npm - protect-mcp - Versions diffs - 0.4.2 → 0.4.4 - Mend

protect-mcp 0.4.2 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +1 -1
package/dist/chunk-U76JZVH6.mjs +144 -0
package/dist/{chunk-7HBHIKLN.mjs → chunk-VF3OCG4D.mjs} +422 -9
package/dist/{chunk-VWUN6AI6.mjs → chunk-VIA2B65K.mjs} +1 -1
package/dist/cli.js +690 -93
package/dist/cli.mjs +183 -7
package/dist/demo-server.d.mts +106 -0
package/dist/demo-server.d.ts +106 -0
package/dist/demo-server.js +32 -0
package/dist/demo-server.mjs +6 -135
package/dist/{http-transport-RIVV2RVQ.mjs → http-transport-VLIPOPIC.mjs} +1 -1
package/dist/index.d.mts +1431 -2
package/dist/index.d.ts +1431 -2
package/dist/index.js +1871 -25
package/dist/index.mjs +1277 -3
package/package.json +4 -3
package/policies/cedar/clinejection.cedar +50 -0
package/policies/cedar/terraform-destroy.cedar +44 -0
package/policies/clinejection.json +6 -0
package/policies/data-exfiltration.json +6 -0
package/policies/financial-safe.json +8 -0
package/policies/github-mcp-hijack.json +6 -0
package/policies/terraform-destroy.json +6 -0

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,22 +17,55 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  ConfidentialGate: () => ConfidentialGate,
   ProtectGateway: () => ProtectGateway,
+  ReceiptPropagator: () => ReceiptPropagator,
+  anchorToRekor: () => anchorToRekor,
   buildDecisionContext: () => buildDecisionContext,
   checkRateLimit: () => checkRateLimit,
   collectSignedReceipts: () => collectSignedReceipts,
+  computeCalibration: () => computeCalibration,
+  confidentialInference: () => confidentialInference,
+  createApprovalChallenge: () => createApprovalChallenge,
+  createApprovalReceiptPayload: () => createApprovalReceiptPayload,
+  createAttestationField: () => createAttestationField,
   createAuditBundle: () => createAuditBundle,
+  createC2PAManifest: () => createC2PAManifest,
+  createDisclosurePackage: () => createDisclosurePackage,
+  createEvidenceAttestation: () => createEvidenceAttestation,
+  createLogAnchorField: () => createLogAnchorField,
+  createReceiptChannel: () => createReceiptChannel,
+  createSandbox: () => createSandbox,
+  createSandboxServer: () => createSandboxServer,
+  destroySandbox: () => destroySandbox,
+  ed25519ToDIDKey: () => ed25519ToDIDKey,
   evaluateTier: () => evaluateTier,
+  exportC2PAManifestJSON: () => exportC2PAManifestJSON,
+  exportJSONL: () => exportJSONL,
   formatReportMarkdown: () => formatReportMarkdown,
   formatSimulation: () => formatSimulation,
+  generateC2PACommand: () => generateC2PACommand,
+  generateDatasetCard: () => generateDatasetCard,
+  generateHFMetadata: () => generateHFMetadata,
   generateReport: () => generateReport,
+  generateSafetyTranscript: () => generateSafetyTranscript,
   getSignerInfo: () => getSignerInfo,
   getToolPolicy: () => getToolPolicy,
+  hashReceipt: () => hashReceipt,
+  hashResponseBody: () => hashResponseBody,
   initSigning: () => initSigning,
   isAgentId: () => isAgentId,
   isDisclosureMode: () => isDisclosureMode,
@@ -39,25 +74,42 @@ __export(index_exports, {
   isSigningEnabled: () => isSigningEnabled,
   listCredentialLabels: () => listCredentialLabels,
   loadPolicy: () => loadPolicy,
+  manifestToVC: () => manifestToVC,
   meetsMinTier: () => meetsMinTier,
   parseLogFile: () => parseLogFile,
+  parseNotificationConfigFromEnv: () => parseNotificationConfigFromEnv,
   parseRateLimit: () => parseRateLimit,
   queryExternalPDP: () => queryExternalPDP,
+  receiptToVP: () => receiptToVP,
+  receiptsToHFRows: () => receiptsToHFRows,
+  redactFields: () => redactFields,
   resolveCredential: () => resolveCredential,
+  revealField: () => revealField,
+  runInSandbox: () => runInSandbox,
+  sendApprovalNotification: () => sendApprovalNotification,
   signDecision: () => signDecision,
   simulate: () => simulate,
+  toCredentialRequestOptions: () => toCredentialRequestOptions,
+  toManifoldFormat: () => toManifoldFormat,
+  toMetaculusFormat: () => toMetaculusFormat,
   validateCredentials: () => validateCredentials,
   validateEvidenceReceipt: () => validateEvidenceReceipt,
-  validateManifest: () => validateManifest
+  validateManifest: () => validateManifest,
+  verifyActaC2PAAssertions: () => verifyActaC2PAAssertions,
+  verifyAllCommitments: () => verifyAllCommitments,
+  verifyApprovalAssertion: () => verifyApprovalAssertion,
+  verifyCommitment: () => verifyCommitment,
+  verifyEvidenceAttestation: () => verifyEvidenceAttestation,
+  verifyRekorAnchor: () => verifyRekorAnchor
 });
 module.exports = __toCommonJS(index_exports);
 // src/gateway.ts
 var import_node_child_process = require("child_process");
-var import_node_crypto2 = require("crypto");
+var import_node_crypto3 = require("crypto");
 var import_node_readline = require("readline");
-var import_node_fs5 = require("fs");
-var import_node_path3 = require("path");
+var import_node_fs6 = require("fs");
+var import_node_path4 = require("path");
 // src/policy.ts
 var import_node_crypto = require("crypto");
@@ -625,10 +677,334 @@ function buildDecisionContext(toolName, tier, opts) {
   };
 }
-// src/http-server.ts
-var import_node_http = require("http");
+// src/cedar-evaluator.ts
+var import_node_crypto2 = require("crypto");
 var import_node_fs4 = require("fs");
 var import_node_path2 = require("path");
+var cedarWasm = null;
+var loadAttempted = false;
+async function ensureCedarWasm() {
+  if (cedarWasm) return true;
+  if (loadAttempted) return false;
+  loadAttempted = true;
+  try {
+    const moduleName = "@cedar-policy/cedar-wasm";
+    cedarWasm = await import(
+      /* @vite-ignore */
+      moduleName
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function buildEntities(req) {
+  const agentId = req.agentId || req.tier;
+  return [
+    {
+      uid: { type: "Agent", id: agentId },
+      attrs: {
+        tier: req.tier,
+        ...req.agentId ? { agent_id: req.agentId } : {}
+      },
+      parents: []
+    },
+    {
+      uid: { type: "Tool", id: req.tool },
+      attrs: {},
+      parents: []
+    }
+  ];
+}
+async function evaluateCedar(policySet, req) {
+  const available = await ensureCedarWasm();
+  if (!available) {
+    return {
+      allowed: true,
+      reason: "cedar_wasm_not_available",
+      metadata: { fallback: true }
+    };
+  }
+  try {
+    const agentId = req.agentId || req.tier;
+    const authRequest = {
+      principal: { type: "Agent", id: agentId },
+      action: { type: "Action", id: "MCP::Tool::call" },
+      resource: { type: "Tool", id: req.tool },
+      context: {
+        tier: req.tier,
+        ...req.context || {}
+      }
+    };
+    const entities = buildEntities(req);
+    let result;
+    if (typeof cedarWasm.isAuthorized === "function") {
+      result = cedarWasm.isAuthorized({
+        policies: policySet.source,
+        entities,
+        principal: authRequest.principal,
+        action: authRequest.action,
+        resource: authRequest.resource,
+        context: authRequest.context,
+        schema: null
+        // No schema enforcement — Cedar still evaluates correctly
+      });
+    } else if (typeof cedarWasm.checkAuthorization === "function") {
+      result = cedarWasm.checkAuthorization(
+        policySet.source,
+        JSON.stringify(entities),
+        JSON.stringify(authRequest)
+      );
+    } else {
+      const cedarEngine = cedarWasm.default || cedarWasm;
+      if (typeof cedarEngine.isAuthorized === "function") {
+        result = cedarEngine.isAuthorized({
+          policies: policySet.source,
+          entities,
+          principal: authRequest.principal,
+          action: authRequest.action,
+          resource: authRequest.resource,
+          context: authRequest.context,
+          schema: null
+        });
+      } else {
+        return {
+          allowed: true,
+          reason: "cedar_wasm_api_unsupported",
+          metadata: { fallback: true, exports: Object.keys(cedarWasm) }
+        };
+      }
+    }
+    const decision = parseWasmResult(result);
+    return {
+      allowed: decision.allowed,
+      reason: decision.allowed ? void 0 : `cedar_deny${decision.diagnostics ? ": " + decision.diagnostics : ""}`,
+      metadata: {
+        policy_digest: policySet.digest,
+        ...decision.matchedPolicies ? { matched_policies: decision.matchedPolicies } : {}
+      }
+    };
+  } catch (err) {
+    return {
+      allowed: true,
+      reason: `cedar_eval_error: ${err instanceof Error ? err.message : "unknown"}`,
+      metadata: { fallback: true, error: true }
+    };
+  }
+}
+function parseWasmResult(result) {
+  if (!result) {
+    return { allowed: true, diagnostics: "null result from Cedar WASM" };
+  }
+  if (result.type === "allow" || result.type === "Allow") {
+    return { allowed: true };
+  }
+  if (result.type === "deny" || result.type === "Deny") {
+    return {
+      allowed: false,
+      diagnostics: result.diagnostics ? JSON.stringify(result.diagnostics) : void 0,
+      matchedPolicies: result.diagnostics?.reasons
+    };
+  }
+  if (result.decision === "Allow") {
+    return { allowed: true };
+  }
+  if (result.decision === "Deny") {
+    return {
+      allowed: false,
+      diagnostics: result.diagnostics ? JSON.stringify(result.diagnostics) : void 0
+    };
+  }
+  if (typeof result === "boolean") {
+    return { allowed: result };
+  }
+  return { allowed: true, diagnostics: `unknown result format: ${JSON.stringify(result)}` };
+}
+// src/notifications.ts
+async function sendApprovalNotification(config, notification) {
+  const promises = [];
+  if (config.sms) {
+    promises.push(sendSms(config.sms, notification));
+  }
+  if (config.webhook) {
+    promises.push(sendWebhook(config.webhook, notification));
+  }
+  if (config.email) {
+    promises.push(sendEmail(config.email, notification));
+  }
+  const results = await Promise.allSettled(promises);
+  for (const result of results) {
+    if (result.status === "rejected") {
+      console.error(`[protect-mcp] Notification failed: ${result.reason}`);
+    }
+  }
+}
+async function sendSms(config, notification) {
+  const body = [
+    `\u{1F512} Approval Required`,
+    `Tool: ${notification.toolName}`,
+    notification.agentId ? `Agent: ${notification.agentId}` : null,
+    `Reason: ${notification.reason}`,
+    notification.approveUrl ? `Approve: ${notification.approveUrl}` : null,
+    notification.traceUrl ? `Trace: ${notification.traceUrl}` : null
+  ].filter(Boolean).join("\n");
+  const params = new URLSearchParams({
+    To: config.to,
+    From: config.from,
+    Body: body
+  });
+  const response = await fetch(
+    `https://api.twilio.com/2010-04-01/Accounts/${config.accountSid}/Messages.json`,
+    {
+      method: "POST",
+      headers: {
+        Authorization: `Basic ${Buffer.from(`${config.accountSid}:${config.authToken}`).toString("base64")}`,
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: params.toString()
+    }
+  );
+  if (!response.ok) {
+    throw new Error(`Twilio SMS failed: ${response.status} ${await response.text()}`);
+  }
+}
+async function sendWebhook(config, notification) {
+  let payload;
+  if (config.template === "slack") {
+    payload = {
+      blocks: [
+        {
+          type: "header",
+          text: { type: "plain_text", text: "\u{1F512} Agent Approval Required" }
+        },
+        {
+          type: "section",
+          fields: [
+            { type: "mrkdwn", text: `*Tool:*
+\`${notification.toolName}\`` },
+            { type: "mrkdwn", text: `*Agent:*
+${notification.agentId || "unknown"}` },
+            { type: "mrkdwn", text: `*Policy:*
+${notification.policyName || "default"}` },
+            { type: "mrkdwn", text: `*Time:*
+${notification.timestamp}` }
+          ]
+        },
+        {
+          type: "section",
+          text: { type: "mrkdwn", text: `*Reason:* ${notification.reason}` }
+        },
+        ...notification.approveUrl || notification.traceUrl ? [
+          {
+            type: "actions",
+            elements: [
+              ...notification.approveUrl ? [{ type: "button", text: { type: "plain_text", text: "\u2705 Approve" }, url: notification.approveUrl, style: "primary" }] : [],
+              ...notification.traceUrl ? [{ type: "button", text: { type: "plain_text", text: "\u{1F50D} View Trace" }, url: notification.traceUrl }] : []
+            ]
+          }
+        ] : []
+      ]
+    };
+  } else if (config.template === "pagerduty") {
+    payload = {
+      routing_key: config.headers?.["X-Routing-Key"] || "",
+      event_action: "trigger",
+      payload: {
+        summary: `Agent approval required: ${notification.toolName}`,
+        source: "protect-mcp",
+        severity: "warning",
+        custom_details: {
+          tool: notification.toolName,
+          agent: notification.agentId,
+          policy: notification.policyName,
+          reason: notification.reason,
+          trace_url: notification.traceUrl,
+          approve_url: notification.approveUrl
+        }
+      }
+    };
+  } else {
+    payload = notification;
+  }
+  const response = await fetch(config.url, {
+    method: config.method || "POST",
+    headers: {
+      "Content-Type": "application/json",
+      ...config.headers
+    },
+    body: JSON.stringify(payload)
+  });
+  if (!response.ok) {
+    throw new Error(`Webhook failed: ${response.status}`);
+  }
+}
+async function sendEmail(config, notification) {
+  if (!config.resendApiKey) {
+    console.warn("[protect-mcp] Email notification skipped: no resendApiKey configured");
+    return;
+  }
+  const html = `
+    <div style="font-family: monospace; padding: 20px; background: #0d1117; color: #c9d1d9; border-radius: 8px;">
+      <h2 style="color: #10b981;">\u{1F512} Agent Approval Required</h2>
+      <table style="font-size: 14px; margin: 16px 0;">
+        <tr><td style="color: #8b949e; padding: 4px 16px 4px 0;">Tool:</td><td>${notification.toolName}</td></tr>
+        <tr><td style="color: #8b949e; padding: 4px 16px 4px 0;">Agent:</td><td>${notification.agentId || "unknown"}</td></tr>
+        <tr><td style="color: #8b949e; padding: 4px 16px 4px 0;">Reason:</td><td>${notification.reason}</td></tr>
+        <tr><td style="color: #8b949e; padding: 4px 16px 4px 0;">Time:</td><td>${notification.timestamp}</td></tr>
+      </table>
+      ${notification.approveUrl ? `<a href="${notification.approveUrl}" style="background: #10b981; color: white; padding: 8px 16px; border-radius: 6px; text-decoration: none; margin-right: 8px;">\u2705 Approve</a>` : ""}
+      ${notification.traceUrl ? `<a href="${notification.traceUrl}" style="background: #1f2937; color: #c9d1d9; padding: 8px 16px; border-radius: 6px; text-decoration: none; border: 1px solid #374151;">\u{1F50D} View Trace</a>` : ""}
+    </div>
+  `;
+  const response = await fetch("https://api.resend.com/emails", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${config.resendApiKey}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      from: "ScopeBlind <noreply@scopeblind.com>",
+      to: config.to,
+      subject: `\u{1F512} Approval required: ${notification.toolName}`,
+      html
+    })
+  });
+  if (!response.ok) {
+    throw new Error(`Resend email failed: ${response.status}`);
+  }
+}
+function parseNotificationConfigFromEnv() {
+  const config = {};
+  let hasConfig = false;
+  const smsTo = process.env.SCOPEBLIND_SMS_TO;
+  const twilioSid = process.env.TWILIO_ACCOUNT_SID;
+  const twilioToken = process.env.TWILIO_AUTH_TOKEN;
+  const twilioFrom = process.env.TWILIO_FROM_NUMBER;
+  if (smsTo && twilioSid && twilioToken && twilioFrom) {
+    config.sms = { accountSid: twilioSid, authToken: twilioToken, from: twilioFrom, to: smsTo };
+    hasConfig = true;
+  }
+  const webhookUrl = process.env.SCOPEBLIND_WEBHOOK_URL;
+  if (webhookUrl) {
+    config.webhook = {
+      url: webhookUrl,
+      template: process.env.SCOPEBLIND_WEBHOOK_TEMPLATE || "custom"
+    };
+    hasConfig = true;
+  }
+  const emailTo = process.env.SCOPEBLIND_EMAIL_TO;
+  if (emailTo) {
+    config.email = { to: emailTo, resendApiKey: process.env.RESEND_API_KEY };
+    hasConfig = true;
+  }
+  return hasConfig ? config : null;
+}
+// src/http-server.ts
+var import_node_http = require("http");
+var import_node_fs5 = require("fs");
+var import_node_path3 = require("path");
 var LOG_FILE = ".protect-mcp-log.jsonl";
 var MAX_RECEIPTS = 100;
 var ReceiptBuffer = class {
@@ -721,13 +1097,13 @@ function handleHealth(res, startTime, config) {
   }));
 }
 function handleStatus(res, logDir) {
-  const logPath = (0, import_node_path2.join)(logDir, LOG_FILE);
-  if (!(0, import_node_fs4.existsSync)(logPath)) {
+  const logPath = (0, import_node_path3.join)(logDir, LOG_FILE);
+  if (!(0, import_node_fs5.existsSync)(logPath)) {
     res.writeHead(200);
     res.end(JSON.stringify({ entries: 0, message: "no log file yet" }));
     return;
   }
-  const raw = (0, import_node_fs4.readFileSync)(logPath, "utf-8");
+  const raw = (0, import_node_fs5.readFileSync)(logPath, "utf-8");
   const lines = raw.trim().split("\n").filter(Boolean);
   const entries = [];
   for (const line of lines) {
@@ -865,18 +1241,30 @@ var ProtectGateway = class {
   /** Approval grants keyed by request_id (scoped to the specific action that was requested) */
   approvalStore = /* @__PURE__ */ new Map();
   /** Random nonce generated at startup — required for approval endpoint authentication */
-  approvalNonce = (0, import_node_crypto2.randomBytes)(16).toString("hex");
+  approvalNonce = (0, import_node_crypto3.randomBytes)(16).toString("hex");
   currentTier = "unknown";
   admissionResult = null;
+  /** Notification config for approval gates (SMS, webhook, email) */
+  notificationConfig = null;
   /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
   pendingResponses = /* @__PURE__ */ new Map();
   httpMode = false;
+  /** Loaded Cedar policy set (when policy_engine is "cedar") */
+  cedarPolicySet = null;
   constructor(config) {
     this.config = config;
-    this.logFilePath = (0, import_node_path3.join)(process.cwd(), LOG_FILE2);
-    this.receiptFilePath = (0, import_node_path3.join)(process.cwd(), RECEIPTS_FILE);
+    this.logFilePath = (0, import_node_path4.join)(process.cwd(), LOG_FILE2);
+    this.receiptFilePath = (0, import_node_path4.join)(process.cwd(), RECEIPTS_FILE);
     this.evidenceStore = new EvidenceStore();
     this.receiptBuffer = new ReceiptBuffer();
+    this.notificationConfig = parseNotificationConfigFromEnv();
+  }
+  /**
+   * Set the Cedar policy set for local evaluation.
+   * Called during CLI startup when --cedar flag is used.
+   */
+  setCedarPolicies(policySet) {
+    this.cedarPolicySet = policySet;
   }
   async start() {
     const { command, args, verbose } = this.config;
@@ -1007,7 +1395,7 @@ var ProtectGateway = class {
   }
   async interceptToolCall(request) {
     const toolName = request.params?.name || "unknown";
-    const requestId = (0, import_node_crypto2.randomUUID)().slice(0, 12);
+    const requestId = (0, import_node_crypto3.randomUUID)().slice(0, 12);
     const mode = this.config.enforce ? "enforce" : "shadow";
     let resolvedAgentKid = this.admissionResult?.agent_id;
     let effectiveToolPolicy;
@@ -1045,6 +1433,27 @@ var ProtectGateway = class {
         }
       }
     }
+    if (this.config.policy?.policy_engine === "cedar" && this.cedarPolicySet) {
+      try {
+        const cedarDecision = await evaluateCedar(this.cedarPolicySet, {
+          tool: toolName,
+          tier: this.currentTier,
+          agentId: this.admissionResult?.agent_id
+        });
+        if (!cedarDecision.allowed) {
+          const reason = cedarDecision.reason || "cedar_deny";
+          this.emitDecisionLog({ tool: toolName, decision: "deny", reason_code: reason, request_id: requestId, tier: this.currentTier, credential_ref: credentialRef });
+          if (this.config.enforce) {
+            return this.makeErrorResponse(request.id, -32600, `Tool "${toolName}" denied by Cedar policy`);
+          }
+          return null;
+        }
+        this.emitDecisionLog({ tool: toolName, decision: "allow", reason_code: "cedar_allow", request_id: requestId, tier: this.currentTier, credential_ref: credentialRef });
+        return null;
+      } catch (err) {
+        if (this.config.verbose) this.log(`Cedar evaluation error: ${err instanceof Error ? err.message : err}`);
+      }
+    }
     if (this.config.policy?.external && (this.config.policy.policy_engine === "external" || this.config.policy.policy_engine === "hybrid")) {
       try {
         const ctx = buildDecisionContext(toolName, this.currentTier, {
@@ -1092,6 +1501,20 @@ var ProtectGateway = class {
         return null;
       }
       this.emitDecisionLog({ tool: toolName, decision: "require_approval", reason_code: "requires_human_approval", request_id: requestId, tier: this.currentTier, credential_ref: credentialRef });
+      if (this.notificationConfig) {
+        sendApprovalNotification(this.notificationConfig, {
+          requestId,
+          toolName,
+          agentId: this.admissionResult?.agent_id,
+          policyName: "default",
+          reason: `Policy requires human approval for "${toolName}"`,
+          traceUrl: `https://scopeblind.com/trace`,
+          approveUrl: void 0,
+          // Approve URL provided when HTTP transport is active
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        }).catch(() => {
+        });
+      }
       if (this.config.enforce) {
         return {
           jsonrpc: "2.0",
@@ -1139,8 +1562,19 @@ var ProtectGateway = class {
     }
     return policy.rate_limit;
   }
+  /**
+   * Emit a decision log entry with OTel-compatible trace IDs and optional
+   * signed receipt generation.
+   *
+   * @patent Patent-protected construction — decision receipts with configurable
+   * disclosure and issuer-blind properties. Covered by Apache 2.0 patent grant
+   * for users of this code. Clean-room reimplementation requires a patent license.
+   * @see {@link https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/}
+   */
   emitDecisionLog(entry) {
     const mode = this.config.enforce ? "enforce" : "shadow";
+    const otelTraceId = entry.otel_trace_id || (0, import_node_crypto3.randomBytes)(16).toString("hex");
+    const otelSpanId = entry.otel_span_id || (0, import_node_crypto3.randomBytes)(8).toString("hex");
     const log = {
       v: 2,
       tool: entry.tool || "unknown",
@@ -1148,17 +1582,19 @@ var ProtectGateway = class {
       reason_code: entry.reason_code || "default_allow",
       policy_digest: this.config.policyDigest,
       policy_engine: this.config.policy?.policy_engine || "built-in",
-      request_id: entry.request_id || (0, import_node_crypto2.randomUUID)().slice(0, 12),
+      request_id: entry.request_id || (0, import_node_crypto3.randomUUID)().slice(0, 12),
       timestamp: Date.now(),
       mode,
       ...entry.rate_limit_remaining !== void 0 && { rate_limit_remaining: entry.rate_limit_remaining },
       ...entry.tier && { tier: entry.tier },
-      ...entry.credential_ref && { credential_ref: entry.credential_ref }
+      ...entry.credential_ref && { credential_ref: entry.credential_ref },
+      otel_trace_id: otelTraceId,
+      otel_span_id: otelSpanId
     };
     process.stderr.write(`[PROTECT_MCP] ${JSON.stringify(log)}
 `);
     try {
-      (0, import_node_fs5.appendFileSync)(this.logFilePath, JSON.stringify(log) + "\n");
+      (0, import_node_fs6.appendFileSync)(this.logFilePath, JSON.stringify(log) + "\n");
     } catch {
     }
     if (isSigningEnabled()) {
@@ -1167,7 +1603,7 @@ var ProtectGateway = class {
         process.stderr.write(`[PROTECT_MCP_RECEIPT] ${signed.signed}
 `);
         try {
-          (0, import_node_fs5.appendFileSync)(this.receiptFilePath, signed.signed + "\n");
+          (0, import_node_fs6.appendFileSync)(this.receiptFilePath, signed.signed + "\n");
         } catch {
         }
         this.receiptBuffer.add(log.request_id, signed.signed);
@@ -1357,9 +1793,9 @@ function collectSignedReceipts(logs) {
 }
 // src/simulate.ts
-var import_node_fs6 = require("fs");
+var import_node_fs7 = require("fs");
 function parseLogFile(path) {
-  const raw = (0, import_node_fs6.readFileSync)(path, "utf-8");
+  const raw = (0, import_node_fs7.readFileSync)(path, "utf-8");
   const entries = [];
   for (const line of raw.split("\n")) {
     const trimmed = line.trim();
@@ -1488,13 +1924,13 @@ function formatSimulation(summary) {
 }
 // src/report.ts
-var import_node_fs7 = require("fs");
+var import_node_fs8 = require("fs");
 function generateReport(logPath, receiptPath, periodDays) {
   const now = /* @__PURE__ */ new Date();
   const from = new Date(now.getTime() - periodDays * 864e5);
   const entries = [];
-  if ((0, import_node_fs7.existsSync)(logPath)) {
-    const raw = (0, import_node_fs7.readFileSync)(logPath, "utf-8");
+  if ((0, import_node_fs8.existsSync)(logPath)) {
+    const raw = (0, import_node_fs8.readFileSync)(logPath, "utf-8");
     for (const line of raw.split("\n")) {
       const trimmed = line.trim();
       if (!trimmed) continue;
@@ -1514,8 +1950,8 @@ function generateReport(logPath, receiptPath, periodDays) {
   let receiptsSigned = 0;
   let signerKid = "";
   let signerIssuer = "";
-  if ((0, import_node_fs7.existsSync)(receiptPath)) {
-    const raw = (0, import_node_fs7.readFileSync)(receiptPath, "utf-8");
+  if ((0, import_node_fs8.existsSync)(receiptPath)) {
+    const raw = (0, import_node_fs8.readFileSync)(receiptPath, "utf-8");
     for (const line of raw.split("\n")) {
       const trimmed = line.trim();
       if (!trimmed) continue;
@@ -1802,19 +2238,1412 @@ function validateEvidenceReceipt(receipt) {
   }
   return errors;
 }
+// src/rekor-anchor.ts
+var import_node_crypto4 = require("crypto");
+var REKOR_API = "https://rekor.sigstore.dev/api/v1";
+async function anchorToRekor(receiptHash, signature, publicKeyPem) {
+  const entry = {
+    apiVersion: "0.0.1",
+    kind: "hashedrekord",
+    spec: {
+      data: {
+        hash: {
+          algorithm: "sha256",
+          value: receiptHash
+        }
+      },
+      signature: {
+        content: signature,
+        publicKey: {
+          content: Buffer.from(publicKeyPem).toString("base64")
+        }
+      }
+    }
+  };
+  const response = await fetch(`${REKOR_API}/log/entries`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(entry)
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Rekor anchoring failed: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  const [uuid, data] = Object.entries(result)[0];
+  return {
+    logIndex: data.logIndex,
+    uuid,
+    integratedTime: new Date(data.integratedTime * 1e3).toISOString(),
+    receiptHash,
+    logID: data.logID,
+    body: data.body
+  };
+}
+async function verifyRekorAnchor(logIndex, expectedHash) {
+  const response = await fetch(`${REKOR_API}/log/entries?logIndex=${logIndex}`);
+  if (!response.ok) {
+    return {
+      valid: false,
+      logIndex,
+      integratedTime: "",
+      receiptHashMatch: false
+    };
+  }
+  const result = await response.json();
+  const [, data] = Object.entries(result)[0];
+  let receiptHashMatch = false;
+  try {
+    const bodyJson = JSON.parse(Buffer.from(data.body, "base64").toString());
+    const hash = bodyJson?.spec?.data?.hash?.value;
+    receiptHashMatch = hash === expectedHash;
+  } catch {
+  }
+  return {
+    valid: receiptHashMatch,
+    logIndex,
+    integratedTime: new Date(data.integratedTime * 1e3).toISOString(),
+    receiptHashMatch
+  };
+}
+function hashReceipt(receipt) {
+  const canonical = JSON.stringify(receipt, Object.keys(receipt).sort());
+  return (0, import_node_crypto4.createHash)("sha256").update(canonical).digest("hex");
+}
+function createLogAnchorField(anchor) {
+  return {
+    transparency_log: "rekor.sigstore.dev",
+    log_index: anchor.logIndex,
+    integrated_time: anchor.integratedTime,
+    receipt_hash: anchor.receiptHash,
+    verify_url: `https://search.sigstore.dev/?logIndex=${anchor.logIndex}`
+  };
+}
+// src/selective-disclosure.ts
+var import_node_crypto5 = require("crypto");
+function redactFields(receipt, fieldsToRedact) {
+  const redacted = JSON.parse(JSON.stringify(receipt));
+  const salts = [];
+  const redactedFields = [];
+  const originalHash = hashObject(receipt);
+  for (const fieldPath of fieldsToRedact) {
+    const parts = fieldPath.split(".");
+    let current = redacted;
+    let parent = null;
+    let lastKey = "";
+    for (let i = 0; i < parts.length; i++) {
+      const key = parts[i];
+      if (i === parts.length - 1) {
+        if (key in current) {
+          const originalValue = current[key];
+          const salt = (0, import_node_crypto5.randomBytes)(16).toString("hex");
+          const commitment = computeCommitment(salt, originalValue);
+          salts.push({ field: fieldPath, salt, originalValue });
+          current[key] = `sha256(salt + ${typeof originalValue === "string" ? "..." : JSON.stringify(originalValue).slice(0, 20) + "..."})`;
+          redactedFields.push(fieldPath);
+          if (!redacted._commitments) {
+            redacted._commitments = {};
+          }
+          redacted._commitments[fieldPath] = commitment;
+        }
+      } else {
+        if (typeof current[key] === "object" && current[key] !== null) {
+          parent = current;
+          lastKey = key;
+          current = current[key];
+        } else {
+          break;
+        }
+      }
+    }
+  }
+  return { redacted, salts, redactedFields, originalHash };
+}
+function revealField(redactedReceipt, salts, fieldPath) {
+  const salt = salts.find((s) => s.field === fieldPath);
+  if (!salt) {
+    throw new Error(`No salt found for field: ${fieldPath}`);
+  }
+  const revealed = JSON.parse(JSON.stringify(redactedReceipt));
+  const parts = fieldPath.split(".");
+  let current = revealed;
+  for (let i = 0; i < parts.length; i++) {
+    const key = parts[i];
+    if (i === parts.length - 1) {
+      current[key] = salt.originalValue;
+    } else {
+      current = current[key];
+    }
+  }
+  return revealed;
+}
+function verifyCommitment(commitment, salt, value) {
+  const expected = computeCommitment(salt, value);
+  return commitment === expected;
+}
+function verifyAllCommitments(redactedReceipt, salts) {
+  const commitments = redactedReceipt._commitments;
+  if (!commitments) {
+    return { valid: true, fields: {} };
+  }
+  const fields = {};
+  let allValid = true;
+  for (const salt of salts) {
+    const commitment = commitments[salt.field];
+    if (commitment) {
+      const valid = verifyCommitment(commitment, salt.salt, salt.originalValue);
+      fields[salt.field] = valid;
+      if (!valid) allValid = false;
+    }
+  }
+  return { valid: allValid, fields };
+}
+function createDisclosurePackage(allSalts, fieldsToDisclose) {
+  const disclosed = allSalts.filter((s) => fieldsToDisclose.includes(s.field)).map((s) => ({ field: s.field, salt: s.salt, value: s.originalValue }));
+  return {
+    version: "0.1",
+    disclosed_fields: fieldsToDisclose,
+    salts: disclosed
+  };
+}
+function computeCommitment(salt, value) {
+  const serialized = typeof value === "string" ? value : JSON.stringify(value);
+  return (0, import_node_crypto5.createHash)("sha256").update(salt + serialized).digest("hex");
+}
+function hashObject(obj) {
+  const canonical = JSON.stringify(obj, Object.keys(obj).sort());
+  return (0, import_node_crypto5.createHash)("sha256").update(canonical).digest("hex");
+}
+// src/huggingface-export.ts
+function receiptsToHFRows(receipts) {
+  return receipts.map((r) => {
+    const raw = r;
+    const payload = raw.payload || {};
+    const edges = Array.isArray(raw.parent_receipts) ? raw.parent_receipts : [];
+    return {
+      receipt_id: String(raw.receipt_id || raw.id || ""),
+      receipt_type: String(raw.receipt_type || raw.type || "unknown"),
+      tool_name: payload.tool_name ? String(payload.tool_name) : null,
+      decision: payload.decision ? String(payload.decision) : null,
+      agent_id: payload.agent_id ? String(payload.agent_id) : raw.subject_id ? String(raw.subject_id) : null,
+      issuer_id: String(raw.issuer_id || "unknown"),
+      timestamp: String(raw.timestamp || raw.event_time || (/* @__PURE__ */ new Date()).toISOString()),
+      policy_hash: payload.active_policy_hash ? String(payload.active_policy_hash) : null,
+      edges,
+      edge_count: edges.length,
+      signature: raw.signature ? String(raw.signature) : null,
+      signed: Boolean(raw.signature),
+      context_hash: raw.context_hash ? String(raw.context_hash) : null,
+      chain_id: raw.chain_id ? String(raw.chain_id) : null
+    };
+  });
+}
+function generateHFMetadata(rows, name) {
+  const types = {};
+  const decisions = {};
+  const agents = /* @__PURE__ */ new Set();
+  const tools = /* @__PURE__ */ new Set();
+  let minTime = Infinity;
+  let maxTime = -Infinity;
+  for (const row of rows) {
+    types[row.receipt_type] = (types[row.receipt_type] || 0) + 1;
+    if (row.decision) decisions[row.decision] = (decisions[row.decision] || 0) + 1;
+    if (row.agent_id) agents.add(row.agent_id);
+    if (row.tool_name) tools.add(row.tool_name);
+    const t = new Date(row.timestamp).getTime();
+    if (t < minTime) minTime = t;
+    if (t > maxTime) maxTime = t;
+  }
+  return {
+    name: name || "scopeblind-acta-receipts",
+    description: "Cryptographically signed decision receipts from AI agent tool calls. Each row is an Ed25519-signed receipt capturing a machine decision, its causal context, and policy evaluation result. Produced by protect-mcp and verified with @veritasacta/verify.",
+    num_rows: rows.length,
+    type_distribution: types,
+    decision_distribution: decisions,
+    time_range: {
+      from: isFinite(minTime) ? new Date(minTime).toISOString() : "",
+      to: isFinite(maxTime) ? new Date(maxTime).toISOString() : ""
+    },
+    unique_agents: agents.size,
+    unique_tools: tools.size,
+    exported_at: (/* @__PURE__ */ new Date()).toISOString(),
+    license: "MIT",
+    tags: [
+      "ai-safety",
+      "agent-governance",
+      "cryptographic-receipts",
+      "veritas-acta",
+      "scopeblind",
+      "mcp",
+      "ed25519",
+      "causal-dag",
+      "decision-evidence"
+    ]
+  };
+}
+function exportJSONL(rows) {
+  return rows.map((row) => JSON.stringify(row)).join("\n") + "\n";
+}
+function generateDatasetCard(metadata) {
+  return `---
+license: mit
+task_categories:
+  - text-classification
+tags:
+${metadata.tags.map((t) => `  - ${t}`).join("\n")}
+size_categories:
+  - ${metadata.num_rows < 1e3 ? "n<1K" : metadata.num_rows < 1e4 ? "1K<n<10K" : "10K<n<100K"}
+---
+# ${metadata.name}
+${metadata.description}
+## Dataset Structure
+Each row is a cryptographically signed receipt representing a single machine decision.
+| Field | Type | Description |
+|-------|------|-------------|
+| receipt_id | string | Unique receipt identifier (content-addressed hash) |
+| receipt_type | string | decision, execution, outcome, policy_load, observation, approval |
+| tool_name | string | MCP tool that was called |
+| decision | string | allow, deny, or null |
+| agent_id | string | Pseudonymous agent identifier |
+| timestamp | string | ISO 8601 timestamp |
+| policy_hash | string | SHA-256 hash of the active policy |
+| edges | array | Typed causal edges to parent receipts |
+| signature | string | Ed25519 signature (hex) |
+| signed | boolean | Whether the receipt has a valid signature |
+## Statistics
+- **Total receipts:** ${metadata.num_rows.toLocaleString()}
+- **Unique agents:** ${metadata.unique_agents}
+- **Unique tools:** ${metadata.unique_tools}
+- **Time range:** ${metadata.time_range.from} \u2192 ${metadata.time_range.to}
+### Type distribution
+${Object.entries(metadata.type_distribution).map(([k, v]) => `- ${k}: ${v}`).join("\n")}
+### Decision distribution
+${Object.entries(metadata.decision_distribution).map(([k, v]) => `- ${k}: ${v}`).join("\n")}
+## Verification
+Every receipt in this dataset can be independently verified:
+\`\`\`bash
+npx @veritasacta/verify receipt.json
+\`\`\`
+The verification is offline, MIT-licensed, and does not contact any server.
+## Source
+- Protocol: [Veritas Acta](https://veritasacta.com)
+- Gateway: [protect-mcp](https://npmjs.com/package/protect-mcp)
+- IETF Draft: [draft-farley-acta-signed-receipts](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/)
+## License
+MIT
+`;
+}
+// src/webauthn-approval.ts
+var import_node_crypto6 = require("crypto");
+function createApprovalChallenge(requestId, toolName, agentId, rpId = "scopeblind.com", timeoutSeconds = 300) {
+  const challengeBytes = (0, import_node_crypto6.randomBytes)(32);
+  const contextHash = (0, import_node_crypto6.createHash)("sha256").update(JSON.stringify({ requestId, toolName, agentId, timestamp: Date.now() })).digest("hex");
+  return {
+    challenge: base64urlEncode(challengeBytes),
+    requestId,
+    toolName,
+    agentId,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    timeoutSeconds,
+    rpId,
+    contextHash
+  };
+}
+function toCredentialRequestOptions(challenge, allowCredentials) {
+  return {
+    publicKey: {
+      challenge: base64urlDecode(challenge.challenge).buffer,
+      rpId: challenge.rpId,
+      timeout: challenge.timeoutSeconds * 1e3,
+      userVerification: "required",
+      // Always require biometric
+      ...allowCredentials ? {
+        allowCredentials: allowCredentials.map((c) => ({
+          id: base64urlDecode(c.id).buffer,
+          type: "public-key"
+        }))
+      } : {}
+    }
+  };
+}
+function verifyApprovalAssertion(challenge, assertion) {
+  const createdAt = new Date(challenge.createdAt).getTime();
+  const now = Date.now();
+  if (now - createdAt > challenge.timeoutSeconds * 1e3) {
+    return {
+      valid: false,
+      credentialId: assertion.credentialId,
+      authenticatorType: "unknown",
+      userVerified: false,
+      signCount: 0,
+      contextHash: challenge.contextHash,
+      approvedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+  const authData = base64urlDecode(assertion.authenticatorData);
+  const flags = authData[32];
+  const userPresent = !!(flags & 1);
+  const userVerified = !!(flags & 4);
+  const attestedCredData = !!(flags & 64);
+  const signCount = authData.length >= 37 ? authData[33] << 24 | authData[34] << 16 | authData[35] << 8 | authData[36] : 0;
+  let authenticatorType = "unknown";
+  try {
+    const clientData = JSON.parse(Buffer.from(base64urlDecode(assertion.clientDataJSON)).toString());
+    if (clientData.type === "webauthn.get") {
+      authenticatorType = "platform";
+    }
+  } catch {
+  }
+  return {
+    valid: userPresent,
+    // At minimum, user must be present
+    credentialId: assertion.credentialId,
+    authenticatorType,
+    userVerified,
+    signCount,
+    contextHash: challenge.contextHash,
+    approvedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function createApprovalReceiptPayload(challenge, result) {
+  return {
+    type: "acta:approval",
+    approval_method: "webauthn",
+    tool_name: challenge.toolName,
+    request_id: challenge.requestId,
+    agent_id: challenge.agentId,
+    authenticator_type: result.authenticatorType,
+    user_verified: result.userVerified,
+    context_hash: result.contextHash,
+    approved_at: result.approvedAt,
+    // Hash the credential ID for privacy — don't store the raw ID
+    credential_id_hash: (0, import_node_crypto6.createHash)("sha256").update(result.credentialId).digest("hex").slice(0, 16)
+  };
+}
+function base64urlEncode(buffer) {
+  return Buffer.from(buffer).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function base64urlDecode(str) {
+  const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
+  return new Uint8Array(Buffer.from(padded, "base64"));
+}
+// src/did-vc.ts
+function ed25519ToDIDKey(publicKeyHex) {
+  const multicodecPrefix = Buffer.from([237, 1]);
+  const publicKeyBytes = Buffer.from(publicKeyHex, "hex");
+  const multicodecKey = Buffer.concat([multicodecPrefix, publicKeyBytes]);
+  const base58 = base58btcEncode(multicodecKey);
+  return `did:key:z${base58}`;
+}
+function manifestToVC(manifest) {
+  const did = ed25519ToDIDKey(manifest.public_key);
+  return {
+    "@context": [
+      "https://www.w3.org/2018/credentials/v1",
+      "https://veritasacta.com/contexts/agent-manifest/v1"
+    ],
+    type: ["VerifiableCredential", "AgentManifestCredential"],
+    issuer: did,
+    issuanceDate: manifest.created_at || (/* @__PURE__ */ new Date()).toISOString(),
+    credentialSubject: {
+      id: did,
+      agentId: manifest.agent_id,
+      displayName: manifest.display_name,
+      capabilities: manifest.capabilities || [],
+      policyDigest: manifest.policy_digest,
+      publicKey: manifest.public_key
+    },
+    ...manifest.signature ? {
+      proof: {
+        type: "Ed25519Signature2020",
+        created: manifest.created_at || (/* @__PURE__ */ new Date()).toISOString(),
+        verificationMethod: `${did}#key-1`,
+        proofPurpose: "assertionMethod",
+        proofValue: manifest.signature
+      }
+    } : {}
+  };
+}
+function receiptToVP(receipt, issuerPublicKey) {
+  const did = ed25519ToDIDKey(issuerPublicKey);
+  return {
+    "@context": ["https://www.w3.org/2018/credentials/v1"],
+    type: ["VerifiablePresentation"],
+    holder: did,
+    verifiableCredential: [{
+      "@context": [
+        "https://www.w3.org/2018/credentials/v1",
+        "https://veritasacta.com/contexts/decision-receipt/v1"
+      ],
+      type: ["VerifiableCredential", "DecisionReceiptCredential"],
+      issuer: did,
+      issuanceDate: receipt.event_time || (/* @__PURE__ */ new Date()).toISOString(),
+      credentialSubject: {
+        receiptId: receipt.receipt_id,
+        receiptType: receipt.receipt_type,
+        toolName: receipt.payload?.tool_name,
+        decision: receipt.payload?.decision
+      }
+    }]
+  };
+}
+function base58btcEncode(buffer) {
+  const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  let num = BigInt("0x" + buffer.toString("hex"));
+  let result = "";
+  while (num > 0n) {
+    result = ALPHABET[Number(num % 58n)] + result;
+    num = num / 58n;
+  }
+  for (const byte of buffer) {
+    if (byte === 0) result = "1" + result;
+    else break;
+  }
+  return result;
+}
+// src/sandbox.ts
+async function createSandbox(config) {
+  const runtime = config.runtime || (config.apiKey || process.env.E2B_API_KEY ? "e2b" : "docker");
+  if (runtime === "e2b") {
+    return createE2BSandbox(config);
+  }
+  return createDockerSandbox(config);
+}
+async function runInSandbox(sandbox, toolCall, policy) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const decision = evaluatePolicy(toolCall.tool, policy);
+  const receipt = {
+    tool: toolCall.tool,
+    decision,
+    executed: decision === "allow",
+    timestamp
+  };
+  if (decision === "allow") {
+    try {
+      const result = await executeInSandbox(sandbox, toolCall);
+      receipt.result = result;
+      receipt.executed = true;
+    } catch (err) {
+      receipt.result = {
+        success: false,
+        output: "",
+        error: err instanceof Error ? err.message : String(err),
+        durationMs: 0
+      };
+    }
+  }
+  sandbox.receipts.push(receipt);
+  return receipt;
+}
+function generateSafetyTranscript(sandbox, template) {
+  const receipts = sandbox.receipts;
+  const allowed = receipts.filter((r) => r.decision === "allow").length;
+  const denied = receipts.filter((r) => r.decision === "deny").length;
+  const requireApproval = receipts.filter((r) => r.decision === "require_approval").length;
+  const executed = receipts.filter((r) => r.executed && r.result);
+  const successful = executed.filter((r) => r.result?.success);
+  const denyScore = denied > 0 ? 40 : allowed > 0 ? 20 : 40;
+  const successRate = executed.length > 0 ? successful.length / executed.length : 1;
+  const successScore = 30 * successRate;
+  const approvalScore = requireApproval === 0 ? 30 : 15;
+  const safetyScore = Math.round(denyScore + successScore + approvalScore);
+  return {
+    sandboxId: sandbox.id,
+    template,
+    totalCalls: receipts.length,
+    allowed,
+    denied,
+    requireApproval,
+    successRate,
+    receipts,
+    durationMs: 0,
+    // Would be calculated from first/last receipt timestamps
+    evaluatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    safetyScore: Math.min(100, Math.max(0, safetyScore))
+  };
+}
+async function destroySandbox(sandbox) {
+  sandbox.status = "destroyed";
+  if (sandbox.runtime === "docker") {
+    try {
+      const { execSync } = await import("child_process");
+      execSync(`docker rm -f ${sandbox.id} 2>/dev/null`, { stdio: "pipe" });
+    } catch {
+    }
+  }
+}
+async function createE2BSandbox(config) {
+  const apiKey = config.apiKey || process.env.E2B_API_KEY;
+  if (!apiKey) {
+    throw new Error("E2B_API_KEY not set. Get one at https://e2b.dev");
+  }
+  const response = await fetch("https://api.e2b.dev/sandboxes", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-API-Key": apiKey
+    },
+    body: JSON.stringify({
+      templateID: config.template,
+      timeout: config.timeoutSeconds || 300
+    })
+  });
+  if (!response.ok) {
+    throw new Error(`E2B sandbox creation failed: ${response.status}`);
+  }
+  const data = await response.json();
+  return {
+    id: data.sandboxID,
+    runtime: "e2b",
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    status: "running",
+    receipts: []
+  };
+}
+async function createDockerSandbox(config) {
+  const { execSync } = await import("child_process");
+  const { randomUUID: randomUUID3 } = await import("crypto");
+  const id = `scopeblind-sandbox-${randomUUID3().slice(0, 8)}`;
+  const image = config.template.includes(":") ? config.template : `node:${config.template.replace("node-", "")}`;
+  const memoryFlag = config.memoryMB ? `--memory=${config.memoryMB}m` : "";
+  const timeout = config.timeoutSeconds || 300;
+  try {
+    execSync(
+      `docker run -d --name ${id} ${memoryFlag} --network=none --stop-timeout=${timeout} ${image} sleep ${timeout}`,
+      { stdio: "pipe" }
+    );
+  } catch (err) {
+    throw new Error(`Docker sandbox creation failed: ${err instanceof Error ? err.message : err}`);
+  }
+  return {
+    id,
+    runtime: "docker",
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    status: "running",
+    receipts: []
+  };
+}
+async function executeInSandbox(sandbox, toolCall) {
+  const start = Date.now();
+  if (sandbox.runtime === "docker") {
+    const { execSync } = await import("child_process");
+    try {
+      const command = toolCall.args.command || `echo "Tool: ${toolCall.tool}"`;
+      const output = execSync(
+        `docker exec ${sandbox.id} sh -c '${command.replace(/'/g, "'\\''")}'`,
+        { stdio: "pipe", timeout: 3e4 }
+      ).toString();
+      return {
+        success: true,
+        output: output.trim(),
+        durationMs: Date.now() - start,
+        exitCode: 0
+      };
+    } catch (err) {
+      const execErr = err;
+      return {
+        success: false,
+        output: "",
+        error: execErr.stderr?.toString() || String(err),
+        durationMs: Date.now() - start,
+        exitCode: execErr.status || 1
+      };
+    }
+  }
+  return {
+    success: true,
+    output: `[E2B] Executed ${toolCall.tool} in sandbox ${sandbox.id}`,
+    durationMs: Date.now() - start
+  };
+}
+function evaluatePolicy(tool, policy) {
+  if (!policy) return "allow";
+  const tools = policy.tools;
+  if (!tools) return "allow";
+  const toolPolicy = tools[tool] || tools["*"];
+  if (!toolPolicy) return "allow";
+  if (toolPolicy.block) return "deny";
+  if (toolPolicy.require_approval) return "require_approval";
+  return "allow";
+}
+// src/evidence-authenticity.ts
+var import_node_crypto7 = require("crypto");
+async function createEvidenceAttestation(input) {
+  const tlsNotaryAvailable = await isTLSNotaryAvailable();
+  if (tlsNotaryAvailable) {
+    return createTLSNotaryAttestation(input);
+  }
+  return {
+    version: "0.1-beta",
+    method: "self-reported",
+    url: input.url,
+    httpMethod: input.httpMethod || "GET",
+    responseHash: input.responseHash,
+    statusCode: input.statusCode || 200,
+    fetchedAt: input.timestamp || (/* @__PURE__ */ new Date()).toISOString(),
+    verified: false,
+    verificationNote: "Self-reported attestation. No third-party verification. TLSNotary integration planned for Q3 2026."
+  };
+}
+async function verifyEvidenceAttestation(attestation) {
+  switch (attestation.method) {
+    case "self-reported":
+      return {
+        valid: false,
+        method: "self-reported",
+        note: "Self-reported attestation cannot be independently verified. The response hash is included for integrity checking if the original data is available."
+      };
+    case "tlsnotary":
+      if (!attestation.notaryPublicKey || !attestation.notarySignature) {
+        return {
+          valid: false,
+          method: "tlsnotary",
+          note: "TLSNotary attestation is missing notary public key or signature."
+        };
+      }
+      return {
+        valid: false,
+        method: "tlsnotary",
+        note: "TLSNotary verification not yet implemented. Attestation format is correct but signature cannot be checked."
+      };
+    case "oracle":
+      return {
+        valid: attestation.verified,
+        method: "oracle",
+        note: attestation.verified ? "Attestation verified by oracle service." : "Oracle verification pending or failed."
+      };
+    case "witness":
+      return {
+        valid: attestation.verified,
+        method: "witness",
+        note: attestation.verified ? "Attestation witnessed by independent third party." : "Witness verification pending."
+      };
+    default:
+      return {
+        valid: false,
+        method: "unknown",
+        note: "Unknown attestation method."
+      };
+  }
+}
+function hashResponseBody(body) {
+  return (0, import_node_crypto7.createHash)("sha256").update(typeof body === "string" ? body : body).digest("hex");
+}
+function createAttestationField(attestation) {
+  return {
+    evidence_authenticity: {
+      version: attestation.version,
+      method: attestation.method,
+      url_hash: (0, import_node_crypto7.createHash)("sha256").update(attestation.url).digest("hex").slice(0, 16),
+      response_hash: attestation.responseHash,
+      fetched_at: attestation.fetchedAt,
+      verified: attestation.verified,
+      note: attestation.verificationNote
+    }
+  };
+}
+async function isTLSNotaryAvailable() {
+  try {
+    await import("tlsn-js");
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function createTLSNotaryAttestation(input) {
+  return {
+    version: "0.1-beta",
+    method: "tlsnotary",
+    url: input.url,
+    httpMethod: input.httpMethod || "GET",
+    responseHash: input.responseHash,
+    statusCode: input.statusCode || 200,
+    fetchedAt: input.timestamp || (/* @__PURE__ */ new Date()).toISOString(),
+    verified: false,
+    verificationNote: "TLSNotary SDK integration in progress. Attestation format is stable; verification will be enabled in a future release."
+  };
+}
+// src/c2pa-credentials.ts
+var import_node_crypto8 = require("crypto");
+function createC2PAManifest(receipts, options) {
+  const generator = options.generator || "protect-mcp";
+  const version = options.version || "0.3.3";
+  const decisions = receipts.filter(
+    (r) => r.receipt_type?.includes("decision") || r.type?.includes("decision")
+  );
+  const allows = decisions.filter(
+    (r) => r.payload?.decision === "allow"
+  );
+  const denies = decisions.filter(
+    (r) => r.payload?.decision === "deny"
+  );
+  const receiptHashes = receipts.map(
+    (r) => (0, import_node_crypto8.createHash)("sha256").update(JSON.stringify(r)).digest("hex")
+  );
+  const merkleRoot = computeMerkleRoot(receiptHashes);
+  const assertions = [
+    // Acta decision provenance — the core assertion
+    {
+      label: "acta.decision-provenance",
+      data: {
+        protocol: "veritas-acta",
+        protocol_version: "0.1",
+        ietf_draft: "draft-farley-acta-signed-receipts-00",
+        receipt_count: receipts.length,
+        decision_count: decisions.length,
+        allows: allows.length,
+        denies: denies.length,
+        merkle_root: merkleRoot,
+        signing_algorithm: "Ed25519",
+        canonicalization: "JCS (RFC 8785)",
+        verifier: "npx @veritasacta/verify",
+        verify_url: "https://scopeblind.com/verify",
+        trace_url: "https://scopeblind.com/trace"
+      }
+    },
+    // Policy compliance assertion
+    {
+      label: "acta.policy-compliance",
+      data: {
+        policy_violations: denies.length,
+        total_decisions: decisions.length,
+        compliance_rate: decisions.length > 0 ? (allows.length / decisions.length * 100).toFixed(1) + "%" : "N/A",
+        policy_engine: "Cedar + JSON",
+        human_approvals: receipts.filter(
+          (r) => r.receipt_type?.includes("approval") || r.type?.includes("approval")
+        ).length
+      }
+    },
+    // Standard C2PA actions
+    {
+      label: "c2pa.actions",
+      data: {
+        actions: [
+          {
+            action: "c2pa.created",
+            when: (/* @__PURE__ */ new Date()).toISOString(),
+            softwareAgent: `${generator}/${version}`,
+            parameters: {
+              description: "Content generated by AI agent with ScopeBlind governance"
+            }
+          }
+        ]
+      }
+    }
+  ];
+  if (options.includeFullReceipts) {
+    assertions.push({
+      label: "acta.receipt-chain",
+      data: {
+        receipts: receipts.map((r) => ({
+          id: r.receipt_id || r.id,
+          type: r.receipt_type || r.type,
+          tool: r.payload?.tool_name,
+          decision: r.payload?.decision,
+          timestamp: r.timestamp || r.event_time
+        }))
+      }
+    });
+  } else {
+    assertions.push({
+      label: "acta.receipt-chain",
+      data: {
+        receipt_hashes: receiptHashes,
+        merkle_root: merkleRoot,
+        note: "Full receipts available via verify URL. Hashes provided for integrity verification."
+      },
+      is_hash: true
+    });
+  }
+  if (options.additionalAssertions) {
+    assertions.push(...options.additionalAssertions);
+  }
+  return {
+    claim_generator: `${generator}/${version}`,
+    claim_generator_info: [
+      {
+        name: generator,
+        version
+      }
+    ],
+    title: options.title,
+    assertions
+  };
+}
+function exportC2PAManifestJSON(manifest) {
+  return JSON.stringify(manifest, null, 2);
+}
+function generateC2PACommand(manifestPath, inputPath, outputPath) {
+  return `c2patool ${inputPath} -m ${manifestPath} -o ${outputPath}`;
+}
+function verifyActaC2PAAssertions(c2paManifestJson) {
+  try {
+    const manifest = JSON.parse(c2paManifestJson);
+    const assertions = manifest.assertions || [];
+    const provenanceAssertion = assertions.find(
+      (a) => a.label === "acta.decision-provenance"
+    );
+    const complianceAssertion = assertions.find(
+      (a) => a.label === "acta.policy-compliance"
+    );
+    if (!provenanceAssertion) {
+      return {
+        hasActaProvenance: false,
+        receiptCount: 0,
+        merkleRoot: null,
+        complianceRate: null,
+        verifyUrl: null
+      };
+    }
+    return {
+      hasActaProvenance: true,
+      receiptCount: provenanceAssertion.data.receipt_count || 0,
+      merkleRoot: provenanceAssertion.data.merkle_root || null,
+      complianceRate: complianceAssertion ? complianceAssertion.data.compliance_rate : null,
+      verifyUrl: provenanceAssertion.data.verify_url || null
+    };
+  } catch {
+    return {
+      hasActaProvenance: false,
+      receiptCount: 0,
+      merkleRoot: null,
+      complianceRate: null,
+      verifyUrl: null
+    };
+  }
+}
+function computeMerkleRoot(hashes) {
+  if (hashes.length === 0) return "";
+  if (hashes.length === 1) return hashes[0];
+  const nextLevel = [];
+  for (let i = 0; i < hashes.length; i += 2) {
+    const left = hashes[i];
+    const right = i + 1 < hashes.length ? hashes[i + 1] : left;
+    nextLevel.push(
+      (0, import_node_crypto8.createHash)("sha256").update(left + right).digest("hex")
+    );
+  }
+  return computeMerkleRoot(nextLevel);
+}
+// src/prediction-bridge.ts
+function computeCalibration(predictions, resolutions) {
+  let totalSquaredError = 0;
+  let resolved = 0;
+  const buckets = /* @__PURE__ */ new Map();
+  for (const pred of predictions) {
+    const resolution = resolutions.get(pred.receipt_id);
+    if (!resolution || resolution.payload.resolution_value === "ambiguous") continue;
+    resolved++;
+    const actual = resolution.payload.resolution_value === "true" ? 1 : 0;
+    const error = (pred.payload.probability - actual) ** 2;
+    totalSquaredError += error;
+    const bucketKey = `${Math.floor(pred.payload.probability * 10) / 10}-${Math.ceil(pred.payload.probability * 10) / 10}`;
+    const bucket = buckets.get(bucketKey) || { sum: 0, actual: 0, count: 0 };
+    bucket.sum += pred.payload.probability;
+    bucket.actual += actual;
+    bucket.count++;
+    buckets.set(bucketKey, bucket);
+  }
+  return {
+    total_predictions: predictions.length,
+    resolved,
+    brier_score: resolved > 0 ? totalSquaredError / resolved : 0,
+    calibration_buckets: Array.from(buckets.entries()).map(([bucket, data]) => ({
+      bucket,
+      predicted_probability: data.sum / data.count,
+      actual_frequency: data.actual / data.count,
+      count: data.count
+    }))
+  };
+}
+function toMetaculusFormat(prediction) {
+  return {
+    prediction_value: prediction.payload.probability,
+    acta_receipt_id: prediction.receipt_id,
+    acta_signature: prediction.signature
+  };
+}
+function toManifoldFormat(prediction) {
+  return {
+    probability: prediction.payload.probability,
+    acta_receipt_id: prediction.receipt_id,
+    acta_signature: prediction.signature
+  };
+}
+// src/agent-exchange.ts
+var import_node_crypto9 = require("crypto");
+var ReceiptPropagator = class {
+  issuer;
+  signer;
+  receipts = /* @__PURE__ */ new Map();
+  delegationCallCounts = /* @__PURE__ */ new Map();
+  constructor(config) {
+    this.issuer = config.issuer;
+    this.signer = config.signer;
+  }
+  /**
+   * Create a delegation receipt authorizing another agent to use specific tools.
+   *
+   * @patent Patent-protected construction — delegated signing with receipt chain
+   * propagation. Covered by Apache 2.0 patent grant for users of this code.
+   * Clean-room reimplementation requires a patent license.
+   * @see {@link https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/}
+   */
+  delegate(delegateId, options) {
+    const now = /* @__PURE__ */ new Date();
+    const receipt = {
+      receipt_id: `del_${(0, import_node_crypto9.randomUUID)().slice(0, 12)}`,
+      receipt_type: "delegation",
+      issuer_id: this.issuer,
+      event_time: now.toISOString(),
+      payload: {
+        delegate_id: delegateId,
+        authorized_tools: options.tools,
+        scope: options.scope,
+        ttl: options.ttl,
+        expires_at: new Date(now.getTime() + options.ttl * 1e3).toISOString(),
+        max_calls: options.maxCalls,
+        allow_subdelegation: options.allowSubdelegation ?? false
+      },
+      parent_receipts: options.parentReceipts || []
+    };
+    if (this.signer) {
+      const signed = this.signer(receipt);
+      Object.assign(receipt, signed);
+    }
+    this.receipts.set(receipt.receipt_id, receipt);
+    this.delegationCallCounts.set(receipt.receipt_id, 0);
+    return receipt;
+  }
+  /**
+   * Wrap a tool call with a receipt that references the delegation.
+   * Validates the delegation is still valid (not expired, within call limit,
+   * tool is authorized).
+   *
+   * @patent Patent-protected construction — delegated signing with receipt chain
+   * propagation. Covered by Apache 2.0 patent grant for users of this code.
+   * Clean-room reimplementation requires a patent license.
+   * @see {@link https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/}
+   */
+  wrapAction(toolName, options) {
+    const delegation = this.receipts.get(options.delegation_receipt);
+    let decision = "allow";
+    if (!delegation) {
+      decision = "deny";
+    } else if (delegation.receipt_type !== "delegation") {
+      decision = "deny";
+    } else {
+      if (new Date(delegation.payload.expires_at) < /* @__PURE__ */ new Date()) {
+        decision = "deny";
+      }
+      if (!delegation.payload.authorized_tools.includes(toolName) && !delegation.payload.authorized_tools.includes("*")) {
+        decision = "deny";
+      }
+      if (delegation.payload.max_calls !== void 0) {
+        const count = this.delegationCallCounts.get(options.delegation_receipt) || 0;
+        if (count >= delegation.payload.max_calls) {
+          decision = "deny";
+        }
+      }
+    }
+    const currentCount = this.delegationCallCounts.get(options.delegation_receipt) || 0;
+    this.delegationCallCounts.set(options.delegation_receipt, currentCount + 1);
+    const receipt = {
+      receipt_id: `act_${(0, import_node_crypto9.randomUUID)().slice(0, 12)}`,
+      receipt_type: "execution",
+      issuer_id: this.issuer,
+      event_time: (/* @__PURE__ */ new Date()).toISOString(),
+      payload: {
+        tool_name: toolName,
+        decision,
+        delegation_receipt: options.delegation_receipt,
+        scope: delegation?.payload.scope || "unknown",
+        call_index: currentCount + 1
+      },
+      parent_receipts: [options.delegation_receipt]
+    };
+    if (this.signer) {
+      const signed = this.signer(receipt);
+      Object.assign(receipt, signed);
+    }
+    this.receipts.set(receipt.receipt_id, receipt);
+    return receipt;
+  }
+  /**
+   * Trace the full receipt chain from a given receipt back to the root delegation.
+   *
+   * @patent Patent-protected construction — delegated signing with receipt chain
+   * propagation. Covered by Apache 2.0 patent grant for users of this code.
+   * Clean-room reimplementation requires a patent license.
+   * @see {@link https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/}
+   */
+  traceChain(receiptId) {
+    const chain = [];
+    const visited = /* @__PURE__ */ new Set();
+    const walk = (id) => {
+      if (visited.has(id)) return;
+      visited.add(id);
+      const receipt = this.receipts.get(id);
+      if (!receipt) return;
+      for (const parentId of receipt.parent_receipts) {
+        walk(parentId);
+      }
+      chain.push(receipt);
+    };
+    walk(receiptId);
+    return chain;
+  }
+  /**
+   * Export all receipts as a JSON array (for verification, archival, or Trace visualization).
+   */
+  exportAll() {
+    return Array.from(this.receipts.values());
+  }
+  /**
+   * Validate that a delegation chain is intact and all signatures verify.
+   *
+   * @patent Patent-protected construction — delegated signing with receipt chain
+   * propagation. Covered by Apache 2.0 patent grant for users of this code.
+   * Clean-room reimplementation requires a patent license.
+   * @see {@link https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/}
+   */
+  validateChain(receiptId) {
+    const chain = this.traceChain(receiptId);
+    const issues = [];
+    if (chain.length === 0) {
+      return { valid: false, chain_length: 0, issues: ["Receipt not found"] };
+    }
+    let sawAction = false;
+    for (const receipt of chain) {
+      if (receipt.receipt_type === "delegation" && sawAction) {
+        issues.push(`Delegation ${receipt.receipt_id} appears after action in chain`);
+      }
+      if (receipt.receipt_type === "execution") sawAction = true;
+    }
+    for (const receipt of chain) {
+      for (const parentId of receipt.parent_receipts) {
+        if (!this.receipts.has(parentId)) {
+          issues.push(`Missing parent receipt: ${parentId}`);
+        }
+      }
+    }
+    return {
+      valid: issues.length === 0,
+      chain_length: chain.length,
+      issues
+    };
+  }
+};
+function createReceiptChannel(orchestratorId) {
+  const propagator = new ReceiptPropagator({ issuer: orchestratorId });
+  return {
+    propagator,
+    async withDelegation(delegateId, tools, fn, options) {
+      const delegation = propagator.delegate(delegateId, {
+        tools,
+        scope: options?.scope || `task-${(0, import_node_crypto9.randomUUID)().slice(0, 8)}`,
+        ttl: options?.ttl || 3600,
+        maxCalls: options?.maxCalls
+      });
+      const result = await fn({ delegation, propagator });
+      return {
+        result,
+        delegation,
+        chain: propagator.exportAll()
+      };
+    }
+  };
+}
+// src/confidential.ts
+var ConfidentialGate = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Evaluate an attestation document and determine the resulting trust tier.
+   */
+  evaluateAttestation(doc) {
+    if (!this.config.accepted_providers.includes(doc.provider)) {
+      return {
+        accepted: false,
+        tier: "unknown",
+        provider: doc.provider,
+        reason: `Provider ${doc.provider} not in accepted list: ${this.config.accepted_providers.join(", ")}`
+      };
+    }
+    if (this.config.max_attestation_age) {
+      const age = (Date.now() - new Date(doc.timestamp).getTime()) / 1e3;
+      if (age > this.config.max_attestation_age) {
+        return {
+          accepted: false,
+          tier: "unknown",
+          provider: doc.provider,
+          reason: `Attestation expired: age ${Math.floor(age)}s exceeds max ${this.config.max_attestation_age}s`
+        };
+      }
+    }
+    if (this.config.expected_measurements) {
+      for (const [key, expected] of Object.entries(this.config.expected_measurements)) {
+        const actual = doc.measurements[key];
+        if (actual !== expected) {
+          return {
+            accepted: false,
+            tier: "signed",
+            provider: doc.provider,
+            reason: `Measurement mismatch: ${key} expected ${expected}, got ${actual || "missing"}`
+          };
+        }
+      }
+    }
+    return {
+      accepted: true,
+      tier: "privileged",
+      provider: doc.provider,
+      reason: `Attestation verified: ${doc.provider} enclave with valid measurements`
+    };
+  }
+  /**
+   * Check if an agent's current tier requires attestation.
+   */
+  requiresAttestation(currentTier) {
+    if (!this.config.require_attestation) return false;
+    const tierOrder = ["unknown", "signed", "evidenced", "privileged"];
+    const requiredIdx = tierOrder.indexOf(this.config.min_trust_tier);
+    const currentIdx = tierOrder.indexOf(currentTier);
+    return currentIdx >= requiredIdx;
+  }
+  /**
+   * Generate an attestation receipt documenting the evaluation.
+   */
+  toReceipt(result, agentId) {
+    return {
+      receipt_type: "attestation",
+      issuer_id: "confidential-gate",
+      event_time: (/* @__PURE__ */ new Date()).toISOString(),
+      payload: {
+        agent_id: agentId,
+        provider: result.provider,
+        accepted: result.accepted,
+        resulting_tier: result.tier,
+        reason: result.reason
+      }
+    };
+  }
+};
+async function confidentialInference(_prompt, _config) {
+  throw new Error(
+    "Confidential inference requires a TEE/HE provider SDK. See docs at scopeblind.com/docs/confidential for setup instructions. Supported providers: Gramine (local_tee), Zama Concrete ML (homomorphic), NVIDIA Confidential Computing (secure_enclave)."
+  );
+}
+// src/demo-server.ts
+var import_node_readline2 = require("readline");
+var TOOLS = [
+  {
+    name: "read_file",
+    description: "Read the contents of a file",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to read" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "write_file",
+    description: "Write content to a file",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "File path to write" },
+        content: { type: "string", description: "Content to write" }
+      },
+      required: ["path", "content"]
+    }
+  },
+  {
+    name: "delete_file",
+    description: "Delete a file from the filesystem",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to delete" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "web_search",
+    description: "Search the web for information",
+    inputSchema: {
+      type: "object",
+      properties: { query: { type: "string", description: "Search query" } },
+      required: ["query"]
+    }
+  },
+  {
+    name: "deploy",
+    description: "Deploy the application to production",
+    inputSchema: {
+      type: "object",
+      properties: {
+        environment: { type: "string", description: "Target environment", enum: ["staging", "production"] },
+        reason: { type: "string", description: "Deployment reason" }
+      },
+      required: ["environment"]
+    }
+  }
+];
+function handleRequest(request) {
+  if (request.method === "initialize") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        protocolVersion: "2024-11-05",
+        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        capabilities: { tools: {} }
+      }
+    });
+  }
+  if (request.method === "notifications/initialized") {
+    return "";
+  }
+  if (request.method === "tools/list") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: { tools: TOOLS }
+    });
+  }
+  if (request.method === "tools/call") {
+    const toolName = request.params?.name || "unknown";
+    const args = request.params?.arguments || {};
+    let resultText;
+    switch (toolName) {
+      case "read_file":
+        resultText = `[demo] Read file: ${args.path || "/example.txt"}
+Contents: Hello from protect-mcp demo server!`;
+        break;
+      case "write_file":
+        resultText = `[demo] Wrote ${String(args.content || "").length} bytes to ${args.path || "/example.txt"}`;
+        break;
+      case "delete_file":
+        resultText = `[demo] Deleted file: ${args.path || "/example.txt"}`;
+        break;
+      case "web_search":
+        resultText = `[demo] Search results for "${args.query || "test"}":
+1. Example result \u2014 scopeblind.com
+2. MCP security \u2014 modelcontextprotocol.io`;
+        break;
+      case "deploy":
+        resultText = `[demo] Deployed to ${args.environment || "staging"}${args.reason ? ` (reason: ${args.reason})` : ""}`;
+        break;
+      default:
+        resultText = `[demo] Unknown tool: ${toolName}`;
+    }
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        content: [{ type: "text", text: resultText }]
+      }
+    });
+  }
+  if (request.id !== void 0) {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      error: { code: -32601, message: `Method not found: ${request.method}` }
+    });
+  }
+  return "";
+}
+var rl = (0, import_node_readline2.createInterface)({ input: process.stdin, crlfDelay: Infinity });
+rl.on("line", (line) => {
+  const trimmed = line.trim();
+  if (!trimmed) return;
+  try {
+    const request = JSON.parse(trimmed);
+    const response = handleRequest(request);
+    if (response) {
+      process.stdout.write(response + "\n");
+    }
+  } catch {
+  }
+});
+process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");
+function createSandboxServer() {
+  return {
+    tools: TOOLS,
+    handleRequest
+  };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  ConfidentialGate,
   ProtectGateway,
+  ReceiptPropagator,
+  anchorToRekor,
   buildDecisionContext,
   checkRateLimit,
   collectSignedReceipts,
+  computeCalibration,
+  confidentialInference,
+  createApprovalChallenge,
+  createApprovalReceiptPayload,
+  createAttestationField,
   createAuditBundle,
+  createC2PAManifest,
+  createDisclosurePackage,
+  createEvidenceAttestation,
+  createLogAnchorField,
+  createReceiptChannel,
+  createSandbox,
+  createSandboxServer,
+  destroySandbox,
+  ed25519ToDIDKey,
   evaluateTier,
+  exportC2PAManifestJSON,
+  exportJSONL,
   formatReportMarkdown,
   formatSimulation,
+  generateC2PACommand,
+  generateDatasetCard,
+  generateHFMetadata,
   generateReport,
+  generateSafetyTranscript,
   getSignerInfo,
   getToolPolicy,
+  hashReceipt,
+  hashResponseBody,
   initSigning,
   isAgentId,
   isDisclosureMode,
@@ -1823,14 +3652,31 @@ function validateEvidenceReceipt(receipt) {
   isSigningEnabled,
   listCredentialLabels,
   loadPolicy,
+  manifestToVC,
   meetsMinTier,
   parseLogFile,
+  parseNotificationConfigFromEnv,
   parseRateLimit,
   queryExternalPDP,
+  receiptToVP,
+  receiptsToHFRows,
+  redactFields,
   resolveCredential,
+  revealField,
+  runInSandbox,
+  sendApprovalNotification,
   signDecision,
   simulate,
+  toCredentialRequestOptions,
+  toManifoldFormat,
+  toMetaculusFormat,
   validateCredentials,
   validateEvidenceReceipt,
-  validateManifest
+  validateManifest,
+  verifyActaC2PAAssertions,
+  verifyAllCommitments,
+  verifyApprovalAssertion,
+  verifyCommitment,
+  verifyEvidenceAttestation,
+  verifyRekorAnchor
 });