protect-mcp 0.5.1 → 0.5.3

package/dist/cli.mjs

@@ -3,17 +3,17 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-YKM6W6T7.mjs";
+} from "./chunk-GQWJCHQV.mjs";
 import {
   ProtectGateway,
   validateCredentials
-} from "./chunk-IUFFDQYZ.mjs";
+} from "./chunk-BYYWYSHM.mjs";
 import {
   initSigning,
   isCedarAvailable,
   loadCedarPolicies,
   loadPolicy
-} from "./chunk-V52W3XIN.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 
 // src/cli.ts
@@ -25,7 +25,8 @@ Usage:
   protect-mcp [options] -- <command> [args...]
   protect-mcp serve [--port <port>] [--enforce] [--policy <path>] [--cedar <dir>]
   protect-mcp init-hooks [--dir <path>] [--port <port>]
-  protect-mcp quickstart
+  protect-mcp quickstart [--connect]
+  protect-mcp connect
   protect-mcp init [--dir <path>]
   protect-mcp demo
   protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]
@@ -50,6 +51,7 @@ Commands:
   serve             Start HTTP hook server for Claude Code integration (port 9377)
   init-hooks        Generate Claude Code hook config + skill + sample Cedar policy
   quickstart        Zero-config onboarding: init + demo + show receipts in one command
+  connect           Create a ScopeBlind sandbox dashboard and configure receipt upload
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
   doctor            Check your setup: keys, policies, verifier, API connectivity
@@ -64,6 +66,8 @@ Examples:
   protect-mcp serve --enforce --cedar ./cedar  # Enforce Cedar policies
   protect-mcp init-hooks                       # One-command Claude Code setup
   protect-mcp quickstart
+  protect-mcp quickstart --connect               # Quickstart + create dashboard
+  protect-mcp connect                             # Connect existing setup to dashboard
   protect-mcp -- node my-server.js
   protect-mcp init
   protect-mcp demo
@@ -645,7 +649,83 @@ ${bold("protect-mcp bundle")}
 
 `);
 }
-async function handleQuickstart() {
+async function createSandbox() {
+  const { mkdirSync, writeFileSync, existsSync, readFileSync } = await import("fs");
+  const { join } = await import("path");
+  const { homedir } = await import("os");
+  let response;
+  try {
+    response = await fetch("https://api.scopeblind.com/sandbox/create", { method: "POST" });
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  if (!response.ok) {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  let data;
+  try {
+    data = await response.json();
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (unexpected response).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  const dashboardUrl = `https://scopeblind.com/t/${data.slug}`;
+  const configDir = join(homedir(), ".protect-mcp");
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const configPath = join(configDir, "config.json");
+  let existing = {};
+  if (existsSync(configPath)) {
+    try {
+      existing = JSON.parse(readFileSync(configPath, "utf-8"));
+    } catch {
+    }
+  }
+  writeFileSync(configPath, JSON.stringify({
+    ...existing,
+    sandbox_slug: data.slug,
+    dashboard_url: dashboardUrl
+  }, null, 2) + "\n");
+  return dashboardUrl;
+}
+async function handleConnect() {
+  process.stderr.write(`
+${bold("protect-mcp connect")}
+`);
+  process.stderr.write(`${"\u2500".repeat(50)}
+
+`);
+  process.stderr.write(`  Creating ScopeBlind sandbox dashboard...
+
+`);
+  const dashboardUrl = await createSandbox();
+  if (dashboardUrl) {
+    process.stderr.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+    process.stderr.write(`    Receipts will be uploaded automatically.
+`);
+    process.stderr.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+    process.stderr.write(`
+${"\u2500".repeat(50)}
+
+`);
+  }
+}
+async function handleQuickstart(argv) {
+  const connectFlag = argv.includes("--connect");
   const { mkdtempSync, writeFileSync, existsSync, mkdirSync, readFileSync } = await import("fs");
   const { join } = await import("path");
   const { tmpdir } = await import("os");
@@ -665,9 +745,13 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  3. Start a demo MCP server with protect-mcp wrapping it
 `);
   process.stdout.write(`  4. Log signed receipts for every tool call
-
 `);
-  process.stdout.write(`  Working dir: ${dir}
+  if (connectFlag) {
+    process.stdout.write(`  5. Create a ScopeBlind dashboard for receipt viewing
+`);
+  }
+  process.stdout.write(`
+  Working dir: ${dir}
 
 `);
   const keysDir = join(dir, "keys");
@@ -718,6 +802,24 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  \u2713 Signing enabled (Ed25519)
 
 `);
+  if (connectFlag) {
+    process.stdout.write(`${bold("Connecting to ScopeBlind dashboard...")}
+
+`);
+    const dashboardUrl = await createSandbox();
+    if (dashboardUrl) {
+      const updatedConfig = { ...config, dashboard_url: dashboardUrl };
+      writeFileSync(configPath, JSON.stringify(updatedConfig, null, 2) + "\n");
+      process.stdout.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+      process.stdout.write(`    Receipts will be uploaded automatically.
+`);
+      process.stdout.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+      process.stdout.write(`
+`);
+    }
+  }
   process.stdout.write(`${bold("Starting demo server...")}
 
 `);
@@ -1119,7 +1221,55 @@ ${bold("protect-mcp init-hooks")}
 
 `);
 }
+async function sendInstallTelemetry() {
+  try {
+    const { existsSync, mkdirSync, writeFileSync, readFileSync } = await import("fs");
+    const { join, dirname } = await import("path");
+    const { homedir } = await import("os");
+    const { fileURLToPath } = await import("url");
+    const markerDir = join(homedir(), ".protect-mcp");
+    const markerFile = join(markerDir, ".telemetry-sent");
+    if (existsSync(markerFile) || process.env.PROTECT_MCP_TELEMETRY === "off") {
+      return;
+    }
+    let version = "unknown";
+    try {
+      const thisDir = dirname(fileURLToPath(import.meta.url));
+      const pkgPath = join(thisDir, "..", "package.json");
+      if (existsSync(pkgPath)) {
+        version = JSON.parse(readFileSync(pkgPath, "utf-8")).version;
+      }
+    } catch {
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 3e3);
+    fetch("https://api.scopeblind.com/telemetry/install", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        package: "protect-mcp",
+        version,
+        os: process.platform,
+        arch: process.arch,
+        node: process.version,
+        ts: Date.now()
+      }),
+      signal: controller.signal
+    }).catch(() => {
+    }).finally(() => clearTimeout(timeout));
+    if (!existsSync(markerDir)) {
+      mkdirSync(markerDir, { recursive: true });
+    }
+    writeFileSync(markerFile, String(Date.now()), "utf-8");
+    process.stderr.write(
+      "[protect-mcp] Anonymous install telemetry sent (disable: PROTECT_MCP_TELEMETRY=off)\n"
+    );
+  } catch {
+  }
+}
 async function main() {
+  sendInstallTelemetry().catch(() => {
+  });
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
     printHelp();
@@ -1147,9 +1297,13 @@ async function main() {
     process.exit(0);
   }
   if (args[0] === "quickstart") {
-    await handleQuickstart();
+    await handleQuickstart(args.slice(1));
     return;
   }
+  if (args[0] === "connect") {
+    await handleConnect();
+    process.exit(0);
+  }
   if (args[0] === "init") {
     await handleInit(args.slice(1));
     process.exit(0);
@@ -1282,7 +1436,7 @@ async function main() {
   if (useHttp) {
     const portIdx = args.indexOf("--port");
     const httpPort = portIdx >= 0 && args[portIdx + 1] ? parseInt(args[portIdx + 1]) : 3e3;
-    const { startHttpTransport } = await import("./http-transport-GXIXLVJQ.mjs");
+    const { startHttpTransport } = await import("./http-transport-LNBENGXD.mjs");
     startHttpTransport({ port: httpPort, config, serverCommand: childCommand });
     return;
   }

package/dist/hook-patterns.js

@@ -299,6 +299,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**

package/dist/hook-patterns.mjs

@@ -3,7 +3,7 @@ import {
   generateHookSettings,
   generateSampleCedarPolicy,
   generateVerifyReceiptSkill
-} from "./chunk-UEHLYOJY.mjs";
+} from "./chunk-NMZPXXL3.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 export {
   BUILTIN_PATTERNS,

package/dist/hook-server.js

@@ -89,7 +89,7 @@ function buildEntities(req) {
     }
   ];
 }
-async function evaluateCedar(policySet, req) {
+async function evaluateCedar(policySet, req, schema) {
   const available = await ensureCedarWasm();
   if (!available) {
     return {
@@ -100,16 +100,21 @@ async function evaluateCedar(policySet, req) {
   }
   try {
     const agentId = req.agentId || req.tier;
+    const context = {
+      tier: req.tier,
+      ...req.context || {}
+    };
+    if (req.toolInput && Object.keys(req.toolInput).length > 0) {
+      context.input = req.toolInput;
+    }
     const authRequest = {
       principal: { type: "Agent", id: agentId },
       action: { type: "Action", id: "MCP::Tool::call" },
       resource: { type: "Tool", id: req.tool },
-      context: {
-        tier: req.tier,
-        ...req.context || {}
-      }
+      context
     };
     const entities = buildEntities(req);
+    const cedarSchema = schema?.schemaJson ?? null;
     let result;
     if (typeof cedarWasm.isAuthorized === "function") {
       result = cedarWasm.isAuthorized({
@@ -119,8 +124,7 @@ async function evaluateCedar(policySet, req) {
         action: authRequest.action,
         resource: authRequest.resource,
         context: authRequest.context,
-        schema: null
-        // No schema enforcement — Cedar still evaluates correctly
+        schema: cedarSchema
       });
     } else if (typeof cedarWasm.checkAuthorization === "function") {
       result = cedarWasm.checkAuthorization(
@@ -138,7 +142,7 @@ async function evaluateCedar(policySet, req) {
           action: authRequest.action,
           resource: authRequest.resource,
           context: authRequest.context,
-          schema: null
+          schema: cedarSchema
         });
       } else {
         return {
@@ -253,7 +257,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -261,6 +272,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,

package/dist/hook-server.mjs

@@ -1,7 +1,7 @@
 import {
   startHookServer
-} from "./chunk-IAJJA5IW.mjs";
-import "./chunk-V52W3XIN.mjs";
+} from "./chunk-HFM6K7E4.mjs";
+import "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 export {
   startHookServer

package/dist/{http-transport-GXIXLVJQ.mjs → http-transport-LNBENGXD.mjs}

@@ -1,7 +1,7 @@
 import {
   ProtectGateway
-} from "./chunk-IUFFDQYZ.mjs";
-import "./chunk-V52W3XIN.mjs";
+} from "./chunk-BYYWYSHM.mjs";
+import "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 
 // src/http-transport.ts

package/dist/index.d.mts

@@ -167,6 +167,13 @@ interface DecisionLog {
     plan_receipt_id?: string;
     /** Hook event that triggered this log entry */
     hook_event?: HookEventName;
+    /** IETF specification version — ties every receipt to the standard */
+    spec?: string;
+    /** Issuer certification level:
+     *  - "scopeblind:verified" = VOPRF-backed issuance (paid tier)
+     *  - "self-signed"         = local Ed25519 key (free tier, protect-mcp default)
+     *  - "uncertified"         = unsigned receipt (shadow mode) */
+    issuer_certification?: 'scopeblind:verified' | 'self-signed' | 'uncertified';
 }
 interface SwarmContext {
     /** Team name from CLAUDE_CODE_TEAM_NAME env var */
@@ -539,6 +546,45 @@ interface CedarPolicySet {
     /** Filenames loaded */
     files: string[];
 }
+interface CedarEvalRequest {
+    /** Tool name being called */
+    tool: string;
+    /** Trust tier of the agent */
+    tier: TrustTier;
+    /** Agent ID (optional) */
+    agentId?: string;
+    /** Additional context fields */
+    context?: Record<string, unknown>;
+    /** Tool input (for schema-validated evaluation) */
+    toolInput?: Record<string, unknown>;
+}
+/** Cedar schema for typed policy evaluation (generated by cedar-schema.ts) */
+interface CedarSchema {
+    /** The schema as a JSON object for Cedar WASM */
+    schemaJson: Record<string, unknown> | null;
+    /** Namespace used in the schema */
+    namespace?: string;
+}
+/**
+ * Load all .cedar files from a directory and return a compiled policy set.
+ *
+ * Files are sorted alphabetically for deterministic digest computation.
+ * Throws if the directory doesn't exist or contains no .cedar files.
+ */
+declare function loadCedarPolicies(dirPath: string): CedarPolicySet;
+/**
+ * Evaluate a Cedar policy set against a tool call.
+ *
+ * Returns a standard ExternalDecision compatible with the gateway's
+ * decision pipeline. If Cedar WASM is not available, returns a
+ * fallback allow decision (fail-open, logged).
+ */
+declare function evaluateCedar(policySet: CedarPolicySet, req: CedarEvalRequest, schema?: CedarSchema): Promise<ExternalDecision>;
+/**
+ * Validate that Cedar WASM is available.
+ * Useful for CLI startup diagnostics.
+ */
+declare function isCedarAvailable(): Promise<boolean>;
 
 /**
  * MCP tool-calling gateway that intercepts JSON-RPC requests,
@@ -1313,6 +1359,84 @@ declare function validateManifest(manifest: unknown): string[];
  */
 declare function validateEvidenceReceipt(receipt: unknown): string[];
 
+/**
+ * @scopeblind/protect-mcp — Cedar Schema Generator for MCP Tools
+ *
+ * Auto-generates a Cedar authorization schema from MCP tool descriptions.
+ * This enables typed Cedar policies that reference tool input attributes:
+ *
+ *   permit(principal, action == Action::"read_file", resource)
+ *   when { context.input.path like "./workspace/*" };
+ *
+ * Compatible with cedar-policy/cedar-for-agents schema format.
+ * Designed to replace `schema: null` in Cedar WASM evaluations.
+ *
+ * @see https://github.com/cedar-policy/cedar-for-agents
+ * @standard RFC 8785 (JCS), Cedar Policy Language v4
+ */
+/** MCP tool description from tools/list response */
+interface McpToolDescription {
+    name: string;
+    description?: string;
+    inputSchema?: JsonSchema;
+}
+/** Subset of JSON Schema that MCP tools use */
+interface JsonSchema {
+    type?: string | string[];
+    properties?: Record<string, JsonSchema>;
+    required?: string[];
+    items?: JsonSchema;
+    enum?: (string | number | boolean)[];
+    format?: string;
+    description?: string;
+    additionalProperties?: boolean | JsonSchema;
+    anyOf?: JsonSchema[];
+    oneOf?: JsonSchema[];
+}
+/** Generated Cedar schema components */
+interface CedarSchemaResult {
+    /** The .cedarschema text (human-readable Cedar schema format) */
+    schemaText: string;
+    /** The schema as a JSON object (for passing to Cedar WASM) */
+    schemaJson: Record<string, unknown>;
+    /** Number of tools mapped */
+    toolCount: number;
+    /** Tool names included */
+    tools: string[];
+}
+interface SchemaGeneratorConfig {
+    /** Namespace for generated types (default: "ScopeBlind") */
+    namespace?: string;
+    /** Include agent tier as principal attribute (default: true) */
+    includeTier?: boolean;
+    /** Include timestamp context (default: true) */
+    includeTimestamp?: boolean;
+    /** Include agent_id as principal attribute (default: true) */
+    includeAgentId?: boolean;
+}
+/**
+ * Generate a Cedar schema from MCP tool descriptions.
+ *
+ * Produces both human-readable .cedarschema text and the JSON
+ * representation that Cedar WASM accepts.
+ *
+ * The generated schema defines:
+ * - Agent entity type (principal) with tier and agent_id attributes
+ * - Tool entity type (resource)
+ * - One action per MCP tool, with typed input context
+ * - A parent action "MCP::Tool::call" for blanket policies
+ *
+ * This enables policies like:
+ *   forbid(principal, action == Action::"execute_command", resource)
+ *   when { context.input has "command" && context.input.command like "rm *" };
+ */
+declare function generateCedarSchema(tools: McpToolDescription[], config?: SchemaGeneratorConfig): CedarSchemaResult;
+/**
+ * Generate a Cedar schema stub file for customization.
+ * This is the starting point for users who want to extend the auto-generated schema.
+ */
+declare function generateSchemaStub(namespace?: string): string;
+
 /**
  * Sigstore Rekor Transparency Log Anchoring
  *
@@ -2639,4 +2763,4 @@ declare function confidentialInference(_prompt: string, _config: ConfidentialInf
     receipt: Record<string, unknown>;
 }>;
 
-export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, ed25519ToDIDKey, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };
+export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type CedarEvalRequest, type CedarPolicySet, type CedarSchema, type CedarSchemaResult, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type McpToolDescription, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SchemaGeneratorConfig, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, ed25519ToDIDKey, evaluateCedar, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateCedarSchema, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, generateSchemaStub, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isCedarAvailable, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadCedarPolicies, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };