{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"npm_npm-sigilcoremcp-proxy","slug":"npm-sigilcoremcp-proxy","name":"@sigilcore/mcp-proxy","type":"mcp","url":"https://www.npmjs.com/package/@sigilcore/mcp-proxy","page_url":"https://unfragile.ai/npm-sigilcoremcp-proxy","categories":["mcp-servers"],"tags":[],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"npm_npm-sigilcoremcp-proxy__cap_0","uri":"capability://tool.use.integration.mcp.tool.wrapping.with.sigil.intent.attestations","name":"mcp tool wrapping with sigil intent attestations","description":"Intercepts MCP (Model Context Protocol) tool invocations and wraps them in Sigil Intent Attestations, a cryptographic attestation layer that verifies the intent and authorization of tool calls before execution. This works by hooking into the MCP tool registry, capturing tool call metadata (name, arguments, context), generating attestation signatures, and validating them against a Sigil policy engine before delegating to the underlying tool implementation.","intents":["I want to ensure that only authorized LLM agents can invoke specific tools in my MCP server","I need cryptographic proof that a tool was called with the correct intent, not maliciously or out-of-context","I want to audit and track which agents called which tools and with what parameters","I need to prevent prompt injection attacks that trick an LLM into calling tools it shouldn't"],"best_for":["teams building multi-agent systems with shared MCP tool servers","enterprises requiring compliance and audit trails for LLM-driven tool access","developers protecting sensitive tools (database writes, API calls, file operations) from unauthorized LLM invocation"],"limitations":["Adds cryptographic overhead (~5-50ms per tool call depending on attestation complexity) that may impact latency-sensitive workflows","Requires pre-established trust relationship and key exchange with Sigil infrastructure — not suitable for ad-hoc tool sharing","Attestation validation is only as strong as the Sigil policy engine; misconfigured policies can create false sense of security","No built-in support for revocation or key rotation — requires manual policy updates to block compromised agents"],"requires":["Node.js 16+ (MCP server runtime)","Active Sigil Intent Attestation service or self-hosted Sigil validator","MCP server implementation (e.g., via @modelcontextprotocol/sdk)","Cryptographic key material for signing/verifying attestations"],"input_types":["MCP tool call objects (name, arguments, context metadata)","Sigil attestation tokens (JWT-like structures with cryptographic signatures)","Policy definitions (JSON or similar format specifying allowed tool/agent pairs)"],"output_types":["Validated tool execution results (pass-through if attestation succeeds)","Attestation validation errors (with detailed reason for rejection)","Audit logs (tool call, agent identity, timestamp, attestation status)"],"categories":["tool-use-integration","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-sigilcoremcp-proxy__cap_1","uri":"capability://tool.use.integration.mcp.proxy.middleware.with.attestation.interception","name":"mcp proxy middleware with attestation interception","description":"Acts as a transparent proxy layer between MCP clients (LLM agents, applications) and MCP tool servers, intercepting all tool calls at the protocol level and injecting attestation validation logic without requiring changes to the underlying tool implementations. The proxy parses incoming MCP messages, extracts tool call metadata, validates attestations against Sigil policies, and either forwards the call to the tool server or rejects it with detailed error information.","intents":["I want to add security to existing MCP tool servers without modifying their code","I need a centralized point to enforce tool access policies across multiple MCP servers","I want to transparently log and audit all tool invocations passing through my infrastructure","I need to rate-limit or throttle tool calls based on agent identity or tool type"],"best_for":["platform teams operating shared MCP infrastructure for multiple internal agents","security-conscious organizations retrofitting authorization to existing MCP deployments","developers building multi-tenant LLM applications where tool access must be isolated per tenant"],"limitations":["Proxy adds network hop and processing latency (~10-100ms per tool call) compared to direct tool access","Requires careful configuration of attestation policies to avoid false rejections that break legitimate workflows","Stateless proxy design means no built-in session management or connection pooling — high-concurrency scenarios may require load balancing","Attestation validation failures are opaque to the underlying tool server, making debugging harder if policies are misconfigured"],"requires":["Node.js 16+ runtime for the proxy process","MCP client SDK (e.g., @modelcontextprotocol/sdk) to communicate with tool servers","Sigil Intent Attestation infrastructure or validator service","Network connectivity between proxy and both MCP clients and tool servers"],"input_types":["MCP protocol messages (JSON-RPC format with tool call requests)","Sigil attestation tokens embedded in MCP message headers or metadata","Policy configuration (YAML, JSON, or environment variables)"],"output_types":["MCP protocol responses (tool results or error messages)","Attestation validation logs (structured JSON with call metadata, validation result, timestamp)","Rejection responses with reason codes (e.g., 'ATTESTATION_INVALID', 'POLICY_DENIED')"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-sigilcoremcp-proxy__cap_2","uri":"capability://safety.moderation.sigil.intent.attestation.validation.and.enforcement","name":"sigil intent attestation validation and enforcement","description":"Validates cryptographic Sigil Intent Attestations embedded in or accompanying MCP tool calls, verifying that the attestation signature is valid, the agent identity matches the policy, and the tool/argument combination is authorized. This involves signature verification using public keys, policy lookup and evaluation, timestamp validation to prevent replay attacks, and detailed error reporting if validation fails.","intents":["I want to verify that a tool call came from an authorized agent and wasn't forged or modified in transit","I need to enforce fine-grained policies like 'only Agent A can call database_write with table=users'","I want to detect and reject replay attacks where an old, valid attestation is reused","I need detailed audit information about why a tool call was rejected"],"best_for":["high-security environments where tool access must be cryptographically verified","regulated industries (finance, healthcare) requiring non-repudiation and audit trails","multi-agent systems where agent identity and intent must be cryptographically bound to tool calls"],"limitations":["Attestation validation requires access to Sigil public keys and policy definitions, adding external dependency","Clock skew between client and validator can cause timestamp validation failures; requires NTP synchronization","Revocation of compromised agent keys requires policy updates; no real-time revocation mechanism without external service","Attestation tokens add overhead to each request (typically 500-2000 bytes of additional data)"],"requires":["Sigil Intent Attestation service or self-hosted validator with public key infrastructure","Cryptographic libraries for signature verification (e.g., Node.js crypto module with RSA/ECDSA support)","Policy engine or configuration system to define and lookup attestation policies","Clock synchronization (NTP) between client and validator for timestamp validation"],"input_types":["Sigil attestation tokens (cryptographically signed JWT-like structures)","MCP tool call metadata (tool name, arguments, context)","Policy definitions (mapping agent IDs and tool names to allowed operations)"],"output_types":["Validation result (boolean: valid/invalid)","Detailed validation error (e.g., 'SIGNATURE_INVALID', 'POLICY_DENIED', 'TIMESTAMP_EXPIRED')","Audit log entry with validation details (agent ID, tool name, timestamp, policy matched)"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-sigilcoremcp-proxy__cap_3","uri":"capability://safety.moderation.agent.identity.and.intent.binding.in.tool.calls","name":"agent identity and intent binding in tool calls","description":"Captures and binds agent identity (who is calling the tool) and intent (what the agent intends to accomplish) into Sigil attestations that accompany each MCP tool call. This works by extracting agent metadata from the MCP context, generating a cryptographic commitment to the tool call parameters and intent, signing it with the agent's key, and embedding the attestation in the MCP message so the tool server can verify it.","intents":["I want to know which agent called a tool and prove it cryptographically","I need to bind the agent's stated intent to the tool call so I can audit what the agent was trying to do","I want to prevent an agent from claiming it didn't make a tool call (non-repudiation)","I need to enforce policies based on agent identity and intent, not just tool name"],"best_for":["multi-agent systems where agent accountability and non-repudiation are critical","compliance-heavy environments requiring detailed audit trails of agent actions","systems where tool access policies depend on agent identity and stated intent"],"limitations":["Requires agent key material to be available at call time; key management complexity increases with number of agents","Intent binding is only as accurate as the agent's self-reported intent; malicious agents can misrepresent intent","Attestation generation adds latency (~5-20ms per call) due to cryptographic signing","No built-in mechanism to verify that agent intent matches actual tool behavior — requires external monitoring"],"requires":["Agent identity system (e.g., agent registry with unique IDs and associated public keys)","Cryptographic key material for each agent (private key for signing attestations)","MCP context that includes agent metadata (ID, name, intent description)","Sigil attestation library or SDK for generating and signing attestations"],"input_types":["Agent metadata (ID, name, public key)","Tool call parameters (tool name, arguments)","Intent description (natural language or structured format describing what the agent is trying to do)"],"output_types":["Sigil attestation token (cryptographically signed structure binding agent, intent, and tool call)","Attestation metadata (agent ID, timestamp, intent hash, signature)"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-sigilcoremcp-proxy__cap_4","uri":"capability://safety.moderation.policy.based.tool.access.control.with.attestation.validation","name":"policy-based tool access control with attestation validation","description":"Evaluates Sigil attestations against a policy engine that defines which agents can call which tools with which parameters. The policy engine looks up policies by agent ID and tool name, checks if the attestation matches the policy requirements (e.g., specific argument values, time-based restrictions), and either allows or denies the tool call. Policies are typically defined in a declarative format (JSON, YAML) and can include conditions like 'only Agent A can call database_write', 'Agent B can only call read_only tools', or 'this tool can only be called between 9am-5pm'.","intents":["I want to define fine-grained policies for which agents can call which tools","I need to enforce parameter-level restrictions (e.g., 'Agent A can only write to table X')","I want to enforce time-based or context-based restrictions on tool access","I need to update policies without redeploying agents or tool servers"],"best_for":["organizations with complex tool access requirements and multiple agents","teams that need to update tool access policies frequently without code changes","systems where tool access must be restricted based on agent identity, parameters, or context"],"limitations":["Policy evaluation adds latency (~5-50ms per tool call) depending on policy complexity","Policies must be manually maintained and kept in sync with actual tool capabilities; no automatic validation","No built-in support for dynamic policies that change based on runtime conditions (e.g., agent reputation scores)","Policy conflicts or ambiguities can cause unexpected denials; requires careful policy design and testing"],"requires":["Policy definition system (JSON, YAML, or custom DSL)","Policy storage and retrieval (file system, database, or configuration service)","Policy evaluation engine (custom logic or rules engine like OPA, Rego)","Sigil attestation validation to extract agent ID and tool metadata for policy lookup"],"input_types":["Sigil attestation (containing agent ID, tool name, arguments)","Policy definitions (declarative rules mapping agents to allowed tools and parameters)","Tool call metadata (tool name, arguments, context)"],"output_types":["Policy evaluation result (allow/deny)","Detailed denial reason (e.g., 'AGENT_NOT_AUTHORIZED', 'PARAMETER_RESTRICTED', 'TIME_RESTRICTED')","Audit log entry with policy matched and evaluation details"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-sigilcoremcp-proxy__cap_5","uri":"capability://automation.workflow.audit.logging.and.compliance.tracking.for.tool.invocations","name":"audit logging and compliance tracking for tool invocations","description":"Automatically logs all tool invocations that pass through the MCP proxy, capturing agent identity, tool name, arguments, attestation status, policy evaluation result, timestamp, and execution result. Logs are structured (JSON format) and include enough detail for compliance audits, forensic analysis, and debugging. The logging system can be configured to write to files, databases, or external logging services.","intents":["I need to audit which agents called which tools and when, for compliance purposes","I want to investigate security incidents by reviewing tool call history","I need to track tool usage patterns to understand agent behavior","I want to generate compliance reports showing that tool access was properly authorized"],"best_for":["regulated industries (finance, healthcare, government) requiring detailed audit trails","security teams investigating incidents or suspicious agent behavior","compliance officers generating audit reports for external auditors"],"limitations":["Logging adds I/O overhead (~10-100ms per tool call depending on logging backend) that can impact throughput","Logs can grow very large in high-volume systems, requiring log rotation and archival strategies","Sensitive data in tool arguments may be logged, requiring careful log access control and data retention policies","Logs are only as trustworthy as the logging system; compromised logging infrastructure can be used to cover up unauthorized access"],"requires":["Logging library (e.g., Winston, Bunyan, or custom JSON logger)","Log storage backend (file system, database, or external service like ELK, Datadog, Splunk)","Log retention and rotation policies","Access control for logs to prevent unauthorized viewing or deletion"],"input_types":["Tool invocation metadata (agent ID, tool name, arguments, timestamp)","Attestation validation result (valid/invalid, reason)","Policy evaluation result (allow/deny, policy matched)","Tool execution result (success/failure, return value)"],"output_types":["Structured audit log entries (JSON format with all relevant metadata)","Compliance reports (summaries of tool access by agent, tool, or time period)","Forensic analysis data (detailed logs for specific agents or tools)"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":26,"verified":false,"data_access_risk":"high","permissions":["Node.js 16+ (MCP server runtime)","Active Sigil Intent Attestation service or self-hosted Sigil validator","MCP server implementation (e.g., via @modelcontextprotocol/sdk)","Cryptographic key material for signing/verifying attestations","Node.js 16+ runtime for the proxy process","MCP client SDK (e.g., @modelcontextprotocol/sdk) to communicate with tool servers","Sigil Intent Attestation infrastructure or validator service","Network connectivity between proxy and both MCP clients and tool servers","Sigil Intent Attestation service or self-hosted validator with public key infrastructure","Cryptographic libraries for signature verification (e.g., Node.js crypto module with RSA/ECDSA support)"],"failure_modes":["Adds cryptographic overhead (~5-50ms per tool call depending on attestation complexity) that may impact latency-sensitive workflows","Requires pre-established trust relationship and key exchange with Sigil infrastructure — not suitable for ad-hoc tool sharing","Attestation validation is only as strong as the Sigil policy engine; misconfigured policies can create false sense of security","No built-in support for revocation or key rotation — requires manual policy updates to block compromised agents","Proxy adds network hop and processing latency (~10-100ms per tool call) compared to direct tool access","Requires careful configuration of attestation policies to avoid false rejections that break legitimate workflows","Stateless proxy design means no built-in session management or connection pooling — high-concurrency scenarios may require load balancing","Attestation validation failures are opaque to the underlying tool server, making debugging harder if policies are misconfigured","Attestation validation requires access to Sigil public keys and policy definitions, adding external dependency","Clock skew between client and validator can cause timestamp validation failures; requires NTP synchronization","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.22,"ecosystem":0.3,"match_graph":0.25,"freshness":0.75,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:24.482Z","last_scraped_at":"2026-05-03T14:24:06.444Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=npm-sigilcoremcp-proxy","compare_url":"https://unfragile.ai/compare?artifact=npm-sigilcoremcp-proxy"}},"signature":"N1TO1uT1jBvkGvGZcEOGxLP//IgUp8aef4W+n6NXc6nfp1vjcrEJijAPKiSawkLRY7eo8oA32qYpjQhY5uL1BA==","signedAt":"2026-06-20T12:52:27.566Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/npm-sigilcoremcp-proxy","artifact":"https://unfragile.ai/npm-sigilcoremcp-proxy","verify":"https://unfragile.ai/api/v1/verify?slug=npm-sigilcoremcp-proxy","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}