Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions mcp-server/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,40 @@ Eight signed decisions (route_verdict is featured above). Each is a single tool
- **failover_verdict**: when a provider is degraded, the single best operational provider to fail over to, with ranked alternatives.
- **ssvc_verdict**: the CISA SSVC Act, Attend, Track, or Track* decision for one CVE, with a live KEV cross-check.

## Optional: Receipt Required on `create_watch`

`create_watch` is the one tool here that mutates the world and spends a credit:
it registers a 90-day webhook watch that POSTs to a caller-supplied
`callback_url`. The server ships an **opt-in** authorization-receipt gate in
front of it, built on [`@emilia-protocol/require-receipt`](https://www.npmjs.com/package/@emilia-protocol/require-receipt)
(Apache-2.0, fully offline, no API key or account).

It is **off by default** and fully backward-compatible: with no extra config,
`create_watch` behaves exactly as before. To turn it on, set:

```
TENSORFEED_RECEIPT_REQUIRED=1
# pin the issuer key(s) you trust (required for enforcement)
TENSORFEED_RECEIPT_TRUSTED_KEYS=<comma-separated issuer SPKI keys>
# non-production demos only: accept self-signed (inline-key) receipts
# TENSORFEED_RECEIPT_ALLOW_INLINE_KEY=1
```

**Secure by default:** with enforcement on and no trusted key pinned, the gate
**fails closed** — `create_watch` is refused (`receipt_enforcement_misconfigured`)
and never spends the credit, rather than accepting a self-signed receipt. Set
`TENSORFEED_RECEIPT_ALLOW_INLINE_KEY=1` only for non-production demos.

When enabled, `create_watch` refuses to register the watch (and never spends the
credit) unless the call carries an `authorization_receipt` bound to that exact
`type` + `callback_url`: portable proof that a named human authorized this exact
action. A missing/forged/expired/replayed receipt is refused; a valid receipt is
consumed one-time only after the registration succeeds (one-time consumption is
process-local by default — back it with a durable store for multi-instance). This
is *necessary, not sufficient* accountability evidence, not auth or permissions. Spec:
[`draft-schrock-ep-authorization-receipts`](https://www.emiliaprotocol.ai/fire-drill/rr-1)
(IETF Internet-Draft, not an RFC).

## Publish a new version

From the main tensorfeed repo:
Expand Down
Loading