Summary
Cryptographic audit trail for AI agent actions, issued before execution rather than after. Exposes eight MCP tools (prefixed `pl_*`) that let Claude request governance verdicts (EXECUTE, BLOCK, REVIEW, SHADOW) from a remote evaluation service, then write Ed25519-signed, hash-chained receipts to a local audit log. Ships with an offline verifier that checks signatures and chain integrity using only a public key, no API calls required. Reach for this when you need tamper-evident proof that an agent requested permission before acting, especially in regulated environments or multi-agent systems where you can't trust post-hoc logs. The MCP server and verifier are MIT-licensed, the backend governance engine is closed-source SaaS.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Proof Layer
Cryptographic governance receipts for AI agents. Issued before the agent acts. Ed25519-signed. Hash-chained. Verifiable offline.
Built by WORLD999_LABS. Published on npm under
@proof-layer/*. The legacy@veridocs/*package names continue to resolve and forward to the new ones.
What this repo contains
This is the public half of Proof Layer — the parts you install and run on your own machine:
| Package | What it does | npm |
|---|---|---|
@proof-layer/mcp | MCP server for Claude Desktop, Cursor, Cline, and any MCP-aware host |  |
@proof-layer/verify | Standalone offline verifier — zero dependencies, audits any receipt bundle with just our public key |  |
The kernel (governance engine, Gauntlet adversary/judge pipeline, billing, dashboard) is closed-source and runs at prooflayer.world999labs.com. Open-source clients + closed-source server is the same pattern Stripe, Resend, and Vercel use — you get full transparency on what runs locally and what data leaves your machine, while the proprietary server logic stays protected.
Quick start
npx -y @proof-layer/mcp@latest
Drop into Claude Desktop's claude_desktop_config.json:
{
"mcpServers": {
"proof-layer": {
"command": "npx",
"args": ["-y", "@proof-layer/mcp@latest"],
"env": {
"PROOF_LAYER_API_KEY": "pl_live_...",
"PROOF_LAYER_API_URL": "https://prooflayer.world999labs.com"
}
}
}
}
Restart Claude. Eight pl_* tools appear in the picker. Get an API key at prooflayer.world999labs.com.
Migrating from
@veridocs/mcp? No code changes required. The legacy package name continues to resolve, the legacyvd_*tool names continue to work alongsidepl_*, and existingVERIDOCS_API_KEY/VERIDOCS_API_URLenvironment variables are still accepted. You can switch the package name and env-var names on your own schedule.
Why pre-execution governance?
Most "AI safety" tools run after the model has acted — toxicity filters, output classifiers, post-hoc audit logs. By the time the alarm fires, the agent has already sent the email, merged the PR, or executed the trade.
Proof Layer flips this:
- Agent proposes an action (e.g. "send wire transfer for $50,000")
- Proof Layer evaluates → returns signed verdict:
EXECUTE/BLOCK/REVIEW/SHADOW - Receipt is written to a hash-chained, Ed25519-signed audit trail
- Anyone with our public key can verify the entire chain offline — no trust in our infra required
A broken hash chain = tampering, immediately visible. A missing receipt = the agent acted without permission.
Verifying receipts offline
Receipts are designed to outlive us. Here's how to verify a bundle without ever calling our API:
import { verifyBundle } from "@proof-layer/verify";
import fs from "fs";
const bundle = fs.readFileSync("./receipts.ndjson", "utf8");
const publicKey = fs.readFileSync("./prooflayer-public-key.pem", "utf8");
const result = verifyBundle(bundle, publicKey);
console.log(result);
// { pass: 147, fail: 0, total: 147, chainBroken: false }
Public key is published at prooflayer.world999labs.com/v1/public-key and rotates on a published schedule.
Resources
- 🌐 Homepage: https://prooflayer.world999labs.com
- 🎬 Live demo (no signup): https://prooflayer.world999labs.com/demo
- 📖 MCP docs: packages/mcp/README.md
- 🔒 Privacy policy: PRIVACY.md
- 🐛 Report issues: GitHub Issues
- 💬 Support: support@world999labs.com
License
MIT — see LICENSE.
The kernel and dashboard are proprietary and not included in this repo. The MCP server, verifier, and all client SDKs published under @proof-layer/* (and the legacy @veridocs/* names) are MIT-licensed.
Contributing
Pull requests, issues, and feedback welcome. See CONTRIBUTING.md.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
PROOF_LAYER_API_KEY*secretYour Proof Layer API key from https://prooflayer.world999labs.com/dashboard/keys
PROOF_LAYER_API_URLOverride the default API endpoint (default: https://prooflayer.world999labs.com)
PROOF_LAYER_TELEMETRYSet to 'off' to disable anonymous usage telemetry (default: on)
Categories
Registryactive
Package@proof-layer/mcp
TransportSTDIO
AuthRequired
UpdatedMay 3, 2026
