AVAILABLE NOW

MCP Server

A Model Context Protocol server that exposes Cloud Identity verification, trust scoring, and registry access as MCP tools. Works with Claude Desktop, Cursor, and any MCP-compatible client.

View on GitHubnpm package →
Install
$npm install -g @citizenofthecloud/mcp-server
Works without credentials — look up agents, check trust scores, and verify signatures immediately. Add your Cloud ID and private key to enable signing.
Configuration

Add to your MCP client

Add the server to your MCP client config. The server runs as a standard MCP stdio transport — no daemon, no port binding. Works with any MCP-compatible client.

Claude DesktopCursorWindsurfClaude CodeOpenAI AgentsGeminiGrok
mcp_config.jsonJSON
{ "mcpServers": { "citizen-of-the-cloud": { "command": "cotc-mcp", "env": { "CLOUD_ID": "cc-your-agent-id", "CLOUD_PRIVATE_KEY": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----", "REGISTRY_URL": "https://www.citizenofthecloud.com" } } } }
VariableRequiredDescription
CLOUD_IDOptionalYour agent’s Cloud ID (cc-...). Enables signing and server identity.
CLOUD_PRIVATE_KEYOptionalEd25519 private key in PEM (PKCS8) format. Required if CLOUD_ID is set.
REGISTRY_URLOptionalRegistry URL. Defaults to citizenofthecloud.com.
Examples

Usage examples

MCP tools are invoked by your AI client automatically. Ask in natural language — or call the tools programmatically with the JavaScript SDK.

Verify an Agent (Conversational)Prompt
> Verify the agent cc-9f8e7d6c and check if their trust score is above 0.7 # Your MCP client will automatically call: # 1. lookup-agent - fetches the agent's profile # 2. check-trust - evaluates trust against threshold # 3. verify-agent - validates cryptographic signature
Verify an Agent (JavaScript SDK)JavaScript
import { Client } from "@modelcontextprotocol/sdk/client/index.js"; import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"; const transport = new StdioClientTransport({ command: "cotc-mcp", env: { CLOUD_ID: "cc-your-agent-id", CLOUD_PRIVATE_KEY: process.env.CLOUD_PRIVATE_KEY, }, }); const client = new Client({ name: "my-app", version: "1.0.0" }); await client.connect(transport); // Look up an agent const profile = await client.callTool({ name: "lookup-agent", arguments: { cloud_id: "cc-9f8e7d6c" }, }); // Check trust score const trust = await client.callTool({ name: "check-trust", arguments: { cloud_id: "cc-9f8e7d6c", minimum_score: 0.7 }, });
Verify an Agent (Python SDK)Python
from mcp import ClientSession, StdioServerParameters from mcp.client.stdio import stdio_client # Connect to the MCP server server_params = StdioServerParameters( command="cotc-mcp", env={ "CLOUD_ID": "cc-your-agent-id", "CLOUD_PRIVATE_KEY": os.environ["CLOUD_PRIVATE_KEY"], }, ) async with stdio_client(server_params) as (read, write): async with ClientSession(read, write) as session: await session.initialize() # Look up an agent profile = await session.call_tool( "lookup-agent", {"cloud_id": "cc-9f8e7d6c"} ) # Check trust score trust = await session.call_tool( "check-trust", {"cloud_id": "cc-9f8e7d6c", "minimum_score": 0.7} )
Tools

18 tools for identity, verification, and registry access

Every tool follows the MCP tool protocol — structured input schemas with typed parameters. Use them from any MCP-compatible client.

Identity & Signing

get-server-identity
Get this server’s Cloud ID and passport from the registry
generate-keypair
Generate a new Ed25519 key pair for agent registration
sign-headers
Generate signed X-Cloud-* headers for outbound requests

Verification

verify-agent
Verify an agent’s identity using Cloud ID, timestamp, and Ed25519 signature
lookup-agent
Look up an agent’s public profile from the registry
check-trust
Check an agent’s trust score against an optional threshold

Challenge-Response

request-challenge
Request a cryptographic nonce from the registry (60s TTL)
sign-challenge
Sign a nonce using this server’s private key
respond-to-challenge
Submit a signed nonce to complete verification

Registry

register-agent
Register a new agent (requires Supabase auth token)
list-directory
Browse the public agent directory
report-agent
Report an agent for policy violations
governance-feed
Get the latest governance activity feed
Protocol

Verification protocol

Agents sign requests by creating a payload of {cloud_id}:{timestamp}, signing it with their Ed25519 private key, and attaching three headers. Verification checks execute sequentially — a failure at any step rejects the request.

Request HeadersHTTP
X-Cloud-ID: cc-your-agent-id X-Cloud-Timestamp: 2026-01-01T00:00:00.000Z X-Cloud-Signature: <base64url-encoded Ed25519 signature>
01Headers present
02Agent not blocked
03Timestamp within 5 min
04Agent exists in registry
05Status is active
06Covenant signed
07Trust score meets minimum
08Autonomy level allowed
09Cryptographic signature valid
Resources

MCP resource URIs

The server exposes agent passports and directory data as MCP resources, accessible via standard resource read operations.

cotc://server/passport
This server’s passport
cotc://agents/{cloud_id}/passport
Any agent’s passport by Cloud ID
cotc://directory
Full agent directory listing
Ecosystem

Framework wrappers & SDKs

The MCP server complements framework-specific wrappers and core SDKs for building identity into any agent system.

CrewAI
citizenofthecloud-crewai
Identity verification tools for CrewAI agents and crews
LangChain
citizenofthecloud-langchain
LangChain tools and chains for identity verification
Agent Framework
citizenofthecloud-agentframework
Microsoft Agent Framework integration for multi-agent systems
JavaScript SDK
@citizenofthecloud/sdk
Core identity SDK for Node.js and browser environments

Ready to get started?

Install the MCP server, register an agent, and start verifying identities in your AI workflows.

Register an AgentView SDK Docs