protect-mcp 0.6.0 → 0.6.2

package/dist/cli.js

@@ -361,9 +361,36 @@ var init_credentials = __esm({
 // src/signing.ts
 async function initSigning(config) {
   const warnings = [];
+  signerState = null;
+  artifactsModule = null;
+  signingConfigured = Boolean(config && config.enabled !== false);
+  signingInitError = null;
   if (!config || config.enabled === false) {
     return warnings;
   }
+  if (!config.key_path) {
+    signingInitError = "signing enabled but key_path is not configured";
+    warnings.push(`signing: ${signingInitError}`);
+    return warnings;
+  }
+  if (!(0, import_node_fs3.existsSync)(config.key_path)) {
+    signingInitError = `key file not found at ${config.key_path}`;
+    warnings.push(`signing: ${signingInitError} \u2014 run "protect-mcp init" to generate`);
+    return warnings;
+  }
+  let keyData;
+  try {
+    keyData = JSON.parse((0, import_node_fs3.readFileSync)(config.key_path, "utf-8"));
+    if (!keyData.privateKey || !keyData.publicKey) {
+      signingInitError = "key file missing privateKey or publicKey fields";
+      warnings.push(`signing: ${signingInitError}`);
+      return warnings;
+    }
+  } catch (err) {
+    signingInitError = `failed to load key file: ${err instanceof Error ? err.message : err}`;
+    warnings.push(`signing: ${signingInitError}`);
+    return warnings;
+  }
   try {
     const moduleName = "@veritasacta/artifacts";
     artifactsModule = await import(
@@ -371,37 +398,48 @@ async function initSigning(config) {
       moduleName
     );
   } catch {
-    warnings.push("signing: @veritasacta/artifacts not available \u2014 receipts will be unsigned");
+    signingInitError = "@veritasacta/artifacts not available";
+    warnings.push(`signing: ${signingInitError} \u2014 enforce mode will fail closed`);
     return warnings;
   }
-  if (config.key_path) {
-    if (!(0, import_node_fs3.existsSync)(config.key_path)) {
-      warnings.push(`signing: key file not found at ${config.key_path} \u2014 run "protect-mcp init" to generate`);
-      return warnings;
-    }
-    try {
-      const keyData = JSON.parse((0, import_node_fs3.readFileSync)(config.key_path, "utf-8"));
-      if (!keyData.privateKey || !keyData.publicKey) {
-        warnings.push("signing: key file missing privateKey or publicKey fields");
-        return warnings;
-      }
-      signerState = {
-        privateKey: keyData.privateKey,
-        publicKey: keyData.publicKey,
-        kid: keyData.kid || artifactsModule.computeKid(keyData.publicKey),
-        issuer: config.issuer || keyData.issuer || "protect-mcp"
-      };
-    } catch (err) {
-      warnings.push(`signing: failed to load key file: ${err instanceof Error ? err.message : err}`);
-    }
+  try {
+    signerState = {
+      privateKey: keyData.privateKey,
+      publicKey: keyData.publicKey,
+      kid: keyData.kid || artifactsModule.computeKid(keyData.publicKey),
+      issuer: config.issuer || keyData.issuer || "protect-mcp"
+    };
+  } catch (err) {
+    signingInitError = `failed to initialize signer: ${err instanceof Error ? err.message : err}`;
+    artifactsModule = null;
+    warnings.push(`signing: ${signingInitError} \u2014 enforce mode will fail closed`);
   }
   return warnings;
 }
 function signDecision(entry) {
+  const artifactType = entry.decision === "deny" ? "gateway_restraint" : "decision_receipt";
+  if (signingConfigured && signingInitError) {
+    return {
+      ok: false,
+      signed: null,
+      artifact_type: artifactType,
+      warning: `signing initialization failed: ${signingInitError}`,
+      error: signingInitError
+    };
+  }
+  if (signingConfigured && (!signerState || !artifactsModule)) {
+    const error = "signing was configured but no signer is ready";
+    return {
+      ok: false,
+      signed: null,
+      artifact_type: artifactType,
+      warning: error,
+      error
+    };
+  }
   if (!signerState || !artifactsModule) {
-    return { signed: null, artifact_type: "none" };
+    return { ok: false, signed: null, artifact_type: "none" };
   }
-  const artifactType = entry.decision === "deny" ? "gateway_restraint" : "decision_receipt";
   try {
     const payload = {
       tool: entry.tool,
@@ -442,14 +480,18 @@ function signDecision(entry) {
       }
     );
     return {
+      ok: true,
       signed: JSON.stringify(result.artifact),
       artifact_type: artifactType
     };
   } catch (err) {
+    const message = err instanceof Error ? err.message : "unknown error";
     return {
+      ok: false,
       signed: null,
       artifact_type: artifactType,
-      warning: `signing failed: ${err instanceof Error ? err.message : "unknown error"}`
+      warning: `signing failed: ${message}`,
+      error: message
     };
   }
 }
@@ -462,15 +504,17 @@ function getSignerInfo() {
   };
 }
 function isSigningEnabled() {
-  return signerState !== null && artifactsModule !== null;
+  return signingConfigured && signingInitError === null && signerState !== null && artifactsModule !== null;
 }
-var import_node_fs3, signerState, artifactsModule;
+var import_node_fs3, signerState, artifactsModule, signingConfigured, signingInitError;
 var init_signing = __esm({
   "src/signing.ts"() {
     "use strict";
     import_node_fs3 = require("fs");
     signerState = null;
     artifactsModule = null;
+    signingConfigured = false;
+    signingInitError = null;
   }
 });
 
@@ -1639,8 +1683,20 @@ var init_gateway = __esm({
                 this.evidenceStore.save();
               }
             }
-          } else if (signed.warning) {
-            process.stderr.write(`[PROTECT_MCP] Warning: ${signed.warning}
+          } else if (signed.error) {
+            const tombstone = JSON.stringify({
+              type: "scopeblind.signing_failure.v1",
+              request_id: log.request_id,
+              tool: log.tool,
+              decision: log.decision,
+              error: signed.error,
+              at: new Date(log.timestamp).toISOString()
+            });
+            try {
+              (0, import_node_fs6.appendFileSync)(this.receiptFilePath, tombstone + "\n");
+            } catch {
+            }
+            process.stderr.write(`[PROTECT_MCP_SIGNING_FAILURE] ${tombstone}
 `);
           }
         }
@@ -4768,6 +4824,160 @@ var init_hook_patterns = __esm({
   }
 });
 
+// src/scopeblind-bridge.ts
+function getScopeBlindBridge() {
+  if (!singleton) singleton = new ScopeBlindBridge();
+  return singleton;
+}
+var DEFAULT_BASE, FLUSH_INTERVAL_MS, BATCH_MAX, BRASS_REFRESH_MARGIN_MS, ScopeBlindBridge, singleton;
+var init_scopeblind_bridge = __esm({
+  "src/scopeblind-bridge.ts"() {
+    "use strict";
+    DEFAULT_BASE = "https://scopeblind.com";
+    FLUSH_INTERVAL_MS = 5e3;
+    BATCH_MAX = 128;
+    BRASS_REFRESH_MARGIN_MS = 5 * 60 * 1e3;
+    ScopeBlindBridge = class {
+      token;
+      base;
+      tenantOverride;
+      cachedProof = null;
+      queue = [];
+      flushTimer = null;
+      stats;
+      shuttingDown = false;
+      constructor(env = process.env) {
+        this.token = env.SCOPEBLIND_TOKEN || null;
+        this.base = (env.SCOPEBLIND_BASE || DEFAULT_BASE).replace(/\/$/, "");
+        this.tenantOverride = env.SCOPEBLIND_TENANT || null;
+        this.stats = {
+          enabled: Boolean(this.token),
+          tenant_slug: this.tenantOverride,
+          forwarded_total: 0,
+          rejected_total: 0,
+          last_flush_at: null,
+          last_error: null
+        };
+        if (this.enabled()) {
+          this.flushTimer = setInterval(() => {
+            void this.flush();
+          }, FLUSH_INTERVAL_MS);
+          if (typeof this.flushTimer === "object" && this.flushTimer && "unref" in this.flushTimer) {
+            this.flushTimer.unref?.();
+          }
+          process.on("beforeExit", () => {
+            void this.shutdown();
+          });
+        }
+      }
+      enabled() {
+        return Boolean(this.token);
+      }
+      /** Push a signed receipt into the queue. Non-blocking. */
+      forward(signedReceipt) {
+        if (!this.enabled() || this.shuttingDown) return;
+        this.queue.push(signedReceipt);
+        if (this.queue.length >= BATCH_MAX) void this.flush();
+      }
+      /** Flush the queue. Safe to call concurrently. */
+      async flush() {
+        if (!this.enabled() || this.queue.length === 0) return;
+        const batch = this.queue.splice(0, BATCH_MAX);
+        try {
+          const proof = await this.ensureBrassProof();
+          const slug = this.tenantOverride || proof?.tenant_id;
+          if (!slug) {
+            this.queue.unshift(...batch);
+            return;
+          }
+          this.stats.tenant_slug = slug;
+          const res = await fetch(`${this.base}/fn/console/${slug}/receipts`, {
+            method: "POST",
+            headers: {
+              "content-type": "application/json",
+              authorization: `Bearer ${this.token}`,
+              "user-agent": "protect-mcp/scopeblind-bridge"
+            },
+            body: JSON.stringify({ receipts: batch })
+          });
+          if (!res.ok) {
+            const errBody = await res.text().catch(() => "");
+            this.stats.last_error = `HTTP ${res.status} ${errBody.slice(0, 160)}`;
+            this.stats.rejected_total += batch.length;
+            if (res.status >= 500 && res.status !== 503) {
+              this.queue.unshift(...batch);
+            }
+            return;
+          }
+          const body = await res.json().catch(() => ({}));
+          this.stats.forwarded_total += body?.accepted ?? batch.length;
+          this.stats.rejected_total += body?.rejected ?? 0;
+          this.stats.last_flush_at = (/* @__PURE__ */ new Date()).toISOString();
+          this.stats.last_error = null;
+        } catch (err) {
+          this.stats.last_error = String(err?.message || err);
+          this.queue.unshift(...batch);
+        }
+      }
+      /** Exchange SCOPEBLIND_TOKEN for a BRASS-v2 proof; refresh near expiry. */
+      async ensureBrassProof() {
+        if (!this.token) return null;
+        const now = Date.now();
+        if (this.cachedProof && Date.parse(this.cachedProof.expires_at) - now > BRASS_REFRESH_MARGIN_MS) {
+          return this.cachedProof;
+        }
+        try {
+          const res = await fetch(`${this.base}/fn/brass/issue`, {
+            method: "POST",
+            headers: {
+              "content-type": "application/json",
+              "user-agent": "protect-mcp/scopeblind-bridge"
+            },
+            body: JSON.stringify({
+              token: this.token,
+              scope: "protect-mcp-receipt-emit",
+              ttl_seconds: 3600
+            })
+          });
+          if (!res.ok) {
+            const text = await res.text().catch(() => "");
+            this.stats.last_error = `brass-issue: HTTP ${res.status} ${text.slice(0, 160)}`;
+            return null;
+          }
+          const body = await res.json();
+          if (!body?.auth_proof) {
+            this.stats.last_error = "brass-issue: missing auth_proof in response";
+            return null;
+          }
+          this.cachedProof = body.auth_proof;
+          return this.cachedProof;
+        } catch (err) {
+          this.stats.last_error = `brass-issue: ${err?.message || err}`;
+          return null;
+        }
+      }
+      /**
+       * Return a snapshot of bridge stats. Useful for `protect-mcp scopeblind status`.
+       */
+      getStats() {
+        return {
+          ...this.stats,
+          queued: this.queue.length,
+          brass_proof_expires_at: this.cachedProof?.expires_at || null
+        };
+      }
+      /** Flush remaining receipts and stop the interval. Called on process exit. */
+      async shutdown() {
+        if (this.shuttingDown) return;
+        this.shuttingDown = true;
+        if (this.flushTimer) clearInterval(this.flushTimer);
+        if (this.queue.length > 0) await this.flush();
+      }
+    };
+    singleton = null;
+  }
+});
+
 // src/hook-server.ts
 var hook_server_exports = {};
 __export(hook_server_exports, {
@@ -4976,7 +5186,7 @@ async function handlePreToolUse(input, state) {
   const hookLatency = Date.now() - hookStart;
   const denyKey = `${toolName}:${input.sessionId || "default"}`;
   state.denyCounter.delete(denyKey);
-  emitDecisionLog(state, {
+  const emit = emitDecisionLog(state, {
     tool: toolName,
     decision: "allow",
     reason_code: state.cedarPolicies ? "cedar_allow" : state.jsonPolicy ? "policy_allow" : "observe_mode",
@@ -4988,6 +5198,15 @@ async function handlePreToolUse(input, state) {
     sandbox_state: detectSandboxState(),
     plan_receipt_id: state.activePlanReceiptId || void 0
   });
+  if (state.enforce && emit.signingFailed) {
+    return {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "deny",
+        permissionDecisionReason: `[ScopeBlind] "${toolName}" was blocked because its receipt could not be signed. Failing closed: a governed action that cannot be proven is not allowed.`
+      }
+    };
+  }
   return {};
 }
 async function handlePostToolUse(input, state) {
@@ -5235,11 +5454,35 @@ function emitDecisionLog(state, entry) {
       } catch {
       }
       state.receiptBuffer.add(log.request_id, signed.signed);
-    } else if (signed.warning) {
-      process.stderr.write(`[PROTECT_MCP] Warning: ${signed.warning}
+      try {
+        const bridge = getScopeBlindBridge();
+        if (bridge.enabled()) {
+          const parsed = typeof signed.signed === "string" ? JSON.parse(signed.signed) : signed.signed;
+          bridge.forward(parsed);
+        }
+      } catch (err) {
+        process.stderr.write(`[PROTECT_MCP] ScopeBlind forward error: ${err instanceof Error ? err.message : err}
+`);
+      }
+    } else if (signed.error) {
+      const tombstone = JSON.stringify({
+        type: "scopeblind.signing_failure.v1",
+        request_id: log.request_id,
+        tool: log.tool,
+        decision: log.decision,
+        error: signed.error,
+        at: new Date(log.timestamp).toISOString()
+      });
+      try {
+        (0, import_node_fs8.appendFileSync)(state.receiptFilePath, tombstone + "\n");
+      } catch {
+      }
+      process.stderr.write(`[PROTECT_MCP_SIGNING_FAILURE] ${tombstone}
 `);
+      return { signingFailed: true };
     }
   }
+  return { signingFailed: false };
 }
 async function routeHookEvent(input, state) {
   switch (input.hookEventName) {
@@ -5550,6 +5793,7 @@ var init_hook_server = __esm({
     init_signing();
     init_policy();
     init_http_server();
+    init_scopeblind_bridge();
     DEFAULT_PORT = 9377;
     LOG_FILE3 = ".protect-mcp-log.jsonl";
     RECEIPTS_FILE2 = ".protect-mcp-receipts.jsonl";
@@ -7712,6 +7956,36 @@ main().catch((err) => {
 `);
   process.exit(1);
 });
+/**
+ * scopeblind-bridge.ts
+ *
+ * Optional bridge between protect-mcp (local, MIT) and a paid ScopeBlind
+ * tenant. When SCOPEBLIND_TOKEN is set in the environment, every signed
+ * receipt that protect-mcp emits also gets forwarded to the tenant's
+ * dashboard at https://scopeblind.com/console/<slug>.
+ *
+ * Lifecycle:
+ *   1. On first use, exchange SCOPEBLIND_TOKEN for a short-lived BRASS-v2
+ *      auth proof from /fn/brass/issue. Cache the proof in memory until
+ *      ~5 minutes before expiry, then refresh.
+ *   2. As receipts are emitted by hook-server.ts, push them into an
+ *      in-memory batch queue.
+ *   3. Flush the queue every 5s (or when it reaches 128 receipts) by POSTing
+ *      to /fn/console/<slug>/receipts with Bearer SCOPEBLIND_TOKEN.
+ *
+ * Failure mode: forward errors NEVER throw upstream. protect-mcp continues
+ * to mint and persist receipts locally regardless of dashboard availability.
+ * The bridge logs failures to stderr (best-effort) and retries on the next
+ * flush.
+ *
+ * Configuration:
+ *   SCOPEBLIND_TOKEN        Tenant bearer token (from welcome email).
+ *   SCOPEBLIND_TENANT       Optional slug override. By default we discover
+ *                           the slug from the BRASS proof's tenant_id.
+ *   SCOPEBLIND_BASE         Defaults to https://scopeblind.com.
+ *
+ * @license MIT
+ */
 /*! Bundled license information:
 
 @noble/hashes/esm/utils.js:

package/dist/cli.mjs

@@ -3,17 +3,17 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-GQWJCHQV.mjs";
+} from "./chunk-S4ICHNSP.mjs";
 import {
   ProtectGateway,
   validateCredentials
-} from "./chunk-BYYWYSHM.mjs";
+} from "./chunk-PLKRTBDR.mjs";
 import {
   initSigning,
   isCedarAvailable,
   loadCedarPolicies,
   loadPolicy
-} from "./chunk-YTBC72JJ.mjs";
+} from "./chunk-UV53U6D4.mjs";
 import "./chunk-PQJP2ZCI.mjs";
 
 // src/cli.ts
@@ -1442,7 +1442,7 @@ async function main() {
   if (useHttp) {
     const portIdx = args.indexOf("--port");
     const httpPort = portIdx >= 0 && args[portIdx + 1] ? parseInt(args[portIdx + 1]) : 3e3;
-    const { startHttpTransport } = await import("./http-transport-LNBENGXD.mjs");
+    const { startHttpTransport } = await import("./http-transport-MO32ESHZ.mjs");
     startHttpTransport({ port: httpPort, config, serverCommand: childCommand });
     return;
   }