hasClientRole, self vs shared encryption, policy signing, Forseti, IGA governance |
80
80
  | **Solutions Architect** | `tide-solutions-architect` | Pattern exploration when no existing scenario/playbook covers the request |
81
81
  | **Reviewer / QA Engineer** | `tide-reviewer` | Compliance checking, invariant validation, anti-pattern detection, scenario correctness |
82
+ | **Security Analyst** | `tide-security-analyst` | Read-only gap analysis of an **existing** (possibly non-Tide) system; maps weaknesses to Tide capabilities. Entry point for "audit my app" / migration scoping. Runs before and independently of the build flow — reports, does not build. |
82
83
  | **Learnings / Pack Curator** | `tide-diagnostics` | Troubleshooting, finding extraction, learnings, regression proposals |
83
84
 
84
85
  ### How the Tech Lead works
@@ -238,4 +239,4 @@ These are implementation pitfalls not covered by invariants or anti-patterns. Fo
238
239
  - **Token refresh delay**: After IGA commit, roles appear in JWT/doken after next token refresh (up to 120s).
239
240
  - **`tide-realm-admin`**: Client role on `realm-management`, not a realm role.
240
241
  - **Post-auth redirect handler**: Must exist at configured `redirectUri` path. Missing handler = login appears to fail (404 after auth). See `canon/redirect-handler.md`.
241
- - **Version policy**: All `@tidecloak/*` packages pin to `0.13.26`. No 0.99.x. See `canon/version-policy.md`.
242
+ - **Version policy**: All `@tidecloak/*` packages pin to `0.13.33`. No 0.99.x. See `canon/version-policy.md`.