logly/mureo

Highlights

mureo safety layer for third-party plugin tools (#114, #116) — opt-in & purely additive via standard MCP Tool metadata, no plugin-side changes required:

• Phase 1 — audit (~/.mureo/plugin_audit.jsonl, secret-masked, 0600) / throttle / fault-isolation (record-then-reraise; never crashes or silently swallows).
• Phase 2 — classify via readOnlyHint (undeclared ⇒ mutating) + optional _meta["mureo"] (reversal, throttle); successful mutating calls promoted into STATE.json action_log (platform="plugin:<dist>", only when a STATE.json exists).
• Phase 3 — provider-aware skill guidance (plugin platforms enumerated best-effort, treated advisory).
• Phase 4 — structural strategy parity: mutating calls get an observation_due window (14-day default, _meta["mureo"]["observation_days"] overridable) so daily-check reviews outcomes like a built-in.

Honest scope: confirm + STRATEGY gating are skill-mediated; audit/action_log/observation/rollback-intent are mechanical — the same channel built-ins use. mureo's platform-specific analytics and executable auto-rollback for arbitrary ops are not generically possible and not claimed. See docs/plugin-authoring.md, docs/ABI-stability.md.

Also since v0.9.0

• Fixed: mureo configure frees the terminal on finish / Ctrl+C (#111).
• Docs: getting-started leads with mureo configure + 'Before you start' (#109, #110); BYOD/Demo are mureo-native only (#112).

Full changelog: CHANGELOG.md