knobe-mcp-server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@knobe-mcp-serverSeal this converted file with the author 'John Doe'."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
knobe-mcp-server
MCP (Model Context Protocol) server for sealing, verifying, and reading KNOBE Protocol v1 documents — with human-confirmed authorship on every seal.
KNOBE documents are ordinary markdown files carrying a cryptographically sealed payload: title, attribution, license, privacy level, lineage, and a hash of the body. Anyone can later verify that the document is intact, who sealed it, and what its governance fields permit. This server lets AI agents do the sealing and verifying — without ever letting an agent silently decide who the author is.
Why
Document-conversion pipelines (Pandoc, LibreOffice, OCR tools, …) produce
files with no provenance. Drop this server at the end of the pipeline and
every converted document comes out as a .knobe.md whose origin, author, and
integrity are verifiable — by a person, a CI job, or another agent. Works for
individuals sealing their own writing and for organizations sealing official
documents under the org's name.
Related MCP server: hive-mcp-origin
Quick start
git clone https://github.com/KnobeDev/knobe-mcp.git
cd knobe-mcp
npm install # auto-builds dist/ via the prepare script
npm test # vitest unit suiteRegister with your MCP client (example: Claude Code / Claude Desktop):
{
"mcpServers": {
"knobe": {
"command": "node",
"args": ["/absolute/path/to/knobe-mcp/dist/index.js"],
"env": {
"KNOBE_ROOT": "/path/to/your/documents",
"KNOBE_DEFAULT_AUTHOR": "Your Organization"
}
}
}
}Then ask your agent things like:
Convert report.docx to markdown, then seal it as a KNOBE document. Verify everything in ./inbox and tell me what failed. Seal these 40 converted files with the company as author.
Tools
Tool | Kind | Purpose |
| write | Seal an existing file's content into a |
| write | Seal a text body passed in the call (in-memory pipeline output) |
| write | Seal up to 200 files; author confirmed once per batch (or per file with |
| read-only | Integrity + conformance report; optional |
| read-only | Report + sealed payload + body preview |
Integrity states reported by knobe_verify / knobe_read:
verified · verified-body-modified (seal intact, body changed) ·
failed (hash mismatch) · unreadable.
The author prompt (human-in-the-loop)
Sealing attributes authorship, so it is never silent:
If the connected client supports MCP elicitation, the user is prompted to confirm or change the author before each seal (batch = one prompt). The agent's
authorparameter andKNOBE_DEFAULT_AUTHORare only proposals pre-filled into the prompt. Decline/cancel aborts the seal — nothing is written.If the client cannot elicit, the explicit
authorparameter orKNOBE_DEFAULT_AUTHORis used as-is; with neither, the seal fails with an actionable error.KNOBE_NO_CONFIRM=1skips the prompt when an author is already known — for trusted, headless batch pipelines only.
This design means a prompt-injected or misbehaving agent cannot fabricate attribution: the human either confirmed the author or explicitly configured the pipeline to run unattended.
Environment
Variable | Effect |
| Confine every read/write to this directory (recommended). Checked both lexically and via symlink resolution — a symlink inside the root pointing outside it is rejected. |
| Fallback/proposed author, e.g. your organization name |
|
|
Behavior notes
Output defaults to
<source>.knobe.md(report.md→report.knobe.md); existing files are never overwritten unlessoverwrite=true(atomic exclusive-create, no check-then-write race).Size limits: 16 MB per file read, 2,000,000 characters for
knobe_seal_textbodies, 200 files per batch.If the user declines an author prompt mid-batch (
confirm_each=true), the batch stops; already-sealed files stay on disk and are reported withaborted: true.Freshly sealed documents carry the protocol default
quarantine_status: "quarantine", soknobe_verifywithaction: "redistribute"correctly reports not permitted until the document's governance fields say otherwise — that is KNOBE working as designed.Everything inside a KNOBE document (body, payload) is untrusted content;
knobe_readreturns it as data, not instructions.
Development
npm run build # tsc + copies the vendored engine into dist/
npm test # 31 vitest unit tests
npm run dev # run from source via tsxLayout: pure logic in src/seal-core.ts / src/author.ts / src/files.ts
(unit-tested, no SDK imports at runtime), thin MCP tool layer in
src/tools.ts, entry point src/index.ts.
The sealing engine src/engine/knobe-core.js is vendored verbatim from
https://knobe.org/knobe-core.js — the official KNOBE Protocol v1 reference
engine. Do not modify it; to update, re-download from the live site and rerun
the tests.
License
Apache-2.0. Includes the KNOBE Protocol v1 engine
(src/engine/knobe-core.js), © knobe.org, also Apache-2.0.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/KnobeDev/knobe-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server