Skip to main content

Protect Mcp

Plugin Verified Active
Part of:Claude Code Plugins

Cedar policy enforcement + Ed25519 signed receipts for every Claude Code tool call. First cryptographic governance plugin — receipts independently verifiable offline.

1 Skill 0 MCPs
Purpose

To provide cryptographic governance and verifiable audit trails for AI agent actions, ensuring compliance and security by enforcing policies and signing every tool call.

Features

  • Cedar policy enforcement before tool execution
  • Ed25519 signed receipts for allow/deny decisions
  • Hash-chained audit trail for integrity
  • Offline verification of receipts
  • Command-line tools for verification and auditing

Use Cases

  • Securing AI agent actions in production environments
  • Providing auditable evidence for compliance requirements
  • Detecting and preventing unauthorized tool usage
  • Establishing tamper-evident logs of AI agent activity

Non-Goals

  • Acting as a general-purpose logging system
  • Storing sensitive data beyond cryptographic receipts
  • Replacing the Claude Code session log entirely

Workflow

  1. User installs plugin and configures hooks.
  2. User creates a Cedar policy file.
  3. User starts the signing server or relies on environment variables.
  4. Claude Code agent makes a tool call.
  5. PreToolUse hook evaluates call against Cedar policy.
  6. If denied, tool call is blocked; if allowed, tool executes.
  7. PostToolUse hook signs a receipt with decision, input, and output.
  8. Receipt is saved locally and linked to the previous receipt.
  9. User can verify individual receipts or audit the chain offline.

Practices

  • Policy Enforcement
  • Cryptographic Auditing
  • Access Control

Prerequisites

  • Node.js installed
  • Claude Code environment
  • Policy file (e.g., ./protect.cedar)
  • Signing key file (e.g., ./protect-mcp.key)

Invocation

  • info:Hook matcher tightnessThe `PreToolUse` and `PostToolUse` hooks use a broad `.*` matcher, which could be tightened if specific tool categories were to be excluded from policy evaluation or receipt signing.

Installation

First, add the marketplace

/plugin marketplace add wshobson/agents
/plugin install protect-mcp@claude-code-workflows

Contains 1 extensions

Skill (1)

Protect Mcp Setup Skill

Configure Cedar policy enforcement and Ed25519 signed receipts for Claude Code tool calls. Use when setting up projects that need cryptographic audit trails, policy-gated tool execution, or compliance-ready evidence of agent actions.

Quality Score

Verified
98 /100
Analyzed 1 day ago

Trust Signals

Last commit4 days ago
GitHub owner wshobson (opens in new tab)
Stars35.3k
LicenseMIT
Websitesethhobson.com(opens in new tab)
Status
View Source

Similar Extensions

Review Agent Governance

99

Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI config. Cedar-gated, receipt-signed, designed for the Hermes-style failure mode where a review bot posts without oversight.

Plugin
wshobson

Dotforge

100

Node.js 20+ with Express/Fastify, TypeScript, and ESM module rules for Claude Code.

Plugin
luiseiman

Signed Audit Trails

95

Teaching skill: signed audit trails for Claude Code tool calls. Cookbook-style walkthrough of Cedar-gated tool calls with Ed25519 receipts, offline verification, and CI/CD integration. Pairs with the protect-mcp plugin.

Plugin
wshobson

HubSpot Admin Skills

99

Complete HubSpot CRM administration toolkit — audit, clean, enrich, segment, automate, and maintain your database

Plugin
TomGranot

Dotforge

98

Swift 5.9+ with SwiftUI, iOS 17+, @Observable, async/await, and SPM rules for Claude Code.

Plugin
luiseiman

Dotforge

98

Behavior governance for Claude Code — declarative runtime policies on tool calls (search-first, no-destructive-git, verify-before-done, …) compiled to PreToolUse hooks, plus configuration governance: 18 skills, 7 agents, 16 stacks, audit scoring, practices pipeline.

Plugin
luiseiman

© 2025 SkillRepo · Find the right skill, skip the noise.