protect-mcp 0.5.4 → 0.6.0

package/dist/hook-server.js

@@ -1097,48 +1097,53 @@ async function startHookServer(options = {}) {
     }));
   });
   server.listen(port, "127.0.0.1", () => {
-    process.stderr.write(`
+    const w = (s) => process.stderr.write(s);
+    const pad = (s, n = 46) => s.padEnd(n);
+    w(`
 `);
-    process.stderr.write(`[PROTECT_MCP] \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
+    w(`  protect-mcp v0.5.4
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  protect-mcp Hook Server v0.5.3                \u2502
+    w(`  ScopeBlind \u2014 https://scopeblind.com
 `);
-    process.stderr.write(`[PROTECT_MCP] \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
+    w(`
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  Listening:  http://127.0.0.1:${String(port).padEnd(5)}             \u2502
+    w(`  Listening     http://127.0.0.1:${port}
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  Mode:       ${(enforce ? "enforce" : "shadow").padEnd(36)}\u2502
+    w(`  Mode          ${enforce ? "enforce" : "shadow"}
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  Policy:     ${(cedarPolicies ? `Cedar (${cedarPolicies.fileCount} files)` : jsonPolicy ? "JSON" : "none").padEnd(36)}\u2502
+    w(`  Policy        ${cedarPolicies ? `Cedar (${cedarPolicies.fileCount} files)` : jsonPolicy ? "JSON" : "none"}
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  Signing:    ${(isSigningEnabled() ? "Ed25519 \u2713" : "disabled").padEnd(36)}\u2502
+    w(`  Signing       ${isSigningEnabled() ? "Ed25519" : "disabled"}
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  Swarm:      ${(state.swarmContext.team_name ? `${state.swarmContext.team_name} (${state.swarmContext.agent_type})` : "standalone").padEnd(36)}\u2502
+    if (state.swarmContext.team_name) {
+      w(`  Swarm         ${state.swarmContext.team_name} (${state.swarmContext.agent_type})
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2502  Sandbox:    ${detectSandboxState().padEnd(36)}\u2502
+    }
+    w(`
 `);
-    process.stderr.write(`[PROTECT_MCP] \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518
+    w(`  POST /hook         Hook receiver
 `);
-    process.stderr.write(`
+    w(`  GET  /health       Health + signer info
 `);
-    process.stderr.write(`[PROTECT_MCP] Endpoints:
+    w(`  GET  /receipts     Signed receipts
 `);
-    process.stderr.write(`  POST /hook           \u2014 Claude Code hook receiver
+    w(`  GET  /suggestions  Cedar policy suggestions
 `);
-    process.stderr.write(`  GET  /health         \u2014 Health check + signer info
+    w(`
 `);
-    process.stderr.write(`  GET  /receipts       \u2014 Recent signed receipts
+    w(`  deny is authoritative \u2014 cannot be overridden.
 `);
-    process.stderr.write(`  GET  /suggestions    \u2014 Auto-generated Cedar policy suggestions
+    w(`
 `);
-    process.stderr.write(`  GET  /alerts         \u2014 Config tamper alerts
+    const hasSlug = process.env.SCOPEBLIND_SLUG || (0, import_node_fs5.existsSync)((0, import_node_path3.join)(process.cwd(), ".scopeblind"));
+    if (!hasSlug) {
+      w(`  Dashboard  npx protect-mcp connect
 `);
-    process.stderr.write(`
+      w(`             Free up to 20,000 receipts/month
 `);
-    process.stderr.write(`[PROTECT_MCP] deny decisions are AUTHORITATIVE \u2014 they cannot be overridden.
-`);
-    process.stderr.write(`
+      w(`
 `);
+    }
   });
   const shutdown = () => {
     process.stderr.write("\n[PROTECT_MCP] Shutting down hook server...\n");

package/dist/hook-server.mjs

@@ -1,6 +1,6 @@
 import {
   startHookServer
-} from "./chunk-FAELTNS7.mjs";
+} from "./chunk-SPHLVRJ2.mjs";
 import "./chunk-YTBC72JJ.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 export {

package/dist/index.d.mts

@@ -95,6 +95,29 @@ interface SigningConfig {
     issuer?: string;
     /** Whether signing is enabled (default: true when key_path is set) */
     enabled?: boolean;
+    /**
+     * Commitment-mode signing.
+     *
+     * When enabled, listed fields are committed via SHA-256(salt || JCS({name, salt, value}))
+     * and the receipt payload carries a single committed_fields_root (Merkle root) instead
+     * of the cleartext field values. Per draft-farley-acta-signed-receipts-01 §commitment-mode.
+     *
+     * The receipt issuer keeps the openings (value + salt per field) for later selective
+     * disclosure. A receipt holder can prove a field's value to an auditor without
+     * revealing other committed fields.
+     *
+     * @since 0.6.0
+     */
+    commitment_mode?: {
+        /** Whether commitment-mode signing is active. Default: false. */
+        enabled?: boolean;
+        /**
+         * Names of payload fields to commit.
+         * Recommended defaults: tool, scope, payload_digest, swarm.
+         * Other fields remain cleartext.
+         */
+        committed_field_names?: string[];
+    };
 }
 interface RateLimit {
     count: number;
@@ -825,6 +848,131 @@ declare function getSignerInfo(): {
  */
 declare function isSigningEnabled(): boolean;
 
+/**
+ * A Merkle inclusion proof for a single leaf.
+ *
+ * The siblings array lists the sibling hashes encountered while walking
+ * from the leaf up to the root. Each sibling is hex-encoded SHA-256.
+ * The (index, treeSize) pair determines whether the current node is
+ * left or right at each level during verification.
+ */
+interface MerkleProof {
+    /** Zero-based index of the leaf in the canonically-sorted leaf list. */
+    index: number;
+    /** Total number of leaves in the tree. */
+    treeSize: number;
+    /** Sibling hashes from leaf upward, hex-encoded SHA-256 (lowercase). */
+    siblings: string[];
+}
+
+/**
+ * @scopeblind/protect-mcp: Commitment-Mode Signing
+ *
+ * Produces commitment-mode signed receipts per draft-farley-acta-signed-receipts-01
+ * §commitment-mode. Each listed field is independently committed via
+ * SHA-256(0x00 || JCS({name, salt, value})), arranged into an RFC 6962-style
+ * Merkle tree with explicit one-byte domain separation, and the receipt payload
+ * carries a single committed_fields_root field instead of the cleartext values.
+ *
+ * The receipt holder retains openings (value + salt per field) and can selectively
+ * disclose any subset to auditors via Merkle inclusion proofs verifiable by
+ * @veritasacta/verify@>=0.6.0.
+ *
+ * This module sits alongside signing.ts (the legacy @veritasacta/artifacts-based
+ * cleartext path) and is invoked when SigningConfig.commitment_mode.enabled is
+ * true. The two paths are mutually exclusive on a per-receipt basis.
+ *
+ * @since 0.6.0
+ * @standard draft-farley-acta-signed-receipts-01 §commitment-mode
+ * @standard RFC 6962 (Certificate Transparency Merkle tree construction)
+ * @standard RFC 8032 (Ed25519)
+ * @standard RFC 8785 (JCS)
+ */
+
+/**
+ * The opening information for a single committed field. Held by the
+ * receipt issuer; never embedded in the published receipt. Required to
+ * later produce a selective-disclosure proof.
+ */
+interface CommittedFieldOpening {
+    /** Field name (matches one of committed_field_names). */
+    name: string;
+    /** Cleartext value of the field. */
+    value: unknown;
+    /** Salt bytes (32 random bytes per field per receipt). */
+    salt: Uint8Array;
+    /** Zero-based index of the field in the canonically-sorted leaf list. */
+    index: number;
+}
+/**
+ * The result of signing a decision in commitment mode.
+ */
+interface CommittedSignResult {
+    /** The signed receipt as a JSON string (canonical wire form). */
+    signed: string;
+    /** Receipt artifact type, e.g. "decision_receipt_committed_v1". */
+    artifact_type: string;
+    /**
+     * Per-field openings, indexed by field name. The issuer MUST persist
+     * these securely if it intends to support selective disclosure later.
+     * Storing them is the issuer's responsibility; this library does not
+     * write them to disk.
+     */
+    openings: Record<string, CommittedFieldOpening>;
+    /** Lowercase hex SHA-256 of the canonical signed receipt. */
+    receipt_hash: string;
+}
+/**
+ * A minimal selective-disclosure envelope. Reveal a single committed field
+ * to an auditor by supplying its (name, value, salt, proof). The auditor
+ * recomputes the leaf hash and walks the proof to confirm it reconstructs
+ * the receipt's committed_fields_root.
+ *
+ * Compatible with @veritasacta/verify@>=0.6.0.
+ */
+interface MinimalDisclosure {
+    /** The receipt this disclosure targets, by canonical hash. */
+    parent_receipt_hash: string;
+    /** Disclosed field name. */
+    name: string;
+    /** Cleartext value of the disclosed field. */
+    value: unknown;
+    /** Salt as base64url (no padding). */
+    salt: string;
+    /** Merkle inclusion proof. */
+    proof: MerkleProof;
+}
+/**
+ * Sign a DecisionLog in commitment mode.
+ *
+ * @param entry - The decision log entry to sign.
+ * @param committedFieldNames - Names of fields to commit. Recommended:
+ *   ["tool", "scope", "payload_digest", "swarm"]. Fields not listed
+ *   remain cleartext in the signed payload.
+ * @param signingKey - Ed25519 private key (32 bytes hex or raw).
+ * @param publicKey - Ed25519 public key (32 bytes hex).
+ * @param kid - Key identifier (RFC 7638 JWK thumbprint or operator-chosen).
+ * @param issuer - Issuer identifier (e.g. "my-gateway.example.com").
+ *
+ * @returns Signed receipt JSON, openings (per field), and receipt hash.
+ *
+ * @standard draft-farley-acta-signed-receipts-01 §signature-scope
+ *   The signature covers SHA-256(JCS(payload_minus_signature)).
+ */
+declare function signCommittedDecision(entry: DecisionLog, committedFieldNames: string[], signingKey: string, publicKey: string, kid: string, issuer: string): CommittedSignResult;
+/**
+ * Build a minimal selective-disclosure envelope for a single committed
+ * field. The envelope can be verified offline by anyone who has the
+ * receipt's committed_fields_root (which the receipt itself carries).
+ *
+ * @param receiptHash - Canonical hash of the receipt the disclosure targets.
+ * @param fieldName - Which field to disclose.
+ * @param openings - The full openings map produced by signCommittedDecision.
+ *
+ * @standard draft-farley-acta-signed-receipts-01 §commitment-disclosure
+ */
+declare function discloseField(receiptHash: string, fieldName: string, openings: Record<string, CommittedFieldOpening>): MinimalDisclosure;
+
 /**
  * @scopeblind/protect-mcp — External PDP Adapter
  *
@@ -2763,4 +2911,4 @@ declare function confidentialInference(_prompt: string, _config: ConfidentialInf
     receipt: Record<string, unknown>;
 }>;
 
-export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type CedarEvalRequest, type CedarPolicySet, type CedarSchema, type CedarSchemaResult, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type McpToolDescription, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SchemaGeneratorConfig, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, ed25519ToDIDKey, evaluateCedar, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateCedarSchema, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, generateSchemaStub, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isCedarAvailable, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadCedarPolicies, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };
+export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type CedarEvalRequest, type CedarPolicySet, type CedarSchema, type CedarSchemaResult, type CommittedFieldOpening, type CommittedSignResult, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type McpToolDescription, type MinimalDisclosure, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SchemaGeneratorConfig, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, discloseField, ed25519ToDIDKey, evaluateCedar, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateCedarSchema, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, generateSchemaStub, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isCedarAvailable, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadCedarPolicies, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signCommittedDecision, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };

package/dist/index.d.ts

@@ -95,6 +95,29 @@ interface SigningConfig {
     issuer?: string;
     /** Whether signing is enabled (default: true when key_path is set) */
     enabled?: boolean;
+    /**
+     * Commitment-mode signing.
+     *
+     * When enabled, listed fields are committed via SHA-256(salt || JCS({name, salt, value}))
+     * and the receipt payload carries a single committed_fields_root (Merkle root) instead
+     * of the cleartext field values. Per draft-farley-acta-signed-receipts-01 §commitment-mode.
+     *
+     * The receipt issuer keeps the openings (value + salt per field) for later selective
+     * disclosure. A receipt holder can prove a field's value to an auditor without
+     * revealing other committed fields.
+     *
+     * @since 0.6.0
+     */
+    commitment_mode?: {
+        /** Whether commitment-mode signing is active. Default: false. */
+        enabled?: boolean;
+        /**
+         * Names of payload fields to commit.
+         * Recommended defaults: tool, scope, payload_digest, swarm.
+         * Other fields remain cleartext.
+         */
+        committed_field_names?: string[];
+    };
 }
 interface RateLimit {
     count: number;
@@ -825,6 +848,131 @@ declare function getSignerInfo(): {
  */
 declare function isSigningEnabled(): boolean;
 
+/**
+ * A Merkle inclusion proof for a single leaf.
+ *
+ * The siblings array lists the sibling hashes encountered while walking
+ * from the leaf up to the root. Each sibling is hex-encoded SHA-256.
+ * The (index, treeSize) pair determines whether the current node is
+ * left or right at each level during verification.
+ */
+interface MerkleProof {
+    /** Zero-based index of the leaf in the canonically-sorted leaf list. */
+    index: number;
+    /** Total number of leaves in the tree. */
+    treeSize: number;
+    /** Sibling hashes from leaf upward, hex-encoded SHA-256 (lowercase). */
+    siblings: string[];
+}
+
+/**
+ * @scopeblind/protect-mcp: Commitment-Mode Signing
+ *
+ * Produces commitment-mode signed receipts per draft-farley-acta-signed-receipts-01
+ * §commitment-mode. Each listed field is independently committed via
+ * SHA-256(0x00 || JCS({name, salt, value})), arranged into an RFC 6962-style
+ * Merkle tree with explicit one-byte domain separation, and the receipt payload
+ * carries a single committed_fields_root field instead of the cleartext values.
+ *
+ * The receipt holder retains openings (value + salt per field) and can selectively
+ * disclose any subset to auditors via Merkle inclusion proofs verifiable by
+ * @veritasacta/verify@>=0.6.0.
+ *
+ * This module sits alongside signing.ts (the legacy @veritasacta/artifacts-based
+ * cleartext path) and is invoked when SigningConfig.commitment_mode.enabled is
+ * true. The two paths are mutually exclusive on a per-receipt basis.
+ *
+ * @since 0.6.0
+ * @standard draft-farley-acta-signed-receipts-01 §commitment-mode
+ * @standard RFC 6962 (Certificate Transparency Merkle tree construction)
+ * @standard RFC 8032 (Ed25519)
+ * @standard RFC 8785 (JCS)
+ */
+
+/**
+ * The opening information for a single committed field. Held by the
+ * receipt issuer; never embedded in the published receipt. Required to
+ * later produce a selective-disclosure proof.
+ */
+interface CommittedFieldOpening {
+    /** Field name (matches one of committed_field_names). */
+    name: string;
+    /** Cleartext value of the field. */
+    value: unknown;
+    /** Salt bytes (32 random bytes per field per receipt). */
+    salt: Uint8Array;
+    /** Zero-based index of the field in the canonically-sorted leaf list. */
+    index: number;
+}
+/**
+ * The result of signing a decision in commitment mode.
+ */
+interface CommittedSignResult {
+    /** The signed receipt as a JSON string (canonical wire form). */
+    signed: string;
+    /** Receipt artifact type, e.g. "decision_receipt_committed_v1". */
+    artifact_type: string;
+    /**
+     * Per-field openings, indexed by field name. The issuer MUST persist
+     * these securely if it intends to support selective disclosure later.
+     * Storing them is the issuer's responsibility; this library does not
+     * write them to disk.
+     */
+    openings: Record<string, CommittedFieldOpening>;
+    /** Lowercase hex SHA-256 of the canonical signed receipt. */
+    receipt_hash: string;
+}
+/**
+ * A minimal selective-disclosure envelope. Reveal a single committed field
+ * to an auditor by supplying its (name, value, salt, proof). The auditor
+ * recomputes the leaf hash and walks the proof to confirm it reconstructs
+ * the receipt's committed_fields_root.
+ *
+ * Compatible with @veritasacta/verify@>=0.6.0.
+ */
+interface MinimalDisclosure {
+    /** The receipt this disclosure targets, by canonical hash. */
+    parent_receipt_hash: string;
+    /** Disclosed field name. */
+    name: string;
+    /** Cleartext value of the disclosed field. */
+    value: unknown;
+    /** Salt as base64url (no padding). */
+    salt: string;
+    /** Merkle inclusion proof. */
+    proof: MerkleProof;
+}
+/**
+ * Sign a DecisionLog in commitment mode.
+ *
+ * @param entry - The decision log entry to sign.
+ * @param committedFieldNames - Names of fields to commit. Recommended:
+ *   ["tool", "scope", "payload_digest", "swarm"]. Fields not listed
+ *   remain cleartext in the signed payload.
+ * @param signingKey - Ed25519 private key (32 bytes hex or raw).
+ * @param publicKey - Ed25519 public key (32 bytes hex).
+ * @param kid - Key identifier (RFC 7638 JWK thumbprint or operator-chosen).
+ * @param issuer - Issuer identifier (e.g. "my-gateway.example.com").
+ *
+ * @returns Signed receipt JSON, openings (per field), and receipt hash.
+ *
+ * @standard draft-farley-acta-signed-receipts-01 §signature-scope
+ *   The signature covers SHA-256(JCS(payload_minus_signature)).
+ */
+declare function signCommittedDecision(entry: DecisionLog, committedFieldNames: string[], signingKey: string, publicKey: string, kid: string, issuer: string): CommittedSignResult;
+/**
+ * Build a minimal selective-disclosure envelope for a single committed
+ * field. The envelope can be verified offline by anyone who has the
+ * receipt's committed_fields_root (which the receipt itself carries).
+ *
+ * @param receiptHash - Canonical hash of the receipt the disclosure targets.
+ * @param fieldName - Which field to disclose.
+ * @param openings - The full openings map produced by signCommittedDecision.
+ *
+ * @standard draft-farley-acta-signed-receipts-01 §commitment-disclosure
+ */
+declare function discloseField(receiptHash: string, fieldName: string, openings: Record<string, CommittedFieldOpening>): MinimalDisclosure;
+
 /**
  * @scopeblind/protect-mcp — External PDP Adapter
  *
@@ -2763,4 +2911,4 @@ declare function confidentialInference(_prompt: string, _config: ConfidentialInf
     receipt: Record<string, unknown>;
 }>;
 
-export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type CedarEvalRequest, type CedarPolicySet, type CedarSchema, type CedarSchemaResult, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type McpToolDescription, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SchemaGeneratorConfig, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, ed25519ToDIDKey, evaluateCedar, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateCedarSchema, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, generateSchemaStub, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isCedarAvailable, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadCedarPolicies, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };
+export { type ActionReceipt, type AdmissionResult, type AgentId, type AgentManifest, type ApprovalAssertion, type ApprovalChallenge, type ApprovalNotification, type ApprovalResult, type ArenaPayload, type ArenaReceipt, type AttestationDocument, type AttestationPayload, type AttestationProvider, type AttestationReceipt, type AttestationResult, type AuditBundle, type AuditBundleOptions, type BenchmarkPayload, type BenchmarkReceipt, type BuilderId, type C2PAAssertion, type C2PAIngredient, type C2PAManifest, type C2PAOptions, type CCRConnectorConfig, type CCRSessionContext, type CalibrationScore, type CedarEvalRequest, type CedarPolicySet, type CedarSchema, type CedarSchemaResult, type CommittedFieldOpening, type CommittedSignResult, type ComplianceReport, ConfidentialGate, type ConfidentialGateConfig, type ConfidentialInferenceConfig, type CredentialConfig, type DecisionContext, type DecisionLog, type DelegationReceipt, type DisclosureMode, type Ed25519PublicKey, type EvidenceAttestation, type EvidenceAttestationInput, type EvidenceIssuer, type EvidenceReceipt, type EvidenceReceiptBase, type EvidenceSummary, type EvidenceSummaryEntry, type EvidenceType, type ExternalDecision, type ExternalPDPConfig, type HFDatasetMetadata, type HFReceiptRow, type HookEventName, type HookInput, type HookResponse, type IssuerType, type JsonRpcRequest, type JsonRpcResponse, type LeaseCompatibility, type ManifestBuilder, type ManifestCapabilities, type ManifestConfig, type ManifestIdentity, type ManifestPresentation, type ManifestSignature, type ManifestStatus, type McpToolDescription, type MinimalDisclosure, type NotificationConfig, type PassportTokenClaims, type PayloadDigest, type PlanReceipt, type PolicyEngineMode, type PredictionReceipt, type PredictionResolution, type PropagatorConfig, type ProtectConfig, ProtectGateway, type ProtectPolicy, type RateLimit, ReceiptPropagator, type RedactedResult, type RedactionSalt, type RekorAnchor, type RekorVerification, type RestraintPayload, type RestraintReceipt, type SHA256Hash, type SafetyTranscript, type Sandbox, type SandboxConfig, type SandboxReceipt, type SandboxResult, type SandboxToolCall, type SchemaGeneratorConfig, type SigningConfig, type SimulationResult, type SimulationSummary, type SwarmContext, type TierOverrides, type TimingMetrics, type ToolPolicy, type TrustTier, type WorkPayload, type WorkReceipt, anchorToRekor, buildDecisionContext, checkRateLimit, collectSignedReceipts, computeCalibration, confidentialInference, createApprovalChallenge, createApprovalReceiptPayload, createAttestationField, createAuditBundle, createC2PAManifest, createDisclosurePackage, createEvidenceAttestation, createLogAnchorField, createReceiptChannel, createSandbox, destroySandbox, discloseField, ed25519ToDIDKey, evaluateCedar, evaluateTier, exportC2PAManifestJSON, exportJSONL, formatReportMarkdown, formatSimulation, generateC2PACommand, generateCedarSchema, generateDatasetCard, generateHFMetadata, generateReport, generateSafetyTranscript, generateSchemaStub, getSignerInfo, getToolPolicy, hashReceipt, hashResponseBody, initSigning, isAgentId, isCedarAvailable, isDisclosureMode, isEvidenceType, isManifestStatus, isSigningEnabled, listCredentialLabels, loadCedarPolicies, loadPolicy, manifestToVC, meetsMinTier, parseLogFile, parseNotificationConfigFromEnv, parseRateLimit, queryExternalPDP, receiptToVP, receiptsToHFRows, redactFields, resolveCredential, revealField, runInSandbox, sendApprovalNotification, signCommittedDecision, signDecision, simulate, toCredentialRequestOptions, toManifoldFormat, toMetaculusFormat, validateCredentials, validateEvidenceReceipt, validateManifest, verifyActaC2PAAssertions, verifyAllCommitments, verifyApprovalAssertion, verifyCommitment, verifyEvidenceAttestation, verifyRekorAnchor };