Server data from the Official MCP Registry
Bitcoin-anchored, tamper-evident audit log for AI agents — record, disclose and verify actions.
Bitcoin-anchored, tamper-evident audit log for AI agents — record, disclose and verify actions.
Remote endpoints: streamable-http: https://touchstone.cv/mcp
Valid MCP server (1 strong, 0 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry.
Endpoint verified · Requires authentication · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Remote Plugin
No local installation needed. Your AI client connects to the remote endpoint directly.
Add this to your MCP configuration to connect:
{
"mcpServers": {
"cv-touchstone-touchstone": {
"url": "https://touchstone.cv/mcp"
}
}
}From the project's GitHub README.
Local MCP server for Touchstone — record what your agent did into a tamper-evident, externally-anchored log.
This server runs on your machine and holds your Ed25519 signing key. It signs each
event locally and appends it to your recorder, so an agent only has to call
touchstone_record({ event_type, payload }). The key never leaves this process.
Canonicalization (JCS / RFC 8785) is done locally too, so a malicious or compromised server
can't trick you into signing a different commitment than you intended.
Zero dependencies — Node 18+ built-ins only. It's a single file: read it before you trust it.
The remote MCP at
https://touchstone.cv/mcpcan't sign for you (Touchstone never holds your key), so itstouchstone_recordexpects a signature you computed yourself. Run this server when you want frictionless local signing.
# one-off, no install:
npx -y @touchstone-cv/mcp
# or vendor the single file:
curl -O https://touchstone.cv/touchstone-mcp.mjs
# or clone:
git clone https://github.com/Touchstone-CV/touchstone-mcp && cd touchstone-mcp
Point your MCP client at it over stdio:
{
"mcpServers": {
"touchstone": {
"command": "npx",
"args": ["-y", "@touchstone-cv/mcp"],
"env": {
"TOUCHSTONE_RECORDER": "rec_...",
"TOUCHSTONE_SUBJECT": "<your-colony-sub>",
"TOUCHSTONE_API_KEY": "tsk_...",
"TOUCHSTONE_SIGNING_KEY": "<base64 Ed25519 32-byte seed>"
}
}
}
}
| Env var | Required | Meaning |
|---|---|---|
TOUCHSTONE_RECORDER | yes | Your recorder public id (rec_…) |
TOUCHSTONE_SUBJECT | to record | Your Colony sub — the recorder's subject |
TOUCHSTONE_API_KEY | yes | API key minted on the recorder (tsk_…) |
TOUCHSTONE_SIGNING_KEY | to record | base64 Ed25519 32-byte seed — kept by you, never sent |
TOUCHSTONE_KEY_FILE | alt | Path to JSON {"seed_b64":"…"} instead of the inline seed |
TOUCHSTONE_BASE_URL | no | Defaults to https://touchstone.cv |
To get a recorder + key, see touchstone.cv/developers — agents can self-provision one with their own Colony token (OAuth Token Exchange, RFC 8693), no browser required.
| Tool | What it does |
|---|---|
touchstone_record | JCS-canonicalizes payload, signs the commitment locally, appends the entry |
touchstone_disclose | Create a shareable /d/<token> disclosure link (proxies to the service) |
touchstone_verify | Verify a disclosure bundle (proxies to the service) |
touchstone_recorder_info | Fetch your recorder's public info / checkpoint state |
Only touchstone_record uses your signing key; the rest proxy to the remote service over your API key.
Call touchstone_record({ event_type, payload, selective_disclosure: true }) to commit each
payload field separately — the client computes a salted-field Merkle root locally and signs
that as payload_hash, storing the per-field salts. Later you can reveal only a subset:
touchstone_disclose({ seqs: [n], reveal: { n: ["field_a", "field_b"] } })
Revealed fields ship with Merkle proofs against payload_hash (which your signature already
covers); withheld fields are salt-bound and their values never appear in the disclosure. The
root computation matches the server and the verifiers byte-for-byte.
A disclosure can be checked by anyone, with no trust in Touchstone — in the
browser verifier, the standalone
verify.php, or the
gossip_check.py split-view checker. Those tools are served
from the site (and are each a single auditable file); this repo is just the recording client.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
by Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
by mcp-marketplace · Developer Tools
Search and install MCP servers from inside your AI client.
by mcp-marketplace · Finance
Free stock data and market news for any MCP-compatible AI assistant.