Skip to content

Optional "Receipt Required" guard for destructive SQL #309

Description

@FutureEnterprises

The SQL/migration tools can run irreversible statements (DROP, DELETE, TRUNCATE) against production when driven by an agent. I maintain EMILIA's open Receipt Required rail (Apache-2.0): a small, opt-in gate so a destructive-SQL call refuses to run unless a named human signed an authorization receipt for that exact action.

The four-step behavior (CI-verified):

  • missing receipt → 428 Receipt Required
  • valid, action-bound receipt → runs
  • same receipt replayed → refused (one-time consumption)
  • forged receipt → refused

Disabled by default, no lock-in — purely additive. There's a runnable supabase-admin example that gates run_destructive_sql end-to-end. Would a PR behind an opt-in flag be welcome? Happy to author it.

Spec + guide: https://github.com/emiliaprotocol/emilia-protocol/blob/main/docs/guides/RECEIPT-REQUIRED-MCP.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions