@vaultys/mcp-agent 0.1.4 → 0.1.5

package/dist/src/policyMiddleware.d.ts

@@ -31,11 +31,13 @@ export interface CapabilityMapping {
  * tools can resolve relative paths to absolute paths matching the policy globs.
  */
 export declare const DEFAULT_TOOL_MAPPINGS: Record<string, CapabilityMapping>;
+export declare function setAuditDir(dir: string): void;
 export interface PolicyMiddlewareOptions {
     serverIdManager: IdManager;
     signedPolicy: PolicyBundle;
     toolMappings?: Record<string, CapabilityMapping>;
     workspaceRoot?: string;
+    auditDir?: string;
 }
 export interface ToolCallResult {
     decision: "allow" | "deny";

package/dist/src/policyMiddleware.js

@@ -79,7 +79,10 @@ function resolveWorkspacePath(raw, workspaceRoot) {
     return path.join(workspaceRoot ?? "/workspace", raw);
 }
 // ── Audit persistence ──
-const AUDIT_DIR = path.resolve("audit");
+let AUDIT_DIR = path.resolve("audit");
+export function setAuditDir(dir) {
+    AUDIT_DIR = path.resolve(dir);
+}
 function ensureAuditDir() {
     if (!fs.existsSync(AUDIT_DIR)) {
         fs.mkdirSync(AUDIT_DIR, { recursive: true });
@@ -107,7 +110,10 @@ function persistReceipt(jobId, receipt, meta) {
  * Create policy-enforced middleware that wraps MCP tool handlers.
  */
 export function createPolicyMiddleware(options) {
-    const { serverIdManager, signedPolicy, toolMappings = DEFAULT_TOOL_MAPPINGS, workspaceRoot = process.cwd(), } = options;
+    const { serverIdManager, signedPolicy, toolMappings = DEFAULT_TOOL_MAPPINGS, workspaceRoot = process.cwd(), auditDir, } = options;
+    if (auditDir) {
+        setAuditDir(auditDir);
+    }
     const em = new ExecutionManager(serverIdManager);
     /**
      * Wrap a tool call: evaluate policy, run handler if allowed, sign receipt.

package/dist/src/server.js

@@ -25,6 +25,7 @@ import { createPolicyMiddleware } from "./policyMiddleware.js";
 import { registerFilesystemTools } from "./tools/filesystem.js";
 import { registerShellTool } from "./tools/shell.js";
 import { registerNetworkTool } from "./tools/network.js";
+import { registerAuditTool } from "./tools/audit.js";
 import { registerResources } from "./resources/index.js";
 // ── Configuration ──
 const WORKSPACE_ROOT = path.resolve(process.env.WORKSPACE_ROOT ?? process.cwd());
@@ -68,6 +69,7 @@ async function main() {
     registerFilesystemTools(mcpServer, middleware, WORKSPACE_ROOT);
     registerShellTool(mcpServer, middleware, WORKSPACE_ROOT);
     registerNetworkTool(mcpServer, middleware);
+    registerAuditTool(mcpServer, serverIdm);
     // 7. Register resources (audit trail, policy, identity)
     registerResources(mcpServer, serverIdm, signedPolicy);
     // 8. Connect via stdio transport

package/dist/src/tools/audit.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Audit verification MCP tool — lets Claude verify the cryptographic audit trail.
+ *
+ * Tool:
+ *   verify_audit  — verify all signed receipts, report valid/invalid/tampered
+ */
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { IdManager } from "@vaultys/id";
+export declare function registerAuditTool(server: McpServer, serverIdManager: IdManager): void;

package/dist/src/tools/audit.js

@@ -0,0 +1,100 @@
+/**
+ * Audit verification MCP tool — lets Claude verify the cryptographic audit trail.
+ *
+ * Tool:
+ *   verify_audit  — verify all signed receipts, report valid/invalid/tampered
+ */
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { z } from "zod";
+import { ExecutionManager } from "@vaultys/id";
+const AUDIT_DIR = path.resolve("audit");
+function restoreSignature(receipt) {
+    if (receipt.broker_signature) {
+        if (typeof receipt.broker_signature === "string") {
+            receipt.broker_signature = Buffer.from(receipt.broker_signature, "base64");
+        }
+        else if (typeof receipt.broker_signature === "object" && receipt.broker_signature.data) {
+            receipt.broker_signature = Buffer.from(receipt.broker_signature.data);
+        }
+    }
+}
+export function registerAuditTool(server, serverIdManager) {
+    server.tool("verify_audit", "Verify the cryptographic audit trail. Checks all signed receipts for tampering. Returns verification results for each receipt.", {
+        limit: z.number().optional().describe("Maximum number of recent receipts to verify (default: all)"),
+    }, async (args) => {
+        const serverVid = serverIdManager.vaultysId;
+        if (!fs.existsSync(AUDIT_DIR)) {
+            return {
+                content: [{ type: "text", text: "No audit directory found. No tool calls have been recorded yet." }],
+            };
+        }
+        const files = fs.readdirSync(AUDIT_DIR)
+            .filter((f) => f.endsWith(".json"))
+            .sort();
+        if (files.length === 0) {
+            return {
+                content: [{ type: "text", text: "No audit receipts found. No tool calls have been recorded yet." }],
+            };
+        }
+        const limit = args.limit ?? files.length;
+        const toVerify = files.slice(-limit); // most recent N
+        let passed = 0;
+        let failed = 0;
+        let errors = 0;
+        const results = [];
+        for (const file of toVerify) {
+            const filePath = path.join(AUDIT_DIR, file);
+            let record;
+            try {
+                record = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+            }
+            catch {
+                errors++;
+                results.push({
+                    job_id: file.replace(".json", ""),
+                    timestamp: "?",
+                    tool: "?",
+                    decision: "?",
+                    verified: "error",
+                });
+                continue;
+            }
+            restoreSignature(record.receipt);
+            let verified = false;
+            try {
+                verified = ExecutionManager.verifyReceipt(record.receipt, serverVid);
+            }
+            catch {
+                verified = false;
+            }
+            if (verified)
+                passed++;
+            else
+                failed++;
+            results.push({
+                job_id: record.job_id,
+                timestamp: record.timestamp,
+                tool: record.tool,
+                decision: record.decision,
+                verified,
+            });
+        }
+        const summary = {
+            total: files.length,
+            verified_count: toVerify.length,
+            passed,
+            failed,
+            errors,
+            integrity: failed === 0 && errors === 0 ? "INTACT" : "COMPROMISED",
+            server_did: serverVid.did,
+            results,
+        };
+        return {
+            content: [{
+                    type: "text",
+                    text: JSON.stringify(summary, null, 2),
+                }],
+        };
+    });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vaultys/mcp-agent",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "description": "Policy-enforced MCP server powered by VaultysID — cryptographic authorization and audit trail for every AI tool call",
   "license": "MIT",
@@ -50,7 +50,7 @@
     "grant-policy": "tsx grant-policy.ts",
     "srp-grant": "tsx srp-grant-policy.ts",
     "audit": "tsx src/audit.ts",
-    "test": "tsx test-e2e.ts",
+    "test": "tsx test/e2e.test.ts",
     "build": "tsc && chmod +x dist/bin/*.js"
   }
 }