Install
Wire @agenttrust-sdk/mcp into Claude Desktop, Cursor, or any MCP-capable client — stdio or hosted HTTP.
Three install paths: Claude Desktop (one command), Cursor, or any generic stdio MCP client. Plus the always-on hosted HTTP endpoint at mcp.agenttrust.tech for cloud agents.
Claude Desktop (recommended)
Add to your config — ~/Library/Application Support/Claude/claude_desktop_config.json on macOS, %APPDATA%\Claude\claude_desktop_config.json on Windows:
{
"mcpServers": {
"agenttrust": {
"command": "npx",
"args": ["-y", "@agenttrust-sdk/mcp"],
"env": {
"RPC_URL": "https://api.devnet.solana.com",
"NETWORK": "solana-devnet"
}
}
}
}Restart Claude Desktop. Twenty-one tools are now available in chat. No clone, no local build.
Local clone (for development)
If you want to iterate on the MCP server's source, swap the command/args:
"command": "node",
"args": ["/absolute/path/to/agenttrust/mcp/dist/index.js"]Or run the helper that wires the local path automatically:
mcp/scripts/install-claude-desktop.shThe script edits the Claude Desktop config in place. It backs up the prior config to claude_desktop_config.json.bak.<timestamp> so you can revert.
Cursor
Cursor's MCP config lives at ~/.cursor/mcp.json (or per-workspace .cursor/mcp.json). Same shape as Claude Desktop:
{
"mcpServers": {
"agenttrust": {
"command": "npx",
"args": ["-y", "@agenttrust-sdk/mcp"]
}
}
}Generic stdio MCP client
The package ships a binary entry point. Once installed:
pnpm add @agenttrust-sdk/mcp
node ./node_modules/@agenttrust-sdk/mcp/dist/index.js # stdio transport, defaultThe server speaks MCP over stdin/stdout. Any compliant MCP client attaches by spawning this command.
Hosted HTTP endpoint
The public hosted MCP HTTP endpoint is already live:
https://mcp.agenttrust.techHealth check:
curl https://mcp.agenttrust.tech/healthz
# → {"ok":true,"service":"agenttrust-mcp","version":"0.4.5","network":"solana-devnet","toolCount":21,…}Hosted on Fly.io (Singapore region, shared-cpu-1x@256MB, always-on with auto-resume on idle). Use this URL in any MCP client that speaks StreamableHTTPServerTransport — no local install required. Full hosted-endpoint reference: Hosted endpoint.
To run your own HTTP transport locally:
MCP_TRANSPORT=http MCP_HTTP_PORT=8765 node ./mcp/dist/index.jsBehind any reverse proxy (Caddy, nginx, Vercel, Fly.io) this surfaces as a public hosted endpoint.
Write tools — adding a keypair
The eight write tools (agenttrust_init_authority, agenttrust_init_policy, agenttrust_set_killswitch, agenttrust_register_namespace, agenttrust_register_attestor, agenttrust_request_validation, agenttrust_respond_to_validation, agenttrust_emit_feedback) require a signing keypair. The MCP server resolves a signer through a four-step chain (first match wins):
KEYPAIR_B58— base58-encoded 64-byte secret keyKEYPAIR_PATH— absolute path to a JSON-array secret-key file (Solana CLI native format)~/.config/solana/id.json— Solana CLI's default keypair location, picked up automaticallySOLANA_KEYPAIR_PATH— alt path env some tooling sets
If you already use solana-keygen locally, no env is needed. To set an explicit signer in the Claude Desktop config, add KEYPAIR_B58 to the env block:
{
"mcpServers": {
"agenttrust": {
"command": "npx",
"args": ["-y", "@agenttrust-sdk/mcp"],
"env": {
"RPC_URL": "https://api.devnet.solana.com",
"NETWORK": "solana-devnet",
"KEYPAIR_B58": "<base58-encoded 64-byte secret key>"
}
}
}
}Without any usable signer, write tools surface a clear auth_required envelope. Read and discovery tools never need one.
The auth_required envelope
Write tools that fail the signer check return a structured envelope, not a raw chain error. The hint copy is branched by transport:
// Local install (stdio): tell the developer how to wire a keypair
{
"errorCode": "auth_required",
"message": "Signer required (needed by `agenttrust_init_policy`).",
"hint": "Set KEYPAIR_B58 (base58-encoded 64-byte secret), KEYPAIR_PATH, or `solana config get` to point at a funded keypair, then restart the MCP server.",
"cause": "This tool requires a signer. Set one of: KEYPAIR_B58, KEYPAIR_PATH, or `solana config get`."
}
// Hosted (HTTP): point the caller at the local-install path
{
"errorCode": "auth_required",
"message": "Signer required (needed by `agenttrust_init_policy`).",
"hint": "This is the hosted read-only endpoint. To use write tools, install MCP locally: npx -y @agenttrust-sdk/mcp@latest. Hosted MCP signs nothing on your behalf by design — your keypair stays on your machine.",
"cause": "This tool requires a signer. Set one of: KEYPAIR_B58, KEYPAIR_PATH, or `solana config get`."
}The hosted endpoint at mcp.agenttrust.tech is read-only by design and ships no signer. A shared signer would mean every user's on-chain identity is owned by the operator; that's a security model, not a UX shortcut. For write tools, install the MCP locally with your own keypair. See /quickstart for the surface comparison table.
Convert a Solana CLI keypair to base58:
solana-keygen recover --output-format json -k ~/.config/solana/id.json | jq -r '.privateKey' \
| python3 -c "import sys, base58, json; print(base58.b58encode(bytes(json.loads(sys.stdin.read()))).decode())"Or use the bs58 CLI:
cat ~/.config/solana/id.json | jq -r '.[0:64]' | npx bs58 encodeEnvironment variables
| Var | Default | Effect |
|---|---|---|
RPC_URL | devnet RPC | Solana RPC endpoint |
NETWORK | solana-devnet | solana-devnet or solana-mainnet. Drives Quantu program IDs. |
KEYPAIR_B58 | unset | Base58-encoded 64-byte secret key. First step in the signer-resolution chain. |
KEYPAIR_PATH | unset | Path to a JSON-array secret-key file (Solana CLI native format). Second step in the signer-resolution chain. |
SOLANA_KEYPAIR_PATH | unset | Alt path env some tooling sets. Fourth step in the signer-resolution chain. |
MCP_TRANSPORT | stdio | stdio or http |
MCP_HTTP_PORT | 8765 | Port for HTTP transport |
POLICY_VAULT_PROGRAM_ID | devnet ID | Override policy_vault program ID |
TRUSTGATE_PROGRAM_ID | devnet ID | Override trustgate program ID |
VALIDATION_REGISTRY_PROGRAM_ID | devnet ID | Override validation_registry program ID |
MCP_DEFAULT_FACILITATOR | unset | Default facilitator name in tool replies |
MCP_DOCS_DIR | repo docs-site/content/docs | Override the docs corpus root (tests) |
PAY_SH_DEMO_STATE_FILE | bundled demo state | Override the demo state file |
Build + test from source
git clone https://github.com/agenttrust-labs/agenttrust && cd agenttrust
pnpm install
pnpm --filter ./trustgate/sdk run build # MCP depends on the SDK build output
pnpm --filter ./mcp run build
pnpm --filter ./mcp test # 76 unit tests, no chain access
INTEGRATION=1 pnpm --filter ./mcp test:integration # devnet round-tripIDL fetch (verify on-chain truth)
All three Anchor IDLs are published on devnet:
anchor idl fetch 8Y6fGeNEHgmWmbt8JsRcF72jxbeBfJhomMjG6SuoJQTR --provider.cluster devnet # policy_vault
anchor idl fetch HF8zHfoyA7b5mhLViopTnRMprc6ZT5KActHTdkFrih2N --provider.cluster devnet # trustgate
anchor idl fetch Cx4RFa6ysw3qXYhugPkF8pFSWBkmKq59h2dWgF2tKhtv --provider.cluster devnet # validation_registryThe MCP server bundles snapshots at mcp/src/idl/*.json as a defensive fallback (saves an RPC round-trip on cold start; keeps the server bootable in offline / air-gapped harnesses). Latest evidence snapshot: docs/proofs/idl-on-chain.json.