signedapproval
Help Center

MCP Server

Use SignedApproval as an MCP tool in Claude Code, Cursor, and other AI agents that support the Model Context Protocol.

Key Concepts

The Model Context Protocol (MCP)is an open standard for connecting AI assistants to external tools. SignedApproval's MCP server exposes approval tools that AI agents can call to request human authorization before performing high-risk actions.

The MCP server lives in the mcp/ directory of the SignedApproval repository. It uses stdio transport and supports bootstrap-at-startup -- if no API key is configured, the server initiates a consent-based bootstrap flow to obtain one.

Setup Guide
1

Build the MCP server

bash
cd mcp
npm install
npm run build
2

Add to Claude Code settings

Add the MCP server to your Claude Code configuration. In your .claude/settings.json or global config:

JSON
{
  "mcpServers": {
    "signedapproval": {
      "command": "node",
      "args": ["/path/to/signedapproval/mcp/dist/index.js"],
      "env": {
        "SIGNEDAPPROVAL_EMAIL": "your-email@example.com"
      }
    }
  }
}
3

Bootstrap (first run)

On the first run, the MCP server detects no cached API key and initiates a bootstrap flow:

  1. The server calls POST /api/v1/bootstrap with your email and a client name.
  2. A consent approval request is sent to your phone (or dashboard).
  3. You approve the bootstrap request, granting the MCP server an API key.
  4. The API key is cached to ~/.signedapproval/config.json.

Subsequent launches reuse the cached key.

Available MCP Tools

The MCP server exposes these tools to the AI agent:

  • request_approval -- Creates an approval request with an action description and waits for a decision.
  • check_approval -- Checks the status of a previously created approval request.
  • verify_approval -- Verifies the Ed25519 signature of a decided approval.

Usage in AI Agents

The typical pattern for using SignedApproval in an AI agent workflow:

  1. Agent identifies a high-risk action (deployment, data deletion, financial transfer).
  2. Agent calls request_approval with a description of the action.
  3. Agent polls check_approval until the request is decided or expires.
  4. If approved, agent proceeds with the action. If rejected or expired, agent stops and reports.
  5. Agent optionally verifies the signature for its own records.

Re-bootstrapping

If you need to re-bootstrap (e.g., after revoking the cached API key), delete the cached config file:

bash
rm ~/.signedapproval/config.json

The next time the MCP server starts, it will initiate a new bootstrap flow.

Note
The MCP server uses stdio transport, which means it communicates with the host application via standard input/output. This is the standard transport for Claude Code and most MCP-compatible IDEs.
Tip
You can also use SignedApproval through the Clevername gateway by activating the signedapproval MCP server: activate_mcp("signedapproval"). This routes through Clevername's audit and governance layer.
Related Articles
Bootstrap FlowSDKsHow Approvals Work