Skip to main content
Glama
Prismer-AI

signet

by Prismer-AI
OverviewSchemaRelated ServersScoreDiscussions
Rust
Local

signet_sign

Sign MCP tool calls with an Ed25519 key to generate a cryptographic receipt, enabling audit and accountability for AI agent actions.

Instructions

Sign an action (tool call) with an Ed25519 key, producing a cryptographic receipt. Uses SIGNET_SECRET_KEY env var if set, otherwise requires secret_key argument.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
secret_keyNoBase64 secret key (optional if SIGNET_SECRET_KEY env is set)
toolYesTool name being called
paramsNoTool parameters (any JSON value)
signer_nameYesAgent name
signer_ownerNoAgent owner (optional)
targetNoTarget MCP server URI

Implementation Reference

  • packages/signet-mcp-tools/src/tools.ts:87-117 (handler)
    MCP tool handler for 'signet_sign'. Reads SIGNET_SECRET_KEY from env, validates required args (tool, signer_name), builds a SignetAction, and calls the core sign() function to produce a signed receipt JSON. This is the primary handler for the signet_sign MCP tool.
    case 'signet_sign': {
  const secretKey = process.env.SIGNET_SECRET_KEY;
  if (!secretKey) {
    return {
      content: [{ type: 'text', text: 'Error: SIGNET_SECRET_KEY environment variable is not set. Set it before starting the server.' }],
      isError: true,
    };
  }
  if (!args?.tool || !args?.signer_name) {
    return {
      content: [{ type: 'text', text: 'Error: tool and signer_name are required.' }],
      isError: true,
    };
  }
  const action: SignetAction = {
    tool: args.tool as string,
    params: args?.params ?? {},
    params_hash: '',
    target: (args?.target as string) ?? '',
    transport: 'mcp',
  };
  const receipt = sign(
    secretKey,
    action,
    args.signer_name as string,
    (args?.signer_owner as string) ?? '',
  );
  return {
    content: [{ type: 'text', text: JSON.stringify(receipt) }],
  };
}
  • packages/signet-mcp-tools/src/tools.ts:34-46 (registration)
    Tool registration for 'signet_sign' in the ListToolsRequestSchema handler. Defines name, description, and inputSchema with parameters: tool, params, signer_name, signer_owner, target.
    name: 'signet_sign',
description: 'Create a Signet receipt for a tool call before execution. The secret key is read from the SIGNET_SECRET_KEY environment variable (never passed as an argument). Returns the full signed receipt JSON.',
inputSchema: {
  type: 'object' as const,
  properties: {
    tool: { type: 'string', description: 'Name of the tool or action being attested, for example github_create_issue or file_write.' },
    params: { description: 'Exact JSON arguments to bind into the receipt. Changing this JSON later will change the params hash and invalidate verification expectations.' },
    signer_name: { type: 'string', description: 'Stable signer or agent name that will appear in the receipt, such as ci-agent or research-bot.' },
    signer_owner: { type: 'string', description: 'Optional human, team, or org that owns the signer identity.' },
    target: { type: 'string', description: 'Optional target URI for the system where the action will run, such as mcp://github.local.' },
  },
  required: ['tool', 'signer_name'],
},
  • packages/signet-core/src/index.ts:9-20 (schema)
    TypeScript interface for SignetAction, the data structure representing the action being signed. Used by the signet_sign handler to build the action payload.
    export interface SignetAction {
  tool: string;
  params: unknown;
  params_hash: string;
  target: string;
  transport: string;
  session?: string;
  call_id?: string;
  response_hash?: string;
  trace_id?: string;
  parent_receipt_id?: string;
}
  • packages/signet-core/src/index.ts:67-76 (helper)
    Core sign() function that wraps the WASM-based signing logic. Called by the signet_sign handler to produce the signed receipt.
    export function sign(
  secretKey: string,
  action: SignetAction,
  signerName: string,
  signerOwner: string,
): SignetReceipt {
  const actionJson = JSON.stringify(action);
  const receiptJson = wasm_sign(secretKey, actionJson, signerName, signerOwner);
  return JSON.parse(receiptJson);
}
  • bindings/signet-py/python/signet_auth/decorator.py:298-301 (handler)
    Python alias: 'signet_sign = signet_tool' — a decorator-based API for signing tool calls, provided as backward-compatible name in the Python bindings.
    signet_sign = signet_tool

# Convenience aliases
sign = signet_sign

Tool Definition Quality

A3.7/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description must cover behavioral traits. It mentions key sources but omits edge cases (e.g., both env and arg provided), error behavior, and the receipt format, leaving significant gaps.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Single sentence, front-loaded with verb and resource, no wasted words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

With 6 parameters and no output schema, the description explains the signing action but omits the return value (cryptographic receipt structure), which is needed for a complete understanding.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% (baseline 3). The description adds value by explaining the secret_key's optionality via env var fallback, which is not fully captured in the schema description alone.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description uses a specific verb 'Sign' and resource 'action (tool call)' with Ed25519 key, clearly distinguishing it from sibling tools like verification or key generation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explains two key sourcing methods (env var vs argument) but lacks explicit guidance on when to use signing versus other tools or prerequisites like key availability.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Prismer-AI/signet'

If you have feedback or need assistance with the MCP directory API, please join our Discord server