audit-ledger-mcp 0.2.1 → 0.3.1

package/README.md

@@ -1,302 +1,337 @@
-# audit-ledger-mcp
-
-**MCP server for the [AI Audit Ledger](https://github.com/shahidh68/audit-ledger).** Lets any AI agent — Claude Desktop, Cursor, LangGraph, custom — record decisions to a tamper-evident audit trail with one line of config.
-
-Built for teams shipping AI in regulated contexts: EU AI Act Article 12 logging, FCA SS1/23 model risk evidence, GDPR data minimisation. Personal data is hashed locally before any payload leaves the server — the ledger only ever sees fingerprints.
-
-[![npm](https://img.shields.io/npm/v/audit-ledger-mcp.svg)](https://www.npmjs.com/package/audit-ledger-mcp) [![License: Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](./LICENSE) [![MCP](https://img.shields.io/badge/MCP-compatible-7c3aed.svg)](https://modelcontextprotocol.io)
-
-**[Try the live dashboard →](https://d2pfirb2397ixy.cloudfront.net/?demo=1)**  ·  30 synthetic decisions written via this MCP server, queryable and verifiable.
-
-<p align="center">
-  <img src="./demo.gif" alt="LangGraph agents using audit-ledger-mcp — triage, risk, and human-in-the-loop each calling record_decision" />
-</p>
-
-> A LangGraph workflow calls `record_decision` after each agent step. Three audit events written to the live ledger; every one independently verifiable.
-
----
-
-## What it does
-
-Exposes three tools to any MCP-compatible agent:
-
-| Tool | What it does |
-|---|---|
-| `record_decision` | Log an AI decision. Hashes inputs locally, then writes through to the ledger. Returns an event ID. |
-| `verify_decision` | Cross-check a stored record against the immutable S3 Object Lock copy. Returns `integrity_verified: true/false`. |
-| `list_decisions` | Query recent decisions, optionally filtered by time window. Tenant-scoped by API key. |
-
-Each call ends up as a regulator-grade audit record in your deployed ledger — DynamoDB for query, S3 Object Lock COMPLIANCE mode for the immutable copy, 7-year retention by default.
-
----
-
-## Quick start — zero configuration
-
-```bash
-npx -y audit-ledger-mcp
-```
-
-That's it. With no environment variables, the server boots into **sandbox mode** and writes records to a shared public tenant on a hosted ledger. You can try every tool — `record_decision`, `verify_decision`, `list_decisions` — without provisioning anything.
-
-When sandbox mode is active, you'll see a banner on stderr:
-
-```
-[audit-ledger-mcp] ─────────────── SANDBOX MODE ───────────────
-[audit-ledger-mcp] No AUDIT_API_URL configured.
-[audit-ledger-mcp] Using the public sandbox at sandbox-public.
-[audit-ledger-mcp]   View: https://d2pfirb2397ixy.cloudfront.net
-[audit-ledger-mcp] Do NOT write real personal data...
-```
-
-### Sandbox properties
-
-| | |
-|---|---|
-| **Hosted by** | github.com/shahidh68/audit-ledger (same AWS deployment) |
-| **Tenant** | `sandbox-public` (shared, public) |
-| **Rate limit** | 100 requests/minute per IP |
-| **Retention** | 7 years (records cannot be deleted) |
-| **Audience** | Tyre-kickers, integration tests, framework demos |
-| **NOT for** | Production data, customer PII, real compliance records |
-
-### Wire it into Claude Desktop with zero config
-
-```json
-{
-  "mcpServers": {
-    "audit-ledger-sandbox": {
-      "command": "npx",
-      "args": ["-y", "audit-ledger-mcp"]
-    }
-  }
-}
-```
-
-Restart Claude Desktop. The three tools appear in the MCP menu immediately. Try asking Claude to "record this decision: should X be approved?" and watch a record land in the sandbox dashboard.
-
----
-
-## Production install
-
-For real workloads, deploy your own audit ledger and point the MCP server at it:
-
-```bash
-npm install -g audit-ledger-mcp
-```
-
-Configure with **all three** env vars (any of them being set switches off sandbox mode):
-
-```bash
-export AUDIT_API_URL="https://<api-id>.execute-api.<region>.amazonaws.com/prod"
-export AUDIT_WRITE_KEY="<your-tenant-write-key>"
-export AUDIT_READ_KEY="<your-tenant-read-key>"
-
-# Optional
-export AUDIT_TIMEOUT_MS=5000        # default 5000
-export AUDIT_RETRY_ATTEMPTS=3       # default 3
-```
-
-The full template lives in [`.env.example`](./.env.example).
-
----
-
-## Wire it into an agent
-
-### Claude Desktop
-
-Edit your `claude_desktop_config.json` (macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`, Windows: `%APPDATA%\Claude\claude_desktop_config.json`):
-
-```json
-{
-  "mcpServers": {
-    "audit-ledger": {
-      "command": "npx",
-      "args": ["-y", "audit-ledger-mcp"],
-      "env": {
-        "AUDIT_API_URL": "https://<api-id>.execute-api.<region>.amazonaws.com/prod",
-        "AUDIT_WRITE_KEY": "<your-tenant-write-key>",
-        "AUDIT_READ_KEY": "<your-tenant-read-key>"
-      }
-    }
-  }
-}
-```
-
-Restart Claude Desktop. You'll see "audit-ledger" in the MCP tools menu. Ask Claude something like *"Record this decision: I declined the application because…"* and watch it call `record_decision` automatically.
-
-### Cursor
-
-In Cursor settings → MCP → add server:
-
-```json
-{
-  "mcpServers": {
-    "audit-ledger": {
-      "command": "npx",
-      "args": ["-y", "audit-ledger-mcp"],
-      "env": {
-        "AUDIT_API_URL": "https://<api-id>.execute-api.<region>.amazonaws.com/prod",
-        "AUDIT_WRITE_KEY": "<your-tenant-write-key>",
-        "AUDIT_READ_KEY": "<your-tenant-read-key>"
-      }
-    }
-  }
-}
-```
-
-### LangGraph (Python)
-
-Using [`langchain-mcp-adapters`](https://github.com/langchain-ai/langchain-mcp-adapters):
-
-```python
-from langchain_mcp_adapters.client import MultiServerMCPClient
-from langgraph.prebuilt import create_react_agent
-from langchain_anthropic import ChatAnthropic
-import os
-
-client = MultiServerMCPClient({
-    "audit-ledger": {
-        "command": "npx",
-        "args": ["-y", "audit-ledger-mcp"],
-        "transport": "stdio",
-        "env": {
-            "AUDIT_API_URL": os.environ["AUDIT_API_URL"],
-            "AUDIT_WRITE_KEY": os.environ["AUDIT_WRITE_KEY"],
-            "AUDIT_READ_KEY": os.environ["AUDIT_READ_KEY"],
-        },
-    }
-})
-
-tools = await client.get_tools()
-agent = create_react_agent(
-    ChatAnthropic(model="claude-sonnet-4-7-20251022"),
-    tools,
-)
-
-# The agent can now call record_decision, verify_decision, list_decisions
-result = await agent.ainvoke({
-    "messages": [{"role": "user", "content": "Triage this loan application…"}]
-})
-```
-
-### Custom client (raw MCP)
-
-```bash
-AUDIT_API_URL=... AUDIT_WRITE_KEY=... npx -y audit-ledger-mcp
-```
-
-The server speaks MCP over stdio. Send `initialize`, `tools/list`, and `tools/call` requests per the [MCP specification](https://modelcontextprotocol.io/specification).
-
----
-
-## How a `record_decision` call flows
-
-```
-Agent                  audit-ledger-mcp                  AWS (your ledger)
-  |                          |                                 |
-  |--- record_decision ----->|                                 |
-  |   raw_user_input         | (hash locally — no PII over     |
-  |   raw_system_prompt      |  the wire from this point)      |
-  |   decision_output        |                                 |
-  |   human_in_loop          |                                 |
-  |                          |--- HTTPS POST /audit/events --->|
-  |                          |    {hashes + decision +         |
-  |                          |     x-api-key}                  |
-  |                          |                                 |
-  |                          |<--- 202 Accepted ---------------|
-  |                          |    { event_id, ... }            |
-  |<--- event_id ------------|                                 |
-  |     recorded_at          |                                 |
-  |     note                 |                                 |
-```
-
-Storage on the AWS side happens asynchronously through SQS → Processor Lambda → DynamoDB + S3 Object Lock. See the [main repo's ARCHITECTURE.md](https://github.com/shahidh68/audit-ledger/blob/main/ARCHITECTURE.md) for the full path.
-
----
-
-## Tool reference
-
-### `record_decision`
-
-Record an AI decision to the ledger.
-
-| Parameter | Type | Required | Notes |
-|---|---|---|---|
-| `model_version` | string | Yes | e.g. `"claude-sonnet-4-7-20251022"` |
-| `raw_system_prompt` | string | Yes | Hashed locally |
-| `raw_user_input` | string | Yes | Hashed locally |
-| `ai_decision_output` | object | Yes | Stored verbatim — must not contain raw PII |
-| `human_in_loop` | boolean | Yes | Critical for EU AI Act Article 14 |
-| `event_id` | uuid v4 | No | Auto-generated if omitted |
-| `timestamp` | ISO 8601 | No | Defaults to now |
-
-### `verify_decision`
-
-Tamper-check a stored record.
-
-| Parameter | Type | Required | Notes |
-|---|---|---|---|
-| `event_id` | uuid v4 | Yes | The ID of the record to verify |
-
-Returns the DynamoDB record, the S3 record, and `integrity_verified: true/false`.
-
-### `list_decisions`
-
-List recent decisions for the calling tenant.
-
-| Parameter | Type | Required | Notes |
-|---|---|---|---|
-| `from` | ISO 8601 | No | Defaults to 7 days ago |
-| `to` | ISO 8601 | No | Defaults to now |
-| `limit` | integer 1–500 | No | Defaults to 100 |
-
----
-
-## Security
-
-- **PII hashing happens in this process, not in the ledger.** SHA-256 over UTF-8. The ledger only ever stores hashes, the structured decision, and metadata.
-- **API keys are never logged.** They come from environment variables, are passed in the `x-api-key` header, and are never echoed back to the agent or written to disk.
-- **Two key namespaces.** Write keys cannot read; read keys cannot write. A leaked write key cannot exfiltrate data; a leaked read key cannot plant fake records.
-- **Errors are propagated with HTTP status passthrough.** Rate limit, invalid key, and validation errors surface to the agent so it can react appropriately rather than retry blindly.
-
----
-
-## What this is not
-
-- **Not legal advice.** This is infrastructure that produces audit evidence. Whether that evidence satisfies any specific regulatory obligation is a question for your legal team.
-- **Not a substitute for a model risk audit.** It records what the AI did, not whether it was right.
-- **Not a bias or fairness testing tool.** It is the audit layer underneath whatever testing you already do.
-
----
-
-## Development
-
-```bash
-git clone https://github.com/shahidh68/audit-ledger-mcp.git
-cd audit-ledger-mcp
-npm install
-npm run build
-npm test
-```
-
-The server is TypeScript on Node 20+, ESM, stdio transport, using `@modelcontextprotocol/sdk`.
-
----
-
-## Related
-
-- **[shahidh68/audit-ledger](https://github.com/shahidh68/audit-ledger)** — the AWS infrastructure this server talks to. CDK stack, Python and Node SDKs, compliance dashboard, full architecture documentation.
-
----
-
-## License
-
-Apache License 2.0 — see [LICENSE](./LICENSE).
-
-The patent grant is intentional. Compliance infrastructure sits adjacent to enterprise legal review and the explicit grant matters there.
-
----
-
-## Author
-
-Built by [Shahid](https://github.com/shahidh68). Available for Principal AI Engineering and Head of AI Engineering roles, and fractional advisory engagements, in UK regulated fintech.
+# audit-ledger-mcp
+
+**MCP server for the [AI Audit Ledger](https://github.com/shahidh68/audit-ledger).** Lets any AI agent — Claude Desktop, Cursor, LangGraph, custom — record decisions to a tamper-evident audit trail with one line of config.
+
+Built for teams shipping AI in regulated contexts: EU AI Act Article 12 logging, FCA SS1/23 model risk evidence, GDPR data minimisation. Personal data is hashed locally before any payload leaves the server — the ledger only ever sees fingerprints.
+
+[![npm](https://img.shields.io/npm/v/audit-ledger-mcp.svg)](https://www.npmjs.com/package/audit-ledger-mcp) [![License: Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](./LICENSE) [![MCP](https://img.shields.io/badge/MCP-compatible-7c3aed.svg)](https://modelcontextprotocol.io)
+
+**[Try the live dashboard →](https://d2pfirb2397ixy.cloudfront.net/?demo=1)** &nbsp;&middot;&nbsp; 30 synthetic decisions written via this MCP server, queryable and verifiable.
+
+<p align="center">
+  <img src="./demo.gif" alt="LangGraph agents using audit-ledger-mcp — triage, risk, and human-in-the-loop each calling record_decision" />
+</p>
+
+> A LangGraph workflow calls `record_decision` after each agent step. Three audit events written to the live ledger; every one independently verifiable.
+
+---
+
+## What it does
+
+Exposes four tools to any MCP-compatible agent:
+
+| Tool | What it does |
+|---|---|
+| `record_decision`     | Log an AI decision. Hashes inputs locally, then writes through to the ledger. Returns an event ID. |
+| `verify_decision`     | Cross-check a stored record against the immutable S3 Object Lock copy. Returns `integrity_verified: true/false`. |
+| `verify_completeness` | Detect deleted or missing records. Compares the ledger's per-tenant counter against the rows actually present and returns any sequence numbers that are gone. The answer to "can you prove the log is complete?" |
+| `list_decisions`      | Query recent decisions, optionally filtered by time window. Tenant-scoped by API key. |
+
+Each call ends up as a regulator-grade audit record in your deployed ledger — DynamoDB for query, S3 Object Lock COMPLIANCE mode for the immutable copy, 7-year retention by default.
+
+---
+
+## Quick start — zero configuration
+
+```bash
+npx -y audit-ledger-mcp
+```
+
+That's it. With no environment variables, the server boots into **sandbox mode** and writes records to a shared public tenant on a hosted ledger. You can try every tool — `record_decision`, `verify_decision`, `verify_completeness`, `list_decisions` — without provisioning anything.
+
+When sandbox mode is active, you'll see a banner on stderr:
+
+```
+[audit-ledger-mcp] ─────────────── SANDBOX MODE ───────────────
+[audit-ledger-mcp] No AUDIT_API_URL configured.
+[audit-ledger-mcp] Using the public sandbox at sandbox-public.
+[audit-ledger-mcp]   View: https://d2pfirb2397ixy.cloudfront.net
+[audit-ledger-mcp] Do NOT write real personal data...
+```
+
+### Sandbox properties
+
+| | |
+|---|---|
+| **Hosted by** | github.com/shahidh68/audit-ledger (same AWS deployment) |
+| **Tenant** | `sandbox-public` (shared, public) |
+| **Rate limit** | 100 requests/minute per IP |
+| **Retention** | 7 years (records cannot be deleted) |
+| **Audience** | Tyre-kickers, integration tests, framework demos |
+| **NOT for** | Production data, customer PII, real compliance records |
+
+### Wire it into Claude Desktop with zero config
+
+```json
+{
+  "mcpServers": {
+    "audit-ledger-sandbox": {
+      "command": "npx",
+      "args": ["-y", "audit-ledger-mcp"]
+    }
+  }
+}
+```
+
+Restart Claude Desktop. The four tools appear in the MCP menu immediately. Try asking Claude to "record this decision: should X be approved?" and watch a record land in the sandbox dashboard.
+
+---
+
+## Production install
+
+For real workloads, deploy your own audit ledger and point the MCP server at it:
+
+```bash
+npm install -g audit-ledger-mcp
+```
+
+Configure with the API URL plus your tenant keys (any of them being set switches off sandbox mode). `AUDIT_HMAC_KEY` is technically optional for backwards compatibility but strongly recommended — see the note above the value below:
+
+```bash
+export AUDIT_API_URL="https://<api-id>.execute-api.<region>.amazonaws.com/prod"
+export AUDIT_WRITE_KEY="<your-tenant-write-key>"
+export AUDIT_READ_KEY="<your-tenant-read-key>"
+
+# Strongly recommended. Tenant-held secret used to HMAC PII and prompts
+# locally before sending. Generate once, store next to AUDIT_WRITE_KEY:
+#   node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+# If unset, the MCP falls back to plain SHA-256 and warns once (back-compat).
+export AUDIT_HMAC_KEY="<your-tenant-hmac-secret>"
+
+# Optional
+export AUDIT_TIMEOUT_MS=5000        # default 5000
+export AUDIT_RETRY_ATTEMPTS=3       # default 3
+```
+
+The full template lives in [`.env.example`](./.env.example).
+
+---
+
+## Wire it into an agent
+
+### Claude Desktop
+
+Edit your `claude_desktop_config.json` (macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`, Windows: `%APPDATA%\Claude\claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "audit-ledger": {
+      "command": "npx",
+      "args": ["-y", "audit-ledger-mcp"],
+      "env": {
+        "AUDIT_API_URL": "https://<api-id>.execute-api.<region>.amazonaws.com/prod",
+        "AUDIT_WRITE_KEY": "<your-tenant-write-key>",
+        "AUDIT_READ_KEY": "<your-tenant-read-key>",
+        "AUDIT_HMAC_KEY": "<your-tenant-hmac-secret>"
+      }
+    }
+  }
+}
+```
+
+`AUDIT_HMAC_KEY` is the tenant secret used to keyed-hash PII locally before any payload leaves the MCP server process. Generate it once with `node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"` and store the result in the `env` block above. The MCP never transmits this value, only reads it.
+
+Restart Claude Desktop. You'll see "audit-ledger" in the MCP tools menu. Ask Claude something like *"Record this decision: I declined the application because…"* and watch it call `record_decision` automatically.
+
+### Cursor
+
+In Cursor settings → MCP → add server:
+
+```json
+{
+  "mcpServers": {
+    "audit-ledger": {
+      "command": "npx",
+      "args": ["-y", "audit-ledger-mcp"],
+      "env": {
+        "AUDIT_API_URL": "https://<api-id>.execute-api.<region>.amazonaws.com/prod",
+        "AUDIT_WRITE_KEY": "<your-tenant-write-key>",
+        "AUDIT_READ_KEY": "<your-tenant-read-key>",
+        "AUDIT_HMAC_KEY": "<your-tenant-hmac-secret>"
+      }
+    }
+  }
+}
+```
+
+### LangGraph (Python)
+
+Using [`langchain-mcp-adapters`](https://github.com/langchain-ai/langchain-mcp-adapters):
+
+```python
+from langchain_mcp_adapters.client import MultiServerMCPClient
+from langgraph.prebuilt import create_react_agent
+from langchain_anthropic import ChatAnthropic
+import os
+
+client = MultiServerMCPClient({
+    "audit-ledger": {
+        "command": "npx",
+        "args": ["-y", "audit-ledger-mcp"],
+        "transport": "stdio",
+        "env": {
+            "AUDIT_API_URL":   os.environ["AUDIT_API_URL"],
+            "AUDIT_WRITE_KEY": os.environ["AUDIT_WRITE_KEY"],
+            "AUDIT_READ_KEY":  os.environ["AUDIT_READ_KEY"],
+            "AUDIT_HMAC_KEY":  os.environ["AUDIT_HMAC_KEY"],
+        },
+    }
+})
+
+tools = await client.get_tools()
+agent = create_react_agent(
+    ChatAnthropic(model="claude-sonnet-4-7-20251022"),
+    tools,
+)
+
+# The agent can now call record_decision, verify_decision, verify_completeness, list_decisions
+result = await agent.ainvoke({
+    "messages": [{"role": "user", "content": "Triage this loan application…"}]
+})
+```
+
+### Custom client (raw MCP)
+
+```bash
+AUDIT_API_URL=... AUDIT_WRITE_KEY=... AUDIT_READ_KEY=... AUDIT_HMAC_KEY=... npx -y audit-ledger-mcp
+```
+
+The server speaks MCP over stdio. Send `initialize`, `tools/list`, and `tools/call` requests per the [MCP specification](https://modelcontextprotocol.io/specification).
+
+---
+
+## How a `record_decision` call flows
+
+```
+Agent                  audit-ledger-mcp                  AWS (your ledger)
+  |                          |                                 |
+  |--- record_decision ----->|                                 |
+  |   raw_user_input         | (hash locally — no PII over     |
+  |   raw_system_prompt      |  the wire from this point)      |
+  |   decision_output        |                                 |
+  |   human_in_loop          |                                 |
+  |                          |--- HTTPS POST /audit/events --->|
+  |                          |    {hashes + decision +         |
+  |                          |     x-api-key}                  |
+  |                          |                                 |
+  |                          |<--- 202 Accepted ---------------|
+  |                          |    { event_id, ... }            |
+  |<--- event_id ------------|                                 |
+  |     recorded_at          |                                 |
+  |     note                 |                                 |
+```
+
+Storage on the AWS side happens asynchronously through SQS → Processor Lambda → DynamoDB + S3 Object Lock. See the [main repo's ARCHITECTURE.md](https://github.com/shahidh68/audit-ledger/blob/main/ARCHITECTURE.md) for the full path.
+
+---
+
+## Tool reference
+
+### `record_decision`
+
+Record an AI decision to the ledger.
+
+| Parameter | Type | Required | Notes |
+|---|---|---|---|
+| `model_version` | string | Yes | e.g. `"claude-sonnet-4-7-20251022"` |
+| `raw_system_prompt` | string | Yes | Hashed locally |
+| `raw_user_input` | string | Yes | Hashed locally |
+| `ai_decision_output` | object | Yes | Stored verbatim — must not contain raw PII |
+| `human_in_loop` | boolean | Yes | Critical for EU AI Act Article 14 |
+| `event_id` | uuid v4 | No | Auto-generated if omitted |
+| `timestamp` | ISO 8601 | No | Defaults to now |
+
+### `verify_decision`
+
+Tamper-check a stored record.
+
+| Parameter | Type | Required | Notes |
+|---|---|---|---|
+| `event_id` | uuid v4 | Yes | The ID of the record to verify |
+
+Returns the DynamoDB record, the S3 record, and `integrity_verified: true/false`.
+
+### `verify_completeness`
+
+Detect missing records. Sister tool to `verify_decision`: that one proves a record that exists has not been altered; this one proves no records have been deleted.
+
+| Parameter   | Type    | Required | Notes |
+|---|---|---|---|
+| `from`      | integer | No       | Inclusive lower bound on sequence_no. Defaults to 1. |
+| `to`        | integer | No       | Inclusive upper bound on sequence_no. Defaults to the tenant's current counter. |
+| `tenant_id` | string  | No       | Required only with the admin read key; ignored otherwise. |
+
+Returns the requested range, the expected vs found count, the list of missing sequence numbers, and a human-readable note.
+
+```json
+{
+  "tenant_id": "acme-prod",
+  "range": { "from": 1, "to": 142 },
+  "expected_count": 142,
+  "found_count": 140,
+  "missing": [47, 91],
+  "note": "Found 2 missing sequence number(s) in range. Each gap represents a deleted, lost, or never-written record. Cross-check against burned_sequence log entries before treating as a deletion."
+}
+```
+
+### `list_decisions`
+
+List recent decisions for the calling tenant.
+
+| Parameter | Type | Required | Notes |
+|---|---|---|---|
+| `from` | ISO 8601 | No | Defaults to 7 days ago |
+| `to` | ISO 8601 | No | Defaults to now |
+| `limit` | integer 1–500 | No | Defaults to 100 |
+
+---
+
+## Security
+
+- **PII hashing happens in this process, not in the ledger.** HMAC-SHA256 over UTF-8, keyed off the `AUDIT_HMAC_KEY` you set in your environment. The key never leaves your process; only the 64-char hex digest is sent. Plain SHA-256 of low-entropy values (names, emails) is brute-forceable in seconds and under ICO/EDPB guidance still counts as personal data, which is why the keyed version is the default for new installs. For backwards compatibility, if `AUDIT_HMAC_KEY` is unset the MCP falls back to plain SHA-256 and logs a one-time deprecation warning on stderr; existing setups keep working unchanged.
+- **API keys are never logged.** They come from environment variables, are passed in the `x-api-key` header, and are never echoed back to the agent or written to disk.
+- **Two key namespaces.** Write keys cannot read; read keys cannot write. A leaked write key cannot exfiltrate data; a leaked read key cannot plant fake records.
+- **Errors are propagated with HTTP status passthrough.** Rate limit, invalid key, and validation errors surface to the agent so it can react appropriately rather than retry blindly.
+
+---
+
+## What this is not
+
+- **Not legal advice.** This is infrastructure that produces audit evidence. Whether that evidence satisfies any specific regulatory obligation is a question for your legal team.
+- **Not a substitute for a model risk audit.** It records what the AI did, not whether it was right.
+- **Not a bias or fairness testing tool.** It is the audit layer underneath whatever testing you already do.
+
+---
+
+## Development
+
+```bash
+git clone https://github.com/shahidh68/audit-ledger-mcp.git
+cd audit-ledger-mcp
+npm install
+npm run build
+npm test
+```
+
+The server is TypeScript on Node 20+, ESM, stdio transport, using `@modelcontextprotocol/sdk`.
+
+---
+
+## Related
+
+- **[shahidh68/audit-ledger](https://github.com/shahidh68/audit-ledger)** — the AWS infrastructure this server talks to. CDK stack, Python and Node SDKs, compliance dashboard, full architecture documentation.
+
+---
+
+## License
+
+Apache License 2.0 — see [LICENSE](./LICENSE).
+
+The patent grant is intentional. Compliance infrastructure sits adjacent to enterprise legal review and the explicit grant matters there.
+
+---
+
+## Author
+
+Built by [Shahid](https://github.com/shahidh68). Available for Principal AI Engineering and Head of AI Engineering roles, and fractional advisory engagements, in UK regulated fintech.

package/dist/client.d.ts

@@ -29,10 +29,29 @@ export interface DecisionRecord {
     human_in_loop: boolean;
 }
 export interface TamperCheckResult {
+    /** Event ID echoed back by the API. */
+    event_id: string;
+    /** True when the DynamoDB and S3 copies of the record are byte-identical after canonical serialisation. */
     integrity_verified: boolean;
+    /** Human-readable explanation of the integrity result. */
+    integrity_note: string;
+    /** The record as currently held in DynamoDB. */
+    current_record: DecisionRecord;
+    /** The record as written to S3 Object Lock (the immutable archive). */
+    archived_record: DecisionRecord;
+}
+export interface CompletenessResult {
+    tenant_id: string;
+    range: {
+        from: number;
+        to: number;
+    };
+    expected_count: number;
+    found_count: number;
+    /** Sequence numbers issued by the ledger that are no longer present. */
+    missing: number[];
+    /** Human-readable summary. Distinguishes empty tenant, all-present, gaps. */
     note: string;
-    dynamodb_record: DecisionRecord;
-    s3_record: DecisionRecord;
 }
 export declare class AuditLedgerClient {
     private readonly apiUrl;
@@ -45,6 +64,12 @@ export declare class AuditLedgerClient {
         event_id: string;
     }>;
     verifyDecision(eventId: string): Promise<TamperCheckResult>;
+    verifyCompleteness(opts?: {
+        from?: number;
+        to?: number;
+        /** Required only when caller holds the admin read key; ignored otherwise. */
+        tenantId?: string;
+    }): Promise<CompletenessResult>;
     listDecisions(opts: {
         from?: string;
         to?: string;

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,gBAAiB,SAAQ,KAAK;aAGvB,MAAM,CAAC,EAAE,MAAM;aACf,IAAI,CAAC,EAAE,MAAM;gBAF7B,OAAO,EAAE,MAAM,EACC,MAAM,CAAC,EAAE,MAAM,YAAA,EACf,IAAI,CAAC,EAAE,MAAM,YAAA;CAKhC;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,cAAc,CAAC;IAChC,SAAS,EAAE,cAAc,CAAC;CAC3B;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,MAAM,EAAE,YAAY;IAQ1B,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,CAAC,GAAG,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAwBzF,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAmB3D,aAAa,CAAC,IAAI,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IA2BpF;;;OAGG;YACW,cAAc;CA0B7B"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,gBAAiB,SAAQ,KAAK;aAGvB,MAAM,CAAC,EAAE,MAAM;aACf,IAAI,CAAC,EAAE,MAAM;gBAF7B,OAAO,EAAE,MAAM,EACC,MAAM,CAAC,EAAE,MAAM,YAAA,EACf,IAAI,CAAC,EAAE,MAAM,YAAA;CAKhC;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,2GAA2G;IAC3G,kBAAkB,EAAE,OAAO,CAAC;IAC5B,0DAA0D;IAC1D,cAAc,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,cAAc,EAAE,cAAc,CAAC;IAC/B,uEAAuE;IACvE,eAAe,EAAE,cAAc,CAAC;CACjC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,wEAAwE;IACxE,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,6EAA6E;IAC7E,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,MAAM,EAAE,YAAY;IAQ1B,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,CAAC,GAAG,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAwBzF,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAmB3D,kBAAkB,CAAC,IAAI,GAAE;QAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,6EAA6E;QAC7E,QAAQ,CAAC,EAAE,MAAM,CAAC;KACd,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuB9B,aAAa,CAAC,IAAI,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IA2BpF;;;OAGG;YACW,cAAc;CA0B7B"}

package/dist/client.js

@@ -62,6 +62,27 @@ export class AuditLedgerClient {
         }
         return (await res.json());
     }
+    async verifyCompleteness(opts = {}) {
+        if (!this.readKey) {
+            throw new AuditLedgerError("AUDIT_READ_KEY is not set — verify_completeness unavailable");
+        }
+        const params = new URLSearchParams();
+        if (typeof opts.from === "number")
+            params.set("from", String(opts.from));
+        if (typeof opts.to === "number")
+            params.set("to", String(opts.to));
+        if (opts.tenantId)
+            params.set("tenant_id", opts.tenantId);
+        const url = `${this.apiUrl}/audit/verify-completeness${params.toString() ? `?${params}` : ""}`;
+        const res = await this.fetchWithRetry(url, {
+            method: "GET",
+            headers: { "Accept": "application/json", "x-api-key": this.readKey },
+        });
+        if (res.status !== 200) {
+            throw new AuditLedgerError(`verify_completeness failed: HTTP ${res.status}`, res.status, await safeText(res));
+        }
+        return (await res.json());
+    }
     async listDecisions(opts) {
         if (!this.readKey) {
             throw new AuditLedgerError("AUDIT_READ_KEY is not set — list_decisions unavailable");

package/dist/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAGvB;IACA;IAHlB,YACE,OAAe,EACC,MAAe,EACf,IAAa;QAE7B,KAAK,CAAC,kBAAkB,OAAO,EAAE,CAAC,CAAC;QAHnB,WAAM,GAAN,MAAM,CAAS;QACf,SAAI,GAAJ,IAAI,CAAS;QAG7B,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAoBD,MAAM,OAAO,iBAAiB;IACX,MAAM,CAAS;IACf,QAAQ,CAAU;IAClB,OAAO,CAAU;IACjB,SAAS,CAAS;IAClB,aAAa,CAAS;IAEvC,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;QAC1C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAA0C;QAC7D,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,gBAAgB,CAAC,0DAA0D,CAAC,CAAC;QACzF,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,MAAM,eAAe,EAAE;YACnE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,WAAW,EAAE,IAAI,CAAC,QAAQ;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7C,MAAM,IAAI,gBAAgB,CACxB,gCAAgC,GAAG,CAAC,MAAM,EAAE,EAC5C,GAAG,CAAC,MAAM,EACV,MAAM,QAAQ,CAAC,GAAG,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,EAAE,QAAQ,EAAG,IAAI,EAAE,QAAmB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe;QAClC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,gBAAgB,CAAC,yDAAyD,CAAC,CAAC;QACxF,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,iBAAiB,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC;QACjF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE;YACzC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,IAAI,CAAC,OAAO,EAAE;SACrE,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,gBAAgB,CACxB,gCAAgC,GAAG,CAAC,MAAM,EAAE,EAC5C,GAAG,CAAC,MAAM,EACV,MAAM,QAAQ,CAAC,GAAG,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAoC;QACtD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,gBAAgB,CAAC,wDAAwD,CAAC,CAAC;QACvF,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,IAAI;YAAE,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,EAAE;YAAE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,cAAc,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAChF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE;YACzC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,IAAI,CAAC,OAAO,EAAE;SACrE,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,gBAAgB,CACxB,+BAA+B,GAAG,CAAC,MAAM,EAAE,EAC3C,GAAG,CAAC,MAAM,EACV,MAAM,QAAQ,CAAC,GAAG,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAY,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QACvC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAwB,CAAC;QACzD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,IAAI,IAAI,KAAK,CAAC,OAAO,CAAE,IAA2B,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7G,OAAQ,IAAoC,CAAC,KAAK,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,IAAiB;QACzD,IAAI,OAAgB,CAAC;QACrB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC;YAC9D,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;gBACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;gBACnE,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;oBACrE,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;wBAAE,OAAO,GAAG,CAAC;oBACjC,OAAO,GAAG,IAAI,gBAAgB,CAAC,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxF,CAAC;wBAAS,CAAC;oBACT,YAAY,CAAC,KAAK,CAAC,CAAC;gBACtB,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,GAAG,GAAG,CAAC;YAChB,CAAC;YACD,IAAI,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;gBACrC,MAAM,MAAM,GAAG,GAAG,CAAC;gBACnB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC;gBACtC,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,OAAO,GAAG,MAAM,CAAC;gBAC7C,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QACD,IAAI,OAAO,YAAY,KAAK;YAAE,MAAM,OAAO,CAAC;QAC5C,MAAM,IAAI,gBAAgB,CAAC,0BAA0B,CAAC,CAAC;IACzD,CAAC;CACF;AAED,KAAK,UAAU,QAAQ,CAAC,GAAa;IACnC,IAAI,CAAC;QAAC,OAAO,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAC;IAAC,CAAC;AACvD,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,GAAa;IACnC,IAAI,CAAC;QAAC,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;AACtF,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAGvB;IACA;IAHlB,YACE,OAAe,EACC,MAAe,EACf,IAAa;QAE7B,KAAK,CAAC,kBAAkB,OAAO,EAAE,CAAC,CAAC;QAHnB,WAAM,GAAN,MAAM,CAAS;QACf,SAAI,GAAJ,IAAI,CAAS;QAG7B,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAqCD,MAAM,OAAO,iBAAiB;IACX,MAAM,CAAS;IACf,QAAQ,CAAU;IAClB,OAAO,CAAU;IACjB,SAAS,CAAS;IAClB,aAAa,CAAS;IAEvC,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;QAC1C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAA0C;QAC7D,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,gBAAgB,CAAC,0DAA0D,CAAC,CAAC;QACzF,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,MAAM,eAAe,EAAE;YACnE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,WAAW,EAAE,IAAI,CAAC,QAAQ;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7C,MAAM,IAAI,gBAAgB,CACxB,gCAAgC,GAAG,CAAC,MAAM,EAAE,EAC5C,GAAG,CAAC,MAAM,EACV,MAAM,QAAQ,CAAC,GAAG,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,EAAE,QAAQ,EAAG,IAAI,EAAE,QAAmB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe;QAClC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,gBAAgB,CAAC,yDAAyD,CAAC,CAAC;QACxF,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,iBAAiB,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC;QACjF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE;YACzC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,IAAI,CAAC,OAAO,EAAE;SACrE,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,gBAAgB,CACxB,gCAAgC,GAAG,CAAC,MAAM,EAAE,EAC5C,GAAG,CAAC,MAAM,EACV,MAAM,QAAQ,CAAC,GAAG,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,OAKrB,EAAE;QACJ,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,gBAAgB,CAAC,6DAA6D,CAAC,CAAC;QAC5F,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ;YAAE,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACzE,IAAI,OAAO,IAAI,CAAC,EAAE,KAAO,QAAQ;YAAE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACvE,IAAI,IAAI,CAAC,QAAQ;YAAE,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1D,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,6BAA6B,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC/F,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE;YACzC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,IAAI,CAAC,OAAO,EAAE;SACrE,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,gBAAgB,CACxB,oCAAoC,GAAG,CAAC,MAAM,EAAE,EAChD,GAAG,CAAC,MAAM,EACV,MAAM,QAAQ,CAAC,GAAG,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAoC;QACtD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,gBAAgB,CAAC,wDAAwD,CAAC,CAAC;QACvF,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,IAAI;YAAE,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,EAAE;YAAE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,cAAc,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAChF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE;YACzC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,IAAI,CAAC,OAAO,EAAE;SACrE,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,gBAAgB,CACxB,+BAA+B,GAAG,CAAC,MAAM,EAAE,EAC3C,GAAG,CAAC,MAAM,EACV,MAAM,QAAQ,CAAC,GAAG,CAAC,CACpB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAY,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QACvC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAwB,CAAC;QACzD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,IAAI,IAAI,KAAK,CAAC,OAAO,CAAE,IAA2B,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7G,OAAQ,IAAoC,CAAC,KAAK,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,IAAiB;QACzD,IAAI,OAAgB,CAAC;QACrB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC;YAC9D,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;gBACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;gBACnE,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;oBACrE,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;wBAAE,OAAO,GAAG,CAAC;oBACjC,OAAO,GAAG,IAAI,gBAAgB,CAAC,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxF,CAAC;wBAAS,CAAC;oBACT,YAAY,CAAC,KAAK,CAAC,CAAC;gBACtB,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,GAAG,GAAG,CAAC;YAChB,CAAC;YACD,IAAI,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;gBACrC,MAAM,MAAM,GAAG,GAAG,CAAC;gBACnB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC;gBACtC,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,OAAO,GAAG,MAAM,CAAC;gBAC7C,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QACD,IAAI,OAAO,YAAY,KAAK;YAAE,MAAM,OAAO,CAAC;QAC5C,MAAM,IAAI,gBAAgB,CAAC,0BAA0B,CAAC,CAAC;IACzD,CAAC;CACF;AAED,KAAK,UAAU,QAAQ,CAAC,GAAa;IACnC,IAAI,CAAC;QAAC,OAAO,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAC;IAAC,CAAC;AACvD,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,GAAa;IACnC,IAAI,CAAC;QAAC,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;AACtF,CAAC"}

package/dist/hashing.d.ts

@@ -1,8 +1,21 @@
 /**
- * SHA-256 helpers — mirror the hashing behaviour of the Python and Node SDKs
- * shipped in the main audit-ledger repo. PII is hashed locally before any
- * payload leaves the MCP server, so raw personal data never reaches the
- * audit ledger API.
+ * Local hashing — raw PII never leaves the MCP server's process.
+ *
+ * By default this module uses HMAC-SHA256 keyed off the AUDIT_HMAC_KEY
+ * environment variable. Keyed hashing makes the output non-reversible by
+ * anyone who does not hold the key, which is what regulators (ICO / EDPB)
+ * expect when you describe a value as pseudonymised rather than identifiable.
+ *
+ * Backwards-compatible fallback:
+ *   If AUDIT_HMAC_KEY is not set, the functions fall back to plain SHA-256
+ *   so existing MCP installs do not break. A one-time stderr warning is
+ *   emitted on first use to nudge operators to upgrade. The default will
+ *   flip in a future major version.
+ *
+ * The key is your tenant's secret. Generate once and store it where you
+ * already store AUDIT_WRITE_KEY (env var, .env file, secrets manager):
+ *   node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+ * The key never leaves your environment and never reaches the ledger API.
  */
 /** SHA-256 hex digest of a UTF-8 string. Lowercased, 64 chars. */
 export declare function sha256(input: string): string;
@@ -11,6 +24,8 @@ export declare function sha256(input: string): string;
  * formatting-only changes do not produce a different hash — this matches
  * the behaviour of the SDKs in the main repo and keeps prompt-version
  * tracking stable across minor edits.
+ *
+ * Uses HMAC-SHA256 when AUDIT_HMAC_KEY is set, plain SHA-256 otherwise.
  */
 export declare function hashPrompt(rawPrompt: string): string;
 /**
@@ -18,6 +33,14 @@ export declare function hashPrompt(rawPrompt: string): string;
  * before sending. No normalisation — the input is hashed verbatim so any
  * change in the input produces a different hash, which is the right
  * behaviour for an audit trail of model inputs.
+ *
+ * Uses HMAC-SHA256 when AUDIT_HMAC_KEY is set, plain SHA-256 otherwise.
  */
 export declare function hashPii(rawInput: string): string;
+/**
+ * Test-only hook. Resets the one-time warned flag so unit tests can assert
+ * the warning fires exactly once per process. Not part of the public API.
+ * @internal
+ */
+export declare function _resetFallbackWarnedForTests(): void;
 //# sourceMappingURL=hashing.d.ts.map

package/dist/hashing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hashing.d.ts","sourceRoot":"","sources":["../src/hashing.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,kEAAkE;AAClE,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAGpD;AAED;;;;;GAKG;AACH,wBAAgB,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEhD"}
+{"version":3,"file":"hashing.d.ts","sourceRoot":"","sources":["../src/hashing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AA0BH,kEAAkE;AAClE,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED;;;;;;;GAOG;AACH,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAQpD;AAED;;;;;;;GAOG;AACH,wBAAgB,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAOhD;AAED;;;;GAIG;AACH,wBAAgB,4BAA4B,IAAI,IAAI,CAEnD"}

package/dist/hashing.js

@@ -1,10 +1,41 @@
 /**
- * SHA-256 helpers — mirror the hashing behaviour of the Python and Node SDKs
- * shipped in the main audit-ledger repo. PII is hashed locally before any
- * payload leaves the MCP server, so raw personal data never reaches the
- * audit ledger API.
+ * Local hashing — raw PII never leaves the MCP server's process.
+ *
+ * By default this module uses HMAC-SHA256 keyed off the AUDIT_HMAC_KEY
+ * environment variable. Keyed hashing makes the output non-reversible by
+ * anyone who does not hold the key, which is what regulators (ICO / EDPB)
+ * expect when you describe a value as pseudonymised rather than identifiable.
+ *
+ * Backwards-compatible fallback:
+ *   If AUDIT_HMAC_KEY is not set, the functions fall back to plain SHA-256
+ *   so existing MCP installs do not break. A one-time stderr warning is
+ *   emitted on first use to nudge operators to upgrade. The default will
+ *   flip in a future major version.
+ *
+ * The key is your tenant's secret. Generate once and store it where you
+ * already store AUDIT_WRITE_KEY (env var, .env file, secrets manager):
+ *   node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+ * The key never leaves your environment and never reaches the ledger API.
  */
-import { createHash } from "node:crypto";
+import { createHash, createHmac } from "node:crypto";
+let _fallbackWarned = false;
+function getKey() {
+    const raw = (process.env.AUDIT_HMAC_KEY ?? "").trim();
+    return raw.length > 0 ? raw : null;
+}
+function warnFallbackOnce() {
+    if (_fallbackWarned)
+        return;
+    _fallbackWarned = true;
+    // stderr, not stdout — stdout is the MCP protocol channel and any extra
+    // bytes there will break the client. console.warn goes to stderr in Node.
+    console.warn("[audit-ledger-mcp] AUDIT_HMAC_KEY is not set; falling back to plain " +
+        "SHA-256 for PII hashing. Plain SHA-256 of low-entropy values (names, " +
+        "emails) is brute-forceable and should not be treated as anonymisation " +
+        "under ICO/EDPB guidance. Set AUDIT_HMAC_KEY to a 32+ byte secret to " +
+        "switch to keyed HMAC-SHA256. This fallback will be removed in a " +
+        "future major version.");
+}
 /** SHA-256 hex digest of a UTF-8 string. Lowercased, 64 chars. */
 export function sha256(input) {
     return createHash("sha256").update(input, "utf8").digest("hex");
@@ -14,18 +45,40 @@ export function sha256(input) {
  * formatting-only changes do not produce a different hash — this matches
  * the behaviour of the SDKs in the main repo and keeps prompt-version
  * tracking stable across minor edits.
+ *
+ * Uses HMAC-SHA256 when AUDIT_HMAC_KEY is set, plain SHA-256 otherwise.
  */
 export function hashPrompt(rawPrompt) {
     const normalised = rawPrompt.replace(/\s+/g, " ").trim();
-    return sha256(normalised);
+    const key = getKey();
+    if (key === null) {
+        warnFallbackOnce();
+        return createHash("sha256").update(normalised, "utf8").digest("hex");
+    }
+    return createHmac("sha256", key).update(normalised, "utf8").digest("hex");
 }
 /**
  * Hash raw user input (e.g. a CV, a transaction payload, a customer record)
  * before sending. No normalisation — the input is hashed verbatim so any
  * change in the input produces a different hash, which is the right
  * behaviour for an audit trail of model inputs.
+ *
+ * Uses HMAC-SHA256 when AUDIT_HMAC_KEY is set, plain SHA-256 otherwise.
  */
 export function hashPii(rawInput) {
-    return sha256(rawInput);
+    const key = getKey();
+    if (key === null) {
+        warnFallbackOnce();
+        return createHash("sha256").update(rawInput, "utf8").digest("hex");
+    }
+    return createHmac("sha256", key).update(rawInput, "utf8").digest("hex");
+}
+/**
+ * Test-only hook. Resets the one-time warned flag so unit tests can assert
+ * the warning fires exactly once per process. Not part of the public API.
+ * @internal
+ */
+export function _resetFallbackWarnedForTests() {
+    _fallbackWarned = false;
 }
 //# sourceMappingURL=hashing.js.map

package/dist/hashing.js.map

@@ -1 +1 @@
-{"version":3,"file":"hashing.js","sourceRoot":"","sources":["../src/hashing.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,kEAAkE;AAClE,MAAM,UAAU,MAAM,CAAC,KAAa;IAClC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACzD,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,OAAO,CAAC,QAAgB;IACtC,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"hashing.js","sourceRoot":"","sources":["../src/hashing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErD,IAAI,eAAe,GAAG,KAAK,CAAC;AAE5B,SAAS,MAAM;IACb,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtD,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;AACrC,CAAC;AAED,SAAS,gBAAgB;IACvB,IAAI,eAAe;QAAE,OAAO;IAC5B,eAAe,GAAG,IAAI,CAAC;IACvB,wEAAwE;IACxE,0EAA0E;IAC1E,OAAO,CAAC,IAAI,CACV,sEAAsE;QACpE,uEAAuE;QACvE,wEAAwE;QACxE,sEAAsE;QACtE,kEAAkE;QAClE,uBAAuB,CAC1B,CAAC;AACJ,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,MAAM,CAAC,KAAa;IAClC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACzD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;IACrB,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,gBAAgB,EAAE,CAAC;QACnB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5E,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,OAAO,CAAC,QAAgB;IACtC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;IACrB,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,gBAAgB,EAAE,CAAC;QACnB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,4BAA4B;IAC1C,eAAe,GAAG,KAAK,CAAC;AAC1B,CAAC"}

package/dist/index.js

@@ -20,6 +20,7 @@ import { AuditLedgerClient, AuditLedgerError } from "./client.js";
 import { SANDBOX_CONFIG, isSandboxMode, sandboxBanner } from "./sandbox.js";
 import { executeRecordDecision, recordDecisionToolDefinition, } from "./tools/record_decision.js";
 import { executeVerifyDecision, verifyDecisionToolDefinition, } from "./tools/verify_decision.js";
+import { executeVerifyCompleteness, verifyCompletenessToolDefinition, } from "./tools/verify_completeness.js";
 import { executeListDecisions, listDecisionsToolDefinition, } from "./tools/list_decisions.js";
 // Read package.json at startup so PKG_NAME and PKG_VERSION cannot drift from
 // the published package version. dist/index.js lives one level below the
@@ -66,6 +67,7 @@ async function main() {
         tools: [
             recordDecisionToolDefinition,
             verifyDecisionToolDefinition,
+            verifyCompletenessToolDefinition,
             listDecisionsToolDefinition,
         ],
     }));
@@ -80,6 +82,9 @@ async function main() {
                 case "verify_decision":
                     result = await executeVerifyDecision(client, args);
                     break;
+                case "verify_completeness":
+                    result = await executeVerifyCompleteness(client, args);
+                    break;
                 case "list_decisions":
                     result = await executeListDecisions(client, args);
                     break;

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,6EAA6E;AAC7E,yEAAyE;AACzE,0EAA0E;AAC1E,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACpB,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CACvB,CAAC;AACvC,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC;AAC1B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC;AAEhC,SAAS,WAAW;IAClB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5C,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACtC,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACpD,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC1C,CAAC,CAAC,SAAS,CAAC;IAEd,qEAAqE;IACrE,mEAAmE;IACnE,+DAA+D;IAC/D,IAAI,aAAa,EAAE,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;QAClE,OAAO,IAAI,iBAAiB,CAAC;YAC3B,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,OAAO,EAAE,cAAc,CAAC,OAAO;YAC/B,SAAS;YACT,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAc,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAE3C,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,QAAQ,0DAA0D;YACpE,IAAI,QAAQ,yDAAyD;YACrE,IAAI,QAAQ,kCAAkC,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,iBAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;AACxF,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,WAAW,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,EACxC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE;YACL,4BAA4B;YAC5B,4BAA4B;YAC5B,2BAA2B;SAC5B;KACF,CAAC,CAAC,CAAC;IAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5D,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAC7C,IAAI,CAAC;YACH,IAAI,MAAe,CAAC;YACpB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,gBAAgB;oBACnB,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBAClD,MAAM;gBACR;oBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aACnE,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,gBAAgB;gBAC7B,CAAC,CAAC,GAAG,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;gBAChG,CAAC,CAAC,GAAG,YAAY,KAAK;oBACpB,CAAC,CAAC,GAAG,CAAC,OAAO;oBACb,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,OAAO,EAAE,EAAE,CAAC;gBACtD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,WAAW,uBAAuB,CAAC,CAAC;AAC5E,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,YAAY,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,yBAAyB,EACzB,gCAAgC,GACjC,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,6EAA6E;AAC7E,yEAAyE;AACzE,0EAA0E;AAC1E,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACpB,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CACvB,CAAC;AACvC,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC;AAC1B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC;AAEhC,SAAS,WAAW;IAClB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5C,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACtC,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACpD,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAC1C,CAAC,CAAC,SAAS,CAAC;IAEd,qEAAqE;IACrE,mEAAmE;IACnE,+DAA+D;IAC/D,IAAI,aAAa,EAAE,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;QAClE,OAAO,IAAI,iBAAiB,CAAC;YAC3B,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,OAAO,EAAE,cAAc,CAAC,OAAO;YAC/B,SAAS;YACT,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAc,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAE3C,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,QAAQ,0DAA0D;YACpE,IAAI,QAAQ,yDAAyD;YACrE,IAAI,QAAQ,kCAAkC,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,iBAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;AACxF,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,WAAW,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,EACxC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE;YACL,4BAA4B;YAC5B,4BAA4B;YAC5B,gCAAgC;YAChC,2BAA2B;SAC5B;KACF,CAAC,CAAC,CAAC;IAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5D,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAC7C,IAAI,CAAC;YACH,IAAI,MAAe,CAAC;YACpB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,qBAAqB;oBACxB,MAAM,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBACvD,MAAM;gBACR,KAAK,gBAAgB;oBACnB,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;oBAClD,MAAM;gBACR;oBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aACnE,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,gBAAgB;gBAC7B,CAAC,CAAC,GAAG,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;gBAChG,CAAC,CAAC,GAAG,YAAY,KAAK;oBACpB,CAAC,CAAC,GAAG,CAAC,OAAO;oBACb,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,OAAO,EAAE,EAAE,CAAC;gBACtD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,WAAW,uBAAuB,CAAC,CAAC;AAC5E,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,QAAQ,YAAY,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/tools/verify_completeness.d.ts

@@ -0,0 +1,52 @@
+/**
+ * verify_completeness tool — detect missing audit records.
+ *
+ * Sister tool to verify_decision. verify_decision proves a record that exists
+ * matches its S3 copy (tampering check). verify_completeness proves no
+ * records have been deleted by comparing the tenant's monotonic sequence
+ * counter against the rows actually present in DynamoDB. A gap in the
+ * returned `missing` array represents a record that was deleted, lost during
+ * SQS redelivery, or otherwise never stored — combine with the processor's
+ * burned_sequence log entries to tell those apart.
+ */
+import { z } from "zod";
+import type { AuditLedgerClient, CompletenessResult } from "../client.js";
+export declare const verifyCompletenessInputSchema: z.ZodObject<{
+    from: z.ZodOptional<z.ZodNumber>;
+    to: z.ZodOptional<z.ZodNumber>;
+    tenant_id: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    tenant_id?: string | undefined;
+    from?: number | undefined;
+    to?: number | undefined;
+}, {
+    tenant_id?: string | undefined;
+    from?: number | undefined;
+    to?: number | undefined;
+}>;
+export type VerifyCompletenessInput = z.infer<typeof verifyCompletenessInputSchema>;
+export declare const verifyCompletenessToolDefinition: {
+    readonly name: "verify_completeness";
+    readonly description: "Detect whether any audit records have been deleted or omitted for the caller's tenant. Each successfully stored decision receives a per-tenant monotonic sequence number. This tool compares the ledger's counter against the rows actually present in DynamoDB and returns any sequence numbers that are missing. Use this when a regulator or compliance team asks 'can you prove the log is complete?' — verify_decision only proves an existing record was not altered; this proves no record has disappeared.";
+    readonly inputSchema: {
+        readonly type: "object";
+        readonly properties: {
+            readonly from: {
+                readonly type: "integer";
+                readonly minimum: 1;
+                readonly description: string | undefined;
+            };
+            readonly to: {
+                readonly type: "integer";
+                readonly minimum: 1;
+                readonly description: string | undefined;
+            };
+            readonly tenant_id: {
+                readonly type: "string";
+                readonly description: string | undefined;
+            };
+        };
+    };
+};
+export declare function executeVerifyCompleteness(client: AuditLedgerClient, rawInput: unknown): Promise<CompletenessResult>;
+//# sourceMappingURL=verify_completeness.d.ts.map

package/dist/tools/verify_completeness.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify_completeness.d.ts","sourceRoot":"","sources":["../../src/tools/verify_completeness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,KAAK,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAE1E,eAAO,MAAM,6BAA6B;;;;;;;;;;;;EAqBxC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;CAuBnC,CAAC;AAEX,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,iBAAiB,EACzB,QAAQ,EAAE,OAAO,GAChB,OAAO,CAAC,kBAAkB,CAAC,CAO7B"}

package/dist/tools/verify_completeness.js

@@ -0,0 +1,62 @@
+/**
+ * verify_completeness tool — detect missing audit records.
+ *
+ * Sister tool to verify_decision. verify_decision proves a record that exists
+ * matches its S3 copy (tampering check). verify_completeness proves no
+ * records have been deleted by comparing the tenant's monotonic sequence
+ * counter against the rows actually present in DynamoDB. A gap in the
+ * returned `missing` array represents a record that was deleted, lost during
+ * SQS redelivery, or otherwise never stored — combine with the processor's
+ * burned_sequence log entries to tell those apart.
+ */
+import { z } from "zod";
+export const verifyCompletenessInputSchema = z.object({
+    from: z
+        .number()
+        .int()
+        .min(1)
+        .optional()
+        .describe("Inclusive lower bound on sequence_no. Defaults to 1."),
+    to: z
+        .number()
+        .int()
+        .min(1)
+        .optional()
+        .describe("Inclusive upper bound on sequence_no. Defaults to the tenant's current counter value."),
+    tenant_id: z
+        .string()
+        .optional()
+        .describe("Required only when calling with the admin read key. Ignored when called with a regular tenant read key — the tenant is inferred from the key."),
+});
+export const verifyCompletenessToolDefinition = {
+    name: "verify_completeness",
+    description: "Detect whether any audit records have been deleted or omitted for the caller's tenant. Each successfully stored decision receives a per-tenant monotonic sequence number. This tool compares the ledger's counter against the rows actually present in DynamoDB and returns any sequence numbers that are missing. Use this when a regulator or compliance team asks 'can you prove the log is complete?' — verify_decision only proves an existing record was not altered; this proves no record has disappeared.",
+    inputSchema: {
+        type: "object",
+        properties: {
+            from: {
+                type: "integer",
+                minimum: 1,
+                description: verifyCompletenessInputSchema.shape.from.description,
+            },
+            to: {
+                type: "integer",
+                minimum: 1,
+                description: verifyCompletenessInputSchema.shape.to.description,
+            },
+            tenant_id: {
+                type: "string",
+                description: verifyCompletenessInputSchema.shape.tenant_id.description,
+            },
+        },
+    },
+};
+export async function executeVerifyCompleteness(client, rawInput) {
+    const input = verifyCompletenessInputSchema.parse(rawInput ?? {});
+    return client.verifyCompleteness({
+        from: input.from,
+        to: input.to,
+        tenantId: input.tenant_id,
+    });
+}
+//# sourceMappingURL=verify_completeness.js.map

package/dist/tools/verify_completeness.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify_completeness.js","sourceRoot":"","sources":["../../src/tools/verify_completeness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC;IACpD,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;SACV,QAAQ,CAAC,sDAAsD,CAAC;IACnE,EAAE,EAAE,CAAC;SACF,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;SACV,QAAQ,CACP,uFAAuF,CACxF;IACH,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CACP,+IAA+I,CAChJ;CACJ,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,gCAAgC,GAAG;IAC9C,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EACT,ofAAof;IACtf,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,IAAI,EAAE;gBACJ,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,CAAC;gBACV,WAAW,EAAE,6BAA6B,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW;aAClE;YACD,EAAE,EAAE;gBACF,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,CAAC;gBACV,WAAW,EAAE,6BAA6B,CAAC,KAAK,CAAC,EAAE,CAAC,WAAW;aAChE;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,6BAA6B,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW;aACvE;SACF;KACF;CACO,CAAC;AAEX,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAyB,EACzB,QAAiB;IAEjB,MAAM,KAAK,GAAG,6BAA6B,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IAClE,OAAO,MAAM,CAAC,kBAAkB,CAAC;QAC/B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,QAAQ,EAAE,KAAK,CAAC,SAAS;KAC1B,CAAC,CAAC;AACL,CAAC"}

package/dist/tools/verify_decision.d.ts

@@ -32,8 +32,8 @@ export declare const verifyDecisionToolDefinition: {
 export declare function executeVerifyDecision(client: AuditLedgerClient, rawInput: unknown): Promise<{
     event_id: string;
     integrity_verified: boolean;
-    note: string;
-    dynamodb_record: unknown;
-    s3_record: unknown;
+    integrity_note: string;
+    current_record: unknown;
+    archived_record: unknown;
 }>;
 //# sourceMappingURL=verify_decision.d.ts.map

package/dist/tools/verify_decision.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verify_decision.d.ts","sourceRoot":"","sources":["../../src/tools/verify_decision.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEtD,eAAO,MAAM,yBAAyB;;;;;;EAKpC,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;CAW/B,CAAC;AAEX,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,iBAAiB,EACzB,QAAQ,EAAE,OAAO,GAChB,OAAO,CAAC;IACT,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC,CAUD"}
+{"version":3,"file":"verify_decision.d.ts","sourceRoot":"","sources":["../../src/tools/verify_decision.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEtD,eAAO,MAAM,yBAAyB;;;;;;EAKpC,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;CAW/B,CAAC;AAEX,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,iBAAiB,EACzB,QAAQ,EAAE,OAAO,GAChB,OAAO,CAAC;IACT,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC,CAUD"}

package/dist/tools/verify_decision.js

@@ -28,9 +28,9 @@ export async function executeVerifyDecision(client, rawInput) {
     return {
         event_id: input.event_id,
         integrity_verified: result.integrity_verified,
-        note: result.note,
-        dynamodb_record: result.dynamodb_record,
-        s3_record: result.s3_record,
+        integrity_note: result.integrity_note,
+        current_record: result.current_record,
+        archived_record: result.archived_record,
     };
 }
 //# sourceMappingURL=verify_decision.js.map

package/dist/tools/verify_decision.js.map

@@ -1 +1 @@
-{"version":3,"file":"verify_decision.js","sourceRoot":"","sources":["../../src/tools/verify_decision.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,IAAI,EAAE;SACN,QAAQ,CAAC,iDAAiD,CAAC;CAC/D,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,4BAA4B,GAAG;IAC1C,IAAI,EAAE,iBAAiB;IACvB,WAAW,EACT,4VAA4V;IAC9V,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,yBAAyB,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE;SAChH;QACD,QAAQ,EAAE,CAAC,UAAU,CAAC;KACvB;CACO,CAAC;AAEX,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,MAAyB,EACzB,QAAiB;IAQjB,MAAM,KAAK,GAAG,yBAAyB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC3D,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;QAC7C,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,eAAe,EAAE,MAAM,CAAC,eAAe;QACvC,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAC;AACJ,CAAC"}
+{"version":3,"file":"verify_decision.js","sourceRoot":"","sources":["../../src/tools/verify_decision.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,IAAI,EAAE;SACN,QAAQ,CAAC,iDAAiD,CAAC;CAC/D,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,4BAA4B,GAAG;IAC1C,IAAI,EAAE,iBAAiB;IACvB,WAAW,EACT,4VAA4V;IAC9V,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,yBAAyB,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE;SAChH;QACD,QAAQ,EAAE,CAAC,UAAU,CAAC;KACvB;CACO,CAAC;AAEX,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,MAAyB,EACzB,QAAiB;IAQjB,MAAM,KAAK,GAAG,yBAAyB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC3D,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;QAC7C,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,eAAe,EAAE,MAAM,CAAC,eAAe;KACxC,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "audit-ledger-mcp",
-  "version": "0.2.1",
+  "version": "0.3.1",
   "description": "MCP server for AI Audit Ledger — record AI decisions to a tamper-evident ledger from any agent (Claude, Cursor, LangGraph, custom).",
   "mcpName": "io.github.shahidh68/audit-ledger-mcp",
   "type": "module",