跳转到主要内容
此内容尚未提供您的语言版本,正在以英文显示。

Protect Mcp

插件 已验证 活跃
属于:Claude Code Plugins

Cedar policy enforcement + Ed25519 signed receipts for every Claude Code tool call. First cryptographic governance plugin — receipts independently verifiable offline.

1 个 Skill 0 个 MCP
目的

To provide cryptographic governance and verifiable audit trails for AI agent actions, ensuring compliance and security by enforcing policies and signing every tool call.

功能

  • Cedar policy enforcement before tool execution
  • Ed25519 signed receipts for allow/deny decisions
  • Hash-chained audit trail for integrity
  • Offline verification of receipts
  • Command-line tools for verification and auditing

使用场景

  • Securing AI agent actions in production environments
  • Providing auditable evidence for compliance requirements
  • Detecting and preventing unauthorized tool usage
  • Establishing tamper-evident logs of AI agent activity

非目标

  • Acting as a general-purpose logging system
  • Storing sensitive data beyond cryptographic receipts
  • Replacing the Claude Code session log entirely

工作流

  1. User installs plugin and configures hooks.
  2. User creates a Cedar policy file.
  3. User starts the signing server or relies on environment variables.
  4. Claude Code agent makes a tool call.
  5. PreToolUse hook evaluates call against Cedar policy.
  6. If denied, tool call is blocked; if allowed, tool executes.
  7. PostToolUse hook signs a receipt with decision, input, and output.
  8. Receipt is saved locally and linked to the previous receipt.
  9. User can verify individual receipts or audit the chain offline.

实践

  • Policy Enforcement
  • Cryptographic Auditing
  • Access Control

先决条件

  • Node.js installed
  • Claude Code environment
  • Policy file (e.g., ./protect.cedar)
  • Signing key file (e.g., ./protect-mcp.key)

Invocation

  • info:Hook matcher tightnessThe `PreToolUse` and `PostToolUse` hooks use a broad `.*` matcher, which could be tightened if specific tool categories were to be excluded from policy evaluation or receipt signing.

安装

请先添加 Marketplace

/plugin marketplace add wshobson/agents
/plugin install protect-mcp@claude-code-workflows

包含 1 个扩展

Skill (1)

Protect Mcp Setup 技能

Configure Cedar policy enforcement and Ed25519 signed receipts for Claude Code tool calls. Use when setting up projects that need cryptographic audit trails, policy-gated tool execution, or compliance-ready evidence of agent actions.

质量评分

已验证
98 /100
3 days ago 分析

信任信号

最近提交5 days ago
GitHub 所有者 wshobson (opens in new tab)
星标35.3k
许可证MIT
网站sethhobson.com(opens in new tab)
状态
查看源代码

类似扩展

Review Agent Governance

99

Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI config. Cedar-gated, receipt-signed, designed for the Hermes-style failure mode where a review bot posts without oversight.

插件
wshobson

Dotforge

100

Node.js 20+ with Express/Fastify, TypeScript, and ESM module rules for Claude Code.

插件
luiseiman

Signed Audit Trails

95

Teaching skill: signed audit trails for Claude Code tool calls. Cookbook-style walkthrough of Cedar-gated tool calls with Ed25519 receipts, offline verification, and CI/CD integration. Pairs with the protect-mcp plugin.

插件
wshobson

HubSpot Admin Skills

99

Complete HubSpot CRM administration toolkit — audit, clean, enrich, segment, automate, and maintain your database

插件
TomGranot

Dotforge

98

Swift 5.9+ with SwiftUI, iOS 17+, @Observable, async/await, and SPM rules for Claude Code.

插件
luiseiman

Dotforge

98

Behavior governance for Claude Code — declarative runtime policies on tool calls (search-first, no-destructive-git, verify-before-done, …) compiled to PreToolUse hooks, plus configuration governance: 18 skills, 7 agents, 16 stacks, audit scoring, practices pipeline.

插件
luiseiman