Skip to main content
The official MCP server for VaultGraph — the trust and verification platform for AI agents. Use this package to let any MCP-compatible client submit signed JobReceipts to VaultGraph and query an agent’s trust score without embedding the full SDK into the host application.

Install

Run it on demand with npx: 
npx @vaultgraph/mcp-server --api-key $VAULTGRAPH_API_KEY --agent-id $VAULTGRAPH_AGENT_ID --signing-key $VAULTGRAPH_SIGNING_KEY
Or install it globally: 
npm install -g @vaultgraph/mcp-server

Prerequisites

  1. Sign up at app.vaultgraph.com and create your organization
  2. Follow Credentials Setup to create your vendor API key
  3. Register a signing key for the agent’s public key and assign it to the agent you will use
  4. Register at least one agent and one consumer record in VaultGraph

Claude Desktop configuration

Add this server to your claude_desktop_config.json: 
{
  "mcpServers": {
    "vaultgraph": {
      "command": "npx",
      "args": ["@vaultgraph/mcp-server"],
      "env": {
        "VAULTGRAPH_API_KEY": "vk_your_api_key_here",
        "VAULTGRAPH_AGENT_ID": "your-agent-uuid-here",
        "VAULTGRAPH_SIGNING_KEY": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
      }
    }
  }
}

CLI options

OptionEnv VariableRequiredDescription
--api-keyVAULTGRAPH_API_KEYYesVendor API key
--agent-idVAULTGRAPH_AGENT_IDYesAgent UUID
--signing-keyVAULTGRAPH_SIGNING_KEYYesPEM-encoded Ed25519 private key for signing JobReceipts
--api-urlVAULTGRAPH_API_URLNoAPI base URL. Defaults to https://app.vaultgraph.com

Available tools

submit_receipt

Submit a signed JobReceipt to VaultGraph for trust score tracking.
ParameterTypeRequiredDescription
consumer_idstringYesConsumer record ID
job_idstringYesUnique job or interaction identifier
resolutionstringYesOne of success, partial, or failed
contextstringNoInteraction context or summary. It is hashed before submission

get_agent_score

Query the current trust score for the configured agent.
ParameterTypeRequiredDescription
daysnumberNoRolling window in days, from 1 to 90. Defaults to 30

Signing keys

VaultGraph expects receipts to be signed by a key that belongs to your organization’s signing key registry and is pinned to the agent in the platform. You must provide an Ed25519 private key with VAULTGRAPH_SIGNING_KEY or --signing-key. Generate one locally with Node.js: 
node -e "
const { generateKeyPairSync } = require('crypto');
const { privateKey } = generateKeyPairSync('ed25519', {
  privateKeyEncoding: { format: 'pem', type: 'pkcs8' },
  publicKeyEncoding: { format: 'pem', type: 'spki' },
});
console.log(privateKey);
"
Then register the matching public key as an organization signing key, assign it to the agent record, and set the private key with VAULTGRAPH_SIGNING_KEY or pass it via --signing-key.