/ 01
Built for agents
Local stdio MCP server for Claude Desktop, Cursor, Cline, OpenCode, and other compatible clients.
Agents
MCP server for agentsanonymous commits, locally.
@gitghost/mcp gives AI agents a local stdio server for signing and verifying anonymous git commits. It plugs into MCP clients like Claude Desktop, Cursor, Cline, and OpenCode without exposing the user's identity file.
/ 02
Identity stays local
The server never exposes `.gitghost/identity.json`; signing happens on the user's machine inside the target repo.
/ 03
Anonymous by design
A ring of two or more members gives agents a cryptographic anonymity set while keeping verification deterministic.
Why it exists
one local surface.
The /agent page explains the surface at a glance: what the MCP server does, how to wire it up, which tools exist, and what the trust boundaries are.
/ 01step
Connect locally
Point an MCP client at the repo you want the agent to operate on and start the server with a local cwd.
/ 02step
Initialize the ring
Create the local identity, add trusted members, and keep the ring root deterministic.
/ 03step
Sign or verify
Use the same command surface to produce anonymous commits or check existing trailers.
Quickstart
configure the agent.
Pick an MCP client, point it at the repo you want the agent to operate on, and start the server with `npx @gitghost/mcp`. The interactive panel on the right gives you the exact config, install modes, and tool list.
Connection modes
Claude Desktop
Run the MCP server from the repo you want it to operate on. The client should launch it with the repo root as the working directory.
{
"mcpServers": {
"gitghost": {
"command": "npx",
"args": ["@gitghost/mcp"],
"cwd": "/path/to/your/repo"
}
}
}Agent-first rule
Keep the client inside the repository that owns the ring. The server uses the current working directory to resolve the target git repo.
Connect the client
Point Claude Desktop or another MCP client at the local server and set the repo root as the working directory.
Initialize the repo
Run gitghost_init, then add yourself and the trusted members that define the contributor ring.
Create or verify a commit
Use gitghost_commit to sign or gitghost_verify to validate trailers, ring root, and LSAG integrity.
Available tools6 endpoints
gitghost_init
Initialize .gitghost/ in the current repository.
gitghost_ring_add_self
Add the local ghost public key to the active ring.
gitghost_ring_add
Add a GitHub user's derived ghost public key.
gitghost_ring_list
Inspect the current ring and computed ring root.
gitghost_commit
Create a ring-signed commit as ghost <ghost@gitghost.org>.
gitghost_verify
Verify LSAG trailers on a ghost commit.
Security constraintsread before use
Local stdio only+
The MCP server runs as a local process. It does not need to expose a network service to be useful for agents.
No secret disclosure+
Tools may sign or verify on your behalf, but the server does not return raw .gitghost/identity.json content to the model.
One-person rings are not anonymous+
The protocol is only meaningful when the signer sits inside a real contributor ring. A ring of one does not hide identity.
Stdout is reserved+
MCP protocol messages stay on stdout. Human-readable status belongs in tool responses, not ad hoc logging.
Agents should treat the MCP server as a local command surface, not a remote identity service. The workflow is straightforward: connect, initialize, manage the ring, then sign or verify.
What agents get
six tools.
gitghost_initmcpgitghost_ring_add_selfmcpgitghost_ring_addmcpgitghost_ring_listmcpgitghost_commitmcpgitghost_verifymcpNotes
local only.
The server runs locally in the user's repo, not as a remote identity service.
`.gitghost/identity.json` stays private and never leaves the machine.
Anonymous signing requires a ring with more than one member.