Server data from the Official MCP Registry
Public read-only MCP server for HODLXXI agent identity, trust, receipts, and verification.
Public read-only MCP server for HODLXXI agent identity, trust, receipts, and verification.
Remote endpoints: streamable-http: https://hodlxxi.com/agent/mcp
Valid MCP server (1 strong, 0 medium validity signals). 3 known CVEs in dependencies Imported from the Official MCP Registry.
26 tools verified ยท Open access ยท 3 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Remote Plugin
No local installation needed. Your AI client connects to the remote endpoint directly.
Add this to your MCP configuration to connect:
{
"mcpServers": {
"io-github-hodlxxi-hodlxxi-readonly": {
"url": "https://hodlxxi.com/agent/mcp"
}
}
}From the project's GitHub README.
A production-focused Flask service that bridges OAuth2/OpenID Connect with Lightning Network authentication. The project couples hardened security defaults, Redis-backed rate limiting, RS256 JWT issuance, and Postgres persistence so Bitcoin-enabled applications can expose standards-compliant identity endpoints.
app.security, and Redis-powered rate limiting with production fail-closed behavior and explicit non-production in-memory fallback warnings./metrics/prometheus endpoint, structured JSON logging, and a reusable create_app() factory (app/factory.py) for factory-based deployments.app.config, including production guardrails for secrets, Redis, and database connectivity.| Layer | Key Modules | Responsibilities |
|---|---|---|
| Web application | app/app.py, app/factory.py | Flask application, OAuth2/LNURL routes, Prometheus metrics, Socket.IO events, plus the factory-based app initialization |
| Security | app/security.py | Proxy/header fixes, HTTPS enforcement, Flask-Limiter setup, logging defaults |
| Identity tokens | app/tokens.py, app/jwks.py | RS256 JWT issuance, keypair persistence, JWKS publication |
| Storage | app/db_storage.py, app/database.py, app/storage.py | Postgres session helpers, Redis utilities, and in-memory parity for tests |
| Configuration | app/config.py | Typed env loader, production validation helpers |
| Observability | app/app.py, deployment/README.md | Prometheus counter wiring and deployment guidance |
Further documentation lives in the app/ directory and supporting deployment guides under deployment/.
For local development you can omit Postgres/Redis by exporting DATABASE_URL and REDIS_URL pointing to ephemeral services (e.g. docker-compose) or by relying on the in-memory storage adapter for tests.
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
export FLASK_APP=app.app:app
export FLASK_ENV=development
export RPC_USER=bitcoinrpc
export RPC_PASSWORD=change-me
flask run
The service exposes:
/.well-known/openid-configuration, /oauth/token, /oauth/authorizeFor third-party login setup, see Sign in with HODLXXI Integration Guide.
/.well-known/agent.json, /agent/capabilities, /agent/capabilities/schema/agent/skills, /agent/marketplace/listing, /agent/reputation, /agent/attestations/lnurl/auth LNURL challenge endpoints/metrics/prometheus for Prometheus scrapers/health basic liveness probeIf you want a production-like stack without installing Postgres/Redis/Bitcoin Core locally, use the bundled Compose file:
cp env.example .env
docker compose up --build
The Postgres, Redis, and Bitcoin services wait for health checks before the Flask app starts. Mounts for ./app, ./logs, and ./keys ensure code edits and generated keys persist on the host. See docs/DEV_ONBOARDING_CHECKLIST.md for the full onboarding flow and smoke tests.
See TESTING.md for pytest, mypy, and linting guidance.
app/config.py documents every supported environment variable. Highlights include:
JWT_ALGORITHM=RS256 to force asymmetric signing; JWKS files are stored in JWKS_DIR.RATE_LIMIT_ENABLED / RATE_LIMIT_DEFAULT for limiter tuning.DATABASE_URL or discrete DB_* variables for SQLAlchemy.REDIS_URL/REDIS_* for rate limiting and challenge/session TTL handling.SOCKETIO_ASYNC_MODE to pick a compatible backend (defaults to eventlet when available, otherwise falls back to threading).FORCE_HTTPS, SECURE_COOKIES, and CSRF_ENABLED for deployment hardening.Run python -m app.config (or import validate_config) inside your deployment pipeline to fail fast on insecure production settings.
pytest
Unit tests cover configuration parsing/validation along with storage adapters. Integration tests spin up the in-memory backend to exercise OAuth and LNURL flows without external services.
GET /agent/readiness/self-scan - public machine-readable self-scan report for the current HODLXXI runtime. It returns schema, summary, checks, verification, report_sha256, and current receipt / attestation status.The repository now exposes a coherent machine-readable agent surface:
/.well-known/agent.json for the public identity/discovery document/agent/capabilities for the signed capabilities handshake/agent/capabilities/schema for the canonical JSON Schema of that handshake/agent/skills for first-class skill discovery sourced from skills/public//agent/marketplace/listing for normalized directory/marketplace ingestionFor the protocol and trust model, see:
docs/DOCUMENTATION_MAP.md explains which docs are current, historical, experimental, or archive candidates.AGENT_PROTOCOL.md for the signed discovery and job protocolTRUST_MODEL.md for the normative trust language and verification boundariesdocs/AGENT_SURFACES.md for how the runtime discovery endpoints expose those claimsThe current agent surface is intentionally conservative: it exposes public-key identity, declared operator metadata, paid execution, signed receipts, and observable history, while treating time-locked capital and on-chain backing as optional trust anchors rather than verified runtime facts.
Developers can start from the SDK index:
docs/sdk/README.mdThe SDK covers:
Examples:
examples/python/ping_agent.pyexamples/python/auth_challenge_flow.pyexamples/python/nostr_auth_challenge_flow.pyThe SDK does not hold private keys. Applications bring their own wallet, hardware, Bitcoin Core, Nostr, or agent-runtime signer.
pip install -r requirements-dev.txt.pytest before opening a pull request.Bug reports and feature proposals are welcome via GitHub Issues.
Released under the MIT License.
Persisted readiness self-scan reports are runtime artifacts, not source files. For hardened production deployments, set:
AGENT_READINESS_REPORT_DIR=/srv/ubid/runtime/agent_readiness_reports
For hodlxxi.service, this path should live under the writable runtime area and be owned by the service user.
Be the first to review this server!
by Modelcontextprotocol ยท Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno ยท Developer Tools
Toleno Network MCP Server โ Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace ยท Developer Tools
Create, build, and publish Python MCP servers to PyPI โ conversationally.