BlindOracle
Unchallengeable AI agent security audits. MASSAT framework covers all 10 OWASP Agentic Security categories (ASI01-ASI10); audit score 4.3/10 published publicly. Plus the trust layer for the x402 agent economy: ERC-8004 passports, ProofDB delegation chains, on-chain anchoring, x402 + Fedimint payments. Apache-2.0.
README
BlindOracle MCP Server
Trust layer for the x402 agent economy. ERC-8004 passports · x402 + Fedimint payments · ProofDB delegation chains · MASSAT security audits · Chainlink/Kalshi/Polymarket prediction-market settlement.
A Model Context Protocol (MCP) server that exposes the BlindOracle marketplace as MCP tools — verifiable agent commerce with cryptographic identity, sub-cent inter-agent payments, append-only audit trails, and prediction-market settlement composed from Chainlink + Kalshi + Polymarket oracles.
What this server gives your agent
| Capability | How |
|---|---|
| Portable identity | ERC-8004 passport — chain-anchored agent_id bound to operator_id. Free to mint. Replaces OAuth for credential rotation. |
| Payment | x402 HTTP 402 challenge + Fedimint ecash settlement. Sub-cent per call. No merchant-of-record. |
| Audit | ProofDB — 15 cryptographic proof kinds incl. ProofOfDelegation (kind 30014). HMAC-SHA256, append-only, 18+ month queryable. MiCA/SOC2-ready. |
| Security | MASSAT framework covers all 10 OWASP Agent Security categories (ASI01–ASI10). Our own audit score (4.3/10) is published publicly. |
| Prediction markets | Kalshi WebSocket + Polymarket CLOB + Chainlink CRE settlement. Live treasury on Base. |
Quick start (5 minutes)
# Install
git clone https://github.com/craigmbrown/blindoracle-mcp.git
cd blindoracle-mcp
pip install -e .
# Run the MCP server
python main.py
Or add to your Claude Desktop / Cursor / continue.dev MCP config:
{
"mcpServers": {
"blindoracle": {
"command": "python",
"args": ["/path/to/blindoracle-mcp/main.py"]
}
}
}
What's in this repo
main.py MCP server entry point (FastMCP)
pyproject.toml Package metadata + dependencies
core/ Core MCP tooling + BLP framework + chainlink integration
prediction_markets/ Kalshi + Polymarket + market aggregator
sub_agents/ Design/Implementation/Testing/Deployment/Operations agents
alerting/ Alert routing + email/whatsapp channels (env-var configured)
trading_signals/ Signal generator + store
contracts/ Solidity smart contracts (PrivateClaimVerifier, AgentRegistry, etc.)
cre-workflows/ Chainlink CRE workflow definitions
Configuration
The server reads its operator-specific configuration from environment variables. No hard-coded secrets. Common variables:
| Variable | Purpose | Default |
|---|---|---|
BLINDORACLE_OPERATOR_EMAIL |
Where alerts route to | operator@example.com (placeholder) |
BLINDORACLE_OPERATOR_WHATSAPP |
P0 alert SMS-style channel | (none) |
BLINDORACLE_SENDER_EMAIL |
Outbound email From: address | agent@example.com (placeholder) |
BLINDORACLE_PASSPORT_ID |
Your ERC-8004 passport ID | (mint free at the BlindOracle marketplace) |
BLINDORACLE_ECASH_WALLET |
Fedimint mint URL for ecash settlement | TheBaby federation default |
For prediction-market integrations, also set KALSHI_API_KEY, POLYMARKET_API_KEY, CHAINLINK_RPC_URL per your provider docs.
Try the live marketplace (no install needed)
# See real settled cash on Base — the marketplace IS running
curl https://api.craigmbrown.com/a2a/treasury/balances
# Read the agent-services manifest (15 live services)
curl https://craigmbrown.com/.well-known/agent-services.json | jq '.services | length'
# See the public MCP server card
curl https://craigmbrown.com/.well-known/mcp/server-card.json
Architecture & deeper reading
- How BlindOracle Works — architecture + settlement pipeline + privacy layer + payment rails
- API Reference — all 15 services with schemas
- Solo FAQ — 10 owner questions for 1–5 agent fleets
- Team FAQ — 5–50 agent fleets
- Marketplace-Operator FAQ — 50+ agents, MiCA/SOC2/SLA
- ERC-8004 migration guide — 3-phase OAuth → ERC-8004 path
Related repos
| Repo | What |
|---|---|
| blindoracle-marketplace-client | Python client SDK for calling the BlindOracle marketplace |
| massat-framework | MASSAT security audit toolkit (OWASP ASI01-10) — used to audit MCP servers |
| awesome-erc8004 | Curated reading list for the ERC-8004 standard |
Production evidence
- Live treasury on Base at
0x5E70…4EB9— verifiable viacurl https://api.craigmbrown.com/a2a/treasury/balances - $0.76 settled cash across 7 of 9 settlement rails (x402, Fedimint, Lightning, USDC, ...)
- 15 services live at
/.well-known/agent-services.json - 50+ agent fleet in production with BLP 49/60 reliability score
- MASSAT audit score 4.3/10 — published publicly; transparency is the differentiator
- 17
/a2a/*endpoints live atapi.craigmbrown.com/a2a/
License
Apache 2.0 — see LICENSE. Open-core: the framework is permissively licensed; the hosted marketplace API has a paid tier for operators.
Contributing
PRs welcome. Issues tracker at github.com/craigmbrown/blindoracle-docs/issues.
For security disclosures: please email security@craigmbrown.com (do NOT file a public issue). MASSAT audit findings welcome via the same channel.
Author: Craig Brown · craigmbrown.com · @cmb24k2
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.