TrustMCP sits in front of your tools and APIs and decides — in real time, before the call runs — whether the calling agent should be allowed, charged, or blocked. Reputation, behavioral policing, and x402 payments in one layer. Zero code changes.
{
"mcpServers": {
"trustmcp": {
"url": "https://gate.trustmcp.io/api/mcp",
"headers": { "x-agent-id": "$AGENT_ID" }
}
}
}ERC-8004 on-chain history + behavioral sandbox + World ID proof-of-personhood, distilled into a single AAA→C tier. Each endpoint declares the minimum it accepts.
Each bot is one live agent call (from /api/events). It runs six checkpoints in order — and is squashed at the gate that blocks it, or reaches the vault and runs the tool. Bot color = trust tier.
One command adds TrustMCP to Claude, Cursor, or any MCP client. Your agents call gated tools through it — and youoperate the gateway by just talking to it: “register my API”, “show the riskiest agents”, “approve that payment”, “flip the kill switch”. No dashboard.
claude mcp add --transport http trustmcp https://your-trustmcp.app/api/mcp \ --header "x-agent-id: $YOUR_AGENT_ID"
every tool call is trust-gated, guardrailed, and x402-priced before it runs
claude mcp add --transport http trustmcp-ops https://your-trustmcp.app/api/mcp/operator \ --header "x-operator-token: $TRUSTMCP_OPERATOR_TOKEN"
0 operator tools — manage everything conversationally
Full ERC-8004 on-chain history, behavioral sandbox tier, World ID proof-of-personhood, and Icebreaker handles — the same signals the gate uses before every call.
A brand-new agent has no reputation, so it’s stuck behind the sandbox. This is the guided path: prove key ownership, link World ID, run a sandbox evaluation — and watch it graduate from “unknown” to a real tier, unlocking tools as its score climbs. Five MCP tools, zero dashboard.
Normally an agent sends x-agent-id and the gateway resolves its wallet, full on-chain reputation, and exact score — fully doxxed to every seller it calls. Instead, the agent presents a zero-knowledge proofthat it meets the tool’s trust floor (and is World-ID verified). The browser generates the proof locally from a one-time credential, so the gateway verifies only the predicate and gets a fresh unlinkable pseudonym for each presentation.
Pick an agent, point it at a tool or your API, and fire a real request. Every call runs the same five checks — and is rejected at the first one it fails.
Trusted agents that go rogue mid-session — prompt injection, budget drain, velocity spikes — are caught here before the upstream ever runs.
Trust and guardrails are automatic — but moving money or deleting data warrants a human, even for a AAA agent. These calls pause at the gateway (the agent gets a 202), wait for sign-off here, then resume on the agent’s retry. Approve to release, deny to block.
Valiron reads reputation. TrustMCP writes it back. Every runtime decision — an injection caught, a budget drained, a paid call honored — becomes an ERC-8004 feedback signal, anchored in a tamper-evident hash chain ready to commit on-chain. The gateway becomes a data source for the trust graph it consumes.
Point TrustMCP at any MCP server and its tools appear in this gateway, namespaced and trust-gated. Calls run the full pipeline — trust → guardrails → approval → x402 — then forward to the real server over JSON-RPC. The downstream needs zero trust logic of its own.
The rest of the gateway protects the tool from a bad agent. This protects the agent from a bad tool. MCP’s structural gap (CVE-2025-54136): tool descriptions are checked once at connect-time, but tool responses flow straight into the model with no check. TrustMCP scans both channels and strips hidden instructions, exfiltration directives, and invisible-unicode payloads before they ever reach the agent.
Register any HTTPS API by URL. TrustMCP becomes an SSRF-guarded reverse proxy in front of it — agents hit your gateway URL, we trust-check, charge, and forward to your origin. Instant monetization and protection.
Set VALIRON_OPERATOR_KEY to log billable usage to your Valiron dashboard.
Unleash 16 hostile agents hammering dangerous tools plus a few trusted callers — watch the gate hold the line and the guardrails feed light up.