🔒

C2pa MCP

MCP server for reading C2PA Content Credentials from media using the CAI Rust SDK.

0 installs

Trust: 34 — Low

Security

Ask AI about C2pa MCP

I know everything about C2pa MCP. Ask me about installation, configuration, usage, or troubleshooting.

0/500

Loading tools...

Reviews

Documentation

c2pa-mcp

MCP server for reading Content Credentials (C2PA) from images and media using the official c2pa Rust SDK.

Validates against the official C2PA trust list and the Interim Trust List (ITL), fetched at startup so trust decisions are always current.

Install

Claude Desktop: Download the .mcpb bundle for your platform from the latest release and double-click to install.

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/contentauth/c2pa-mcp/main/install.sh | sh

Windows (PowerShell):

irm https://raw.githubusercontent.com/contentauth/c2pa-mcp/main/install.ps1 | iex

To install to a custom directory:

INSTALL_DIR=~/.local/bin curl -fsSL https://raw.githubusercontent.com/contentauth/c2pa-mcp/main/install.sh | sh

On macOS, unsigned binaries are blocked by Gatekeeper. If prompted, run:

xattr -dr com.apple.quarantine "$(which c2pa-mcp)"

Config

Add to your MCP client config (e.g. Claude Desktop ~/Library/Application Support/Claude/claude_desktop_config.json, or Cursor MCP settings):

{
  "mcpServers": {
    "content-credentials": {
      "command": "c2pa-mcp"
    }
  }
}

Restart the client after editing config.

Build from source

Requires Rust 1.88+. On macOS you may also need Xcode Command Line Tools (xcode-select --install).

cargo build --release

The binary is written to target/release/c2pa-mcp.

Test

cargo test

To run a single test by name:

cargo test <test_name>

Tools

Tool	Description
`read_credentials_file`	Read credentials from a local path (absolute, relative, or `file://`).
`read_credentials_url`	Read credentials from a URL.

Response fields (camelCase JSON): success, hasCredentials, optional manifestData, optional error.

Trust

At startup the server fetches four trust lists concurrently:

C2PA trust list — official conformance list (Google, DigiCert, Adobe, SSL.com, …)
C2PA TSA trust list — time-stamping authority certificates
ITL anchors — Interim Trust List roots (Microsoft, Adobe, and others who pre-date the conformance list)
ITL allowed list — specific end-entity certificates from the interim period

Content signed before January 2026 (e.g. by Microsoft Designer) validates against the ITL. Newer content validates against the official C2PA list. If the network is unavailable at startup the server continues without trust anchors and logs a warning.

CLI

The binary also works as a one-shot CLI tool:

# Local file
./target/release/c2pa-mcp /path/to/image.jpg

# URL
./target/release/c2pa-mcp https://example.com/image.jpg

Prints pretty-printed JSON to stdout. Set RUST_LOG=c2pa_mcp=info for log output.

Publishing to MCP Registry

After a release, run the publish script to update server.json with the latest version and hashes, then publish to the registry:

mcp-publisher login github   # first time only
./publish.sh

Links

C2PA Rust SDK · C2PA Trust Lists · MCP · MCP Registry

License: MIT OR Apache-2.0