GateAgent GuardProtocolStandardsMCPGovGuardSovereigntyFinGuardQuorumDemoTry itVerifyPricingDocsRequest Pilot
EMILIA FIRE DRILL · REPORT
Fix PR open

bid.scope (scope-mcp)

external dispatch / webhookrepository ↗

Dangerous action found

scope_dispatch_matterirreversibly dispatches a budgeted hiring / procurement matter to external vendors.

// packages/mcp-core/src/tools.ts  ·  scope_dispatch_matter handler (registerCoreTools)
return api.post("/api/scopes", { ... });

Currently: runs unguarded — the handler's only precondition is an `if (!api.hasAuth())` token check at tools.ts:141. No human signs off the external dispatch.

Proposed fix — Receipt Required

Insert a @emilia-protocol/require-receipt check immediately after the `if (!api.hasAuth())` guard (tools.ts:141), before the `api.post("/api/scopes", ...)` dispatch, so a human authorization receipt for the exact matter is required first.

Result after patch (RR-1):

1Missing receiptblocked — 428 Receipt Required
2Valid receiptdispatches once, receipt consumed
3Replayed receiptrefused — one-time consumption
4Forged receiptrefused — signature / action-binding fails
View the fix PR ↗What is RR-1?Receipt Required: RR-1

Scope: this is a static reference-implementation assessment of a missing human-authorization receipt on one irreversible action, derived from the repository’s public source. It is not a vulnerability report, not a claim the action is exploitable, and not auth or permissions. Maintainer active (last push 2026-06-10); this report is intended to go live alongside a fix PR.

Fire Drill: bid.scope (scope-mcp) — scope_dispatch_matter | EMILIA | EMILIA Protocol