protect-mcp
Cedar policy enforcement plus Ed25519 signed receipts for every Claude Code tool call.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for protect-mcp, derived from its capabilities.
AIVSS 4.9 ยท Medium
View MAESTRO 7-layer threat model โOverview
A Claude Code plugin that gates every tool call through Cedar authorization policies and emits Ed25519-signed receipts for each decision before it runs. It intercepts and policy-checks all tool invocations, making it a cryptographic governance layer directly on the agent's action path โ one of the most security-central plugins in the marketplace.
Key features
- Cedar policy-gated tool calls
- Ed25519 signed receipts
- Pre-execution decision enforcement
Use cases
- Policy-gate agent tool use
- Produce a cryptographic audit trail