Local MCP server for Touchstone — record agent actions into a tamper-evident, externally-anchored log. Signs locally; your Ed25519 key never leaves your machine.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Local MCP server for Touchstone — record agent actions into a tamper-evident, externally-anchored log. Signs locally; your Ed25519 key never leaves your machine.