MCP signing server for Claude Desktop, Cursor, Claude Code

What MCP is

Model Context Protocol (MCP) is Anthropic's open standard for AI clients to call external tools. An MCP server exposes capabilities (sign content, query a database, search a codebase) that the AI can invoke during a conversation. Compatible clients include Claude Desktop, Cursor, Windsurf, Claude Code, Zed, and a growing list of agent frameworks.

The MCP space already includes utility servers from Stripe, GitHub, Linear, Notion, Slack, Cloudflare, Sentry, Supabase, and Vercel. Most are capability bridges, "let the AI talk to my SaaS." There is no neutral cryptographic signing server in that list. @certnode/mcp-sign fills the slot.

What this gets you

Once installed, three tools become available to your AI:

• sign_ai_output, sign content with cryptographic provenance. Returns a receipt with three-layer timestamps (CertNode internal + RFC 3161 + Bitcoin anchor).
• verify_signature, verify a CertNode signature. Free, no API key needed.
• get_receipt, fetch a previously-signed receipt by ID.

The AI can call these naturally. "Generate a marketing email for our Q2 launch and sign it with provenance" produces both the email and a verifiable receipt ID in one turn.

Setup, Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json on macOS, or %APPDATA%\Claude\claude_desktop_config.json on Windows:

{
  "mcpServers": {
    "certnode": {
      "command": "npx",
      "args": ["-y", "@certnode/mcp-sign"],
      "env": {
        "CERTNODE_API_KEY": "cn_live_..."
      }
    }
  }
}

Restart Claude Desktop. The three tools are now available.

Setup, Cursor

Edit .cursor/mcp.json in your project, or ~/.cursor/mcp.json globally:

{
  "mcpServers": {
    "certnode": {
      "command": "npx",
      "args": ["-y", "@certnode/mcp-sign"],
      "env": {
        "CERTNODE_API_KEY": "cn_live_..."
      }
    }
  }
}

Setup, Claude Code

One-line install:

claude mcp add certnode npx -- -y @certnode/mcp-sign

# Then set CERTNODE_API_KEY in your shell environment
export CERTNODE_API_KEY=cn_live_...

Setup, Windsurf, Zed, others

Most MCP-compatible clients use a similar JSON config. Add the same certnode entry to the client's MCP config file. The command, args, and env variables are identical across clients.

Use cases

The MCP signing layer fits patterns where the AI itself is the actor:

AI agent audit trails

An autonomous agent generates content, takes actions, makes recommendations. Every output gets a verifiable receipt. If the agent's behavior is later questioned, the audit trail is cryptographically attested at the moment of action, not reconstructed from logs after the fact.

Compliance evidence in IDE workflows

A developer using Cursor or Claude Code generates code, copy, or analysis with AI assistance. Each AI output gets signed automatically. When SOC 2 / HIPAA / EU AI Act audit time arrives, the trail is already in place.

Multi-model production stacks

A production system calls Claude for some tasks, GPT-4 for others, Mistral for cost-sensitive batches. The MCP server signs all outputs with the same signature scheme, regardless of which model generated them. One audit trail across the entire stack.

Customer-facing AI features

Your product calls AI on behalf of users. Each output gets a public verify URL. Customers can independently verify "yes, this came from the system at this time" without trusting your word for it.

How it compares to direct SDK calls

The MCP server and the npm SDK do the same thing. Pick by where you want the signing call to live:

Pricing

Same as direct SDK / REST. The MCP server is a thin client around the same API:

Source

• npm: @certnode/mcp-sign
• GitHub: packages/mcp-sign
• License: MIT

See also

• Sign Claude outputs (direct SDK)
• Sign OpenAI / GPT outputs (direct SDK)
• The CertNode cryptographic stack