protect-mcp 0.6.0 → 0.6.2

package/dist/index.js

@@ -35022,6 +35022,7 @@ __export(index_exports, {
   ConfidentialGate: () => ConfidentialGate,
   ProtectGateway: () => ProtectGateway,
   ReceiptPropagator: () => ReceiptPropagator,
+  ScopeBlindBridge: () => ScopeBlindBridge,
   anchorToRekor: () => anchorToRekor,
   buildDecisionContext: () => buildDecisionContext,
   checkRateLimit: () => checkRateLimit,
@@ -35048,6 +35049,7 @@ __export(index_exports, {
   exportJSONL: () => exportJSONL,
   formatReportMarkdown: () => formatReportMarkdown,
   formatSimulation: () => formatSimulation,
+  forwardReceipt: () => forwardReceipt,
   generateC2PACommand: () => generateC2PACommand,
   generateCedarSchema: () => generateCedarSchema,
   generateDatasetCard: () => generateDatasetCard,
@@ -35058,6 +35060,7 @@ __export(index_exports, {
   generateSampleCedarPolicy: () => generateSampleCedarPolicy,
   generateSchemaStub: () => generateSchemaStub,
   generateVerifyReceiptSkill: () => generateVerifyReceiptSkill,
+  getScopeBlindBridge: () => getScopeBlindBridge,
   getSignerInfo: () => getSignerInfo,
   getToolPolicy: () => getToolPolicy,
   hashReceipt: () => hashReceipt,
@@ -35424,11 +35427,40 @@ function validateCredentials(credentials) {
 var import_node_fs3 = require("fs");
 var signerState = null;
 var artifactsModule = null;
+var signingConfigured = false;
+var signingInitError = null;
 async function initSigning(config) {
   const warnings = [];
+  signerState = null;
+  artifactsModule = null;
+  signingConfigured = Boolean(config && config.enabled !== false);
+  signingInitError = null;
   if (!config || config.enabled === false) {
     return warnings;
   }
+  if (!config.key_path) {
+    signingInitError = "signing enabled but key_path is not configured";
+    warnings.push(`signing: ${signingInitError}`);
+    return warnings;
+  }
+  if (!(0, import_node_fs3.existsSync)(config.key_path)) {
+    signingInitError = `key file not found at ${config.key_path}`;
+    warnings.push(`signing: ${signingInitError} \u2014 run "protect-mcp init" to generate`);
+    return warnings;
+  }
+  let keyData;
+  try {
+    keyData = JSON.parse((0, import_node_fs3.readFileSync)(config.key_path, "utf-8"));
+    if (!keyData.privateKey || !keyData.publicKey) {
+      signingInitError = "key file missing privateKey or publicKey fields";
+      warnings.push(`signing: ${signingInitError}`);
+      return warnings;
+    }
+  } catch (err) {
+    signingInitError = `failed to load key file: ${err instanceof Error ? err.message : err}`;
+    warnings.push(`signing: ${signingInitError}`);
+    return warnings;
+  }
   try {
     const moduleName = "@veritasacta/artifacts";
     artifactsModule = await import(
@@ -35436,37 +35468,48 @@ async function initSigning(config) {
       moduleName
     );
   } catch {
-    warnings.push("signing: @veritasacta/artifacts not available \u2014 receipts will be unsigned");
+    signingInitError = "@veritasacta/artifacts not available";
+    warnings.push(`signing: ${signingInitError} \u2014 enforce mode will fail closed`);
     return warnings;
   }
-  if (config.key_path) {
-    if (!(0, import_node_fs3.existsSync)(config.key_path)) {
-      warnings.push(`signing: key file not found at ${config.key_path} \u2014 run "protect-mcp init" to generate`);
-      return warnings;
-    }
-    try {
-      const keyData = JSON.parse((0, import_node_fs3.readFileSync)(config.key_path, "utf-8"));
-      if (!keyData.privateKey || !keyData.publicKey) {
-        warnings.push("signing: key file missing privateKey or publicKey fields");
-        return warnings;
-      }
-      signerState = {
-        privateKey: keyData.privateKey,
-        publicKey: keyData.publicKey,
-        kid: keyData.kid || artifactsModule.computeKid(keyData.publicKey),
-        issuer: config.issuer || keyData.issuer || "protect-mcp"
-      };
-    } catch (err) {
-      warnings.push(`signing: failed to load key file: ${err instanceof Error ? err.message : err}`);
-    }
+  try {
+    signerState = {
+      privateKey: keyData.privateKey,
+      publicKey: keyData.publicKey,
+      kid: keyData.kid || artifactsModule.computeKid(keyData.publicKey),
+      issuer: config.issuer || keyData.issuer || "protect-mcp"
+    };
+  } catch (err) {
+    signingInitError = `failed to initialize signer: ${err instanceof Error ? err.message : err}`;
+    artifactsModule = null;
+    warnings.push(`signing: ${signingInitError} \u2014 enforce mode will fail closed`);
   }
   return warnings;
 }
 function signDecision(entry) {
+  const artifactType = entry.decision === "deny" ? "gateway_restraint" : "decision_receipt";
+  if (signingConfigured && signingInitError) {
+    return {
+      ok: false,
+      signed: null,
+      artifact_type: artifactType,
+      warning: `signing initialization failed: ${signingInitError}`,
+      error: signingInitError
+    };
+  }
+  if (signingConfigured && (!signerState || !artifactsModule)) {
+    const error = "signing was configured but no signer is ready";
+    return {
+      ok: false,
+      signed: null,
+      artifact_type: artifactType,
+      warning: error,
+      error
+    };
+  }
   if (!signerState || !artifactsModule) {
-    return { signed: null, artifact_type: "none" };
+    return { ok: false, signed: null, artifact_type: "none" };
   }
-  const artifactType = entry.decision === "deny" ? "gateway_restraint" : "decision_receipt";
   try {
     const payload = {
       tool: entry.tool,
@@ -35507,14 +35550,18 @@ function signDecision(entry) {
       }
     );
     return {
+      ok: true,
       signed: JSON.stringify(result.artifact),
       artifact_type: artifactType
     };
   } catch (err) {
+    const message = err instanceof Error ? err.message : "unknown error";
     return {
+      ok: false,
       signed: null,
       artifact_type: artifactType,
-      warning: `signing failed: ${err instanceof Error ? err.message : "unknown error"}`
+      warning: `signing failed: ${message}`,
+      error: message
     };
   }
 }
@@ -35527,7 +35574,7 @@ function getSignerInfo() {
   };
 }
 function isSigningEnabled() {
-  return signerState !== null && artifactsModule !== null;
+  return signingConfigured && signingInitError === null && signerState !== null && artifactsModule !== null;
 }
 
 // src/external-pdp.ts
@@ -36655,8 +36702,20 @@ var ProtectGateway = class {
             this.evidenceStore.save();
           }
         }
-      } else if (signed.warning) {
-        process.stderr.write(`[PROTECT_MCP] Warning: ${signed.warning}
+      } else if (signed.error) {
+        const tombstone = JSON.stringify({
+          type: "scopeblind.signing_failure.v1",
+          request_id: log.request_id,
+          tool: log.tool,
+          decision: log.decision,
+          error: signed.error,
+          at: new Date(log.timestamp).toISOString()
+        });
+        try {
+          (0, import_node_fs6.appendFileSync)(this.receiptFilePath, tombstone + "\n");
+        } catch {
+        }
+        process.stderr.write(`[PROTECT_MCP_SIGNING_FAILURE] ${tombstone}
 `);
       }
     }
@@ -39629,6 +39688,159 @@ var import_node_http2 = require("http");
 var import_node_crypto4 = require("crypto");
 var import_node_fs9 = require("fs");
 var import_node_path5 = require("path");
+
+// src/scopeblind-bridge.ts
+var DEFAULT_BASE = "https://scopeblind.com";
+var FLUSH_INTERVAL_MS = 5e3;
+var BATCH_MAX = 128;
+var BRASS_REFRESH_MARGIN_MS = 5 * 60 * 1e3;
+var ScopeBlindBridge = class {
+  token;
+  base;
+  tenantOverride;
+  cachedProof = null;
+  queue = [];
+  flushTimer = null;
+  stats;
+  shuttingDown = false;
+  constructor(env = process.env) {
+    this.token = env.SCOPEBLIND_TOKEN || null;
+    this.base = (env.SCOPEBLIND_BASE || DEFAULT_BASE).replace(/\/$/, "");
+    this.tenantOverride = env.SCOPEBLIND_TENANT || null;
+    this.stats = {
+      enabled: Boolean(this.token),
+      tenant_slug: this.tenantOverride,
+      forwarded_total: 0,
+      rejected_total: 0,
+      last_flush_at: null,
+      last_error: null
+    };
+    if (this.enabled()) {
+      this.flushTimer = setInterval(() => {
+        void this.flush();
+      }, FLUSH_INTERVAL_MS);
+      if (typeof this.flushTimer === "object" && this.flushTimer && "unref" in this.flushTimer) {
+        this.flushTimer.unref?.();
+      }
+      process.on("beforeExit", () => {
+        void this.shutdown();
+      });
+    }
+  }
+  enabled() {
+    return Boolean(this.token);
+  }
+  /** Push a signed receipt into the queue. Non-blocking. */
+  forward(signedReceipt) {
+    if (!this.enabled() || this.shuttingDown) return;
+    this.queue.push(signedReceipt);
+    if (this.queue.length >= BATCH_MAX) void this.flush();
+  }
+  /** Flush the queue. Safe to call concurrently. */
+  async flush() {
+    if (!this.enabled() || this.queue.length === 0) return;
+    const batch = this.queue.splice(0, BATCH_MAX);
+    try {
+      const proof = await this.ensureBrassProof();
+      const slug = this.tenantOverride || proof?.tenant_id;
+      if (!slug) {
+        this.queue.unshift(...batch);
+        return;
+      }
+      this.stats.tenant_slug = slug;
+      const res = await fetch(`${this.base}/fn/console/${slug}/receipts`, {
+        method: "POST",
+        headers: {
+          "content-type": "application/json",
+          authorization: `Bearer ${this.token}`,
+          "user-agent": "protect-mcp/scopeblind-bridge"
+        },
+        body: JSON.stringify({ receipts: batch })
+      });
+      if (!res.ok) {
+        const errBody = await res.text().catch(() => "");
+        this.stats.last_error = `HTTP ${res.status} ${errBody.slice(0, 160)}`;
+        this.stats.rejected_total += batch.length;
+        if (res.status >= 500 && res.status !== 503) {
+          this.queue.unshift(...batch);
+        }
+        return;
+      }
+      const body = await res.json().catch(() => ({}));
+      this.stats.forwarded_total += body?.accepted ?? batch.length;
+      this.stats.rejected_total += body?.rejected ?? 0;
+      this.stats.last_flush_at = (/* @__PURE__ */ new Date()).toISOString();
+      this.stats.last_error = null;
+    } catch (err) {
+      this.stats.last_error = String(err?.message || err);
+      this.queue.unshift(...batch);
+    }
+  }
+  /** Exchange SCOPEBLIND_TOKEN for a BRASS-v2 proof; refresh near expiry. */
+  async ensureBrassProof() {
+    if (!this.token) return null;
+    const now = Date.now();
+    if (this.cachedProof && Date.parse(this.cachedProof.expires_at) - now > BRASS_REFRESH_MARGIN_MS) {
+      return this.cachedProof;
+    }
+    try {
+      const res = await fetch(`${this.base}/fn/brass/issue`, {
+        method: "POST",
+        headers: {
+          "content-type": "application/json",
+          "user-agent": "protect-mcp/scopeblind-bridge"
+        },
+        body: JSON.stringify({
+          token: this.token,
+          scope: "protect-mcp-receipt-emit",
+          ttl_seconds: 3600
+        })
+      });
+      if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        this.stats.last_error = `brass-issue: HTTP ${res.status} ${text.slice(0, 160)}`;
+        return null;
+      }
+      const body = await res.json();
+      if (!body?.auth_proof) {
+        this.stats.last_error = "brass-issue: missing auth_proof in response";
+        return null;
+      }
+      this.cachedProof = body.auth_proof;
+      return this.cachedProof;
+    } catch (err) {
+      this.stats.last_error = `brass-issue: ${err?.message || err}`;
+      return null;
+    }
+  }
+  /**
+   * Return a snapshot of bridge stats. Useful for `protect-mcp scopeblind status`.
+   */
+  getStats() {
+    return {
+      ...this.stats,
+      queued: this.queue.length,
+      brass_proof_expires_at: this.cachedProof?.expires_at || null
+    };
+  }
+  /** Flush remaining receipts and stop the interval. Called on process exit. */
+  async shutdown() {
+    if (this.shuttingDown) return;
+    this.shuttingDown = true;
+    if (this.flushTimer) clearInterval(this.flushTimer);
+    if (this.queue.length > 0) await this.flush();
+  }
+};
+var singleton = null;
+function getScopeBlindBridge() {
+  if (!singleton) singleton = new ScopeBlindBridge();
+  return singleton;
+}
+function forwardReceipt(signedReceipt) {
+  getScopeBlindBridge().forward(signedReceipt);
+}
+
+// src/hook-server.ts
 var DEFAULT_PORT = 9377;
 var LOG_FILE3 = ".protect-mcp-log.jsonl";
 var RECEIPTS_FILE2 = ".protect-mcp-receipts.jsonl";
@@ -39836,7 +40048,7 @@ async function handlePreToolUse(input, state) {
   const hookLatency = Date.now() - hookStart;
   const denyKey = `${toolName}:${input.sessionId || "default"}`;
   state.denyCounter.delete(denyKey);
-  emitDecisionLog(state, {
+  const emit = emitDecisionLog(state, {
     tool: toolName,
     decision: "allow",
     reason_code: state.cedarPolicies ? "cedar_allow" : state.jsonPolicy ? "policy_allow" : "observe_mode",
@@ -39848,6 +40060,15 @@ async function handlePreToolUse(input, state) {
     sandbox_state: detectSandboxState(),
     plan_receipt_id: state.activePlanReceiptId || void 0
   });
+  if (state.enforce && emit.signingFailed) {
+    return {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "deny",
+        permissionDecisionReason: `[ScopeBlind] "${toolName}" was blocked because its receipt could not be signed. Failing closed: a governed action that cannot be proven is not allowed.`
+      }
+    };
+  }
   return {};
 }
 async function handlePostToolUse(input, state) {
@@ -40095,11 +40316,35 @@ function emitDecisionLog(state, entry) {
       } catch {
       }
       state.receiptBuffer.add(log.request_id, signed.signed);
-    } else if (signed.warning) {
-      process.stderr.write(`[PROTECT_MCP] Warning: ${signed.warning}
+      try {
+        const bridge = getScopeBlindBridge();
+        if (bridge.enabled()) {
+          const parsed = typeof signed.signed === "string" ? JSON.parse(signed.signed) : signed.signed;
+          bridge.forward(parsed);
+        }
+      } catch (err) {
+        process.stderr.write(`[PROTECT_MCP] ScopeBlind forward error: ${err instanceof Error ? err.message : err}
+`);
+      }
+    } else if (signed.error) {
+      const tombstone = JSON.stringify({
+        type: "scopeblind.signing_failure.v1",
+        request_id: log.request_id,
+        tool: log.tool,
+        decision: log.decision,
+        error: signed.error,
+        at: new Date(log.timestamp).toISOString()
+      });
+      try {
+        (0, import_node_fs9.appendFileSync)(state.receiptFilePath, tombstone + "\n");
+      } catch {
+      }
+      process.stderr.write(`[PROTECT_MCP_SIGNING_FAILURE] ${tombstone}
 `);
+      return { signingFailed: true };
     }
   }
+  return { signingFailed: false };
 }
 async function routeHookEvent(input, state) {
   switch (input.hookEventName) {
@@ -42429,6 +42674,7 @@ function createSandboxServer() {
   ConfidentialGate,
   ProtectGateway,
   ReceiptPropagator,
+  ScopeBlindBridge,
   anchorToRekor,
   buildDecisionContext,
   checkRateLimit,
@@ -42455,6 +42701,7 @@ function createSandboxServer() {
   exportJSONL,
   formatReportMarkdown,
   formatSimulation,
+  forwardReceipt,
   generateC2PACommand,
   generateCedarSchema,
   generateDatasetCard,
@@ -42465,6 +42712,7 @@ function createSandboxServer() {
   generateSampleCedarPolicy,
   generateSchemaStub,
   generateVerifyReceiptSkill,
+  getScopeBlindBridge,
   getSignerInfo,
   getToolPolicy,
   hashReceipt,
@@ -42509,6 +42757,36 @@ function createSandboxServer() {
   verifyEvidenceAttestation,
   verifyRekorAnchor
 });
+/**
+ * scopeblind-bridge.ts
+ *
+ * Optional bridge between protect-mcp (local, MIT) and a paid ScopeBlind
+ * tenant. When SCOPEBLIND_TOKEN is set in the environment, every signed
+ * receipt that protect-mcp emits also gets forwarded to the tenant's
+ * dashboard at https://scopeblind.com/console/<slug>.
+ *
+ * Lifecycle:
+ *   1. On first use, exchange SCOPEBLIND_TOKEN for a short-lived BRASS-v2
+ *      auth proof from /fn/brass/issue. Cache the proof in memory until
+ *      ~5 minutes before expiry, then refresh.
+ *   2. As receipts are emitted by hook-server.ts, push them into an
+ *      in-memory batch queue.
+ *   3. Flush the queue every 5s (or when it reaches 128 receipts) by POSTing
+ *      to /fn/console/<slug>/receipts with Bearer SCOPEBLIND_TOKEN.
+ *
+ * Failure mode: forward errors NEVER throw upstream. protect-mcp continues
+ * to mint and persist receipts locally regardless of dashboard availability.
+ * The bridge logs failures to stderr (best-effort) and retries on the next
+ * flush.
+ *
+ * Configuration:
+ *   SCOPEBLIND_TOKEN        Tenant bearer token (from welcome email).
+ *   SCOPEBLIND_TENANT       Optional slug override. By default we discover
+ *                           the slug from the BRASS proof's tenant_id.
+ *   SCOPEBLIND_BASE         Defaults to https://scopeblind.com.
+ *
+ * @license MIT
+ */
 /*! Bundled license information:
 
 @noble/hashes/esm/utils.js:

package/dist/index.mjs

@@ -6,7 +6,7 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-GQWJCHQV.mjs";
+} from "./chunk-S4ICHNSP.mjs";
 import {
   ProtectGateway,
   buildDecisionContext,
@@ -18,7 +18,7 @@ import {
   resolveCredential,
   sendApprovalNotification,
   validateCredentials
-} from "./chunk-BYYWYSHM.mjs";
+} from "./chunk-PLKRTBDR.mjs";
 import {
   createSandboxServer
 } from "./chunk-J6L4XCTE.mjs";
@@ -29,8 +29,11 @@ import {
   generateVerifyReceiptSkill
 } from "./chunk-NMZPXXL3.mjs";
 import {
+  ScopeBlindBridge,
+  forwardReceipt,
+  getScopeBlindBridge,
   startHookServer
-} from "./chunk-SPHLVRJ2.mjs";
+} from "./chunk-3YCKR72H.mjs";
 import {
   checkRateLimit,
   evaluateCedar,
@@ -43,7 +46,7 @@ import {
   loadPolicy,
   parseRateLimit,
   signDecision
-} from "./chunk-YTBC72JJ.mjs";
+} from "./chunk-UV53U6D4.mjs";
 import {
   ed25519,
   sha256
@@ -1934,6 +1937,7 @@ export {
   ConfidentialGate,
   ProtectGateway,
   ReceiptPropagator,
+  ScopeBlindBridge,
   anchorToRekor,
   buildDecisionContext,
   checkRateLimit,
@@ -1960,6 +1964,7 @@ export {
   exportJSONL,
   formatReportMarkdown,
   formatSimulation,
+  forwardReceipt,
   generateC2PACommand,
   generateCedarSchema,
   generateDatasetCard,
@@ -1970,6 +1975,7 @@ export {
   generateSampleCedarPolicy,
   generateSchemaStub,
   generateVerifyReceiptSkill,
+  getScopeBlindBridge,
   getSignerInfo,
   getToolPolicy,
   hashReceipt,

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "protect-mcp",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "mcpName": "com.scopeblind/protect-mcp",
-  "description": "Enterprise security gateway for MCP servers and Claude Code hooks. Cedar policies, Ed25519-signed receipts, swarm tracking, and tamper detection. Shadow or enforce mode.",
+  "description": "Cedar policy + signed receipts for AI agent decisions. Same primitive shipping in ScopeBlind cold-chain hardware. scopeblind.com/cold-chain",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "module": "dist/index.mjs",
@@ -62,6 +62,7 @@
     "url": "https://github.com/scopeblind/scopeblind-gateway/issues"
   },
   "dependencies": {
+    "@veritasacta/artifacts": "^0.2.2",
     "@veritasacta/protocol": "^0.1.0"
   },
   "optionalDependencies": {