@yobekasbah/mcp-server
v3.0.4
Published
Kasbah MCP Server — cryptographic trust layer for agentic AI. Govern, sign, and verify every agent action from Claude Code, Cursor, or any MCP host.
Maintainers
Readme
@yobekasbah/mcp-server
The trust layer for agentic AI — drop into Claude Desktop, Claude Code, Cursor, Cline, or any MCP-compatible host. Govern, sign, and verify every action your agent takes. Every decision gets a verdict + an Ed25519-signed receipt that's verifiable offline, forever.
https://kasbah-api.fly.dev · Get a free API key · Receipt Spec v2
Install
npx -y @yobekasbah/mcp-serverThat's it. No global install needed.
1. Get a free API key
https://kasbah-api.fly.dev/v1/auth/signupYou get a key (ksk_…), a workspace, and a generous free tier. The key is required for the governance tools (kasbah_attest, kasbah_check_compliance, kasbah_trace_intent, kasbah_cost_guard).
2. Configure your host
Add to ~/.claude/mcp.json (or mcp.json for Cursor / Cline / your host):
{
"mcpServers": {
"kasbah": {
"command": "npx",
"args": ["-y", "@yobekasbah/mcp-server"],
"env": {
"KASBAH_API": "https://kasbah-api.fly.dev",
"KASBAH_API_KEY": "ksk_your_key_here",
"KASBAH_AGENT": "my-agent"
}
}
}
}Local dev? Point KASBAH_API at your own engine instead:
git clone https://github.com/Al-Adnane/Kasbah-Core
cd Kasbah-Core
node packages/api-server/server.js
# → engine on http://127.0.0.1:8788, kid 029e59…What you get
Seven tools, three jobs.
Trust layer — kasbah_attest · kasbah_verify · kasbah_status · kasbah_export_audit
Governance moats — kasbah_check_compliance · kasbah_trace_intent · kasbah_cost_guard
kasbah_attest
Call this before any side-effecting action — file write, shell exec, HTTP request, payment, tool call. Returns a verdict and a signed receipt.
const r = await mcp.call('kasbah_attest', {
action: 'shell_exec',
input: 'rm -rf /var/db',
context: 'cleanup script',
surface: 'claude-code'
});
// → { verdict: 'DENY', receipt: 'kasbah_receipt:v2:ed25519:…',
// guidance: 'STOP. Kasbah denied this action. Do not proceed.' }When verdict === 'DENY', stop. Kasbah caught something the agent shouldn't do. The receipt is your proof.
kasbah_status
Show what Kasbah has done for you. Running totals: $ saved, decisions blocked, PII redactions, top token sinks, latest receipt + verify link, dashboard URLs. Call this anytime to see real value-for-money.
const r = await mcp.call('kasbah_status');
// → {
// headline: "1,247 decisions signed · 47 blocked · $34.21 saved this session",
// money: { saved_this_session_usd: 34.21, top_models_by_cost: [...] },
// safety: { blocked: 47, warned: 12, threats_detected: 8, top_sink: {...} },
// receipts:{ signing_key_id: "029e59…", verify_latest_offline_url: "..." },
// dashboards: { live_stream: "...", verify_any_receipt: "..." },
// feedback: "mailto:[email protected]?…"
// }kasbah_export_audit
Export a compliance bundle (last N signed decisions) as a tamper-evident JSON archive. Each entry includes its Ed25519 signature + the public key fingerprint. Hand this to your SOC 2 / EU AI Act auditor — they verify it offline, no Kasbah account needed.
const bundle = await mcp.call('kasbah_export_audit', { limit: 1000, verdict: 'DENY' });
// → { bundle_format_version: "kasbah-audit-bundle-v1",
// signing_public_key: { kid: "029e59…", x: "...", pem: "..." },
// entries: [{ timestamp, verdict, receipt, receipt_payload, ... }],
// how_to_verify: "..."
// }kasbah_verify
Verify any Kasbah receipt cryptographically. Works offline — only needs the cached public key.
const v = await mcp.call('kasbah_verify', { receipt, payload });
// → { verified: true, keyId: '029e59…', decoded: { … } }kasbah_check_compliance
Evaluate an action against HIPAA / GDPR / SOC 2 / PCI-DSS rule packs before it runs. Returns a decision with the cited rule.
const c = await mcp.call('kasbah_check_compliance', {
verb: 'EXPORT', target: 'patient_records', content: 'SSN 123-45-6789'
});
// → { decision: 'DENY', summary: 'DENIED by H-002: SSN/DOB in agent output requires redaction',
// guidance: 'Blocked by compliance policy — do not proceed.' }kasbah_trace_intent
Catch distributed, multi-step attacks invisible to single-step scanners — exfiltration pipelines, privilege-escalation chains, cost bombs. Pass the recent steps, one VERB target per line.
const t = await mcp.call('kasbah_trace_intent', {
steps: 'READ patient_db\nAGGREGATE records\nENCODE base64\nSEND external.evil.com'
});
// → { verdict: 'CRITICAL', summary: 'Data Exfiltration Pipeline (critical) — 100% confidence',
// guidance: 'Multi-step attack trajectory detected — halt the agent and alert the user.' }kasbah_cost_guard
Runaway-loop and spend governor. Recommends ALLOW / THROTTLE / BLOCK before an expensive or repeated call.
const g = await mcp.call('kasbah_cost_guard', { agent: 'orchestrator', tool: 'web_search', calls: 8 });
// → { action: 'BLOCK', reason: 'runaway_loop_detected',
// usage: { band: 'mid', costPerHour: 0.32, tokensPerMin: ... },
// guidance: 'Stop — runaway loop or budget breach. Do not make this call.' }Configuration · environment variables
| Var | Default | What it controls |
|---|---|---|
| KASBAH_API | http://127.0.0.1:8788 | Engine endpoint (use https://kasbah-api.fly.dev for hosted) |
| KASBAH_API_KEY | (none) | Required for governance tools. Free key at get a free key |
| KASBAH_AGENT | mcp-agent | Identifier in audit receipts |
| KASBAH_VERIFY_BASE | https://kasbah-api.fly.dev/demo/verify | Public verifier URL stamped into receipts |
| KASBAH_NO_TELEMETRY | (unset) | Set to 1 to opt out of the anonymous boot-count ping to /_pulse. We collect zero prompts, payloads, or PII — only that the MCP started. |
Got feedback? Found a bug?
Email [email protected] · Issues: github.com/Al-Adnane/Kasbah-Core/issues
Every kasbah_status response includes a one-click feedback mailto: so you can tell us what's working and what isn't, right from your IDE.
Verify it works
node -e "
const { spawn } = require('child_process');
const p = spawn('npx', ['@yobekasbah/mcp-server'], { stdio: ['pipe', 'pipe', 'inherit'] });
p.stdin.write(JSON.stringify({ jsonrpc:'2.0', id:1, method:'initialize', params:{} }) + '\n');
p.stdout.on('data', d => { console.log(d.toString()); p.kill(); });
"
# → { jsonrpc:'2.0', id:1, result: { protocolVersion:'2024-11-05',
# capabilities:{tools:{}}, serverInfo:{name:'kasbah', version:'3.0.0'} } }The receipt format
Every receipt this server returns is Ed25519-signed by the engine following Receipt Spec v2. Anyone with the engine's public key can verify it offline:
curl https://kasbah-api.fly.dev/.well-known/kasbah-keys.json
# → { "keys": [{ "kid": "029e59…", "alg": "EdDSA", "crv": "Ed25519", "x": "…" }] }The format is open, the verifier is open (standalone WebCrypto, 200 lines), and your receipts will verify as long as the spec lives — even if Kasbah ceased to exist tomorrow.
Production Notes
Signing Key Persistence
The engine generates an Ed25519 signing key on first boot (data/engine-key.priv.pem).
This key is the root of trust for all receipts. If the container is recreated without
a volume mount, old receipts become unverifiable.
For production deployments, mount a persistent volume:
# Docker
docker run -v kasbah-data:/app/packages/api-server/data ...
# Fly.io
fly volumes create kasbah_data --size 1Engine Availability
The governance tools call the Kasbah engine at the configured KASBAH_API URL.
If the engine is unreachable, kasbah_attest still signs the action but marks it
governed: false (fail-open on availability, never on a real DENY). The other
governance tools surface a clear error. For production, use the hosted endpoint
https://kasbah-api.fly.dev or run the engine on a high-availability host.
License
MIT.
