pluribus-context 0.3.39 → 0.3.41

package/docs/receipt-playground.html

@@ -0,0 +1,250 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Pluribus Receipt Playground</title>
+  <style>
+    :root { color-scheme: dark light; --bg:#0b1020; --card:#121a33; --text:#e8ecf8; --muted:#aab4cf; --accent:#8ee6c4; --bad:#ff8f9c; --warn:#ffd166; --ok:#8ee6c4; --border:#283454; }
+    * { box-sizing:border-box; }
+    body { margin:0; font:15px/1.5 system-ui,-apple-system,Segoe UI,sans-serif; background:linear-gradient(180deg,#0b1020,#10182e); color:var(--text); }
+    main { max-width:1120px; margin:0 auto; padding:34px 18px 48px; }
+    h1 { font-size:clamp(2rem,4vw,3.4rem); line-height:1.05; margin:.2rem 0 1rem; letter-spacing:-.04em; }
+    h2 { margin-top:0; }
+    p, li { color:var(--muted); }
+    a { color:var(--accent); }
+    .grid { display:grid; grid-template-columns:1fr; gap:16px; }
+    @media (min-width:900px) { .grid { grid-template-columns:1.1fr .9fr; } }
+    .card { background:rgba(18,26,51,.92); border:1px solid var(--border); border-radius:18px; padding:18px; box-shadow:0 20px 80px rgba(0,0,0,.24); }
+    textarea { width:100%; min-height:560px; resize:vertical; border:1px solid var(--border); border-radius:14px; padding:14px; background:#060a15; color:#e8ecf8; font:13px/1.45 ui-monospace,SFMono-Regular,Menlo,Consolas,monospace; }
+    button, select { border:1px solid var(--border); border-radius:999px; background:#182344; color:var(--text); padding:10px 14px; cursor:pointer; }
+    button:hover, select:hover { border-color:var(--accent); }
+    .controls { display:flex; flex-wrap:wrap; gap:10px; align-items:center; margin:0 0 12px; }
+    .result { white-space:pre-wrap; overflow:auto; border-radius:14px; padding:14px; background:#060a15; border:1px solid var(--border); min-height:210px; font:13px/1.45 ui-monospace,SFMono-Regular,Menlo,Consolas,monospace; }
+    .ok { color:var(--ok); }
+    .bad { color:var(--bad); }
+    .warn { color:var(--warn); }
+    .pill { display:inline-block; border:1px solid var(--border); border-radius:999px; padding:.2rem .55rem; color:var(--muted); margin:.1rem .2rem .1rem 0; }
+    code { background:#060a15; padding:.12rem .32rem; border-radius:6px; color:#d7e2ff; }
+  </style>
+</head>
+<body>
+  <main>
+    <p><a href="index.html">← Pluribus</a></p>
+    <h1>Receipt playground</h1>
+    <p>Paste a Pluribus receipt and validate the boundary evidence locally in your browser. No network calls, no raw prompts/results required.</p>
+    <div class="grid">
+      <section class="card">
+        <div class="controls">
+          <select id="sample">
+            <option value="toolSurface">Sample: MCP tool-surface diff</option>
+            <option value="attentionPass">Sample: context attention pass</option>
+            <option value="attentionFail">Sample: context attention fail</option>
+            <option value="ruleAttention">Sample: CLAUDE.md rule attention drift</option>
+            <option value="skillInstall">Sample: Agent Skill install provenance</option>
+          </select>
+          <button id="load">Load sample</button>
+          <button id="validate">Validate</button>
+        </div>
+        <textarea id="receipt" spellcheck="false"></textarea>
+      </section>
+      <aside class="card">
+        <h2>Validation result</h2>
+        <div id="result" class="result">Click Validate.</div>
+        <h2>What this checks</h2>
+        <p><span class="pill">tool-surface diff</span> proves runtime discovery changes without logging raw schemas/prompts/results.</p>
+        <p><span class="pill">context attention</span> proves required retrieved context was delivered, acknowledged, and cited before edits.</p>
+        <p><span class="pill">rule attention</span> shows whether project rules were re-read, cited in the pre-edit plan, and checked before changes.</p>
+        <p><span class="pill">skill install provenance</span> shows which <code>SKILL.md</code> source path won, which mirrors were ignored, and whether install metadata stayed content-safe.</p>
+        <h2>CLI equivalent</h2>
+        <p><code>npx --yes pluribus-context@latest demo tool-surface-diff --json</code></p>
+      </aside>
+    </div>
+  </main>
+  <script>
+    const samples = {
+      toolSurface: {
+        schema: 'pluribus.mcp_tool_surface_diff_receipt.v1',
+        run_id: 'tool-surface-diff-demo',
+        generated_at: '2026-06-09T13:00:00Z',
+        platform: { name: 'enterprise-mcp-dynamic-discovery', audit_sink: 'admin-center-or-siem' },
+        catalog: { server_id: 'mcp://sales-ops-gateway', previous_hash: 'sha256:previous-catalog-redacted', current_hash: 'sha256:current-catalog-redacted' },
+        runtime_discovery: { enabled: true, trigger: 'runtime_tool_catalog_diff' },
+        privacy_boundary: { raw_schemas: 'omitted_hash_only', raw_prompts: 'omitted', raw_results: 'omitted' },
+        tools: [
+          { tool_id: 'tool:crm.search_accounts', name_hash: 'sha256:0cc2...', schema_hash: 'sha256:6f4f...', status: 'activated', validation_outcome: 'accepted', diff_summary: { added_fields: 1, removed_fields: 0, changed_fields: 0 } },
+          { tool_id: 'tool:crm.export_contacts', name_hash: 'sha256:f38f...', schema_hash: 'sha256:95dd...', status: 'blocked', validation_outcome: 'blocked_by_rai', diff_summary: { added_fields: 4, removed_fields: 0, changed_fields: 2 } },
+          { tool_id: 'tool:billing.refund_invoice', name_hash: 'sha256:abfd...', schema_hash: 'sha256:3b4f...', status: 'withheld', validation_outcome: 'entitlement_filtered', diff_summary: { added_fields: 0, removed_fields: 0, changed_fields: 0 } }
+        ]
+      },
+      attentionPass: {
+        schema: 'pluribus.context_attention_receipt.v1', receipt_id: 'attn_demo_pass', task_id: 'claude-code-refactor-184', agent_surface: 'claude_code', retrieval_system: 'graph_memory_mcp',
+        required_context: [{ id: 'ctx:architecture:tenant-routing' }, { id: 'ctx:decision:readonly-audit-first' }],
+        delivery: { surface: 'mcp_tool_response', delivered_context_ids: ['ctx:architecture:tenant-routing', 'ctx:decision:readonly-audit-first'], raw_context_omitted: true, evidence_path: '.pluribus/receipts/context-attention.ndjson' },
+        attention: { acknowledged_before_plan: ['ctx:architecture:tenant-routing', 'ctx:decision:readonly-audit-first'], cited_in_plan: ['ctx:architecture:tenant-routing', 'ctx:decision:readonly-audit-first'], missing_context_stop: false },
+        privacy: { raw_prompts_omitted: true, raw_documents_omitted: true, source_code_omitted: true, tool_outputs_omitted: true, tokens_omitted: true, customer_data_omitted: true },
+        result: { status: 'safe_to_continue', next_safe_action: 'continue with dry-run refactor plan' }
+      },
+      attentionFail: {
+        schema: 'pluribus.context_attention_receipt.v1', receipt_id: 'attn_demo_fail', task_id: 'claude-code-refactor-185', agent_surface: 'claude_code', retrieval_system: 'graph_memory_mcp',
+        required_context: [{ id: 'ctx:architecture:tenant-routing' }, { id: 'ctx:decision:readonly-audit-first' }],
+        delivery: { surface: 'mcp_tool_response', delivered_context_ids: ['ctx:architecture:tenant-routing', 'ctx:decision:readonly-audit-first'], raw_context_omitted: true, evidence_path: '.pluribus/receipts/context-attention.ndjson' },
+        attention: { acknowledged_before_plan: ['ctx:architecture:tenant-routing'], cited_in_plan: [], missing_context_stop: false },
+        privacy: { raw_prompts_omitted: true, raw_documents_omitted: true, source_code_omitted: true, tool_outputs_omitted: true, tokens_omitted: true, customer_data_omitted: true },
+        result: { status: 'unsafe_to_continue', next_safe_action: 'stop and re-deliver required context before editing' }
+      },
+      ruleAttention: {
+        schema: 'pluribus.claude_code_rule_attention_receipt.v1',
+        receipt_id: 'rule_attn_demo_62087',
+        task_id: 'claude-code-long-session-62087',
+        agent_surface: 'claude_code',
+        context_boundary: { session_phase: 'post-compaction-long-session', before_first_edit: true },
+        rules: [
+          { rule_id: 'CLAUDE.md:test-after-plan', source: 'CLAUDE.md#workflow', last_loaded_at: '2026-06-09T22:41:00Z', last_referenced_at: null, cited_in_pre_edit_plan: false, edit_check: 'missing', violation_category: 'loaded_but_not_referenced' },
+          { rule_id: 'CLAUDE.md:no-skip-steps', source: 'CLAUDE.md#workflow', last_loaded_at: '2026-06-09T22:41:00Z', last_referenced_at: '2026-06-09T22:58:00Z', cited_in_pre_edit_plan: true, edit_check: 'pass', violation_category: null }
+        ],
+        privacy: { raw_prompts_omitted: true, raw_claude_md_omitted: true, source_code_omitted: true, tool_outputs_omitted: true, tokens_omitted: true, customer_data_omitted: true },
+        result: { status: 'unsafe_to_edit', next_safe_action: 'stop, re-read missing rule ids, and restate the pre-edit plan with citations' }
+      },
+      skillInstall: {
+        schema: 'pluribus.agent_skill_install_provenance_receipt.v1',
+        receipt_id: 'skill_install_openskills_demo',
+        installer: { name: 'agent-skill-package-manager', mode: 'universal', target_agent_dir: '.agent/skills' },
+        source: { kind: 'github_repo', repo: 'caioribeiroclw-pixel/pluribus', requested_ref: 'v0.3.40', resolved_sha: 'sha256:resolved-commit-redacted' },
+        discovery: {
+          requested_skill_names: ['context-receipts', 'skill-policy-receipts'],
+          discovered_source_paths: [
+            'skills/context-receipts/SKILL.md',
+            'examples/agent-skills/context-receipts/SKILL.md',
+            'docs/.well-known/agent-skills/context-receipts/SKILL.md',
+            'skills/skill-policy-receipts/SKILL.md',
+            'examples/agent-skills/skill-policy-receipts/SKILL.md',
+            'docs/.well-known/agent-skills/skill-policy-receipts/SKILL.md'
+          ],
+          duplicate_resolution: 'prefer_top_level_skills_dir'
+        },
+        selected_skills: [
+          { name: 'context-receipts', selected_source_path: 'skills/context-receipts/SKILL.md', target_path: '.agent/skills/context-receipts/SKILL.md', operation: 'install', lockfile_entry_written: true },
+          { name: 'skill-policy-receipts', selected_source_path: 'skills/skill-policy-receipts/SKILL.md', target_path: '.agent/skills/skill-policy-receipts/SKILL.md', operation: 'install', lockfile_entry_written: true }
+        ],
+        ignored_duplicates: [
+          { name: 'context-receipts', ignored_source_path: 'examples/agent-skills/context-receipts/SKILL.md', reason: 'duplicate_mirror_not_canonical' },
+          { name: 'context-receipts', ignored_source_path: 'docs/.well-known/agent-skills/context-receipts/SKILL.md', reason: 'duplicate_mirror_not_canonical' },
+          { name: 'skill-policy-receipts', ignored_source_path: 'examples/agent-skills/skill-policy-receipts/SKILL.md', reason: 'duplicate_mirror_not_canonical' },
+          { name: 'skill-policy-receipts', ignored_source_path: 'docs/.well-known/agent-skills/skill-policy-receipts/SKILL.md', reason: 'duplicate_mirror_not_canonical' }
+        ],
+        safety: { content_sanitizers: ['frontmatter-parse', 'markdown-only'], raw_secret_or_env_values_copied: false, scripts_or_hooks_installed: false, network_capability_added: false, manual_review_required: true },
+        privacy: { raw_skill_body_omitted: true, raw_env_values_omitted: true, auth_headers_omitted: true, customer_data_omitted: true },
+        result: { status: 'safe_to_install_after_review', installed_count: 2, ignored_duplicate_count: 4 }
+      }
+    }
+
+    const receiptEl = document.querySelector('#receipt')
+    const resultEl = document.querySelector('#result')
+    document.querySelector('#load').addEventListener('click', loadSample)
+    document.querySelector('#validate').addEventListener('click', validate)
+    document.querySelector('#sample').addEventListener('change', loadSample)
+    loadSample()
+
+    function loadSample() {
+      const key = document.querySelector('#sample').value
+      receiptEl.value = JSON.stringify(samples[key], null, 2)
+      validate()
+    }
+
+    function validate() {
+      let receipt
+      try { receipt = JSON.parse(receiptEl.value) }
+      catch (error) { return render({ ok:false, errors:[`invalid JSON: ${error.message}`], warnings:[] }) }
+      if (receipt.schema === 'pluribus.mcp_tool_surface_diff_receipt.v1') return render(validateToolSurface(receipt))
+      if (receipt.schema === 'pluribus.context_attention_receipt.v1') return render(validateAttention(receipt))
+      if (receipt.schema === 'pluribus.claude_code_rule_attention_receipt.v1') return render(validateRuleAttention(receipt))
+      if (receipt.schema === 'pluribus.agent_skill_install_provenance_receipt.v1') return render(validateSkillInstall(receipt))
+      render({ ok:false, errors:[`unsupported schema: ${receipt.schema || '(missing)'}`], warnings:[] })
+    }
+
+    function validateToolSurface(r) {
+      const errors = [], warnings = []
+      const privacy = r.privacy_boundary || {}
+      if (!r.catalog?.current_hash) errors.push('catalog.current_hash is required')
+      if (!Array.isArray(r.tools) || r.tools.length === 0) errors.push('tools must include at least one discovered/activated/withheld/blocked tool')
+      for (const field of ['raw_schemas','raw_prompts','raw_results']) if (!String(privacy[field] || '').startsWith('omitted')) errors.push(`privacy_boundary.${field} must be omitted`)
+      const counts = countBy(r.tools || [], 'status')
+      if (!counts.activated && !counts.withheld && !counts.blocked) warnings.push('receipt has no activated/withheld/blocked status counts')
+      return { ok: errors.length === 0, schema:r.schema, summary:counts, errors, warnings }
+    }
+
+    function validateAttention(r) {
+      const errors = [], warnings = []
+      const required = ids((r.required_context || []).map(x => x.id))
+      const delivered = ids(r.delivery?.delivered_context_ids)
+      const ack = ids(r.attention?.acknowledged_before_plan)
+      const cited = ids(r.attention?.cited_in_plan)
+      if (!required.length) errors.push('required_context must name at least one id')
+      for (const id of required) {
+        if (!delivered.includes(id)) errors.push(`required context not delivered: ${id}`)
+        if (!ack.includes(id)) errors.push(`required context not acknowledged before plan: ${id}`)
+        if (!cited.includes(id)) errors.push(`required context not cited in plan: ${id}`)
+      }
+      if (r.delivery?.raw_context_omitted !== true) errors.push('delivery.raw_context_omitted must be true')
+      for (const field of ['raw_prompts_omitted','raw_documents_omitted','source_code_omitted','tool_outputs_omitted','tokens_omitted','customer_data_omitted']) if (r.privacy?.[field] !== true) errors.push(`privacy.${field} must be true`)
+      if (errors.length && r.attention?.missing_context_stop !== true) errors.push('missing_context_stop must be true when required attention evidence is incomplete')
+      if (!r.delivery?.evidence_path) warnings.push('delivery.evidence_path is missing')
+      return { ok: errors.length === 0, schema:r.schema, required_count:required.length, delivered_count:delivered.length, acknowledged_count:ack.length, cited_count:cited.length, errors, warnings }
+    }
+
+    function validateRuleAttention(r) {
+      const errors = [], warnings = []
+      const rules = Array.isArray(r.rules) ? r.rules : []
+      if (!rules.length) errors.push('rules must include at least one project rule')
+      for (const rule of rules) {
+        if (!rule.rule_id) errors.push('each rule must include rule_id')
+        if (!rule.source) errors.push(`${rule.rule_id || 'rule'} must include source`)
+        if (!rule.last_loaded_at) errors.push(`${rule.rule_id || 'rule'} must include last_loaded_at`)
+        if (rule.cited_in_pre_edit_plan !== true) warnings.push(`${rule.rule_id || 'rule'} was not cited in the pre-edit plan`)
+        if (!['pass','fail','missing'].includes(rule.edit_check)) errors.push(`${rule.rule_id || 'rule'} edit_check must be pass, fail, or missing`)
+      }
+      for (const field of ['raw_prompts_omitted','raw_claude_md_omitted','source_code_omitted','tool_outputs_omitted','tokens_omitted','customer_data_omitted']) if (r.privacy?.[field] !== true) errors.push(`privacy.${field} must be true`)
+      const missing = rules.filter(rule => rule.cited_in_pre_edit_plan !== true || rule.edit_check !== 'pass')
+      if (missing.length && r.result?.status === 'safe_to_edit') errors.push('result.status cannot be safe_to_edit while a required rule is uncited or failing')
+      return { ok: errors.length === 0 && missing.length === 0, schema:r.schema, rules_count:rules.length, uncited_or_failing_rules:missing.map(rule => rule.rule_id), errors, warnings }
+    }
+
+    function validateSkillInstall(r) {
+      const errors = [], warnings = []
+      const selected = Array.isArray(r.selected_skills) ? r.selected_skills : []
+      const ignored = Array.isArray(r.ignored_duplicates) ? r.ignored_duplicates : []
+      const discovered = Array.isArray(r.discovery?.discovered_source_paths) ? r.discovery.discovered_source_paths : []
+      if (!r.source?.repo) errors.push('source.repo is required')
+      if (!r.source?.resolved_sha) errors.push('source.resolved_sha is required')
+      if (!r.installer?.target_agent_dir) errors.push('installer.target_agent_dir is required')
+      if (!selected.length) errors.push('selected_skills must include at least one installed skill')
+      for (const skill of selected) {
+        if (!skill.name) errors.push('each selected skill must include name')
+        if (!skill.selected_source_path) errors.push(`${skill.name || 'skill'} must include selected_source_path`)
+        if (!skill.target_path) errors.push(`${skill.name || 'skill'} must include target_path`)
+        if (skill.lockfile_entry_written !== true) warnings.push(`${skill.name || 'skill'} did not write lockfile metadata`)
+      }
+      const selectedNames = selected.map(skill => skill.name).filter(Boolean)
+      for (const name of selectedNames) {
+        const discoveredForName = discovered.filter(path => path.includes(`/${name}/`) || path.includes(`${name}/SKILL.md`)).length
+        const ignoredForName = ignored.filter(item => item.name === name).length
+        if (discoveredForName > 1 && ignoredForName === 0) errors.push(`${name} has multiple discovered paths but no ignored_duplicates evidence`)
+      }
+      if (r.safety?.raw_secret_or_env_values_copied !== false) errors.push('safety.raw_secret_or_env_values_copied must be false')
+      if (r.safety?.scripts_or_hooks_installed !== false) errors.push('safety.scripts_or_hooks_installed must be false for a low-authority skill receipt')
+      if (r.safety?.network_capability_added !== false) errors.push('safety.network_capability_added must be false for a skill-only install')
+      for (const field of ['raw_skill_body_omitted','raw_env_values_omitted','auth_headers_omitted','customer_data_omitted']) if (r.privacy?.[field] !== true) errors.push(`privacy.${field} must be true`)
+      if (selected.length !== new Set(selectedNames).size) errors.push('selected_skills contains duplicate names after resolution')
+      return { ok: errors.length === 0, schema:r.schema, selected_count:selected.length, ignored_duplicate_count:ignored.length, discovered_source_count:discovered.length, selected_source_paths:selected.map(skill => skill.selected_source_path), errors, warnings }
+    }
+
+    function countBy(items, key) { return items.reduce((acc, item) => (acc[item[key] || 'unknown'] = (acc[item[key] || 'unknown'] || 0) + 1, acc), {}) }
+    function ids(v) { return Array.isArray(v) ? v.filter(x => typeof x === 'string' && x) : [] }
+    function render(obj) {
+      resultEl.className = 'result ' + (obj.ok ? 'ok' : 'bad')
+      resultEl.textContent = JSON.stringify(obj, null, 2)
+    }
+  </script>
+</body>
+</html>

package/examples/context-attention-receipts/README.md

@@ -0,0 +1,41 @@
+# Context attention receipts
+
+This example is for the `r/ClaudeCode` / GraphRAG failure mode: a graph, memory, RAG, or MCP retrieval system finds the right context, but the coding agent behaves as if it never saw it.
+
+Pluribus should not replace graph memory, RAG, or MCP search. The useful boundary is smaller: emit a privacy-safe receipt proving whether selected context actually crossed the agent boundary and was treated as required before planning or editing.
+
+## What the receipt proves
+
+`pluribus.context_attention_receipt.v1` records low-cardinality evidence only:
+
+- which retrieval/memory/tool context IDs were required for the task;
+- which surface delivered them (`mcp_tool_response`, `claude_hook`, `CLAUDE.md`, `AGENTS.md`, etc.);
+- whether the agent acknowledged those IDs before plan/edit;
+- whether the final plan cites the IDs it depended on;
+- whether missing context forced a stop instead of a best-effort edit;
+- whether raw documents, prompts, source code, transcripts, tokens, or customer data were omitted.
+
+It intentionally does **not** store the retrieved chunks themselves. Use stable IDs, hashes, coarse labels, and evidence paths instead.
+
+## Smoke test
+
+```bash
+node examples/context-attention-receipts/check-attention-receipt.mjs \
+  examples/context-attention-receipts/attention-receipt-pass.json
+
+node examples/context-attention-receipts/check-attention-receipt.mjs \
+  examples/context-attention-receipts/attention-receipt-fail.json
+```
+
+The first command should pass. The second should fail because the graph/memory result was retrieved but not acknowledged or cited before editing.
+
+## Why this exists
+
+A high-quality retrieval layer is still weak if the next agent turn can ignore it. The receipt makes that failure visible:
+
+- retrieval succeeded;
+- required context was or was not delivered to the agent surface;
+- the agent did or did not acknowledge it before changing files;
+- the wrapper/hook did or did not stop the run when required context was missing.
+
+That is the narrow Pluribus angle: not more memory, not a new graph database, and not another router — evidence that the context boundary was actually crossed.

package/examples/context-attention-receipts/attention-receipt-fail.json

@@ -0,0 +1,49 @@
+{
+  "schema": "pluribus.context_attention_receipt.v1",
+  "receipt_id": "attn_2026_06_09_demo_fail",
+  "task_id": "claude-code-refactor-185",
+  "agent_surface": "claude_code",
+  "retrieval_system": "graph_memory_mcp",
+  "required_context": [
+    {
+      "id": "ctx:architecture:tenant-routing",
+      "source_type": "knowledge_graph",
+      "source_hash": "sha256:7bf3e0c1-redacted",
+      "why_required": "routes tenant-scoped writes through the policy gateway"
+    },
+    {
+      "id": "ctx:decision:readonly-audit-first",
+      "source_type": "decision_log",
+      "source_hash": "sha256:11ab91d4-redacted",
+      "why_required": "requires dry-run/audit before writes"
+    }
+  ],
+  "delivery": {
+    "surface": "mcp_tool_response",
+    "delivered_context_ids": [
+      "ctx:architecture:tenant-routing",
+      "ctx:decision:readonly-audit-first"
+    ],
+    "raw_context_omitted": true,
+    "evidence_path": ".pluribus/receipts/context-attention.ndjson"
+  },
+  "attention": {
+    "acknowledged_before_plan": [
+      "ctx:architecture:tenant-routing"
+    ],
+    "cited_in_plan": [],
+    "missing_context_stop": false
+  },
+  "privacy": {
+    "raw_prompts_omitted": true,
+    "raw_documents_omitted": true,
+    "source_code_omitted": true,
+    "tool_outputs_omitted": true,
+    "tokens_omitted": true,
+    "customer_data_omitted": true
+  },
+  "result": {
+    "status": "unsafe_to_continue",
+    "next_safe_action": "stop and ask the retrieval wrapper to re-deliver required context before editing"
+  }
+}

package/examples/context-attention-receipts/attention-receipt-pass.json

@@ -0,0 +1,53 @@
+{
+  "schema": "pluribus.context_attention_receipt.v1",
+  "receipt_id": "attn_2026_06_09_demo_pass",
+  "task_id": "claude-code-refactor-184",
+  "agent_surface": "claude_code",
+  "retrieval_system": "graph_memory_mcp",
+  "required_context": [
+    {
+      "id": "ctx:architecture:tenant-routing",
+      "source_type": "knowledge_graph",
+      "source_hash": "sha256:7bf3e0c1-redacted",
+      "why_required": "routes tenant-scoped writes through the policy gateway"
+    },
+    {
+      "id": "ctx:decision:readonly-audit-first",
+      "source_type": "decision_log",
+      "source_hash": "sha256:11ab91d4-redacted",
+      "why_required": "requires dry-run/audit before writes"
+    }
+  ],
+  "delivery": {
+    "surface": "mcp_tool_response",
+    "delivered_context_ids": [
+      "ctx:architecture:tenant-routing",
+      "ctx:decision:readonly-audit-first"
+    ],
+    "raw_context_omitted": true,
+    "evidence_path": ".pluribus/receipts/context-attention.ndjson"
+  },
+  "attention": {
+    "acknowledged_before_plan": [
+      "ctx:architecture:tenant-routing",
+      "ctx:decision:readonly-audit-first"
+    ],
+    "cited_in_plan": [
+      "ctx:architecture:tenant-routing",
+      "ctx:decision:readonly-audit-first"
+    ],
+    "missing_context_stop": false
+  },
+  "privacy": {
+    "raw_prompts_omitted": true,
+    "raw_documents_omitted": true,
+    "source_code_omitted": true,
+    "tool_outputs_omitted": true,
+    "tokens_omitted": true,
+    "customer_data_omitted": true
+  },
+  "result": {
+    "status": "safe_to_continue",
+    "next_safe_action": "continue with dry-run refactor plan"
+  }
+}

package/examples/context-attention-receipts/check-attention-receipt.mjs

@@ -0,0 +1,97 @@
+#!/usr/bin/env node
+import { readFileSync } from 'node:fs'
+import { resolve } from 'node:path'
+
+const [receiptPathArg] = process.argv.slice(2)
+
+if (!receiptPathArg) {
+  fail(['usage: node check-attention-receipt.mjs <receipt.json>'], 2)
+}
+
+const receiptPath = resolve(process.cwd(), receiptPathArg)
+let receipt
+try {
+  receipt = JSON.parse(readFileSync(receiptPath, 'utf8'))
+} catch (error) {
+  fail([`could not read receipt JSON: ${error.message}`], 2)
+}
+
+const errors = []
+const warnings = []
+
+if (receipt.schema !== 'pluribus.context_attention_receipt.v1') {
+  errors.push('schema must be pluribus.context_attention_receipt.v1')
+}
+
+const requiredIds = ids(receipt.required_context?.map((item) => item.id))
+const deliveredIds = ids(receipt.delivery?.delivered_context_ids)
+const acknowledgedIds = ids(receipt.attention?.acknowledged_before_plan)
+const citedIds = ids(receipt.attention?.cited_in_plan)
+
+if (requiredIds.length === 0) errors.push('required_context must name at least one context id')
+
+for (const id of requiredIds) {
+  if (!deliveredIds.includes(id)) errors.push(`required context not delivered: ${id}`)
+  if (!acknowledgedIds.includes(id)) errors.push(`required context not acknowledged before plan: ${id}`)
+  if (!citedIds.includes(id)) errors.push(`required context not cited in plan: ${id}`)
+}
+
+if (receipt.delivery?.raw_context_omitted !== true) {
+  errors.push('delivery.raw_context_omitted must be true')
+}
+
+const privacy = receipt.privacy || {}
+for (const field of [
+  'raw_prompts_omitted',
+  'raw_documents_omitted',
+  'source_code_omitted',
+  'tool_outputs_omitted',
+  'tokens_omitted',
+  'customer_data_omitted'
+]) {
+  if (privacy[field] !== true) errors.push(`privacy.${field} must be true`)
+}
+
+if (errors.length > 0 && receipt.attention?.missing_context_stop !== true) {
+  errors.push('missing_context_stop must be true when required context attention evidence is incomplete')
+}
+
+if (receipt.result?.status === 'safe_to_continue' && errors.length > 0) {
+  errors.push('result.status cannot be safe_to_continue when required evidence is incomplete')
+}
+
+if (!receipt.delivery?.evidence_path) {
+  warnings.push('delivery.evidence_path is missing; reviewers need a pointer to the audit trail')
+}
+
+const output = {
+  ok: errors.length === 0,
+  receipt_id: receipt.receipt_id || null,
+  task_id: receipt.task_id || null,
+  agent_surface: receipt.agent_surface || null,
+  required_count: requiredIds.length,
+  delivered_count: deliveredIds.length,
+  acknowledged_count: acknowledgedIds.length,
+  cited_count: citedIds.length,
+  status: receipt.result?.status || null,
+  next_safe_action: receipt.result?.next_safe_action || null,
+  errors,
+  warnings
+}
+
+if (output.ok) {
+  console.log(JSON.stringify(output, null, 2))
+  process.exit(0)
+}
+
+console.error(JSON.stringify(output, null, 2))
+process.exit(1)
+
+function ids(value) {
+  return Array.isArray(value) ? value.filter((id) => typeof id === 'string' && id.length > 0) : []
+}
+
+function fail(errors, code) {
+  console.error(JSON.stringify({ ok: false, errors }, null, 2))
+  process.exit(code)
+}

package/examples/tool-surface-diff-receipts/tool-surface-diff-receipt.json

@@ -0,0 +1,61 @@
+{
+  "schema": "pluribus.mcp_tool_surface_diff_receipt.v1",
+  "run_id": "tool-surface-diff-demo",
+  "generated_at": "2026-06-09T13:00:00Z",
+  "platform": {
+    "name": "enterprise-mcp-dynamic-discovery",
+    "audit_sink": "admin-center-or-siem"
+  },
+  "catalog": {
+    "server_id": "mcp://sales-ops-gateway",
+    "previous_hash": "sha256:previous-catalog-redacted",
+    "current_hash": "sha256:current-catalog-redacted"
+  },
+  "runtime_discovery": {
+    "enabled": true,
+    "trigger": "runtime_tool_catalog_diff"
+  },
+  "privacy_boundary": {
+    "raw_schemas": "omitted_hash_only",
+    "raw_prompts": "omitted",
+    "raw_results": "omitted"
+  },
+  "tools": [
+    {
+      "tool_id": "tool:crm.search_accounts",
+      "name_hash": "sha256:0cc2efb4a26f4c5eb4f7d8c99e78d37adbdba07d50ee7873452c0216d02b1f48",
+      "schema_hash": "sha256:6f4fbe0a8be41b6e29c0c1c113aac38dfefdd12b89c6e9d4a996df2537acdb71",
+      "status": "activated",
+      "validation_outcome": "accepted",
+      "diff_summary": {
+        "added_fields": 1,
+        "removed_fields": 0,
+        "changed_fields": 0
+      }
+    },
+    {
+      "tool_id": "tool:crm.export_contacts",
+      "name_hash": "sha256:f38f53f9ba3c348e67332a24a7d15f5e7ab1c9253cf01f3451e15d9e15435e13",
+      "schema_hash": "sha256:95ddc9b86a0c2d8bc6f3ca0bcce93dca2469ced51b0d38c8f8c5aa88554e0032",
+      "status": "blocked",
+      "validation_outcome": "blocked_by_rai",
+      "diff_summary": {
+        "added_fields": 4,
+        "removed_fields": 0,
+        "changed_fields": 2
+      }
+    },
+    {
+      "tool_id": "tool:billing.refund_invoice",
+      "name_hash": "sha256:abfdaf6f0a3f33342aca6d8b0d63c303e99978481d26827843a901cb6237617d",
+      "schema_hash": "sha256:3b4fdc3ec15d2fa1cc589c1c7de280a19772d5745b4ef54d27806714be12bb8c",
+      "status": "withheld",
+      "validation_outcome": "entitlement_filtered",
+      "diff_summary": {
+        "added_fields": 0,
+        "removed_fields": 0,
+        "changed_fields": 0
+      }
+    }
+  ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pluribus-context",
-  "version": "0.3.39",
+  "version": "0.3.41",
   "description": "AI context and rules sync CLI for Claude.md, Claude Code, Cursor, and Copilot instructions, with privacy-safe context receipts that prove what memory, tools, skills, compactions, and security findings crossed agent boundaries without logging raw content.",
   "type": "module",
   "homepage": "https://github.com/caioribeiroclw-pixel/pluribus#readme",
@@ -68,6 +68,11 @@
     "ai-agent-observability",
     "opentelemetry",
     "mcp",
+    "mcp-audit",
+    "mcp-gateway",
+    "mcp-security",
+    "tool-discovery",
+    "audit-trail",
     "drift-detection",
     "openclaw",
     "rules",
@@ -84,7 +89,10 @@
     "agent-context-audit",
     "agent-memory",
     "bob",
-    "bob-rules"
+    "bob-rules",
+    "agent-skill",
+    "skillpm",
+    "agent-skills-registry"
   ],
   "author": "Caio Ribeiro",
   "license": "MIT",

package/skills/context-receipts/README.md

@@ -1,6 +1,6 @@
 # Context receipts Agent Skill recipe
 
-This is a small, copyable Agent Skill recipe for context-engineering users who are adopting Tool Search, lazy MCP loading, skills, memory, compaction, or subagents and need to verify what actually crossed the context boundary.
+This is a small, copyable Agent Skill recipe for context-engineering users who are adopting Tool Search, lazy MCP loading, dynamic tool discovery, skills, memory, compaction, GraphRAG/code search, transcript review, or subagents and need to verify what actually crossed the context boundary.
 
 It is intentionally markdown-only so it can be copied into a local skills directory such as:
 
@@ -8,6 +8,11 @@ It is intentionally markdown-only so it can be copied into a local skills direct
 - `.opencode/skills/context-receipts/SKILL.md`
 - `.agents/skills/context-receipts/SKILL.md`
 
+The two newest smoke paths are:
+
+- **Runtime tool-surface diff:** prove which MCP tools were discovered, activated, withheld, or blocked without copying raw schemas/prompts/results.
+- **Context attention:** prove that retrieved/baseline context was delivered, acknowledged before planning, and cited before edits/tool calls.
+
 ## Quick smoke
 
 Ask an agent or harness using the skill to emit a receipt for one workflow and verify these constraints:
@@ -19,9 +24,15 @@ grep -E 'raw_(schema|query|args|result|output|transcript|text)_copied":false|raw
 
 Then manually check that the receipt contains counts, hashes, ids, buckets, and `audit_gap`, but does **not** contain private prompts, raw schemas, tool args/results, skill bodies, memory bodies, customer names, secrets, or transcript text.
 
-For executable fixture examples, see [`../../examples/context-input-evidence/`](../../examples/context-input-evidence/), including the ToolSearch propagation, pruning, and compaction transaction smokes:
+For executable fixture examples, see:
+
+- [`../../examples/tool-surface-diff-receipts/`](../../examples/tool-surface-diff-receipts/) for runtime MCP tool-surface diff receipts.
+- [`../../examples/context-attention-receipts/`](../../examples/context-attention-receipts/) for retrieved-context attention receipts.
+- [`../../examples/context-input-evidence/`](../../examples/context-input-evidence/) for ToolSearch propagation, pruning, and compaction transaction smokes.
 
 ```bash
+node ../../examples/context-attention-receipts/check-attention-receipt.mjs \
+  ../../examples/context-attention-receipts/attention-receipt-pass.json
 node ../../examples/context-input-evidence/convert-subagent-toolsearch-propagation-log.mjs
 node ../../examples/context-input-evidence/convert-pruning-log.mjs
 node ../../examples/context-input-evidence/convert-compaction-transaction-log.mjs