Server data from the Official MCP Registry
Solana-native MCP gateway for SAP, DeFi tools, SNS identity, and x402 payments.
Solana-native MCP gateway for SAP, DeFi tools, SNS identity, and x402 payments.
Remote endpoints: streamable-http: https://mcp.sap.oobeprotocol.ai/mcp
This is a production-oriented MCP server for OOBE Protocol SAP with legitimate financial/payment functionality requiring broad network and environment variable access. However, there are several code quality and security concerns: missing input validation on critical paths, overly broad exception handling, sensitive data potentially logged, and insufficient validation of parsed cryptographic material. While the codebase demonstrates good architectural patterns and the permissions largely match its stated purpose, the validation gaps and logging practices create moderate security risks that should be addressed before production deployment. Supply chain analysis found 6 known vulnerabilities in dependencies (0 critical, 2 high severity). Package verification found 1 issue.
4 files analyzed · 16 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE
Environment variable: SAP_LOG_LEVEL
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
From the project's GitHub README.
Production-oriented Model Context Protocol server for OOBE Synapse Agent Protocol, Solana, Synapse AgentKit, SNS, and monetized hosted agent workflows.
SAP MCP exposes the same typed tool registry through two supported MCP launch modes:
/mcp for hosted customers and orchestrators.It also includes a professional setup wizard, profile-managed config under ~/.config/mcp-sap, optional Bento policy integration, local and external signing modes, x402 monetization, a self-hosted OOBE facilitator, pay.sh provider YAML generation, and an A2A-compatible discovery card.
User-facing setup docs live in USER_DOCS/. Operator and engineering docs live in docs/.
| Area | Current behavior |
|---|---|
| Package version | 0.2.1 |
| MCP transport | stdio locally, Streamable HTTP remotely |
| Remote access | Bearerless public mode for hosted agents; API key or JWT for private modes |
| Config directory | ~/.config/mcp-sap only |
| Agent wallet | Dedicated wallet path under ~/.config/mcp-sap/keypairs/ by default |
| Solana CLI keypair | Never modified by the wizard |
| Policy | Local policy by default, optional Bento or hybrid policy |
| Monetization | Optional remote-only x402/pay.sh payment flow with per-tool pricing |
| Signing | Local dedicated wallet or external signer, depending on profile mode |
| Discovery | A2A-compatible card at /.well-known/agent-card.json |
Prerequisites:
node --version # >= 22.12.0
corepack enable
corepack prepare pnpm@11.7.0 --activate
pnpm --version # 11.7.0
From source:
pnpm install
pnpm run build
Do not use npm install for source deployments. This repository is locked and verified with pnpm.
From the published package:
npm install -g @oobe-protocol-labs/sap-mcp-server
Create or select a profile:
npx sap-mcp-config wizard
Inspect the active profile:
npx sap-mcp-config show
npx sap-mcp-config pubkey
npx sap-mcp-config profiles
Start local stdio MCP:
sap-mcp-server
or from source:
node dist/cli.js
Hosted customers connect their agents to https://mcp.sap.oobeprotocol.ai/mcp, but signing remains user-controlled. Any user who wants to pay x402/pay.sh charges, register or operate a SAP identity, or execute value-moving Solana/SAP tools should run the wizard first and keep the dedicated wallet under ~/.config/mcp-sap/keypairs/ or behind an external signer. Read-only hosted discovery can use the remote URL without a local signer.
For local agents, let SAP MCP follow the active profile manager instead of hard-coding wallet paths or stale RPC overrides:
{
"mcpServers": {
"sap": {
"command": "sap-mcp-server",
"env": {
"SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE": "false",
"SAP_LOG_LEVEL": "info"
}
}
}
}
Codex uses TOML rather than the JSON mcpServers shape. For hosted remote MCP, add this to ~/.codex/config.toml and restart Codex:
[mcp_servers.sap]
url = "https://mcp.sap.oobeprotocol.ai/mcp"
For paid/write hosted tools, add the local non-custodial payment bridge as well:
[mcp_servers.sap_payments]
command = "npx"
args = ["--yes", "--package", "@oobe-protocol-labs/sap-mcp-server", "sap-mcp-server"]
enabled_tools = ["sap_x402_paid_call", "sap_profile_current", "sap_x402_estimate_cost"]
tool_timeout_sec = 300
[mcp_servers.sap_payments.env]
SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE = "false"
SAP_ALLOWED_TOOLS = "sap_x402_paid_call,sap_profile_current,sap_x402_estimate_cost"
SAP_LOG_LEVEL = "info"
On Windows, use command = "npx.cmd". The wizard can write this automatically.
Codex supports Streamable HTTP MCP servers with URL-based entries in config.toml. Use local stdio through npx only when you specifically want Codex to launch the local SAP MCP process:
[mcp_servers.sap]
command = "npx"
args = ["--yes", "--package", "@oobe-protocol-labs/sap-mcp-server", "sap-mcp-server"]
[mcp_servers.sap.env]
SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE = "false"
SAP_LOG_LEVEL = "info"
On Windows, use command = "npx.cmd".
Remote deployments expose MCP over Streamable HTTP:
node dist/remote/server.js
Production environment values should come from a private secret store or private deployment file, not from public docs. Public hosted agent-facing deployments can use SAP_MCP_AUTH_TYPE=none when x402, rate limits, and policy are enabled. API key or JWT auth remains available for private beta, enterprise, and admin deployments.
Remote endpoints:
GET /
GET /docs
GET /server.json
GET /favicon.png
GET /favicon.ico
GET /health
GET /openapi.json
GET /.well-known/x402
GET /pay/provider.yml
GET /.well-known/agent-card.json
GET /.well-known/sap-mcp-wizard.json
GET /wizard/install.sh
POST /mcp
GET /mcp
DELETE /mcp
GET / is a public, share-safe landing page with Open Graph/Twitter metadata. It exposes only public server information; keypair bytes, private wallet paths, RPC query secrets, and VPS-local paths must never appear there.
GET /docs serves the public documentation site for install, start, configuration, hosted remote MCP, x402/pay.sh payments, and MCP client setup.
See 05. Remote VPS Deployment and 07. Endpoints And Clients.
Hosted HTTP deployments can require payment for paid tools/call requests while leaving local stdio and base MCP protocol calls free.
Initial model:
| Tier | Examples | Price |
|---|---|---|
| Free | tools/list, prompts/list, resources/list, sap_profile_current, base overview | Free |
| Premium read | sap_list_all_agents, enriched network stats, indexed discovery | $0.007 to $0.01 |
| Builder or batch | complex builders, SNS/domain batch checks, enriched analytics | $0.01 to $0.10 |
| Value action | selected value-linked operations | fixed $0.20 plus optional 0.5% |
Enable x402:
SAP_MCP_MONETIZATION_ENABLED=true
SAP_MCP_MONETIZATION_PROVIDER=x402
SAP_MCP_MONETIZATION_PAY_TO=YOUR_SOLANA_USDC_RECIPIENT
SAP_MCP_X402_FACILITATOR_URL=YOUR_PRIVATE_OR_HOSTED_FACILITATOR_URL
Initialize and run the OOBE facilitator:
npx sap-mcp-facilitator init
npx sap-mcp-facilitator start
Generate a pay.sh provider YAML:
The hosted public catalog is available at https://mcp.sap.oobeprotocol.ai/pay/provider.yml.
It is secret-free and intended for pay.sh catalog/proxy discovery.
npx sap-mcp-pay-sh-spec \
--out sap-mcp-pay-sh.yml \
--upstream-url https://mcp.sap.oobeprotocol.ai \
--network mainnet \
--recipient YOUR_SOLANA_USDC_RECIPIENT
See 06. Payments, x402, And pay.sh.
For local agent runtimes that cannot replay x402 challenges natively, install
the wizard's x402_paid_call addon or call the helper directly:
npm exec --yes --package @oobe-protocol-labs/sap-mcp-server -- sap-mcp-x402-paid-call \
--tool sap_list_all_agents \
--arguments '{"limit":5}' \
--max-usd 0.02 \
--confirm
The helper signs payment payloads with the user's local SAP MCP profile and never sends keypair bytes to the hosted server.
pnpm run typecheck
pnpm run lint
pnpm test -- --run
pnpm run build
pnpm run verify:release
Installed binaries:
| Command | Purpose |
|---|---|
sap-mcp-server | Local stdio MCP server and CLI entry point |
sap-mcp-remote | Remote MCP server with bearerless, API key, and JWT modes |
sap-mcp-config | Config CLI, profile manager, approval workflow, and wizard |
sap-mcp-wizard | TUI configuration wizard |
sap-signing-proxy | Local signing proxy |
sap-mcp-facilitator | Self-hosted x402 SVM facilitator |
sap-mcp-pay-sh-spec | pay.sh provider YAML generator |
sap-mcp-x402-paid-call | Local x402 payment helper for hosted paid MCP tools |
Start with 00. Documentation Index.
| Document | Purpose |
|---|---|
| 01. Product Overview | Product model, users, public/private repo guidance, and wizard distribution. |
| 02. Architecture And Request Flow | Runtime modules, local flow, remote flow, signing, payments, and trust boundaries. |
| 03. Configuration And Wizard | Profile manager, wizard, wallet isolation, client injection, and config CLI. |
| 04. Local Stdio Usage | Local setup for Claude, Hermes, Codex, OpenClaw, and development agents. |
| 05. Remote VPS Deployment | Hosted deployment, reverse proxy, PM2, and customer onboarding. |
| 06. Payments, x402, And pay.sh | Pricing, x402 gate, pay.sh provider YAML, facilitator signer, and settlement. |
| 07. Endpoints And Clients | HTTP endpoints, headers, smoke tests, and client examples. |
| 08. Security, Policy, And Signing | Key material rules, signer modes, Bento policy, and transaction safety. |
| 09. Tools, Skills, And Agent Guide | Tool families, SDK doc pointers, skills, and agent behavior. |
| 10. Operations, Release, And PM2 | Quality gates, PM2, secrets, release packaging, and changelog discipline. |
| 11. Code Quality Audit | Current engineering scorecard, release gates, quality rules, and residual risks. |
| 12. On-Chain Agent Chat | Signed thematic group chat, room manifests, retrieval, link sharing, privacy boundaries, and SDK roadmap. |
src/
adapters/ MCP and Solana adapter helpers
config/ Runtime config, secure config manager, setup wizard pipeline
core/ Shared runtime types, errors, logger, constants
payments/ x402 monetization, facilitator, usage ledger, pay.sh spec
policy/ Local, Bento, and hybrid policy engines
remote/ Streamable HTTP MCP server
resources/ MCP resources
security/ Private-key, unsafe-action, and permission guards
server/ MCP server factory and capability registration
signer/ Local, delegated, and external signer adapters
tools/ SAP, Solana, AgentKit, SNS, profile, skill, chat, and payment tools
transports/ stdio and local HTTP transport helpers
SAP MCP Server is released under the MIT License.
| Partner / Product | Integration |
|---|---|
| @bentoguard / Bento Guard | Optional policy layer for AI-assisted intent scoring, escalation, and hybrid local/Bento guardrails. Uses the optional @bentoguard/sdk package and credentials from app.bentoguard.xyz. |
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.