MCP server

@agenttrust-sdk/mcp is the Model Context Protocol server for AgentTrust. Stdio binary published on npm; hosted HTTP transport at mcp.agenttrust.tech. Twenty-one tools split into ten read-only, eight write (require a signing keypair), and three discovery / docs-search.

The MCP server is a thin façade over @agenttrust-sdk/trustgate. PDA derivation, IDL loading, and gate_payment simulation live in the SDK; the MCP server exposes them with stable Zod schemas to LLM clients.

Source: mcp/. License: MIT.

What you get

Quick start — Claude Desktop

{
  "mcpServers": {
    "agenttrust": {
      "command": "npx",
      "args": ["-y", "@agenttrust-sdk/mcp"],
      "env": {
        "RPC_URL": "https://api.devnet.solana.com",
        "NETWORK": "solana-devnet"
      }
    }
  }
}

Drop into ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows). Restart Claude Desktop. Twenty-one tools become available in chat. Full setup including write-tool keypair, Cursor config, and HTTP transport: Install.

What it looks like in use

Once installed, ask Claude Desktop:

• "What demo agents are available on AgentTrust?" → agenttrust_demo_state returns three pre-warmed counterparties with asset pubkeys + Explorer URLs.
• "Simulate a 5-USDC payment from the tier-3 demo agent to the tier-0 demo agent against policy 1. What does the gate decide?" → agenttrust_simulate_payment returns Deny / SpendingPerTxExceeded with the decoded reason.
• "Pull the policy for agent <asset> ID 1 and tell me the spending caps." → agenttrust_get_policy returns the decoded PolicyAccount PDA — every spending cap, velocity threshold, counterparty tier requirement, and required capability hash.
• "Why would a payment with reason code 6 fail, and how do I fix it?" → agenttrust_explain_decision returns CounterpartyTierBelowMin with remediation hint.
• "Search the AgentTrust docs for the validation registry data flow." → agenttrust_docs returns ranked hits with excerpts.
• "Walk me through adding a new x402 facilitator adapter." → agenttrust_facilitator_walkthrough returns the canonical guide.

Phase P validated all 10 scenarios with a real LLM client (Claude sonnet via the official claude CLI) — 7/10 strict pass, 3 false negatives that the LLM recovered from via context-gathering. Full report: docs/proofs/phase-p-llm-routing.md.

Hosted vs stdio

Health check the hosted endpoint:

curl https://mcp.agenttrust.tech/healthz
# → {"ok":true,"service":"agenttrust-mcp","version":"0.4.5","network":"solana-devnet","toolCount":21,…}

Full hosted-endpoint reference: Hosted endpoint.

Architecture

mcp/src/
├── index.ts        — entry point + transport selector
├── server.ts       — MCP Server with tools/resources/prompts wired up
├── config.ts       — env parsing
├── chain.ts        — thin façade over @agenttrust-sdk/trustgate
├── tools/
│   ├── read/        — 10 read tools
│   ├── write/       — 8 write tools
│   └── discovery/   — 3 discovery tools
├── resources/
│   ├── docs.ts      — MDX corpus indexer (path-traversal-safe)
│   └── programs.ts  — devnet program manifest as JSON resource
└── prompts/
    ├── audit-payment.ts
    ├── setup-agent.ts
    └── explain-failure.ts

Chain logic — PDA derivation, IDL loading, gate_payment simulation — lives in @agenttrust-sdk/trustgate. The MCP server is a façade. If a helper is missing in the SDK, it lands in the SDK and re-exports through the MCP — never forks chain logic into mcp/.

Read next