Pluribus reviewer shortcut

Context receipts, grouped by the boundary they prove.

Most AI-agent tools now promise memory, context, skills, MCP gateways, or multi-session orchestration. Pluribus is narrower: it gives reviewers small, privacy-safe receipts for the moment context crosses into authority.

No raw prompts, source files, transcripts, customer data, tool outputs, secrets, or full schemas are required for these demos.

MCP traffic

Real tool call → trusted evidence

When an MCP proxy sees client↔server frames, turn raw JSON-RPC into a redacted receipt proving capability agreement, call status, replay evidence, and privacy defaults.

Try the MCP traffic receipt →

Package sandbox

Untrusted package → reviewable behavior

When a sandbox captures npm/PyPI/MCP behavior, turn raw traces into a model-safe receipt proving target hash, sandbox policy, artifact hashes, behavior counts, and verdict.

Try the package behavior receipt →

Memory answers

Repo memory → allowed authority

When live memory, RAG, or a knowledge graph answers a repo question, prove snapshot freshness, cited refs, omitted private data, authority level, and stale-if rules before edits.

Try the memory answer receipt →

Agent Skills

Claim → evidence attestation

When a skill, registry, leaderboard, review, approval, or handoff makes a reusable claim, emit evidence refs, omissions, limits, verdict, and stale-if rules without private logs.

Try the evidence-attestation Skill →

Merged upstream

Skill invocation → honest portable receipt

skill-graveyard now exports a privacy-safe skill-use receipt that omits local paths, prompts, and tool output. It proves invocation without pretending to know whether the skill changed downstream work.

Inspect the reviewed implementation →

Git for agents

Commit diff → agent change manifest

When Claude Code, Codex, Cursor, or another agent writes a commit, keep Git as the byte ledger and add a privacy-safe sidecar for intent, loaded authority, checks, omissions, trailers, and stale-if rules.

Try the agent change manifest →

Config doctors

Canonical rules → loaded target authority

When a config doctor merges AGENTS.md, CLAUDE.md, Cursor rules, Copilot instructions, Skills, hooks, or settings, prove each target actually loaded the treated config and record the drift gate.

Try the config treatment receipt →

MCP gateways

Hidden inventory → model-visible tool

When Tool Search or a local gateway hides hundreds of MCP tools, prove which server/profile and upstream definition hash surfaced behind the alias.

Try the MCP tool identity map →

Rule files

Durable instruction → current authority

When CLAUDE.md or AGENTS.md has aged for months, require live evidence, revisit dates, and demotion rules before the agent obeys it.

Try the stale-rule authority sweep →

Instruction security

Human-visible text → agent-read stream

When Unicode, bidi marks, homoglyphs, generated Skills, or inline expansions can change what the agent reads, require byte ranges and a review gate.

Try the load-boundary receipt →

Claude Code layers

Extension surface → active authority map

When CLAUDE.md, output styles, Skills, hooks, subagents, plugins, and MCP can all affect one run, source-label the active layers before trusting a write.

Try the extension source map →

Long sessions

Session state → safe next action

Before /clear, compaction, handoff, or another write, prove which files/commands support the current plan and what state was lost or kept.

Read compaction resume receipts →

Parallel agents

Multiple sessions → operational ownership

For Claude Code/Codex/OpenClaw sessions running in parallel, review path claims, last evidence, blockers, and unsafe-to-resume state instead of trusting a chat summary.

Read the parallel session ledger →

Memory / RAG

Retrieved memory → allowed authority

When memory servers or knowledge graphs return facts, separate used, suppressed, stale, and rejected facts before they become durable project authority.

Read memory provenance receipts →

One-minute local check

Run one public demo without cloning the repository. It validates a redacted memory answer receipt for snapshot freshness, cited refs, private omissions, authority level, and stale-if rules.

npm exec --yes --package github:caioribeiroclw-pixel/pluribus -- pluribus demo memory-answer-receipt --json
npm exec --yes --package github:caioribeiroclw-pixel/pluribus -- sh -c 'pkg=$(dirname "$(readlink -f "$(command -v pluribus)")")/..; node "$pkg/examples/evidence-attestation/check-evidence-attestation.mjs" "$pkg/examples/evidence-attestation/evidence-attestation.json"'

For directory maintainers and newsletter reviewers, the Community Review Packet has copyable listing text and disposable smoke tests.