audit-ledger-mcp 0.1.1 → 0.2.0

package/README.md

@@ -30,26 +30,63 @@ Each call ends up as a regulator-grade audit record in your deployed ledger —
 
 ---
 
-## Install
+## Quick start — zero configuration
 
 ```bash
-npm install -g audit-ledger-mcp
+npx -y audit-ledger-mcp
 ```
 
-Or run on demand without installing:
+That's it. With no environment variables, the server boots into **sandbox mode** and writes records to a shared public tenant on a hosted ledger. You can try every tool — `record_decision`, `verify_decision`, `list_decisions` — without provisioning anything.
 
-```bash
-npx -y audit-ledger-mcp
+When sandbox mode is active, you'll see a banner on stderr:
+
+```
+[audit-ledger-mcp] ─────────────── SANDBOX MODE ───────────────
+[audit-ledger-mcp] No AUDIT_API_URL configured.
+[audit-ledger-mcp] Using the public sandbox at sandbox-public.
+[audit-ledger-mcp]   View: https://d2pfirb2397ixy.cloudfront.net
+[audit-ledger-mcp] Do NOT write real personal data...
 ```
 
+### Sandbox properties
+
+| | |
+|---|---|
+| **Hosted by** | github.com/shahidh68/audit-ledger (same AWS deployment) |
+| **Tenant** | `sandbox-public` (shared, public) |
+| **Rate limit** | 100 requests/minute per IP |
+| **Retention** | 7 years (records cannot be deleted) |
+| **Audience** | Tyre-kickers, integration tests, framework demos |
+| **NOT for** | Production data, customer PII, real compliance records |
+
+### Wire it into Claude Desktop with zero config
+
+```json
+{
+  "mcpServers": {
+    "audit-ledger-sandbox": {
+      "command": "npx",
+      "args": ["-y", "audit-ledger-mcp"]
+    }
+  }
+}
+```
+
+Restart Claude Desktop. The three tools appear in the MCP menu immediately. Try asking Claude to "record this decision: should X be approved?" and watch a record land in the sandbox dashboard.
+
 ---
 
-## Configure
+## Production install
+
+For real workloads, deploy your own audit ledger and point the MCP server at it:
+
+```bash
+npm install -g audit-ledger-mcp
+```
 
-The server reads its configuration from environment variables. You need a deployed [AI Audit Ledger](https://github.com/shahidh68/audit-ledger) (or access to one) with at least one tenant write key and read key provisioned in Secrets Manager.
+Configure with **all three** env vars (any of them being set switches off sandbox mode):
 
 ```bash
-# Required
 export AUDIT_API_URL="https://<api-id>.execute-api.<region>.amazonaws.com/prod"
 export AUDIT_WRITE_KEY="<your-tenant-write-key>"
 export AUDIT_READ_KEY="<your-tenant-read-key>"

package/dist/index.js

@@ -10,37 +10,52 @@
  * reads them at startup and refuses to start if AUDIT_API_URL is missing,
  * since no tool can do anything useful without it.
  */
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
 import { AuditLedgerClient, AuditLedgerError } from "./client.js";
+import { SANDBOX_CONFIG, isSandboxMode, sandboxBanner } from "./sandbox.js";
 import { executeRecordDecision, recordDecisionToolDefinition, } from "./tools/record_decision.js";
 import { executeVerifyDecision, verifyDecisionToolDefinition, } from "./tools/verify_decision.js";
 import { executeListDecisions, listDecisionsToolDefinition, } from "./tools/list_decisions.js";
-const PKG_NAME = "audit-ledger-mcp";
-const PKG_VERSION = "0.1.0";
-function requireEnv(name) {
-    const value = process.env[name];
-    if (!value) {
-        process.stderr.write(`[${PKG_NAME}] missing required env var: ${name}\n` +
-            `See .env.example or the README for required configuration.\n`);
-        process.exit(1);
-    }
-    return value;
-}
+// Read package.json at startup so PKG_NAME and PKG_VERSION cannot drift from
+// the published package version. dist/index.js lives one level below the
+// package root, so package.json is at "../package.json" relative to here.
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const PKG = JSON.parse(readFileSync(join(__dirname, "..", "package.json"), "utf8"));
+const PKG_NAME = PKG.name;
+const PKG_VERSION = PKG.version;
 function buildClient() {
-    const apiUrl = requireEnv("AUDIT_API_URL");
-    const writeKey = process.env.AUDIT_WRITE_KEY;
-    const readKey = process.env.AUDIT_READ_KEY;
     const timeoutMs = process.env.AUDIT_TIMEOUT_MS
         ? Number(process.env.AUDIT_TIMEOUT_MS)
         : undefined;
     const retryAttempts = process.env.AUDIT_RETRY_ATTEMPTS
         ? Number(process.env.AUDIT_RETRY_ATTEMPTS)
         : undefined;
+    // Sandbox mode: no AUDIT_API_URL configured. Fall back to the public
+    // sandbox so the package works zero-config. Records go to a shared
+    // public tenant that anyone can read — do NOT write real data.
+    if (isSandboxMode()) {
+        process.stderr.write(sandboxBanner(PKG_NAME, PKG_VERSION) + "\n");
+        return new AuditLedgerClient({
+            apiUrl: SANDBOX_CONFIG.apiUrl,
+            writeKey: SANDBOX_CONFIG.writeKey,
+            readKey: SANDBOX_CONFIG.readKey,
+            timeoutMs,
+            retryAttempts,
+        });
+    }
+    // Production mode: developer has explicitly configured an endpoint.
+    const apiUrl = process.env.AUDIT_API_URL;
+    const writeKey = process.env.AUDIT_WRITE_KEY;
+    const readKey = process.env.AUDIT_READ_KEY;
     if (!writeKey && !readKey) {
-        process.stderr.write(`[${PKG_NAME}] neither AUDIT_WRITE_KEY nor AUDIT_READ_KEY is set — ` +
-            `all tools will fail. Set at least one. See .env.example.\n`);
+        process.stderr.write(`[${PKG_NAME}] AUDIT_API_URL is set but neither AUDIT_WRITE_KEY nor\n` +
+            `[${PKG_NAME}] AUDIT_READ_KEY is set — all tools will fail. Set at\n` +
+            `[${PKG_NAME}] least one. See .env.example.\n`);
     }
     return new AuditLedgerClient({ apiUrl, writeKey, readKey, timeoutMs, retryAttempts });
 }

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,MAAM,QAAQ,GAAG,kBAAkB,CAAC;AACpC,MAAM,WAAW,GAAG,OAAO,CAAC;AAE5B,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,QAAQ,+BAA+B,IAAI,IAAI;YACjD,8DAA8D,CACjE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW;IAClB,MAAM,MAAM,GAAG,UAAU,CAAC,eAAe,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC3C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5C,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACtC,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACpD,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC1C,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,QAAQ,wDAAwD;YAClE,4DAA4D,CAC/D,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,iBAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;AACxF,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,WAAW,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,EACxC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE;YACL,4BAA4B;YAC5B,4BAA4B;YAC5B,2BAA2B;SAC5B;KACF,CAAC,CAAC,CAAC;IAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5D,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAC7C,IAAI,CAAC;YACH,IAAI,MAAe,CAAC;YACpB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,gBAAgB;oBACnB,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBAClD,MAAM;gBACR;oBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aACnE,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,gBAAgB;gBAC7B,CAAC,CAAC,GAAG,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;gBAChG,CAAC,CAAC,GAAG,YAAY,KAAK;oBACpB,CAAC,CAAC,GAAG,CAAC,OAAO;oBACb,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,OAAO,EAAE,EAAE,CAAC;gBACtD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,WAAW,uBAAuB,CAAC,CAAC;AAC5E,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,YAAY,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,6EAA6E;AAC7E,yEAAyE;AACzE,0EAA0E;AAC1E,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACpB,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CACvB,CAAC;AACvC,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC;AAC1B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC;AAEhC,SAAS,WAAW;IAClB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5C,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACtC,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACpD,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC1C,CAAC,CAAC,SAAS,CAAC;IAEd,qEAAqE;IACrE,mEAAmE;IACnE,+DAA+D;IAC/D,IAAI,aAAa,EAAE,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;QAClE,OAAO,IAAI,iBAAiB,CAAC;YAC3B,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,OAAO,EAAE,cAAc,CAAC,OAAO;YAC/B,SAAS;YACT,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAc,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAE3C,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,QAAQ,0DAA0D;YACpE,IAAI,QAAQ,yDAAyD;YACrE,IAAI,QAAQ,kCAAkC,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,iBAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;AACxF,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,WAAW,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,EACxC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE;YACL,4BAA4B;YAC5B,4BAA4B;YAC5B,2BAA2B;SAC5B;KACF,CAAC,CAAC,CAAC;IAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5D,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAC7C,IAAI,CAAC;YACH,IAAI,MAAe,CAAC;YACpB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,gBAAgB;oBACnB,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBAClD,MAAM;gBACR;oBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aACnE,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,gBAAgB;gBAC7B,CAAC,CAAC,GAAG,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;gBAChG,CAAC,CAAC,GAAG,YAAY,KAAK;oBACpB,CAAC,CAAC,GAAG,CAAC,OAAO;oBACb,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,OAAO,EAAE,EAAE,CAAC;gBACtD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,WAAW,uBAAuB,CAAC,CAAC;AAC5E,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,YAAY,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/sandbox.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Public sandbox configuration.
+ *
+ * When a developer runs `npx audit-ledger-mcp` with no environment variables,
+ * the server falls back to this configuration. Records are written to a
+ * shared `sandbox-public` tenant on a hosted audit ledger.
+ *
+ * Important properties of sandbox mode:
+ *
+ * 1. The two keys below are baked into the published npm package and are
+ *    therefore PUBLIC. They grant access only to the `sandbox-public` tenant
+ *    and cannot be used to read or write to any other tenant's records.
+ *
+ * 2. Records written in sandbox mode persist in the ledger's S3 Object Lock
+ *    in COMPLIANCE mode and cannot be deleted before their retention date.
+ *    This is intentional — visitors should be able to verify their own
+ *    sandbox records later. Do not write real customer data to the sandbox.
+ *
+ * 3. The sandbox is rate-limited per-tenant at the ledger level (currently
+ *    100 requests per minute). Heavy users should provision their own
+ *    deployment.
+ *
+ * 4. The sandbox runs on the same AWS infrastructure as the production
+ *    deployment for github.com/shahidh68/audit-ledger. Uptime and durability
+ *    are best-effort. If you need an SLA, deploy your own.
+ */
+export declare const SANDBOX_CONFIG: {
+    readonly apiUrl: "https://m3csva3l3h.execute-api.eu-west-1.amazonaws.com/prod";
+    readonly writeKey: "wk-sandbox-public-0NoHiHBSUUBoan21NWkCMLU5G2d1ijX8";
+    readonly readKey: "rk-sandbox-public-XaV3aHdmKH1ZbQl7LswUkTJYJLyGmLh8";
+    readonly tenantId: "sandbox-public";
+    readonly dashboardUrl: "https://d2pfirb2397ixy.cloudfront.net";
+};
+/**
+ * Sandbox mode is triggered when the developer has not configured an audit
+ * ledger endpoint. Any explicit AUDIT_API_URL switches off sandbox mode —
+ * the server then operates against the configured deployment using whichever
+ * keys are present.
+ */
+export declare function isSandboxMode(): boolean;
+/**
+ * Banner shown on stderr when sandbox mode is active. Designed to make it
+ * obvious to a developer that they are using shared infrastructure.
+ */
+export declare function sandboxBanner(packageName: string, packageVersion: string): string;
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,eAAO,MAAM,cAAc;;;;;;CASjB,CAAC;AAEX;;;;;GAKG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CAmBjF"}

package/dist/sandbox.js

@@ -0,0 +1,67 @@
+/**
+ * Public sandbox configuration.
+ *
+ * When a developer runs `npx audit-ledger-mcp` with no environment variables,
+ * the server falls back to this configuration. Records are written to a
+ * shared `sandbox-public` tenant on a hosted audit ledger.
+ *
+ * Important properties of sandbox mode:
+ *
+ * 1. The two keys below are baked into the published npm package and are
+ *    therefore PUBLIC. They grant access only to the `sandbox-public` tenant
+ *    and cannot be used to read or write to any other tenant's records.
+ *
+ * 2. Records written in sandbox mode persist in the ledger's S3 Object Lock
+ *    in COMPLIANCE mode and cannot be deleted before their retention date.
+ *    This is intentional — visitors should be able to verify their own
+ *    sandbox records later. Do not write real customer data to the sandbox.
+ *
+ * 3. The sandbox is rate-limited per-tenant at the ledger level (currently
+ *    100 requests per minute). Heavy users should provision their own
+ *    deployment.
+ *
+ * 4. The sandbox runs on the same AWS infrastructure as the production
+ *    deployment for github.com/shahidh68/audit-ledger. Uptime and durability
+ *    are best-effort. If you need an SLA, deploy your own.
+ */
+export const SANDBOX_CONFIG = {
+    apiUrl: "https://m3csva3l3h.execute-api.eu-west-1.amazonaws.com/prod",
+    writeKey: "wk-sandbox-public-0NoHiHBSUUBoan21NWkCMLU5G2d1ijX8",
+    readKey: "rk-sandbox-public-XaV3aHdmKH1ZbQl7LswUkTJYJLyGmLh8",
+    tenantId: "sandbox-public",
+    dashboardUrl: "https://d2pfirb2397ixy.cloudfront.net",
+};
+/**
+ * Sandbox mode is triggered when the developer has not configured an audit
+ * ledger endpoint. Any explicit AUDIT_API_URL switches off sandbox mode —
+ * the server then operates against the configured deployment using whichever
+ * keys are present.
+ */
+export function isSandboxMode() {
+    return !process.env.AUDIT_API_URL;
+}
+/**
+ * Banner shown on stderr when sandbox mode is active. Designed to make it
+ * obvious to a developer that they are using shared infrastructure.
+ */
+export function sandboxBanner(packageName, packageVersion) {
+    return [
+        `[${packageName}] ─────────────── SANDBOX MODE ───────────────`,
+        `[${packageName}] No AUDIT_API_URL configured.`,
+        `[${packageName}] Using the public sandbox at ${SANDBOX_CONFIG.tenantId}.`,
+        ``,
+        `[${packageName}]   Records: hosted by github.com/shahidh68/audit-ledger`,
+        `[${packageName}]   Tenant:  ${SANDBOX_CONFIG.tenantId}`,
+        `[${packageName}]   View:    ${SANDBOX_CONFIG.dashboardUrl}`,
+        ``,
+        `[${packageName}] Do NOT write real personal data — sandbox keys are`,
+        `[${packageName}] public and records are visible to anyone with the`,
+        `[${packageName}] sandbox read key. For production use, set:`,
+        `[${packageName}]   AUDIT_API_URL    your-deployed-ledger-endpoint`,
+        `[${packageName}]   AUDIT_WRITE_KEY  your-tenant-write-key`,
+        `[${packageName}]   AUDIT_READ_KEY   your-tenant-read-key`,
+        `[${packageName}] Deploy your own from https://github.com/shahidh68/audit-ledger`,
+        `[${packageName}] ${packageVersion} ───────────────────────────────────`,
+    ].join("\n");
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../src/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,MAAM,EACJ,6DAA6D;IAC/D,QAAQ,EACN,oDAAoD;IACtD,OAAO,EACL,oDAAoD;IACtD,QAAQ,EAAE,gBAAgB;IAC1B,YAAY,EAAE,uCAAuC;CAC7C,CAAC;AAEX;;;;;GAKG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB,EAAE,cAAsB;IACvE,OAAO;QACL,IAAI,WAAW,gDAAgD;QAC/D,IAAI,WAAW,gCAAgC;QAC/C,IAAI,WAAW,iCAAiC,cAAc,CAAC,QAAQ,GAAG;QAC1E,EAAE;QACF,IAAI,WAAW,0DAA0D;QACzE,IAAI,WAAW,gBAAgB,cAAc,CAAC,QAAQ,EAAE;QACxD,IAAI,WAAW,gBAAgB,cAAc,CAAC,YAAY,EAAE;QAC5D,EAAE;QACF,IAAI,WAAW,sDAAsD;QACrE,IAAI,WAAW,qDAAqD;QACpE,IAAI,WAAW,8CAA8C;QAC7D,IAAI,WAAW,oDAAoD;QACnE,IAAI,WAAW,4CAA4C;QAC3D,IAAI,WAAW,2CAA2C;QAC1D,IAAI,WAAW,kEAAkE;QACjF,IAAI,WAAW,KAAK,cAAc,sCAAsC;KACzE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "audit-ledger-mcp",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "MCP server for AI Audit Ledger — record AI decisions to a tamper-evident ledger from any agent (Claude, Cursor, LangGraph, custom).",
   "type": "module",
   "bin": {