protect-mcp 0.3.1 → 0.3.3

package/dist/cli.mjs

@@ -1,10 +1,13 @@
 #!/usr/bin/env node
 import {
   ProtectGateway,
+  formatSimulation,
   initSigning,
   loadPolicy,
+  parseLogFile,
+  simulate,
   validateCredentials
-} from "./chunk-U7TMVD3E.mjs";
+} from "./chunk-WDCPUM2O.mjs";
 
 // src/cli.ts
 function printHelp() {
@@ -13,12 +16,16 @@ protect-mcp \u2014 Shadow-mode security gateway for MCP servers
 
 Usage:
   protect-mcp [options] -- <command> [args...]
+  protect-mcp quickstart
   protect-mcp init [--dir <path>]
   protect-mcp demo
+  protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]
   protect-mcp status [--dir <path>]
   protect-mcp digest [--today] [--dir <path>]
   protect-mcp receipts [--last <n>] [--dir <path>]
   protect-mcp bundle [--output <path>] [--dir <path>]
+  protect-mcp simulate --policy <path> [--log <path>] [--tier <tier>] [--json]
+  protect-mcp report [--period <days>d] [--format md|json] [--output <path>] [--dir <path>]
 
 Options:
   --policy <path>   Policy/config JSON file (default: allow-all)
@@ -28,19 +35,22 @@ Options:
   --help            Show this help
 
 Commands:
+  quickstart        Zero-config onboarding: init + demo + show receipts in one command
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
+  trace <id>        Visualize the receipt DAG from a given receipt_id (ASCII tree)
   status            Show tool call statistics from the local decision log
   digest            Generate a human-readable summary of agent activity
   receipts          Show recent persisted signed receipts
   bundle            Export an offline-verifiable audit bundle
 
 Examples:
+  protect-mcp quickstart
   protect-mcp -- node my-server.js
   protect-mcp --policy protect-mcp.json -- node my-server.js
-  protect-mcp --policy protect-mcp.json --enforce -- node my-server.js
   protect-mcp init
   protect-mcp demo
+  protect-mcp trace sha256:abc123 --depth 5
   protect-mcp status
   protect-mcp digest --today
   protect-mcp receipts --last 10
@@ -105,10 +115,7 @@ async function handleInit(argv) {
     process.exit(1);
   }
   let keypair;
-  try {
-    const artifacts = await import("@veritasacta/artifacts");
-    keypair = artifacts.generateKeypair();
-  } catch {
+  {
     const { randomBytes } = await import("crypto");
     const { ed25519 } = await import("./ed25519-EDO4K4EP.mjs");
     const { bytesToHex } = await import("./utils-IDWBSHJU.mjs");
@@ -614,12 +621,322 @@ ${bold("protect-mcp bundle")}
 
 `);
 }
+async function handleQuickstart() {
+  const { mkdtempSync, writeFileSync, existsSync, mkdirSync, readFileSync } = await import("fs");
+  const { join } = await import("path");
+  const { tmpdir } = await import("os");
+  const dir = mkdtempSync(join(tmpdir(), "protect-mcp-quickstart-"));
+  process.stdout.write(`
+${bold("protect-mcp quickstart")}
+`);
+  process.stdout.write(`${"\u2500".repeat(50)}
+
+`);
+  process.stdout.write(`  This will:
+`);
+  process.stdout.write(`  1. Generate an Ed25519 signing keypair
+`);
+  process.stdout.write(`  2. Create a shadow-mode policy
+`);
+  process.stdout.write(`  3. Start a demo MCP server with protect-mcp wrapping it
+`);
+  process.stdout.write(`  4. Log signed receipts for every tool call
+
+`);
+  process.stdout.write(`  Working dir: ${dir}
+
+`);
+  const keysDir = join(dir, "keys");
+  mkdirSync(keysDir, { recursive: true });
+  const { randomBytes } = await import("crypto");
+  let keypair;
+  try {
+    const { ed25519 } = await import("./ed25519-EDO4K4EP.mjs");
+    const { bytesToHex } = await import("./utils-IDWBSHJU.mjs");
+    const privateKey = randomBytes(32);
+    const publicKey = ed25519.getPublicKey(privateKey);
+    keypair = {
+      privateKey: bytesToHex(privateKey),
+      publicKey: bytesToHex(publicKey),
+      kid: `quickstart-${Date.now()}`
+    };
+  } catch {
+    keypair = {
+      privateKey: randomBytes(32).toString("hex"),
+      publicKey: randomBytes(32).toString("hex"),
+      kid: `quickstart-${Date.now()}`
+    };
+  }
+  writeFileSync(join(keysDir, "gateway.json"), JSON.stringify({
+    privateKey: keypair.privateKey,
+    publicKey: keypair.publicKey,
+    kid: keypair.kid,
+    generated_at: (/* @__PURE__ */ new Date()).toISOString()
+  }, null, 2) + "\n");
+  const configPath = join(dir, "protect-mcp.json");
+  const config = {
+    tools: {
+      "*": { rate_limit: "100/hour" },
+      "delete_file": { block: true }
+    },
+    default_tier: "unknown",
+    signing: {
+      key_path: join(keysDir, "gateway.json"),
+      issuer: "protect-mcp-quickstart",
+      enabled: true
+    }
+  };
+  writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  process.stdout.write(`  \u2713 Keypair generated (kid: ${keypair.kid})
+`);
+  process.stdout.write(`  \u2713 Policy created (shadow mode, all tools logged)
+`);
+  process.stdout.write(`  \u2713 Signing enabled (Ed25519)
+
+`);
+  process.stdout.write(`${bold("Starting demo server...")}
+
+`);
+  process.stdout.write(`  Every tool call will produce a signed receipt.
+`);
+  process.stdout.write(`  Try it with Claude Desktop or any MCP client.
+
+`);
+  process.stdout.write(`  ${bold("To use in production:")}
+`);
+  process.stdout.write(`    1. Copy ${configPath} to your project
+`);
+  process.stdout.write(`    2. Edit tool policies to match your server
+`);
+  process.stdout.write(`    3. Run: protect-mcp --policy protect-mcp.json -- node your-server.js
+
+`);
+  process.stdout.write(`${"\u2500".repeat(50)}
+
+`);
+  process.env.PROTECT_MCP_CONFIG = configPath;
+  await handleDemo();
+}
+async function handleTrace(argv) {
+  const receiptId = argv[0];
+  if (!receiptId) {
+    process.stderr.write("[PROTECT_MCP] Usage: protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]\n");
+    process.exit(1);
+  }
+  let endpoint = "https://evidence-indexer.tomjwxf.workers.dev";
+  let depth = 3;
+  for (let i = 1; i < argv.length; i++) {
+    if (argv[i] === "--endpoint" && argv[i + 1]) {
+      endpoint = argv[++i];
+    } else if (argv[i] === "--depth" && argv[i + 1]) {
+      depth = Math.min(10, Math.max(1, parseInt(argv[++i], 10) || 3));
+    }
+  }
+  process.stdout.write(`
+${bold("protect-mcp trace")}
+`);
+  process.stdout.write(`${"\u2500".repeat(60)}
+
+`);
+  process.stdout.write(`  Root:     ${receiptId}
+`);
+  process.stdout.write(`  Endpoint: ${endpoint}
+`);
+  process.stdout.write(`  Depth:    ${depth}
+
+`);
+  const url = `${endpoint}/evidence/graph/${encodeURIComponent(receiptId)}?depth=${depth}&direction=both&max=50`;
+  let graphData;
+  try {
+    const resp = await fetch(url);
+    if (!resp.ok) {
+      const body = await resp.text();
+      process.stderr.write(`[PROTECT_MCP] Error fetching graph: ${resp.status} ${body}
+`);
+      process.exit(1);
+    }
+    graphData = await resp.json();
+  } catch (err) {
+    process.stderr.write(`[PROTECT_MCP] Could not reach evidence indexer at ${endpoint}
+`);
+    process.stderr.write(`[PROTECT_MCP] Trying local receipts...
+
+`);
+    await traceLocal(receiptId);
+    return;
+  }
+  if (!graphData.nodes || graphData.nodes.length === 0) {
+    process.stdout.write(`  No receipts found for ${receiptId}
+
+`);
+    return;
+  }
+  process.stdout.write(`  ${bold("Evidence DAG")} (${graphData.node_count} nodes, ${graphData.edge_count} edges)
+
+`);
+  const nodeMap = /* @__PURE__ */ new Map();
+  for (const node of graphData.nodes) {
+    nodeMap.set(node.receipt_id, node);
+  }
+  const childMap = /* @__PURE__ */ new Map();
+  for (const edge of graphData.edges) {
+    if (!childMap.has(edge.from)) childMap.set(edge.from, []);
+    childMap.get(edge.from).push({ to: edge.to, relation: edge.relation });
+  }
+  const rendered = /* @__PURE__ */ new Set();
+  function renderNode(id, prefix, isLast) {
+    const node = nodeMap.get(id);
+    const connector = isLast ? "\u2514\u2500\u2500 " : "\u251C\u2500\u2500 ";
+    const childPrefix = isLast ? "    " : "\u2502   ";
+    const typeEmoji = getTypeEmoji(node?.receipt_type || "unknown");
+    const shortId = id.length > 16 ? id.slice(0, 12) + "\u2026" : id;
+    const time = node?.event_time ? new Date(node.event_time).toLocaleTimeString() : "?";
+    const type = node?.receipt_type?.replace("acta:", "") || "unknown";
+    process.stdout.write(`${prefix}${connector}${typeEmoji} ${bold(type)} ${dim(shortId)} ${dim(time)}
+`);
+    if (rendered.has(id)) {
+      process.stdout.write(`${prefix}${childPrefix}${dim("(cycle \u2014 already rendered)")}
+`);
+      return;
+    }
+    rendered.add(id);
+    const children = childMap.get(id) || [];
+    for (let i = 0; i < children.length; i++) {
+      const child = children[i];
+      const edgeLabel = dim(`\u2500\u2500[${child.relation}]\u2500\u2500\u25B6`);
+      process.stdout.write(`${prefix}${childPrefix}${edgeLabel}
+`);
+      renderNode(child.to, prefix + childPrefix, i === children.length - 1);
+    }
+  }
+  const rootNode = nodeMap.get(receiptId);
+  if (rootNode) {
+    const typeEmoji = getTypeEmoji(rootNode.receipt_type);
+    const type = rootNode.receipt_type?.replace("acta:", "") || "unknown";
+    const time = rootNode.event_time ? new Date(rootNode.event_time).toLocaleTimeString() : "?";
+    process.stdout.write(`  ${typeEmoji} ${bold(type)} ${dim(receiptId.slice(0, 16) + "\u2026")} ${dim(time)} ${bold("(root)")}
+`);
+    rendered.add(receiptId);
+    const children = childMap.get(receiptId) || [];
+    for (let i = 0; i < children.length; i++) {
+      const child = children[i];
+      const edgeLabel = dim(`\u2500\u2500[${child.relation}]\u2500\u2500\u25B6`);
+      process.stdout.write(`  ${edgeLabel}
+`);
+      renderNode(child.to, "  ", i === children.length - 1);
+    }
+    const incomingEdges = (graphData.edges || []).filter((e) => e.to === receiptId);
+    if (incomingEdges.length > 0) {
+      process.stdout.write(`
+  ${bold("Incoming edges:")}
+`);
+      for (const edge of incomingEdges) {
+        const fromNode = nodeMap.get(edge.from);
+        const fromType = fromNode?.receipt_type?.replace("acta:", "") || "unknown";
+        process.stdout.write(`  \u25C0\u2500\u2500[${edge.relation}]\u2500\u2500 ${getTypeEmoji(fromNode?.receipt_type)} ${fromType} ${dim(edge.from.slice(0, 16) + "\u2026")}
+`);
+      }
+    }
+  } else {
+    for (const node of graphData.nodes) {
+      const typeEmoji = getTypeEmoji(node.receipt_type);
+      const type = node.receipt_type?.replace("acta:", "") || "unknown";
+      process.stdout.write(`  ${typeEmoji} ${bold(type)} ${dim(node.receipt_id.slice(0, 16) + "\u2026")}
+`);
+    }
+  }
+  process.stdout.write(`
+${"\u2500".repeat(60)}
+`);
+  process.stdout.write(`  ${dim(`Fetched from ${endpoint}`)}
+
+`);
+}
+async function traceLocal(receiptId) {
+  const { readFileSync, existsSync } = await import("fs");
+  const { join } = await import("path");
+  const dir = process.cwd();
+  const receiptsDir = join(dir, ".protect-mcp", "receipts");
+  if (!existsSync(receiptsDir)) {
+    process.stdout.write(`  No local receipts found in ${receiptsDir}
+
+`);
+    return;
+  }
+  const { readdirSync } = await import("fs");
+  const files = readdirSync(receiptsDir).filter((f) => f.endsWith(".json"));
+  process.stdout.write(`  Scanning ${files.length} local receipts...
+
+`);
+  const receipts = [];
+  for (const file of files) {
+    try {
+      const content = readFileSync(join(receiptsDir, file), "utf-8");
+      const receipt = JSON.parse(content);
+      receipts.push(receipt);
+    } catch {
+    }
+  }
+  const match = receipts.find(
+    (r) => r.signed_claims?.claims?.receipt_id === receiptId || r.receipt_id === receiptId
+  );
+  if (match) {
+    const claims = match.signed_claims?.claims || match;
+    process.stdout.write(`  Found: ${getTypeEmoji(claims.receipt_type)} ${bold(claims.receipt_type?.replace("acta:", "") || "unknown")}
+`);
+    process.stdout.write(`  Event:  ${claims.event_id || "?"}
+`);
+    process.stdout.write(`  Issuer: ${claims.issuer_id || "?"}
+`);
+    process.stdout.write(`  Time:   ${claims.event_time || "?"}
+`);
+    if (claims.edges && claims.edges.length > 0) {
+      process.stdout.write(`
+  ${bold("Edges:")}
+`);
+      for (const edge of claims.edges) {
+        process.stdout.write(`    \u2500\u2500[${edge.relation}]\u2500\u2500\u25B6 ${dim(edge.receipt_id?.slice(0, 16) + "\u2026")}
+`);
+      }
+    }
+  } else {
+    process.stdout.write(`  Receipt ${receiptId} not found locally.
+`);
+  }
+  process.stdout.write("\n");
+}
+function getTypeEmoji(type) {
+  switch (type) {
+    case "acta:observation":
+      return "\u{1F441} ";
+    case "acta:policy-load":
+      return "\u{1F4CB}";
+    case "acta:approval":
+      return "\u2705";
+    case "acta:decision":
+      return "\u2696\uFE0F ";
+    case "acta:execution":
+      return "\u26A1";
+    case "acta:outcome":
+      return "\u{1F4E6}";
+    case "acta:delegation":
+      return "\u{1F91D}";
+    case "acta:capability-attestation":
+      return "\u{1F3C5}";
+    default:
+      return "\u{1F4C4}";
+  }
+}
 async function main() {
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
     printHelp();
     process.exit(0);
   }
+  if (args[0] === "quickstart") {
+    await handleQuickstart();
+    return;
+  }
   if (args[0] === "init") {
     await handleInit(args.slice(1));
     process.exit(0);
@@ -644,6 +961,18 @@ async function main() {
     await handleBundle(args.slice(1));
     process.exit(0);
   }
+  if (args[0] === "trace") {
+    await handleTrace(args.slice(1));
+    process.exit(0);
+  }
+  if (args[0] === "simulate") {
+    await handleSimulate(args.slice(1));
+    process.exit(0);
+  }
+  if (args[0] === "report") {
+    await handleReport(args.slice(1));
+    process.exit(0);
+  }
   const { policyPath, slug, enforce, verbose, childCommand } = parseArgs(args);
   let policy = null;
   let policyDigest = "none";
@@ -694,6 +1023,85 @@ async function main() {
   const gateway = new ProtectGateway(config);
   await gateway.start();
 }
+async function handleSimulate(args) {
+  let policyPath = "";
+  let logPath = ".protect-mcp-log.jsonl";
+  let tier = "unknown";
+  let jsonOutput = false;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--policy" && args[i + 1]) {
+      policyPath = args[++i];
+    } else if (args[i] === "--log" && args[i + 1]) {
+      logPath = args[++i];
+    } else if (args[i] === "--tier" && args[i + 1]) {
+      tier = args[++i];
+    } else if (args[i] === "--json") {
+      jsonOutput = true;
+    }
+  }
+  if (!policyPath) {
+    process.stderr.write("Usage: protect-mcp simulate --policy <path> [--log <path>] [--tier <tier>] [--json]\n");
+    process.exit(1);
+  }
+  const { existsSync } = await import("fs");
+  if (!existsSync(logPath)) {
+    process.stderr.write(`Log file not found: ${logPath}
+`);
+    process.stderr.write("Run protect-mcp in shadow mode first to generate a log file.\n");
+    process.exit(1);
+  }
+  const { policy } = loadPolicy(policyPath);
+  const entries = parseLogFile(logPath);
+  if (entries.length === 0) {
+    process.stderr.write("No tool call entries found in log file.\n");
+    process.exit(1);
+  }
+  const summary = simulate(entries, policy, tier);
+  summary.policy_file = policyPath;
+  summary.log_file = logPath;
+  if (jsonOutput) {
+    process.stdout.write(JSON.stringify(summary, null, 2) + "\n");
+  } else {
+    process.stdout.write(formatSimulation(summary) + "\n");
+  }
+}
+async function handleReport(args) {
+  let period = 30;
+  let format = "json";
+  let outputPath = "";
+  let dir = process.cwd();
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--period" && args[i + 1]) {
+      const match = args[++i].match(/^(\d+)d$/);
+      if (match) period = parseInt(match[1], 10);
+    } else if (args[i] === "--format" && args[i + 1]) {
+      format = args[++i];
+    } else if (args[i] === "--output" && args[i + 1]) {
+      outputPath = args[++i];
+    } else if (args[i] === "--dir" && args[i + 1]) {
+      dir = args[++i];
+    }
+  }
+  const { generateReport, formatReportMarkdown } = await import("./report-ENQ3KUI2.mjs");
+  const { join } = await import("path");
+  const logPath = join(dir, ".protect-mcp-log.jsonl");
+  const receiptPath = join(dir, ".protect-mcp-receipts.jsonl");
+  const report = generateReport(logPath, receiptPath, period);
+  let output;
+  if (format === "md") {
+    output = formatReportMarkdown(report);
+  } else {
+    output = JSON.stringify(report, null, 2);
+  }
+  if (outputPath) {
+    const { writeFileSync } = await import("fs");
+    writeFileSync(outputPath, output, "utf-8");
+    process.stderr.write(`Report written to ${outputPath}
+`);
+  } else {
+    process.stdout.write(output + "\n");
+  }
+}
 main().catch((err) => {
   process.stderr.write(`[PROTECT_MCP] Fatal error: ${err instanceof Error ? err.message : err}
 `);

package/dist/index.d.mts

@@ -36,8 +36,8 @@ type PolicyEngineMode = 'built-in' | 'external' | 'hybrid';
 interface ExternalPDPConfig {
     /** HTTP endpoint for the external policy decision point */
     endpoint: string;
-    /** Response format: 'opa' | 'cerbos' | 'generic' */
-    format?: 'opa' | 'cerbos' | 'generic';
+    /** Response format: 'opa' | 'cerbos' | 'cedar' | 'generic' */
+    format?: 'opa' | 'cerbos' | 'cedar' | 'generic';
     /** Timeout in milliseconds (default: 500) */
     timeout_ms?: number;
     /** Fallback decision when external PDP is unreachable */
@@ -154,6 +154,27 @@ interface ProtectConfig {
     signing?: SigningConfig;
     /** Credential vault: maps credential labels to injection config */
     credentials?: Record<string, CredentialConfig>;
+    /** Multi-agent mode: identify calling agents and apply per-agent policy */
+    multiAgent?: MultiAgentConfig;
+}
+/**
+ * Multi-agent mode configuration.
+ *
+ * When enabled, protect-mcp resolves the calling agent's passport kid
+ * from request metadata (x-passport-kid header or _passport_kid param)
+ * and applies agent-specific policy overrides.
+ */
+interface MultiAgentConfig {
+    /** Enable multi-agent mode */
+    enabled: boolean;
+    /** Registry endpoint for agent manifest lookup */
+    registryUrl?: string;
+    /** Per-agent policy overrides: maps kid → tool policy overrides */
+    agentPolicies?: Record<string, Record<string, ToolPolicy>>;
+    /** Default policy for unrecognized agents (default: use base policy) */
+    unknownAgentPolicy?: 'base' | 'deny' | 'shadow-only';
+    /** Cache TTL for agent manifests in ms (default: 300000 = 5 min) */
+    cacheTtlMs?: number;
 }
 
 /**
@@ -459,7 +480,7 @@ declare function isSigningEnabled(): boolean;
  * BYOPE (Bring Your Own Policy Engine) — sends decision context
  * to an external Policy Decision Point via HTTP webhook.
  *
- * Supports OPA, Cerbos, and generic JSON formats.
+ * Supports OPA, Cerbos, Cedar (AWS), and generic JSON formats.
  * ScopeBlind always signs the receipt regardless of who made the decision.
  *
  * Sprint 2: One HTTP webhook adapter. More adapters later.
@@ -570,6 +591,132 @@ declare function createAuditBundle(opts: AuditBundleOptions): AuditBundle;
  */
 declare function collectSignedReceipts(logs: DecisionLog[]): Record<string, unknown>[];
 
+/**
+ * protect-mcp simulate — dry-run policy evaluation
+ *
+ * Reads a recorded log file (.protect-mcp-log.jsonl) and evaluates
+ * each tool call against a policy file. Shows what would have been
+ * blocked, rate-limited, or approved — without wrapping a live server.
+ *
+ * Usage:
+ *   npx protect-mcp simulate --policy strict.json [--log .protect-mcp-log.jsonl] [--json]
+ */
+
+interface LogEntry {
+    v: number;
+    tool: string;
+    decision: string;
+    reason_code: string;
+    mode: string;
+    timestamp: number;
+    tier?: string;
+    rate_limit_remaining?: number;
+    [key: string]: unknown;
+}
+interface SimulationResult {
+    tool: string;
+    calls: number;
+    results: {
+        allow: number;
+        block: number;
+        rate_limited: number;
+        require_approval: number;
+        tier_insufficient: number;
+    };
+    original: {
+        allow: number;
+        deny: number;
+    };
+}
+interface SimulationSummary {
+    policy_file: string;
+    log_file: string;
+    total_calls: number;
+    results: {
+        allow: number;
+        block: number;
+        rate_limited: number;
+        require_approval: number;
+        tier_insufficient: number;
+    };
+    original: {
+        allow: number;
+        deny: number;
+    };
+    tool_breakdown: SimulationResult[];
+    changes: string[];
+}
+/**
+ * Parse a JSONL log file into log entries.
+ */
+declare function parseLogFile(path: string): LogEntry[];
+/**
+ * Simulate a policy against a set of log entries.
+ * Evaluates each entry against the policy's per-tool rules,
+ * including block, rate_limit, min_tier, and require_approval.
+ */
+declare function simulate(entries: LogEntry[], policy: ProtectPolicy, tier?: TrustTier): SimulationSummary;
+/**
+ * Format simulation results for terminal output.
+ */
+declare function formatSimulation(summary: SimulationSummary): string;
+
+/**
+ * protect-mcp report — compliance report generation
+ *
+ * Generates structured compliance reports from local log and receipt files.
+ * Output as JSON (machine-readable) or Markdown (human-readable, PDF-convertible).
+ *
+ * Usage:
+ *   npx protect-mcp report --period 30d --output report.json
+ *   npx protect-mcp report --period 30d --format md --output report.md
+ */
+interface ComplianceReport {
+    generated_at: string;
+    period: {
+        from: string;
+        to: string;
+    };
+    signing_identity: {
+        kid: string;
+        issuer: string;
+    } | null;
+    summary: {
+        total_decisions: number;
+        allowed: number;
+        blocked: number;
+        rate_limited: number;
+        approval_required: number;
+        unique_tools: number;
+        unique_tiers: number;
+    };
+    tool_breakdown: Array<{
+        tool: string;
+        total: number;
+        allowed: number;
+        blocked: number;
+        rate_limited: number;
+        approval_required: number;
+    }>;
+    policy_changes: Array<{
+        at: string;
+        policy_digest: string;
+    }>;
+    verification: {
+        receipts_signed: number;
+        receipts_unsigned: number;
+        verify_command: string;
+    };
+}
+/**
+ * Generate a compliance report from local log and receipt files.
+ */
+declare function generateReport(logPath: string, receiptPath: string, periodDays: number): ComplianceReport;
+/**
+ * Format a compliance report as Markdown.
+ */
+declare function formatReportMarkdown(report: ComplianceReport): string;
+
 /**
  * Agent identity format: sb:agent:{first 32 hex chars of SHA-256(public key bytes)}
  * Example: "sb:agent:a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"
@@ -851,4 +998,4 @@ declare function validateManifest(manifest: unknown): string[];
  */
 declare function validateEvidenceReceipt(receipt: unknown): string[];
 
-export { type AdmissionResult, type AgentId, type AgentManifest, type ArenaPayload, type ArenaReceipt, type AttestationPayload, type AttestationReceipt, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type CredentialConfig, type DecisionContext, type DecisionLog, type DisclosureMode, type Ed25519PublicKey, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type PolicyEngineMode, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SigningConfig, type TierOverrides, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, buildDecisionContext, checkRateLimit, collectSignedReceipts, createAuditBundle, evaluateTier, getSignerInfo, getToolPolicy, initSigning, isAgentId, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadPolicy, meetsMinTier, parseRateLimit, queryExternalPDP, resolveCredential, signDecision, validateCredentials, validateEvidenceReceipt, validateManifest };
+export { type AdmissionResult, type AgentId, type AgentManifest, type ArenaPayload, type ArenaReceipt, type AttestationPayload, type AttestationReceipt, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type ComplianceReport, type CredentialConfig, type DecisionContext, type DecisionLog, type DisclosureMode, type Ed25519PublicKey, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type PolicyEngineMode, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SigningConfig, type SimulationResult, type SimulationSummary, type TierOverrides, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, buildDecisionContext, checkRateLimit, collectSignedReceipts, createAuditBundle, evaluateTier, formatReportMarkdown, formatSimulation, generateReport, getSignerInfo, getToolPolicy, initSigning, isAgentId, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadPolicy, meetsMinTier, parseLogFile, parseRateLimit, queryExternalPDP, resolveCredential, signDecision, simulate, validateCredentials, validateEvidenceReceipt, validateManifest };