protect-mcp 0.5.2 → 0.5.4

package/README.md

@@ -16,6 +16,14 @@ npx protect-mcp serve
 
 Open Claude Code in the same project. Every tool call is now intercepted, evaluated, and signed.
 
+To also connect to the ScopeBlind dashboard in one step:
+
+```bash
+npx protect-mcp quickstart --connect
+```
+
+Creates a free ScopeBlind dashboard and configures receipt upload automatically. No signup required. Free up to 20,000 receipts/month.
+
 ### What `init-hooks` creates
 
 | File | Purpose |
@@ -209,6 +217,7 @@ Commands:
   serve             Start HTTP hook server for Claude Code (port 9377)
   init-hooks        Generate Claude Code hook config + skill + sample Cedar policy
   quickstart        Zero-config onboarding: init + demo + show receipts
+  connect           Link to ScopeBlind dashboard (creates sandbox if needed)
   init              Generate Ed25519 keypair + config template
   demo              Start a demo server wrapped with protect-mcp
   doctor            Check your setup: keys, policies, verifier, connectivity
@@ -246,13 +255,37 @@ npx protect-mcp bundle --output audit.json
 
 Self-contained offline-verifiable bundle with receipts + signing keys. Verify with `npx @veritasacta/verify`.
 
+## Dashboard
+
+protect-mcp works fully offline. Optionally connect to the ScopeBlind dashboard for:
+
+- Real-time receipt visualization
+- Abuse alerts and anomaly detection
+- Compliance export and audit bundles
+- Usage analytics
+
+Free tier: 20,000 receipts/month. No credit card required.
+
+[scopeblind.com/pricing](https://scopeblind.com/pricing)
+
 ## Standards & IP
 
-- **IETF Internet-Draft**: [draft-farley-acta-signed-receipts-00](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/) — Signed Decision Receipts for Machine-to-Machine Access Control
+- **IETF Internet-Draft**: [draft-farley-acta-signed-receipts-01](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/) — Signed Decision Receipts for Machine-to-Machine Access Control
 - **Patent Status**: 4 Australian provisional patents pending (2025-2026) covering decision receipts with configurable disclosure, tool-calling gateway, agent manifests, and portable identity
-- **Verification**: MIT-licensed — `npx @veritasacta/verify --self-test`
+- **Verification**: Apache-2.0 — `npx @veritasacta/verify --self-test`
 - **Microsoft AGT Integration**: [PR #667](https://github.com/microsoft/agent-governance-toolkit/pull/667) — Cedar policy bridge for Agent Governance Toolkit
 
+## What's New in v0.5.3
+
+- `quickstart --connect`: Auto-create dashboard sandbox and configure receipt upload
+- `connect` subcommand: Link an existing setup to the ScopeBlind dashboard
+- Anonymous install telemetry (opt-out: `PROTECT_MCP_TELEMETRY=off`)
+- Improved Cedar WASM detection
+
+## Examples
+
+See complete working examples at [github.com/ScopeBlind/examples](https://github.com/ScopeBlind/examples).
+
 ## License
 
 MIT — free to use, modify, distribute, and build upon without restriction.

package/dist/{chunk-IWDR5WU3.mjs → chunk-BYYWYSHM.mjs}

@@ -7,7 +7,7 @@ import {
   parseRateLimit,
   signDecision,
   startStatusServer
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/evidence-store.ts
 import { readFileSync, writeFileSync, existsSync } from "fs";

package/dist/{chunk-Q4KOQUKV.mjs → chunk-FAELTNS7.mjs}

@@ -11,7 +11,7 @@ import {
   loadPolicy,
   parseRateLimit,
   signDecision
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/hook-server.ts
 import { createServer } from "http";
@@ -700,7 +700,7 @@ async function startHookServer(options = {}) {
 `);
     process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.0                \u2502
+    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.3                \u2502
 `);
     process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
 `);

package/dist/{chunk-W4U5VNEC.mjs → chunk-GQWJCHQV.mjs}

@@ -1,11 +1,11 @@
 import {
   meetsMinTier
-} from "./chunk-IWDR5WU3.mjs";
+} from "./chunk-BYYWYSHM.mjs";
 import {
   checkRateLimit,
   getToolPolicy,
   parseRateLimit
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 
 // src/simulate.ts
 import { readFileSync } from "fs";

package/dist/{chunk-SU2FZH7U.mjs → chunk-J6L4XCTE.mjs}

@@ -35049,7 +35049,7 @@ function handleRequest(request) {
       id: request.id,
       result: {
         protocolVersion: "2024-11-05",
-        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        serverInfo: { name: "protect-mcp-demo", version: "0.5.3" },
         capabilities: { tools: {} }
       }
     });

package/dist/{chunk-UEHLYOJY.mjs → chunk-NMZPXXL3.mjs}

@@ -272,6 +272,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**

package/dist/{chunk-N4F76LTC.mjs → chunk-YTBC72JJ.mjs}

@@ -130,7 +130,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -138,6 +145,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,

package/dist/cli.js

@@ -411,7 +411,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -419,6 +426,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,
@@ -4544,6 +4557,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**
@@ -5436,7 +5451,7 @@ async function startHookServer(options = {}) {
 `);
     process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.0                \u2502
+    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.3                \u2502
 `);
     process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
 `);
@@ -6051,6 +6066,7 @@ function formatSimulation(summary) {
 
 // src/cli.ts
 init_cedar_evaluator();
+var import_meta = {};
 function printHelp() {
   process.stderr.write(`
 protect-mcp \u2014 Enterprise security gateway for MCP servers & Claude Code hooks
@@ -6059,7 +6075,8 @@ Usage:
   protect-mcp [options] -- <command> [args...]
   protect-mcp serve [--port <port>] [--enforce] [--policy <path>] [--cedar <dir>]
   protect-mcp init-hooks [--dir <path>] [--port <port>]
-  protect-mcp quickstart
+  protect-mcp quickstart [--connect]
+  protect-mcp connect
   protect-mcp init [--dir <path>]
   protect-mcp demo
   protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]
@@ -6084,6 +6101,7 @@ Commands:
   serve             Start HTTP hook server for Claude Code integration (port 9377)
   init-hooks        Generate Claude Code hook config + skill + sample Cedar policy
   quickstart        Zero-config onboarding: init + demo + show receipts in one command
+  connect           Create a ScopeBlind sandbox dashboard and configure receipt upload
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
   doctor            Check your setup: keys, policies, verifier, API connectivity
@@ -6098,6 +6116,8 @@ Examples:
   protect-mcp serve --enforce --cedar ./cedar  # Enforce Cedar policies
   protect-mcp init-hooks                       # One-command Claude Code setup
   protect-mcp quickstart
+  protect-mcp quickstart --connect               # Quickstart + create dashboard
+  protect-mcp connect                             # Connect existing setup to dashboard
   protect-mcp -- node my-server.js
   protect-mcp init
   protect-mcp demo
@@ -6679,7 +6699,83 @@ ${bold("protect-mcp bundle")}
 
 `);
 }
-async function handleQuickstart() {
+async function createSandbox() {
+  const { mkdirSync, writeFileSync: writeFileSync2, existsSync: existsSync7, readFileSync: readFileSync9 } = await import("fs");
+  const { join: join6 } = await import("path");
+  const { homedir } = await import("os");
+  let response;
+  try {
+    response = await fetch("https://api.scopeblind.com/sandbox/create", { method: "POST" });
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  if (!response.ok) {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  let data;
+  try {
+    data = await response.json();
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (unexpected response).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  const dashboardUrl = `https://scopeblind.com/t/${data.slug}`;
+  const configDir = join6(homedir(), ".protect-mcp");
+  if (!existsSync7(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const configPath = join6(configDir, "config.json");
+  let existing = {};
+  if (existsSync7(configPath)) {
+    try {
+      existing = JSON.parse(readFileSync9(configPath, "utf-8"));
+    } catch {
+    }
+  }
+  writeFileSync2(configPath, JSON.stringify({
+    ...existing,
+    sandbox_slug: data.slug,
+    dashboard_url: dashboardUrl
+  }, null, 2) + "\n");
+  return dashboardUrl;
+}
+async function handleConnect() {
+  process.stderr.write(`
+${bold("protect-mcp connect")}
+`);
+  process.stderr.write(`${"\u2500".repeat(50)}
+
+`);
+  process.stderr.write(`  Creating ScopeBlind sandbox dashboard...
+
+`);
+  const dashboardUrl = await createSandbox();
+  if (dashboardUrl) {
+    process.stderr.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+    process.stderr.write(`    Receipts will be uploaded automatically.
+`);
+    process.stderr.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+    process.stderr.write(`
+${"\u2500".repeat(50)}
+
+`);
+  }
+}
+async function handleQuickstart(argv) {
+  const connectFlag = argv.includes("--connect");
   const { mkdtempSync, writeFileSync: writeFileSync2, existsSync: existsSync7, mkdirSync, readFileSync: readFileSync9 } = await import("fs");
   const { join: join6 } = await import("path");
   const { tmpdir } = await import("os");
@@ -6699,9 +6795,13 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  3. Start a demo MCP server with protect-mcp wrapping it
 `);
   process.stdout.write(`  4. Log signed receipts for every tool call
-
 `);
-  process.stdout.write(`  Working dir: ${dir}
+  if (connectFlag) {
+    process.stdout.write(`  5. Create a ScopeBlind dashboard for receipt viewing
+`);
+  }
+  process.stdout.write(`
+  Working dir: ${dir}
 
 `);
   const keysDir = join6(dir, "keys");
@@ -6752,6 +6852,24 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  \u2713 Signing enabled (Ed25519)
 
 `);
+  if (connectFlag) {
+    process.stdout.write(`${bold("Connecting to ScopeBlind dashboard...")}
+
+`);
+    const dashboardUrl = await createSandbox();
+    if (dashboardUrl) {
+      const updatedConfig = { ...config, dashboard_url: dashboardUrl };
+      writeFileSync2(configPath, JSON.stringify(updatedConfig, null, 2) + "\n");
+      process.stdout.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+      process.stdout.write(`    Receipts will be uploaded automatically.
+`);
+      process.stdout.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+      process.stdout.write(`
+`);
+    }
+  }
   process.stdout.write(`${bold("Starting demo server...")}
 
 `);
@@ -7153,7 +7271,55 @@ ${bold("protect-mcp init-hooks")}
 
 `);
 }
+async function sendInstallTelemetry() {
+  try {
+    const { existsSync: existsSync7, mkdirSync, writeFileSync: writeFileSync2, readFileSync: readFileSync9 } = await import("fs");
+    const { join: join6, dirname } = await import("path");
+    const { homedir } = await import("os");
+    const { fileURLToPath } = await import("url");
+    const markerDir = join6(homedir(), ".protect-mcp");
+    const markerFile = join6(markerDir, ".telemetry-sent");
+    if (existsSync7(markerFile) || process.env.PROTECT_MCP_TELEMETRY === "off") {
+      return;
+    }
+    let version = "unknown";
+    try {
+      const thisDir = dirname(fileURLToPath(import_meta.url));
+      const pkgPath = join6(thisDir, "..", "package.json");
+      if (existsSync7(pkgPath)) {
+        version = JSON.parse(readFileSync9(pkgPath, "utf-8")).version;
+      }
+    } catch {
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 3e3);
+    fetch("https://api.scopeblind.com/telemetry/install", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        package: "protect-mcp",
+        version,
+        os: process.platform,
+        arch: process.arch,
+        node: process.version,
+        ts: Date.now()
+      }),
+      signal: controller.signal
+    }).catch(() => {
+    }).finally(() => clearTimeout(timeout));
+    if (!existsSync7(markerDir)) {
+      mkdirSync(markerDir, { recursive: true });
+    }
+    writeFileSync2(markerFile, String(Date.now()), "utf-8");
+    process.stderr.write(
+      "[protect-mcp] Anonymous install telemetry sent (disable: PROTECT_MCP_TELEMETRY=off)\n"
+    );
+  } catch {
+  }
+}
 async function main() {
+  sendInstallTelemetry().catch(() => {
+  });
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
     printHelp();
@@ -7181,9 +7347,13 @@ async function main() {
     process.exit(0);
   }
   if (args[0] === "quickstart") {
-    await handleQuickstart();
+    await handleQuickstart(args.slice(1));
     return;
   }
+  if (args[0] === "connect") {
+    await handleConnect();
+    process.exit(0);
+  }
   if (args[0] === "init") {
     await handleInit(args.slice(1));
     process.exit(0);

package/dist/cli.mjs

@@ -3,17 +3,17 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-W4U5VNEC.mjs";
+} from "./chunk-GQWJCHQV.mjs";
 import {
   ProtectGateway,
   validateCredentials
-} from "./chunk-IWDR5WU3.mjs";
+} from "./chunk-BYYWYSHM.mjs";
 import {
   initSigning,
   isCedarAvailable,
   loadCedarPolicies,
   loadPolicy
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 
 // src/cli.ts
@@ -25,7 +25,8 @@ Usage:
   protect-mcp [options] -- <command> [args...]
   protect-mcp serve [--port <port>] [--enforce] [--policy <path>] [--cedar <dir>]
   protect-mcp init-hooks [--dir <path>] [--port <port>]
-  protect-mcp quickstart
+  protect-mcp quickstart [--connect]
+  protect-mcp connect
   protect-mcp init [--dir <path>]
   protect-mcp demo
   protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]
@@ -50,6 +51,7 @@ Commands:
   serve             Start HTTP hook server for Claude Code integration (port 9377)
   init-hooks        Generate Claude Code hook config + skill + sample Cedar policy
   quickstart        Zero-config onboarding: init + demo + show receipts in one command
+  connect           Create a ScopeBlind sandbox dashboard and configure receipt upload
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
   doctor            Check your setup: keys, policies, verifier, API connectivity
@@ -64,6 +66,8 @@ Examples:
   protect-mcp serve --enforce --cedar ./cedar  # Enforce Cedar policies
   protect-mcp init-hooks                       # One-command Claude Code setup
   protect-mcp quickstart
+  protect-mcp quickstart --connect               # Quickstart + create dashboard
+  protect-mcp connect                             # Connect existing setup to dashboard
   protect-mcp -- node my-server.js
   protect-mcp init
   protect-mcp demo
@@ -645,7 +649,83 @@ ${bold("protect-mcp bundle")}
 
 `);
 }
-async function handleQuickstart() {
+async function createSandbox() {
+  const { mkdirSync, writeFileSync, existsSync, readFileSync } = await import("fs");
+  const { join } = await import("path");
+  const { homedir } = await import("os");
+  let response;
+  try {
+    response = await fetch("https://api.scopeblind.com/sandbox/create", { method: "POST" });
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  if (!response.ok) {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (offline or server unavailable).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  let data;
+  try {
+    data = await response.json();
+  } catch {
+    process.stderr.write(yellow("  \u26A0 Could not create dashboard (unexpected response).\n"));
+    process.stderr.write(`    Run 'npx protect-mcp connect' later to set up the dashboard.
+
+`);
+    return null;
+  }
+  const dashboardUrl = `https://scopeblind.com/t/${data.slug}`;
+  const configDir = join(homedir(), ".protect-mcp");
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
+  }
+  const configPath = join(configDir, "config.json");
+  let existing = {};
+  if (existsSync(configPath)) {
+    try {
+      existing = JSON.parse(readFileSync(configPath, "utf-8"));
+    } catch {
+    }
+  }
+  writeFileSync(configPath, JSON.stringify({
+    ...existing,
+    sandbox_slug: data.slug,
+    dashboard_url: dashboardUrl
+  }, null, 2) + "\n");
+  return dashboardUrl;
+}
+async function handleConnect() {
+  process.stderr.write(`
+${bold("protect-mcp connect")}
+`);
+  process.stderr.write(`${"\u2500".repeat(50)}
+
+`);
+  process.stderr.write(`  Creating ScopeBlind sandbox dashboard...
+
+`);
+  const dashboardUrl = await createSandbox();
+  if (dashboardUrl) {
+    process.stderr.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+    process.stderr.write(`    Receipts will be uploaded automatically.
+`);
+    process.stderr.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+    process.stderr.write(`
+${"\u2500".repeat(50)}
+
+`);
+  }
+}
+async function handleQuickstart(argv) {
+  const connectFlag = argv.includes("--connect");
   const { mkdtempSync, writeFileSync, existsSync, mkdirSync, readFileSync } = await import("fs");
   const { join } = await import("path");
   const { tmpdir } = await import("os");
@@ -665,9 +745,13 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  3. Start a demo MCP server with protect-mcp wrapping it
 `);
   process.stdout.write(`  4. Log signed receipts for every tool call
-
 `);
-  process.stdout.write(`  Working dir: ${dir}
+  if (connectFlag) {
+    process.stdout.write(`  5. Create a ScopeBlind dashboard for receipt viewing
+`);
+  }
+  process.stdout.write(`
+  Working dir: ${dir}
 
 `);
   const keysDir = join(dir, "keys");
@@ -718,6 +802,24 @@ ${bold("protect-mcp quickstart")}
   process.stdout.write(`  \u2713 Signing enabled (Ed25519)
 
 `);
+  if (connectFlag) {
+    process.stdout.write(`${bold("Connecting to ScopeBlind dashboard...")}
+
+`);
+    const dashboardUrl = await createSandbox();
+    if (dashboardUrl) {
+      const updatedConfig = { ...config, dashboard_url: dashboardUrl };
+      writeFileSync(configPath, JSON.stringify(updatedConfig, null, 2) + "\n");
+      process.stdout.write(green(`  \u2713 Dashboard created: ${dashboardUrl}
+`));
+      process.stdout.write(`    Receipts will be uploaded automatically.
+`);
+      process.stdout.write(dim(`    Free tier: 20,000 receipts/month \u2014 no credit card required.
+`));
+      process.stdout.write(`
+`);
+    }
+  }
   process.stdout.write(`${bold("Starting demo server...")}
 
 `);
@@ -1119,7 +1221,55 @@ ${bold("protect-mcp init-hooks")}
 
 `);
 }
+async function sendInstallTelemetry() {
+  try {
+    const { existsSync, mkdirSync, writeFileSync, readFileSync } = await import("fs");
+    const { join, dirname } = await import("path");
+    const { homedir } = await import("os");
+    const { fileURLToPath } = await import("url");
+    const markerDir = join(homedir(), ".protect-mcp");
+    const markerFile = join(markerDir, ".telemetry-sent");
+    if (existsSync(markerFile) || process.env.PROTECT_MCP_TELEMETRY === "off") {
+      return;
+    }
+    let version = "unknown";
+    try {
+      const thisDir = dirname(fileURLToPath(import.meta.url));
+      const pkgPath = join(thisDir, "..", "package.json");
+      if (existsSync(pkgPath)) {
+        version = JSON.parse(readFileSync(pkgPath, "utf-8")).version;
+      }
+    } catch {
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 3e3);
+    fetch("https://api.scopeblind.com/telemetry/install", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        package: "protect-mcp",
+        version,
+        os: process.platform,
+        arch: process.arch,
+        node: process.version,
+        ts: Date.now()
+      }),
+      signal: controller.signal
+    }).catch(() => {
+    }).finally(() => clearTimeout(timeout));
+    if (!existsSync(markerDir)) {
+      mkdirSync(markerDir, { recursive: true });
+    }
+    writeFileSync(markerFile, String(Date.now()), "utf-8");
+    process.stderr.write(
+      "[protect-mcp] Anonymous install telemetry sent (disable: PROTECT_MCP_TELEMETRY=off)\n"
+    );
+  } catch {
+  }
+}
 async function main() {
+  sendInstallTelemetry().catch(() => {
+  });
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
     printHelp();
@@ -1147,9 +1297,13 @@ async function main() {
     process.exit(0);
   }
   if (args[0] === "quickstart") {
-    await handleQuickstart();
+    await handleQuickstart(args.slice(1));
     return;
   }
+  if (args[0] === "connect") {
+    await handleConnect();
+    process.exit(0);
+  }
   if (args[0] === "init") {
     await handleInit(args.slice(1));
     process.exit(0);
@@ -1282,7 +1436,7 @@ async function main() {
   if (useHttp) {
     const portIdx = args.indexOf("--port");
     const httpPort = portIdx >= 0 && args[portIdx + 1] ? parseInt(args[portIdx + 1]) : 3e3;
-    const { startHttpTransport } = await import("./http-transport-PWCK7JHZ.mjs");
+    const { startHttpTransport } = await import("./http-transport-LNBENGXD.mjs");
     startHttpTransport({ port: httpPort, config, serverCommand: childCommand });
     return;
   }

package/dist/demo-server.js

@@ -35073,7 +35073,7 @@ function handleRequest(request) {
       id: request.id,
       result: {
         protocolVersion: "2024-11-05",
-        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        serverInfo: { name: "protect-mcp-demo", version: "0.5.3" },
         capabilities: { tools: {} }
       }
     });

package/dist/demo-server.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   createSandboxServer
-} from "./chunk-SU2FZH7U.mjs";
+} from "./chunk-J6L4XCTE.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 export {
   createSandboxServer

package/dist/hook-patterns.js

@@ -299,6 +299,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**

package/dist/hook-patterns.mjs

@@ -3,7 +3,7 @@ import {
   generateHookSettings,
   generateSampleCedarPolicy,
   generateVerifyReceiptSkill
-} from "./chunk-UEHLYOJY.mjs";
+} from "./chunk-NMZPXXL3.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 export {
   BUILTIN_PATTERNS,

package/dist/hook-server.js

@@ -257,7 +257,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -265,6 +272,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,
@@ -1088,7 +1101,7 @@ async function startHookServer(options = {}) {
 `);
     process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.0                \u2502
+    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.3                \u2502
 `);
     process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
 `);

package/dist/hook-server.mjs

@@ -1,7 +1,7 @@
 import {
   startHookServer
-} from "./chunk-Q4KOQUKV.mjs";
-import "./chunk-N4F76LTC.mjs";
+} from "./chunk-FAELTNS7.mjs";
+import "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 export {
   startHookServer

package/dist/{http-transport-PWCK7JHZ.mjs → http-transport-LNBENGXD.mjs}

@@ -1,7 +1,7 @@
 import {
   ProtectGateway
-} from "./chunk-IWDR5WU3.mjs";
-import "./chunk-N4F76LTC.mjs";
+} from "./chunk-BYYWYSHM.mjs";
+import "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 
 // src/http-transport.ts

package/dist/index.d.mts

@@ -167,6 +167,13 @@ interface DecisionLog {
     plan_receipt_id?: string;
     /** Hook event that triggered this log entry */
     hook_event?: HookEventName;
+    /** IETF specification version — ties every receipt to the standard */
+    spec?: string;
+    /** Issuer certification level:
+     *  - "scopeblind:verified" = VOPRF-backed issuance (paid tier)
+     *  - "self-signed"         = local Ed25519 key (free tier, protect-mcp default)
+     *  - "uncertified"         = unsigned receipt (shadow mode) */
+    issuer_certification?: 'scopeblind:verified' | 'self-signed' | 'uncertified';
 }
 interface SwarmContext {
     /** Team name from CLAUDE_CODE_TEAM_NAME env var */
@@ -2282,7 +2289,7 @@ declare function createAttestationField(attestation: EvidenceAttestation): {
  *   // Create a C2PA manifest from an Acta receipt chain
  *   const manifest = createC2PAManifest(receipts, {
  *     title: 'AI-generated report',
- *     generator: 'protect-mcp v0.3.3',
+ *     generator: 'protect-mcp v0.5.3',
  *   });
  *
  *   // The manifest can be embedded in images, PDFs, or documents

package/dist/index.d.ts

@@ -167,6 +167,13 @@ interface DecisionLog {
     plan_receipt_id?: string;
     /** Hook event that triggered this log entry */
     hook_event?: HookEventName;
+    /** IETF specification version — ties every receipt to the standard */
+    spec?: string;
+    /** Issuer certification level:
+     *  - "scopeblind:verified" = VOPRF-backed issuance (paid tier)
+     *  - "self-signed"         = local Ed25519 key (free tier, protect-mcp default)
+     *  - "uncertified"         = unsigned receipt (shadow mode) */
+    issuer_certification?: 'scopeblind:verified' | 'self-signed' | 'uncertified';
 }
 interface SwarmContext {
     /** Team name from CLAUDE_CODE_TEAM_NAME env var */
@@ -2282,7 +2289,7 @@ declare function createAttestationField(attestation: EvidenceAttestation): {
  *   // Create a C2PA manifest from an Acta receipt chain
  *   const manifest = createC2PAManifest(receipts, {
  *     title: 'AI-generated report',
- *     generator: 'protect-mcp v0.3.3',
+ *     generator: 'protect-mcp v0.5.3',
  *   });
  *
  *   // The manifest can be embedded in images, PDFs, or documents

package/dist/index.js

@@ -35474,7 +35474,14 @@ function signDecision(entry) {
       scope: entry.request_id,
       // request scope
       mode: entry.mode,
-      request_id: entry.request_id
+      request_id: entry.request_id,
+      // Spec version: ties every receipt to the IETF standard
+      spec: "draft-farley-acta-signed-receipts-01",
+      // Issuer certification: distinguishes VOPRF-backed receipts from self-signed ones
+      // - scopeblind:verified  = issued via ScopeBlind VOPRF backend (paid tier)
+      // - self-signed          = signed with local Ed25519 key (free tier, protect-mcp default)
+      // - uncertified          = unsigned receipt (shadow mode, no signing configured)
+      issuer_certification: signerState ? "self-signed" : "uncertified"
     };
     if (entry.tier) payload.tier = entry.tier;
     if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
@@ -35482,6 +35489,12 @@ function signDecision(entry) {
       payload.rate_limit_remaining = entry.rate_limit_remaining;
     }
     if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
+    if (entry.hook_event) payload.hook_event = entry.hook_event;
+    if (entry.sandbox_state) payload.sandbox_state = entry.sandbox_state;
+    if (entry.timing) payload.timing = entry.timing;
+    if (entry.swarm) payload.swarm = entry.swarm;
+    if (entry.payload_digest) payload.payload_digest = entry.payload_digest;
+    if (entry.deny_iteration) payload.deny_iteration = entry.deny_iteration;
     const result = artifactsModule.createSignedArtifact(
       artifactType,
       payload,
@@ -37953,7 +37966,7 @@ async function startHookServer(options = {}) {
 `);
     process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.0                \u2502
+    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.3                \u2502
 `);
     process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
 `);
@@ -38349,6 +38362,8 @@ context: inline
 
 # ScopeBlind Receipt Verification
 
+Every AI agent tool call gets a cryptographic receipt. Verify offline. No vendor trust required.
+
 When the user asks to verify receipts or check the audit trail:
 
 1. **Check for receipt files:**
@@ -39946,7 +39961,7 @@ function handleRequest(request) {
       id: request.id,
       result: {
         protocolVersion: "2024-11-05",
-        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        serverInfo: { name: "protect-mcp-demo", version: "0.5.3" },
         capabilities: { tools: {} }
       }
     });

package/dist/index.mjs

@@ -6,7 +6,7 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-W4U5VNEC.mjs";
+} from "./chunk-GQWJCHQV.mjs";
 import {
   ProtectGateway,
   buildDecisionContext,
@@ -18,19 +18,19 @@ import {
   resolveCredential,
   sendApprovalNotification,
   validateCredentials
-} from "./chunk-IWDR5WU3.mjs";
+} from "./chunk-BYYWYSHM.mjs";
 import {
   createSandboxServer
-} from "./chunk-SU2FZH7U.mjs";
+} from "./chunk-J6L4XCTE.mjs";
 import {
   BUILTIN_PATTERNS,
   generateHookSettings,
   generateSampleCedarPolicy,
   generateVerifyReceiptSkill
-} from "./chunk-UEHLYOJY.mjs";
+} from "./chunk-NMZPXXL3.mjs";
 import {
   startHookServer
-} from "./chunk-Q4KOQUKV.mjs";
+} from "./chunk-FAELTNS7.mjs";
 import {
   checkRateLimit,
   evaluateCedar,
@@ -43,7 +43,7 @@ import {
   loadPolicy,
   parseRateLimit,
   signDecision
-} from "./chunk-N4F76LTC.mjs";
+} from "./chunk-YTBC72JJ.mjs";
 import {
   collectSignedReceipts,
   createAuditBundle

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "protect-mcp",
-  "version": "0.5.2",
-  "mcpName": "io.github.tomjwxf/protect-mcp",
+  "version": "0.5.4",
+  "mcpName": "com.scopeblind/protect-mcp",
   "description": "Enterprise security gateway for MCP servers and Claude Code hooks. Cedar policies, Ed25519-signed receipts, swarm tracking, and tamper detection. Shadow or enforce mode.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -53,7 +53,7 @@
   ],
   "author": "Tom Farley <tommy@scopeblind.com>",
   "license": "MIT",
-  "homepage": "https://www.scopeblind.com",
+  "homepage": "https://scopeblind.com",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/scopeblind/scopeblind-gateway.git"

package/policies/cedar/secrets-detection.cedar

@@ -0,0 +1,113 @@
+// ============================================================
+// Secrets & Credential Protection — Cedar Edition
+//
+// Prevents AI agents from reading, writing, or exfiltrating
+// sensitive files (SSH keys, env files, credentials, tokens).
+//
+// Controls: SOC2-CC6.1, SOC2-CC6.7, OWASP-A01, OWASP-A07
+//           MCP-01, MCP-04, NIST-GOVERN-1.1
+// ============================================================
+
+// Block reading SSH private keys
+@id("sb-secrets-001")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.ssh/*"
+};
+
+// Block reading .env files
+@id("sb-secrets-002")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.env*"
+};
+
+// Block reading credential files
+@id("sb-secrets-003")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/credentials*"
+};
+
+// Block reading token files
+@id("sb-secrets-004")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.token*"
+};
+
+// Block reading AWS credentials
+@id("sb-secrets-005")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"read_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.aws/*"
+};
+
+// Block writing to sensitive directories
+@id("sb-secrets-006")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"write_file"
+)
+when {
+  context has "input" &&
+  context.input has "path" &&
+  context.input.path like "*/.ssh/*"
+};
+
+// Block exfiltrating files via curl upload
+@id("sb-secrets-007")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"bash"
+)
+when {
+  context has "input" &&
+  context.input has "command" &&
+  context.input.command like "*--upload-file*"
+};
+
+// Block piping secrets to network
+@id("sb-secrets-008")
+forbid (
+  principal,
+  action == Action::"MCP::Tool::call",
+  resource == Tool::"bash"
+)
+when {
+  context has "input" &&
+  context.input has "command" &&
+  context.input.command like "*| curl*"
+};