chore(release): v0.7.15 polish and differentiators

Bump release metadata to 0.7.15, upgrade the PyPI stability classifier, surface MCP Proxy discovery in public READMEs, and add the MCP Proxy design principles document.

Also include the design principles and operations docs in the sdist manifest so the source archive carries the new customer-facing documentation.

Implemented with assistance from Codex.

Author: oleg-bk

AGENTS.md

@@ -72,7 +72,7 @@ explicit action-control tools for Runtime Gate, approvals, and signed receipts.
 Hosted `AVP_MCP_READONLY=1` exposes only the 8 read-only tools. The MCP server
 is an explicit toolbox, not an automatic proxy for other MCP tool calls.
 
-Glama directory: https://glama.ai/mcp/servers/agentveil-protocol/avp-sdk
+Glama directory: https://glama.ai/mcp/servers/agentveil-protocol/agentveil-sdk
 
 ## DID support
 

CHANGELOG.md

@@ -9,6 +9,65 @@ All notable changes to the `agentveil` SDK.
   named while AgentVeil is described as an external trust and reputation
   integration.
 
+## [0.7.15] - 2026-05-12
+
+Post-launch polish release: discoverability fixes for the v0.1 MCP Proxy
+adapter and Tier 1 differentiator framing per the AgentVeil design principles
+roadmap. Zero production code changes; documentation, metadata, and design
+narrative only.
+
+### Changed
+- Bumped PyPI `Development Status` classifier from `4 - Beta` to
+  `5 - Production/Stable` to match the project's commercial-bar discipline.
+- Surfaced the `agentveil-mcp-proxy` MCP transport proxy adapter in the
+  top-level `README.md` integrations table alongside framework adapters,
+  Bedrock, and Microsoft AgentMesh.
+- Surfaced the MCP transport proxy in `README_PYPI.md` features list and
+  added a dedicated section with quick-start commands and a link to the
+  subproject README.
+- Added `mcp-proxy` keyword to `pyproject.toml` for PyPI search discovery.
+- Reframed customer-facing authorization narrative as capability tokens
+  (signed, scoped, time-bounded, replay-resistant, attenuatable) per Mark
+  Miller (2006) and Macaroons (NDSS 2014) discipline. AVP's existing
+  `similar_5m` scope expansion already implements these properties; this
+  release names them explicitly.
+- Adjusted customer copy to acknowledge HRU 1976 undecidability of the general
+  access-control safety problem. AVP claims constrained, auditable, reversible
+  decisions within the practically decidable policy subset, not unconditional
+  safety.
+- Updated public repository URL references in `README.md`, `README_PYPI.md`,
+  `pyproject.toml`, `AGENTS.md`, and `agentveil_mcp/server.py`, and refreshed
+  customer-facing example paths in `agentveil_mcp/README.md`,
+  `examples/proof_pack/README.md`, and `mcp_server/README.md` from `avp-sdk`
+  to `agentveil-sdk` after the GitHub repository rename for brand consistency
+  with the `agentveil` PyPI package name. Operator-local
+  `/Users/.../avp-sdk-public` release-smoke paths remain unchanged.
+- Added an MCP transport proxy "what's new" callout to the top-level
+  `README.md` hero section surfacing the v0.7.15 ship and IDE client coverage
+  without disrupting the AVP product-led hero tagline.
+
+### Added
+- New design principles document at
+  [`docs/MCP_PROXY_DESIGN_PRINCIPLES.md`](docs/MCP_PROXY_DESIGN_PRINCIPLES.md)
+  mapping AgentVeil MCP Proxy architecture to the eight Saltzer-Schroeder
+  (1975) principles: economy of mechanism, fail-safe defaults, complete
+  mediation, open design, separation of privilege, least privilege, least
+  common mechanism, and psychological acceptability.
+
+### Audit References
+- Discoverability fixes: PL-1, PL-2, PL-3, PL-4, caught reviewer-side after
+  the P11.5 ceremony.
+- Differentiator items: #1 Saltzer-Schroeder citation, #2 HRU honest framing,
+  #3 capability discipline reframing - Tier 1 free items from
+  `avp_mcp_proxy_differentiators_roadmap.md`.
+
+### Validation
+- No production code changes. Pytest baseline unchanged: 642 passed, 1 skipped.
+- Bandit static analysis unchanged: 6 LOW, 0 MEDIUM, 0 HIGH.
+- All refined customer-facing wording scans (AI-attribution, prohibited
+  product terminology, production-grade strict reading) return zero matches
+  post-edit.
+
 ## [0.7.14] - 2026-05-11
 
 AgentVeil MCP Proxy v0.1 first public release. Action Control Plane for IDE

MANIFEST.in

@@ -0,0 +1,3 @@
+include CHANGELOG.md
+include docs/MCP_PROXY_DESIGN_PRINCIPLES.md
+include docs/MCP_PROXY_OPERATIONS.md

README.md

@@ -6,9 +6,9 @@
 
 [![PyPI](https://img.shields.io/pypi/v/agentveil)](https://pypi.org/project/agentveil/)
 [![Python](https://img.shields.io/pypi/pyversions/agentveil)](https://pypi.org/project/agentveil/)
-[![Tests](https://github.com/agentveil-protocol/avp-sdk/actions/workflows/tests.yml/badge.svg)](https://github.com/agentveil-protocol/avp-sdk/actions)
+[![Tests](https://github.com/agentveil-protocol/agentveil-sdk/actions/workflows/tests.yml/badge.svg)](https://github.com/agentveil-protocol/agentveil-sdk/actions)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
-[![Glama MCP Directory](https://img.shields.io/badge/Glama-MCP%20Directory-blue)](https://glama.ai/mcp/servers/agentveil-protocol/avp-sdk)
+[![Glama MCP Directory](https://img.shields.io/badge/Glama-MCP%20Directory-blue)](https://glama.ai/mcp/servers/agentveil-protocol/agentveil-sdk)
 
 **Action control for autonomous agents — check posture, gate risky actions, prove execution.**
 
@@ -28,6 +28,8 @@ pip install agentveil
 
 > **Paper:** Boiko, O. (2026). *[Why AI Agent Reputation Needs Both Link Analysis and Flow-Based Gating](https://zenodo.org/records/19730525)*. Zenodo.
 
+> **MCP transport proxy ships in v0.7.15:** wrap downstream MCP servers (filesystem, github, shell) with AgentVeil Action Control Plane gating, approval routing, durable signed evidence, and replay defense. IDE-friendly adapter for Claude Desktop, Cursor, Cline, Windsurf, and VS Code. See [`agentveil_mcp_proxy/README.md`](agentveil_mcp_proxy/README.md).
+
 <p align="center">
   <img src="docs/demo.gif" alt="AgentVeil SDK demo — preflight, runtime gate, approval, controlled execution, offline proof" width="720">
 </p>
@@ -163,6 +165,11 @@ workflows, and developer infrastructure. AgentVeil provides three things:
 2. **Runtime gating** — evaluate risky actions before execution, route through signed approval when needed
 3. **Verifiable evidence** — produce signed receipts your audit / customer / partner can verify offline, no SDK or AVP API required
 
+AgentVeil does not claim to solve the general access-control safety problem.
+Instead, it makes agent actions constrained, auditable, and reversible within a
+declared action vocabulary and policy subset: each gated decision is bound to
+explicit risk, resource, environment, and payload evidence.
+
 See [Security Context](docs/SECURITY_CONTEXT.md) for verified CVEs, market data,
 and the structural problem AgentVeil addresses.
 
@@ -179,6 +186,18 @@ and the structural problem AgentVeil addresses.
 
 ---
 
+## Capability Tokens
+
+AVP approvals are capability tokens, not flat permissions. A Runtime Gate
+decision or approval grant is signed by the AVP backend, scoped to concrete
+action context (`client_risk_class`, `client_policy_context_hash`, and
+`payload_hash`), time-bounded by grant expiry, replay-resistant at the proxy
+boundary, and attenuatable through narrower follow-on grants such as
+`similar_5m`. Downstream tools receive only the authority needed for the
+approved action, not broad standing permission.
+
+---
+
 ## Decision Inputs (advisory)
 
 These advisory APIs feed the Runtime Gate's risk assessment. They inform
@@ -235,6 +254,7 @@ def review_code(pr_url: str) -> str:
 | **AutoGen** | `pip install agentveil autogen-core` | `avp_reputation_tools()` |
 | **OpenAI** | `pip install agentveil openai` | `avp_tool_definitions()` + `handle_avp_tool_call(...)` from `agentveil.tools.openai` |
 | **MCP clients** | `pip install 'agentveil[mcp]'` | `agentveil-mcp` for Runtime Gate, approvals, receipts, reputation, identity lookup, and audit ([docs](agentveil_mcp/README.md)) |
+| **MCP transport proxy** | `pip install agentveil` | `agentveil-mcp-proxy` wraps downstream MCP servers (filesystem, github, shell) with Action Control Plane gating, approval routing, durable signed evidence, and replay defense for Claude Desktop, Cursor, Cline, Windsurf, and VS Code ([docs](agentveil_mcp_proxy/README.md)) |
 | **Gemini** | `pip install agentveil google-generativeai` | Function-calling example: [`examples/gemini_example.py`](examples/gemini_example.py) |
 | **PydanticAI** | `pip install agentveil pydantic-ai` | Tool example: [`examples/pydantic_ai_example.py`](examples/pydantic_ai_example.py) |
 | **Paperclip** | `pip install agentveil` | `avp_should_delegate(...)`, `avp_evaluate_team(...)`, `avp_plugin_tools()` |
@@ -301,6 +321,7 @@ Negative attestations require both `context` and a 64-character lowercase hex
 | [Protocol Spec](docs/PROTOCOL.md) | AgentVeil wire format and authentication |
 | [Security Model](docs/SECURITY_MODEL.md) | Mode 1 SDK developer flow, Mode 2/3 gateway enforcement roadmap |
 | [MCP Proxy Operations](docs/MCP_PROXY_OPERATIONS.md) | Downstream lifecycle behavior and response timeout configuration |
+| [MCP Proxy Design Principles](docs/MCP_PROXY_DESIGN_PRINCIPLES.md) | Saltzer-Schroeder mapping, HRU-aware framing, and capability-token discipline |
 | [Security Context](docs/SECURITY_CONTEXT.md) | Why agent trust matters — CVEs and market data |
 | [Agent Network (Advanced)](docs/ADVANCED_AGENT_NETWORK.md) | Reputation, attestations, agent identity — internal mechanisms |
 | [Changelog](CHANGELOG.md) | Version history |
@@ -329,8 +350,8 @@ Framework examples: [CrewAI](examples/crewai_example.py) · [LangGraph](examples
 
 ## Community
 
-- ⭐ **[Star this repo](https://github.com/agentveil-protocol/avp-sdk/stargazers)** — helps others discover AgentVeil
-- 🐛 **[Open an issue](https://github.com/agentveil-protocol/avp-sdk/issues)** — bugs, questions, feature requests
+- ⭐ **[Star this repo](https://github.com/agentveil-protocol/agentveil-sdk/stargazers)** — helps others discover AgentVeil
+- 🐛 **[Open an issue](https://github.com/agentveil-protocol/agentveil-sdk/issues)** — bugs, questions, feature requests
 - 📖 **[Customer Integration guide](docs/CUSTOMER_INTEGRATION.md)** — production setup
 
 ---

README_PYPI.md

@@ -31,7 +31,7 @@ print("delegation valid:", verification["valid"])
 print("scope:", verification["scope"][0]["value"])
 ```
 
-For production setup, see the [Customer Integration guide](https://github.com/agentveil-protocol/avp-sdk/blob/main/docs/CUSTOMER_INTEGRATION.md).
+For production setup, see the [Customer Integration guide](https://github.com/agentveil-protocol/agentveil-sdk/blob/main/docs/CUSTOMER_INTEGRATION.md).
 
 ## What AgentVeil Provides
 
@@ -41,6 +41,12 @@ For production setup, see the [Customer Integration guide](https://github.com/ag
 - **W3C VC v2.0 credentials** with `eddsa-jcs-2022` Data Integrity proofs.
 - **DID identity** with portable `did:key` Ed25519 keys.
 - **Framework integrations** for CrewAI, LangGraph, AutoGen, OpenAI, Claude MCP, Gemini, PydanticAI, Paperclip, and AWS Bedrock.
+- **MCP transport proxy** for IDE clients (Claude Desktop, Cursor, Cline, Windsurf, VS Code) - wrap downstream MCP servers with Action Control Plane gating via the `agentveil-mcp-proxy` console script.
+
+AgentVeil makes agent actions constrained, auditable, and reversible within a
+declared action vocabulary and policy subset. It does not claim to solve the
+general access-control safety problem; it produces bounded decisions and signed
+evidence that operators can review.
 
 ## Offline Verification
 
@@ -71,19 +77,40 @@ approved execution, signed receipt retrieval, reputation checks, identity
 lookup, and audit verification. Hosted read-only mode exposes public
 inspection tools only.
 
-The compatibility extra `agentveil[mcp]` still works for legacy setups. MCP setup details are in the [MCP README](https://github.com/agentveil-protocol/avp-sdk/blob/main/agentveil_mcp/README.md).
+The compatibility extra `agentveil[mcp]` still works for legacy setups. MCP setup details are in the [MCP README](https://github.com/agentveil-protocol/agentveil-sdk/blob/main/agentveil_mcp/README.md).
+
+## MCP Transport Proxy
+
+The `agentveil-mcp-proxy` console script wraps a downstream MCP server with
+runtime decision gating, human approval routing, durable signed evidence, and
+replay defense. Point your IDE at `agentveil-mcp-proxy` instead of directly at
+the downstream server; the proxy applies AVP policy before forwarding.
+
+```bash
+agentveil-mcp-proxy init
+agentveil-mcp-proxy doctor
+agentveil-mcp-proxy run
+```
+
+AVP approvals are capability tokens, not flat permissions. They are signed,
+scoped to action context and payload hash, time-bounded by expiry, guarded
+against replay at the proxy boundary, and attenuated when follow-on grants such
+as `similar_5m` narrow the original approval scope.
+
+See the [MCP Proxy README](https://github.com/agentveil-protocol/agentveil-sdk/blob/main/agentveil_mcp_proxy/README.md)
+for the full quick start and IDE configuration examples.
 
 ## Resources
 
-- [Full GitHub README and demo](https://github.com/agentveil-protocol/avp-sdk#readme)
-- [API reference](https://github.com/agentveil-protocol/avp-sdk/blob/main/docs/API.md)
-- [Customer integration guide](https://github.com/agentveil-protocol/avp-sdk/blob/main/docs/CUSTOMER_INTEGRATION.md)
-- [Framework integrations](https://github.com/agentveil-protocol/avp-sdk/blob/main/docs/INTEGRATIONS.md)
-- [Security context](https://github.com/agentveil-protocol/avp-sdk/blob/main/docs/SECURITY_CONTEXT.md)
-- [Examples](https://github.com/agentveil-protocol/avp-sdk/tree/main/examples)
+- [Full GitHub README and demo](https://github.com/agentveil-protocol/agentveil-sdk#readme)
+- [API reference](https://github.com/agentveil-protocol/agentveil-sdk/blob/main/docs/API.md)
+- [Customer integration guide](https://github.com/agentveil-protocol/agentveil-sdk/blob/main/docs/CUSTOMER_INTEGRATION.md)
+- [Framework integrations](https://github.com/agentveil-protocol/agentveil-sdk/blob/main/docs/INTEGRATIONS.md)
+- [Security context](https://github.com/agentveil-protocol/agentveil-sdk/blob/main/docs/SECURITY_CONTEXT.md)
+- [Examples](https://github.com/agentveil-protocol/agentveil-sdk/tree/main/examples)
 - [AgentVeil API](https://agentveil.dev)
 - [Live Network](https://agentveil.dev/live)
 
 ## License
 
-MIT. See the [license](https://github.com/agentveil-protocol/avp-sdk/blob/main/LICENSE).
+MIT. See the [license](https://github.com/agentveil-protocol/agentveil-sdk/blob/main/LICENSE).

agentveil/__init__.py

@@ -26,7 +26,7 @@
     AVPServerError,
 )
 
-__version__ = "0.7.14"
+__version__ = "0.7.15"
 
 __all__ = [
     "AVPAgent",

agentveil_mcp/README.md

@@ -275,7 +275,7 @@ exactly like the canonical path. They exist so existing MCP client configs
 keep working without edits. **Do not use these forms in new configs.**
 
 To migrate an existing config, replace `"command": "python3"` +
-`"args": ["-m", "mcp_server.server"]` + `"cwd": "/path/to/avp-sdk"` with a
+`"args": ["-m", "mcp_server.server"]` + `"cwd": "/path/to/agentveil-sdk"` with a
 single `"command": "agentveil-mcp"`. The `cwd` entry is no longer needed.
 
 ## Roadmap

agentveil_mcp/server.py

@@ -798,7 +798,7 @@ def protocol_info() -> str:
         "live_network": f"{BASE_URL}/live",
         "sdk": "pip install agentveil",
         "mcp": "pip install 'agentveil[mcp]'",
-        "github": "https://github.com/agentveil-protocol/avp-sdk",
+        "github": "https://github.com/agentveil-protocol/agentveil-sdk",
         "boundary": "Explicit MCP toolbox; does not automatically proxy or intercept other MCP tool calls.",
         "features": [
             "W3C DID Identity (Ed25519)",