Server data from the Official MCP Registry
Kill switch + spend guard for AI agents that spend money, across every wallet vendor at once.
Kill switch + spend guard for AI agents that spend money, across every wallet vendor at once.
Valid MCP server (2 strong, 3 medium validity signals). No known CVEs in dependencies. ⚠️ Package registry links to a different repository than scanned source. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.
18 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: COUNTERSIGN_URL
Environment variable: COUNTERSIGN_API_KEY
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-countersign-network-countersign": {
"env": {
"COUNTERSIGN_URL": "your-countersign-url-here",
"COUNTERSIGN_API_KEY": "your-countersign-api-key-here"
},
"args": [
"-y",
"@countersign/mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
A neutral, cross-vendor control plane for AI agents that spend money. Countersign holds the policy, the freeze, and the audit ledger across multiple agent-wallet backends at once — the one thing no single wallet vendor can do, because each only governs its own rail. That aggregation is the moat.
Live version of this loop: countersign.network/demo.html · 60s video
One falsifiable test defines it: can Countersign freeze agents across many backends at once, in under a second, with a unified tamper-evident ledger of every attempt? Proven LIVE across four rails (Coinbase, Turnkey, Openfort, and a Lithic Visa card) in ~432ms on testnet.
This repository is the open-core front door — the Apache-2.0 packages you build against: the integration contract, the typed client, the MCP tools, and the x402 guard. The control-plane "brain" (the policy compiler, the hash-chained ledger, the vendor adapters, and the hosted Core) is separate and proprietary; you reach it over the network via the SDK/MCP, hosted at app.countersign.network.
Drop the kill switch + spend guard into any MCP client (Claude, Cursor, …) — one line:
// claude / cursor mcp config
{ "mcpServers": { "countersign": {
"command": "npx", "args": ["-y", "@countersign/mcp"],
"env": { "COUNTERSIGN_URL": "https://app.countersign.network", "COUNTERSIGN_API_KEY": "csk_…" }
}}}
Or wire it into your own agent with the SDK:
import { CountersignClient } from "@countersign/sdk";
const cs = new CountersignClient({ baseUrl, apiKey });
await cs.evaluate({ agentId, amount, asset, venue }); // may this spend happen? (allow / deny / needs_approval)
await cs.freeze(); // the kill switch — every backend, < 1s
Get a free testnet key at https://app.countersign.network/start?ref=gh-readme.
Agents paying agents? See examples/guarded-payee — the A2A/AP2
pattern where a payee advertises it is governed and the payer verifies that (and guards its own
payment) before any mandate is signed.
| Package | Role |
|---|---|
@countersign/core | the EnforcementProvider interface, branded ids, the unified policy schema, the fail-closed freeze controller — the integration contract every backend implements |
@countersign/api-contract | OpenAPI + typed REST/ws schema — the single source of truth for the Client↔Core wire interface |
@countersign/sdk | typed client over the Core API + live ledger subscribe |
@countersign/mcp | Countersign as MCP tools — kill switch + spend guard inside any MCP client |
@countersign/x402 | govern x402 (HTTP-402 machine payments) — guard a payment before it pays |
@countersign/verify | verify a ledger entry offline — hash chain, RFC 6962 Merkle inclusion, Ed25519 signatures |
@countersign/ap2 | govern AP2 (Agent Payments Protocol) — guard an agent-payment mandate before it executes |
The proprietary brain (policy compiler to each backend's native controls, ledger, Coinbase / Turnkey / Openfort / Lithic adapters, the hosted Core) lives in a separate private repository.
EnforcementProvider interface.@countersign/sdk ·
@countersign/mcp ·
@countersign/x402 ·
@countersign/ap2docs/architecture.md · Security: SECURITY.mdApache-2.0. Countersign holds policy, freeze, and a tamper-evident ledger — it never takes custody of funds.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.