protect-mcp 0.4.1 → 0.4.3

package/dist/cli.js

@@ -618,6 +618,366 @@ var init_external_pdp = __esm({
   }
 });
 
+// src/cedar-evaluator.ts
+async function ensureCedarWasm() {
+  if (cedarWasm) return true;
+  if (loadAttempted) return false;
+  loadAttempted = true;
+  try {
+    const moduleName = "@cedar-policy/cedar-wasm";
+    cedarWasm = await import(
+      /* @vite-ignore */
+      moduleName
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function loadCedarPolicies(dirPath) {
+  if (!(0, import_node_fs4.existsSync)(dirPath)) {
+    throw new Error(`Cedar policy directory not found: ${dirPath}`);
+  }
+  const entries = (0, import_node_fs4.readdirSync)(dirPath).filter((f) => (0, import_node_path2.extname)(f) === ".cedar").sort();
+  if (entries.length === 0) {
+    throw new Error(`No .cedar files found in: ${dirPath}`);
+  }
+  const sources = [];
+  for (const file of entries) {
+    const content = (0, import_node_fs4.readFileSync)((0, import_node_path2.join)(dirPath, file), "utf-8");
+    sources.push(content);
+  }
+  const concatenated = sources.join("\n\n");
+  const digest = (0, import_node_crypto2.createHash)("sha256").update(concatenated).digest("hex").slice(0, 16);
+  return {
+    source: concatenated,
+    digest,
+    fileCount: entries.length,
+    files: entries
+  };
+}
+function buildEntities(req) {
+  const agentId = req.agentId || req.tier;
+  return [
+    {
+      uid: { type: "Agent", id: agentId },
+      attrs: {
+        tier: req.tier,
+        ...req.agentId ? { agent_id: req.agentId } : {}
+      },
+      parents: []
+    },
+    {
+      uid: { type: "Tool", id: req.tool },
+      attrs: {},
+      parents: []
+    }
+  ];
+}
+async function evaluateCedar(policySet, req) {
+  const available = await ensureCedarWasm();
+  if (!available) {
+    return {
+      allowed: true,
+      reason: "cedar_wasm_not_available",
+      metadata: { fallback: true }
+    };
+  }
+  try {
+    const agentId = req.agentId || req.tier;
+    const authRequest = {
+      principal: { type: "Agent", id: agentId },
+      action: { type: "Action", id: "MCP::Tool::call" },
+      resource: { type: "Tool", id: req.tool },
+      context: {
+        tier: req.tier,
+        ...req.context || {}
+      }
+    };
+    const entities = buildEntities(req);
+    let result;
+    if (typeof cedarWasm.isAuthorized === "function") {
+      result = cedarWasm.isAuthorized({
+        policies: policySet.source,
+        entities,
+        principal: authRequest.principal,
+        action: authRequest.action,
+        resource: authRequest.resource,
+        context: authRequest.context,
+        schema: null
+        // No schema enforcement — Cedar still evaluates correctly
+      });
+    } else if (typeof cedarWasm.checkAuthorization === "function") {
+      result = cedarWasm.checkAuthorization(
+        policySet.source,
+        JSON.stringify(entities),
+        JSON.stringify(authRequest)
+      );
+    } else {
+      const cedarEngine = cedarWasm.default || cedarWasm;
+      if (typeof cedarEngine.isAuthorized === "function") {
+        result = cedarEngine.isAuthorized({
+          policies: policySet.source,
+          entities,
+          principal: authRequest.principal,
+          action: authRequest.action,
+          resource: authRequest.resource,
+          context: authRequest.context,
+          schema: null
+        });
+      } else {
+        return {
+          allowed: true,
+          reason: "cedar_wasm_api_unsupported",
+          metadata: { fallback: true, exports: Object.keys(cedarWasm) }
+        };
+      }
+    }
+    const decision = parseWasmResult(result);
+    return {
+      allowed: decision.allowed,
+      reason: decision.allowed ? void 0 : `cedar_deny${decision.diagnostics ? ": " + decision.diagnostics : ""}`,
+      metadata: {
+        policy_digest: policySet.digest,
+        ...decision.matchedPolicies ? { matched_policies: decision.matchedPolicies } : {}
+      }
+    };
+  } catch (err) {
+    return {
+      allowed: true,
+      reason: `cedar_eval_error: ${err instanceof Error ? err.message : "unknown"}`,
+      metadata: { fallback: true, error: true }
+    };
+  }
+}
+function parseWasmResult(result) {
+  if (!result) {
+    return { allowed: true, diagnostics: "null result from Cedar WASM" };
+  }
+  if (result.type === "allow" || result.type === "Allow") {
+    return { allowed: true };
+  }
+  if (result.type === "deny" || result.type === "Deny") {
+    return {
+      allowed: false,
+      diagnostics: result.diagnostics ? JSON.stringify(result.diagnostics) : void 0,
+      matchedPolicies: result.diagnostics?.reasons
+    };
+  }
+  if (result.decision === "Allow") {
+    return { allowed: true };
+  }
+  if (result.decision === "Deny") {
+    return {
+      allowed: false,
+      diagnostics: result.diagnostics ? JSON.stringify(result.diagnostics) : void 0
+    };
+  }
+  if (typeof result === "boolean") {
+    return { allowed: result };
+  }
+  return { allowed: true, diagnostics: `unknown result format: ${JSON.stringify(result)}` };
+}
+async function isCedarAvailable() {
+  return ensureCedarWasm();
+}
+var import_node_crypto2, import_node_fs4, import_node_path2, cedarWasm, loadAttempted;
+var init_cedar_evaluator = __esm({
+  "src/cedar-evaluator.ts"() {
+    "use strict";
+    import_node_crypto2 = require("crypto");
+    import_node_fs4 = require("fs");
+    import_node_path2 = require("path");
+    cedarWasm = null;
+    loadAttempted = false;
+  }
+});
+
+// src/notifications.ts
+async function sendApprovalNotification(config, notification) {
+  const promises = [];
+  if (config.sms) {
+    promises.push(sendSms(config.sms, notification));
+  }
+  if (config.webhook) {
+    promises.push(sendWebhook(config.webhook, notification));
+  }
+  if (config.email) {
+    promises.push(sendEmail(config.email, notification));
+  }
+  const results = await Promise.allSettled(promises);
+  for (const result of results) {
+    if (result.status === "rejected") {
+      console.error(`[protect-mcp] Notification failed: ${result.reason}`);
+    }
+  }
+}
+async function sendSms(config, notification) {
+  const body = [
+    `\u{1F512} Approval Required`,
+    `Tool: ${notification.toolName}`,
+    notification.agentId ? `Agent: ${notification.agentId}` : null,
+    `Reason: ${notification.reason}`,
+    notification.approveUrl ? `Approve: ${notification.approveUrl}` : null,
+    notification.traceUrl ? `Trace: ${notification.traceUrl}` : null
+  ].filter(Boolean).join("\n");
+  const params = new URLSearchParams({
+    To: config.to,
+    From: config.from,
+    Body: body
+  });
+  const response = await fetch(
+    `https://api.twilio.com/2010-04-01/Accounts/${config.accountSid}/Messages.json`,
+    {
+      method: "POST",
+      headers: {
+        Authorization: `Basic ${Buffer.from(`${config.accountSid}:${config.authToken}`).toString("base64")}`,
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: params.toString()
+    }
+  );
+  if (!response.ok) {
+    throw new Error(`Twilio SMS failed: ${response.status} ${await response.text()}`);
+  }
+}
+async function sendWebhook(config, notification) {
+  let payload;
+  if (config.template === "slack") {
+    payload = {
+      blocks: [
+        {
+          type: "header",
+          text: { type: "plain_text", text: "\u{1F512} Agent Approval Required" }
+        },
+        {
+          type: "section",
+          fields: [
+            { type: "mrkdwn", text: `*Tool:*
+\`${notification.toolName}\`` },
+            { type: "mrkdwn", text: `*Agent:*
+${notification.agentId || "unknown"}` },
+            { type: "mrkdwn", text: `*Policy:*
+${notification.policyName || "default"}` },
+            { type: "mrkdwn", text: `*Time:*
+${notification.timestamp}` }
+          ]
+        },
+        {
+          type: "section",
+          text: { type: "mrkdwn", text: `*Reason:* ${notification.reason}` }
+        },
+        ...notification.approveUrl || notification.traceUrl ? [
+          {
+            type: "actions",
+            elements: [
+              ...notification.approveUrl ? [{ type: "button", text: { type: "plain_text", text: "\u2705 Approve" }, url: notification.approveUrl, style: "primary" }] : [],
+              ...notification.traceUrl ? [{ type: "button", text: { type: "plain_text", text: "\u{1F50D} View Trace" }, url: notification.traceUrl }] : []
+            ]
+          }
+        ] : []
+      ]
+    };
+  } else if (config.template === "pagerduty") {
+    payload = {
+      routing_key: config.headers?.["X-Routing-Key"] || "",
+      event_action: "trigger",
+      payload: {
+        summary: `Agent approval required: ${notification.toolName}`,
+        source: "protect-mcp",
+        severity: "warning",
+        custom_details: {
+          tool: notification.toolName,
+          agent: notification.agentId,
+          policy: notification.policyName,
+          reason: notification.reason,
+          trace_url: notification.traceUrl,
+          approve_url: notification.approveUrl
+        }
+      }
+    };
+  } else {
+    payload = notification;
+  }
+  const response = await fetch(config.url, {
+    method: config.method || "POST",
+    headers: {
+      "Content-Type": "application/json",
+      ...config.headers
+    },
+    body: JSON.stringify(payload)
+  });
+  if (!response.ok) {
+    throw new Error(`Webhook failed: ${response.status}`);
+  }
+}
+async function sendEmail(config, notification) {
+  if (!config.resendApiKey) {
+    console.warn("[protect-mcp] Email notification skipped: no resendApiKey configured");
+    return;
+  }
+  const html = `
+    <div style="font-family: monospace; padding: 20px; background: #0d1117; color: #c9d1d9; border-radius: 8px;">
+      <h2 style="color: #10b981;">\u{1F512} Agent Approval Required</h2>
+      <table style="font-size: 14px; margin: 16px 0;">
+        <tr><td style="color: #8b949e; padding: 4px 16px 4px 0;">Tool:</td><td>${notification.toolName}</td></tr>
+        <tr><td style="color: #8b949e; padding: 4px 16px 4px 0;">Agent:</td><td>${notification.agentId || "unknown"}</td></tr>
+        <tr><td style="color: #8b949e; padding: 4px 16px 4px 0;">Reason:</td><td>${notification.reason}</td></tr>
+        <tr><td style="color: #8b949e; padding: 4px 16px 4px 0;">Time:</td><td>${notification.timestamp}</td></tr>
+      </table>
+      ${notification.approveUrl ? `<a href="${notification.approveUrl}" style="background: #10b981; color: white; padding: 8px 16px; border-radius: 6px; text-decoration: none; margin-right: 8px;">\u2705 Approve</a>` : ""}
+      ${notification.traceUrl ? `<a href="${notification.traceUrl}" style="background: #1f2937; color: #c9d1d9; padding: 8px 16px; border-radius: 6px; text-decoration: none; border: 1px solid #374151;">\u{1F50D} View Trace</a>` : ""}
+    </div>
+  `;
+  const response = await fetch("https://api.resend.com/emails", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${config.resendApiKey}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      from: "ScopeBlind <noreply@scopeblind.com>",
+      to: config.to,
+      subject: `\u{1F512} Approval required: ${notification.toolName}`,
+      html
+    })
+  });
+  if (!response.ok) {
+    throw new Error(`Resend email failed: ${response.status}`);
+  }
+}
+function parseNotificationConfigFromEnv() {
+  const config = {};
+  let hasConfig = false;
+  const smsTo = process.env.SCOPEBLIND_SMS_TO;
+  const twilioSid = process.env.TWILIO_ACCOUNT_SID;
+  const twilioToken = process.env.TWILIO_AUTH_TOKEN;
+  const twilioFrom = process.env.TWILIO_FROM_NUMBER;
+  if (smsTo && twilioSid && twilioToken && twilioFrom) {
+    config.sms = { accountSid: twilioSid, authToken: twilioToken, from: twilioFrom, to: smsTo };
+    hasConfig = true;
+  }
+  const webhookUrl = process.env.SCOPEBLIND_WEBHOOK_URL;
+  if (webhookUrl) {
+    config.webhook = {
+      url: webhookUrl,
+      template: process.env.SCOPEBLIND_WEBHOOK_TEMPLATE || "custom"
+    };
+    hasConfig = true;
+  }
+  const emailTo = process.env.SCOPEBLIND_EMAIL_TO;
+  if (emailTo) {
+    config.email = { to: emailTo, resendApiKey: process.env.RESEND_API_KEY };
+    hasConfig = true;
+  }
+  return hasConfig ? config : null;
+}
+var init_notifications = __esm({
+  "src/notifications.ts"() {
+    "use strict";
+  }
+});
+
 // src/http-server.ts
 function startStatusServer(config, receiptBuffer, approvalStore, approvalNonce) {
   const startTime = Date.now();
@@ -684,13 +1044,13 @@ function handleHealth(res, startTime, config) {
   }));
 }
 function handleStatus(res, logDir) {
-  const logPath = (0, import_node_path2.join)(logDir, LOG_FILE);
-  if (!(0, import_node_fs4.existsSync)(logPath)) {
+  const logPath = (0, import_node_path3.join)(logDir, LOG_FILE);
+  if (!(0, import_node_fs5.existsSync)(logPath)) {
     res.writeHead(200);
     res.end(JSON.stringify({ entries: 0, message: "no log file yet" }));
     return;
   }
-  const raw = (0, import_node_fs4.readFileSync)(logPath, "utf-8");
+  const raw = (0, import_node_fs5.readFileSync)(logPath, "utf-8");
   const lines = raw.trim().split("\n").filter(Boolean);
   const entries = [];
   for (const line of lines) {
@@ -812,13 +1172,13 @@ function handleListApprovals(res, approvalStore) {
   res.writeHead(200);
   res.end(JSON.stringify({ grants }));
 }
-var import_node_http, import_node_fs4, import_node_path2, LOG_FILE, MAX_RECEIPTS, ReceiptBuffer;
+var import_node_http, import_node_fs5, import_node_path3, LOG_FILE, MAX_RECEIPTS, ReceiptBuffer;
 var init_http_server = __esm({
   "src/http-server.ts"() {
     "use strict";
     import_node_http = require("http");
-    import_node_fs4 = require("fs");
-    import_node_path2 = require("path");
+    import_node_fs5 = require("fs");
+    import_node_path3 = require("path");
     LOG_FILE = ".protect-mcp-log.jsonl";
     MAX_RECEIPTS = 100;
     ReceiptBuffer = class {
@@ -850,21 +1210,23 @@ var init_http_server = __esm({
 });
 
 // src/gateway.ts
-var import_node_child_process, import_node_crypto2, import_node_readline, import_node_fs5, import_node_path3, LOG_FILE2, RECEIPTS_FILE, ProtectGateway;
+var import_node_child_process, import_node_crypto3, import_node_readline, import_node_fs6, import_node_path4, LOG_FILE2, RECEIPTS_FILE, ProtectGateway;
 var init_gateway = __esm({
   "src/gateway.ts"() {
     "use strict";
     import_node_child_process = require("child_process");
-    import_node_crypto2 = require("crypto");
+    import_node_crypto3 = require("crypto");
     import_node_readline = require("readline");
-    import_node_fs5 = require("fs");
-    import_node_path3 = require("path");
+    import_node_fs6 = require("fs");
+    import_node_path4 = require("path");
     init_policy();
     init_admission();
     init_credentials();
     init_signing();
     init_external_pdp();
+    init_cedar_evaluator();
     init_evidence_store();
+    init_notifications();
     init_http_server();
     LOG_FILE2 = ".protect-mcp-log.jsonl";
     RECEIPTS_FILE = ".protect-mcp-receipts.jsonl";
@@ -880,18 +1242,30 @@ var init_gateway = __esm({
       /** Approval grants keyed by request_id (scoped to the specific action that was requested) */
       approvalStore = /* @__PURE__ */ new Map();
       /** Random nonce generated at startup — required for approval endpoint authentication */
-      approvalNonce = (0, import_node_crypto2.randomBytes)(16).toString("hex");
+      approvalNonce = (0, import_node_crypto3.randomBytes)(16).toString("hex");
       currentTier = "unknown";
       admissionResult = null;
+      /** Notification config for approval gates (SMS, webhook, email) */
+      notificationConfig = null;
       /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
       pendingResponses = /* @__PURE__ */ new Map();
       httpMode = false;
+      /** Loaded Cedar policy set (when policy_engine is "cedar") */
+      cedarPolicySet = null;
       constructor(config) {
         this.config = config;
-        this.logFilePath = (0, import_node_path3.join)(process.cwd(), LOG_FILE2);
-        this.receiptFilePath = (0, import_node_path3.join)(process.cwd(), RECEIPTS_FILE);
+        this.logFilePath = (0, import_node_path4.join)(process.cwd(), LOG_FILE2);
+        this.receiptFilePath = (0, import_node_path4.join)(process.cwd(), RECEIPTS_FILE);
         this.evidenceStore = new EvidenceStore();
         this.receiptBuffer = new ReceiptBuffer();
+        this.notificationConfig = parseNotificationConfigFromEnv();
+      }
+      /**
+       * Set the Cedar policy set for local evaluation.
+       * Called during CLI startup when --cedar flag is used.
+       */
+      setCedarPolicies(policySet) {
+        this.cedarPolicySet = policySet;
       }
       async start() {
         const { command, args, verbose } = this.config;
@@ -1022,7 +1396,7 @@ var init_gateway = __esm({
       }
       async interceptToolCall(request) {
         const toolName = request.params?.name || "unknown";
-        const requestId = (0, import_node_crypto2.randomUUID)().slice(0, 12);
+        const requestId = (0, import_node_crypto3.randomUUID)().slice(0, 12);
         const mode = this.config.enforce ? "enforce" : "shadow";
         let resolvedAgentKid = this.admissionResult?.agent_id;
         let effectiveToolPolicy;
@@ -1060,6 +1434,27 @@ var init_gateway = __esm({
             }
           }
         }
+        if (this.config.policy?.policy_engine === "cedar" && this.cedarPolicySet) {
+          try {
+            const cedarDecision = await evaluateCedar(this.cedarPolicySet, {
+              tool: toolName,
+              tier: this.currentTier,
+              agentId: this.admissionResult?.agent_id
+            });
+            if (!cedarDecision.allowed) {
+              const reason = cedarDecision.reason || "cedar_deny";
+              this.emitDecisionLog({ tool: toolName, decision: "deny", reason_code: reason, request_id: requestId, tier: this.currentTier, credential_ref: credentialRef });
+              if (this.config.enforce) {
+                return this.makeErrorResponse(request.id, -32600, `Tool "${toolName}" denied by Cedar policy`);
+              }
+              return null;
+            }
+            this.emitDecisionLog({ tool: toolName, decision: "allow", reason_code: "cedar_allow", request_id: requestId, tier: this.currentTier, credential_ref: credentialRef });
+            return null;
+          } catch (err) {
+            if (this.config.verbose) this.log(`Cedar evaluation error: ${err instanceof Error ? err.message : err}`);
+          }
+        }
         if (this.config.policy?.external && (this.config.policy.policy_engine === "external" || this.config.policy.policy_engine === "hybrid")) {
           try {
             const ctx = buildDecisionContext(toolName, this.currentTier, {
@@ -1107,6 +1502,20 @@ var init_gateway = __esm({
             return null;
           }
           this.emitDecisionLog({ tool: toolName, decision: "require_approval", reason_code: "requires_human_approval", request_id: requestId, tier: this.currentTier, credential_ref: credentialRef });
+          if (this.notificationConfig) {
+            sendApprovalNotification(this.notificationConfig, {
+              requestId,
+              toolName,
+              agentId: this.admissionResult?.agent_id,
+              policyName: "default",
+              reason: `Policy requires human approval for "${toolName}"`,
+              traceUrl: `https://scopeblind.com/trace`,
+              approveUrl: void 0,
+              // Approve URL provided when HTTP transport is active
+              timestamp: (/* @__PURE__ */ new Date()).toISOString()
+            }).catch(() => {
+            });
+          }
           if (this.config.enforce) {
             return {
               jsonrpc: "2.0",
@@ -1154,8 +1563,19 @@ var init_gateway = __esm({
         }
         return policy.rate_limit;
       }
+      /**
+       * Emit a decision log entry with OTel-compatible trace IDs and optional
+       * signed receipt generation.
+       *
+       * @patent Patent-protected construction — decision receipts with configurable
+       * disclosure and issuer-blind properties. Covered by Apache 2.0 patent grant
+       * for users of this code. Clean-room reimplementation requires a patent license.
+       * @see {@link https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/}
+       */
       emitDecisionLog(entry) {
         const mode = this.config.enforce ? "enforce" : "shadow";
+        const otelTraceId = entry.otel_trace_id || (0, import_node_crypto3.randomBytes)(16).toString("hex");
+        const otelSpanId = entry.otel_span_id || (0, import_node_crypto3.randomBytes)(8).toString("hex");
         const log = {
           v: 2,
           tool: entry.tool || "unknown",
@@ -1163,17 +1583,19 @@ var init_gateway = __esm({
           reason_code: entry.reason_code || "default_allow",
           policy_digest: this.config.policyDigest,
           policy_engine: this.config.policy?.policy_engine || "built-in",
-          request_id: entry.request_id || (0, import_node_crypto2.randomUUID)().slice(0, 12),
+          request_id: entry.request_id || (0, import_node_crypto3.randomUUID)().slice(0, 12),
           timestamp: Date.now(),
           mode,
           ...entry.rate_limit_remaining !== void 0 && { rate_limit_remaining: entry.rate_limit_remaining },
           ...entry.tier && { tier: entry.tier },
-          ...entry.credential_ref && { credential_ref: entry.credential_ref }
+          ...entry.credential_ref && { credential_ref: entry.credential_ref },
+          otel_trace_id: otelTraceId,
+          otel_span_id: otelSpanId
         };
         process.stderr.write(`[PROTECT_MCP] ${JSON.stringify(log)}
 `);
         try {
-          (0, import_node_fs5.appendFileSync)(this.logFilePath, JSON.stringify(log) + "\n");
+          (0, import_node_fs6.appendFileSync)(this.logFilePath, JSON.stringify(log) + "\n");
         } catch {
         }
         if (isSigningEnabled()) {
@@ -1182,7 +1604,7 @@ var init_gateway = __esm({
             process.stderr.write(`[PROTECT_MCP_RECEIPT] ${signed.signed}
 `);
             try {
-              (0, import_node_fs5.appendFileSync)(this.receiptFilePath, signed.signed + "\n");
+              (0, import_node_fs6.appendFileSync)(this.receiptFilePath, signed.signed + "\n");
             } catch {
             }
             this.receiptBuffer.add(log.request_id, signed.signed);
@@ -4163,8 +4585,8 @@ function generateReport(logPath, receiptPath, periodDays) {
   const now = /* @__PURE__ */ new Date();
   const from = new Date(now.getTime() - periodDays * 864e5);
   const entries = [];
-  if ((0, import_node_fs7.existsSync)(logPath)) {
-    const raw = (0, import_node_fs7.readFileSync)(logPath, "utf-8");
+  if ((0, import_node_fs8.existsSync)(logPath)) {
+    const raw = (0, import_node_fs8.readFileSync)(logPath, "utf-8");
     for (const line of raw.split("\n")) {
       const trimmed = line.trim();
       if (!trimmed) continue;
@@ -4184,8 +4606,8 @@ function generateReport(logPath, receiptPath, periodDays) {
   let receiptsSigned = 0;
   let signerKid = "";
   let signerIssuer = "";
-  if ((0, import_node_fs7.existsSync)(receiptPath)) {
-    const raw = (0, import_node_fs7.readFileSync)(receiptPath, "utf-8");
+  if ((0, import_node_fs8.existsSync)(receiptPath)) {
+    const raw = (0, import_node_fs8.readFileSync)(receiptPath, "utf-8");
     for (const line of raw.split("\n")) {
       const trimmed = line.trim();
       if (!trimmed) continue;
@@ -4317,11 +4739,11 @@ function formatReportMarkdown(report) {
   lines.push("*Generated by protect-mcp \xB7 scopeblind.com*");
   return lines.join("\n");
 }
-var import_node_fs7;
+var import_node_fs8;
 var init_report = __esm({
   "src/report.ts"() {
     "use strict";
-    import_node_fs7 = require("fs");
+    import_node_fs8 = require("fs");
   }
 });
 
@@ -4332,11 +4754,11 @@ init_signing();
 init_credentials();
 
 // src/simulate.ts
-var import_node_fs6 = require("fs");
+var import_node_fs7 = require("fs");
 init_policy();
 init_admission();
 function parseLogFile(path) {
-  const raw = (0, import_node_fs6.readFileSync)(path, "utf-8");
+  const raw = (0, import_node_fs7.readFileSync)(path, "utf-8");
   const entries = [];
   for (const line of raw.split("\n")) {
     const trimmed = line.trim();
@@ -4465,6 +4887,7 @@ function formatSimulation(summary) {
 }
 
 // src/cli.ts
+init_cedar_evaluator();
 function printHelp() {
   process.stderr.write(`
 protect-mcp \u2014 Shadow-mode security gateway for MCP servers
@@ -4484,6 +4907,7 @@ Usage:
 
 Options:
   --policy <path>   Policy/config JSON file (default: allow-all)
+  --cedar <dir>     Cedar policy directory (alternative to --policy, evaluates locally via WASM)
   --slug <slug>     ScopeBlind tenant slug (optional)
   --enforce         Enable enforcement mode (default: shadow mode)
   --http            Start HTTP/SSE server instead of stdio proxy
@@ -4495,6 +4919,7 @@ Commands:
   quickstart        Zero-config onboarding: init + demo + show receipts in one command
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
+  doctor            Check your setup: keys, policies, verifier, API connectivity
   trace <id>        Visualize the receipt DAG from a given receipt_id (ASCII tree)
   status            Show tool call statistics from the local decision log
   digest            Generate a human-readable summary of agent activity
@@ -4517,6 +4942,7 @@ Examples:
 }
 function parseArgs(argv) {
   let policyPath;
+  let cedarDir;
   let slug;
   let enforce = false;
   let verbose = false;
@@ -4541,6 +4967,8 @@ function parseArgs(argv) {
       process.exit(0);
     } else if (arg === "--policy" && i + 1 < options.length) {
       policyPath = options[++i];
+    } else if (arg === "--cedar" && i + 1 < options.length) {
+      cedarDir = options[++i];
     } else if (arg === "--slug" && i + 1 < options.length) {
       slug = options[++i];
     } else if (arg === "--enforce") {
@@ -4552,20 +4980,20 @@ function parseArgs(argv) {
 `);
     }
   }
-  return { policyPath, slug, enforce, verbose, childCommand };
+  return { policyPath, cedarDir, slug, enforce, verbose, childCommand };
 }
 async function handleInit(argv) {
-  const { writeFileSync: writeFileSync2, existsSync: existsSync5, mkdirSync } = await import("fs");
-  const { join: join4 } = await import("path");
+  const { writeFileSync: writeFileSync2, existsSync: existsSync6, mkdirSync } = await import("fs");
+  const { join: join5 } = await import("path");
   let dir = process.cwd();
   const dirIdx = argv.indexOf("--dir");
   if (dirIdx !== -1 && argv[dirIdx + 1]) {
     dir = argv[dirIdx + 1];
   }
-  const configPath = join4(dir, "protect-mcp.json");
-  const keysDir = join4(dir, "keys");
-  const keyPath = join4(keysDir, "gateway.json");
-  if (existsSync5(configPath)) {
+  const configPath = join5(dir, "protect-mcp.json");
+  const keysDir = join5(dir, "keys");
+  const keyPath = join5(keysDir, "gateway.json");
+  if (existsSync6(configPath)) {
     process.stderr.write(`[PROTECT_MCP] Config already exists at ${configPath}
 `);
     process.stderr.write("[PROTECT_MCP] Delete it first if you want to regenerate.\n");
@@ -4584,7 +5012,7 @@ async function handleInit(argv) {
       kid: "generated"
     };
   }
-  if (!existsSync5(keysDir)) {
+  if (!existsSync6(keysDir)) {
     mkdirSync(keysDir, { recursive: true });
   }
   writeFileSync2(keyPath, JSON.stringify({
@@ -4594,8 +5022,8 @@ async function handleInit(argv) {
     generated_at: (/* @__PURE__ */ new Date()).toISOString(),
     warning: "KEEP THIS FILE SECRET. Never commit to version control."
   }, null, 2) + "\n");
-  const gitignorePath = join4(keysDir, ".gitignore");
-  if (!existsSync5(gitignorePath)) {
+  const gitignorePath = join5(keysDir, ".gitignore");
+  if (!existsSync6(gitignorePath)) {
     writeFileSync2(gitignorePath, "# Never commit signing keys\n*.json\n");
   }
   const config = {
@@ -4668,13 +5096,19 @@ Add --enforce when ready to block policy violations.
 `);
 }
 async function handleDemo() {
-  const { existsSync: existsSync5 } = await import("fs");
-  const { join: join4, dirname, resolve } = await import("path");
+  const { existsSync: existsSync6 } = await import("fs");
+  const { join: join5, dirname, resolve } = await import("path");
+  const { realpathSync } = await import("fs");
   const cliPath = resolve(process.argv[1] || "dist/cli.js");
-  const cliDir = dirname(cliPath);
-  const demoServerPath = join4(cliDir, "demo-server.js");
-  const configPath = join4(process.cwd(), "protect-mcp.json");
-  const hasConfig = existsSync5(configPath);
+  let cliDir;
+  try {
+    cliDir = dirname(realpathSync(cliPath));
+  } catch {
+    cliDir = dirname(cliPath);
+  }
+  const demoServerPath = join5(cliDir, "demo-server.js");
+  const configPath = join5(process.cwd(), "protect-mcp.json");
+  const hasConfig = existsSync6(configPath);
   if (!hasConfig) {
     process.stderr.write(`
 ${bold("protect-mcp demo")}
@@ -4748,15 +5182,15 @@ Starting demo server with 5 tools...
   await gateway.start();
 }
 async function handleStatus2(argv) {
-  const { readFileSync: readFileSync7, existsSync: existsSync5 } = await import("fs");
-  const { join: join4 } = await import("path");
+  const { readFileSync: readFileSync8, existsSync: existsSync6 } = await import("fs");
+  const { join: join5 } = await import("path");
   let dir = process.cwd();
   const dirIdx = argv.indexOf("--dir");
   if (dirIdx !== -1 && argv[dirIdx + 1]) {
     dir = argv[dirIdx + 1];
   }
-  const logPath = join4(dir, ".protect-mcp-log.jsonl");
-  if (!existsSync5(logPath)) {
+  const logPath = join5(dir, ".protect-mcp-log.jsonl");
+  if (!existsSync6(logPath)) {
     process.stderr.write(`${bold("protect-mcp status")}
 
 `);
@@ -4766,7 +5200,7 @@ async function handleStatus2(argv) {
 `);
     process.exit(0);
   }
-  const raw = readFileSync7(logPath, "utf-8");
+  const raw = readFileSync8(logPath, "utf-8");
   const lines = raw.trim().split("\n").filter(Boolean);
   if (lines.length === 0) {
     process.stderr.write(`${bold("protect-mcp status")}
@@ -4845,10 +5279,10 @@ ${bold("protect-mcp status")}
     process.stdout.write(`    ${reason.padEnd(25)} ${count}
 `);
   }
-  const evidencePath = join4(dir, ".protect-mcp-evidence.json");
-  if (existsSync5(evidencePath)) {
+  const evidencePath = join5(dir, ".protect-mcp-evidence.json");
+  if (existsSync6(evidencePath)) {
     try {
-      const evidenceRaw = readFileSync7(evidencePath, "utf-8");
+      const evidenceRaw = readFileSync8(evidencePath, "utf-8");
       const evidence = JSON.parse(evidenceRaw);
       const agentCount = Object.keys(evidence.agents || {}).length;
       process.stdout.write(`
@@ -4857,10 +5291,10 @@ ${bold("protect-mcp status")}
     } catch {
     }
   }
-  const keyPath = join4(dir, "keys", "gateway.json");
-  if (existsSync5(keyPath)) {
+  const keyPath = join5(dir, "keys", "gateway.json");
+  if (existsSync6(keyPath)) {
     try {
-      const keyData = JSON.parse(readFileSync7(keyPath, "utf-8"));
+      const keyData = JSON.parse(readFileSync8(keyPath, "utf-8"));
       if (keyData.publicKey) {
         const fingerprint = keyData.publicKey.slice(0, 16) + "...";
         process.stdout.write(`
@@ -4899,21 +5333,21 @@ function yellow(s) {
   return process.env.NO_COLOR ? s : `\x1B[33m${s}\x1B[0m`;
 }
 async function handleDigest(argv) {
-  const { readFileSync: readFileSync7, existsSync: existsSync5 } = await import("fs");
-  const { join: join4 } = await import("path");
+  const { readFileSync: readFileSync8, existsSync: existsSync6 } = await import("fs");
+  const { join: join5 } = await import("path");
   let dir = process.cwd();
   const dirIdx = argv.indexOf("--dir");
   if (dirIdx !== -1 && argv[dirIdx + 1]) dir = argv[dirIdx + 1];
   const today = argv.includes("--today");
-  const logPath = join4(dir, ".protect-mcp-log.jsonl");
-  if (!existsSync5(logPath)) {
+  const logPath = join5(dir, ".protect-mcp-log.jsonl");
+  if (!existsSync6(logPath)) {
     process.stderr.write(`${bold("protect-mcp digest")}
 
 No log file found. Run protect-mcp first.
 `);
     process.exit(0);
   }
-  const raw = readFileSync7(logPath, "utf-8");
+  const raw = readFileSync8(logPath, "utf-8");
   const lines = raw.trim().split("\n").filter(Boolean);
   let entries = [];
   for (const line of lines) {
@@ -4990,22 +5424,22 @@ ${bold("\u{1F6E1}\uFE0F Agent Daily Digest")}
 `);
 }
 async function handleReceipts2(argv) {
-  const { readFileSync: readFileSync7, existsSync: existsSync5 } = await import("fs");
-  const { join: join4 } = await import("path");
+  const { readFileSync: readFileSync8, existsSync: existsSync6 } = await import("fs");
+  const { join: join5 } = await import("path");
   let dir = process.cwd();
   const dirIdx = argv.indexOf("--dir");
   if (dirIdx !== -1 && argv[dirIdx + 1]) dir = argv[dirIdx + 1];
   const lastIdx = argv.indexOf("--last");
   const count = lastIdx !== -1 && argv[lastIdx + 1] ? parseInt(argv[lastIdx + 1], 10) : 20;
-  const receiptsPath = join4(dir, ".protect-mcp-receipts.jsonl");
-  if (!existsSync5(receiptsPath)) {
+  const receiptsPath = join5(dir, ".protect-mcp-receipts.jsonl");
+  if (!existsSync6(receiptsPath)) {
     process.stderr.write(`${bold("protect-mcp receipts")}
 
 No signed receipt file found. Run protect-mcp with signing enabled first.
 `);
     process.exit(0);
   }
-  const raw = readFileSync7(receiptsPath, "utf-8");
+  const raw = readFileSync8(receiptsPath, "utf-8");
   const lines = raw.trim().split("\n").filter(Boolean);
   const recent = lines.slice(-count);
   process.stdout.write(`
@@ -5028,32 +5462,32 @@ ${bold("\u{1F6E1}\uFE0F Recent Receipts")} (last ${recent.length})
 `);
 }
 async function handleBundle(argv) {
-  const { readFileSync: readFileSync7, writeFileSync: writeFileSync2, existsSync: existsSync5 } = await import("fs");
-  const { join: join4 } = await import("path");
+  const { readFileSync: readFileSync8, writeFileSync: writeFileSync2, existsSync: existsSync6 } = await import("fs");
+  const { join: join5 } = await import("path");
   const { createAuditBundle: createAuditBundle2 } = await Promise.resolve().then(() => (init_bundle(), bundle_exports));
   let dir = process.cwd();
   const dirIdx = argv.indexOf("--dir");
   if (dirIdx !== -1 && argv[dirIdx + 1]) dir = argv[dirIdx + 1];
   const outputIdx = argv.indexOf("--output");
-  const outputPath = outputIdx !== -1 && argv[outputIdx + 1] ? argv[outputIdx + 1] : join4(dir, "audit-bundle.json");
-  const receiptsPath = join4(dir, ".protect-mcp-receipts.jsonl");
-  const keyPath = join4(dir, "keys", "gateway.json");
-  if (!existsSync5(receiptsPath)) {
+  const outputPath = outputIdx !== -1 && argv[outputIdx + 1] ? argv[outputIdx + 1] : join5(dir, "audit-bundle.json");
+  const receiptsPath = join5(dir, ".protect-mcp-receipts.jsonl");
+  const keyPath = join5(dir, "keys", "gateway.json");
+  if (!existsSync6(receiptsPath)) {
     process.stderr.write(`${bold("protect-mcp bundle")}
 
 No signed receipt file found. Run protect-mcp with signing enabled first.
 `);
     process.exit(0);
   }
-  if (!existsSync5(keyPath)) {
+  if (!existsSync6(keyPath)) {
     process.stderr.write(`${bold("protect-mcp bundle")}
 
 No key file found at ${keyPath}
 `);
     process.exit(1);
   }
-  const receipts = readFileSync7(receiptsPath, "utf-8").trim().split("\n").filter(Boolean).map((line) => JSON.parse(line));
-  const keyData = JSON.parse(readFileSync7(keyPath, "utf-8"));
+  const receipts = readFileSync8(receiptsPath, "utf-8").trim().split("\n").filter(Boolean).map((line) => JSON.parse(line));
+  const keyData = JSON.parse(readFileSync8(keyPath, "utf-8"));
   const bundle = createAuditBundle2({
     tenant: keyData.issuer || "protect-mcp",
     receipts,
@@ -5079,10 +5513,10 @@ ${bold("protect-mcp bundle")}
 `);
 }
 async function handleQuickstart() {
-  const { mkdtempSync, writeFileSync: writeFileSync2, existsSync: existsSync5, mkdirSync, readFileSync: readFileSync7 } = await import("fs");
-  const { join: join4 } = await import("path");
+  const { mkdtempSync, writeFileSync: writeFileSync2, existsSync: existsSync6, mkdirSync, readFileSync: readFileSync8 } = await import("fs");
+  const { join: join5 } = await import("path");
   const { tmpdir } = await import("os");
-  const dir = mkdtempSync(join4(tmpdir(), "protect-mcp-quickstart-"));
+  const dir = mkdtempSync(join5(tmpdir(), "protect-mcp-quickstart-"));
   process.stdout.write(`
 ${bold("protect-mcp quickstart")}
 `);
@@ -5103,7 +5537,7 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  Working dir: ${dir}
 
 `);
-  const keysDir = join4(dir, "keys");
+  const keysDir = join5(dir, "keys");
   mkdirSync(keysDir, { recursive: true });
   const { randomBytes: randomBytes3 } = await import("crypto");
   let keypair;
@@ -5124,13 +5558,13 @@ ${bold("protect-mcp quickstart")}
       kid: `quickstart-${Date.now()}`
     };
   }
-  writeFileSync2(join4(keysDir, "gateway.json"), JSON.stringify({
+  writeFileSync2(join5(keysDir, "gateway.json"), JSON.stringify({
     privateKey: keypair.privateKey,
     publicKey: keypair.publicKey,
     kid: keypair.kid,
     generated_at: (/* @__PURE__ */ new Date()).toISOString()
   }, null, 2) + "\n");
-  const configPath = join4(dir, "protect-mcp.json");
+  const configPath = join5(dir, "protect-mcp.json");
   const config = {
     tools: {
       "*": { rate_limit: "100/hour" },
@@ -5138,7 +5572,7 @@ ${bold("protect-mcp quickstart")}
     },
     default_tier: "unknown",
     signing: {
-      key_path: join4(keysDir, "gateway.json"),
+      key_path: join5(keysDir, "gateway.json"),
       issuer: "protect-mcp-quickstart",
       enabled: true
     }
@@ -5180,7 +5614,7 @@ async function handleTrace(argv) {
     process.stderr.write("[PROTECT_MCP] Usage: protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]\n");
     process.exit(1);
   }
-  let endpoint = "https://evidence-indexer.tomjwxf.workers.dev";
+  let endpoint = "https://api.scopeblind.com/evidence";
   let depth = 3;
   for (let i = 1; i < argv.length; i++) {
     if (argv[i] === "--endpoint" && argv[i + 1]) {
@@ -5310,25 +5744,25 @@ ${"\u2500".repeat(60)}
 `);
 }
 async function traceLocal(receiptId) {
-  const { readFileSync: readFileSync7, existsSync: existsSync5 } = await import("fs");
-  const { join: join4 } = await import("path");
+  const { readFileSync: readFileSync8, existsSync: existsSync6 } = await import("fs");
+  const { join: join5 } = await import("path");
   const dir = process.cwd();
-  const receiptsDir = join4(dir, ".protect-mcp", "receipts");
-  if (!existsSync5(receiptsDir)) {
+  const receiptsDir = join5(dir, ".protect-mcp", "receipts");
+  if (!existsSync6(receiptsDir)) {
     process.stdout.write(`  No local receipts found in ${receiptsDir}
 
 `);
     return;
   }
-  const { readdirSync } = await import("fs");
-  const files = readdirSync(receiptsDir).filter((f) => f.endsWith(".json"));
+  const { readdirSync: readdirSync2 } = await import("fs");
+  const files = readdirSync2(receiptsDir).filter((f) => f.endsWith(".json"));
   process.stdout.write(`  Scanning ${files.length} local receipts...
 
 `);
   const receipts = [];
   for (const file of files) {
     try {
-      const content = readFileSync7(join4(receiptsDir, file), "utf-8");
+      const content = readFileSync8(join5(receiptsDir, file), "utf-8");
       const receipt = JSON.parse(content);
       receipts.push(receipt);
     } catch {
@@ -5430,12 +5864,57 @@ async function main() {
     await handleReport(args.slice(1));
     process.exit(0);
   }
-  const { policyPath, slug, enforce, verbose, childCommand } = parseArgs(args);
+  if (args[0] === "doctor") {
+    await handleDoctor();
+    process.exit(0);
+  }
+  const { policyPath, cedarDir, slug, enforce, verbose, childCommand } = parseArgs(args);
   let policy = null;
   let policyDigest = "none";
   let credentials;
   let signing;
-  if (policyPath) {
+  let cedarPolicySet = null;
+  let effectiveCedarDir = cedarDir;
+  if (!effectiveCedarDir && !policyPath) {
+    const { existsSync: existsSync6, readdirSync: readdirSync2 } = await import("fs");
+    for (const candidate of ["cedar", "policies", "."]) {
+      try {
+        if (existsSync6(candidate) && readdirSync2(candidate).some((f) => f.endsWith(".cedar"))) {
+          effectiveCedarDir = candidate;
+          process.stderr.write(`[PROTECT_MCP] Auto-detected Cedar policies in ./${candidate}/
+`);
+          break;
+        }
+      } catch {
+      }
+    }
+  }
+  if (effectiveCedarDir) {
+    try {
+      const cedarAvailable = await isCedarAvailable();
+      if (!cedarAvailable) {
+        process.stderr.write("[PROTECT_MCP] Warning: @cedar-policy/cedar-wasm not installed. Install with: npm install @cedar-policy/cedar-wasm\n");
+        process.stderr.write("[PROTECT_MCP] Cedar policies will be loaded but evaluated with fallback (allow-all).\n");
+      }
+      cedarPolicySet = loadCedarPolicies(effectiveCedarDir);
+      policyDigest = cedarPolicySet.digest;
+      policy = {
+        tools: { "*": { require: "any" } },
+        policy_engine: "cedar",
+        cedar_dir: effectiveCedarDir
+      };
+      process.stderr.write(`[PROTECT_MCP] Cedar policy engine: loaded ${cedarPolicySet.fileCount} policies from ${effectiveCedarDir} (digest: ${policyDigest})
+`);
+      if (verbose) {
+        process.stderr.write(`[PROTECT_MCP] Cedar files: ${cedarPolicySet.files.join(", ")}
+`);
+      }
+    } catch (err) {
+      process.stderr.write(`[PROTECT_MCP] Error loading Cedar policies: ${err instanceof Error ? err.message : err}
+`);
+      process.exit(1);
+    }
+  } else if (policyPath) {
     try {
       const loaded = loadPolicy(policyPath);
       policy = loaded.policy;
@@ -5486,6 +5965,9 @@ async function main() {
     return;
   }
   const gateway = new ProtectGateway(config);
+  if (cedarPolicySet) {
+    gateway.setCedarPolicies(cedarPolicySet);
+  }
   await gateway.start();
 }
 async function handleSimulate(args) {
@@ -5508,8 +5990,8 @@ async function handleSimulate(args) {
     process.stderr.write("Usage: protect-mcp simulate --policy <path> [--log <path>] [--tier <tier>] [--json]\n");
     process.exit(1);
   }
-  const { existsSync: existsSync5 } = await import("fs");
-  if (!existsSync5(logPath)) {
+  const { existsSync: existsSync6 } = await import("fs");
+  if (!existsSync6(logPath)) {
     process.stderr.write(`Log file not found: ${logPath}
 `);
     process.stderr.write("Run protect-mcp in shadow mode first to generate a log file.\n");
@@ -5530,6 +6012,127 @@ async function handleSimulate(args) {
     process.stdout.write(formatSimulation(summary) + "\n");
   }
 }
+async function handleDoctor() {
+  const { existsSync: existsSync6, readFileSync: readFileSync8, readdirSync: readdirSync2 } = await import("fs");
+  const { join: join5 } = await import("path");
+  const { execSync } = await import("child_process");
+  const green2 = (s) => `\x1B[32m\u2713\x1B[0m ${s}`;
+  const red2 = (s) => `\x1B[31m\u2717\x1B[0m ${s}`;
+  const yellow2 = (s) => `\x1B[33m\u26A0\x1B[0m ${s}`;
+  const dim2 = (s) => `\x1B[2m${s}\x1B[0m`;
+  process.stdout.write("\n\x1B[1mprotect-mcp doctor\x1B[0m\n");
+  process.stdout.write(dim2("Checking your ScopeBlind setup...\n\n"));
+  let issues = 0;
+  const nodeVersion = process.version;
+  const major = parseInt(nodeVersion.slice(1));
+  if (major >= 18) {
+    process.stdout.write(green2(`Node.js ${nodeVersion}
+`));
+  } else {
+    process.stdout.write(red2(`Node.js ${nodeVersion} \u2014 requires >= 18
+`));
+    issues++;
+  }
+  const configPath = join5(process.cwd(), "scopeblind.config.json");
+  if (existsSync6(configPath)) {
+    try {
+      const config = JSON.parse(readFileSync8(configPath, "utf-8"));
+      if (config.signing?.private_key || config.signing?.key_file) {
+        process.stdout.write(green2("Signing keys configured\n"));
+      } else {
+        process.stdout.write(yellow2("Config found but no signing keys \u2014 run: protect-mcp init\n"));
+        issues++;
+      }
+    } catch {
+      process.stdout.write(red2("Invalid scopeblind.config.json\n"));
+      issues++;
+    }
+  } else {
+    process.stdout.write(yellow2("No scopeblind.config.json \u2014 run: protect-mcp init\n"));
+  }
+  let policyFound = false;
+  for (const dir of ["cedar", "policies", "."]) {
+    try {
+      if (existsSync6(dir) && readdirSync2(dir).some((f) => f.endsWith(".cedar"))) {
+        process.stdout.write(green2(`Cedar policies found in ./${dir}/
+`));
+        policyFound = true;
+        break;
+      }
+    } catch {
+    }
+  }
+  if (!policyFound) {
+    for (const name of ["policy.json", "protect-mcp.policy.json", "scopeblind-policy.json"]) {
+      if (existsSync6(name)) {
+        process.stdout.write(green2(`JSON policy found: ${name}
+`));
+        policyFound = true;
+        break;
+      }
+    }
+  }
+  if (!policyFound) {
+    process.stdout.write(yellow2("No policy files found \u2014 running in shadow mode (allow all)\n"));
+  }
+  try {
+    const cedarAvailable = await isCedarAvailable();
+    if (cedarAvailable) {
+      process.stdout.write(green2("Cedar WASM engine available\n"));
+    } else {
+      process.stdout.write(dim2("  Cedar WASM not installed \u2014 install: npm install @cedar-policy/cedar-wasm\n"));
+    }
+  } catch {
+    process.stdout.write(dim2("  Cedar WASM not installed\n"));
+  }
+  const logFile = join5(process.cwd(), "protect-mcp-decisions.jsonl");
+  const receiptFile = join5(process.cwd(), "protect-mcp-receipts.jsonl");
+  if (existsSync6(logFile)) {
+    try {
+      const lines = readFileSync8(logFile, "utf-8").trim().split("\n").length;
+      process.stdout.write(green2(`Decision log: ${lines} entries
+`));
+    } catch {
+      process.stdout.write(green2("Decision log exists\n"));
+    }
+  } else {
+    process.stdout.write(dim2("  No decision log yet \u2014 will be created on first tool call\n"));
+  }
+  if (existsSync6(receiptFile)) {
+    try {
+      const lines = readFileSync8(receiptFile, "utf-8").trim().split("\n").length;
+      process.stdout.write(green2(`Receipt file: ${lines} signed receipts
+`));
+    } catch {
+      process.stdout.write(green2("Receipt file exists\n"));
+    }
+  }
+  try {
+    execSync("npx @veritasacta/verify --version 2>/dev/null", { stdio: "pipe", timeout: 1e4 });
+    process.stdout.write(green2("Verifier available: @veritasacta/verify\n"));
+  } catch {
+    process.stdout.write(dim2("  Verifier not cached \u2014 install: npm install -g @veritasacta/verify\n"));
+  }
+  try {
+    const res = await fetch("https://api.scopeblind.com/health", { signal: AbortSignal.timeout(5e3) });
+    if (res.ok) {
+      process.stdout.write(green2("ScopeBlind API reachable\n"));
+    } else {
+      process.stdout.write(yellow2("ScopeBlind API returned non-200 \u2014 receipts will be stored locally\n"));
+    }
+  } catch {
+    process.stdout.write(dim2("  ScopeBlind API not reachable \u2014 offline mode (receipts stored locally)\n"));
+  }
+  process.stdout.write("\n");
+  if (issues === 0) {
+    process.stdout.write("\x1B[32m\x1B[1mAll checks passed.\x1B[0m Ready to wrap MCP servers.\n");
+    process.stdout.write(dim2("\n  npx protect-mcp -- node your-server.js\n\n"));
+  } else {
+    process.stdout.write(`\x1B[33m\x1B[1m${issues} issue(s) found.\x1B[0m Fix them and run doctor again.
+
+`);
+  }
+}
 async function handleReport(args) {
   let period = 30;
   let format = "json";
@@ -5548,9 +6151,9 @@ async function handleReport(args) {
     }
   }
   const { generateReport: generateReport2, formatReportMarkdown: formatReportMarkdown2 } = await Promise.resolve().then(() => (init_report(), report_exports));
-  const { join: join4 } = await import("path");
-  const logPath = join4(dir, ".protect-mcp-log.jsonl");
-  const receiptPath = join4(dir, ".protect-mcp-receipts.jsonl");
+  const { join: join5 } = await import("path");
+  const logPath = join5(dir, ".protect-mcp-log.jsonl");
+  const receiptPath = join5(dir, ".protect-mcp-receipts.jsonl");
   const report = generateReport2(logPath, receiptPath, period);
   let output;
   if (format === "md") {