Sigil MCP Server
A Model Context Protocol server that gives Claude Code, Claude Desktop, and any MCP-compatible agent runtime direct access to Sigil's identity and provenance tools — with no SDK setup required.
Transports
Default. The agent runtime spawns the MCP server as a child process. Used by Claude Code and Claude Desktop local config. Agent private key stays in the host process environment — never travels over the wire.
Remote agents connect via Server-Sent Events. Enable by setting MCP_HTTP_PORT. The server listens on GET /sse + POST /message. Suitable for cloud-deployed agents that cannot run a local process.
Setup — Stdio (Claude Code / Desktop)
Build
Claude Code config (~/.claude/config.json)
Claude Desktop config
Setup — SSE (Remote Agents)
For a public URL during development, use a Cloudflare tunnel:
sigil__notarize_output rejects any call whose arguments contain a hex string matching a private key pattern. The agent private key must be set in the server's environment — it never travels over the SSE connection.Tool Reference
sigil__register_agent
Initiate a sponsored registration request or poll an existing one. Call with principalAddress + agentDescription + permissions to create a new request. Call with requestId to poll — the approved response includes the passportId and agentPrivateKey (once).
| Parameter | Type | Description |
|---|---|---|
principalAddress | string | Principal wallet address (0x+40 hex). Required for new requests. |
agentDescription | string | Agent description ≤ 280 chars. Required for new requests. |
permissions | object | Permission manifest. Required for new requests. Fields: whitelistedContracts, maxTxValuePerWindow, authorizedApis, allowedTokens, timeWindowSeconds. |
requestId | string | If provided, polls the status of an existing request instead of creating a new one. |
sigil__resolve_agent
Read an AgentPassport from on-chain. Accepts a passportId or agent address. Returns the full PassportRecord including reputation score, task counts, and active status.
| Parameter | Type | Description |
|---|---|---|
query | string | PassportId (0x+64 hex) or agent address (0x+40 hex). Optional — defaults to SIGIL_AGENT_ADDRESS env var. |
sigil__notarize_output
SIGIL_AGENT_PRIVATE_KEY from the server environment. Never pass private keys in tool arguments.Notarize an AI-generated artifact on 0G Chain. Encrypts and uploads the input context to 0G Storage, builds a provenance envelope with the output and model receipt, and calls ProvenanceNotary.notarize() on-chain.
| Parameter | Type | Description |
|---|---|---|
passportIdrequired | string | The agent's passportId (0x+64 hex). |
outputrequired | string | The full text of the artifact to notarize. |
inputContextrequired | string | The input prompt or context (encrypted before upload). |
artifactType | string | One of: CODE_AUDIT, RISK_ASSESSMENT, GENERIC_REPORT, CONTRACT_CLAUSE, FINANCIAL_MODEL, DUE_DILIGENCE, GOVERNANCE_ANALYSIS. Default: GENERIC_REPORT. |
modelId | string | Model used to generate the output. Default: qwen/qwen-2.5-7b-instruct. |
sigil__resolve_provenance
Resolve a ProvenanceRecord from on-chain. Supports lookup by recordId, outputHash (keccak256 of the artifact), or passportId (to list all records for an agent).
| Parameter | Type | Description |
|---|---|---|
recordId | string | The ProvenanceRecord ID (bytes32). |
outputHash | string | keccak256 of the artifact output — resolves to the recordId first. |
passportId | string | List all records for this passport (paginated). |
offset | number | Pagination offset. Default: 0. |
limit | number | Max records to return (1–50). Default: 10. |
sigil__verify_agent
Trust-gate another agent before delegating work to it. Returns ACCEPT, CAUTION, or REJECT based on the agent's on-chain reputation and activity record.
| Parameter | Type | Description |
|---|---|---|
queryrequired | string | PassportId (0x+64 hex) or agent address (0x+40 hex) to verify. |
Environment Variables
| Parameter | Type | Description |
|---|---|---|
ZERO_G_RPC_URLrequired | string | 0G Chain JSON-RPC endpoint. Default: https://evmrpc-testnet.0g.ai |
ZERO_G_CHAIN_ID | number | Chain ID. Default: 16602 |
SIGIL_REGISTRY_ADDRESS | string | SigilRegistry contract address. Default: 0x2C0457F82B57148e8363b4589bb3294b23AE7625 |
PROVENANCE_NOTARY_ADDRESS | string | ProvenanceNotary contract address. Default: 0xA1103E6490ab174036392EbF5c798C9DaBAb24EE |
ZERO_G_STORAGE_RPC | string | 0G Storage indexer URL. Required for notarize. |
SIGIL_AGENT_PRIVATE_KEY | string | Agent signing key. Required for sigil__notarize_output. Never passed in tool call payloads. |
SIGIL_API_BASE_URL | string | Base URL of the Next.js app for the registration API. Default: http://localhost:3000 |
SIGIL_EXPLORER_URL | string | Block explorer base URL for links. Default: https://chainscan-galileo.0g.ai |
MCP_HTTP_PORT | number | If set, starts an SSE/HTTP server on this port instead of using stdio. |