agent-mcp-guard 0.4.5 → 0.4.7

package/README.md

@@ -19,7 +19,7 @@ Live demo PR: [mcp-guard-demo#1](https://github.com/ChaoYue0307/mcp-guard-demo/p
   <a href="https://github.com/marketplace/actions/mcp-guard-mcp-security-scanner"><img alt="GitHub Marketplace" src="https://img.shields.io/badge/Marketplace-mcp--guard-0f766e?logo=github"></a>
   <a href="https://github.com/ChaoYue0307/mcp-guard/actions"><img alt="CI" src="https://github.com/ChaoYue0307/mcp-guard/actions/workflows/ci.yml/badge.svg"></a>
   <a href="LICENSE"><img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-111827"></a>
-  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.4.5"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
+  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.4.7"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
 </p>
 
 ## Install
@@ -93,7 +93,7 @@ mcp-guard scan --config .mcp.json --baseline .mcp-guard-baseline.json --fail-on
 Use the GitHub Action:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     # policy: .mcp-guard-policy.json
@@ -116,6 +116,7 @@ Use the transparent example to evaluate what the scanner actually does:
 - generated SARIF report: [site/e2e/report.sarif](site/e2e/report.sarif)
 - generated audit summary: [site/e2e/audit/mcp-guard-executive-summary.md](site/e2e/audit/mcp-guard-executive-summary.md)
 - generated remediation plan: [site/e2e/audit/mcp-guard-remediation.md](site/e2e/audit/mcp-guard-remediation.md)
+- generated remediation checklist: [site/e2e/audit/mcp-guard-remediation-checklist.md](site/e2e/audit/mcp-guard-remediation-checklist.md)
 
 The example scans 3 MCP servers and reports 9 active findings with a risk score of 98. It is synthetic, but fully reproducible from committed files.
 
@@ -149,8 +150,9 @@ For paid setup or internal review handoff, `mcp-guard audit` writes a complete e
 
 - executive summary;
 - remediation plan grouped by MCP server;
+- remediation checklist for PR or handoff tracking;
 - Markdown, HTML, JSON, and SARIF reports;
-- machine-readable audit manifest.
+- machine-readable audit manifest with artifact hashes.
 
 For stricter governance, commit `.mcp-guard-policy.json` and define the commands, remote packages, filesystem roots, and remote MCP endpoints the team has approved. See [Policy files](docs/policy.md).
 

package/action.yml

@@ -63,6 +63,9 @@ outputs:
   remediation-report:
     description: Path to the generated remediation plan.
     value: ${{ steps.reports.outputs.remediation-report }}
+  remediation-checklist:
+    description: Path to the generated remediation checklist.
+    value: ${{ steps.reports.outputs.remediation-checklist }}
   audit-manifest:
     description: Path to the generated audit pack manifest.
     value: ${{ steps.reports.outputs.audit-manifest }}
@@ -114,6 +117,7 @@ runs:
         sarif_report="${MCP_GUARD_OUTPUT_DIR}/mcp-guard.sarif"
         executive_summary="${MCP_GUARD_OUTPUT_DIR}/mcp-guard-executive-summary.md"
         remediation_report="${MCP_GUARD_OUTPUT_DIR}/mcp-guard-remediation.md"
+        remediation_checklist="${MCP_GUARD_OUTPUT_DIR}/mcp-guard-remediation-checklist.md"
         audit_manifest="${MCP_GUARD_OUTPUT_DIR}/mcp-guard-audit-manifest.json"
         comment_report="${MCP_GUARD_OUTPUT_DIR}/mcp-guard-pr-comment.md"
 
@@ -133,6 +137,7 @@ runs:
           "${MCP_GUARD_FAIL_ON}" \
           "${executive_summary}" \
           "${remediation_report}" \
+          "${remediation_checklist}" \
           "${audit_manifest}" > "${comment_report}"
 
         {
@@ -142,6 +147,7 @@ runs:
           echo "json-report=${json_report}"
           echo "sarif-report=${sarif_report}"
           echo "remediation-report=${remediation_report}"
+          echo "remediation-checklist=${remediation_checklist}"
           echo "audit-manifest=${audit_manifest}"
           echo "comment-report=${comment_report}"
           echo "exit-code=${status}"
@@ -161,6 +167,7 @@ runs:
           "${MCP_GUARD_FAIL_ON}" \
           "${{ steps.reports.outputs.executive-summary }}" \
           "${{ steps.reports.outputs.remediation-report }}" \
+          "${{ steps.reports.outputs.remediation-checklist }}" \
           "${{ steps.reports.outputs.audit-manifest }}" >> "${GITHUB_STEP_SUMMARY}"
 
     - name: Comment on pull request

package/docs/audit.md

@@ -32,19 +32,22 @@ mcp-guard audit --config .mcp.json --fail-on high
 | --- | --- |
 | `mcp-guard-executive-summary.md` | Short decision summary for founders, security leads, and engineering managers. |
 | `mcp-guard-remediation.md` | Server-by-server remediation plan with evidence and fixes. |
+| `mcp-guard-remediation-checklist.md` | Checkbox-based remediation tasks for PRs, paid setup handoff, or internal tracking. |
 | `mcp-guard-report.md` | Full Markdown scan report. |
 | `mcp-guard-report.html` | Readable HTML report for review artifacts. |
 | `mcp-guard-report.json` | Redacted machine-readable report for automation. |
 | `mcp-guard.sarif` | SARIF 2.1.0 report for GitHub code scanning. |
-| `mcp-guard-audit-manifest.json` | Manifest listing status, summary, policy/baseline context, and file paths. |
+| `mcp-guard-audit-manifest.json` | Manifest listing status, summary, policy/baseline context, file paths, SHA-256 hashes, and artifact sizes. |
 
 ## Review Flow
 
 1. Run `mcp-guard audit` locally or through the GitHub Action.
 2. Open `mcp-guard-executive-summary.md` to decide whether the MCP setup is acceptable.
 3. Work through `mcp-guard-remediation.md` with the engineering team.
-4. Use `mcp-guard-report.html` for readable evidence and `mcp-guard-report.json` or `mcp-guard.sarif` for automation.
-5. Commit a reviewed policy and baseline only after the team has decided what risk is intentionally accepted.
+4. Track concrete work in `mcp-guard-remediation-checklist.md`.
+5. Use `mcp-guard-report.html` for readable evidence and `mcp-guard-report.json` or `mcp-guard.sarif` for automation.
+6. Use the `integrity.artifacts` section in `mcp-guard-audit-manifest.json` when you need to prove an audit artifact has not changed.
+7. Commit a reviewed policy and baseline only after the team has decided what risk is intentionally accepted.
 
 ## Privacy
 

package/docs/baseline.md

@@ -30,7 +30,7 @@ If the scan finds only baseline-accepted findings, the exit code is `0`. If a ne
 ## GitHub Action
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json
@@ -45,7 +45,7 @@ The generated Markdown, HTML, JSON, and PR comment separate active findings from
 {
   "version": 1,
   "generatedAt": "2026-05-10T00:00:00.000Z",
-  "toolVersion": "0.4.5",
+  "toolVersion": "0.4.7",
   "findings": [
     {
       "fingerprint": "mcpg_a009b2c2",

package/docs/business-playbook.md

@@ -17,7 +17,7 @@ Deliverables:
 - install the CLI and GitHub Action;
 - run `mcp-guard init` or generate an equivalent workflow manually;
 - generate Markdown, HTML, JSON, and SARIF reports;
-- generate a customer handoff audit pack with executive summary, remediation plan, reports, and manifest;
+- generate a customer handoff audit pack with executive summary, remediation plan, remediation checklist, reports, and hashed manifest;
 - define an initial `.mcp-guard-policy.json` for approved commands, packages, directories, and remote URLs;
 - create an initial baseline for accepted known findings;
 - enable PR comments and optional SARIF upload;

package/docs/examples/e2e-example.md

@@ -54,6 +54,7 @@ Important findings include:
 - [SARIF report](../../site/e2e/report.sarif)
 - [Audit executive summary](../../site/e2e/audit/mcp-guard-executive-summary.md)
 - [Audit remediation plan](../../site/e2e/audit/mcp-guard-remediation.md)
+- [Audit remediation checklist](../../site/e2e/audit/mcp-guard-remediation-checklist.md)
 - [Audit manifest](../../site/e2e/audit/mcp-guard-audit-manifest.json)
 
 ## What This Proves
@@ -61,4 +62,4 @@ Important findings include:
 - The scanner does not need the config to leave the machine.
 - Secret-like values are redacted in reports.
 - Findings include rule IDs, severity, evidence, and remediation guidance.
-- The same scan can feed a human-readable HTML report, automation JSON, GitHub code scanning SARIF, and a review-ready audit handoff package.
+- The same scan can feed a human-readable HTML report, automation JSON, GitHub code scanning SARIF, and a review-ready audit handoff package with a remediation checklist.

package/docs/github-action.md

@@ -2,7 +2,7 @@
 
 Use the `mcp-guard` action to scan MCP and AI agent tool configuration in pull requests and CI.
 
-The action runs the CLI from the pinned GitHub Action tag, generates an audit pack with Markdown, HTML, JSON, SARIF, remediation, and manifest files, writes a job summary, uploads reports as an artifact, and fails the job when findings meet your selected severity threshold.
+The action runs the CLI from the pinned GitHub Action tag, generates an audit pack with Markdown, HTML, JSON, SARIF, remediation, checklist, and hashed manifest files, writes a job summary, uploads reports as an artifact, and fails the job when findings meet your selected severity threshold.
 
 It can also use a committed baseline to accept known findings, enforce a committed policy file, and optionally post a pull request comment with only the active findings.
 
@@ -37,7 +37,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.5
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.7
         with:
           config: .mcp.json
           fail-on: high
@@ -65,7 +65,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.5
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.7
         with:
           config: .mcp.json
           fail-on: high
@@ -77,7 +77,7 @@ jobs:
 Use `fail-on: none` when you want artifacts and summaries without blocking a pull request.
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     fail-on: none
 ```
@@ -93,7 +93,7 @@ mcp-guard scan --config .mcp.json --write-baseline .mcp-guard-baseline.json
 Commit `.mcp-guard-baseline.json`, then reference it from the action:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json
@@ -107,7 +107,7 @@ Reports will show active findings separately from findings accepted by the basel
 Use a policy when you want CI to enforce approved commands, packages, directories, and remote URLs.
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     policy: .mcp-guard-policy.json
@@ -140,6 +140,7 @@ See [Policy files](policy.md) for the file format.
 | `json-report` | Path to the generated JSON report. |
 | `sarif-report` | Path to the generated SARIF report. |
 | `remediation-report` | Path to the generated remediation plan. |
+| `remediation-checklist` | Path to the generated remediation checklist. |
 | `audit-manifest` | Path to the generated audit pack manifest. |
 | `comment-report` | Path to the generated pull request comment body. |
 | `exit-code` | `0` when below threshold, `2` when findings met the threshold. |

package/docs/launch-checklist.md

@@ -37,7 +37,7 @@ mcp-guard audit --config .mcp.json --policy .mcp-guard-policy.json --output-dir
 ## GitHub Action Setup
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json

package/docs/marketplace-action-readme.md

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.5
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.7
         with:
           config: .mcp.json
           fail-on: high
@@ -42,7 +42,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.5
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.7
         with:
           config: .mcp.json
           fail-on: high
@@ -73,6 +73,7 @@ jobs:
 | `json-report` | Path to the generated JSON report. |
 | `sarif-report` | Path to the generated SARIF report. |
 | `remediation-report` | Path to the generated remediation plan. |
+| `remediation-checklist` | Path to the generated remediation checklist. |
 | `audit-manifest` | Path to the generated audit pack manifest. |
 | `comment-report` | Path to the generated pull request comment body. |
 | `exit-code` | `0` when below threshold, `2` when findings met the threshold. |
@@ -86,7 +87,8 @@ The action generates an audit pack:
 - JSON for automation.
 - SARIF 2.1.0 for GitHub code scanning.
 - Remediation Markdown for server-by-server handoff.
-- Audit manifest JSON for downstream automation.
+- Remediation checklist for PR and setup tracking.
+- Audit manifest JSON with SHA-256 hashes and byte sizes for downstream automation.
 
 Secret-like values are redacted before reports are written.
 
@@ -101,7 +103,7 @@ mcp-guard scan --config .mcp.json --write-baseline .mcp-guard-baseline.json
 Then enforce only new findings:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json
@@ -113,7 +115,7 @@ Then enforce only new findings:
 Commit `.mcp-guard-policy.json` or pass `policy` to enforce approved commands, remote packages, directories, and remote MCP URLs.
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     policy: .mcp-guard-policy.json

package/docs/marketplace.md

@@ -82,17 +82,17 @@ Code quality
 Current release title:
 
 ```text
-v0.4.5
+v0.4.7
 ```
 
 Release notes:
 
 ```text
-Audit pack release.
+Audit integrity release.
 
-- Adds `mcp-guard audit` for executive summary, remediation plan, Markdown, HTML, JSON, SARIF, and manifest outputs.
-- The GitHub Action now uploads audit pack artifacts, including remediation and manifest files.
-- Keeps policy enforcement, baseline support, PR comments, artifacts, and SARIF upload support.
+- Adds SHA-256 checksums and byte sizes for generated audit artifacts in `mcp-guard-audit-manifest.json`.
+- Keeps remediation checklist, first remediation steps in PR comments, executive summary, remediation plan, Markdown, HTML, JSON, SARIF, policy, baseline, artifacts, and SARIF upload support.
+- Improves paid setup and internal review handoff by making generated evidence easier to verify after delivery.
 ```
 
 ## Manual Publishing Steps
@@ -105,7 +105,7 @@ Completed:
 - README, docs, and website examples now use:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.5
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
 ```
 
 Remaining Marketplace web step:

package/docs/paid-audit.md

@@ -13,7 +13,7 @@ It is not currently advertised as an active consulting service. Keep public webs
 ## Deliverables
 
 - MCP and agent tool inventory.
-- `mcp-guard audit` evidence pack with executive summary, remediation plan, reports, and manifest.
+- `mcp-guard audit` evidence pack with executive summary, remediation plan, remediation checklist, reports, and hashed manifest.
 - Risk report covering shell access, package execution, filesystem scope, secrets, remote servers, and dangerous commands.
 - Practical remediation checklist.
 - Optional PR with safer config and policy changes.

package/docs/roadmap.md

@@ -13,7 +13,7 @@
 - Optional GitHub pull request comments from the Marketplace Action.
 - `mcp-guard init` for bootstrapping a GitHub Action workflow and optional baseline.
 - Policy file enforcement for approved commands, packages, directories, and remote URLs.
-- `mcp-guard audit` for review-ready executive summaries, remediation plans, reports, and manifests.
+- `mcp-guard audit` for review-ready executive summaries, remediation plans, remediation checklists, reports, and hashed manifests.
 - npm Trusted Publishing workflow prepared for tokenless release publishing.
 
 ## Next

package/docs/trusted-publishing.md

@@ -36,7 +36,7 @@ Configure this once on npmjs.com:
 After this is saved, run the workflow from GitHub Actions with the release tag, for example:
 
 ```text
-v0.4.5
+v0.4.7
 ```
 
 ## Release Flow After Setup
@@ -44,7 +44,7 @@ v0.4.5
 1. Update `package.json` and `src/cli.js`.
 2. Run `npm test` and `npm run release:check`.
 3. Commit and push to `main`.
-4. Create a GitHub release tag such as `v0.4.5`.
+4. Create a GitHub release tag such as `v0.4.7`.
 5. Run the `Publish npm` workflow with the same tag.
 6. Verify npm:
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-mcp-guard",
-  "version": "0.4.5",
+  "version": "0.4.7",
   "description": "Open-source CLI scanner for risky MCP server and AI agent tool configuration.",
   "type": "module",
   "homepage": "https://chaoyue0307.github.io/mcp-guard/",

package/scripts/action-comment.js

@@ -3,10 +3,17 @@
 import fs from "node:fs";
 import path from "node:path";
 
-const [jsonReportPath, markdownReportPath, htmlReportPath, sarifReportPath, failOn, executiveSummaryPath, remediationReportPath, auditManifestPath] = process.argv.slice(2);
+const [jsonReportPath, markdownReportPath, htmlReportPath, sarifReportPath, failOn, executiveSummaryPath, remediationReportPath, maybeRemediationChecklistPath, maybeAuditManifestPath] = process.argv.slice(2);
+let remediationChecklistPath = maybeRemediationChecklistPath;
+let auditManifestPath = maybeAuditManifestPath;
+
+if (!auditManifestPath && remediationChecklistPath && path.basename(remediationChecklistPath) === "mcp-guard-audit-manifest.json") {
+  auditManifestPath = remediationChecklistPath;
+  remediationChecklistPath = "";
+}
 
 if (!jsonReportPath) {
-  process.stderr.write("Usage: action-comment.js <json-report> <markdown-report> <html-report> <sarif-report> <fail-on> [executive-summary] [remediation-report] [audit-manifest]\n");
+  process.stderr.write("Usage: action-comment.js <json-report> <markdown-report> <html-report> <sarif-report> <fail-on> [executive-summary] [remediation-report] [remediation-checklist] [audit-manifest]\n");
   process.exit(1);
 }
 
@@ -52,6 +59,12 @@ if (findings.length === 0) {
   for (const finding of findings.slice(0, 6)) {
     lines.push(`| ${cell(finding.severity)} | ${cell(finding.id)} | ${cell(finding.serverName)} | ${cell(finding.title)} |`);
   }
+  lines.push("");
+  lines.push("### First remediation steps");
+  lines.push("");
+  for (const finding of findings.slice(0, 5)) {
+    lines.push(`- [ ] **${cell(finding.severity)} ${cell(finding.id)}** \`${cell(finding.serverName)}\`: ${cell(finding.recommendation)}`);
+  }
 }
 
 lines.push("");
@@ -67,6 +80,9 @@ if (executiveSummaryPath) {
 if (remediationReportPath) {
   lines.push(`- Remediation: \`${relative(remediationReportPath)}\``);
 }
+if (remediationChecklistPath) {
+  lines.push(`- Remediation checklist: \`${relative(remediationChecklistPath)}\``);
+}
 if (auditManifestPath) {
   lines.push(`- Audit manifest: \`${relative(auditManifestPath)}\``);
 }

package/scripts/action-summary.js

@@ -3,10 +3,17 @@
 import fs from "node:fs";
 import path from "node:path";
 
-const [jsonReportPath, markdownReportPath, htmlReportPath, sarifReportPath, failOn, executiveSummaryPath, remediationReportPath, auditManifestPath] = process.argv.slice(2);
+const [jsonReportPath, markdownReportPath, htmlReportPath, sarifReportPath, failOn, executiveSummaryPath, remediationReportPath, maybeRemediationChecklistPath, maybeAuditManifestPath] = process.argv.slice(2);
+let remediationChecklistPath = maybeRemediationChecklistPath;
+let auditManifestPath = maybeAuditManifestPath;
+
+if (!auditManifestPath && remediationChecklistPath && path.basename(remediationChecklistPath) === "mcp-guard-audit-manifest.json") {
+  auditManifestPath = remediationChecklistPath;
+  remediationChecklistPath = "";
+}
 
 if (!jsonReportPath) {
-  process.stderr.write("Usage: action-summary.js <json-report> <markdown-report> <html-report> <sarif-report> <fail-on> [executive-summary] [remediation-report] [audit-manifest]\n");
+  process.stderr.write("Usage: action-summary.js <json-report> <markdown-report> <html-report> <sarif-report> <fail-on> [executive-summary] [remediation-report] [remediation-checklist] [audit-manifest]\n");
   process.exit(1);
 }
 
@@ -51,6 +58,15 @@ if (topFindings.length === 0) {
   }
 }
 
+if (topFindings.length > 0) {
+  lines.push("");
+  lines.push("### First remediation steps");
+  lines.push("");
+  for (const finding of topFindings.slice(0, 5)) {
+    lines.push(`- [ ] **${cell(finding.severity)} ${cell(finding.id)}** \`${cell(finding.serverName)}\`: ${cell(finding.recommendation)}`);
+  }
+}
+
 lines.push("");
 lines.push("### Reports");
 lines.push("");
@@ -64,6 +80,9 @@ if (executiveSummaryPath) {
 if (remediationReportPath) {
   lines.push(`- Remediation: \`${relative(remediationReportPath)}\``);
 }
+if (remediationChecklistPath) {
+  lines.push(`- Remediation checklist: \`${relative(remediationChecklistPath)}\``);
+}
 if (auditManifestPath) {
   lines.push(`- Audit manifest: \`${relative(auditManifestPath)}\``);
 }

package/site/e2e/audit/mcp-guard-audit-manifest.json

@@ -2,9 +2,9 @@
   "version": 1,
   "tool": {
     "name": "mcp-guard",
-    "version": "0.4.5"
+    "version": "0.4.7"
   },
-  "generatedAt": "2026-05-10T14:16:23.655Z",
+  "generatedAt": "2026-05-10T20:08:00.622Z",
   "status": "needs_review",
   "failOn": "none",
   "outputDir": "site/e2e/audit",
@@ -30,10 +30,58 @@
   "files": {
     "executiveSummary": "site/e2e/audit/mcp-guard-executive-summary.md",
     "remediation": "site/e2e/audit/mcp-guard-remediation.md",
+    "remediationChecklist": "site/e2e/audit/mcp-guard-remediation-checklist.md",
     "markdownReport": "site/e2e/audit/mcp-guard-report.md",
     "htmlReport": "site/e2e/audit/mcp-guard-report.html",
     "jsonReport": "site/e2e/audit/mcp-guard-report.json",
     "sarifReport": "site/e2e/audit/mcp-guard.sarif",
     "manifest": "site/e2e/audit/mcp-guard-audit-manifest.json"
+  },
+  "integrity": {
+    "algorithm": "sha256",
+    "artifacts": [
+      {
+        "key": "executiveSummary",
+        "path": "site/e2e/audit/mcp-guard-executive-summary.md",
+        "bytes": 1764,
+        "sha256": "d4679b3353a25ed4f88479ae2594fa6a7e2b1b61a9455b56a61e10a70131c87e"
+      },
+      {
+        "key": "remediation",
+        "path": "site/e2e/audit/mcp-guard-remediation.md",
+        "bytes": 2752,
+        "sha256": "1a7a83531f9fea7f0dc8a074a378151f1f7e10a713abc93136e0200bb1dbd35a"
+      },
+      {
+        "key": "remediationChecklist",
+        "path": "site/e2e/audit/mcp-guard-remediation-checklist.md",
+        "bytes": 2056,
+        "sha256": "d75a40e9c2f243cf9193e50d6d9fa8c56e2d50950deb2f1cc843e230c002e548"
+      },
+      {
+        "key": "markdownReport",
+        "path": "site/e2e/audit/mcp-guard-report.md",
+        "bytes": 3297,
+        "sha256": "11a09f58c19ebb836ff4da6f75d050b508fc989dd41ea1c31a02dbafc3367317"
+      },
+      {
+        "key": "htmlReport",
+        "path": "site/e2e/audit/mcp-guard-report.html",
+        "bytes": 12988,
+        "sha256": "3f597e3e1423159f2665b5f5c3b754c2eda4df5645cc2707fa872ddb3c9b7a3c"
+      },
+      {
+        "key": "jsonReport",
+        "path": "site/e2e/audit/mcp-guard-report.json",
+        "bytes": 5938,
+        "sha256": "a7b2f086928c1d697c4402b37e84b055a7e12ed2bef55654a19733a80d082947"
+      },
+      {
+        "key": "sarifReport",
+        "path": "site/e2e/audit/mcp-guard.sarif",
+        "bytes": 20856,
+        "sha256": "994c3bd89e616a76c53cd3797f6323001cc11dcb1afd96ddaeeb9d53c6432ee8"
+      }
+    ]
   }
 }

package/site/e2e/audit/mcp-guard-executive-summary.md

@@ -1,6 +1,6 @@
 # mcp-guard Executive Summary
 
-Generated: 2026-05-10T14:16:23.655Z
+Generated: 2026-05-10T20:08:00.622Z
 Status: **Needs review**
 Risk score: **98**
 Fail threshold: **none**

package/site/e2e/audit/mcp-guard-remediation-checklist.md

@@ -0,0 +1,32 @@
+# mcp-guard Remediation Checklist
+
+Generated: 2026-05-10T20:08:00.622Z
+Risk score: **98**
+Active findings: **9**
+
+## Release Gate
+
+- [ ] Critical findings are removed or the MCP server is redesigned.
+- [ ] High findings are reviewed before merge or rollout.
+- [ ] Any accepted residual risk is documented in policy or baseline.
+
+## Remediation Tasks
+
+| Done | Priority | Rule | Server | Action | Fingerprint |
+| --- | --- | --- | --- | --- | --- |
+| [ ] | critical | MCP010 | shell-installer | Replace the shell wrapper for server `shell-installer` with a direct reviewed executable or checked-in script. | mcpg_c2b742f0 |
+| [ ] | critical | MCP050 | shell-installer | Remove the dangerous startup operation from server `shell-installer` and run setup manually after review. | mcpg_73e1a0da |
+| [ ] | high | MCP021 | filesystem-all-home | Pin and approve the remote package used by server `filesystem-all-home`. | mcpg_7390d900 |
+| [ ] | high | MCP030 | filesystem-all-home | Move credentials for server `filesystem-all-home` out of MCP config and rotate any exposed tokens. | mcpg_73964a76 |
+| [ ] | high | MCP040 | filesystem-all-home | Constrain filesystem access for server `filesystem-all-home` to a reviewed project directory. | mcpg_70425125 |
+| [ ] | high | MCP041 | filesystem-all-home | Constrain filesystem access for server `filesystem-all-home` to a reviewed project directory. | mcpg_eea814c0 |
+| [ ] | high | MCP061 | remote-prod | Move credentials for server `remote-prod` out of MCP config and rotate any exposed tokens. | mcpg_ad4db81f |
+| [ ] | medium | MCP020 | filesystem-all-home | Pin and approve the remote package used by server `filesystem-all-home`. | mcpg_df881ae7 |
+| [ ] | medium | MCP060 | remote-prod | Review and allowlist the remote MCP endpoint used by server `remote-prod`. | mcpg_45117870 |
+
+## Closeout
+
+- [ ] Re-run `mcp-guard audit` after changes.
+- [ ] Commit updated `.mcp-guard-policy.json` only for reviewed approvals.
+- [ ] Commit or update `.mcp-guard-baseline.json` only for intentionally accepted findings.
+

package/site/e2e/audit/mcp-guard-remediation.md

@@ -1,6 +1,6 @@
 # mcp-guard Remediation Plan
 
-Generated: 2026-05-10T14:16:23.655Z
+Generated: 2026-05-10T20:08:00.622Z
 
 ## Priority
 

package/site/e2e/audit/mcp-guard-report.html

@@ -297,7 +297,7 @@
           <div class="metric"><strong>1</strong><span>Scanned files</span></div>
           <div class="metric"><strong>3</strong><span>MCP servers</span></div>
           <div class="metric"><strong>9</strong><span>Active findings</span></div>
-          <div class="metric"><strong>2026-05-10 14:16 UTC</strong><span>Generated</span></div>
+          <div class="metric"><strong>2026-05-10 20:08 UTC</strong><span>Generated</span></div>
         </div>
       </div>
       <aside class="scorecard" aria-label="Risk score">

package/site/e2e/audit/mcp-guard-report.json

@@ -1,11 +1,11 @@
 {
   "metadata": {
-    "generatedAt": "2026-05-10T14:16:23.655Z",
+    "generatedAt": "2026-05-10T20:08:00.622Z",
     "cwd": ".",
     "home": "~",
     "policyPath": "",
     "policyEnabled": false,
-    "toolVersion": "0.4.5"
+    "toolVersion": "0.4.7"
   },
   "policy": null,
   "scannedFiles": [

package/site/e2e/audit/mcp-guard-report.md

@@ -1,6 +1,6 @@
 # mcp-guard Scan Report
 
-Generated: 2026-05-10T14:16:23.655Z
+Generated: 2026-05-10T20:08:00.622Z
 
 ## Summary
 

package/site/e2e/audit/mcp-guard.sarif

@@ -7,7 +7,7 @@
         "driver": {
           "name": "mcp-guard",
           "informationUri": "https://github.com/ChaoYue0307/mcp-guard",
-          "semanticVersion": "0.4.5",
+          "semanticVersion": "0.4.7",
           "rules": [
             {
               "id": "MCP010",

package/site/e2e/index.html

@@ -89,6 +89,7 @@ node ./bin/mcp-guard.js audit --config site/e2e/claude_desktop_config.json --out
           <a href="report.sarif">SARIF report</a>
           <a href="audit/mcp-guard-executive-summary.md">Audit summary</a>
           <a href="audit/mcp-guard-remediation.md">Remediation plan</a>
+          <a href="audit/mcp-guard-remediation-checklist.md">Remediation checklist</a>
           <a href="audit/mcp-guard-audit-manifest.json">Audit manifest</a>
           <h2>Output summary</h2>
           <ul>

package/site/e2e/report.html

@@ -297,7 +297,7 @@
           <div class="metric"><strong>1</strong><span>Scanned files</span></div>
           <div class="metric"><strong>3</strong><span>MCP servers</span></div>
           <div class="metric"><strong>9</strong><span>Active findings</span></div>
-          <div class="metric"><strong>2026-05-10 14:16 UTC</strong><span>Generated</span></div>
+          <div class="metric"><strong>2026-05-10 20:07 UTC</strong><span>Generated</span></div>
         </div>
       </div>
       <aside class="scorecard" aria-label="Risk score">

package/site/e2e/report.json

@@ -1,11 +1,11 @@
 {
   "metadata": {
-    "generatedAt": "2026-05-10T14:16:12.688Z",
+    "generatedAt": "2026-05-10T20:07:57.237Z",
     "cwd": ".",
     "home": "~",
     "policyPath": "",
     "policyEnabled": false,
-    "toolVersion": "0.4.5"
+    "toolVersion": "0.4.7"
   },
   "policy": null,
   "scannedFiles": [

package/site/e2e/report.md

@@ -1,6 +1,6 @@
 # mcp-guard Scan Report
 
-Generated: 2026-05-10T14:16:12.639Z
+Generated: 2026-05-10T20:07:52.252Z
 
 ## Summary
 

package/site/e2e/report.sarif

@@ -7,7 +7,7 @@
         "driver": {
           "name": "mcp-guard",
           "informationUri": "https://github.com/ChaoYue0307/mcp-guard",
-          "semanticVersion": "0.4.5",
+          "semanticVersion": "0.4.7",
           "rules": [
             {
               "id": "MCP010",

package/src/audit.js

@@ -1,4 +1,5 @@
 import fs from "node:fs/promises";
+import crypto from "node:crypto";
 import path from "node:path";
 import { applyBaseline, loadBaselineFile } from "./baseline.js";
 import { displayPath } from "./fingerprint.js";
@@ -8,6 +9,7 @@ import { scan } from "./scan.js";
 export const AUDIT_FILENAMES = {
   executiveSummary: "mcp-guard-executive-summary.md",
   remediation: "mcp-guard-remediation.md",
+  remediationChecklist: "mcp-guard-remediation-checklist.md",
   markdownReport: "mcp-guard-report.md",
   htmlReport: "mcp-guard-report.html",
   jsonReport: "mcp-guard-report.json",
@@ -43,20 +45,23 @@ export async function writeAuditPack({
 
   await fs.mkdir(resolvedOutputDir, { recursive: true });
 
-  const manifest = buildAuditManifest(result, files, {
-    cwd,
-    outputDir: resolvedOutputDir,
-    failOn
-  });
-
   await Promise.all([
     fs.writeFile(files.executiveSummary, generateExecutiveSummary(result, { failOn }), "utf8"),
     fs.writeFile(files.remediation, generateRemediationPlan(result), "utf8"),
+    fs.writeFile(files.remediationChecklist, generateRemediationChecklist(result), "utf8"),
     fs.writeFile(files.markdownReport, generateMarkdownReport(result), "utf8"),
     fs.writeFile(files.htmlReport, generateHtmlReport(result), "utf8"),
     fs.writeFile(files.jsonReport, `${generateJsonReport(result)}\n`, "utf8"),
     fs.writeFile(files.sarifReport, `${generateSarifReport(result)}\n`, "utf8")
   ]);
+
+  const artifacts = await auditArtifacts(files, cwd);
+  const manifest = buildAuditManifest(result, files, {
+    cwd,
+    outputDir: resolvedOutputDir,
+    failOn,
+    artifacts
+  });
   await fs.writeFile(files.manifest, `${JSON.stringify(manifest, null, 2)}\n`, "utf8");
 
   return {
@@ -199,7 +204,52 @@ function generateRemediationPlan(result) {
   return `${lines.join("\n")}\n`;
 }
 
-function buildAuditManifest(result, files, { cwd, outputDir, failOn }) {
+function generateRemediationChecklist(result) {
+  const lines = [];
+  lines.push("# mcp-guard Remediation Checklist");
+  lines.push("");
+  lines.push(`Generated: ${result.metadata.generatedAt}`);
+  lines.push(`Risk score: **${result.summary.riskScore}**`);
+  lines.push(`Active findings: **${result.summary.findingCount}**`);
+  lines.push("");
+  lines.push("## Release Gate");
+  lines.push("");
+  lines.push("- [ ] Critical findings are removed or the MCP server is redesigned.");
+  lines.push("- [ ] High findings are reviewed before merge or rollout.");
+  lines.push("- [ ] Any accepted residual risk is documented in policy or baseline.");
+  lines.push("");
+  lines.push("## Remediation Tasks");
+  lines.push("");
+  if (result.findings.length === 0) {
+    lines.push("No active remediation tasks.");
+  } else {
+    lines.push("| Done | Priority | Rule | Server | Action | Fingerprint |");
+    lines.push("| --- | --- | --- | --- | --- | --- |");
+    for (const finding of result.findings) {
+      lines.push(`| [ ] | ${cell(finding.severity)} | ${cell(finding.id)} | ${cell(finding.serverName)} | ${cell(remediationAction(finding))} | ${cell(finding.fingerprint)} |`);
+    }
+  }
+  lines.push("");
+  if (result.acceptedFindings?.length > 0) {
+    lines.push("## Accepted Risk Review");
+    lines.push("");
+    lines.push("| Reviewed | Rule | Server | Reason | Fingerprint |");
+    lines.push("| --- | --- | --- | --- | --- |");
+    for (const finding of result.acceptedFindings) {
+      lines.push(`| [ ] | ${cell(finding.id)} | ${cell(finding.serverName)} | ${cell(finding.acceptedReason || "-")} | ${cell(finding.fingerprint)} |`);
+    }
+    lines.push("");
+  }
+  lines.push("## Closeout");
+  lines.push("");
+  lines.push("- [ ] Re-run `mcp-guard audit` after changes.");
+  lines.push("- [ ] Commit updated `.mcp-guard-policy.json` only for reviewed approvals.");
+  lines.push("- [ ] Commit or update `.mcp-guard-baseline.json` only for intentionally accepted findings.");
+  lines.push("");
+  return `${lines.join("\n")}\n`;
+}
+
+function buildAuditManifest(result, files, { cwd, outputDir, failOn, artifacts }) {
   return {
     version: 1,
     tool: {
@@ -221,10 +271,29 @@ function buildAuditManifest(result, files, { cwd, outputDir, failOn }) {
     baseline: result.baseline || { enabled: false },
     files: Object.fromEntries(
       Object.entries(files).map(([key, filePath]) => [key, displayPath(filePath, cwd)])
-    )
+    ),
+    integrity: {
+      algorithm: "sha256",
+      artifacts
+    }
   };
 }
 
+async function auditArtifacts(files, cwd) {
+  const artifacts = [];
+  for (const [key, filePath] of Object.entries(files)) {
+    if (key === "manifest") continue;
+    const content = await fs.readFile(filePath);
+    artifacts.push({
+      key,
+      path: displayPath(filePath, cwd),
+      bytes: content.byteLength,
+      sha256: crypto.createHash("sha256").update(content).digest("hex")
+    });
+  }
+  return artifacts;
+}
+
 function decisionGuidance(result) {
   if (result.findings.length === 0) {
     return ["No active findings were detected. Continue reviewing new MCP servers before adding them."];
@@ -273,6 +342,38 @@ function remediationPriorities(findings) {
   return items.length > 0 ? items : ["Review each active finding and document the accepted remediation path."];
 }
 
+function remediationAction(finding) {
+  const server = finding.serverName === "<workspace>" || finding.serverName === "<config>"
+    ? "this config"
+    : `server \`${finding.serverName}\``;
+
+  if (finding.id === "MCP010") {
+    return `Replace the shell wrapper for ${server} with a direct reviewed executable or checked-in script.`;
+  }
+  if (finding.id === "MCP011") {
+    return `Move inline eval code for ${server} into reviewed source control.`;
+  }
+  if (finding.id === "MCP020" || finding.id === "MCP021" || finding.id === "MCP071") {
+    return `Pin and approve the remote package used by ${server}.`;
+  }
+  if (finding.id === "MCP030" || finding.id === "MCP061") {
+    return `Move credentials for ${server} out of MCP config and rotate any exposed tokens.`;
+  }
+  if (finding.id === "MCP040" || finding.id === "MCP041" || finding.id === "MCP072" || finding.id === "MCP073") {
+    return `Constrain filesystem access for ${server} to a reviewed project directory.`;
+  }
+  if (finding.id === "MCP050") {
+    return `Remove the dangerous startup operation from ${server} and run setup manually after review.`;
+  }
+  if (finding.id === "MCP060" || finding.id === "MCP074") {
+    return `Review and allowlist the remote MCP endpoint used by ${server}.`;
+  }
+  if (finding.id === "MCP070") {
+    return `Use an approved command for ${server} or update policy after review.`;
+  }
+  return finding.recommendation;
+}
+
 function groupFindingsByServer(findings) {
   const groups = new Map();
   for (const finding of findings) {
@@ -287,6 +388,7 @@ function auditFileLabels(files) {
   return [
     ["Executive summary", files.executiveSummary],
     ["Remediation plan", files.remediation],
+    ["Remediation checklist", files.remediationChecklist],
     ["Markdown report", files.markdownReport],
     ["HTML report", files.htmlReport],
     ["JSON report", files.jsonReport],

package/src/cli.js

@@ -7,7 +7,7 @@ import { scan } from "./scan.js";
 import { generateHtmlReport, generateJsonReport, generateMarkdownReport, generateSarifReport, generateTextReport } from "./report.js";
 import { compareSeverity, severityRank } from "./severity.js";
 
-const VERSION = "0.4.5";
+const VERSION = "0.4.7";
 
 export async function runCli(argv, io) {
   const args = argv.slice(2);