tatastu-proof
Enables creating and verifying permanent, publicly verifiable content provenance stamps via MCP tools.
README
Tatastu Proof
One API call stamps any content with a permanent, publicly verifiable provenance record. Works from any language, any agent, any pipeline.
import { stamp, hashText } from "@tatastu/proof"
const hash = await hashText("Hello, world!")
const receipt = await stamp({ contentHash: hash, title: "My post" })
console.log(receipt.verifyUrl)
// → https://tatastu.dev/p/prf_01jz...
Live service: proof.tatastu.dev — verification is always free.
What it does
A stamp takes the SHA-256 of any content (text, file, JSON, code, binary) and records:
- Who signed it (a creator identity you provide, or anonymous)
- When it was signed (millisecond-precision, bounded by the daily Merkle anchor)
- An Ed25519 signature from the Tatastu Proof service's key-transparency log
Within 24 hours, stamps are batched into an RFC 6962 Merkle tree. The root is anchored to Arweave (permanent storage) and Base (EVM on-chain calldata). After anchoring, you can verify the stamp with zero network calls using the offline verifier in this repo.
What a stamp does not prove: authorship truth. The service records "this signer
claimed this content at this time." The claimed time (signedAt) and proven time
(anchored) are distinct and both shown on every verify page.
Install
npm install @tatastu/proof
Or use without installing:
npx tsx examples/eu-ai-act-label.ts
Quickstart
Stamp text
import { stamp, hashText } from "@tatastu/proof"
const hash = await hashText("The report content goes here.")
const receipt = await stamp({ contentHash: hash, title: "Q3 Report" })
console.log(receipt.verifyUrl) // https://tatastu.dev/p/prf_...
console.log(receipt.byline) // "Verified · https://tatastu.dev/p/prf_..."
Stamp a file (Node.js)
import { stamp, hashNodeBuffer } from "@tatastu/proof"
import { readFile } from "node:fs/promises"
const bytes = await readFile("./report.pdf")
const receipt = await stamp({
contentHash: await hashNodeBuffer(bytes),
contentType: "application/pdf",
title: "Q3 Financial Report",
apiKey: process.env.TATASTU_API_KEY,
})
Verify any content
import { verify, hashText } from "@tatastu/proof"
const { proofs } = await verify(await hashText("The report content goes here."))
if (proofs.length > 0) {
console.log("Authentic:", proofs[0].verifyUrl)
console.log("Status:", proofs[0].status) // SIGNED | ANCHORED | CONFIRMED
}
Stamp a file in the browser (drag-and-drop)
import { stamp, hashBlob } from "@tatastu/proof"
const file = dropEvent.dataTransfer.files[0]
const receipt = await stamp({
contentHash: await hashBlob(file),
title: file.name,
})
See examples/browser-drop.html for a complete self-contained verify page with no build step.
MCP (agent use)
Add proof.tatastu.dev/mcp to your Claude Code, Cursor, or Windsurf config:
{
"mcpServers": {
"tatastu-proof": {
"url": "https://proof.tatastu.dev/mcp"
}
}
}
The agent can then call create_proof and verify_proof directly. See
examples/agent-mcp.md for the full config and tool reference.
EU AI Act compliance
EU AI Act Article 50(4) requires machine-readable provenance on AI-generated content. The deadline is 2 August 2026.
import { stamp, hashText } from "@tatastu/proof"
const aiOutput = "AI-generated text goes here."
const receipt = await stamp({ contentHash: await hashText(aiOutput) })
const labeledOutput = {
text: aiOutput,
_proof: {
contentHash: receipt.contentHash,
proofId: receipt.proofId,
verifyUrl: receipt.verifyUrl,
signedAt: receipt.signedAt,
bylineHtml: receipt.bylineHtml,
},
}
Run the full example with no setup:
npx tsx examples/eu-ai-act-label.ts
See docs/eu-ai-act.md for the compliance guide.
How verification works
Every stamp is:
- Signed immediately with an Ed25519 key from the service's transparency log
- Batched daily into an RFC 6962 Merkle tree (0x00/0x01 domain-separated prefixes)
- Anchored — the Merkle root written to Arweave (permanent) and Base (on-chain calldata)
- Confirmed once the Arweave transaction has sufficient confirmations
After anchoring you can verify with the public key and inclusion path — no network, no trust, no service required.
Four verified layers on every verify page
- Ed25519 signature — the service signed the canonical receipt
- RFC 6962 Merkle inclusion — the stamp is in the anchored batch
- Arweave anchor — the Merkle root is on Arweave
- Base calldata — the root is in an EVM transaction on Base
Offline verification
After a stamp reaches ANCHORED status, you can verify it with no network calls:
import { getBundle, hashNodeBuffer } from "@tatastu/proof"
import { verifyOffline } from "@tatastu/proof/verify/offline"
import { readFile } from "node:fs/promises"
const bytes = await readFile("./report.pdf")
const bundle = await getBundle("prf_01jz...")
const result = await verifyOffline(bundle, await hashNodeBuffer(bytes))
console.log(result.valid, result.signatureVerified, result.merkleVerified)
verify/offline.ts is a single 200-line file with zero dependencies. Copy it into
any project. It uses only the Web Crypto API (SubtleCrypto), available in Node 18+,
Deno, and modern browsers.
Pricing
| Tier | Price | Stamps |
|---|---|---|
| Free | $0 | 25/month |
| Starter bundle | $8 | 100 (no expiry) |
| Creator bundle | $35 | 500 (no expiry) |
| Creator subscription | $12/month | 500/month |
| Pay-per-stamp (x402) | $0.10 or $0.05 with API key | — |
Verification is always free and requires no account.
Full pricing: docs/pricing.md and tatastu.dev/proof.
Contributing
See CONTRIBUTING.md. The service, Worker, and D1 schema are in a private repo — this repo contains only the public SDK, offline verifier, and examples.
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。