Cryptographic Proof Generation For Tool Invocations

via “ed25519-signed receipt generation for tool invocations”

Security gateway for MCP servers. Shadow-mode logs, per-tool policies, optional Ed25519-signed receipts. npx protect-mcp -- node server.js

Unique: Uses Ed25519 digital signatures for receipt generation rather than HMAC or other symmetric approaches, providing asymmetric verification where the public key can be distributed without compromising the signing capability. Receipts are cryptographically bound to specific tool invocations at the MCP protocol layer.

vs others: Stronger than HMAC-based receipts because verification doesn't require access to the signing key, enabling third-party verification. More efficient than RSA signatures while providing equivalent security guarantees for audit purposes

Drop-in Treeship attestation for MCP tool calls

Unique: Generates cryptographic proofs specifically bound to MCP tool invocation context (tool name, args, caller, timestamp) rather than generic function call signatures — enables verification of tool calls as discrete events rather than just code execution

vs others: More robust than simple logging because proofs are tamper-evident; more lightweight than full blockchain solutions because it uses standard cryptography rather than distributed consensus