Metadata-Version: 2.4
Name: trustnotch-mcp
Version: 0.1.0
Summary: MCP server for TrustNotch — tamper-evident audit logs for AI agents.
Keywords: mcp,model-context-protocol,audit,logging,ai-agents,tamper-evident
Author: Sandro Chekalov
Author-email: Sandro Chekalov <sandro@trustnotch.com>
License-Expression: Apache-2.0
License-File: LICENSE
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: System :: Logging
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Operating System :: OS Independent
Classifier: Typing :: Typed
Requires-Dist: httpx>=0.28.1
Requires-Dist: mcp>=1.27.1
Requires-Dist: trustnotch>=0.1.0
Requires-Python: >=3.12
Project-URL: Homepage, https://trustnotch.com/trustnotch-mcp
Description-Content-Type: text/markdown

# trustnotch-mcp

MCP server for [TrustNotch](https://trustnotch.com) — tamper-evident audit logs for AI agents.

<!-- mcp-name: com.trustnotch/trustnotch-mcp -->

A local (stdio) Model Context Protocol server that exposes the TrustNotch API as tools an
MCP client (Claude Desktop, etc.) can call: submit a log entry, fetch one, fetch its proof
bundle, and verify a proof offline — the server it talks to is never trusted to vouch
for its own logs.

## Install

```bash
uvx trustnotch-mcp
```

or `pip install trustnotch-mcp`.

## Configure

Set these in your MCP client's server config (env):

- `TRUSTNOTCH_API_KEY` (required) — your `tn_live_...` / `tn_test_...` API key.
- `TRUSTNOTCH_API_URL` (optional) — defaults to `https://api.trustnotch.com`.
- `TRUSTNOTCH_PUBKEYS_PATH` (optional) — pin a local public-key file for stronger verification independence.

## Tools

- `submit_log` — record a tamper-evident log entry (a JSON payload, or a pre-computed SHA-256 for zero-PII mode).
- `get_log` — fetch a previously submitted entry by id.
- `get_proof` — fetch the proof bundle (signed receipt + Merkle inclusion proof + OpenTimestamps Bitcoin anchor).
- `verify_proof` — verify a bundle locally, offline.
- `verify_log` — fetch + verify in one step.

## License

Apache-2.0
