GateAgent GuardProtocolStandardsMCPGovGuardSovereigntyFinGuardQuorumDemoTry itVerifyPricingDocsRequest Pilot
EMILIA FIRE DRILL · REPORT
Fix PR open

eveoy-mcp

money movementrepository ↗

Dangerous action found

start_checkoutcreates a Stripe checkout session and a Zoho CRM deal from an agent call.

// src/mcp/tools/start-checkout.ts  ·  registerStartCheckout
data = await callEdge(/create-checkout-session, { ... });

Currently: runs unguarded — start_checkout calls the create-checkout-session edge function on both the JWT and agent paths with no human authorization.

Proposed fix — Receipt Required

Wrap the start_checkout handler body just before the callEdge(/create-checkout-session, ...) calls with @emilia-protocol/require-receipt, so a human authorization receipt for the exact checkout is required first.

Result after patch (RR-1):

1Missing receiptblocked — 428 Receipt Required
2Valid receiptchecks out once, receipt consumed
3Replayed receiptrefused — one-time consumption
4Forged receiptrefused — signature / action-binding fails
View the fix PR ↗What is RR-1?Receipt Required: RR-1

Scope: this is a static reference-implementation assessment of a missing human-authorization receipt on one irreversible action, derived from the repository’s public source. It is not a vulnerability report, not a claim the action is exploitable, and not auth or permissions. Maintainer active (last push 2026-06-30); report intended to go live alongside a fix PR.

Fire Drill: eveoy-mcp — start_checkout | EMILIA | EMILIA Protocol