npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@powforge/mcp-identity

v0.7.2

Published

MCP server exposing PowForge Depth-of-Identity oracle to Claude Code, Cursor, and any MCP-compatible agent. Three tools: doi_score_lookup (priced via L402), doi_sign_vouch (unsigned-event builder), doi_score_verify (offline schnorr verification). The Ligh

Downloads

432

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zekebuildszekebuilds

Keywords

mcpmcp-servermodel-context-protocolmodelcontextprotocolidentitydepth-of-identitynostrlightningl402agent-authagentschnorrclaudeaipowforge

Readme

@powforge/mcp-identity

MCP server exposing the PowForge Depth-of-Identity oracle to Claude Code, Cursor, Continue, and any other Model Context Protocol-compatible agent.

Three tools, Lightning-Network paid, Schnorr-verifiable.

Why this exists

Most agent-auth systems issue a flat verified Y/N JWT. PowForge issues a continuous Depth-of-Identity score (0-100, four dimensions of irreversible work: social, access, vouch, economic) and prices the L402 invoice as a function of the caller's own DoI. High DoI → cheaper. Low DoI → more expensive. The price IS the trust signal.

This MCP package is the agent-side surface for that flow. It speaks to the live oracle at https://identity.powforge.dev/oracle/doi-score and gives MCP-aware clients three composable primitives.

Install

npx -y @powforge/mcp-identity --install

That prints a JSON block ready to paste into your MCP config (e.g. ~/.config/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "powforge-identity": {
      "command": "npx",
      "args": ["-y", "@powforge/mcp-identity"]
    }
  }
}

Restart your MCP client. The three tools appear automatically.

Tools

doi_score_lookup

Fetch a Depth-of-Identity score for a Nostr pubkey from the PowForge oracle.

Input:

{
  "pubkey": "b4b12dfbc3dfdfa803bb72e344e761dc78db4ec2058c8db3f1c3ac63f9e42b44",
  "auth": {
    "macaroon": "<from prior 402>",
    "preimage": "<lightning preimage after paying invoice>"
  }
}

pubkey accepts either a 64-hex Nostr pubkey or an npub1... bech32 string. auth is optional on the first call — omit it to receive the L402 challenge.

Output (first call, payment required):

{
  "paid": false,
  "challenge": {
    "payment_required": true,
    "macaroon": "...",
    "invoice": "lnbc10n1...",
    "payment_hash": "8f51d2...",
    "price_sats": 1,
    "scope": "identity-score:lookup",
    "next_step": "Pay the bolt11 invoice. Re-invoke this tool with auth: { macaroon, preimage } to receive the signed score."
  }
}

Output (second call, after payment):

{
  "paid": true,
  "envelope": {
    "pubkey": "b4b12d...",
    "composite": 47,
    "rank": "established",
    "depth": {
      "social": { "score": 18, "...": "..." },
      "access": { "score": 12, "...": "..." },
      "vouch": { "score": 9, "...": "..." },
      "economic": { "score": 8, "...": "..." }
    },
    "signed_by": "b4b12d...",
    "signed_at": 1700000000,
    "valid_until": 1700003600,
    "signature": "<128-char hex schnorr>"
  }
}

Why the two-step flow? The MCP server is stateless and key-free by design. It never holds your Lightning credentials. Your wallet handles payment; you pass the preimage back in. This mirrors how lnget works in Lightning Labs' Lightning Agent Tools.

doi_sign_vouch

Build an UNSIGNED kind:33335 PowForge vouch event template. The MCP server intentionally never holds keys — you sign externally (via NIP-07 extension, hardware wallet, or scripts/vouch-publish.js) and publish to relays.

Input:

{
  "target": "<64-hex pubkey of the subject being vouched>",
  "depth": 47,
  "vouch_count": 5,
  "sats": 100,
  "content": "fellow builder"
}

sats and content are optional.

Output:

{
  "unsigned_event": {
    "kind": 33335,
    "created_at": 1700000000,
    "tags": [
      ["p", "<target>"],
      ["depth", "47"],
      ["vouch_count", "5"],
      ["sats", "100"]
    ],
    "content": "fellow builder"
  },
  "instructions": "Sign this event with your Nostr secret key, then publish to relays."
}

doi_score_verify

Locally verify a Schnorr-signed DoI score envelope. No network call. The default oracle pubkey is hardcoded as b4b12dfbc3dfdfa803bb72e344e761dc78db4ec2058c8db3f1c3ac63f9e42b44. Override via oracle_pubkey argument or the ORACLE_PUBKEY env var.

Input:

{
  "envelope": { "...": "the full signed JSON returned by a prior doi_score_lookup" },
  "oracle_pubkey": "<optional override>"
}

Output:

{ "valid": true, "oracle_pubkey": "b4b12d..." }

Or, on failure:

{ "valid": false, "oracle_pubkey": "b4b12d...", "reason": "signature_invalid" }

Reason codes: envelope_not_object, missing_signature, signed_by_mismatch, malformed_signature, malformed_pubkey, signature_invalid, verify_threw: <err>.

Use case: an agent receives a DoI score from a counterparty and wants to confirm the oracle really signed it before pricing/gating their interaction. No round-trip required.

Environment variables

| Var | Default | Purpose | |-----|---------|---------| | ORACLE_URL | https://identity.powforge.dev | Oracle base URL | | ORACLE_PUBKEY | b4b12d... | Override oracle's schnorr pubkey for verification |

Differentiation from LiveAuth and similar agent-auth packages

| | LiveAuth | @powforge/mcp-identity | |---|---|---| | Identity signal | binary verified Y/N JWT | continuous 0-100 DoI score, four dims | | Pricing | flat sats | function of caller's own DoI | | Verification | server-side JWT check | offline schnorr (this package) | | Vouch graph | none | NIP kind:33335, sqrt-diluted, cycle-detected | | Open source | not yet (per HN, Mar 2026) | yes (this repo + @powforge/identity) | | Bitcoin chaintip binding | none | freshness window via signed bitcoin_tip |

Related packages

  • @powforge/identity — the SDK that computes DoI scores from raw Nostr events. The oracle wraps this SDK.
  • @powforge/captcha — the human-vs-agent gate that pairs with this oracle for full agent-auth flows.

Links

License

MIT.