@cronozen/mcp-server
Tamper-proof audit trail for AI decisions. Record, verify, and export cryptographic proof chains via MCP.
Overview
This MCP server exposes 6 tools for AI decision provenance — recording decisions, verifying cryptographic integrity, and exporting audit-ready evidence. AI clients such as Claude Desktop connect over Streamable HTTP transport and interact with decision proofs through a standard MCP interface.
Transport: Streamable HTTP (not SSE, not stdio)
Session model: Stateful per-session transport with UUID session IDs
Auth forwarding: Per-request Bearer token is forwarded to the underlying API
Tools
Tool | Description | Required Params | Optional Params |
| Records an AI execution as a DPU. Creates a cryptographically chained proof record with SHA-256 hash chain. |
|
|
| Verifies a specific proof record's cryptographic integrity. Checks hash consistency. |
|
|
| Verifies the entire SHA-256 hash chain for a domain. Reports the first broken index if tampering is detected. |
|
|
| Retrieves a DPU by ID with full details including hash chain position, evidence level, and compliance info. |
| -- |
| Exports a DPU as a JSON-LD v2.0 document conforming to Cronozen Evidence Ontology. Includes 6W extraction and policy snapshot. |
| -- |
| Publicly verifies a DPU's cryptographic integrity without authentication. Checks hash validity and chain link integrity. |
| -- |
Quick Start
Prerequisites
Node.js 18+
A running Cronozen API endpoint
Install
npm installConfigure
cp .env.example .envEdit .env and set CRONOZEN_API_TOKEN to a valid JWT token.
Development
npm run devProduction
npm run build
npm startDocker
docker build -t cronozen-mcp-server .
docker run -p 3100:3100 \
-e CRONOZEN_API_URL=https://mcp.cronozen.com \
-e CRONOZEN_API_TOKEN=your-token \
cronozen-mcp-serverEnvironment Variables
Variable | Description | Default |
| Base URL of the Cronozen API |
|
| JWT Bearer token for API authentication | (none -- required) |
| Port the MCP server listens on |
|
Claude Desktop Configuration
{
"mcpServers": {
"cronozen-proof": {
"url": "https://mcp.cronozen.com/mcp",
"headers": {
"Authorization": "Bearer YOUR_JWT_TOKEN"
}
}
}
}Health Check
GET /health{
"status": "ok",
"server": "cronozen-decision-proof",
"version": "0.1.0",
"tools": 6,
"transport": "streamable-http",
"activeSessions": 0
}Authentication
The server supports two authentication modes:
Per-session Bearer token — Clients send an
Authorization: Bearer <token>header on the initial MCP request. The token is forwarded to all subsequent API calls for that session.Fallback to environment variable — If no Bearer token is provided in the request, the server uses the
CRONOZEN_API_TOKENenvironment variable.
The proof_public_verify tool calls the public verification endpoint which does not require authentication.
How It Works
Claude Desktop / AI Client
| HTTPS + Bearer token
v
Cronozen MCP Server (Streamable HTTP)
| HTTP + Bearer forwarding
v
Cronozen Decision Proof API
| SHA-256 hash chain
v
Tamper-proof Evidence StoreEvery AI decision is:
Recorded with structured metadata (domain, purpose, action, evidence level)
Chained via SHA-256 hash linking to the previous record
Verifiable — any record or entire chain can be cryptographically verified
Exportable as JSON-LD v2.0 for audit compliance
Use Cases
AI Agent Audit Trail — Track every decision an AI agent makes in production
Compliance Documentation — Auto-generate tamper-proof evidence for SOC2, EU AI Act, Korea AI Basic Act
Decision Provenance — Answer "why did the AI do this?" with cryptographic proof
Human-in-the-Loop Evidence — Record human approval/rejection alongside AI decisions
License
Apache-2.0
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.