Server data from the Official MCP Registry
The bolthub API marketplace, L402 gateways, and your other MCP servers, on one Lightning budget.
The bolthub API marketplace, L402 gateways, and your other MCP servers, on one Lightning budget.
Valid MCP server (2 strong, 2 medium validity signals). No known CVEs in dependencies. ⚠️ Package registry links to a different repository than scanned source. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.
14 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: LND_REST_HOST
Environment variable: LND_MACAROON
Environment variable: NWC_URI
Environment variable: LNBITS_URL
Environment variable: LNBITS_ADMIN_KEY
Environment variable: PHOENIXD_URL
Environment variable: PHOENIXD_PASSWORD
Environment variable: BUDGET_SATS
Environment variable: BOLTHUB_AUTH_TOKEN
Add this to your MCP configuration file:
{
"mcpServers": {
"ai-bolthub-mcp": {
"env": {
"NWC_URI": "your-nwc-uri-here",
"LNBITS_URL": "your-lnbits-url-here",
"BUDGET_SATS": "your-budget-sats-here",
"LND_MACAROON": "your-lnd-macaroon-here",
"PHOENIXD_URL": "your-phoenixd-url-here",
"LND_REST_HOST": "your-lnd-rest-host-here",
"LNBITS_ADMIN_KEY": "your-lnbits-admin-key-here",
"PHOENIXD_PASSWORD": "your-phoenixd-password-here",
"BOLTHUB_AUTH_TOKEN": "your-bolthub-auth-token-here"
},
"args": [
"-y",
"@bolthub/mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
Source code for every publicly published bolthub.ai package — the npm @bolthub/* scope and the bolthub / bolthub-verify PyPI packages.
bolthub is a payment layer for agent-to-tool commerce: charge agents for your MCP tools and APIs per call, settling on the rail you choose (Lightning today, stablecoins next), with bolthub never in the funds path. These packages are the open-source side of that: the tool-payment SDK, payment clients, MCP servers, a CLI, and origin-verification middleware.
| Package | Registry | Directory | What it is |
|---|---|---|---|
@bolthub/pay | npm | packages/pay | Tool-payment SDK — price an MCP tool or HTTP endpoint (createPaywall), pay for tools within a budget (PayingClient); rails: L402, x402, facilitator |
@bolthub/agent | npm | packages/agent | L402 payment client — wallet adapters (LND, LNbits, Phoenixd, NWC, WebLN), 402 challenge handling, session cache |
@bolthub/mcp-registry | npm | packages/mcp-registry | MCP server exposing the whole bolthub marketplace to AI agents |
@bolthub/mcp-bridge | npm | packages/mcp-bridge | MCP server for a single bolthub gateway (one tool per endpoint) |
@bolthub/cli | npm | packages/cli | Terminal client for the marketplace |
@bolthub/verify | npm | packages/verify | Gateway signature verification middleware (Express/Fastify/Node) |
bolthub | PyPI | packages/agent-python | Python L402 client |
bolthub-verify | PyPI | packages/verify-python | Python gateway signature verification (Flask/Django/FastAPI) |
packages/shared is internal (never published); it is here because @bolthub/mcp-bridge bundles it.
The bolthub platform (gateway, API, web app) lives in a private monorepo. The SDK packages above are developed there and synced to this repository, which is the publish origin: releases are tagged here and built + published by CI with npm provenance, so what's on npm is verifiably built from this public source.
Issues and PRs are welcome here. Accepted changes are applied to the monorepo first, then sync back out with the next release.
Published dist/ bundles are built with Bun from this source and ship source maps with embedded sources, so the tarball itself is readable.
# provenance: confirm the tarball was built from this repo by GitHub Actions
npm audit signatures
# or rebuild and compare yourself
git clone https://github.com/signaltech-org/bolthub-sdk
cd bolthub-sdk && bun install
cd packages/mcp-registry && bun run build
See SECURITY.md for the trust model (what touches your wallet credentials and what doesn't) and how to report vulnerabilities.
bun install
bun test
Each TypeScript package builds with bun run build from its directory (@bolthub/agent must be built before the packages that bundle it).
MIT
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.