HackerTrans
トップ新着トレンドコメント過去質問紹介求人

tomjwxf

1 カルマ登録 4 か月前
@TJWXF3 on X / @tomjwxf GitHub Global macro PM, design, culture, and technology… built building ScopeBlind / Veritas Acta - MIT projects: protect-mcp, veritasacta/verify, scopeblind/passport, scopeblind/red-team

投稿

[untitled]

1 ポイント·投稿者 tomjwxf·5 日前·0 コメント

Token spend is not token capital

twitter.com
3 ポイント·投稿者 tomjwxf·26 日前·0 コメント

Token Capital Needs Receipts

twitter.com
2 ポイント·投稿者 tomjwxf·27 日前·0 コメント

[untitled]

1 ポイント·投稿者 tomjwxf·4 か月前·0 コメント

Signed receipts for MCP tool calls – prove what your agent did

npmjs.com
2 ポイント·投稿者 tomjwxf·4 か月前·0 コメント

コメント

tomjwxf
·3 か月前·議論
[dead]
tomjwxf
·3 か月前·議論
Re classifier routing: text-shape signals (token count, syntactic markers) underspecify the boundary, especially for agent-generated queries. The signal that worked better in our policy-gated tool-call setting was the surrounding intent context the agent was operating under, not the query string itself. An agent in a "fact-check" context emits long, well-formed sentences that actually want exact-match retrieval; an agent in an "open research" context emits surprisingly short queries that need narrative retrieval. If the runtime can read the tool or skill context at query time, routing on that is less ambiguous than text shape. Doesn't help if the wiki is a black-box MCP server with no caller-side context, but it's worth offering an optional context hint in the lookup payload.
tomjwxf
·3 か月前·議論
[dead]
tomjwxf
·4 か月前·議論
my core thesis is that AGI is here, it just needs accountability and efficient frameworks to navigate our arbitrary world
tomjwxf
·4 か月前·議論
The gateway approach (OAuth + RBAC) solves the perimeter problem — who can connect. protect-mcp solves a different layer — what can they do once connected, and how do you prove it.

It wraps any MCP server as a stdio proxy. Per-tool policies (block, rate-limit, require human approval). Every decision gets an Ed25519-signed receipt that's verifiable offline — no callbacks, no accounts.

The two layers stack: your gateway authenticates the caller, protect-mcp constrains which tools they can call and signs the evidence.

npx protect-mcp -- node your-server.js

MIT licensed. The receipts protocol has an IETF Internet-Draft: https://datatracker.ietf.org/doc/draft-farley-acta-signed-re...

npm: https://npmjs.com/package/protect-mcp
tomjwxf
·4 か月前·議論
[dead]
tomjwxf
·4 か月前·議論
The staged autonomy pattern ("trust is earnable") maps directly to what we built with protect-mcp — shadow mode first (log everything, block nothing), then enforce when you've seen enough data to trust the policies.

For the prompt injection concern: protect-mcp wraps MCP tool calls with per-tool policies. Even if the agent gets injected, it can't call tools outside the policy. Every decision is optionally Ed25519-signed and verifiable offline.

npmjs.com/package/protect-mcp
tomjwxf
·4 か月前·議論
This is exactly right. We implemented delegation receipts — Agent A grants scoped authority to Agent B, producing a signed receipt. B's subsequent actions reference A's delegation receipt. An auditor can trace the full chain from human principal to agent action.

The fiduciary analogy is spot on. Every receipt in the chain is independently verifiable: npx @veritasacta/verify --self-test
tomjwxf
·4 か月前·議論
[dead]
tomjwxf
·4 か月前·議論
[dead]
tomjwxf
·4 か月前·議論
[dead]
tomjwxf
·4 か月前·議論
[dead]