Countersign
FreeNot checkedKill switch + spend guard for AI agents that spend money: one policy, one sub-second freeze, and one signed audit ledger across every wallet vendor at once (Coi
About
Kill switch + spend guard for AI agents that spend money: one policy, one sub-second freeze, and one signed audit ledger across every wallet vendor at once (Coinbase, Turnkey, Openfort + cards). Tools include a pre-flight request_spend guard, freeze, apply_policy, ledger, and x402/AP2 payment-mandate guards — free self-serve key, no account.
README
A neutral, cross-vendor control plane for AI agents that spend money. Countersign holds the policy, the freeze, and the audit ledger across multiple agent-wallet backends at once — the one thing no single wallet vendor can do, because each only governs its own rail. That aggregation is the moat.
Countersign — one policy, one sub-second freeze, one signed ledger, across every wallet vendor
Live version of this loop: countersign.network/demo.html · 60s video
One falsifiable test defines it: can Countersign freeze agents across many backends at once, in under a second, with a unified tamper-evident ledger of every attempt? Proven LIVE across four rails (Coinbase, Turnkey, Openfort, and a Lithic Visa card) in ~432ms on testnet.
This repository is the open-core front door — the Apache-2.0 packages you build against: the integration contract, the typed client, the MCP tools, and the x402 guard. The control-plane "brain" (the policy compiler, the hash-chained ledger, the vendor adapters, and the hosted Core) is separate and proprietary; you reach it over the network via the SDK/MCP, hosted at app.countersign.network.
Quickstart
Drop the kill switch + spend guard into any MCP client (Claude, Cursor, …) — one line:
// claude / cursor mcp config
{ "mcpServers": { "countersign": {
"command": "npx", "args": ["-y", "@countersign/mcp"],
"env": { "COUNTERSIGN_URL": "https://app.countersign.network", "COUNTERSIGN_API_KEY": "csk_…" }
}}}
Or wire it into your own agent with the SDK:
import { CountersignClient } from "@countersign/sdk";
const cs = new CountersignClient({ baseUrl, apiKey });
await cs.evaluate({ agentId, amount, asset, venue }); // may this spend happen? (allow / deny / needs_approval)
await cs.freeze(); // the kill switch — every backend, < 1s
Get a free testnet key at https://app.countersign.network/start?ref=gh-readme.
Agents paying agents? See examples/guarded-payee — the A2A/AP2 pattern where a payee advertises it is governed and the payer verifies that (and guards its own payment) before any mandate is signed.
Packages (this repo — all Apache-2.0)
| Package | Role |
|---|---|
| @countersign/core | the EnforcementProvider interface, branded ids, the unified policy schema, the fail-closed freeze controller — the integration contract every backend implements |
| @countersign/api-contract | OpenAPI + typed REST/ws schema — the single source of truth for the Client↔Core wire interface |
| @countersign/sdk | typed client over the Core API + live ledger subscribe |
| @countersign/mcp | Countersign as MCP tools — kill switch + spend guard inside any MCP client |
| @countersign/x402 | govern x402 (HTTP-402 machine payments) — guard a payment before it pays |
| @countersign/verify | verify a ledger entry offline — hash chain, RFC 6962 Merkle inclusion, Ed25519 signatures |
| @countersign/ap2 | govern AP2 (Agent Payments Protocol) — guard an agent-payment mandate before it executes |
The proprietary brain (policy compiler to each backend's native controls, ledger, Coinbase / Turnkey / Openfort / Lithic adapters, the hosted Core) lives in a separate private repository.
Prime directives (invariants)
- Don't build cryptography — integrate vendor MPC/TEE; session keys, never master keys.
- Build the layer above the wallets; cross-vendor aggregation is the product.
- Fail-closed: no decision / no backend response ⇒ the transaction does not execute.
- Backend-agnostic core; no vendor logic leaks past the
EnforcementProviderinterface. - Append-only, hash-chained ledger is the source of truth.
- Testnet only — mainnet follows a third-party security audit.
Links
- Home: https://countersign.network · Hosted Core: https://app.countersign.network
- npm: @countersign/sdk · @countersign/mcp · @countersign/x402 · @countersign/ap2
- Architecture: docs/architecture.md · Security: SECURITY.md
Apache-2.0. Countersign holds policy, freeze, and a tamper-evident ledger — it never takes custody of funds.
Installing Countersign
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/countersign-network/packagesFAQ
Is Countersign MCP free?
Yes, Countersign MCP is free — one-click install via Unyly at no cost.
Does Countersign need an API key?
No, Countersign runs without API keys or environment variables.
Is Countersign hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Countersign in Claude Desktop, Claude Code or Cursor?
Open Countersign on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Stripe
Payments, customers, subscriptions
by Stripemalamutemayhem/unclick-agent-native-endpoints
110+ tools for AI agents spanning social media, finance, gaming, music, AU-specific services, and utilities. Zero-config local tools plus platform connectors. n
by malamutemayhemwhiteknightonhorse/APIbase
Unified API hub for AI agents with 56+ tools across travel (Amadeus, Sabre), prediction markets (Polymarket), crypto, and weather. Pay-per-call via x402 micropa
by whiteknightonhorsetrackerfitness729-jpg/sitelauncher-mcp-server
Deploy live HTTPS websites in seconds. Instant subdomains ($1 USDC) or custom .xyz domains ($10 USDC) on Base chain. Templates for crypto tokens and AI agent pr
Compare Countersign with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All finance MCPs
