io.github.shahidh68/audit-ledger-mcp
Record AI decisions to a tamper-evident audit ledger from any MCP-compatible agent.
Using io.github.shahidh68/audit-ledger-mcp in Claude, Cursor, Gemini CLI, Cline, or Zed?
MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts-before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).
Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less
curl -fsSL https://mcpindex.ai/install.sh | shVerdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.
Own this server? Screen its description →
AUDIT_API_URLYour deployed audit-ledger API endpoint (e.g. https://<api-id>.execute-api.<region>.amazonaws.com/prod). Leave unset to run in sandbox mode against the public shared tenant.
AUDIT_WRITE_KEYTenant write key for your deployed ledger. Required if AUDIT_API_URL is set and you want to call record_decision.
AUDIT_READ_KEYTenant read key for your deployed ledger. Required if AUDIT_API_URL is set and you want to call verify_decision or list_decisions.
AUDIT_TIMEOUT_MSHTTP timeout in milliseconds. Defaults to 5000.
AUDIT_RETRY_ATTEMPTSNumber of retry attempts on transient failures. Defaults to 3.
AUDIT_HMAC_KEYTenant secret used to HMAC-SHA256 PII and prompts locally before sending. Generate once per tenant (e.g. node -e "console.log(require('crypto').randomBytes(32).toString('hex'))") and keep it in your environment. The key never leaves your process. If unset, the MCP falls back to plain SHA-256 for backwards compatibility and logs a one-time deprecation warning; set this to switch to keyed hashing, which regulators (ICO/EDPB) expect for pseudonymisation.
Resolve .hood names on Robinhood Chain — forward/reverse, text records, availability & pricing.
AI-powered trading strategy development: backtesting, market data, and portfolio analysis
Feature flagging and A/B testing platform with AI-first experimentation workflows.