protect-mcp 0.5.3 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -0
- package/dist/{chunk-HFM6K7E4.mjs → chunk-FAELTNS7.mjs} +1 -1
- package/dist/{chunk-SU2FZH7U.mjs → chunk-J6L4XCTE.mjs} +1 -1
- package/dist/cli.js +1 -1
- package/dist/demo-server.js +1 -1
- package/dist/demo-server.mjs +1 -1
- package/dist/hook-server.js +1 -1
- package/dist/hook-server.mjs +1 -1
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +2 -2
- package/dist/index.mjs +2 -2
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -16,6 +16,14 @@ npx protect-mcp serve
|
|
|
16
16
|
|
|
17
17
|
Open Claude Code in the same project. Every tool call is now intercepted, evaluated, and signed.
|
|
18
18
|
|
|
19
|
+
To also connect to the ScopeBlind dashboard in one step:
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
npx protect-mcp quickstart --connect
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
Creates a free ScopeBlind dashboard and configures receipt upload automatically. No signup required. Free up to 20,000 receipts/month.
|
|
26
|
+
|
|
19
27
|
### What `init-hooks` creates
|
|
20
28
|
|
|
21
29
|
| File | Purpose |
|
|
@@ -209,6 +217,7 @@ Commands:
|
|
|
209
217
|
serve Start HTTP hook server for Claude Code (port 9377)
|
|
210
218
|
init-hooks Generate Claude Code hook config + skill + sample Cedar policy
|
|
211
219
|
quickstart Zero-config onboarding: init + demo + show receipts
|
|
220
|
+
connect Link to ScopeBlind dashboard (creates sandbox if needed)
|
|
212
221
|
init Generate Ed25519 keypair + config template
|
|
213
222
|
demo Start a demo server wrapped with protect-mcp
|
|
214
223
|
doctor Check your setup: keys, policies, verifier, connectivity
|
|
@@ -246,6 +255,19 @@ npx protect-mcp bundle --output audit.json
|
|
|
246
255
|
|
|
247
256
|
Self-contained offline-verifiable bundle with receipts + signing keys. Verify with `npx @veritasacta/verify`.
|
|
248
257
|
|
|
258
|
+
## Dashboard
|
|
259
|
+
|
|
260
|
+
protect-mcp works fully offline. Optionally connect to the ScopeBlind dashboard for:
|
|
261
|
+
|
|
262
|
+
- Real-time receipt visualization
|
|
263
|
+
- Abuse alerts and anomaly detection
|
|
264
|
+
- Compliance export and audit bundles
|
|
265
|
+
- Usage analytics
|
|
266
|
+
|
|
267
|
+
Free tier: 20,000 receipts/month. No credit card required.
|
|
268
|
+
|
|
269
|
+
[scopeblind.com/pricing](https://scopeblind.com/pricing)
|
|
270
|
+
|
|
249
271
|
## Standards & IP
|
|
250
272
|
|
|
251
273
|
- **IETF Internet-Draft**: [draft-farley-acta-signed-receipts-01](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/) — Signed Decision Receipts for Machine-to-Machine Access Control
|
|
@@ -253,6 +275,17 @@ Self-contained offline-verifiable bundle with receipts + signing keys. Verify wi
|
|
|
253
275
|
- **Verification**: Apache-2.0 — `npx @veritasacta/verify --self-test`
|
|
254
276
|
- **Microsoft AGT Integration**: [PR #667](https://github.com/microsoft/agent-governance-toolkit/pull/667) — Cedar policy bridge for Agent Governance Toolkit
|
|
255
277
|
|
|
278
|
+
## What's New in v0.5.3
|
|
279
|
+
|
|
280
|
+
- `quickstart --connect`: Auto-create dashboard sandbox and configure receipt upload
|
|
281
|
+
- `connect` subcommand: Link an existing setup to the ScopeBlind dashboard
|
|
282
|
+
- Anonymous install telemetry (opt-out: `PROTECT_MCP_TELEMETRY=off`)
|
|
283
|
+
- Improved Cedar WASM detection
|
|
284
|
+
|
|
285
|
+
## Examples
|
|
286
|
+
|
|
287
|
+
See complete working examples at [github.com/ScopeBlind/examples](https://github.com/ScopeBlind/examples).
|
|
288
|
+
|
|
256
289
|
## License
|
|
257
290
|
|
|
258
291
|
MIT — free to use, modify, distribute, and build upon without restriction.
|
|
@@ -700,7 +700,7 @@ async function startHookServer(options = {}) {
|
|
|
700
700
|
`);
|
|
701
701
|
process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
|
|
702
702
|
`);
|
|
703
|
-
process.stderr.write(`[PROTECT_MCP] \u2502 protect-mcp Hook Server v0.5.
|
|
703
|
+
process.stderr.write(`[PROTECT_MCP] \u2502 protect-mcp Hook Server v0.5.3 \u2502
|
|
704
704
|
`);
|
|
705
705
|
process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
|
|
706
706
|
`);
|
|
@@ -35049,7 +35049,7 @@ function handleRequest(request) {
|
|
|
35049
35049
|
id: request.id,
|
|
35050
35050
|
result: {
|
|
35051
35051
|
protocolVersion: "2024-11-05",
|
|
35052
|
-
serverInfo: { name: "protect-mcp-demo", version: "0.
|
|
35052
|
+
serverInfo: { name: "protect-mcp-demo", version: "0.5.3" },
|
|
35053
35053
|
capabilities: { tools: {} }
|
|
35054
35054
|
}
|
|
35055
35055
|
});
|
package/dist/cli.js
CHANGED
|
@@ -5451,7 +5451,7 @@ async function startHookServer(options = {}) {
|
|
|
5451
5451
|
`);
|
|
5452
5452
|
process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
|
|
5453
5453
|
`);
|
|
5454
|
-
process.stderr.write(`[PROTECT_MCP] \u2502 protect-mcp Hook Server v0.5.
|
|
5454
|
+
process.stderr.write(`[PROTECT_MCP] \u2502 protect-mcp Hook Server v0.5.3 \u2502
|
|
5455
5455
|
`);
|
|
5456
5456
|
process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
|
|
5457
5457
|
`);
|
package/dist/demo-server.js
CHANGED
|
@@ -35073,7 +35073,7 @@ function handleRequest(request) {
|
|
|
35073
35073
|
id: request.id,
|
|
35074
35074
|
result: {
|
|
35075
35075
|
protocolVersion: "2024-11-05",
|
|
35076
|
-
serverInfo: { name: "protect-mcp-demo", version: "0.
|
|
35076
|
+
serverInfo: { name: "protect-mcp-demo", version: "0.5.3" },
|
|
35077
35077
|
capabilities: { tools: {} }
|
|
35078
35078
|
}
|
|
35079
35079
|
});
|
package/dist/demo-server.mjs
CHANGED
package/dist/hook-server.js
CHANGED
|
@@ -1101,7 +1101,7 @@ async function startHookServer(options = {}) {
|
|
|
1101
1101
|
`);
|
|
1102
1102
|
process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
|
|
1103
1103
|
`);
|
|
1104
|
-
process.stderr.write(`[PROTECT_MCP] \u2502 protect-mcp Hook Server v0.5.
|
|
1104
|
+
process.stderr.write(`[PROTECT_MCP] \u2502 protect-mcp Hook Server v0.5.3 \u2502
|
|
1105
1105
|
`);
|
|
1106
1106
|
process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
|
|
1107
1107
|
`);
|
package/dist/hook-server.mjs
CHANGED
package/dist/index.d.mts
CHANGED
|
@@ -2289,7 +2289,7 @@ declare function createAttestationField(attestation: EvidenceAttestation): {
|
|
|
2289
2289
|
* // Create a C2PA manifest from an Acta receipt chain
|
|
2290
2290
|
* const manifest = createC2PAManifest(receipts, {
|
|
2291
2291
|
* title: 'AI-generated report',
|
|
2292
|
-
* generator: 'protect-mcp v0.
|
|
2292
|
+
* generator: 'protect-mcp v0.5.3',
|
|
2293
2293
|
* });
|
|
2294
2294
|
*
|
|
2295
2295
|
* // The manifest can be embedded in images, PDFs, or documents
|
package/dist/index.d.ts
CHANGED
|
@@ -2289,7 +2289,7 @@ declare function createAttestationField(attestation: EvidenceAttestation): {
|
|
|
2289
2289
|
* // Create a C2PA manifest from an Acta receipt chain
|
|
2290
2290
|
* const manifest = createC2PAManifest(receipts, {
|
|
2291
2291
|
* title: 'AI-generated report',
|
|
2292
|
-
* generator: 'protect-mcp v0.
|
|
2292
|
+
* generator: 'protect-mcp v0.5.3',
|
|
2293
2293
|
* });
|
|
2294
2294
|
*
|
|
2295
2295
|
* // The manifest can be embedded in images, PDFs, or documents
|
package/dist/index.js
CHANGED
|
@@ -37966,7 +37966,7 @@ async function startHookServer(options = {}) {
|
|
|
37966
37966
|
`);
|
|
37967
37967
|
process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
|
|
37968
37968
|
`);
|
|
37969
|
-
process.stderr.write(`[PROTECT_MCP] \u2502 protect-mcp Hook Server v0.5.
|
|
37969
|
+
process.stderr.write(`[PROTECT_MCP] \u2502 protect-mcp Hook Server v0.5.3 \u2502
|
|
37970
37970
|
`);
|
|
37971
37971
|
process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
|
|
37972
37972
|
`);
|
|
@@ -39961,7 +39961,7 @@ function handleRequest(request) {
|
|
|
39961
39961
|
id: request.id,
|
|
39962
39962
|
result: {
|
|
39963
39963
|
protocolVersion: "2024-11-05",
|
|
39964
|
-
serverInfo: { name: "protect-mcp-demo", version: "0.
|
|
39964
|
+
serverInfo: { name: "protect-mcp-demo", version: "0.5.3" },
|
|
39965
39965
|
capabilities: { tools: {} }
|
|
39966
39966
|
}
|
|
39967
39967
|
});
|
package/dist/index.mjs
CHANGED
|
@@ -21,7 +21,7 @@ import {
|
|
|
21
21
|
} from "./chunk-BYYWYSHM.mjs";
|
|
22
22
|
import {
|
|
23
23
|
createSandboxServer
|
|
24
|
-
} from "./chunk-
|
|
24
|
+
} from "./chunk-J6L4XCTE.mjs";
|
|
25
25
|
import {
|
|
26
26
|
BUILTIN_PATTERNS,
|
|
27
27
|
generateHookSettings,
|
|
@@ -30,7 +30,7 @@ import {
|
|
|
30
30
|
} from "./chunk-NMZPXXL3.mjs";
|
|
31
31
|
import {
|
|
32
32
|
startHookServer
|
|
33
|
-
} from "./chunk-
|
|
33
|
+
} from "./chunk-FAELTNS7.mjs";
|
|
34
34
|
import {
|
|
35
35
|
checkRateLimit,
|
|
36
36
|
evaluateCedar,
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "protect-mcp",
|
|
3
|
-
"version": "0.5.
|
|
4
|
-
"mcpName": "
|
|
3
|
+
"version": "0.5.4",
|
|
4
|
+
"mcpName": "com.scopeblind/protect-mcp",
|
|
5
5
|
"description": "Enterprise security gateway for MCP servers and Claude Code hooks. Cedar policies, Ed25519-signed receipts, swarm tracking, and tamper detection. Shadow or enforce mode.",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|