Server data from the Official MCP Registry
Cryptographic receipts for AI outputs on Base or Solana via x402.
Cryptographic receipts for AI outputs on Base or Solana via x402.
This MCP server implements a notarization service for AI outputs with appropriate use of cryptographic signatures and careful data handling. However, there are meaningful security concerns: the WALLET_PRIVATE_KEY and SOLANA_PRIVATE_KEY environment variables are required for paid operations but not validated before use, the Date.now monkeypatch is a code smell that could introduce timing attacks, and there is insufficient input validation on user-supplied content (prompt, response, model_id) before sending to external endpoints. The permissions (network_http, env_vars) align with the service's purpose, but the handling of private key material requires more hardening. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
3 files analyzed · 11 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: WALLET_PRIVATE_KEY
Environment variable: NOTARY_RAIL
Environment variable: NOTARY_BASE_URL
Environment variable: SOLANA_PRIVATE_KEY
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-forgemeshlabs-x402-notary-mcp": {
"env": {
"NOTARY_RAIL": "your-notary-rail-here",
"NOTARY_BASE_URL": "your-notary-base-url-here",
"SOLANA_PRIVATE_KEY": "your-solana-private-key-here",
"WALLET_PRIVATE_KEY": "your-wallet-private-key-here"
},
"args": [
"-y",
"@forgemeshlabs/x402-notary-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
A ForgeMesh Labs product — the notary of the x402 agent economy.
Prove what your AI said, when it said it, and which model said it.
Every AI output is just text. There's no proof a specific model produced a specific response at a specific time — and as agents start hiring other agents, that trust gap gets expensive. x402 Notary closes it: submit any inference, pay $0.001 in USDC (automatic, via x402 on Base or Solana — no API key, no account), and get back a signed, timestamped, chain-anchored receipt that anyone can verify, free, forever.
We notarize the hash, not your secrets. Your prompt and response are hashed and signed — never stored. Private signed receipts, publicly anchored by batch root.
{
"mcpServers": {
"x402-notary": {
"command": "npx",
"args": ["-y", "@forgemeshlabs/x402-notary-mcp"],
"env": {
"WALLET_PRIVATE_KEY": "0x..."
}
}
}
}
WALLET_PRIVATE_KEY is a dedicated low-balance Base wallet for x402 micropayments — never your primary wallet. $1 of USDC notarizes 1,000 outputs.
{
"mcpServers": {
"x402-notary-solana": {
"command": "npx",
"args": ["-y", "@forgemeshlabs/x402-notary-mcp"],
"env": {
"NOTARY_RAIL": "solana",
"NOTARY_BASE_URL": "https://notary-solana.forgemesh.io",
"SOLANA_PRIVATE_KEY": "[1,2,...]"
}
}
}
}
SOLANA_PRIVATE_KEY is a dedicated low-balance Solana keypair for x402 micropayments. It may be a JSON byte array, base58, base64, or hex-encoded 32/64-byte key. Never use your primary wallet.
Verification needs no wallet at all. Skip the env block entirely and you can still verify receipts, inspect attestations, and read live stats.
| Tool | Cost | What it does |
|---|---|---|
notarize_inference | $0.001 | Signed receipt for one {prompt, response, model_id} |
notarize_batch | $0.005 | Up to 20 receipts in one call — built for audit trails |
verify_attestation | free | Check any receipt: signature, content hash, Merkle proof |
get_receipt | free | Fetch the public proof material for an attestation |
notary_stats | free | Live volume, top models, anchored batches |
notary_pubkey | free | The notary's Ed25519 key — verify receipts fully offline |
When you notarize an inference you get an attestation:
{
"attestation_id": "att_64d22f5f5c95d0e759ad54dc",
"content_hash": "sha256 of {prompt, response, model_id, timestamp}",
"signature": "Ed25519 — verifiable offline against the public notary key",
"notarized_at": "2026-07-03T02:47:11.000Z",
"anchor": { "status": "sealed", "merkle_root": "…", "proof": ["…"] }
}
That's proof of three things:
Any agent (or human, or CI job) can check a receipt before acting on the output behind it:
curl -s https://notary.forgemesh.io/api/verify \
-H 'content-type: application/json' \
-d '{"attestation_id":"att_…","prompt":"…","response":"…","model_id":"openai/gpt-5"}'
"valid": true means the content matches the notarized hash and the notary's Ed25519 signature checks out. Tampered content is rejected with the exact failing check.
Not every call — the outputs that matter:
Casual chat and scratchpad reasoning don't need receipts. Externalized outputs do.
No signup, no API key, no subscription. The first request returns an HTTP 402 challenge; your MCP client signs a USDC payment authorization and retries. Base uses EIP-3009; Solana uses the x402 SVM exact rail. The receipt lands in the same response — including the payment transaction hash under _payment.
Prefer raw HTTP? The full agent-readable surface:
https://notary.forgemesh.io/llms.txt — one-page summary for agentshttps://notary.forgemesh.io/openapi.json — OpenAPI 3.1 with x402 payment metadatahttps://notary.forgemesh.io/.well-known/x402.json — x402 discovery manifesthttps://notary-solana.forgemesh.io/llms.txt — Solana rail summaryhttps://notary-solana.forgemesh.io/openapi.json — Solana OpenAPI 3.1 with x402 metadatahttps://notary-solana.forgemesh.io/.well-known/x402.json — Solana x402 discovery manifestIs my prompt stored anywhere? No. The hash is computed, signed, and the raw text is discarded. This is the default and only mode.
Do I need an account or API key? No. x402 payments are the only credential.
What does verification cost? Nothing, for anyone, forever. Charging to verify would defeat the point of a trust primitive.
What chain and token? USDC on Base mainnet (eip155:8453) by default. Set NOTARY_RAIL=solana and NOTARY_BASE_URL=https://notary-solana.forgemesh.io for Solana mainnet USDC.
Can I verify receipts without contacting the notary? Yes — fetch the Ed25519 public key once (notary_pubkey) and verify signatures offline.
Why "x402 Notary"? x402 is the open protocol that lets AI agents pay for services in USDC over plain HTTP — and this is its notary: the attestation layer agents use to prove and verify each other's outputs before money or reputation moves on them.
Built by ForgeMesh Labs · Powered by the x402 protocol · MIT License
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.