Frontier-Compute/zcash-mcp

zcash_verify_evm

Verify a ZAP1 Merkle proof on-chain using EVM contracts to confirm a leaf hash belongs to a registered Zcash anchor root, supporting Sepolia, Base, and Arbitrum.

Instructions

Verify a ZAP1 Merkle proof on-chain via the EVM ZAP1Verifier contract. Checks that a leaf hash is included in a registered Zcash anchor root. Supports Sepolia (testnet), Base, and Arbitrum.

Input Schema

TableJSON Schema

Name	Required	Description
`chain`	Yes	EVM chain to verify on
`leaf_hash`	Yes	64-char hex leaf hash (no 0x prefix)
`siblings`	Yes	Ordered hex sibling hashes for the Merkle proof
`positions`	Yes	Bit-packed position flags (0 = left, 1 = right per level)
`expected_root`	Yes	64-char hex expected Merkle root

Implementation Reference

src/index.ts:26-26 (registration)
Import of registerVerifyEvmTool registration function
```
import { registerVerifyEvmTool } from "./tools/verify-evm.js";
```
src/index.ts:51-51 (registration)
Registration call for the zcash_verify_evm tool on the MCP server
```
registerVerifyEvmTool(server);
```

src/tools/verify-evm.ts:25-107 (handler)

Full handler and registration of the zcash_verify_evm tool - defines schema, verifier addresses, ABI, and the async handler that returns proof verification instructions

export function registerVerifyEvmTool(server: McpServer) {
  server.tool(
    "zcash_verify_evm",
    "Verify a ZAP1 Merkle proof on-chain via the EVM ZAP1Verifier contract. " +
      "Checks that a leaf hash is included in a registered Zcash anchor root. " +
      "Supports Sepolia (testnet), Base, and Arbitrum.",
    {
      chain: z
        .enum(["sepolia", "base", "arbitrum"])
        .describe("EVM chain to verify on"),
      leaf_hash: z
        .string()
        .regex(/^[0-9a-fA-F]{64}$/)
        .describe("64-char hex leaf hash (no 0x prefix)"),
      siblings: z
        .array(z.string().regex(/^[0-9a-fA-F]{64}$/))
        .describe("Ordered hex sibling hashes for the Merkle proof"),
      positions: z
        .number()
        .int()
        .describe("Bit-packed position flags (0 = left, 1 = right per level)"),
      expected_root: z
        .string()
        .regex(/^[0-9a-fA-F]{64}$/)
        .describe("64-char hex expected Merkle root"),
    },
    async ({ chain, leaf_hash, siblings, positions, expected_root }) => {
      try {
        const deployment = VERIFIER_ADDRESSES[chain];
        if (!deployment?.address) {
          return {
            content: [{
              type: "text" as const,
              text: JSON.stringify({
                error: `ZAP1Verifier not yet deployed on ${chain}. Use 'sepolia' for testing.`,
                available: Object.entries(VERIFIER_ADDRESSES)
                  .filter(([, v]) => v.address)
                  .map(([k]) => k),
              }, null, 2),
            }],
            isError: true,
          };
        }

        const result = {
          verification: {
            chain,
            contract: deployment.address,
            rpc: deployment.rpc,
            leaf_hash: `0x${leaf_hash}`,
            siblings: siblings.map((s) => `0x${s}`),
            positions,
            expected_root: `0x${expected_root}`,
          },
          abi: VERIFIER_ABI,
          call: {
            method: "verifyProofStateless",
            args: [
              `0x${leaf_hash}`,
              siblings.map((s) => `0x${s}`),
              positions,
              `0x${expected_root}`,
            ],
            note: "This is a view call (no gas cost). Returns true if the proof is valid.",
          },
          anchor_check: {
            method: "isAnchorRegistered",
            args: [`0x${expected_root}`],
            note: "Check if this root is registered as a Zcash anchor. Returns (exists, zcashHeight).",
          },
          how_to_call: `cast call ${deployment.address} 'verifyProofStateless(bytes32,bytes32[],uint256,bytes32)(bool)' 0x${leaf_hash} '[${siblings.map((s) => `0x${s}`).join(",")}]' ${positions} 0x${expected_root} --rpc-url ${deployment.rpc}`,
        };

        return {
          content: [{ type: "text" as const, text: JSON.stringify(result, null, 2) }],
        };
      } catch (err) {
        const msg = err instanceof Error ? err.message : String(err);
        return { content: [{ type: "text" as const, text: `Error: ${msg}` }], isError: true };
      }
    }
  );
}

src/tools/verify-evm.ts:31-50 (schema)

Zod schema for zcash_verify_evm inputs: chain, leaf_hash, siblings, positions, expected_root

{
  chain: z
    .enum(["sepolia", "base", "arbitrum"])
    .describe("EVM chain to verify on"),
  leaf_hash: z
    .string()
    .regex(/^[0-9a-fA-F]{64}$/)
    .describe("64-char hex leaf hash (no 0x prefix)"),
  siblings: z
    .array(z.string().regex(/^[0-9a-fA-F]{64}$/))
    .describe("Ordered hex sibling hashes for the Merkle proof"),
  positions: z
    .number()
    .int()
    .describe("Bit-packed position flags (0 = left, 1 = right per level)"),
  expected_root: z
    .string()
    .regex(/^[0-9a-fA-F]{64}$/)
    .describe("64-char hex expected Merkle root"),
},

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It states the action ('verify a proof on-chain') but does not disclose whether this is a read-only call (view function), gas costs, failure behavior, or what the response looks like.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single sentence with no redundant words. However, it is under-specified given the tool's complexity; conciseness should not come at the expense of completeness.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

With 5 required parameters and no output schema or annotations, the description lacks critical details such as return values, failure modes, and whether the call is a transaction or view. This is insufficient for an agent to use correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, and the schema descriptions already explain parameters (e.g., 'ordered hex sibling hashes', 'bit-packed position flags'). The description adds no additional semantic value beyond the schema, so a baseline of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description explicitly states it verifies a ZAP1 Merkle proof on-chain via the EVM ZAP1Verifier contract, checking leaf hash inclusion in a registered Zcash anchor root. It also lists supported chains (Sepolia, Base, Arbitrum), clearly identifying the tool's scope and resource.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives like verify_proof or get_anchor_status. It does not mention prerequisites, exclusions, or context for appropriate use.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Frontier-Compute/zcash-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server