Real tool call → trusted evidence
When an MCP proxy sees client↔server frames, turn raw JSON-RPC into a redacted receipt proving capability agreement, call status, replay evidence, and privacy defaults.
Most AI-agent tools now promise memory, context, skills, MCP gateways, or multi-session orchestration. Pluribus is narrower: it gives reviewers small, privacy-safe receipts for the moment context crosses into authority.
No raw prompts, source files, transcripts, customer data, tool outputs, secrets, or full schemas are required for these demos.
When an MCP proxy sees client↔server frames, turn raw JSON-RPC into a redacted receipt proving capability agreement, call status, replay evidence, and privacy defaults.
When a sandbox captures npm/PyPI/MCP behavior, turn raw traces into a model-safe receipt proving target hash, sandbox policy, artifact hashes, behavior counts, and verdict.
When live memory, RAG, or a knowledge graph answers a repo question, prove snapshot freshness, cited refs, omitted private data, authority level, and stale-if rules before edits.
When a skill, registry, leaderboard, review, approval, or handoff makes a reusable claim, emit evidence refs, omissions, limits, verdict, and stale-if rules without private logs.
skill-graveyard now exports a privacy-safe skill-use receipt that omits local paths, prompts, and tool output. It proves invocation without pretending to know whether the skill changed downstream work.
When Claude Code, Codex, Cursor, or another agent writes a commit, keep Git as the byte ledger and add a privacy-safe sidecar for intent, loaded authority, checks, omissions, trailers, and stale-if rules.
When a config doctor merges AGENTS.md, CLAUDE.md, Cursor rules, Copilot instructions, Skills, hooks, or settings, prove each target actually loaded the treated config and record the drift gate.
When Tool Search or a local gateway hides hundreds of MCP tools, prove which server/profile and upstream definition hash surfaced behind the alias.
When CLAUDE.md or AGENTS.md has aged for months, require live evidence, revisit dates, and demotion rules before the agent obeys it.
When Unicode, bidi marks, homoglyphs, generated Skills, or inline expansions can change what the agent reads, require byte ranges and a review gate.
When CLAUDE.md, output styles, Skills, hooks, subagents, plugins, and MCP can all affect one run, source-label the active layers before trusting a write.
Before /clear, compaction, handoff, or another write, prove which files/commands support the current plan and what state was lost or kept.
For Claude Code/Codex/OpenClaw sessions running in parallel, review path claims, last evidence, blockers, and unsafe-to-resume state instead of trusting a chat summary.
When memory servers or knowledge graphs return facts, separate used, suppressed, stale, and rejected facts before they become durable project authority.
Run one public demo without cloning the repository. It validates a redacted memory answer receipt for snapshot freshness, cited refs, private omissions, authority level, and stale-if rules.
npm exec --yes --package github:caioribeiroclw-pixel/pluribus -- pluribus demo memory-answer-receipt --json
npm exec --yes --package github:caioribeiroclw-pixel/pluribus -- sh -c 'pkg=$(dirname "$(readlink -f "$(command -v pluribus)")")/..; node "$pkg/examples/evidence-attestation/check-evidence-attestation.mjs" "$pkg/examples/evidence-attestation/evidence-attestation.json"'
For directory maintainers and newsletter reviewers, the Community Review Packet has copyable listing text and disposable smoke tests.