Skip to content
Verbitas Docs

MCP Server Overview

MCP Server Overview

verbitas-mcp is a Model Context Protocol server that exposes Verbitas functionality as callable tools to AI agents. It lets Claude Desktop, Cursor, Windsurf, and any MCP-compatible AI use Verbitas without writing HTTP requests.

What it does

The MCP server translates agent tool calls into authenticated requests to the Verbitas API. It enforces a set of safety rules before making any API call.

AI agent (Claude / Cursor / custom)
    
    │  MCP protocol (stdio)
    
verbitas-mcp (local npm process)
    
    │  HTTPS
    
api.verbitas.io

The process runs locally on the machine where the AI agent is running. It has no network surface — it communicates with the agent via stdio and with the API over HTTPS.

Available tools

ToolScopeDescription
vb_signsignSign a local file
vb_verifyverifyVerify a file or asset by ID
vb_lookupverifyLookup by perceptual fingerprint
vb_recipes_listsignList available recipes
vb_recipe_createadminCreate a custom recipe
vb_get_audit_logadminRetrieve recent audit log entries

See Tools Reference for full parameter documentation.

How tool calls work

When an agent calls vb_sign:

  1. The MCP server validates the file path is caller-provided (not inferred from context).
  2. It checks the MIME type against an allow-list for the tool.
  3. It reads VERBITAS_API_KEY from the environment (never from the tool argument).
  4. It generates a UUIDv7 idempotency key.
  5. It submits POST /v1/sign to api.verbitas.io.
  6. It returns the structured result to the agent. The API key is never echoed.

What the MCP server does not do

  • It does not store files, API keys, or conversation context.
  • It does not accept API keys as tool arguments — keys come from the environment only.
  • It does not sign files the caller has not explicitly provided by path.
  • It does not create recipes with step kinds outside the closed enum.
  • It does not sign files larger than 100 MB (directs the agent to use presigned PUT instead).

Trust model

The MCP server acts as a local proxy between the agent and the API. The agent controls what file paths to sign and which recipes to use. The MCP server controls authentication and enforces input validation. The API controls authorization, billing, and the actual cryptographic operations.

An agent cannot use the MCP server to access API keys, other tenants’ data, or any functionality beyond what its key scope permits.

See MCP: Security for the full trust model.