Skip to main content
Glama

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
MATRIXSCROLL_HOMENoOverride the path for the device.json key store (default: ~/.matrixscroll).
MATRIXSCROLL_MODENoMode of the identity provider: 'emulated' (software key) or 'hardware' (SE050 preview).emulated
MATRIXSCROLL_TOOLNoTool name to record in the commit envelope (e.g., 'agent-runner').
MATRIXSCROLL_ACTOR_TYPENoActor type to record in the commit envelope (e.g., 'agent', 'human').

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
create_envelopeA

Create a signed Git commit envelope with Ed25519 provenance metadata.

Use after staging changes and before or after ``git commit`` when you need
commit-time actor/tool proof. Prefer ``sign_action`` for non-Git evidence
(CI steps, IaC, migrations). Do not use for verification — call
``verify_envelope`` or ``verify_pr_range`` instead.

Side effects: may write ``.matrixscroll/envelopes/<sha>.json`` when ``save``
is true. Requires a Git repo and Matrix Scroll identity store. No network.
Returns ``{ok, sha, envelope, path, error?}``.

Parameters:
    workspace: Git repo root (defaults to detected repo).
    commit_sha: Existing commit to envelope (defaults to staged/next commit).
    actor_type: Provenance actor, e.g. agent, human, ci.
    tool: Producing tool name, e.g. cursor, claude-code.
    agent_scope: Optional bounded scope path/glob for agent commits.
    sign: Ed25519-sign the envelope (default True).
    save: Persist under .matrixscroll/envelopes (default True).
verify_envelopeA

Verify one signed commit envelope offline against RFC 8032 Ed25519 rules.

Use for a single commit SHA or explicit envelope JSON file. Prefer
``verify_pr_range`` for PR/branch ranges and ``audit_export`` for procurement
bundles spanning many commits. Do not use when you only need hook status —
call ``status`` instead.

Read-only: no network or SSX360_API_KEY required. Does not modify Git state.
Returns ``{ok, sha, actor_type, mode, error?, envelope?}``; ``ok`` is false
on signature, policy, expiry, or missing-envelope errors.

Parameters:
    workspace: Git repo root (defaults to detected repo).
    commit_sha: Commit SHA to verify (uses local envelope file).
    envelope / envelope_path: Optional explicit path to envelope JSON.
    require_mode: Policy filter, e.g. emulated or hardware (empty skips).
    trusted_keys / trusted_keys_file: JSON file listing trusted public keys.
    check_expiry: Reject envelopes with expired delegation timestamps.
    require_actor_types / deny_actor_types: Actor policy allow/deny lists.
verify_pr_rangeA

Scroll Gate: verify signed/unsigned commits across a PR commit range.

Use for merge gates and PR review (many commits). Prefer ``verify_envelope``
for one commit offline. Prefer ``audit_export`` when auditors need bundles,
not pass/fail on a range.

Hosted mode (default): calls ssx360.com; requires SSX360_API_KEY.
Set ``source=local|notes|bundle`` to verify offline without an API key.
Read-only for Git refs; hosted mode emits usage to ssx360.com.
Returns ``{ok, verified_count, unsigned_shas?, failures?, error?}``.

Parameters:
    workspace: Git repo root (defaults to detected repo).
    base: Range start ref (exclusive), e.g. origin/main.
    head: Range end ref (inclusive), e.g. HEAD or PR head SHA.
    source: Envelope transport — hosted, local, notes, or bundle.
    notes_ref: Git notes ref when source=notes.
    bundle_dir: Bundle directory when source=bundle.
    require_mode: Policy require_mode filter.
    trusted_keys_file: Trusted keys JSON for signed/untrusted actor checks.
    require_actor_types / deny_actor_types: Actor policy lists.
publish_notesA

Publish local signed envelopes to git notes for CI Scroll Gate verification.

Use after ``create_envelope`` when CI reads ``refs/notes/matrixscroll``.
Do not use for offline single-commit checks — call ``verify_envelope``.
Do not use for hosted org audit — call ``audit_export`` with SSX360_API_KEY.

Side effects: updates the local git notes ref only; push
``refs/notes/matrixscroll`` to remote separately. Returns
``{ok, published, notes_ref, error?}``.

Parameters:
    workspace: Git repo root (defaults to detected repo).
    base: Range start ref (exclusive) for envelopes to publish.
    head: Range end ref (inclusive) for envelopes to publish.
    notes_ref: Git notes ref to write (default refs/notes/matrixscroll).
statusA

Report hook install state, local envelope count, and Matrix Scroll config.

Call first in a new repo before any verify/sign tool. Read-only: no Git or
filesystem writes, no network. Do not use for signature checks — call
``verify_envelope`` or ``verify_pr_range`` instead.

Returns ``{ok, config, hook_installed, envelope_count, mode?, device_id?}``.

Parameters:
    workspace: Git repo root (defaults to detected repo).
sign_actionA

Sign a universal provenance action envelope with the active Ed25519 identity.

Use for CI steps, IaC changes, DB migrations, API calls, contract deploys,
or agent delegation grants. Prefer ``create_envelope`` for Git commits.
Do not use for verification — call ``verify_envelope`` on exported JSON.

Side effects: writes ``save_path`` when set; uses local identity store.
No network unless you later upload the signed artifact yourself.
Returns ``{ok, signed, device_id, mode, path?, error?}``.

Parameters:
    action_type: Provenance label (git_commit, ci_step, iac_change, etc.).
    payload: JSON object to sign (no top-level signature block).
    key_path: Optional MATRIXSCROLL_HOME override for CI ephemeral keys.
    save_path: Optional file path to write the signed document.
audit_exportA

Export a compliance or procurement audit bundle with optional verification proofs.

Use when auditors need envelope bundles (JSON, GUAC JSONL, or evidence-pack).
Prefer ``verify_pr_range`` for merge-gate pass/fail on a commit range.
Prefer ``list_envelopes`` to browse hosted metadata without exporting files.

Hosted (Team+): requires SSX360_API_KEY; calls ssx360.com/api/v1/audit/export.
Local fallback: exports from git notes or on-disk envelopes when no API key.
Side effects: writes files under ``output_dir`` locally; hosted mode returns
download metadata. Returns ``{ok, bundle?, download_url?, error?}``.

Parameters:
    start_date / end_date: ISO 8601 UTC bounds (hosted filter).
    signer_id: Filter by device_id or public-key fingerprint.
    format: json, guac, or evidence-pack serialization.
    include_verification: Attach per-envelope verification replay data.
    workspace / base / head / output_dir: Local fallback range and output path.
list_envelopesA

List commit envelopes stored on ssx360.com for the authenticated organization.

Use for paginated org triage and agent memory. Requires SSX360_API_KEY.
Do not use for offline Git repos — call ``status`` and ``verify_envelope``.
Do not use for bulk export — call ``audit_export`` instead.

Read-only: no local Git writes. Returns ``{ok, envelopes, total?, error?}``.

Parameters:
    limit: Maximum envelopes per page (1–200, default 50).
    offset: Pagination skip index (zero-based).
    signer_filter: Optional device_id or public-key prefix.
connect_cardA

Probe AP2 Vault Card / SE050 USB CDC hardware signing bridge availability.

Use before hardware signing pilots to confirm the reader responds on the serial port. Do not use for everyday signing — use create_envelope (emulated mode) instead. Do not use for verification — call verify_envelope after envelopes exist. Prefer status to check local identity without opening USB.

Side effects: opens a short-lived serial session; does not export private keys. No SSX360_API_KEY required. Returns {ok, mode, reader_name, available?, error?}.

Parameters: reader_name: Serial port, e.g. COM3 or /dev/ttyACM0 (or env default). pin: Optional secure-element PIN; prefer MATRIXSCROLL_PIV_PIN in CI. timeout: Transport timeout in milliseconds (default 3000).

scan_mcp_serverA

Fingerprint an MCP server's tool surface into an unsigned ssx360.mcp-manifest.v1.

Use before ``sign_mcp_manifest`` to capture install-time tool names, descriptions,
and input schema hashes. Re-scan later and pass results to ``verify_mcp_manifest``
with a baseline to detect rug-pull drift. Read-only; no network required when
``tools`` is supplied directly.

Returns ``{ok, tool_count, surface_hash, manifest}``.
sign_mcp_manifestA

Ed25519-sign an MCP tool-surface manifest for offline install verification.

Use after ``scan_mcp_server``. Prefer ``verify_mcp_manifest`` for checks.
Side effects: may write ``save_path``; uses local identity store. No network.
Returns ``{ok, signed, device_id, path?, error?}``.
verify_mcp_manifestA

Verify a signed MCP manifest and optionally diff against an install-time baseline.

Use in CI or before trusting an MCP server after upgrade. Read-only; no network.
Returns ``{ok, surface_hash, tool_count, drift?, error?}``; ``ok`` is false on
bad signature or surface drift vs baseline.
sign_agent_traceA

Sign a browser-agent JSONL trace with the active Ed25519 identity.

Use when a WEB_WIZARD or Steel run completes. Hashes the full trace bytes,
records step count and run_id, and writes an offline-verifiable envelope.
Side effects: writes envelope file; uses local identity store. No network.
Returns ``{ok, signed, path?, error?}``.
verify_agent_traceA

Verify a signed agent trace envelope offline; optional trace byte check.

Use in CI or auditor handoff. Read-only; no network.
Returns ``{ok, run_id?, step_count?, error?}``.

Prompts

Interactive templates invoked by user choice

NameDescription
provenance_reportGuide an agent to produce a provenance audit report for a Git repository.

Resources

Contextual data attached and managed by the client

NameDescription
commit_envelope_schemaPublic JSON Schema for Matrix Scroll commit envelopes (v1).
action_envelope_schemaPublic JSON Schema for universal provenance action envelopes (v1).
mcp_manifest_schemaPublic JSON Schema for MCP tool-surface manifests (ssx360.mcp-manifest.v1, CC0).
specificationMatrix Scroll byte contract and verification rules (SPEC.md).

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SSX360/matrixscroll'

If you have feedback or need assistance with the MCP directory API, please join our Discord server