MCP Server
Tenzro Network runs a Model Context Protocol server at mcp.tenzro.network that exposes 146 tools across 26 categories covering wallets, identity, payments, AI models, agents, task marketplace, governance, cross-chain bridges, staking, tokens, contracts, NFTs, compliance, crypto primitives, TEE attestation, ZK proofs, and more. Any MCP-compatible client — Claude Desktop, Claude Code, Cursor, Windsurf, or a custom LLM — can connect and interact with the Tenzro Ledger through natural language.
What is MCP?
The Model Context Protocol (MCP) is an open standard for connecting LLMs to external tools and data sources. Tenzro's MCP server exposes every major subsystem — wallet creation, identity registration, payment challenges, inference routing, bridge transfers — as structured tool calls that any MCP-compatible assistant can invoke directly.
- Transport: Streamable HTTP (MCP 2025-03-26) at
/mcp - Implementation:
rmcpcrate, session-based with automatic reconnect - Authentication: JWT bearer tokens for authenticated operations, anonymous read access for public data
- Endpoint:
https://mcp.tenzro.network/mcp(live testnet)
Connect Claude Desktop
Add the Tenzro MCP server to your Claude Desktop config file at ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"tenzro": {
"type": "http",
"command": "npx", "args": ["-y", "mcp-remote", "https://mcp.tenzro.network/mcp"]
}
}
}Restart Claude Desktop. You should see tenzro listed under connected MCP servers, with all 146 tools available to Claude.
Connect Claude Code
# Add Tenzro MCP server via claude mcp add
claude mcp add tenzro https://mcp.tenzro.network/mcp
# Or locally during development
claude mcp add tenzro http://localhost:3001/mcpTools Overview
The 146 tools are organized into 26 categories. Each tool returns structured JSON that the LLM can parse and reason over. Below are the core categories with examples. For the full listing, connect to the MCP server and invoke tools/list.
Wallet & Ledger (4 tools)
get_balance— Get TNZO token balance by hex addresscreate_wallet— Create a new Ed25519 or Secp256k1 keypairsend_transaction— Send a TNZO transfer transactionrequest_faucet— Request 100 testnet TNZO (24h cooldown per address)
// Call the get_balance tool
{
"name": "get_balance",
"arguments": {
"address": "0xdfa52b634363dc604065ef5dbce468125ff6e704039f7896079811f93fc78910"
}
}
// Response
{
"address": "0xdfa52b634363dc604065ef5dbce468125ff6e704039f7896079811f93fc78910",
"balance": "100000000000000000000",
"balance_tnzo": "100.0",
"asset": "TNZO"
}Network & Blocks (3 tools)
get_node_status— Node health, block height, peer count, uptime, roleget_block— Retrieve a block by height with transactions and metadataget_transaction— Look up a transaction by hash (type, sender, recipient, amount, status)
Identity & Delegation (3 tools)
register_identity— Register a human or machine DID via TDIP with auto-provisioned MPC walletresolve_did— Resolve a DID to its identity record and delegation scopeset_delegation_scope— Set spending limits, allowed operations, protocols, and chains for a machine DID
// Register a human identity
{
"name": "register_identity",
"arguments": {
"identity_type": "human",
"public_key": "0xed25519-public-key-hex",
"display_name": "Alice",
"kyc_tier": "Enhanced"
}
}
// Register a machine identity with controller DID
{
"name": "register_identity",
"arguments": {
"identity_type": "machine",
"public_key": "0xed25519-public-key-hex",
"controller_did": "did:tenzro:human:alice-uuid",
"capabilities": ["inference", "trading"]
}
}
// Set delegation scope for a machine
{
"name": "set_delegation_scope",
"arguments": {
"did": "did:tenzro:machine:alice:bot-uuid",
"max_transaction_value": "100000000000000000000",
"max_daily_spend": "500000000000000000000",
"allowed_operations": ["inference", "payment"],
"allowed_payment_protocols": ["mpp", "x402"],
"allowed_chains": ["tenzro", "ethereum"]
}
}Payments (3 tools)
create_payment_challenge— Create an MPP (session-based), x402 (stateless), or native payment challengeverify_payment— Verify a payment credential against a challenge and settle on-chainlist_payment_protocols— List all supported payment protocols (MPP, x402, native, Visa TAP, Mastercard Agent Pay)
// Create an MPP session-based challenge
{
"name": "create_payment_challenge",
"arguments": {
"protocol": "mpp",
"resource": "/api/inference/gemma3-270m",
"amount": "1000",
"asset": "USDC",
"recipient": "0xrecipient..."
}
}
// Or a stateless x402 challenge
{
"name": "create_payment_challenge",
"arguments": {
"protocol": "x402",
"resource": "/api/download/model.safetensors",
"amount": "5000",
"asset": "USDC",
"chain": "tenzro"
}
}AI Models & Inference (3 tools)
list_models— List available AI models, filtered by category, modality, or namechat_completion— Send a chat completion request to any served model (OpenAI-compatible format)list_model_endpoints— List all model service endpoints with API/MCP URLs and current status
Cross-Chain Bridge (3 tools)
bridge_tokens— Bridge tokens between Tenzro, Ethereum, Solana, Base via LayerZero, CCIP, or deBridgeget_bridge_routes— Get available routes between two chains with real-time fees and timinglist_bridge_adapters— List registered bridge adapters and their supported chain pairs
// Bridge TNZO from Tenzro to Ethereum
{
"name": "bridge_tokens",
"arguments": {
"from_chain": "tenzro",
"to_chain": "ethereum",
"token": "TNZO",
"amount": "1000000000000000000000",
"recipient": "0xevm-recipient...",
"adapter": "layerzero"
}
}
// Get all routes between two chains
{
"name": "get_bridge_routes",
"arguments": {
"from_chain": "tenzro",
"to_chain": "solana"
}
}Verification (1 tool)
verify_zk_proof— Verify a Groth16, PlonK, or STARK proof with its public inputs and verifying key
// Verify a Groth16 ZK proof
{
"name": "verify_zk_proof",
"arguments": {
"proof_type": "Groth16",
"proof": "0xproof-bytes-hex",
"public_inputs": ["0xinput1...", "0xinput2..."],
"verifying_key_id": "inference-verification-circuit"
}
}Staking & Providers (4 tools)
stake_tokens— Stake TNZO tokens asValidator,ModelProvider, orTeeProviderunstake_tokens— Unstake TNZO tokens (initiates the 7-day unbonding period)register_provider— Register as a provider with optional initial stakingget_provider_stats— Get provider statistics: models served, inferences completed, total stake
// Stake as a validator
{
"name": "stake_tokens",
"arguments": {
"address": "0xvalidator...",
"amount": "100000000000000000000000",
"role": "Validator"
}
}
// Register as a model provider with initial stake
{
"name": "register_provider",
"arguments": {
"address": "0xprovider...",
"role": "ModelProvider",
"stake_amount": "10000000000000000000000"
}
}Tokens & Contracts (7 tools)
create_token— Create ERC-20 token via factory, register in unified registryget_token_info— Lookup token by symbol, EVM address, or token IDlist_tokens— List registered tokens with optional VM type filterdeploy_contract— Deploy bytecode to EVM/SVM/DAML via MultiVmRuntimecross_vm_transfer— Atomic cross-VM token transfer (TNZO pointer model)wrap_tnzo— Wrap native TNZO to VM representation (no-op in pointer model)get_token_balance— Get TNZO balance across all VMs with decimal conversion
// Create an ERC-20 token via the factory
{
"name": "create_token",
"arguments": {
"name": "My Token",
"symbol": "MTK",
"decimals": 18,
"initial_supply": "1000000000000000000000000",
"creator": "0xcreator-address..."
}
}
// Response
{
"token_id": "tok_abc123...",
"symbol": "MTK",
"evm_address": "0xtoken-contract-address...",
"vm_type": "EVM",
"initial_supply": "1000000000000000000000000"
}// Atomic cross-VM token transfer (TNZO pointer model)
{
"name": "cross_vm_transfer",
"arguments": {
"from_vm": "EVM",
"to_vm": "SVM",
"token": "TNZO",
"amount": "5000000000000000000",
"sender": "0xevm-sender...",
"recipient": "solana-recipient-pubkey..."
}
}
// Response
{
"transfer_id": "xvm_abc123...",
"from_vm": "EVM",
"to_vm": "SVM",
"amount": "5000000000000000000",
"status": "completed"
}Task Marketplace (7 tools)
post_task— Post a new AI task to the decentralized marketplacelist_tasks— Browse and filter open tasksquote_task— Submit a price quote as a providerget_task— Get details of a specific task by IDcancel_task— Cancel a pending taskassign_task— Assign a task to an agentcomplete_task— Mark a task as completed with a result
Agent Template Marketplace (7 tools)
register_agent_template— Publish a reusable agent templatelist_agent_templates— Browse and filter published templatesget_agent_template— Get full details of an agent templatedownload_agent_template— Instantiate a template with custom configupdate_agent_template— Update metadata on an existing templatesearch_agent_templates— Search templates by name, category, or capabilityget_agent_template_stats— Get usage statistics for a template
Agent Spawning & Swarms (5 tools)
spawn_agent— Spawn a child agent under a parent (max 50 per parent)run_agent_task— Run an agentic task loop (LLM + tools, up to 10 steps)create_swarm— Create a swarm of coordinated agentsget_swarm_status— Get swarm status and all member detailsterminate_swarm— Terminate a swarm and all its member agents
Agent Advanced (5 tools)
register_agent— Register a new agent identitysend_agent_message— Send a message from one agent to anotherdelegate_task— Delegate a task to another agent with optional budgetdiscover_models— Discover models with category/price filtersdiscover_agents— Discover agents by capability or type
Model Lifecycle (5 tools)
download_model— Download a model from HuggingFace Hubserve_model_mcp— Start serving a downloaded modelstop_model— Stop serving a modeldelete_model_mcp— Delete a downloaded model from diskget_download_progress— Check download progress
Governance (5 tools)
list_proposals— List governance proposalsvote_on_proposal— Vote yes/no/abstain on a proposalcreate_proposal— Create a new governance proposalget_voting_power— Get voting power for an addressdelegate_voting_power— Delegate voting power to another address
Provider Config (4 tools)
set_provider_schedule— Set provider availability scheduleget_provider_schedule— Get current scheduleset_provider_pricing— Set per-token pricingget_provider_pricing— Get current pricing config
Settlement (5 tools)
settle_payment— Immediately settle a paymentcreate_escrow— Create an escrow contractrelease_escrow— Release escrow with authorizing signatureopen_payment_channel— Open a micropayment channelclose_payment_channel— Close channel with final balance
Canton / DAML (3 tools)
list_canton_domains— List connected Canton synchronizer domainslist_daml_contracts— List active DAML contractssubmit_daml_command— Submit DAML create/exercise commands
NFTs (6 tools)
create_nft_collection— Create an NFT collectionmint_nft— Mint a new NFT tokentransfer_nft— Transfer an NFT to another addressget_nft_info— Get NFT metadata and ownershiplist_nft_collections— List all NFT collectionsregister_nft_pointer— Register cross-VM NFT pointer
Compliance / ERC-3643 (3 tools)
check_compliance— Check if a transfer is compliantregister_compliance— Register compliance rules for a tokenfreeze_address— Freeze/unfreeze an address
Cross-Chain Advanced (5 tools)
bridge_quote— Get a cross-chain bridge quote with hook supportbridge_with_hook— Execute a cross-chain transfer with post-bridge hookscrosschain_mint— ERC-7802 cross-chain mintcrosschain_burn— ERC-7802 cross-chain burnauthorize_crosschain_bridge— Authorize a bridge for cross-chain operations
Events (3 tools)
get_events— Query events by type, address, or block rangesubscribe_events— Subscribe to real-time event notificationsregister_webhook— Register a webhook for event delivery
Crypto Primitives (9 tools)
sign_message— Sign a message with Ed25519 or Secp256k1verify_signature— Verify a cryptographic signatureencrypt_data— Encrypt data with AES-256-GCMdecrypt_data— Decrypt AES-256-GCM ciphertextderive_key— Derive a key via HKDF-SHA256generate_keypair— Generate a new keypairhash_sha256— Compute SHA-256 hashhash_keccak256— Compute Keccak-256 hashx25519_key_exchange— Perform X25519 Diffie-Hellman key exchange
TEE (6 tools)
detect_tee— Detect available TEE hardwareget_tee_attestation— Generate a TEE attestation reportverify_tee_attestation— Verify a TEE attestationseal_data— Seal data inside TEE enclaveunseal_data— Unseal data from TEE enclavelist_tee_providers— List registered TEE providers
ZK Proofs (3 tools)
create_zk_proof— Generate a ZK proof for a circuitgenerate_proving_key— Generate a proving key for a circuitlist_zk_circuits— List available ZK circuits
Wallet Advanced (8 tools)
create_mpc_wallet— Create a 2-of-3 MPC threshold walletexport_keystore— Export encrypted keystoreimport_keystore— Import from encrypted keystoreget_key_shares— Get key share info for an MPC walletrotate_keys— Rotate MPC key sharesset_spending_limits— Set daily/per-tx spending limitsget_spending_limits— Get current spending limitsauthorize_session/revoke_session— Manage session keys
Apps & Sponsorship (5 tools)
register_app— Register an application with master walletcreate_user_wallet— Create a sub-wallet for an app userfund_user_wallet— Fund a user wallet from master walletlist_user_wallets— List all user wallets for an appsponsor_transaction— Sponsor a transaction for a user
deBridge DLN (5 tools)
debridge_search_tokens— Search tokens on deBridgedebridge_get_chains— List deBridge supported chainsdebridge_get_instructions— Get operational instructionsdebridge_create_tx— Create a cross-chain transactiondebridge_same_chain_swap— Execute a same-chain swap
Usernames & Utility (4 tools)
set_username— Set a human-readable username for an addressresolve_username— Resolve a username to an addressencode_function— ABI-encode a function calldecode_result— ABI-decode a contract call result
Authentication
Tenzro's MCP server uses a tiered access model. The auth mode is controlled by the TENZRO_MCP_AUTH environment variable on the node. The public testnet runs in tiered mode by default.
Tiered Access Modes
TENZRO_MCP_AUTH=tiered(default) — Read-only, informational, and query tools are fully public. Write tools that mutate state or move value require an onboarding key or OAuth 2.1 JWT.TENZRO_MCP_AUTH=false— All 146 tools are public with no authentication required. Intended for local development, private testnet nodes, or CI environments.TENZRO_MCP_AUTH=full— All tools require authentication, including read-only queries. Useful for private deployments where you want full access control.
# Default — read-only tools are public, write tools require auth
TENZRO_MCP_AUTH=tiered
# Open access — all tools public (testnet / local development)
TENZRO_MCP_AUTH=false
# Locked down — all tools require auth
TENZRO_MCP_AUTH=fullPublic Tools (no auth required in tiered mode)
The following tools are freely accessible without any credentials on the public testnet:
- Network:
get_node_status,get_block,get_transaction - Queries:
get_balance,list_models,list_tokens,resolve_did - Bridge:
get_bridge_routes,list_bridge_adapters - deBridge:
debridge_search_tokens,debridge_get_chains,debridge_get_instructions
Onboarding Keys (primary auth method)
Onboarding keys are the primary authentication method for both humans and agents. They are decentralized — no central authority issues or validates them. Any node can issue a key and any node can validate it, because they are tied to a TDIP DID and wallet address stored in RocksDB.
- Issued automatically when you join the network via
tenzro-cli joinor thetenzro_participateRPC call - Format:
tenzro_prefix followed by 64 lowercase hex characters — e.g.,tenzro_a1b2c3d4e5f6... - Bound to identity: each key is tied to a specific TDIP DID and wallet address
- Usage: pass as a standard HTTP Bearer token —
Authorization: Bearer tenzro_a1b2c3... - Persistent: stored in the node's RocksDB, survive restarts, can be listed and revoked at any time
- Delegation-scoped: every authenticated tool call is checked against the DID's delegation scope (allowed operations, spend limits, chains)
# Step 1 — join the network; an onboarding key is issued automatically
tenzro-cli join --name "Alice" --rpc https://rpc.tenzro.network
# Output:
# DID: did:tenzro:human:a1b2c3d4-...
# Wallet: 0xdfa52b634363dc604065ef5dbce468125ff6e704...
# Key: tenzro_a1b2c3d4e5f6... ← save this
# Step 2 — use the key to call any write tool
curl -X POST https://mcp.tenzro.network/mcp \
-H "Authorization: Bearer tenzro_a1b2c3d4e5f6..." \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "send_transaction",
"arguments": {
"from": "0xdfa52b...",
"to": "0xrecipient...",
"amount": "1000000000000000000"
}
},
"id": 1
}'Keys can also be issued programmatically and managed via JSON-RPC:
// Issue a new onboarding key programmatically
{
"method": "tenzro_issueOnboardingKey",
"params": { "did": "did:tenzro:human:alice-uuid" }
}
// → { "key": "tenzro_a1b2c3..." }
// List all keys for a DID
{
"method": "tenzro_listOnboardingKeys",
"params": { "did": "did:tenzro:human:alice-uuid" }
}
// Revoke a key
{
"method": "tenzro_revokeOnboardingKey",
"params": { "key": "tenzro_a1b2c3..." }
}
// Validate a key (returns the bound DID + wallet)
{
"method": "tenzro_validateOnboardingKey",
"params": { "key": "tenzro_a1b2c3..." }
}
// → { "valid": true, "did": "did:tenzro:human:alice-uuid", "address": "0xdfa52b..." }OAuth 2.1 (browser-based flows)
For interactive browser-based applications, the node also implements a full RFC-compliant OAuth 2.1 authorization server. This is the appropriate auth path when building web apps where users approve access interactively rather than passing a pre-issued key.
GET /.well-known/oauth-authorization-server— metadata discovery endpointPOST /register— dynamic client registration (RFC 7591)GET /authorize— browser approval page, redirects with authorization codePOST /token— exchange authorization code for a signed JWT
The JWT access token encodes the user's DID in the sub claim and wallet address in the address claim. All tool calls made with this token are delegation-scope-checked against the registered identity, identical to the onboarding key path.
# 1. Discover the authorization server
GET /.well-known/oauth-authorization-server
# → { "authorization_endpoint": "/authorize", "token_endpoint": "/token", ... }
# 2. Register a client (RFC 7591 dynamic registration)
POST /register
Content-Type: application/json
{ "client_name": "My App", "redirect_uris": ["https://myapp.com/callback"] }
# → { "client_id": "cli_abc123", "client_secret": "..." }
# 3. Redirect the user to the approval page
GET /authorize?response_type=code
&client_id=cli_abc123
&redirect_uri=https://myapp.com/callback
&scope=mcp:write
&state=random_state
# 4. Exchange the code for a JWT
POST /token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=AUTH_CODE&...
# JWT payload contains:
# { "sub": "did:tenzro:human:alice-uuid", "address": "0xdfa52b...", ... }Running Your Own MCP Server
When you run a Tenzro node, the MCP server starts automatically on 0.0.0.0:3001. Override the bind address with the --mcp-addr CLI flag or by setting mcp_addr in config.toml:
# Run a node with MCP on a custom port
cargo run --bin tenzro-node -- \
--role validator \
--listen-addr /ip4/0.0.0.0/tcp/9000 \
--mcp-addr 0.0.0.0:4001
# Or via config.toml
[server]
mcp_addr = "0.0.0.0:4001"Related Resources
- A2A Protocol Server — agent-to-agent communication on port 3002
- JSON-RPC API Reference — the underlying RPC methods each MCP tool wraps
- Tutorial: Use Tenzro with Claude via MCP — hands-on walkthrough
- TDIP Identity Protocol — how DIDs are registered and resolved
- MPP Payment Protocol — details on the session-based payment flow invoked by
create_payment_challenge