feat: add MCP proof pack

CHANGELOG.md

@@ -14,6 +14,8 @@ Versioning: [Semantic Versioning](https://semver.org/)
 - `snare prove --redact` for share-safe proof reports that remove device IDs, token IDs, labels, cleanup tokens, and absolute local paths.
 - Enterprise evaluation, self-hosting, and SIEM integration guides for security-review-friendly pilots.
 - `snare serve --help` for self-hosted callback server flag discovery.
+- `snare prove --pack mcp` to safely trigger planted MCP canaries with a Streamable HTTP `initialize` probe and verify callbacks through the events API.
+- `snare prove --pack all` to run precision and MCP proof recipes in one report.
 
 ### Changed
 - Proof reports now include event visibility, observed callback latency, and explicit “what this proves” / “what this does not prove” sections.

README.md

@@ -97,6 +97,7 @@ By default, `snare arm` uses **precision mode**: only `awsproc`, `ssh`, and `k8s
     snare repair   re-sync registrations safely if doctor finds drift
     snare prove --run --report   safely trigger precision canaries and print a proof report
     snare prove --format json --redact --output proof.json   write a share-safe proof artifact
+    snare prove --pack mcp --run --report   prove MCP canaries after `--all` or `plant --type mcp`
     snare events   view real hits when one arrives
 ```
 
@@ -126,7 +127,9 @@ snare status                 # show active canaries + event state
 snare repair                 # re-register active tokens + run a live test check
 snare sync                   # alias for snare repair
 snare prove [--type <t>]     # guided precision trigger commands (awsproc/ssh/k8s)
+snare prove --pack mcp       # guided MCP initialize proof for planted MCP canaries
 snare prove --run --report   # execute safe triggers and print a proof report
+snare prove --pack all --run --report  # prove precision + MCP canaries together
 snare prove --format json    # machine-readable proof report output
 snare prove --redact --output proof.json --format json  # share-safe proof artifact
 snare events                 # fetch recent alert history from snare.sh
@@ -166,7 +169,8 @@ After `snare arm`, the expected healthy loop is:
 - `snare events` shows real hit history; empty output on fresh installs is expected.
 - `snare repair` (or `snare sync`) safely re-registers active tokens and re-tests callback/event readability when drift is detected.
 - `snare prove` prints safe precision trigger commands so you can intentionally prove alerts fire for `awsproc`, `ssh`, and `k8s`.
-- `snare prove --run --report` executes those triggers, confirms callbacks through the events API, and prints a compact proof report with cleanup commands, event visibility, observed latency, and explicit proof/limitation notes.
+- `snare prove --pack mcp` prints a safe MCP Streamable HTTP initialize probe for planted `mcp` canaries without modifying active MCP client configs.
+- `snare prove --run --report` executes the selected proof triggers, confirms callbacks through the events API, and prints a compact proof report with cleanup commands, event visibility, observed latency, and explicit proof/limitation notes.
 - `snare prove --format json --redact --output proof.json` writes a machine-readable artifact with device IDs, token IDs, labels, cleanup tokens, and absolute local paths redacted.
 
 Important state distinction:
@@ -247,6 +251,14 @@ This is why `awsproc`, `ssh`, and `k8s` are planted by default — they fire onl
 
 Plants a fake MCP server config in a discoverable but non-auto-loaded location. A compromised agent scanning for MCP servers will find it and attempt to connect. The HTTP transport URL points to snare.sh. It won't interfere with your active Claude/Cursor/VS Code configs.
 
+To intentionally prove an MCP canary without wiring it into an active client, run:
+
+```sh
+snare prove --pack mcp --run --report
+```
+
+That sends one Streamable HTTP `initialize` request to the planted fake server URL and verifies the callback through the events API.
+
 ---
 
 ## Alerts

internal/cli/cli.go

@@ -126,7 +126,7 @@ Commands:
   snare scan                   check canary integrity on disk
   snare repair                 safely re-sync token registrations + test health
   snare sync                   alias for snare repair
-  snare prove [flags]          guided precision proof with optional report output
+  snare prove [flags]          guided proof flow for precision and MCP canaries
   snare events                 fetch recent alert events from snare.sh
   snare test                   fire a test alert to verify your webhook
   snare doctor [--test]        confidence screen: config, API, canaries, ownership, callbacks
@@ -149,7 +149,8 @@ Flags (arm):
   --dry-run                    show what would be planted without writing
 
 Flags (prove):
-  --type <type>                precision canary type: awsproc, ssh, or k8s
+  --pack <pack>                proof pack: precision, mcp, or all (default: precision)
+  --type <type>                proof canary type: awsproc, ssh, k8s, or mcp
   --run                        execute safe trigger commands and verify callbacks
   --report                     print a first-success proof report
   --format text|json           output format for proof reports (json implies --report)