protect-mcp 0.5.2 → 0.5.3

package/README.md

@@ -248,9 +248,9 @@ Self-contained offline-verifiable bundle with receipts + signing keys. Verify wi
 
 ## Standards & IP
 
-- **IETF Internet-Draft**: [draft-farley-acta-signed-receipts-00](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/) — Signed Decision Receipts for Machine-to-Machine Access Control
+- **IETF Internet-Draft**: [draft-farley-acta-signed-receipts-01](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/) — Signed Decision Receipts for Machine-to-Machine Access Control
 - **Patent Status**: 4 Australian provisional patents pending (2025-2026) covering decision receipts with configurable disclosure, tool-calling gateway, agent manifests, and portable identity
-- **Verification**: MIT-licensed — `npx @veritasacta/verify --self-test`
+- **Verification**: Apache-2.0 — `npx @veritasacta/verify --self-test`
 - **Microsoft AGT Integration**: [PR #667](https://github.com/microsoft/agent-governance-toolkit/pull/667) — Cedar policy bridge for Agent Governance Toolkit
 
 ## License

package/dist/{chunk-IWDR5WU3.mjs → chunk-BYYWYSHM.mjs}

@@ -7,7 +7,7 @@ import {
   parseRateLimit,
   signDecision,
   startStatusServer
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/evidence-store.ts
 import { readFileSync, writeFileSync, existsSync } from "fs";

package/dist/{chunk-W4U5VNEC.mjs → chunk-GQWJCHQV.mjs}

@@ -1,11 +1,11 @@
 import {
   meetsMinTier
-} from "./chunk-IWDR5WU3.mjs";
+} from "./chunk-BYYWYSHM.mjs";
 import {
   checkRateLimit,
   getToolPolicy,
   parseRateLimit
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/simulate.ts
 import { readFileSync } from "fs";

package/dist/{chunk-Q4KOQUKV.mjs → chunk-HFM6K7E4.mjs}

@@ -11,7 +11,7 @@ import {
   loadPolicy,
   parseRateLimit,
   signDecision
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/hook-server.ts
 import { createServer } from "http";

package/dist/{chunk-UEHLYOJY.mjs → chunk-NMZPXXL3.mjs}

@@ -272,6 +272,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**

package/dist/{chunk-N4F76LTC.mjs → chunk-YTBC72JJ.mjs}

@@ -130,7 +130,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -138,6 +145,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,

package/dist/cli.js

@@ -411,7 +411,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -419,6 +426,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,
@@ -4544,6 +4557,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**
@@ -6051,6 +6066,7 @@ function formatSimulation(summary) {
 
 // src/cli.ts
 init_cedar_evaluator();
+var import_meta = {};
 function printHelp() {
   process.stderr.write(`
 protect-mcp \u2014 Enterprise security gateway for MCP servers & Claude Code hooks
@@ -6059,7 +6075,8 @@ Usage:
   protect-mcp [options] -- <command> [args...]
   protect-mcp serve [--port <port>] [--enforce] [--policy <path>] [--cedar <dir>]
   protect-mcp init-hooks [--dir <path>] [--port <port>]
-  protect-mcp quickstart
+  protect-mcp quickstart [--connect]
+  protect-mcp connect
   protect-mcp init [--dir <path>]
   protect-mcp demo
   protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]
@@ -6084,6 +6101,7 @@ Commands:
   serve             Start HTTP hook server for Claude Code integration (port 9377)
   init-hooks        Generate Claude Code hook config + skill + sample Cedar policy
   quickstart        Zero-config onboarding: init + demo + show receipts in one command
+  connect           Create a ScopeBlind sandbox dashboard and configure receipt upload
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
   doctor            Check your setup: keys, policies, verifier, API connectivity
@@ -6098,6 +6116,8 @@ Examples:
   protect-mcp serve --enforce --cedar ./cedar  # Enforce Cedar policies
   protect-mcp init-hooks                       # One-command Claude Code setup
   protect-mcp quickstart
+  protect-mcp quickstart --connect               # Quickstart + create dashboard
+  protect-mcp connect                             # Connect existing setup to dashboard
   protect-mcp -- node my-server.js
   protect-mcp init
   protect-mcp demo
@@ -6679,7 +6699,83 @@ ${bold("protect-mcp bundle")}
 
 `);
 }
-async function handleQuickstart() {
+async function createSandbox() {
+  const { mkdirSync, writeFileSync: writeFileSync2, existsSync: existsSync7, readFileSync: readFileSync9 } = await import("fs");
+  const { join: join6 } = await import("path");
+  const { homedir } = await import("os");
+  let response;
+  try {
+    response = await fetch("https://api.scopeblind.com/sandbox/create", { method: "POST" });
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  if (!response.ok) {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  let data;
+  try {
+    data = await response.json();
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (unexpected response).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  const dashboardUrl = `https://scopeblind.com/t/${data.slug}`;
+  const configDir = join6(homedir(), ".protect-mcp");
+  if (!existsSync7(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const configPath = join6(configDir, "config.json");
+  let existing = {};
+  if (existsSync7(configPath)) {
+    try {
+      existing = JSON.parse(readFileSync9(configPath, "utf-8"));
+    } catch {
+    }
+  }
+  writeFileSync2(configPath, JSON.stringify({
+    ...existing,
+    sandbox_slug: data.slug,
+    dashboard_url: dashboardUrl
+  }, null, 2) + "\n");
+  return dashboardUrl;
+}
+async function handleConnect() {
+  process.stderr.write(`
+${bold("protect-mcp connect")}
+`);
+  process.stderr.write(`${"\u2500".repeat(50)}
+
+`);
+  process.stderr.write(`  Creating ScopeBlind sandbox dashboard...
+
+`);
+  const dashboardUrl = await createSandbox();
+  if (dashboardUrl) {
+    process.stderr.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+    process.stderr.write(`    Receipts will be uploaded automatically.
+`);
+    process.stderr.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+    process.stderr.write(`
+${"\u2500".repeat(50)}
+
+`);
+  }
+}
+async function handleQuickstart(argv) {
+  const connectFlag = argv.includes("--connect");
   const { mkdtempSync, writeFileSync: writeFileSync2, existsSync: existsSync7, mkdirSync, readFileSync: readFileSync9 } = await import("fs");
   const { join: join6 } = await import("path");
   const { tmpdir } = await import("os");
@@ -6699,9 +6795,13 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  3. Start a demo MCP server with protect-mcp wrapping it
 `);
   process.stdout.write(`  4. Log signed receipts for every tool call
-
 `);
-  process.stdout.write(`  Working dir: ${dir}
+  if (connectFlag) {
+    process.stdout.write(`  5. Create a ScopeBlind dashboard for receipt viewing
+`);
+  }
+  process.stdout.write(`
+  Working dir: ${dir}
 
 `);
   const keysDir = join6(dir, "keys");
@@ -6752,6 +6852,24 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  \u2713 Signing enabled (Ed25519)
 
 `);
+  if (connectFlag) {
+    process.stdout.write(`${bold("Connecting to ScopeBlind dashboard...")}
+
+`);
+    const dashboardUrl = await createSandbox();
+    if (dashboardUrl) {
+      const updatedConfig = { ...config, dashboard_url: dashboardUrl };
+      writeFileSync2(configPath, JSON.stringify(updatedConfig, null, 2) + "\n");
+      process.stdout.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+      process.stdout.write(`    Receipts will be uploaded automatically.
+`);
+      process.stdout.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+      process.stdout.write(`
+`);
+    }
+  }
   process.stdout.write(`${bold("Starting demo server...")}
 
 `);
@@ -7153,7 +7271,55 @@ ${bold("protect-mcp init-hooks")}
 
 `);
 }
+async function sendInstallTelemetry() {
+  try {
+    const { existsSync: existsSync7, mkdirSync, writeFileSync: writeFileSync2, readFileSync: readFileSync9 } = await import("fs");
+    const { join: join6, dirname } = await import("path");
+    const { homedir } = await import("os");
+    const { fileURLToPath } = await import("url");
+    const markerDir = join6(homedir(), ".protect-mcp");
+    const markerFile = join6(markerDir, ".telemetry-sent");
+    if (existsSync7(markerFile) || process.env.PROTECT_MCP_TELEMETRY === "off") {
+      return;
+    }
+    let version = "unknown";
+    try {
+      const thisDir = dirname(fileURLToPath(import_meta.url));
+      const pkgPath = join6(thisDir, "..", "package.json");
+      if (existsSync7(pkgPath)) {
+        version = JSON.parse(readFileSync9(pkgPath, "utf-8")).version;
+      }
+    } catch {
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 3e3);
+    fetch("https://api.scopeblind.com/telemetry/install", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        package: "protect-mcp",
+        version,
+        os: process.platform,
+        arch: process.arch,
+        node: process.version,
+        ts: Date.now()
+      }),
+      signal: controller.signal
+    }).catch(() => {
+    }).finally(() => clearTimeout(timeout));
+    if (!existsSync7(markerDir)) {
+      mkdirSync(markerDir, { recursive: true });
+    }
+    writeFileSync2(markerFile, String(Date.now()), "utf-8");
+    process.stderr.write(
+      "[protect-mcp] Anonymous install telemetry sent (disable: PROTECT_MCP_TELEMETRY=off)\n"
+    );
+  } catch {
+  }
+}
 async function main() {
+  sendInstallTelemetry().catch(() => {
+  });
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
     printHelp();
@@ -7181,9 +7347,13 @@ async function main() {
     process.exit(0);
   }
   if (args[0] === "quickstart") {
-    await handleQuickstart();
+    await handleQuickstart(args.slice(1));
     return;
   }
+  if (args[0] === "connect") {
+    await handleConnect();
+    process.exit(0);
+  }
   if (args[0] === "init") {
     await handleInit(args.slice(1));
     process.exit(0);

package/dist/cli.mjs

@@ -3,17 +3,17 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-W4U5VNEC.mjs";
+} from "./chunk-GQWJCHQV.mjs";
 import {
   ProtectGateway,
   validateCredentials
-} from "./chunk-IWDR5WU3.mjs";
+} from "./chunk-BYYWYSHM.mjs";
 import {
   initSigning,
   isCedarAvailable,
   loadCedarPolicies,
   loadPolicy
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 
 // src/cli.ts
@@ -25,7 +25,8 @@ Usage:
   protect-mcp [options] -- <command> [args...]
   protect-mcp serve [--port <port>] [--enforce] [--policy <path>] [--cedar <dir>]
   protect-mcp init-hooks [--dir <path>] [--port <port>]
-  protect-mcp quickstart
+  protect-mcp quickstart [--connect]
+  protect-mcp connect
   protect-mcp init [--dir <path>]
   protect-mcp demo
   protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]
@@ -50,6 +51,7 @@ Commands:
   serve             Start HTTP hook server for Claude Code integration (port 9377)
   init-hooks        Generate Claude Code hook config + skill + sample Cedar policy
   quickstart        Zero-config onboarding: init + demo + show receipts in one command
+  connect           Create a ScopeBlind sandbox dashboard and configure receipt upload
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
   doctor            Check your setup: keys, policies, verifier, API connectivity
@@ -64,6 +66,8 @@ Examples:
   protect-mcp serve --enforce --cedar ./cedar  # Enforce Cedar policies
   protect-mcp init-hooks                       # One-command Claude Code setup
   protect-mcp quickstart
+  protect-mcp quickstart --connect               # Quickstart + create dashboard
+  protect-mcp connect                             # Connect existing setup to dashboard
   protect-mcp -- node my-server.js
   protect-mcp init
   protect-mcp demo
@@ -645,7 +649,83 @@ ${bold("protect-mcp bundle")}
 
 `);
 }
-async function handleQuickstart() {
+async function createSandbox() {
+  const { mkdirSync, writeFileSync, existsSync, readFileSync } = await import("fs");
+  const { join } = await import("path");
+  const { homedir } = await import("os");
+  let response;
+  try {
+    response = await fetch("https://api.scopeblind.com/sandbox/create", { method: "POST" });
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  if (!response.ok) {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  let data;
+  try {
+    data = await response.json();
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (unexpected response).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  const dashboardUrl = `https://scopeblind.com/t/${data.slug}`;
+  const configDir = join(homedir(), ".protect-mcp");
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const configPath = join(configDir, "config.json");
+  let existing = {};
+  if (existsSync(configPath)) {
+    try {
+      existing = JSON.parse(readFileSync(configPath, "utf-8"));
+    } catch {
+    }
+  }
+  writeFileSync(configPath, JSON.stringify({
+    ...existing,
+    sandbox_slug: data.slug,
+    dashboard_url: dashboardUrl
+  }, null, 2) + "\n");
+  return dashboardUrl;
+}
+async function handleConnect() {
+  process.stderr.write(`
+${bold("protect-mcp connect")}
+`);
+  process.stderr.write(`${"\u2500".repeat(50)}
+
+`);
+  process.stderr.write(`  Creating ScopeBlind sandbox dashboard...
+
+`);
+  const dashboardUrl = await createSandbox();
+  if (dashboardUrl) {
+    process.stderr.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+    process.stderr.write(`    Receipts will be uploaded automatically.
+`);
+    process.stderr.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+    process.stderr.write(`
+${"\u2500".repeat(50)}
+
+`);
+  }
+}
+async function handleQuickstart(argv) {
+  const connectFlag = argv.includes("--connect");
   const { mkdtempSync, writeFileSync, existsSync, mkdirSync, readFileSync } = await import("fs");
   const { join } = await import("path");
   const { tmpdir } = await import("os");
@@ -665,9 +745,13 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  3. Start a demo MCP server with protect-mcp wrapping it
 `);
   process.stdout.write(`  4. Log signed receipts for every tool call
-
 `);
-  process.stdout.write(`  Working dir: ${dir}
+  if (connectFlag) {
+    process.stdout.write(`  5. Create a ScopeBlind dashboard for receipt viewing
+`);
+  }
+  process.stdout.write(`
+  Working dir: ${dir}
 
 `);
   const keysDir = join(dir, "keys");
@@ -718,6 +802,24 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  \u2713 Signing enabled (Ed25519)
 
 `);
+  if (connectFlag) {
+    process.stdout.write(`${bold("Connecting to ScopeBlind dashboard...")}
+
+`);
+    const dashboardUrl = await createSandbox();
+    if (dashboardUrl) {
+      const updatedConfig = { ...config, dashboard_url: dashboardUrl };
+      writeFileSync(configPath, JSON.stringify(updatedConfig, null, 2) + "\n");
+      process.stdout.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+      process.stdout.write(`    Receipts will be uploaded automatically.
+`);
+      process.stdout.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+      process.stdout.write(`
+`);
+    }
+  }
   process.stdout.write(`${bold("Starting demo server...")}
 
 `);
@@ -1119,7 +1221,55 @@ ${bold("protect-mcp init-hooks")}
 
 `);
 }
+async function sendInstallTelemetry() {
+  try {
+    const { existsSync, mkdirSync, writeFileSync, readFileSync } = await import("fs");
+    const { join, dirname } = await import("path");
+    const { homedir } = await import("os");
+    const { fileURLToPath } = await import("url");
+    const markerDir = join(homedir(), ".protect-mcp");
+    const markerFile = join(markerDir, ".telemetry-sent");
+    if (existsSync(markerFile) || process.env.PROTECT_MCP_TELEMETRY === "off") {
+      return;
+    }
+    let version = "unknown";
+    try {
+      const thisDir = dirname(fileURLToPath(import.meta.url));
+      const pkgPath = join(thisDir, "..", "package.json");
+      if (existsSync(pkgPath)) {
+        version = JSON.parse(readFileSync(pkgPath, "utf-8")).version;
+      }
+    } catch {
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 3e3);
+    fetch("https://api.scopeblind.com/telemetry/install", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        package: "protect-mcp",
+        version,
+        os: process.platform,
+        arch: process.arch,
+        node: process.version,
+        ts: Date.now()
+      }),
+      signal: controller.signal
+    }).catch(() => {
+    }).finally(() => clearTimeout(timeout));
+    if (!existsSync(markerDir)) {
+      mkdirSync(markerDir, { recursive: true });
+    }
+    writeFileSync(markerFile, String(Date.now()), "utf-8");
+    process.stderr.write(
+      "[protect-mcp] Anonymous install telemetry sent (disable: PROTECT_MCP_TELEMETRY=off)\n"
+    );
+  } catch {
+  }
+}
 async function main() {
+  sendInstallTelemetry().catch(() => {
+  });
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
     printHelp();
@@ -1147,9 +1297,13 @@ async function main() {
     process.exit(0);
   }
   if (args[0] === "quickstart") {
-    await handleQuickstart();
+    await handleQuickstart(args.slice(1));
     return;
   }
+  if (args[0] === "connect") {
+    await handleConnect();
+    process.exit(0);
+  }
   if (args[0] === "init") {
     await handleInit(args.slice(1));
     process.exit(0);
@@ -1282,7 +1436,7 @@ async function main() {
   if (useHttp) {
     const portIdx = args.indexOf("--port");
     const httpPort = portIdx >= 0 && args[portIdx + 1] ? parseInt(args[portIdx + 1]) : 3e3;
-    const { startHttpTransport } = await import("./http-transport-PWCK7JHZ.mjs");
+    const { startHttpTransport } = await import("./http-transport-LNBENGXD.mjs");
     startHttpTransport({ port: httpPort, config, serverCommand: childCommand });
     return;
   }

package/dist/hook-patterns.js

@@ -299,6 +299,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**

package/dist/hook-patterns.mjs

@@ -3,7 +3,7 @@ import {
   generateHookSettings,
   generateSampleCedarPolicy,
   generateVerifyReceiptSkill
-} from "./chunk-UEHLYOJY.mjs";
+} from "./chunk-NMZPXXL3.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 export {
   BUILTIN_PATTERNS,

package/dist/hook-server.js

@@ -257,7 +257,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -265,6 +272,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,

package/dist/hook-server.mjs

@@ -1,7 +1,7 @@
 import {
   startHookServer
-} from "./chunk-Q4KOQUKV.mjs";
-import "./chunk-N4F76LTC.mjs";
+} from "./chunk-HFM6K7E4.mjs";
+import "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 export {
   startHookServer

package/dist/{http-transport-PWCK7JHZ.mjs → http-transport-LNBENGXD.mjs}

@@ -1,7 +1,7 @@
 import {
   ProtectGateway
-} from "./chunk-IWDR5WU3.mjs";
-import "./chunk-N4F76LTC.mjs";
+} from "./chunk-BYYWYSHM.mjs";
+import "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 
 // src/http-transport.ts

package/dist/index.d.mts

@@ -167,6 +167,13 @@ interface DecisionLog {
     plan_receipt_id?: string;
     /** Hook event that triggered this log entry */
     hook_event?: HookEventName;
+    /** IETF specification version — ties every receipt to the standard */
+    spec?: string;
+    /** Issuer certification level:
+     *  - "scopeblind:verified" = VOPRF-backed issuance (paid tier)
+     *  - "self-signed"         = local Ed25519 key (free tier, protect-mcp default)
+     *  - "uncertified"         = unsigned receipt (shadow mode) */
+    issuer_certification?: 'scopeblind:verified' | 'self-signed' | 'uncertified';
 }
 interface SwarmContext {
     /** Team name from CLAUDE_CODE_TEAM_NAME env var */

package/dist/index.d.ts

@@ -167,6 +167,13 @@ interface DecisionLog {
     plan_receipt_id?: string;
     /** Hook event that triggered this log entry */
     hook_event?: HookEventName;
+    /** IETF specification version — ties every receipt to the standard */
+    spec?: string;
+    /** Issuer certification level:
+     *  - "scopeblind:verified" = VOPRF-backed issuance (paid tier)
+     *  - "self-signed"         = local Ed25519 key (free tier, protect-mcp default)
+     *  - "uncertified"         = unsigned receipt (shadow mode) */
+    issuer_certification?: 'scopeblind:verified' | 'self-signed' | 'uncertified';
 }
 interface SwarmContext {
     /** Team name from CLAUDE_CODE_TEAM_NAME env var */

package/dist/index.js

@@ -35474,7 +35474,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -35482,6 +35489,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,
@@ -38349,6 +38362,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**

package/dist/index.mjs

@@ -6,7 +6,7 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-W4U5VNEC.mjs";
+} from "./chunk-GQWJCHQV.mjs";
 import {
   ProtectGateway,
   buildDecisionContext,
@@ -18,7 +18,7 @@ import {
   resolveCredential,
   sendApprovalNotification,
   validateCredentials
-} from "./chunk-IWDR5WU3.mjs";
+} from "./chunk-BYYWYSHM.mjs";
 import {
   createSandboxServer
 } from "./chunk-SU2FZH7U.mjs";
@@ -27,10 +27,10 @@ import {
   generateHookSettings,
   generateSampleCedarPolicy,
   generateVerifyReceiptSkill
-} from "./chunk-UEHLYOJY.mjs";
+} from "./chunk-NMZPXXL3.mjs";
 import {
   startHookServer
-} from "./chunk-Q4KOQUKV.mjs";
+} from "./chunk-HFM6K7E4.mjs";
 import {
   checkRateLimit,
   evaluateCedar,
@@ -43,7 +43,7 @@ import {
   loadPolicy,
   parseRateLimit,
   signDecision
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 import {
   collectSignedReceipts,
   createAuditBundle

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "protect-mcp",
-  "version": "0.5.2",
+  "version": "0.5.3",
   "mcpName": "io.github.tomjwxf/protect-mcp",
   "description": "Enterprise security gateway for MCP servers and Claude Code hooks. Cedar policies, Ed25519-signed receipts, swarm tracking, and tamper detection. Shadow or enforce mode.",
   "main": "dist/index.js",
@@ -53,7 +53,7 @@
   ],
   "author": "Tom Farley <tommy@scopeblind.com>",
   "license": "MIT",
-  "homepage": "https://www.scopeblind.com",
+  "homepage": "https://scopeblind.com",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/scopeblind/scopeblind-gateway.git"

package/policies/cedar/secrets-detection.cedar

@@ -0,0 +1,113 @@
+// ============================================================
+// Secrets & Credential Protection — Cedar Edition
+//
+// Prevents AI agents from reading, writing, or exfiltrating
+// sensitive files (SSH keys, env files, credentials, tokens).
+//
+// Controls: SOC2-CC6.1, SOC2-CC6.7, OWASP-A01, OWASP-A07
+//           MCP-01, MCP-04, NIST-GOVERN-1.1
+// ============================================================
+
+// Block reading SSH private keys
+@id("sb-secrets-001")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.ssh/*"
+};
+
+// Block reading .env files
+@id("sb-secrets-002")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.env*"
+};
+
+// Block reading credential files
+@id("sb-secrets-003")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/credentials*"
+};
+
+// Block reading token files
+@id("sb-secrets-004")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.token*"
+};
+
+// Block reading AWS credentials
+@id("sb-secrets-005")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.aws/*"
+};
+
+// Block writing to sensitive directories
+@id("sb-secrets-006")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"write_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.ssh/*"
+};
+
+// Block exfiltrating files via curl upload
+@id("sb-secrets-007")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"bash"
+)
+when {
+  context has "input" &&
+  context.input has "command" &&
+  context.input.command like "*--upload-file*"
+};
+
+// Block piping secrets to network
+@id("sb-secrets-008")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"bash"
+)
+when {
+  context has "input" &&
+  context.input has "command" &&
+  context.input.command like "*| curl*"
+};