An enterprise security layer that sits between Claude and MCP servers, enforcing Cedar policies and signing every tool call with Ed25519 receipts. It works two ways: as an HTTP hook server for Claude Code (handling 11 lifecycle events including PreToolUse, PostToolUse, and swarm tracking), or as a transparent stdio proxy wrapping any MCP server. Ships with CVE-anchored policy packs covering real incidents like the MCP OAuth hijack and autonomous Terraform destroys. Every decision gets logged to JSONL with swarm topology, OpenTelemetry trace IDs, and timing data. When Cedar denies a call, it auto-generates the minimal permit rule you'd need to allow it. Integrated into Microsoft's Agent Governance Toolkit and currently an IETF draft.
claude mcp add --transport stdio com.scopeblind-protect-mcp uvx protect-mcp