provenance-mcp 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +55 -0
  2. package/package.json +35 -0
  3. package/src/index.js +57 -0
package/README.md ADDED
@@ -0,0 +1,55 @@
1
+ # provenance-mcp
2
+
3
+ **Check the wash-traffic risk of Algorand x402 endpoints before your agent pays them.**
4
+
5
+ Roughly half of x402 "agentic payment" activity is artificial — self-dealing loops,
6
+ fresh-wallet farms, metronomic bots. Provenance reads the chain and tells your agent
7
+ whether an endpoint's revenue is **organic or fabricated**, so it can decide *before*
8
+ sending USDC.
9
+
10
+ ## Tools
11
+
12
+ - **`check_endpoint_risk(address)`** — free quick verdict for any Algorand endpoint
13
+ payTo address: risk level (`low/medium/high/critical`), 0–100 score, and the
14
+ on-chain red flags (distinct-payer count, self-dealing payout loops, wallet ages,
15
+ timing regularity, funding concentration).
16
+ - **`provenance_service_info()`** — service + paid-tier info.
17
+
18
+ Deep forensics are x402-paid on the same API: `/score` $0.05 · `/report` $0.50
19
+ (full 8-signal grade + facilitator drift) · `/diligence` $5.00.
20
+
21
+ ## Install
22
+
23
+ **Claude Code**
24
+ ```bash
25
+ claude mcp add provenance -- npx -y github:apeirontrade/provenance-mcp
26
+ ```
27
+
28
+ **Claude Desktop / any MCP client** (`mcpServers` config):
29
+ ```json
30
+ {
31
+ "mcpServers": {
32
+ "provenance": {
33
+ "command": "npx",
34
+ "args": ["-y", "github:apeirontrade/provenance-mcp"]
35
+ }
36
+ }
37
+ }
38
+ ```
39
+
40
+ Then ask your agent: *“check the wash risk of Algorand endpoint \<ADDRESS\>”*.
41
+
42
+ ## How it works
43
+
44
+ The hosted Provenance engine indexes USDC (ASA 31566704) payments on Algorand
45
+ mainnet, enriches payer wallets (age, first funder, asset diversity, rekey
46
+ auth-addr), clusters them (union-find over funding + shared-key links), and runs
47
+ 8 wash-detection signals. Scores are point-in-time snapshots, anchored on-chain
48
+ for tamper-evidence. Methodology: signals, not accusations — a high score means
49
+ the revenue pattern is consistent with self-dealing, not that the operator is
50
+ guilty of anything.
51
+
52
+ - Env: `PROVENANCE_API_URL` to point at a different Provenance deployment.
53
+ - Free tier: 30 checks/hour/IP.
54
+
55
+ MIT · Provenance — the trust layer for machine-payable endpoints.
package/package.json ADDED
@@ -0,0 +1,35 @@
1
+ {
2
+ "name": "provenance-mcp",
3
+ "version": "0.1.1",
4
+ "description": "MCP server that checks the wash-traffic / organic-revenue risk of Algorand x402 endpoints before your agent trusts or pays them. Free quick checks; paid deep reports via x402.",
5
+ "license": "MIT",
6
+ "type": "module",
7
+ "bin": {
8
+ "provenance-mcp": "src/index.js"
9
+ },
10
+ "files": [
11
+ "src"
12
+ ],
13
+ "engines": {
14
+ "node": ">=18"
15
+ },
16
+ "keywords": [
17
+ "mcp",
18
+ "modelcontextprotocol",
19
+ "x402",
20
+ "algorand",
21
+ "agentic-payments",
22
+ "wash-trading",
23
+ "trust",
24
+ "reputation"
25
+ ],
26
+ "repository": {
27
+ "type": "git",
28
+ "url": "https://github.com/apeirontrade/provenance-mcp"
29
+ },
30
+ "dependencies": {
31
+ "@modelcontextprotocol/sdk": "^1.29.0",
32
+ "zod": "^3.24.1"
33
+ },
34
+ "mcpName": "io.github.apeirontrade/provenance-mcp"
35
+ }
package/src/index.js ADDED
@@ -0,0 +1,57 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * Provenance MCP server (public thin client).
4
+ *
5
+ * Checks the wash-traffic / organic-revenue risk of an Algorand x402 endpoint
6
+ * BEFORE your agent trusts or pays it — via the hosted Provenance API. The
7
+ * quick check is free (rate-limited); deep 8-signal reports are x402-paid.
8
+ *
9
+ * Config: PROVENANCE_API_URL (defaults to the hosted service).
10
+ */
11
+ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
12
+ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
13
+ import { z } from "zod";
14
+
15
+ const API = (process.env.PROVENANCE_API_URL ?? "https://provenance.q3epzs69b902a.us-west-2.cs.amazonlightsail.com").replace(/\/$/, "");
16
+ const ADDR_RE = /^[A-Z2-7]{58}$/;
17
+
18
+ const server = new McpServer({ name: "provenance", version: "0.1.0" });
19
+
20
+ server.tool(
21
+ "check_endpoint_risk",
22
+ "Check the wash-traffic / organic-revenue risk of an Algorand x402 endpoint before trusting or paying it. Returns a risk level (low/medium/high/critical), a 0-100 score, and the specific on-chain red flags (few distinct payers, self-dealing payout loops, freshly-created wallets, metronomic timing). Free quick check via the hosted Provenance API.",
23
+ { address: z.string().describe("The Algorand endpoint payTo address (58 characters, A-Z and 2-7)") },
24
+ async ({ address }) => {
25
+ if (!ADDR_RE.test(address)) {
26
+ return { content: [{ type: "text", text: "Invalid Algorand address (expected 58 chars, A-Z2-7)." }], isError: true };
27
+ }
28
+ try {
29
+ const res = await fetch(`${API}/check/${address}`, { signal: AbortSignal.timeout(120_000) });
30
+ const body = await res.text();
31
+ if (!res.ok) {
32
+ return { content: [{ type: "text", text: `Provenance API ${res.status}: ${body.slice(0, 300)}` }], isError: true };
33
+ }
34
+ return { content: [{ type: "text", text: body }] };
35
+ } catch (e) {
36
+ return { content: [{ type: "text", text: `Could not reach the Provenance API: ${e.message}` }], isError: true };
37
+ }
38
+ },
39
+ );
40
+
41
+ server.tool(
42
+ "provenance_service_info",
43
+ "Get Provenance service info: what it rates, the free tier, and the paid x402 tiers (score $0.05, full report $0.50, deep diligence $5.00) for deeper endpoint forensics.",
44
+ {},
45
+ async () => {
46
+ try {
47
+ const res = await fetch(`${API}/`, { signal: AbortSignal.timeout(30_000) });
48
+ return { content: [{ type: "text", text: await res.text() }] };
49
+ } catch (e) {
50
+ return { content: [{ type: "text", text: `Could not reach the Provenance API: ${e.message}` }], isError: true };
51
+ }
52
+ },
53
+ );
54
+
55
+ const transport = new StdioServerTransport();
56
+ await server.connect(transport);
57
+ console.error("provenance-mcp ready (stdio) →", API);