protect-mcp 0.5.1 → 0.5.3

package/README.md

@@ -248,9 +248,9 @@ Self-contained offline-verifiable bundle with receipts + signing keys. Verify wi
 
 ## Standards & IP
 
-- **IETF Internet-Draft**: [draft-farley-acta-signed-receipts-00](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/) — Signed Decision Receipts for Machine-to-Machine Access Control
+- **IETF Internet-Draft**: [draft-farley-acta-signed-receipts-01](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/) — Signed Decision Receipts for Machine-to-Machine Access Control
 - **Patent Status**: 4 Australian provisional patents pending (2025-2026) covering decision receipts with configurable disclosure, tool-calling gateway, agent manifests, and portable identity
-- **Verification**: MIT-licensed — `npx @veritasacta/verify --self-test`
+- **Verification**: Apache-2.0 — `npx @veritasacta/verify --self-test`
 - **Microsoft AGT Integration**: [PR #667](https://github.com/microsoft/agent-governance-toolkit/pull/667) — Cedar policy bridge for Agent Governance Toolkit
 
 ## License

package/dist/{chunk-IUFFDQYZ.mjs → chunk-BYYWYSHM.mjs}

@@ -7,7 +7,7 @@ import {
   parseRateLimit,
   signDecision,
   startStatusServer
-} from "./chunk-V52W3XIN.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/evidence-store.ts
 import { readFileSync, writeFileSync, existsSync } from "fs";

package/dist/{chunk-YKM6W6T7.mjs → chunk-GQWJCHQV.mjs}

@@ -1,11 +1,11 @@
 import {
   meetsMinTier
-} from "./chunk-IUFFDQYZ.mjs";
+} from "./chunk-BYYWYSHM.mjs";
 import {
   checkRateLimit,
   getToolPolicy,
   parseRateLimit
-} from "./chunk-V52W3XIN.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/simulate.ts
 import { readFileSync } from "fs";

package/dist/{chunk-IAJJA5IW.mjs → chunk-HFM6K7E4.mjs}

@@ -11,7 +11,7 @@ import {
   loadPolicy,
   parseRateLimit,
   signDecision
-} from "./chunk-V52W3XIN.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/hook-server.ts
 import { createServer } from "http";

package/dist/{chunk-UEHLYOJY.mjs → chunk-NMZPXXL3.mjs}

@@ -272,6 +272,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**

package/dist/{chunk-V52W3XIN.mjs → chunk-YTBC72JJ.mjs}

@@ -130,7 +130,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -138,6 +145,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,
@@ -232,7 +245,7 @@ function buildEntities(req) {
     }
   ];
 }
-async function evaluateCedar(policySet, req) {
+async function evaluateCedar(policySet, req, schema) {
   const available = await ensureCedarWasm();
   if (!available) {
     return {
@@ -243,16 +256,21 @@ async function evaluateCedar(policySet, req) {
   }
   try {
     const agentId = req.agentId || req.tier;
+    const context = {
+      tier: req.tier,
+      ...req.context || {}
+    };
+    if (req.toolInput && Object.keys(req.toolInput).length > 0) {
+      context.input = req.toolInput;
+    }
     const authRequest = {
       principal: { type: "Agent", id: agentId },
       action: { type: "Action", id: "MCP::Tool::call" },
       resource: { type: "Tool", id: req.tool },
-      context: {
-        tier: req.tier,
-        ...req.context || {}
-      }
+      context
     };
     const entities = buildEntities(req);
+    const cedarSchema = schema?.schemaJson ?? null;
     let result;
     if (typeof cedarWasm.isAuthorized === "function") {
       result = cedarWasm.isAuthorized({
@@ -262,8 +280,7 @@ async function evaluateCedar(policySet, req) {
         action: authRequest.action,
         resource: authRequest.resource,
         context: authRequest.context,
-        schema: null
-        // No schema enforcement — Cedar still evaluates correctly
+        schema: cedarSchema
       });
     } else if (typeof cedarWasm.checkAuthorization === "function") {
       result = cedarWasm.checkAuthorization(
@@ -281,7 +298,7 @@ async function evaluateCedar(policySet, req) {
           action: authRequest.action,
           resource: authRequest.resource,
           context: authRequest.context,
-          schema: null
+          schema: cedarSchema
         });
       } else {
         return {

package/dist/cli.js

@@ -411,7 +411,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -419,6 +426,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,
@@ -682,7 +695,7 @@ function buildEntities(req) {
     }
   ];
 }
-async function evaluateCedar(policySet, req) {
+async function evaluateCedar(policySet, req, schema) {
   const available = await ensureCedarWasm();
   if (!available) {
     return {
@@ -693,16 +706,21 @@ async function evaluateCedar(policySet, req) {
   }
   try {
     const agentId = req.agentId || req.tier;
+    const context = {
+      tier: req.tier,
+      ...req.context || {}
+    };
+    if (req.toolInput && Object.keys(req.toolInput).length > 0) {
+      context.input = req.toolInput;
+    }
     const authRequest = {
       principal: { type: "Agent", id: agentId },
       action: { type: "Action", id: "MCP::Tool::call" },
       resource: { type: "Tool", id: req.tool },
-      context: {
-        tier: req.tier,
-        ...req.context || {}
-      }
+      context
     };
     const entities = buildEntities(req);
+    const cedarSchema = schema?.schemaJson ?? null;
     let result;
     if (typeof cedarWasm.isAuthorized === "function") {
       result = cedarWasm.isAuthorized({
@@ -712,8 +730,7 @@ async function evaluateCedar(policySet, req) {
         action: authRequest.action,
         resource: authRequest.resource,
         context: authRequest.context,
-        schema: null
-        // No schema enforcement — Cedar still evaluates correctly
+        schema: cedarSchema
       });
     } else if (typeof cedarWasm.checkAuthorization === "function") {
       result = cedarWasm.checkAuthorization(
@@ -731,7 +748,7 @@ async function evaluateCedar(policySet, req) {
           action: authRequest.action,
           resource: authRequest.resource,
           context: authRequest.context,
-          schema: null
+          schema: cedarSchema
         });
       } else {
         return {
@@ -4540,6 +4557,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**
@@ -6047,6 +6066,7 @@ function formatSimulation(summary) {
 
 // src/cli.ts
 init_cedar_evaluator();
+var import_meta = {};
 function printHelp() {
   process.stderr.write(`
 protect-mcp \u2014 Enterprise security gateway for MCP servers & Claude Code hooks
@@ -6055,7 +6075,8 @@ Usage:
   protect-mcp [options] -- <command> [args...]
   protect-mcp serve [--port <port>] [--enforce] [--policy <path>] [--cedar <dir>]
   protect-mcp init-hooks [--dir <path>] [--port <port>]
-  protect-mcp quickstart
+  protect-mcp quickstart [--connect]
+  protect-mcp connect
   protect-mcp init [--dir <path>]
   protect-mcp demo
   protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]
@@ -6080,6 +6101,7 @@ Commands:
   serve             Start HTTP hook server for Claude Code integration (port 9377)
   init-hooks        Generate Claude Code hook config + skill + sample Cedar policy
   quickstart        Zero-config onboarding: init + demo + show receipts in one command
+  connect           Create a ScopeBlind sandbox dashboard and configure receipt upload
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
   doctor            Check your setup: keys, policies, verifier, API connectivity
@@ -6094,6 +6116,8 @@ Examples:
   protect-mcp serve --enforce --cedar ./cedar  # Enforce Cedar policies
   protect-mcp init-hooks                       # One-command Claude Code setup
   protect-mcp quickstart
+  protect-mcp quickstart --connect               # Quickstart + create dashboard
+  protect-mcp connect                             # Connect existing setup to dashboard
   protect-mcp -- node my-server.js
   protect-mcp init
   protect-mcp demo
@@ -6675,7 +6699,83 @@ ${bold("protect-mcp bundle")}
 
 `);
 }
-async function handleQuickstart() {
+async function createSandbox() {
+  const { mkdirSync, writeFileSync: writeFileSync2, existsSync: existsSync7, readFileSync: readFileSync9 } = await import("fs");
+  const { join: join6 } = await import("path");
+  const { homedir } = await import("os");
+  let response;
+  try {
+    response = await fetch("https://api.scopeblind.com/sandbox/create", { method: "POST" });
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  if (!response.ok) {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  let data;
+  try {
+    data = await response.json();
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (unexpected response).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  const dashboardUrl = `https://scopeblind.com/t/${data.slug}`;
+  const configDir = join6(homedir(), ".protect-mcp");
+  if (!existsSync7(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const configPath = join6(configDir, "config.json");
+  let existing = {};
+  if (existsSync7(configPath)) {
+    try {
+      existing = JSON.parse(readFileSync9(configPath, "utf-8"));
+    } catch {
+    }
+  }
+  writeFileSync2(configPath, JSON.stringify({
+    ...existing,
+    sandbox_slug: data.slug,
+    dashboard_url: dashboardUrl
+  }, null, 2) + "\n");
+  return dashboardUrl;
+}
+async function handleConnect() {
+  process.stderr.write(`
+${bold("protect-mcp connect")}
+`);
+  process.stderr.write(`${"\u2500".repeat(50)}
+
+`);
+  process.stderr.write(`  Creating ScopeBlind sandbox dashboard...
+
+`);
+  const dashboardUrl = await createSandbox();
+  if (dashboardUrl) {
+    process.stderr.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+    process.stderr.write(`    Receipts will be uploaded automatically.
+`);
+    process.stderr.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+    process.stderr.write(`
+${"\u2500".repeat(50)}
+
+`);
+  }
+}
+async function handleQuickstart(argv) {
+  const connectFlag = argv.includes("--connect");
   const { mkdtempSync, writeFileSync: writeFileSync2, existsSync: existsSync7, mkdirSync, readFileSync: readFileSync9 } = await import("fs");
   const { join: join6 } = await import("path");
   const { tmpdir } = await import("os");
@@ -6695,9 +6795,13 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  3. Start a demo MCP server with protect-mcp wrapping it
 `);
   process.stdout.write(`  4. Log signed receipts for every tool call
-
 `);
-  process.stdout.write(`  Working dir: ${dir}
+  if (connectFlag) {
+    process.stdout.write(`  5. Create a ScopeBlind dashboard for receipt viewing
+`);
+  }
+  process.stdout.write(`
+  Working dir: ${dir}
 
 `);
   const keysDir = join6(dir, "keys");
@@ -6748,6 +6852,24 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  \u2713 Signing enabled (Ed25519)
 
 `);
+  if (connectFlag) {
+    process.stdout.write(`${bold("Connecting to ScopeBlind dashboard...")}
+
+`);
+    const dashboardUrl = await createSandbox();
+    if (dashboardUrl) {
+      const updatedConfig = { ...config, dashboard_url: dashboardUrl };
+      writeFileSync2(configPath, JSON.stringify(updatedConfig, null, 2) + "\n");
+      process.stdout.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+      process.stdout.write(`    Receipts will be uploaded automatically.
+`);
+      process.stdout.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+      process.stdout.write(`
+`);
+    }
+  }
   process.stdout.write(`${bold("Starting demo server...")}
 
 `);
@@ -7149,7 +7271,55 @@ ${bold("protect-mcp init-hooks")}
 
 `);
 }
+async function sendInstallTelemetry() {
+  try {
+    const { existsSync: existsSync7, mkdirSync, writeFileSync: writeFileSync2, readFileSync: readFileSync9 } = await import("fs");
+    const { join: join6, dirname } = await import("path");
+    const { homedir } = await import("os");
+    const { fileURLToPath } = await import("url");
+    const markerDir = join6(homedir(), ".protect-mcp");
+    const markerFile = join6(markerDir, ".telemetry-sent");
+    if (existsSync7(markerFile) || process.env.PROTECT_MCP_TELEMETRY === "off") {
+      return;
+    }
+    let version = "unknown";
+    try {
+      const thisDir = dirname(fileURLToPath(import_meta.url));
+      const pkgPath = join6(thisDir, "..", "package.json");
+      if (existsSync7(pkgPath)) {
+        version = JSON.parse(readFileSync9(pkgPath, "utf-8")).version;
+      }
+    } catch {
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 3e3);
+    fetch("https://api.scopeblind.com/telemetry/install", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        package: "protect-mcp",
+        version,
+        os: process.platform,
+        arch: process.arch,
+        node: process.version,
+        ts: Date.now()
+      }),
+      signal: controller.signal
+    }).catch(() => {
+    }).finally(() => clearTimeout(timeout));
+    if (!existsSync7(markerDir)) {
+      mkdirSync(markerDir, { recursive: true });
+    }
+    writeFileSync2(markerFile, String(Date.now()), "utf-8");
+    process.stderr.write(
+      "[protect-mcp] Anonymous install telemetry sent (disable: PROTECT_MCP_TELEMETRY=off)\n"
+    );
+  } catch {
+  }
+}
 async function main() {
+  sendInstallTelemetry().catch(() => {
+  });
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
     printHelp();
@@ -7177,9 +7347,13 @@ async function main() {
     process.exit(0);
   }
   if (args[0] === "quickstart") {
-    await handleQuickstart();
+    await handleQuickstart(args.slice(1));
     return;
   }
+  if (args[0] === "connect") {
+    await handleConnect();
+    process.exit(0);
+  }
   if (args[0] === "init") {
     await handleInit(args.slice(1));
     process.exit(0);