command-scope-contract

MCP Tool

madeinplutofabio/command-scope-contract

Protocol for bounded shell and CLI execution with explicit scope, policy, and provenance for AI agents.

Install

$ npx loaditout add madeinplutofabio/command-scope-contract

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "command-scope-contract": {
      "command": "npx",
      "args": [
        "-y",
        "command-scope-contract"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

[](https://github.com/madeinplutofabio/command-scope-contract/actions/workflows/ci.yml) [](https://www.python.org/downloads/) [](LICENSE)

CSC — Command Scope Contract

CSC is a lightweight protocol for bounded shell and CLI execution by AI agents.

CSC is complementary to MCP, not a replacement for it.

It exists to remove ambient authority from agentic execution.

Instead of giving an agent raw shell access, CSC requires the agent to submit a structured command contract that declares:

what it wants to run
why it wants to run it
where it wants to run it
what it needs to read
what it may write
whether it needs network access
whether it needs secrets
what kind of effect it may cause
how long it may run

A trusted policy layer evaluates the contract. If allowed, a constrained executor runs it and emits a verifiable receipt.

Why CSC exists

Shell is useful because it is universal, composable, and token-efficient.

Shell is dangerous because it often carries too much implicit power.

CSC keeps the flexibility of shell while making scope, policy, and execution evidence explicit.

Execution model

agent -> command contract -> policy gate -> constrained executor -> execution receipt

Status

Draft / v0.1 bootstrap

Not production-ready. The current runner is a minimal reference implementation intended to validate the protocol shape.

Design goals

Keep shell composability.
Remove raw arbitrary shell by default.
Make intent and scope explicit before execution.
Let trusted policy decide.
Emit receipts for audit and provenance.
Stay small enough to implement and adopt quickly.

Non-goals

CSC does not attempt to replace:

container isolation
IAM
workflow engines
sem

Reviews

Loading reviews...

Quality Signals

Installs

Last updated30 days ago

Security: AREADME

Safety

Risk Levelmedium

Data Access

read

Network Accessnone

Details

Sourcegithub-crawl

Last commit3/20/2026

View on GitHub→

Embed Badge

[![Loaditout](https://loaditout.ai/api/badge/madeinplutofabio/command-scope-contract)](https://loaditout.ai/skills/madeinplutofabio/command-scope-contract)

command-scope-contract

MCP Tool

madeinplutofabio/command-scope-contract

Protocol for bounded shell and CLI execution with explicit scope, policy, and provenance for AI agents.

Install

$ npx loaditout add madeinplutofabio/command-scope-contract

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "command-scope-contract": {
      "command": "npx",
      "args": [
        "-y",
        "command-scope-contract"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

[](https://github.com/madeinplutofabio/command-scope-contract/actions/workflows/ci.yml) [](https://www.python.org/downloads/) [](LICENSE)

CSC — Command Scope Contract

CSC is a lightweight protocol for bounded shell and CLI execution by AI agents.

CSC is complementary to MCP, not a replacement for it.

It exists to remove ambient authority from agentic execution.

Instead of giving an agent raw shell access, CSC requires the agent to submit a structured command contract that declares:

what it wants to run
why it wants to run it
where it wants to run it
what it needs to read
what it may write
whether it needs network access
whether it needs secrets
what kind of effect it may cause
how long it may run

A trusted policy layer evaluates the contract. If allowed, a constrained executor runs it and emits a verifiable receipt.

Why CSC exists

Shell is useful because it is universal, composable, and token-efficient.

Shell is dangerous because it often carries too much implicit power.

CSC keeps the flexibility of shell while making scope, policy, and execution evidence explicit.

Execution model

agent -> command contract -> policy gate -> constrained executor -> execution receipt

Status

Draft / v0.1 bootstrap

Not production-ready. The current runner is a minimal reference implementation intended to validate the protocol shape.

Design goals

Keep shell composability.
Remove raw arbitrary shell by default.
Make intent and scope explicit before execution.
Let trusted policy decide.
Emit receipts for audit and provenance.
Stay small enough to implement and adopt quickly.

Non-goals

CSC does not attempt to replace:

container isolation
IAM
workflow engines
sem

Reviews

Loading reviews...

Quality Signals

Installs

Last updated30 days ago

Security: AREADME

Safety

Risk Levelmedium

Data Access

read

Network Accessnone

Details

Sourcegithub-crawl

Last commit3/20/2026

View on GitHub→

Embed Badge

[![Loaditout](https://loaditout.ai/api/badge/madeinplutofabio/command-scope-contract)](https://loaditout.ai/skills/madeinplutofabio/command-scope-contract)

command-scope-contract

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge

command-scope-contract

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge