Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Countersign

FreeNot checked

Kill switch + spend guard for AI agents that spend money: one policy, one sub-second freeze, and one signed audit ledger across every wallet vendor at once (Coi

GitHubEmbed

About

Kill switch + spend guard for AI agents that spend money: one policy, one sub-second freeze, and one signed audit ledger across every wallet vendor at once (Coinbase, Turnkey, Openfort + cards). Tools include a pre-flight request_spend guard, freeze, apply_policy, ledger, and x402/AP2 payment-mandate guards — free self-serve key, no account.

README

A neutral, cross-vendor control plane for AI agents that spend money. Countersign holds the policy, the freeze, and the audit ledger across multiple agent-wallet backends at once — the one thing no single wallet vendor can do, because each only governs its own rail. That aggregation is the moat.

Countersign — one policy, one sub-second freeze, one signed ledger, across every wallet vendor

Live version of this loop: countersign.network/demo.html · 60s video

One falsifiable test defines it: can Countersign freeze agents across many backends at once, in under a second, with a unified tamper-evident ledger of every attempt? Proven LIVE across four rails (Coinbase, Turnkey, Openfort, and a Lithic Visa card) in ~432ms on testnet.

This repository is the open-core front door — the Apache-2.0 packages you build against: the integration contract, the typed client, the MCP tools, and the x402 guard. The control-plane "brain" (the policy compiler, the hash-chained ledger, the vendor adapters, and the hosted Core) is separate and proprietary; you reach it over the network via the SDK/MCP, hosted at app.countersign.network.

Quickstart

Drop the kill switch + spend guard into any MCP client (Claude, Cursor, …) — one line:

// claude / cursor mcp config
{ "mcpServers": { "countersign": {
  "command": "npx", "args": ["-y", "@countersign/mcp"],
  "env": { "COUNTERSIGN_URL": "https://app.countersign.network", "COUNTERSIGN_API_KEY": "csk_…" }
}}}

Or wire it into your own agent with the SDK:

import { CountersignClient } from "@countersign/sdk";
const cs = new CountersignClient({ baseUrl, apiKey });

await cs.evaluate({ agentId, amount, asset, venue }); // may this spend happen? (allow / deny / needs_approval)
await cs.freeze();                                     // the kill switch — every backend, < 1s

Get a free testnet key at https://app.countersign.network/start?ref=gh-readme.

Agents paying agents? See examples/guarded-payee — the A2A/AP2 pattern where a payee advertises it is governed and the payer verifies that (and guards its own payment) before any mandate is signed.

Packages (this repo — all Apache-2.0)

Package Role
@countersign/core the EnforcementProvider interface, branded ids, the unified policy schema, the fail-closed freeze controller — the integration contract every backend implements
@countersign/api-contract OpenAPI + typed REST/ws schema — the single source of truth for the Client↔Core wire interface
@countersign/sdk typed client over the Core API + live ledger subscribe
@countersign/mcp Countersign as MCP tools — kill switch + spend guard inside any MCP client
@countersign/x402 govern x402 (HTTP-402 machine payments) — guard a payment before it pays
@countersign/verify verify a ledger entry offline — hash chain, RFC 6962 Merkle inclusion, Ed25519 signatures
@countersign/ap2 govern AP2 (Agent Payments Protocol) — guard an agent-payment mandate before it executes

The proprietary brain (policy compiler to each backend's native controls, ledger, Coinbase / Turnkey / Openfort / Lithic adapters, the hosted Core) lives in a separate private repository.

Prime directives (invariants)

  1. Don't build cryptography — integrate vendor MPC/TEE; session keys, never master keys.
  2. Build the layer above the wallets; cross-vendor aggregation is the product.
  3. Fail-closed: no decision / no backend response ⇒ the transaction does not execute.
  4. Backend-agnostic core; no vendor logic leaks past the EnforcementProvider interface.
  5. Append-only, hash-chained ledger is the source of truth.
  6. Testnet only — mainnet follows a third-party security audit.

Links

Apache-2.0. Countersign holds policy, freeze, and a tamper-evident ledger — it never takes custody of funds.

from github.com/countersign-network/packages

Installing Countersign

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/countersign-network/packages

FAQ

Is Countersign MCP free?

Yes, Countersign MCP is free — one-click install via Unyly at no cost.

Does Countersign need an API key?

No, Countersign runs without API keys or environment variables.

Is Countersign hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install Countersign in Claude Desktop, Claude Code or Cursor?

Open Countersign on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Countersign with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All finance MCPs