feat: add protect-mcp to recommended MCP servers

[tomjwxf]

What

Adds protect-mcp to the MCP config example:

1. add_when_needed recommendation — respects the "start with 3" philosophy
2. Commented-out server entry (prefixed with _) — users can uncomment when needed

Why

Pro Workflow already has best-in-class hook coverage (24 events), but the hooks produce unsigned logs. protect-mcp complements this by adding:

• Ed25519 receipt signing for every tool call (tamper-evident audit trail)
• Cedar policy enforcement (same engine AWS uses for IAM)
• Claude Code hooks integration — runs as an HTTP hook server alongside Pro Workflow's command hooks

The two tools are complementary, not competing:

	Pro Workflow	protect-mcp
Focus	Workflow optimization	Security enforcement
Mechanism	Command hooks + SQLite	HTTP hooks + Cedar policies
Output	Learnings, corrections, drift alerts	Signed receipts, allow/deny decisions

How to test

# The entry is commented out by default (prefixed with _)
# Users uncomment by removing the underscore: "_protect-mcp" → "protect-mcp"
npx protect-mcp serve --enforce  # starts hook server on :9377

Context

• npm: protect-mcp (MIT)
• Merged into Microsoft Agent Governance Toolkit
• IETF Internet-Draft: draft-farley-acta-signed-receipts

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Added an example configuration for an optional MCP server, including guidance on how to enable and run it for users who want to activate the capability.
  • Extended recommendations to advise when to add this server—use cases include creating audit trails, enforcing policies, and producing compliance evidence; guidance explains when to adopt the example entry.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b955e9d-54ad-4dd0-bd93-4ff9ed5f4a09

📥 Commits

Reviewing files that changed from the base of the PR and between 81a1053 and 49a4f7f.

📒 Files selected for processing (1)

• mcp-config.example.json

---

📝 Walkthrough

Walkthrough

Adds a new, disabled-by-default _optional_servers.protect-mcp entry to mcp-config.example.json (runs npx protect-mcp@0.5.2 serve --enforce) plus metadata describing Ed25519 receipt signing and Cedar policy enforcement; also appends a protect-mcp item to _recommendations.add_when_needed.

Changes

Cohort / File(s)	Summary
MCP example config mcp-config.example.json	Added _optional_servers.protect-mcp entry with command/args (npx protect-mcp@0.5.2 serve --enforce) and metadata fields (_comment, _docs, _when, surrounding _note). Also added protect-mcp to _recommendations.add_when_needed for audit/policy use cases.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A little config whisper hops in to say,
An optional guardian waits—quiet by day.
Signatures and policies tucked in a line,
Copy without underscore when you're ready to shine. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding protect-mcp to the example MCP configuration as a recommended optional server.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@mcp-config.example.json`:
- Line 24: Update the unpinned "protect-mcp" invocation in the args array to a
fixed, explicit version to ensure reproducible, auditable runs; replace the
token "protect-mcp" in the args entry with a pinned identifier such as
"protect-mcp@0.4.2" (the current stable) so the CLI invocation always uses that
exact release and update any documentation or comments referencing the args
array if needed.
- Around line 22-27: The "_protect-mcp" entry is currently inside mcpServers and
will be treated as active despite the underscore; move this object out of
mcpServers into a new top-level metadata section named "_optional_mcp_servers"
(matching the existing metadata pattern like "_recommendations" and "_scopes"),
and update its explanatory string to "Copy into mcpServers to enable" (and
adjust the `_comment` to explain it is disabled by default and must be copied to
mcpServers to enable); ensure the key name and command/args remain unchanged so
the snippet can be pasted unchanged when opt-in is desired.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2718a74d-7c7e-4915-ab39-1d5c116ae687

📥 Commits

Reviewing files that changed from the base of the PR and between 1de1554 and 81a1053.

📒 Files selected for processing (1)

• mcp-config.example.json

[tomjwxf]

Addressed both CodeRabbit findings:

1. Moved to _optional_servers section — the _protect-mcp key inside mcpServers would indeed load as an active server. Now it's in a separate _optional_servers section (following the file's existing metadata pattern with _recommendations, _scopes). Users copy into mcpServers to enable.

2. Pinned to protect-mcp@0.5.2 — correct call for a compliance-focused tool. Unpinned versions in audit infrastructure is a contradiction.