MCP Server · Open Protocol · Apache 2.0

Cryptographic Accountability
for Every AI Decision

Every AI action — data access, recommendation, decision — sealed with Ed25519 signatures, hash-linked proof chains, and Merkle-anchored to a transparency registry. Tamper-evident. Independently verifiable.

Install

git clone https://github.com/VerifyLinkInfra-cloud/MCP-AI-Trust.git && cd MCP-AI-Trust && npm install

Node.js 18+ required. Zero external crypto dependencies — uses built-in Ed25519.

Add to Claude Code

"mcpServers": {
  "ai-trust": {
    "command": "node",
    "args": ["./MCP-AI-Trust/src/server.js"]
  }
}

Add to ~/.claude/settings.json or your project settings. Works with any MCP-compatible AI.

6 Tools. Complete AI Audit Trail.

Every tool seals its output into a hash-linked proof chain with Ed25519 signatures.

ai_begin_session

Declare AI intent. Start a sealed session with purpose, model, and context.

{ purpose: "Review intake forms",
model: "claude-opus-4-6" }

ai_seal_decision

Seal a decision with inputs, reasoning, and confidence. Tamper-evident proof.

{ decision: "Approve claim",
confidence: 0.94,
inputs: ["history","labs"] }

ai_seal_access

Record sensitive data access. Critical for HIPAA, SOX, GDPR compliance.

{ resource_type: "phi",
resource_name: "Patient #1234",
access_type: "read" }

ai_checkpoint

Mid-workflow progress seal for long-running AI tasks.

{ label: "analysis_complete",
notes: "47 records reviewed" }

ai_end_session

Close session, Merkle batch all events, anchor to transparency registry.

{ outcome: "Plan generated",
anchor: true }
// returns merkle_root, public_key

ai_verify

Verify any sealed event or full session chain. Proves nothing was tampered.

{ session_id: "ses-abc123" }
// chain_valid: true
// events_checked: 8

How the Proof Chain Works

Each event is hash-linked to the previous. Tampering with any event breaks the entire chain.

Session Proof Chain

Session Start

ai_begin_session — "Review patient intake"

chain: SHA-256(genesis:session_id + payload_hash) → a7f2e1...

Data Access

ai_seal_access — PHI: Patient Record #1234

chain: SHA-256(a7f2e1... + payload_hash) → c3d8b4...

Decision

ai_seal_decision — "Recommend Treatment A" (confidence: 0.92)

chain: SHA-256(c3d8b4... + payload_hash) → e9f1a2...

Session End

ai_end_session — Merkle batch → anchor to VLI Registry

chain: SHA-256(e9f1a2... + payload_hash) → b2c7d0... | signature: Ed25519

Every Industry. Every AI.

Anywhere AI makes decisions in regulated environments, you need proof.

🏥

Healthcare

AI treatment recommendations, diagnostic analysis, PHI access — sealed and HIPAA-auditable.

🏦

Finance

Loan decisions, fraud detection, risk scoring — sealed with proof of what the AI saw and decided.

⚖

Legal

Contract review, case analysis, research — sealed records of every AI-assisted legal action.

🛡

Defense

Intelligence processing, classified analysis — immutable audit trails for the most sensitive decisions.

🏭

Manufacturing

AI quality control, production decisions — sealed proof of every automated judgment call.

📊

Insurance

Claims processing, underwriting — sealed proof that AI decisions were fair, unbiased, and traceable.

Protocol Specification

Open standard. No vendor lock-in. Independently verifiable.

🔐

Signing

Ed25519 (RFC 8032) — auto-generated keypair per installation

Hashing

SHA-256 with deterministic JSON canonicalization (sorted keys)

🔗

Chain Linking

chain_hash = SHA-256(prev_chain_hash + ":" + payload_hash)

🌳

Anchoring

Merkle tree batch roots submitted to VLI transparency registry

💾

Storage

Local SQLite — portable, zero-config, works fully offline

🔌

Transport

MCP (Model Context Protocol) over stdio — works with Claude, any MCP client

Powered by ART — AI Registry & Trust

The AI Trust Protocol connects directly to ART, VLI's agent identity and governance platform.

ART Platform — Coming Soon

👤

Agent Identity

Every AI agent gets an ART ID (Ed25519 keypair). Auto-registered on first session.

🔒

Delegation Chains

Human-to-agent authorization grants with scopes, expiry, and revocation tracking.

📊

Reputation Scoring

Trust scores computed from sealed action history — success rate, scope violations, volume.

📑

Provenance Tracking

Every sealed decision feeds into ART's output log — full AI provenance chain.

Stop Promising AI Safety. Start Proving It.

One MCP server. Six tools. Every AI decision sealed with cryptographic proof.

Get Started on GitHub → Back to VerifyLink Infrastructure