@voltanotes/mcp

MCP server for Volta Notes — create and read burn-after-read encrypted notes from any AI agent.

Notes are end-to-end encrypted using AES-256-GCM. The decryption key lives only in the URL fragment — it is never sent to any server. Notes are stored on the Internet Computer and permanently destroyed after a single read.

Why

AI agents regularly need sensitive information at runtime — API keys, passwords, credentials. Today, users paste these into chat where they're stored permanently in conversation history.

With this MCP server, the pattern becomes:

1. User creates a note at voltanotes.com and sends the one-time URL

2. Agent calls read_volta_note — secret returned, note permanently destroyed

3. Nothing sensitive ever appears in chat history

Or in reverse — an agent can use create_volta_note to send credentials to a user via a self-destructing link.

Quick Start

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "volta": {
      "command": "npx",
      "args": ["-y", "@voltanotes/mcp"]
    }
  }
}

Claude Code

claude mcp add volta -- npx -y @voltanotes/mcp

Tools

create_volta_note

Creates an encrypted note and returns a one-time URL.

Returns: A voltanotes.com URL. The recipient opens it once, reads the content, and it's gone forever.

read_volta_note

Reads and permanently destroys a Volta note.

Returns: The decrypted note content. The note is permanently deleted from the canister — a second read will fail.

Agent Prompt Snippet

Add this to any agent's system prompt to enable secure credential handoff:

When you need a secret from the user (API key, password, credentials):
1. Ask them to go to voltanotes.com and paste the secret into the note field
2. They'll get a one-time URL — ask them to send it to you
3. Use the read_volta_note tool with that URL to retrieve the secret
The secret is permanently destroyed after you read it — it never appears in chat history.

Security Model

• AES-256-GCM encryption happens locally before anything is sent to the canister

• The encryption key exists only in the URL fragment (#...) — browsers and servers never transmit fragments

• The ICP canister stores only ciphertext — even if compromised, all data is unreadable

• Notes are destroyed on first read. Unread notes expire after 7 days.

• No accounts, no login, no tracking

How It Works

Agent calls create_volta_note("secret-api-key-123")
  → Local: generate AES-256 key + encrypt
  → ICP canister: store ciphertext → returns noteId
  → Return URL: voltanotes.com/r/{noteId}#{key}

User opens URL → read gate → clicks "Read note"
  → Browser: fetch ciphertext from canister (canister deletes it)
  → Browser: decrypt using key from # fragment
  → Display plaintext — note is gone forever

Requirements

• Node.js 18+ (uses built-in Web Crypto API)

License

MIT — Unprompted Labs