Yes, Proof Layer is free to use.

How do I install Proof Layer?

Proof Layer is a local plugin. Install it using npm package: @proof-layer/mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Proof Layer need?

Proof Layer requires the following credentials or environment variables: PROOF_LAYER_API_KEY, PROOF_LAYER_API_URL, PROOF_LAYER_TELEMETRY. You can find setup instructions on the server detail page.

What AI apps work with Proof Layer?

Proof Layer uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Proof Layer MCP Server

by World 999 Labs

Developer ToolsModerate5.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

Signed, hash-chained provenance receipts for AI agent actions.

About

Signed, hash-chained provenance receipts for AI agent actions.

Security Report

5.0

Moderate5.0Moderate Risk

This is a well-architected MCP server for cryptographic governance receipts with solid security practices. Authentication via API key is properly enforced, code is clean and input-validated, and permissions align with the server's purpose (network access for API calls, file I/O for install tracking). The telemetry implementation is transparent with a clear opt-out mechanism. Minor code quality notes around error handling and logging do not materially impact security. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 2 high severity). Package verification found 1 issue.

6 files analyzed · 8 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

file_system

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

What You'll Need

Set these up before or after installing:

Your Proof Layer API key from https://prooflayer.world999labs.com/dashboard/keysRequired

Environment variable: PROOF_LAYER_API_KEY

Override the default API endpoint (default: https://prooflayer.world999labs.com)Optional

Environment variable: PROOF_LAYER_API_URL

Set to 'off' to disable anonymous usage telemetry (default: on)Optional

Environment variable: PROOF_LAYER_TELEMETRY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-world-999-labs-proof-layer": {
      "env": {
        "PROOF_LAYER_API_KEY": "your-proof-layer-api-key-here",
        "PROOF_LAYER_API_URL": "your-proof-layer-api-url-here",
        "PROOF_LAYER_TELEMETRY": "your-proof-layer-telemetry-here"
      },
      "args": [
        "-y",
        "@proof-layer/mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Proof Layer

Cryptographic governance receipts for AI agents. Issued before the agent acts. Ed25519-signed. Hash-chained. Verifiable offline.

Built by WORLD999_LABS. Published on npm under @proof-layer/*. The legacy @veridocs/* package names continue to resolve and forward to the new ones.

What this repo contains

This is the public half of Proof Layer — the parts you install and run on your own machine:

Package	What it does	npm
`@proof-layer/mcp`	MCP server for Claude Desktop, Cursor, Cline, and any MCP-aware host
`@proof-layer/verify`	Standalone offline verifier — zero dependencies, audits any receipt bundle with just our public key

The kernel (governance engine, Gauntlet adversary/judge pipeline, billing, dashboard) is closed-source and runs at prooflayer.world999labs.com. Open-source clients + closed-source server is the same pattern Stripe, Resend, and Vercel use — you get full transparency on what runs locally and what data leaves your machine, while the proprietary server logic stays protected.

Quick start

npx -y @proof-layer/mcp@latest

Drop into Claude Desktop's claude_desktop_config.json:

{
  "mcpServers": {
    "proof-layer": {
      "command": "npx",
      "args": ["-y", "@proof-layer/mcp@latest"],
      "env": {
        "PROOF_LAYER_API_KEY": "pl_live_...",
        "PROOF_LAYER_API_URL": "https://prooflayer.world999labs.com"
      }
    }
  }
}

Restart Claude. Eight pl_* tools appear in the picker. Get an API key at prooflayer.world999labs.com.

Migrating from @veridocs/mcp? No code changes required. The legacy package name continues to resolve, the legacy vd_* tool names continue to work alongside pl_*, and existing VERIDOCS_API_KEY / VERIDOCS_API_URL environment variables are still accepted. You can switch the package name and env-var names on your own schedule.

Why pre-execution governance?

Most "AI safety" tools run after the model has acted — toxicity filters, output classifiers, post-hoc audit logs. By the time the alarm fires, the agent has already sent the email, merged the PR, or executed the trade.

Proof Layer flips this:

Agent proposes an action (e.g. "send wire transfer for $50,000")
Proof Layer evaluates → returns signed verdict: EXECUTE / BLOCK / REVIEW / SHADOW
Receipt is written to a hash-chained, Ed25519-signed audit trail
Anyone with our public key can verify the entire chain offline — no trust in our infra required

A broken hash chain = tampering, immediately visible. A missing receipt = the agent acted without permission.

Verifying receipts offline

Receipts are designed to outlive us. Here's how to verify a bundle without ever calling our API:

import { verifyBundle } from "@proof-layer/verify";
import fs from "fs";

const bundle = fs.readFileSync("./receipts.ndjson", "utf8");
const publicKey = fs.readFileSync("./prooflayer-public-key.pem", "utf8");

const result = verifyBundle(bundle, publicKey);
console.log(result);
// { pass: 147, fail: 0, total: 147, chainBroken: false }

Public key is published at prooflayer.world999labs.com/v1/public-key and rotates on a published schedule.

Resources

🌐 Homepage: https://prooflayer.world999labs.com
🎬 Live demo (no signup): https://prooflayer.world999labs.com/demo
📖 MCP docs: packages/mcp/README.md
🔒 Privacy policy: PRIVACY.md
🐛 Report issues: GitHub Issues
💬 Support: support@world999labs.com

License

MIT — see LICENSE.

The kernel and dashboard are proprietary and not included in this repo. The MCP server, verifier, and all client SDKs published under @proof-layer/* (and the legacy @veridocs/* names) are MIT-licensed.

Contributing

Pull requests, issues, and feedback welcome. See CONTRIBUTING.md.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Proof Layer MCP Server

About

Security Report

Findings (8)Action required

Permissions Required

What You'll Need

How to Install

Documentation

Proof Layer

What this repo contains

Quick start

Why pre-execution governance?

Verifying receipts offline

Resources

License

Contributing

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

Google Workspace MCP