agentmesh_mcp_receipts

v3.7.0 safe
4.0
Medium Risk

MCP tool-call receipt signing — Cedar policy decisions linked to governance receipts

🤖 AI Analysis

Final verdict: SAFE

The package appears to be safe with low risks across multiple dimensions. The primary concern is the metadata risk due to the maintainer's limited presence on PyPI.

  • Low network and shell risk
  • No signs of obfuscation or credential theft
  • Metadata risk due to single package from author
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communication.
  • Shell: No shell execution patterns detected, indicating the package does not execute system commands.
  • Obfuscation: No obfuscation patterns detected, suggesting normal code readability and no hidden code execution risks.
  • Credentials: No secret harvesting patterns detected, indicating the package does not appear to be designed for stealing credentials.
  • Metadata: The author has only one package on PyPI, which might indicate a new or less active maintainer.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

  • Test runner config found: pyproject.toml
  • 2 test file(s) detected (e.g. test_adapter.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/microsoft/agent-governance-toolkit/blob/m
  • Detailed PyPI description (2542 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 16 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkit
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Microsoft Corporation" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentmesh_mcp_receipts 
Develop a mini-application that leverages the 'agentmesh_mcp_receipts' package to manage and sign receipts for tool calls made within a microservices architecture. This application will serve as a governance tool to ensure compliance with defined policies across different services. Here’s a detailed breakdown of what the application should achieve:

1. **Tool Call Management**: Implement functionality to record details of tool calls including timestamp, service name, operation performed, and any relevant parameters.
2. **Receipt Signing**: Utilize the 'agentmesh_mcp_receipts' package to generate and sign receipts based on the recorded tool call information. Each receipt should be linked to a specific Cedar policy decision that dictates whether the tool call is allowed or denied.
3. **Policy Enforcement**: Integrate a mechanism to check against predefined Cedar policies before allowing a tool call to proceed. If the policy allows the action, a receipt is generated and signed; otherwise, the tool call is blocked.
4. **Audit Logs**: Maintain a log of all tool calls along with their corresponding receipts for auditing purposes. This log should be searchable by various criteria such as date range, service name, or policy ID.
5. **User Interface**: Develop a simple web interface where administrators can view the audit logs, manage policies, and monitor ongoing tool calls in real-time.
6. **Security Enhancements**: Ensure that all communication between components of your application is secure, and that sensitive data such as policy details and signatures are properly handled.

Suggested Features:
- Real-time notifications when a tool call violates a policy.
- Automated email alerts for critical policy violations.
- Support for multiple tenants, each with its own set of policies and logs.
- Integration with existing authentication systems to restrict access to the administrative interface.

The 'agentmesh_mcp_receipts' package will be crucial for handling the receipt generation and signing processes, ensuring that each tool call is tracked and governed according to the specified policies. Your task is to design and implement this mini-application, focusing on usability, security, and efficiency.