zkproofport-ai
Server Details
Zero-knowledge proof generation MCP server. AI agents can prove identity claims (Coinbase KYC, Country, Google OIDC, Google Workspace, Microsoft 365) without revealing personal data.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.1/5 across 3 of 3 tools scored.
The three tools have distinct purposes: discovery, guidance, and proof submission. However, the prove tool's description heavily emphasizes its unsuitability for MCP and redirects to REST, which could cause confusion about its actual role in the MCP tool set.
All tool names follow a consistent snake_case verb_noun pattern (get_guide, get_supported_circuits) or a single verb (prove) that is still stylistically consistent. No mixing of conventions.
With only 3 tools for a specialized ZK proof service, the count is slightly low but still appropriate for the core operations of discovering circuits, getting a guide, and submitting proofs. The prove tool's practical unavailability reduces effective count to 2.
The tool set has a major gap: the prove tool is not functional via MCP due to timeout limitations, making the core proof generation impossible through MCP. Additionally, there are no tools for checking proof status or verification, leaving the surface incomplete.
Available Tools
3 toolsget_guideAInspect
Get a comprehensive step-by-step guide for preparing all inputs required for a specific circuit. Read this BEFORE attempting proof generation — the guide covers how to compute signal_hash, nullifier, scope_bytes, merkle_root, how to query EAS GraphQL for the attestation, how to RLP-encode the transaction, how to recover secp256k1 public keys, and how to build the Merkle proof.
| Name | Required | Description | Default |
|---|---|---|---|
| circuit | Yes | Circuit alias to get the guide for. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden of behavioral disclosure. It effectively communicates this is a read-only informational tool ('Get a comprehensive step-by-step guide') that doesn't perform mutations. However, it doesn't mention potential rate limits, authentication requirements, or response format details that would be helpful for a guide-fetching operation.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is appropriately sized and front-loaded with the core purpose. The second sentence provides valuable context about the guide's contents, though it could be slightly more concise by grouping related concepts (e.g., 'how to compute signal_hash, nullifier, scope_bytes, merkle_root' could be 'how to compute required cryptographic inputs').
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a single-parameter tool with no annotations and no output schema, the description provides good context about what the guide contains and when to use it. However, it doesn't describe the return format (e.g., whether it's markdown, JSON, or structured data), which would be important for a guide-fetching tool with no output schema defined.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The schema has 100% description coverage, so the baseline is 3. The description doesn't add specific parameter semantics beyond what the schema provides (circuit enum values), though it does mention the guide covers specific technical topics like 'signal_hash' and 'merkle_root' that relate to the circuit parameter's purpose.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose with specific verbs ('Get a comprehensive step-by-step guide') and resources ('preparing all inputs required for a specific circuit'). It distinguishes from sibling tools by focusing on preparation guidance rather than listing circuits (get_supported_circuits) or executing proofs (prove).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit usage guidance with 'Read this BEFORE attempting proof generation,' creating a clear temporal dependency with the 'prove' sibling tool. It also implicitly suggests this tool should be used for preparation while 'prove' is for execution, establishing a workflow relationship.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_supported_circuitsAInspect
List all ZK circuits supported by ZKProofport. Call this first to discover available circuits before starting proof generation.
AVAILABLE MCP TOOLS (use EXACT names — no other tool names exist):
get_supported_circuits — this tool (discovery)
prove — submit proof inputs (redirects to REST endpoint for long-running proof generation)
IMPORTANT: Do NOT call "generate_proof", "proof_request", or any other tool name. The correct flow is: get_supported_circuits → prove (x402 single-step: POST → 402 → pay → retry)
CIRCUITS:
coinbase_attestation ("coinbase_kyc")
Proves the user has passed Coinbase KYC identity verification
EAS Schema ID: 0xf8b05c79f090979bf4a80270aba232dff11a10d9ca55c4f88de95317970f0de9
Verifier (Ethereum Mainnet, chain 1): 0xf3d5a09d2c85b28c52ef2905c1be3a852b609d0c
Required inputs: address, signature, scope
Use circuit = "coinbase_kyc" in the prove tool
coinbase_country_attestation ("coinbase_country")
Proves the user's country of residence from Coinbase attestation is in (or not in) a given country list
EAS Schema ID: 0x1801901fabd0e6189356b4fb52bb0ab855276d84f7ec140839fbd1f6801ca065
Verifier (Ethereum Mainnet, chain 1): 0x78792554e1582cb49d858eacb5c3607b42d28224
Required inputs: address, signature, scope, countryList, isIncluded
Use circuit = "coinbase_country" in the prove tool
CHAIN INFORMATION:
Current deployments are on Ethereum Mainnet (chain ID 1)
EAS (Ethereum Attestation Service) on Base: https://base.easpcan.org/graphql
EAS on Base Sepolia: https://base-sepolia.easpcan.org/graphql
AUTHORIZED COINBASE ATTESTERS (used for Merkle proof construction):
0x952f32128AF084422539C4Ff96df5C525322E564 (index 0)
0x8844591D47F17bcA6F5dF8f6B64F4a739F1C0080 (index 1)
0x88fe64ea2e121f49bb77abea6c0a45e93638c3c5 (index 2)
0x44ace9abb148e8412ac4492e9a1ae6bd88226803 (index 3)
USDC ADDRESSES (for payment):
Base Sepolia (testnet): 0x036CbD53842c5426634e7929541eC2318f3dCF7e
Base mainnet: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
Response fields:
circuits (array): List of supported circuits with id, displayName, description, requiredInputs, easSchemaId, verifierAddress
chainId (string): Chain ID for verifier addresses
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Despite no annotations, the description details the response structure, chains, addresses, and required inputs for circuits, disclosing all relevant behavior. It implicitly indicates read-only nature, though not explicitly stated.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is verbose, including extraneous details like USDC addresses and authorized attestors that could be externalized. The first line is front-loaded, but overall efficiency is moderate.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Covers all necessary aspects: flow, circuits, response fields, chain info, and payment addresses. Slightly over-inclusive but complete for a simple list tool without output schema.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Input schema is empty, so description adds value by explaining the purpose and return fields beyond schema. Baseline 3 due to 100% coverage, but description's detailed context earns a 4.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states 'List all ZK circuits supported by ZKProofport' and instructs to call it first for discovery, distinguishing it from the sibling tool 'prove'.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly provides the correct flow (get_supported_circuits → prove), warns against using non-existent tool names, and sets context for when to use this tool (discovery) vs alternatives (proof generation).
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
proveAInspect
Submit proof inputs to generate a ZK proof via the x402 single-step flow. Atomically verifies USDC payment on-chain and runs the Noir circuit in a TEE to produce a Groth16 SNARK proof.
IMPORTANT: MCP tool calls have timeout limitations that make this tool UNSUITABLE for the 30-90 second proof generation process. This tool returns a redirect message. Use the REST endpoint directly: POST https://stg-ai.zkproofport.app/api/v1/prove (staging) POST https://ai.zkproofport.app/api/v1/prove (production)
x402 SINGLE-STEP FLOW:
POST /api/v1/prove with { circuit, inputs } — no payment yet
Server returns 402 with nonce in body
Pay USDC using nonce, get tx hash
Retry POST /api/v1/prove with same body + X-Payment-TX and X-Payment-Nonce headers
REQUEST BODY SCHEMA: { "circuit": "coinbase_kyc" | "coinbase_country", "inputs": { "signal_hash": "", // 0x, 32 bytes: keccak256(abi.encodePacked(address, scope, circuitId)) "nullifier": "", // 0x, 32 bytes: privacy-preserving unique identifier "scope_bytes": "", // 0x, 32 bytes: keccak256 of the scope string "merkle_root": "", // 0x, 32 bytes: Merkle root of authorized attesters "user_address": "", // 0x, 20 bytes: the KYC wallet address "signature": "", // 65-byte hex: eth_sign(signal_hash) by KYC wallet "user_pubkey_x": "", // 32-byte hex: secp256k1 public key X coordinate "user_pubkey_y": "", // 32-byte hex: secp256k1 public key Y coordinate "raw_transaction": "", // 0x-prefixed RLP-encoded EAS attestation TX (padded to 300 bytes by server) "tx_length": , // actual byte length of raw_transaction BEFORE zero-padding "coinbase_attester_pubkey_x": "", // 32-byte hex: Coinbase attester secp256k1 X coordinate "coinbase_attester_pubkey_y": "", // 32-byte hex: Coinbase attester secp256k1 Y coordinate "merkle_proof": ["", ...], // array of 32-byte hex sibling hashes (one per tree level) "leaf_index": , // 0-based index of attester leaf in the Merkle tree "depth": , // number of levels in the Merkle tree (max 8) "country_list": ["", ...], // optional: only for coinbase_country circuit "is_included": // optional: only for coinbase_country circuit } }
VERIFIER ADDRESSES (Ethereum Mainnet, chain ID 1): coinbase_kyc (coinbase_attestation): 0xf3d5a09d2c85b28c52ef2905c1be3a852b609d0c coinbase_country (coinbase_country_attestation): 0x78792554e1582cb49d858eacb5c3607b42d28224
| Name | Required | Description | Default |
|---|---|---|---|
| inputs | Yes | All circuit inputs required to generate the ZK proof. | |
| circuit | Yes | Which circuit to use. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description fully bears the transparency burden. It discloses that the tool returns a redirect message (not the proof), explains timeout limitations, and details the multi-step x402 flow. It could have more explicitly described the exact redirect behavior, but overall it is highly transparent about what the tool does and its limitations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is very long and includes a redundant repeat of the input schema (already provided in <input-schema>). The verifier addresses at the end may be unnecessary for tool invocation. However, it is front-loaded with the important warning and uses clear section headers. It could be more concise without losing needed information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (nested inputs, no output schema) and its role as a redirect initiator, the description provides extensive context: the x402 flow, alternative REST endpoints, verifier addresses, and parameter details. It effectively equips the agent to understand the broader process and redirect to the correct endpoint if needed.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so baseline is 3. The description adds significant value beyond the schema by providing detailed hex length hints, optional field explanations (country_list, is_included), and a complete request body example in the description. This helps the agent understand format and context well.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description states 'Submit proof inputs to generate a ZK proof' but immediately contradicts this by warning the tool is UNSUITABLE for proof generation and only returns a redirect message. The actual purpose is unclear—it might be to initiate the x402 flow rather than generate the proof, but this is not explicitly stated. The tool's function differs from its stated purpose, causing confusion.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly tells agents when NOT to use the tool ('MCP tool calls have timeout limitations... UNSUITABLE') and provides the exact REST endpoint alternatives (staging and production). It also explains the full x402 flow, giving clear context for when the REST API should be used instead. This is exemplary guidance.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!