Skip to content
@ScopeBlind

ScopeBlind

Trust infrastructure for machine decisions. Signed receipts, policy enforcement, and portable agent identity.
README.md

ScopeBlind

Trust infrastructure for machine decisions.

Signed receipts for every AI agent decision. Shadow, simulate, enforce, sign, verify. Your agents execute tool calls, access credentials, and modify production — ScopeBlind turns every decision into portable, signed evidence verifiable by anyone, offline.

Products

Package What it does Install
protect-mcp Security gateway for MCP servers. Cedar policy engine, per-tool enforcement, signed receipts. npx protect-mcp -- node server.js
@scopeblind/passport Agent credential wrapping — runtime packs, OpenClaw config, policy templates npm i @scopeblind/passport
@scopeblind/core Core primitives for the ScopeBlind receipt protocol npm i @scopeblind/core

How it works

MCP Client ← protect-mcp → MCP Server
                  │
          ┌───────┴───────┐
          │  Cedar WASM   │ ← per-tool policies (.cedar or .json)
          │  policy eval  │
          └───────┬───────┘
                  │
          ┌───────┴───────┐
          │  Ed25519 sign  │ ← every decision gets a signed receipt
          │  receipt emit  │
          └───────┬───────┘
                  │
          ┌───────┴───────┐
          │   Verify       │ ← npx @veritasacta/verify receipt.json
          │   (offline)    │    anyone, anywhere, no API call
          └────────────────┘

Key differentiators

  • Issuer-blind verification — verify a receipt is valid without learning who issued it (patent pending)
  • Cedar policy engine — AWS-backed formal policy language with WASM evaluation
  • IETF standards trackdraft-farley-acta-signed-receipts-01
  • 4 patents pending — VOPRF metering, verifier nullifiers, offline enforcement, configurable disclosure
  • Progressive enforcement — shadow (log only) → simulate → enforce → sign

The stack

ScopeBlind (MIT) ─── commercial managed service, dashboards, enforcement
    │
    ├── protect-mcp (MIT) ─── free gateway, Cedar engine, CLI
    ├── @scopeblind/passport (Apache-2.0) ─── agent credentials
    ├── @scopeblind/core (Apache-2.0) ─── receipt primitives
    │
Veritas Acta (Apache-2.0) ─── open protocol layer
    ├── @veritasacta/verify ─── issuer-blind VOPRF verification
    ├── @veritasacta/artifacts ─── signed artifact envelopes
    └── @veritasacta/protocol ─── receipt format primitives

Apache-2.0 packages include explicit patent grant (Section 3). MIT packages are distribution-tier — use freely without restriction.

Links

Popular repositories Loading

  1. verify-mcp verify-mcp Public

    MCP server for offline verification of signed artifacts. Verify receipts, manifests, and bundles from any MCP client. No accounts, no API calls.

    JavaScript 2 3

  2. scopeblind-gateway scopeblind-gateway Public

    Forked from tomjwxf/scopeblind-gateway

    Enterprise security gateway for MCP servers and Claude Code. Cedar policy enforcement, Ed25519-signed receipts, swarm tracking. IETF Internet-Draft. npx protect-mcp

    TypeScript 1

  3. .github .github Public

    ScopeBlind organization profile

Repositories

Showing 3 of 3 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…