io.github.xkumakichi/xaip-mcp-server
AI agents get on-chain identity, credentials, reputation, escrow, and persistent memory on XRPL.
Ask AI about io.github.xkumakichi/xaip-mcp-server
Powered by Claude Β· Grounded in docs
I know everything about io.github.xkumakichi/xaip-mcp-server. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
XAIP β Trust Infrastructure for AI Agents
Your AI agent picks tools blind. XAIP gives it eyes.
When an AI agent delegates work to an external tool, it has no idea whether that tool will succeed, fail silently, or burn latency. XAIP fixes this with cryptographically signed execution receipts, Bayesian trust scoring, and a decision engine that picks the best candidate β live, right now.
Provider-agnostic by design. XAIP is a trust layer for any tool-using agent. The reference implementation and live data start with MCP (Model Context Protocol) β because that's where the broadest fleet of public tool servers exists today β but the receipt format, signing, and scoring apply equally to LangChain tools, OpenAI function calling, A2A, and proprietary agent stacks. MCP is the first integration, not the only one.
Live dashboard: https://xkumakichi.github.io/xaip-protocol/ β current trust scores for 10 MCP servers, auto-refreshed, no auth.
Try It Now
The API is live. No signup, no API key.
# Check trust score for an MCP server
curl https://xaip-trust-api.kuma-github.workers.dev/v1/trust/context7
# Batch query
curl "https://xaip-trust-api.kuma-github.workers.dev/v1/trust?slugs=context7,sequential-thinking,filesystem"
# Decision engine: pick the best server for a task
curl -X POST https://xaip-trust-api.kuma-github.workers.dev/v1/select \
-H "Content-Type: application/json" \
-d '{"task":"Fetch React docs","candidates":["context7","sequential-thinking","unknown-server"]}'
The /v1/select response tells you which server to use, why, and what would happen without XAIP:
{
"selected": "context7",
"reason": "Highest trust (1) from 248 verified executions",
"rejected": [{ "slug": "unknown-server", "reason": "unscored β no execution data" }],
"withoutXAIP": "Random selection would pick an unscored server 33% of the time β no execution data, no safety guarantee"
}
The Problem
Without trust scores, your agent is gambling:
ββββββββββββββββββ¬βββββββββββββββββ¬ββββββββββββ¬βββββββββββββββ
β Strategy β Server Hit β Success β Latency β
ββββββββββββββββββΌβββββββββββββββββΌββββββββββββΌβββββββββββββββ€
β With XAIP β context7 β β β ~3s β
β Random β unknown-mcp β β error β ~8s (wasted) β
β Try all (seq) β 3 servers β 1/3 β ~11s total β
ββββββββββββββββββ΄βββββββββββββββββ΄ββββββββββββ΄βββββββββββββββ
XAIP selects the right server on the first try, skips unscored servers, and saves your agent from wasted calls and silent failures.
How It Works
1. Select POST /v1/select β picks the best server from candidates
2. Execute Your agent calls the selected MCP server
3. Report POST /receipts β signed execution receipt feeds back into trust scores
Every execution receipt is Ed25519-signed and verified. Trust scores are computed using a Bayesian model with caller diversity weighting β not self-reported metrics.
Quick Start
Run the end-to-end demo
git clone https://github.com/xkumakichi/xaip-protocol.git
cd xaip-protocol/demo
npm install
npx tsx dogfood.ts
This demo:
- Asks XAIP to select the best server for "Fetch React hooks documentation"
- Connects to the selected MCP server and executes real tool calls
- Submits a signed execution receipt to the Aggregator
- Shows the updated trust score
Become an independent caller
Want the trust graph to depend on more than one operator? Run a caller yourself. No account, no approval, no API key β the aggregator verifies signatures from any valid keypair.
Fastest β zero-install, 30 seconds:
npx xaip-caller
Signs receipts for a handful of real HTTP tool calls and POSTs them. Demonstrates that XAIP works beyond MCP β any HTTP tool can participate. See clients/caller.
Full path β MCP servers, 5 minutes:
Clone the repo and run the auto-collector against real MCP servers. Your caller DID contributes to the diversity of every scored MCP tool. See docs/contributor/run-a-caller.md.
Use the SDK
npm install xaip-sdk
import { XAIPClient } from "xaip-sdk";
const client = new XAIPClient();
// Pick the best server
const decision = await client.select({
task: "Fetch React documentation",
candidates: ["context7", "sequential-thinking", "unknown-server"],
});
console.log(decision.selected); // "context7"
console.log(decision.withoutXAIP); // "Random selection would pick an unscored server 33% of the time..."
MCP Server
Use XAIP directly from Claude, Cursor, or any MCP-compatible AI agent:
npx xaip-mcp-trust
4 tools: xaip_list_servers, xaip_check_trust, xaip_select, xaip_report
Add to Claude Code (~/.claude/claude_desktop_config.json):
{
"mcpServers": {
"xaip-trust": {
"command": "npx",
"args": ["-y", "xaip-mcp-trust"]
}
}
}
npm: xaip-mcp-trust
API Reference
| Method | Endpoint | Description |
|---|---|---|
GET | /v1/servers | List all scored servers with trust data |
GET | /v1/trust/:slug | Trust score for a single MCP server |
GET | /v1/trust?slugs=a,b,c | Batch trust scores (max 50) |
POST | /v1/select | Decision engine β pick best candidate for a task |
GET | /health | Liveness probe |
Base URL: https://xaip-trust-api.kuma-github.workers.dev
Trust Score Response
| Field | Type | Description |
|---|---|---|
trust | number | null | 0.0β1.0 score, null if unscored |
verdict | string | trusted β₯0.7 Β· caution 0.4β0.7 Β· low_trust <0.4 Β· unscored |
receipts | number | Total verified execution receipts |
confidence | number | null | Statistical confidence: min(1, receipts/100) |
riskFlags | string[] | Detected risk indicators |
computedFrom | string | Data provenance description |
Decision Engine (POST /v1/select)
Request:
{
"task": "description of what your agent needs to do",
"candidates": ["server-a", "server-b", "server-c"],
"mode": "relative"
}
mode: "relative"(default) β always selects the best available, even if below thresholdmode: "strict"β rejects all candidates below caution threshold
Architecture
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Your AI Agent β
β ββββββββββββ βββββββββββββ βββββββββββββββββββββββ β
β β Select ββββΆβ Execute ββββΆβ Report Receipt β β
β β (Trust β β (MCP call)β β (Ed25519 signed) β β
β β API) β βββββββββββββ ββββββββββββ¬βββββββββββ β
β ββββββ¬ββββββ β β
βββββββββΌβββββββββββββββββββββββββββββββββββββΌβββββββββββββ
β β
βΌ βΌ
βββββββββββββββββ ββββββββββββββββββββββββ
β Trust API βββββββββββββββββββ Aggregator (BFT) β
β + Decision β Service β Cloudflare D1 β
β Engine β Binding β Ed25519 verificationβ
βββββββββββββββββ β Bayesian scoring β
ββββββββββββββββββββββββ
Trust Model:
- Bayesian Beta distribution (prior varies by DID method)
- Caller diversity weighting (prevents single-caller gaming)
- Co-signature factor (dual Ed25519: agent + caller)
- BFT federation with MAD outlier detection across aggregator nodes
Infrastructure:
- Cloudflare Workers (global edge, <50ms latency)
- Cloudflare D1 (SQLite at edge) for receipt storage
- Service Bindings for Worker-to-Worker communication
XRPL Integration
XAIP supports did:xrpl identities with higher trust priors than anonymous did:key:
| DID Method | Trust Prior | Use Case |
|---|---|---|
did:xrpl | [5, 1] | XRPL account-backed agents |
did:web | [2, 1] | Domain-verified servers |
did:key | [1, 1] | Anonymous / new agents |
XRPL's native DID support (XLS-40) makes it a natural foundation for agent identity in autonomous transactions.
Data
Trust scores are computed from real execution data, not synthetic benchmarks:
- 2,100+ verified tool-call executions
- 10 MCP servers scored: context7, sequential-thinking, memory, filesystem, everything, fetch, sqlite, git, puppeteer, playwright
- Automated daily data collection via GitHub Actions
- Scores update with every new execution receipt
# See all scored servers
curl https://xaip-trust-api.kuma-github.workers.dev/v1/servers
Works With
| Provider | Status | How |
|---|---|---|
| MCP (Model Context Protocol) | β live | xaip-claude-hook for Claude Code; xaip-sdk for any MCP client; 10 servers scored, 2,100+ receipts |
| LangChain | π planned (v0.5) | xaip-langchain wrapper around BaseTool |
| OpenAI tool calling | π planned (v0.5) | xaip-openai wrapper for tools parameter |
| A2A / proprietary | β supported | Use xaip-sdk directly β receipt format is provider-neutral |
The receipt schema is intentionally tool-system-agnostic: agentDid, callerDid, taskHash, resultHash, success, latencyMs, failureType, timestamp. Any agent framework that can hash inputs/outputs and sign with Ed25519 can contribute receipts.
Status
v0.4.0 live; v0.5 Release Candidate open for review (adds tool class taxonomy with settlement-layer support).
- Trust Score API (Cloudflare Worker, live)
- Decision Engine (
POST /v1/select) - Aggregator with BFT federation (Cloudflare D1)
- Ed25519 receipt signing + verification
- Bayesian trust model with caller diversity
- 10 MCP servers scored (2,600+ executions)
- Automated daily data collection (GitHub Actions)
- Provider-neutral integrations: xaip-langchain, xaip-openai
- MCP Server: xaip-mcp-trust
- npm: xaip-sdk@0.4.0
- v0.5 RC: tool class taxonomy + class-aware risk evaluation (advisory / data-retrieval / computation / mutation / settlement)
- Multi-caller diversity mechanism verified (2+ caller identities, metric responds across 8 servers)
- Aggregator implementation of v0.5 class-aware scoring
- Zero-install caller path:
npx xaip-caller(30-second first contribution, demonstrates XAIP beyond MCP) - External operator callers (mechanism live, external adoption pending β run
npx xaip-calleror the full guide)
Writing
- Portable Trust β why trust infrastructure for AI agents must be provider-neutral and behavior-derived (dev.to Β· Zenn ζ₯ζ¬θͺη)
Related
- xaip-caller β zero-install CLI:
npx xaip-callerto contribute to the trust graph - xaip-mcp-trust β MCP server for AI agents to check trust scores
- xaip-langchain β LangChain.js callback handler that emits XAIP receipts
- xaip-openai β OpenAI tool-calling wrapper with signed receipts
- Veridict β AI agent trust decision layer (runtime monitoring)
- XAIP Specification v0.4 β Current protocol specification
- XAIP Specification v0.5 RC β Release candidate (tool class taxonomy)
License
MIT