← Index

io.github.shahidh68/audit-ledger-mcp

io.github.shahidh68/audit-ledger-mcp·v0.3.1·Other

Record AI decisions to a tamper-evident audit ledger from any MCP-compatible agent.

In-path gate · all MCP tools

Using io.github.shahidh68/audit-ledger-mcp in Claude, Cursor, Gemini CLI, Cline, or Zed?

MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts-before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).

Install the mcpindex gate (one command)

Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less

curl -fsSL https://mcpindex.ai/install.sh | sh
Trust verdict · v1 advisory · method
NOT YET SCREENEDno verdict on file

Verdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.

Own this server? Screen its description →

Environment variables
AUDIT_API_URL

Your deployed audit-ledger API endpoint (e.g. https://<api-id>.execute-api.<region>.amazonaws.com/prod). Leave unset to run in sandbox mode against the public shared tenant.

AUDIT_WRITE_KEY
secret

Tenant write key for your deployed ledger. Required if AUDIT_API_URL is set and you want to call record_decision.

AUDIT_READ_KEY
secret

Tenant read key for your deployed ledger. Required if AUDIT_API_URL is set and you want to call verify_decision or list_decisions.

AUDIT_TIMEOUT_MS

HTTP timeout in milliseconds. Defaults to 5000.

AUDIT_RETRY_ATTEMPTS

Number of retry attempts on transient failures. Defaults to 3.

AUDIT_HMAC_KEY
secret

Tenant secret used to HMAC-SHA256 PII and prompts locally before sending. Generate once per tenant (e.g. node -e "console.log(require('crypto').randomBytes(32).toString('hex'))") and keep it in your environment. The key never leaves your process. If unset, the MCP falls back to plain SHA-256 for backwards compatibility and logs a one-time deprecation warning; set this to switch to keyed hashing, which regulators (ICO/EDPB) expect for pseudonymisation.

MCP quality score · maturity, not trust · methodology
freshness
24
completeness
10
installability
25
documentation
15
stability
5
Alternatives in Other