verify-gate-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@verify-gate-mcpCreate a task for /healthz endpoint with criteria."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
verify-gate-mcp
An MCP server that enforces one rule: the agent that does the work can never mark it complete. Tasks are created with acceptance criteria, claimed done by one agent (with evidence), and can only be verified by a different agent. Terminal states are irreversible.
Why this exists
Three catches from running this gate in production, before open-sourcing it:
A devops agent reported a "fix" for a P0 incident. The verify gate found no fix was actually running.
A trading gate had a fail-OPEN bug (the system would trade when it should have halted). Verification caught it before any live capital was exposed.
Work that is actually done passes clean on the first try. The gate converges; it is a filter, not a wall.
All three came from the same rule: prover and verifier must be different agents, and the gate lives server-side, backed by a SQLite CHECK constraint, not in a prompt. The failure mode this guards against is honest-but-lazy agents: an agent marking its own work as verified out of convenience or context-blur.
Related MCP server: nobulex-mcp-server
Invariants
Criteria at birth: a task cannot exist without ≥1 non-empty acceptance criterion; there is no add-criteria-later tool.
Prover recorded:
claim_donepermanently records the claiming agent and evidence.Prover ≠ verifier:
verifyhard-rejects when the verifier is the claimer (E_SELF_VERIFY), for both verdicts.Forward-only:
pending → claimed → (verified | rejected). Both end states are terminal; a rejected task's remediation is a new task withsupersedesset for lineage.
Install
Requires any MCP-capable agent client; Claude Code is the tested reference client.
From source (npm package coming soon):
git clone https://github.com/Monkeyattack/verify-gate-mcp.git
cd verify-gate-mcp
npm install && npm run build
node dist/index.js --db ./tasks.dbClaude Code / MCP client config:
{
"mcpServers": {
"verify-gate": {
"command": "node",
"args": ["/path/to/verify-gate-mcp/dist/index.js", "--db", "/shared/tasks.db"],
"env": { "VG_AGENT_ID": "devops" }
}
}
}Multiple agents each run their own stdio server process pointed at the same SQLite file (WAL mode); every state transition is a compare-and-swap inside an IMMEDIATE transaction, so concurrent claims have exactly one winner.
Quickstart: first verified task in under 15 minutes
You need two agent identities. The simplest setup is two Claude Code sessions pointed at the same database file, one launched with VG_AGENT_ID=devops, the other with VG_AGENT_ID=reviewer.
Step 1: create a task with checkable criteria
Criteria must be checkable by someone who did not do the work. "Endpoint returns 200" is checkable; "works well" is not. If the verifier cannot decide pass or fail from the criterion alone, rewrite it.
create_task({
"title": "Add /healthz endpoint to the api service",
"acceptance_criteria": [
"GET /healthz on the running service returns HTTP 200",
"Response body is JSON containing {\"status\": \"ok\"}",
"npm test passes with the new healthz test included"
],
"created_by": "devops"
})Returns { "task_id": "…", "status": "pending", "created_at": "…" }.
Step 2: worker claims done, with evidence
The worker (here, devops) does the work, then submits evidence: what was done and how each criterion is satisfied. Evidence is a claim to be tested, not a status flag.
claim_done({
"task_id": "<task_id from step 1>",
"agent_id": "devops",
"evidence": "Added healthz route in src/routes/health.ts. curl -i localhost:3000/healthz returns 200 with body {\"status\":\"ok\"}. Added tests/health.test.ts; npm test: 14 passed."
})The task is now claimed, and devops is permanently recorded as the prover. If devops tries to call verify on this task, the server returns E_SELF_VERIFY and the state does not change. Hand off to the second identity.
Step 3: a second agent verifies, fail-first
In the reviewer session, the verifier independently checks each criterion against the actual system: runs the tests, hits the endpoint, reads the code. It does not take the evidence at its word.
Suppose the endpoint works but the test was never committed. The verifier rejects, and notes are required on reject; name the specific gap:
verify({
"task_id": "<task_id>",
"verifier_agent_id": "reviewer",
"verdict": "rejected",
"notes": "Criteria 1 and 2 pass: GET /healthz returns 200 with {\"status\":\"ok\"}. Criterion 3 fails: tests/health.test.ts does not exist in the repo; npm test runs 13 tests, none cover healthz."
})The task is now rejected, and that is terminal. There is no reopen. Remediation is a new task that supersedes the dead one, carrying the lineage:
create_task({
"title": "Add /healthz endpoint to the api service (remediation)",
"acceptance_criteria": [
"GET /healthz on the running service returns HTTP 200",
"Response body is JSON containing {\"status\": \"ok\"}",
"npm test passes with the new healthz test included"
],
"created_by": "reviewer",
"supersedes": "<rejected task_id>"
})The worker fixes the gap (commits the test), claims done on the new task with updated evidence, and the verifier checks again:
verify({
"task_id": "<new task_id>",
"verifier_agent_id": "reviewer",
"verdict": "verified",
"notes": "All three criteria checked directly: endpoint returns 200 with correct body; tests/health.test.ts present; npm test 15 passed."
})That is the full loop: one rejection, one superseding retry, one verified close. get_task on either task shows the full append-only transition history; supersedes links the retry back to the rejection.
Tools
Tool | Effect |
| New |
|
|
|
|
| Full record + append-only transition history |
| Paginated summaries |
Errors are returned as tool results with isError: true and a JSON payload {code, message, current_status?}; codes include E_SELF_VERIFY, E_WRONG_STATE, E_NOT_FOUND, E_EMPTY_CRITERIA, E_EMPTY_EVIDENCE, E_MISSING_NOTES, E_INVALID_AGENT_ID, E_IDENTITY_MISMATCH.
State machine
create_task → pending → claim_done(A) → claimed → verify(B≠A) → verified | rejected
│
└ verify(A) → E_SELF_VERIFY (state unchanged)Identity model (v1)
agent_id is caller-declared (normalized: lowercase, trimmed, ^[a-z0-9][a-z0-9._-]{0,63}$). Optionally, launch with --agent-id <id> or VG_AGENT_ID to lock the connection: any tool call declaring a different agent_id fails with E_IDENTITY_MISMATCH. The threat model is honest-but-lazy agents, not adversarial identity forgery; an adversarial agent inside your fleet has already won.
What this is NOT
Not an orchestrator. It does not schedule, route, or run agents.
Not a project-management tool. There are no assignees, priorities, sprints, or due dates.
Not a task board.
list_tasksexists so agents can find work, not so humans can manage it.
It does one thing: gate completion behind independent verification. It composes with whatever orchestration, framework, or plumbing you already run; anything that speaks MCP can call it.
Contributing
npm install
npm run typecheck # tsc --noEmit
npm test # vitest
npm run buildThe PR bar is the same rule the tool enforces: every claim in a PR description must itself be verifiable. "Fixed the race in claim_done" needs the test that fails without the fix and passes with it.
License
MIT. A permissive license fits an integrity primitive: the gate is only useful if anyone can run it anywhere, unmodified or not.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Monkeyattack/verify-gate-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server