signed-audit-trails-recipe
Cookbook for cryptographically signed, offline-verifiable audit trails on Claude Code tool calls.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for signed-audit-trails-recipe, derived from its capabilities.
AIVSS 2.5 ยท Low
View MAESTRO 7-layer threat model โOverview
An Agent Skill that teaches and demonstrates signing every Claude Code tool call: Cedar policy evaluation before execution and JCS-canonical, hash-chained Ed25519 receipts after. It covers offline verification, tamper detection, CI/CD integration, and SLSA composition. This is the teaching companion to the protect-mcp runtime plugin.
Key features
- Cedar policy + Ed25519 receipt walkthrough
- Tamper detection and offline verification
- CI/CD and SLSA composition
Use cases
- Evaluating signed-audit patterns
- Demonstrating tamper-evident tool logging