@signet-auth/mcp-tools 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +49 -0
  2. package/dist/server.d.ts +2 -0
  3. package/dist/server.js +14 -0
  4. package/dist/tools.d.ts +8 -0
  5. package/dist/tools.js +130 -0
  6. package/package.json +45 -0
package/README.md ADDED
@@ -0,0 +1,49 @@
1
+ # @signet-auth/mcp-tools
2
+
3
+ <!-- mcp-name: io.github.prismer-ai/signet-mcp-tools -->
4
+
5
+ Standalone MCP server exposing Signet cryptographic tools over `stdio`.
6
+
7
+ ## Tools
8
+
9
+ - `signet_generate_keypair`: Generate an Ed25519 keypair and return the public key.
10
+ - `signet_sign`: Sign a tool action and return a Signet receipt.
11
+ - `signet_verify`: Verify a Signet receipt against a public key.
12
+ - `signet_content_hash`: Compute the canonical SHA-256 content hash for JSON input.
13
+
14
+ ## Install
15
+
16
+ ```bash
17
+ npm install -g @signet-auth/mcp-tools
18
+ ```
19
+
20
+ ## Run
21
+
22
+ ```bash
23
+ signet-mcp-tools
24
+ ```
25
+
26
+ To avoid passing secret keys through MCP arguments, prefer setting:
27
+
28
+ ```bash
29
+ export SIGNET_SECRET_KEY=...
30
+ signet-mcp-tools
31
+ ```
32
+
33
+ ## Local Development
34
+
35
+ ```bash
36
+ npm run build --workspace @signet-auth/mcp-tools
37
+ npm run test --workspace @signet-auth/mcp-tools
38
+ npm run start --workspace @signet-auth/mcp-tools
39
+ ```
40
+
41
+ ## MCP Registry / Glama
42
+
43
+ This package is intended to be published with the MCP name:
44
+
45
+ ```text
46
+ io.github.prismer-ai/signet-mcp-tools
47
+ ```
48
+
49
+ The registry manifest is in [server.json](./server.json).
package/dist/server.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ #!/usr/bin/env node
2
+ export {};
package/dist/server.js ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * @signet-auth/mcp-tools — Standalone MCP server exposing Signet crypto tools.
4
+ *
5
+ * Security note: signet_sign requires a secret key as input. This is inherent
6
+ * to the signing operation. In production, use SIGNET_SECRET_KEY env var instead
7
+ * of passing keys through tool arguments. The generate_keypair tool only returns
8
+ * the public key — secret keys should be managed via the Signet CLI keystore.
9
+ */
10
+ import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
11
+ import { createSignetToolsServer } from './tools.js';
12
+ const server = createSignetToolsServer();
13
+ const transport = new StdioServerTransport();
14
+ await server.connect(transport);
package/dist/tools.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ /**
2
+ * Signet MCP tools — server factory.
3
+ *
4
+ * Extracted from server.ts so tests can create a server instance
5
+ * without triggering stdio transport side-effects.
6
+ */
7
+ import { Server } from '@modelcontextprotocol/sdk/server/index.js';
8
+ export declare function createSignetToolsServer(): Server;
package/dist/tools.js ADDED
@@ -0,0 +1,130 @@
1
+ /**
2
+ * Signet MCP tools — server factory.
3
+ *
4
+ * Extracted from server.ts so tests can create a server instance
5
+ * without triggering stdio transport side-effects.
6
+ */
7
+ import { Server } from '@modelcontextprotocol/sdk/server/index.js';
8
+ import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
9
+ import { generateKeypair, sign, verifyAny, contentHash, } from '@signet-auth/core';
10
+ export function createSignetToolsServer() {
11
+ const server = new Server({ name: 'signet-mcp-tools', version: '0.4.0' }, { capabilities: { tools: {} } });
12
+ server.setRequestHandler(ListToolsRequestSchema, async () => ({
13
+ tools: [
14
+ {
15
+ name: 'signet_generate_keypair',
16
+ description: 'Generate a new Ed25519 keypair. Returns only the public key. Use Signet CLI to manage secret keys securely.',
17
+ inputSchema: { type: 'object', properties: {} },
18
+ },
19
+ {
20
+ name: 'signet_sign',
21
+ description: 'Sign an action (tool call) with an Ed25519 key, producing a cryptographic receipt. Uses SIGNET_SECRET_KEY env var if set, otherwise requires secret_key argument.',
22
+ inputSchema: {
23
+ type: 'object',
24
+ properties: {
25
+ secret_key: { type: 'string', description: 'Base64 secret key (optional if SIGNET_SECRET_KEY env is set)' },
26
+ tool: { type: 'string', description: 'Tool name being called' },
27
+ params: { description: 'Tool parameters (any JSON value)' },
28
+ signer_name: { type: 'string', description: 'Agent name' },
29
+ signer_owner: { type: 'string', description: 'Agent owner (optional)' },
30
+ target: { type: 'string', description: 'Target MCP server URI' },
31
+ },
32
+ required: ['tool', 'signer_name'],
33
+ },
34
+ },
35
+ {
36
+ name: 'signet_verify',
37
+ description: 'Verify a Signet receipt signature. Returns {valid: true/false}. Accepts both bare base64 and ed25519:-prefixed public keys.',
38
+ inputSchema: {
39
+ type: 'object',
40
+ properties: {
41
+ receipt_json: { type: 'string', description: 'Receipt JSON string' },
42
+ public_key: { type: 'string', description: 'Public key (base64 or ed25519:base64)' },
43
+ },
44
+ required: ['receipt_json', 'public_key'],
45
+ },
46
+ },
47
+ {
48
+ name: 'signet_content_hash',
49
+ description: 'Compute SHA-256 hash of canonical JSON (RFC 8785 JCS). Accepts any JSON value.',
50
+ inputSchema: {
51
+ type: 'object',
52
+ properties: {
53
+ content: { description: 'JSON content to hash (object, array, string, number, boolean, or null)' },
54
+ },
55
+ required: ['content'],
56
+ },
57
+ },
58
+ ],
59
+ }));
60
+ server.setRequestHandler(CallToolRequestSchema, async (request) => {
61
+ const { name, arguments: args } = request.params;
62
+ try {
63
+ switch (name) {
64
+ case 'signet_generate_keypair': {
65
+ const kp = generateKeypair();
66
+ // Only return public key — secret key management via CLI/env
67
+ return {
68
+ content: [{ type: 'text', text: JSON.stringify({ public_key: kp.publicKey, note: 'Secret key generated but not returned. Use Signet CLI for key management.' }) }],
69
+ };
70
+ }
71
+ case 'signet_sign': {
72
+ const secretKey = args?.secret_key ?? process.env.SIGNET_SECRET_KEY;
73
+ if (!secretKey) {
74
+ return {
75
+ content: [{ type: 'text', text: 'Error: no secret key. Set SIGNET_SECRET_KEY env var or pass secret_key argument.' }],
76
+ isError: true,
77
+ };
78
+ }
79
+ if (!args?.tool || !args?.signer_name) {
80
+ return {
81
+ content: [{ type: 'text', text: 'Error: tool and signer_name are required.' }],
82
+ isError: true,
83
+ };
84
+ }
85
+ const action = {
86
+ tool: args.tool,
87
+ params: args?.params ?? {},
88
+ params_hash: '',
89
+ target: args?.target ?? '',
90
+ transport: 'mcp',
91
+ };
92
+ const receipt = sign(secretKey, action, args.signer_name, args?.signer_owner ?? '');
93
+ return {
94
+ content: [{ type: 'text', text: JSON.stringify(receipt) }],
95
+ };
96
+ }
97
+ case 'signet_verify': {
98
+ if (!args?.receipt_json || !args?.public_key) {
99
+ return {
100
+ content: [{ type: 'text', text: 'Error: receipt_json and public_key are required.' }],
101
+ isError: true,
102
+ };
103
+ }
104
+ const valid = verifyAny(args.receipt_json, args.public_key);
105
+ return {
106
+ content: [{ type: 'text', text: JSON.stringify({ valid }) }],
107
+ };
108
+ }
109
+ case 'signet_content_hash': {
110
+ const hash = contentHash(args?.content);
111
+ return {
112
+ content: [{ type: 'text', text: JSON.stringify({ hash }) }],
113
+ };
114
+ }
115
+ default:
116
+ return {
117
+ content: [{ type: 'text', text: `Unknown tool: ${name}` }],
118
+ isError: true,
119
+ };
120
+ }
121
+ }
122
+ catch (err) {
123
+ return {
124
+ content: [{ type: 'text', text: `Error: ${err instanceof Error ? err.message : String(err)}` }],
125
+ isError: true,
126
+ };
127
+ }
128
+ });
129
+ return server;
130
+ }
package/package.json ADDED
@@ -0,0 +1,45 @@
1
+ {
2
+ "name": "@signet-auth/mcp-tools",
3
+ "version": "0.4.0",
4
+ "description": "MCP server exposing Signet cryptographic signing, verification, and audit tools",
5
+ "keywords": [
6
+ "mcp",
7
+ "model-context-protocol",
8
+ "signet",
9
+ "signing",
10
+ "audit",
11
+ "cryptography"
12
+ ],
13
+ "homepage": "https://github.com/Prismer-AI/signet/tree/main/packages/signet-mcp-tools#readme",
14
+ "bugs": {
15
+ "url": "https://github.com/Prismer-AI/signet/issues"
16
+ },
17
+ "repository": {
18
+ "type": "git",
19
+ "url": "git+https://github.com/Prismer-AI/signet.git",
20
+ "directory": "packages/signet-mcp-tools"
21
+ },
22
+ "mcpName": "io.github.prismer-ai/signet-mcp-tools",
23
+ "type": "module",
24
+ "bin": {
25
+ "signet-mcp-tools": "dist/server.js"
26
+ },
27
+ "files": ["dist/"],
28
+ "scripts": {
29
+ "build": "npx tsc",
30
+ "test": "npx tsc -p tsconfig.test.json && node --test dist-test/tests/tools.test.js",
31
+ "start": "node dist/server.js"
32
+ },
33
+ "publishConfig": {
34
+ "access": "public"
35
+ },
36
+ "dependencies": {
37
+ "@modelcontextprotocol/sdk": "^1.10.0",
38
+ "@signet-auth/core": "^0.4.1"
39
+ },
40
+ "devDependencies": {
41
+ "@types/node": "^22",
42
+ "typescript": "^5"
43
+ },
44
+ "license": "Apache-2.0 OR MIT"
45
+ }