Countersign
OfficialCountersign
A neutral, cross-vendor control plane for AI agents that spend money. Countersign holds the policy, the freeze, and the audit ledger across multiple agent-wallet backends at once — the one thing no single wallet vendor can do, because each only governs its own rail. That aggregation is the moat.

Live version of this loop: countersign.network/demo.html · 60s video
One falsifiable test defines it: can Countersign freeze agents across many backends at once, in under a second, with a unified tamper-evident ledger of every attempt? Proven LIVE across four rails (Coinbase, Turnkey, Openfort, and a Lithic Visa card) in ~432ms on testnet.
This repository is the open-core front door — the Apache-2.0 packages you build against: the integration contract, the typed client, the MCP tools, and the x402 guard. The control-plane "brain" (the policy compiler, the hash-chained ledger, the vendor adapters, and the hosted Core) is separate and proprietary; you reach it over the network via the SDK/MCP, hosted at app.countersign.network.
Quickstart
Drop the kill switch + spend guard into any MCP client (Claude, Cursor, …) — one line:
// claude / cursor mcp config
{ "mcpServers": { "countersign": {
"command": "npx", "args": ["-y", "@countersign/mcp"],
"env": { "COUNTERSIGN_URL": "https://app.countersign.network", "COUNTERSIGN_API_KEY": "csk_…" }
}}}Or wire it into your own agent with the SDK:
import { CountersignClient } from "@countersign/sdk";
const cs = new CountersignClient({ baseUrl, apiKey });
await cs.evaluate({ agentId, amount, asset, venue }); // may this spend happen? (allow / deny / needs_approval)
await cs.freeze(); // the kill switch — every backend, < 1sGet a free testnet key at https://app.countersign.network/start?ref=gh-readme.
Agents paying agents? See examples/guarded-payee — the A2A/AP2
pattern where a payee advertises it is governed and the payer verifies that (and guards its own
payment) before any mandate is signed.
Related MCP server: AgentWallet MCP Server
Packages (this repo — all Apache-2.0)
Package | Role |
the | |
OpenAPI + typed REST/ws schema — the single source of truth for the Client↔Core wire interface | |
typed client over the Core API + live ledger subscribe | |
Countersign as MCP tools — kill switch + spend guard inside any MCP client | |
govern x402 (HTTP-402 machine payments) — guard a payment before it pays | |
govern AP2 (Agent Payments Protocol) — guard an agent-payment mandate before it executes |
The proprietary brain (policy compiler to each backend's native controls, ledger, Coinbase / Turnkey / Openfort / Lithic adapters, the hosted Core) lives in a separate private repository.
Prime directives (invariants)
Don't build cryptography — integrate vendor MPC/TEE; session keys, never master keys.
Build the layer above the wallets; cross-vendor aggregation is the product.
Fail-closed: no decision / no backend response ⇒ the transaction does not execute.
Backend-agnostic core; no vendor logic leaks past the
EnforcementProviderinterface.Append-only, hash-chained ledger is the source of truth.
Testnet only — mainnet follows a third-party security audit.
Links
Home: https://countersign.network · Hosted Core: https://app.countersign.network
npm:
@countersign/sdk·@countersign/mcp·@countersign/x402·@countersign/ap2Architecture:
docs/architecture.md· Security:SECURITY.md
Apache-2.0. Countersign holds policy, freeze, and a tamper-evident ledger — it never takes custody of funds.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/countersign-network/packages'
If you have feedback or need assistance with the MCP directory API, please join our Discord server