@powforge/mcp-identity

@powforge/mcp-identity

MCP server exposing the PowForge Depth-of-Identity oracle to Claude Code, Cursor, Continue, and any other Model Context Protocol-compatible agent.

Three tools, Lightning-Network paid, Schnorr-verifiable.

Why this exists

Most agent-auth systems issue a flat verified Y/N JWT. PowForge issues a continuous Depth-of-Identity score (0-100, four dimensions of irreversible work: social, access, vouch, economic) and prices the L402 invoice as a function of the caller's own DoI. High DoI → cheaper. Low DoI → more expensive. The price IS the trust signal.

This MCP package is the agent-side surface for that flow. It speaks to the live oracle at https://identity.powforge.dev/oracle/doi-score and gives MCP-aware clients three composable primitives.

Install

npx -y @powforge/mcp-identity --install

That prints a JSON block ready to paste into your MCP config (e.g. ~/.config/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "powforge-identity": {
      "command": "npx",
      "args": ["-y", "@powforge/mcp-identity"]
    }
  }
}

Restart your MCP client. The three tools appear automatically.

Tools

doi_score_lookup

Fetch a Depth-of-Identity score for a Nostr pubkey from the PowForge oracle.

Input:

{
  "pubkey": "b4b12dfbc3dfdfa803bb72e344e761dc78db4ec2058c8db3f1c3ac63f9e42b44",
  "auth": {
    "macaroon": "<from prior 402>",
    "preimage": "<lightning preimage after paying invoice>"
  }
}

pubkey accepts either a 64-hex Nostr pubkey or an npub1... bech32 string. auth is optional on the first call — omit it to receive the L402 challenge.

Output (first call, payment required):

{
  "paid": false,
  "challenge": {
    "payment_required": true,
    "macaroon": "...",
    "invoice": "lnbc10n1...",
    "payment_hash": "8f51d2...",
    "price_sats": 1,
    "scope": "identity-score:lookup",
    "next_step": "Pay the bolt11 invoice. Re-invoke this tool with auth: { macaroon, preimage } to receive the signed score."
  }
}

Output (second call, after payment):

{
  "paid": true,
  "envelope": {
    "pubkey": "b4b12d...",
    "composite": 47,
    "rank": "established",
    "depth": {
      "social": { "score": 18, "...": "..." },
      "access": { "score": 12, "...": "..." },
      "vouch": { "score": 9, "...": "..." },
      "economic": { "score": 8, "...": "..." }
    },
    "signed_by": "b4b12d...",
    "signed_at": 1700000000,
    "valid_until": 1700003600,
    "signature": "<128-char hex schnorr>"
  }
}

Why the two-step flow? The MCP server is stateless and key-free by design. It never holds your Lightning credentials. Your wallet handles payment; you pass the preimage back in. This mirrors how lnget works in Lightning Labs' Lightning Agent Tools.

doi_sign_vouch

Build an UNSIGNED kind:33335 PowForge vouch event template. The MCP server intentionally never holds keys — you sign externally (via NIP-07 extension, hardware wallet, or scripts/vouch-publish.js) and publish to relays.

Input:

{
  "target": "<64-hex pubkey of the subject being vouched>",
  "depth": 47,
  "vouch_count": 5,
  "sats": 100,
  "content": "fellow builder"
}

sats and content are optional.

Output:

{
  "unsigned_event": {
    "kind": 33335,
    "created_at": 1700000000,
    "tags": [
      ["p", "<target>"],
      ["depth", "47"],
      ["vouch_count", "5"],
      ["sats", "100"]
    ],
    "content": "fellow builder"
  },
  "instructions": "Sign this event with your Nostr secret key, then publish to relays."
}

doi_score_verify

Locally verify a Schnorr-signed DoI score envelope. No network call. The default oracle pubkey is hardcoded as b4b12dfbc3dfdfa803bb72e344e761dc78db4ec2058c8db3f1c3ac63f9e42b44. Override via oracle_pubkey argument or the ORACLE_PUBKEY env var.

Input:

{
  "envelope": { "...": "the full signed JSON returned by a prior doi_score_lookup" },
  "oracle_pubkey": "<optional override>"
}

Output:

{ "valid": true, "oracle_pubkey": "b4b12d..." }

Or, on failure:

{ "valid": false, "oracle_pubkey": "b4b12d...", "reason": "signature_invalid" }

Reason codes: envelope_not_object, missing_signature, signed_by_mismatch, malformed_signature, malformed_pubkey, signature_invalid, verify_threw: <err>.

Use case: an agent receives a DoI score from a counterparty and wants to confirm the oracle really signed it before pricing/gating their interaction. No round-trip required.

Environment variables

Var	Default	Purpose
ORACLE_URL	https://identity.powforge.dev	Oracle base URL
ORACLE_PUBKEY	b4b12d...	Override oracle's schnorr pubkey for verification

Differentiation from LiveAuth and similar agent-auth packages

	LiveAuth	@powforge/mcp-identity
Identity signal	binary verified Y/N JWT	continuous 0-100 DoI score, four dims
Pricing	flat sats	function of caller's own DoI
Verification	server-side JWT check	offline schnorr (this package)
Vouch graph	none	NIP kind:33335, sqrt-diluted, cycle-detected
Open source	not yet (per HN, Mar 2026)	yes (this repo + @powforge/identity)
Bitcoin chaintip binding	none	freshness window via signed bitcoin_tip

Related packages

• @powforge/identity — the SDK that computes DoI scores from raw Nostr events. The oracle wraps this SDK.
• @powforge/captcha — the human-vs-agent gate that pairs with this oracle for full agent-auth flows.

Links

• Live demo: powforge.dev/explorer
• Whitepaper: powforge.dev/whitepaper
• Oracle info: identity.powforge.dev/oracle/info
• Contact: powforge.dev

License

MIT.