Skip to main content

MCP server exposing Satsignal tamper-evident anchoring as agent-callable tools.

Project description

satsignal-mcp

MCP server exposing Satsignal tamper-evident anchoring as agent-callable tools.

Any MCP-compatible client (Claude Desktop, Claude Code, agent frameworks that speak MCP over stdio) can call Satsignal directly — no custom SDK required.

What it does

Each anchor call computes a sha256 of the input client-side and sends only the hash to proof.satsignal.cloud. The file/text/JSON bytes never leave the calling machine. The server records the hash on the BSV blockchain and returns a receipt the agent can save or pass on.

Tools

Tool Auth What it does
anchor_file yes sha256 a local file, anchor the digest
anchor_text yes sha256 a UTF-8 string, anchor the digest
anchor_json yes canonicalize JSON (sorted keys, compact, UTF-8), sha256, anchor
lookup_hash no check if a sha256 is on-chain
verify_file_against_bundle no full verify — re-hash the original file, confirm it matches the bundle, chain-confirm via public block explorers. Detects file tampering.
chain_confirm_bundle no chain-confirm only — open a local .mbnt, extract sha+txid, confirm via lookup_hash. Fast, but does NOT detect file tampering.
verify_bundle no deprecated alias of chain_confirm_bundle; removable in 0.5

anchor_* tools accept dry_run: true to preview the sha256 without broadcasting. The Satsignal API itself does not honor dry_run — the flag lives in this MCP layer and short-circuits before any network call.

Folder selection

Each anchor_* tool accepts a folder property naming the workspace folder the receipt lands in (defaults to SATSIGNAL_FOLDER, then the legacy SATSIGNAL_MATTER, then inbox).

Legacy compat: the old input name matter is a frozen alias of folder — still accepted with byte-identical behavior and never removed. Sending both folder and matter with different non-empty values is rejected (conflicting_alias); equal values are accepted. The request sent to the Satsignal API still uses the frozen matter_slug wire field, so this MCP server keeps working against current and older / self-hosted Satsignal servers.

Configuration

Env var Required Default
SATSIGNAL_API_KEY for anchoring
SATSIGNAL_API_BASE no https://app.satsignal.cloud
SATSIGNAL_FOLDER no inbox
SATSIGNAL_MATTER no legacy alias of SATSIGNAL_FOLDER (still honored; SATSIGNAL_FOLDER wins if both set)

Get an API key at https://app.satsignal.cloud. The customer API (POST /api/v1/anchors, bundle download, dashboard) lives on app.satsignal.cloud. proof.satsignal.cloud is the public verifier surface and serves /lookup_hash in mirror-mode — chain_confirm_bundle works against either host, but anchoring requires app.*. v0.1.0 shipped with the wrong default and silently 404'd every anchor call.

Install

pip install satsignal-mcp

Claude Desktop config

Add this to claude_desktop_config.json:

{
  "mcpServers": {
    "satsignal": {
      "command": "satsignal-mcp",
      "env": {
        "SATSIGNAL_API_KEY": "sk_...",
        "SATSIGNAL_FOLDER": "case-123"
      }
    }
  }
}

Verification model

Each anchor returns a proof_id, txid, and proof_url (carrying the legacy bundle_id / receipt_url values, which are still present). The proof is independent of Satsignal: anyone can fetch the bundle, verify the on-chain transaction directly against BSV, and check the sha256 matches.

This server exposes two verify tools with different trust assumptions — pick the one that matches what you have on hand:

  • verify_file_against_bundle(file_path, bundle_path) — full verify. Re-hashes the original file, confirms it matches the bundle's claimed sha (crypto check, detects tampering), then chain-confirms via public block explorers (WoC + Bitails) that the on-chain doc_hash matches the bundle. This is the recommended path when you have the original file. Backed by satsignal-cli's verify_file (pinned as a runtime dep so a clean install gets full verify out of the box).
  • chain_confirm_bundle(bundle_path) — fast chain-confirm only. Opens the bundle, extracts its claimed sha + txid, and confirms via Satsignal's /lookup_hash index that the sha was anchored at that txid. Does NOT open the original file, so a tampered original is not detected — the bundle stays self-consistent. Use this when the original file isn't available, or as a cheap pre-check.

verify_bundle is kept as a deprecated alias of chain_confirm_bundle for 0.3.x → 0.4.x; removable in 0.5.

Security notes

  • The label, filename, and folder (sent on the wire as the frozen matter_slug) fields you pass are written into the receipt and rendered on the public verifier page. They are also attacker-controllable from any agent calling this server — downstream code that reads these fields should treat them as untrusted text (HTML-escape, never embed in LLM context without an isolation boundary).
  • The API key is sent as Authorization: Bearer … over HTTPS and is never logged or returned in tool output.

License

MIT.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

satsignal_mcp-0.3.0.tar.gz (23.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

satsignal_mcp-0.3.0-py3-none-any.whl (16.1 kB view details)

Uploaded Python 3

File details

Details for the file satsignal_mcp-0.3.0.tar.gz.

File metadata

  • Download URL: satsignal_mcp-0.3.0.tar.gz
  • Upload date:
  • Size: 23.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for satsignal_mcp-0.3.0.tar.gz
Algorithm Hash digest
SHA256 f445a91f3c4ca2d9a152a72ac2f051628c3173335462c1e17e0582fb170fee66
MD5 7a2a65bf401d5f28fd44e6605025d476
BLAKE2b-256 ae6c8db75e1069dafa4b536b3904bfd839bb2a7b3318a32bcecea20d9474506f

See more details on using hashes here.

File details

Details for the file satsignal_mcp-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: satsignal_mcp-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 16.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for satsignal_mcp-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 afa4270f26267cbd0d600677912970cfcfb7f80bb445012b448a00bd41767ec5
MD5 9f663d11bef6a6d4e34a90d1251a4a32
BLAKE2b-256 bc66895d56624f76cee04fbabea08c848e13c2f891e4657794a10dda6f6ba67e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page