Model Context Protocol

TrustNotch MCP server

Give your AI agents tamper-evident, independently verifiable audit logs — over the Model Context Protocol.

trustnotch-mcp PyPI ↗ Python • Apache-2.0
What it is

A thin local server, never in the trust path

trustnotch-mcp is a lightweight, local MCP server that lets an MCP client (such as Claude Desktop) submit agent actions to TrustNotch and verify them. It calls the TrustNotch API at api.trustnotch.com and runs all cryptographic verification locally on your machine — the server is never in the trust path. You can audit every proof yourself.

Install & run

Get running in seconds

Quickest: run with uvx

No install step needed. Requires uv — the fast Python package manager. 

uvx trustnotch-mcp

Claude Desktop config

Add the following to your Claude Desktop claude_desktop_config.json: 

{
  "mcpServers": {
    "trustnotch": {
      "command": "uvx",
      "args": ["trustnotch-mcp"],
      "env": {
        "TRUSTNOTCH_API_KEY": "tn_live_xxx",
        "TRUSTNOTCH_API_URL": "https://api.trustnotch.com"
      }
    }
  }
}

Windows note: if the Claude Desktop app doesn't inherit your shell PATH, set "command" to the full path to uvx.exe (e.g. C:\Users\you\.local\bin\uvx.exe).

MCP Tools

Five tools exposed to your agent

Tool What it does
submit_log Record an agent action; returns an Ed25519-signed receipt.
get_log Fetch a previously submitted entry.
get_proof Fetch the full proof bundle (receipt + Merkle inclusion + Bitcoin anchor) for an entry.
verify_proof Verify a proof bundle locally (receipt + Merkle inclusion + anchor-structural) — no trust in the server.
verify_log Fetch and verify an entry in one call.
Configuration

Environment variables

Variable Description
TRUSTNOTCH_API_KEY Required. Your API key. The server fail-fasts on startup without it.
TRUSTNOTCH_API_URL Optional. Default: https://api.trustnotch.com.
TRUSTNOTCH_PUBKEYS_PATH Optional. Path to a local trusted-key file. When set, verification reports trusted_keys_source: local. Otherwise, keys are fetched from the public /v1/keys directory.
Verifier independence

Why "verifiable offline" actually matters

Most audit-log services ask you to trust them. TrustNotch does not. Every proof is self-contained and checkable with the open-source trustnotch verifier — no API call, no account, no TrustNotch server.

Verification works like this: the receipt is an Ed25519 signature over the RFC 6962 leaf hash of your entry. Merkle inclusion is recomputed against the batch root. The Bitcoin anchor is checked structurally against the OpenTimestamps proof. All three steps run locally.

Because the math doesn't involve TrustNotch, a proof that verifies today will verify in ten years — even if TrustNotch has shut down. That's the guarantee that matters for AI Act Article 12 logging, compliance audits, and any context where "trust us, it's immutable" is not good enough. 

# Install the standalone verifier
pip install trustnotch

# Verify any proof bundle offline
trustnotch verify proof.json
Early access

Request access

There is no self-serve signup yet. TrustNotch is in early access — reach out to get an API key and onboarding.

Contact us → PyPI: trustnotch-mcp ↗ PyPI: trustnotch ↗