BlindOracle
FreeNot checkedUnchallengeable AI agent security audits. MASSAT framework covers all 10 OWASP Agentic Security categories (ASI01-ASI10); audit score 4.3/10 published publicly.
About
Unchallengeable AI agent security audits. MASSAT framework covers all 10 OWASP Agentic Security categories (ASI01-ASI10); audit score 4.3/10 published publicly. Plus the trust layer for the x402 agent economy: ERC-8004 passports, ProofDB delegation chains, on-chain anchoring, x402 + Fedimint payments. Apache-2.0.
README
Trust layer for the x402 agent economy. ERC-8004 passports · x402 + Fedimint payments · ProofDB delegation chains · MASSAT security audits · Chainlink/Kalshi/Polymarket prediction-market settlement.
License: Apache 2.0 Python 3.11+ MCP
A Model Context Protocol (MCP) server that exposes the BlindOracle marketplace as MCP tools — verifiable agent commerce with cryptographic identity, sub-cent inter-agent payments, append-only audit trails, and prediction-market settlement composed from Chainlink + Kalshi + Polymarket oracles.
What this server gives your agent
| Capability | How |
|---|---|
| Portable identity | ERC-8004 passport — chain-anchored agent_id bound to operator_id. Free to mint. Replaces OAuth for credential rotation. |
| Payment | x402 HTTP 402 challenge + Fedimint ecash settlement. Sub-cent per call. No merchant-of-record. |
| Audit | ProofDB — 15 cryptographic proof kinds incl. ProofOfDelegation (kind 30014). HMAC-SHA256, append-only, 18+ month queryable. MiCA/SOC2-ready. |
| Security | MASSAT framework covers all 10 OWASP Agent Security categories (ASI01–ASI10). Our own audit score (4.3/10) is published publicly. |
| Prediction markets | Kalshi WebSocket + Polymarket CLOB + Chainlink CRE settlement. Live treasury on Base. |
Quick start (5 minutes)
# Install
git clone https://github.com/craigmbrown/blindoracle-mcp.git
cd blindoracle-mcp
pip install -e .
# Run the MCP server
python main.py
Or add to your Claude Desktop / Cursor / continue.dev MCP config:
{
"mcpServers": {
"blindoracle": {
"command": "python",
"args": ["/path/to/blindoracle-mcp/main.py"]
}
}
}
What's in this repo
main.py MCP server entry point (FastMCP)
pyproject.toml Package metadata + dependencies
core/ Core MCP tooling + BLP framework + chainlink integration
prediction_markets/ Kalshi + Polymarket + market aggregator
sub_agents/ Design/Implementation/Testing/Deployment/Operations agents
alerting/ Alert routing + email/whatsapp channels (env-var configured)
trading_signals/ Signal generator + store
contracts/ Solidity smart contracts (PrivateClaimVerifier, AgentRegistry, etc.)
cre-workflows/ Chainlink CRE workflow definitions
Configuration
The server reads its operator-specific configuration from environment variables. No hard-coded secrets. Common variables:
| Variable | Purpose | Default |
|---|---|---|
BLINDORACLE_OPERATOR_EMAIL |
Where alerts route to | [email protected] (placeholder) |
BLINDORACLE_OPERATOR_WHATSAPP |
P0 alert SMS-style channel | (none) |
BLINDORACLE_SENDER_EMAIL |
Outbound email From: address | [email protected] (placeholder) |
BLINDORACLE_PASSPORT_ID |
Your ERC-8004 passport ID | (mint free at the BlindOracle marketplace) |
BLINDORACLE_ECASH_WALLET |
Fedimint mint URL for ecash settlement | TheBaby federation default |
For prediction-market integrations, also set KALSHI_API_KEY, POLYMARKET_API_KEY, CHAINLINK_RPC_URL per your provider docs.
Try the live marketplace (no install needed)
# See real settled cash on Base — the marketplace IS running
curl https://api.craigmbrown.com/a2a/treasury/balances
# Read the agent-services manifest (15 live services)
curl https://craigmbrown.com/.well-known/agent-services.json | jq '.services | length'
# See the public MCP server card
curl https://craigmbrown.com/.well-known/mcp/server-card.json
Architecture & deeper reading
- How BlindOracle Works — architecture + settlement pipeline + privacy layer + payment rails
- API Reference — all 15 services with schemas
- Solo FAQ — 10 owner questions for 1–5 agent fleets
- Team FAQ — 5–50 agent fleets
- Marketplace-Operator FAQ — 50+ agents, MiCA/SOC2/SLA
- ERC-8004 migration guide — 3-phase OAuth → ERC-8004 path
Related repos
| Repo | What |
|---|---|
| blindoracle-marketplace-client | Python client SDK for calling the BlindOracle marketplace |
| massat-framework | MASSAT security audit toolkit (OWASP ASI01-10) — used to audit MCP servers |
| awesome-erc8004 | Curated reading list for the ERC-8004 standard |
Production evidence
- Live treasury on Base at
0x5E70…4EB9— verifiable viacurl https://api.craigmbrown.com/a2a/treasury/balances - $0.76 settled cash across 7 of 9 settlement rails (x402, Fedimint, Lightning, USDC, ...)
- 15 services live at
/.well-known/agent-services.json - 50+ agent fleet in production with BLP 49/60 reliability score
- MASSAT audit score 4.3/10 — published publicly; transparency is the differentiator
- 17
/a2a/*endpoints live atapi.craigmbrown.com/a2a/
License
Apache 2.0 — see LICENSE. Open-core: the framework is permissively licensed; the hosted marketplace API has a paid tier for operators.
Contributing
PRs welcome. Issues tracker at github.com/craigmbrown/blindoracle-docs/issues.
For security disclosures: please email [email protected] (do NOT file a public issue). MASSAT audit findings welcome via the same channel.
Author: Craig Brown · craigmbrown.com · @cmb24k2
Install BlindOracle in Claude Desktop, Claude Code & Cursor
unyly install blindoracleInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add blindoracle -- uvx --from git+https://github.com/craigmbrown/blindoracle-mcp blindoracle-mcpFAQ
Is BlindOracle MCP free?
Yes, BlindOracle MCP is free — one-click install via Unyly at no cost.
Does BlindOracle need an API key?
No, BlindOracle runs without API keys or environment variables.
Is BlindOracle hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install BlindOracle in Claude Desktop, Claude Code or Cursor?
Open BlindOracle on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
by modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
by xuzexin-hzCompare BlindOracle with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All ai MCPs
