provenance-mcp 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +55 -0
- package/package.json +35 -0
- package/src/index.js +57 -0
package/README.md
ADDED
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# provenance-mcp
|
|
2
|
+
|
|
3
|
+
**Check the wash-traffic risk of Algorand x402 endpoints before your agent pays them.**
|
|
4
|
+
|
|
5
|
+
Roughly half of x402 "agentic payment" activity is artificial — self-dealing loops,
|
|
6
|
+
fresh-wallet farms, metronomic bots. Provenance reads the chain and tells your agent
|
|
7
|
+
whether an endpoint's revenue is **organic or fabricated**, so it can decide *before*
|
|
8
|
+
sending USDC.
|
|
9
|
+
|
|
10
|
+
## Tools
|
|
11
|
+
|
|
12
|
+
- **`check_endpoint_risk(address)`** — free quick verdict for any Algorand endpoint
|
|
13
|
+
payTo address: risk level (`low/medium/high/critical`), 0–100 score, and the
|
|
14
|
+
on-chain red flags (distinct-payer count, self-dealing payout loops, wallet ages,
|
|
15
|
+
timing regularity, funding concentration).
|
|
16
|
+
- **`provenance_service_info()`** — service + paid-tier info.
|
|
17
|
+
|
|
18
|
+
Deep forensics are x402-paid on the same API: `/score` $0.05 · `/report` $0.50
|
|
19
|
+
(full 8-signal grade + facilitator drift) · `/diligence` $5.00.
|
|
20
|
+
|
|
21
|
+
## Install
|
|
22
|
+
|
|
23
|
+
**Claude Code**
|
|
24
|
+
```bash
|
|
25
|
+
claude mcp add provenance -- npx -y github:apeirontrade/provenance-mcp
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
**Claude Desktop / any MCP client** (`mcpServers` config):
|
|
29
|
+
```json
|
|
30
|
+
{
|
|
31
|
+
"mcpServers": {
|
|
32
|
+
"provenance": {
|
|
33
|
+
"command": "npx",
|
|
34
|
+
"args": ["-y", "github:apeirontrade/provenance-mcp"]
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
Then ask your agent: *“check the wash risk of Algorand endpoint \<ADDRESS\>”*.
|
|
41
|
+
|
|
42
|
+
## How it works
|
|
43
|
+
|
|
44
|
+
The hosted Provenance engine indexes USDC (ASA 31566704) payments on Algorand
|
|
45
|
+
mainnet, enriches payer wallets (age, first funder, asset diversity, rekey
|
|
46
|
+
auth-addr), clusters them (union-find over funding + shared-key links), and runs
|
|
47
|
+
8 wash-detection signals. Scores are point-in-time snapshots, anchored on-chain
|
|
48
|
+
for tamper-evidence. Methodology: signals, not accusations — a high score means
|
|
49
|
+
the revenue pattern is consistent with self-dealing, not that the operator is
|
|
50
|
+
guilty of anything.
|
|
51
|
+
|
|
52
|
+
- Env: `PROVENANCE_API_URL` to point at a different Provenance deployment.
|
|
53
|
+
- Free tier: 30 checks/hour/IP.
|
|
54
|
+
|
|
55
|
+
MIT · Provenance — the trust layer for machine-payable endpoints.
|
package/package.json
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "provenance-mcp",
|
|
3
|
+
"version": "0.1.1",
|
|
4
|
+
"description": "MCP server that checks the wash-traffic / organic-revenue risk of Algorand x402 endpoints before your agent trusts or pays them. Free quick checks; paid deep reports via x402.",
|
|
5
|
+
"license": "MIT",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"bin": {
|
|
8
|
+
"provenance-mcp": "src/index.js"
|
|
9
|
+
},
|
|
10
|
+
"files": [
|
|
11
|
+
"src"
|
|
12
|
+
],
|
|
13
|
+
"engines": {
|
|
14
|
+
"node": ">=18"
|
|
15
|
+
},
|
|
16
|
+
"keywords": [
|
|
17
|
+
"mcp",
|
|
18
|
+
"modelcontextprotocol",
|
|
19
|
+
"x402",
|
|
20
|
+
"algorand",
|
|
21
|
+
"agentic-payments",
|
|
22
|
+
"wash-trading",
|
|
23
|
+
"trust",
|
|
24
|
+
"reputation"
|
|
25
|
+
],
|
|
26
|
+
"repository": {
|
|
27
|
+
"type": "git",
|
|
28
|
+
"url": "https://github.com/apeirontrade/provenance-mcp"
|
|
29
|
+
},
|
|
30
|
+
"dependencies": {
|
|
31
|
+
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
32
|
+
"zod": "^3.24.1"
|
|
33
|
+
},
|
|
34
|
+
"mcpName": "io.github.apeirontrade/provenance-mcp"
|
|
35
|
+
}
|
package/src/index.js
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* Provenance MCP server (public thin client).
|
|
4
|
+
*
|
|
5
|
+
* Checks the wash-traffic / organic-revenue risk of an Algorand x402 endpoint
|
|
6
|
+
* BEFORE your agent trusts or pays it — via the hosted Provenance API. The
|
|
7
|
+
* quick check is free (rate-limited); deep 8-signal reports are x402-paid.
|
|
8
|
+
*
|
|
9
|
+
* Config: PROVENANCE_API_URL (defaults to the hosted service).
|
|
10
|
+
*/
|
|
11
|
+
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
12
|
+
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
|
|
13
|
+
import { z } from "zod";
|
|
14
|
+
|
|
15
|
+
const API = (process.env.PROVENANCE_API_URL ?? "https://provenance.q3epzs69b902a.us-west-2.cs.amazonlightsail.com").replace(/\/$/, "");
|
|
16
|
+
const ADDR_RE = /^[A-Z2-7]{58}$/;
|
|
17
|
+
|
|
18
|
+
const server = new McpServer({ name: "provenance", version: "0.1.0" });
|
|
19
|
+
|
|
20
|
+
server.tool(
|
|
21
|
+
"check_endpoint_risk",
|
|
22
|
+
"Check the wash-traffic / organic-revenue risk of an Algorand x402 endpoint before trusting or paying it. Returns a risk level (low/medium/high/critical), a 0-100 score, and the specific on-chain red flags (few distinct payers, self-dealing payout loops, freshly-created wallets, metronomic timing). Free quick check via the hosted Provenance API.",
|
|
23
|
+
{ address: z.string().describe("The Algorand endpoint payTo address (58 characters, A-Z and 2-7)") },
|
|
24
|
+
async ({ address }) => {
|
|
25
|
+
if (!ADDR_RE.test(address)) {
|
|
26
|
+
return { content: [{ type: "text", text: "Invalid Algorand address (expected 58 chars, A-Z2-7)." }], isError: true };
|
|
27
|
+
}
|
|
28
|
+
try {
|
|
29
|
+
const res = await fetch(`${API}/check/${address}`, { signal: AbortSignal.timeout(120_000) });
|
|
30
|
+
const body = await res.text();
|
|
31
|
+
if (!res.ok) {
|
|
32
|
+
return { content: [{ type: "text", text: `Provenance API ${res.status}: ${body.slice(0, 300)}` }], isError: true };
|
|
33
|
+
}
|
|
34
|
+
return { content: [{ type: "text", text: body }] };
|
|
35
|
+
} catch (e) {
|
|
36
|
+
return { content: [{ type: "text", text: `Could not reach the Provenance API: ${e.message}` }], isError: true };
|
|
37
|
+
}
|
|
38
|
+
},
|
|
39
|
+
);
|
|
40
|
+
|
|
41
|
+
server.tool(
|
|
42
|
+
"provenance_service_info",
|
|
43
|
+
"Get Provenance service info: what it rates, the free tier, and the paid x402 tiers (score $0.05, full report $0.50, deep diligence $5.00) for deeper endpoint forensics.",
|
|
44
|
+
{},
|
|
45
|
+
async () => {
|
|
46
|
+
try {
|
|
47
|
+
const res = await fetch(`${API}/`, { signal: AbortSignal.timeout(30_000) });
|
|
48
|
+
return { content: [{ type: "text", text: await res.text() }] };
|
|
49
|
+
} catch (e) {
|
|
50
|
+
return { content: [{ type: "text", text: `Could not reach the Provenance API: ${e.message}` }], isError: true };
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
);
|
|
54
|
+
|
|
55
|
+
const transport = new StdioServerTransport();
|
|
56
|
+
await server.connect(transport);
|
|
57
|
+
console.error("provenance-mcp ready (stdio) →", API);
|