
GoCertius MCP
@g-digital-by-Garrigues
GoCertius MCP について
GoCertius — Digital Trust services APIs for your agents. Bridges any MCP-compatible client (Claude Code, Claude Desktop, Cursor, etc.) to certified photos & videos, certified chats, signatures and certified notifications.
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"gocertius": {
"command": "npx",
"args": [
"-y",
"@g-digital/mcp-gocertius"
],
"env": {
"MCP_AUTH_EMAIL": "<your-email>",
"MCP_AUTH_PASSWORD": "<your-password>"
}
}
}
}ツール
40Registers a NEW evidence record inside an evidence group. Requires: evidence_group_create → evidenceGroupId, case_file_create → caseFileId. Generate a UUID v4 for `id` and compute the SHA-256 hex hash BEFORE calling. INTERNAL flow: call with custodyType INTERNAL; the response returns uploadFileUrl (presigned S3 URL). PUT the exact file bytes to uploadFileUrl, then verify with evidence_get/evidence_list, and ONLY THEN call evidence_seal. Do not seal while any INTERNAL evidence file is not uploaded. EXTERNAL flow: use custodyType EXTERNAL only for intentional hash-only evidence; each evidence still needs a fresh UUID. If a previous evidence create/upload failed and outcome is unknown, verify with evidence_list before retrying and do not reuse the same id unless you confirmed it was not persisted. WARNING: the API sometimes returns {code:'EvidenceCreateError'} even when the evidence was successfully persisted.
Lists all evidence records in a specific evidence group. Use to review uploaded documents before sealing the group, or to find a specific evidenceId. Requires: caseFileId and evidenceGroupId. Returns paginated list with IDs, titles, status, and timestamps.
Seals an evidence group and triggers qualified TSP timestamping. Requires: all INTERNAL evidence records in the group have already been uploaded to their uploadFileUrl and verified with evidence_get/evidence_list. Requires case_file_create → caseFileId and evidence_group_create → evidenceGroupId. Set evidencesCount to the number of evidences in the group. ASYNC: after calling, poll evidence_group_list until the group status changes to CLOSED before linking to a dossier or generating certificates.
Retrieves a specific evidence record. Requires: evidence_create → evidenceId, evidence_group_create → evidenceGroupId, case_file_create → caseFileId. Returns status (COMPLETED
Creates an evidence group inside a case file. Requires: case_file_create → caseFileId. Generate a UUID v4 for `id`. Set evidenceType to FILE, PHOTO, VIDEO, or WEB_PLUGIN. Returns evidenceGroupId. One group can contain multiple evidence records.
Lists all evidence groups in a case file with their current status (OPEN, CLOSING, CLOSED). Use to find an existing group or check which groups are ready for sealing. Requires: caseFileId.
Creates a dossier to aggregate certified evidence groups into a single tamper-evident PDF. Requires: case_file_create → caseFileId. Evidence groups must be in CLOSED status before linking. Generate a UUID v4 string for `id`. Returns dossierId. After creation, link evidence with dossier_evidence_link, then certify with dossier_certify.
Updates the metadata of an existing dossier (name, template fields, expiry). Requires: dossier_create → dossierId, caseFileId. Only available while dossier is in DRAFT status.
Certifies a dossier, generating a tamper-evident PDF and locking all linked evidence. Requires: dossier_create → dossierId, dossier_evidence_link (evidence linked), case_file_create → caseFileId. ASYNC: transitions DRAFT → CERTIFYING → CERTIFIED. Poll dossier_list until dossierId status === CERTIFIED before downloading.
Lists all dossiers in a case file with their status and metadata. Use to find an existing dossierId or monitor certification progress. Requires: caseFileId. Returns paginated list with IDs, names, status, and creation dates.
Retrieves the full details of a specific dossier including status, linked evidence, and download URLs. Use to check current state or get certificate download URLs after CERTIFIED. Requires: caseFileId and dossierId.
Lists available dossier templates. No prerequisites. Returns template IDs and their translations per language. Use the returned id as dossierTemplateId in dossier_create.
Returns an HTML preview URL of a dossier before certification. Requires: caseFileId and dossierId.
Returns the download URL for the certified dossier PDF. Requires: dossier_certify (CERTIFIED status), caseFileId, dossierId.
Returns the download URL for the full dossier package (PDF + evidence files). Requires: dossier_certify (CERTIFIED status), caseFileId, dossierId.
Updates the visibility (public/private) of a certified dossier. Requires: dossier_certify (CERTIFIED status), caseFileId, dossierId.
Deletes a dossier. Available in DRAFT status (to discard before certification) or in CERTIFIED status (to permanently remove the certified dossier). Irreversible. Requires: caseFileId and dossierId.
Creates AND certifies a dossier from a single sealed evidence group in one call (express path). Requires: evidence_seal (CLOSED status), case_file_create → caseFileId, evidence_group_create → evidenceGroupId. Generate a UUID v4 string for `id`. Use when you have exactly one sealed evidence group and don't need multi-group aggregation. Returns dossierId immediately with CERTIFYING status → poll until CERTIFIED.
Links evidence records from a sealed evidence group to a dossier. Requires: dossier_create → dossierId, evidence_seal (CLOSED status), case_file_create → caseFileId. Evidence groups MUST be in CLOSED status. Pass the ids array of evidence UUIDs to link. Can be called multiple times for evidence from different case files.
Lists evidence items that are available to be linked to a dossier (CLOSED groups not yet linked). Requires: caseFileId and dossierId.
Lists all evidence items linked to a dossier. Requires: caseFileId and dossierId.
Retrieves details of a specific evidence item linked to a dossier. Requires: caseFileId, dossierId, evidenceId.
Removes an evidence item from a dossier. Only available while dossier is in DRAFT status. Requires: caseFileId, dossierId, evidenceId.
Performs the notification_document_add operation against the GoCertius API.
Creates a certified notification request. Requires: case_file_create → caseFileId. Generate a UUID v4 for `id`. Set language to en_GB or es_ES. Returns notificationRequestId. Add at least one receiver with notification_receiver_add before sending. IMPORTANT: The `content` field must be valid HTML — plain text without HTML tags will not render on the recipient landing page. Only the following HTML formats are supported: paragraphs (<p>), bold (<strong>), italic (<em>), unordered lists (<ul><li>), ordered lists (<ol><li>). Do not use other HTML tags or CSS. Avoid special typographic characters (em dashes, smart quotes) in `subject`; use standard ASCII equivalents (hyphen, straight quotes) instead.
Sends the certified notification to all added receivers. Requires: notification_request_create → notificationRequestId, notification_receiver_add (at least one receiver), case_file_create → caseFileId. ASYNC: triggers delivery. Poll notification_request_status until status is SENT or beyond (PARTIALLY_READ, FULLY_READ) before generating certificates.
Checks the delivery status of a certified notification. Requires: notificationRequestId, caseFileId. Returns status (CREATING
Adds a recipient to a notification request. Requires: notification_request_create → notificationRequestId, case_file_create → caseFileId. The `id` can be a UUID v4 or custom string (e.g. your internal user ID). Returns receiverId — save it for notification_certificate_get. Add all receivers before calling notification_request_send.
Generates or retrieves a PDF certificate for a specific receiver proving delivery and/or reading of the notification. Requires: notification_request_send, notification_receiver_add → receiverId, notification_request_create → notificationRequestId, case_file_create → caseFileId. Generate a UUID v4 for `id` the first time you request a certificate for that receiver and reuse that same id when polling. Call only after notification_request_status is SENT or beyond. The first call may return {} while the certificate is being generated; poll/re-call notification_certificate_get until the response includes a pdfUrl/documentUrl or a CERTIFIED/final status. If the backend returns Forbidden/Unexpected at SENT, do not keep hammering the certificate endpoint: poll notification_request_status until READ/ANSWERED or verify in the UI, then retry with the same certificate id. For ACCEPTED_OR_NOT notifications, call once after a certifiable delivery/read state for an intermediate certificate and again after PARTIALLY_ANSWERED/FULLY_ANSWERED for the final answer certificate.
Creates a new case file — the top-level container for all related operations (evidence, notifications, dossiers, chats). Call this first before any other operation. Generate a UUID v4 for `id`. Returns caseFileId needed for all subsequent calls.
Lists all case files in your GoCertius account. Pass userId (from session_login or session_info) to scope results to your account. Returns paginated list with IDs, names, and status.
Retrieves details of a specific case file. Requires: caseFileId. Use to verify a case file exists before creating evidence groups, dossiers, or notifications.
Creates a certified chat channel (Telegram). IMPORTANT: Chats can only be created in the user's personal case file (created automatically when the GoCertius account was opened). Do not use a manually created case file — use session_info → case_file_list to find the personal case file (oldest createdAt, owned by the user). Generate a UUID v4 for `id`. Set service to Telegram. Returns immediately and the chat may start in status `creating`; call chat_get and wait until it is registered/active before requesting the invitation URL or certificates.
Retrieves details of a certified chat. Requires: personal caseFileId and chat_create → chatId. Returns status, participants, and registeredAt timestamp. After chat_create, poll chat_get until status is active/registered and registeredAt is present; createdAt is not enough for certificate creation.
Returns the Telegram invitation URL for a certified chat. Requires: chat_create → chatId and the personal caseFileId. Do not call while chat_get still shows status `creating`; wait until the chat is registered/active, otherwise the API can answer Chat not found. Share the returned invitationUrl with participants so they can join the certified channel.
Creates a certificate of a range of messages from a certified chat. Requires: chat_create → chatId, personal caseFileId, chat_get → registeredAt, and messages already present in the Telegram channel. Generate a UUID v4 for `id`. Do not use createdAt as a substitute for registeredAt; if registeredAt is missing, the chat is not ready to certify. Specify chatMessagesFrom and chatMessagesTo as ISO timestamps (chatMessagesFrom must be AFTER registeredAt). ASYNC: poll chat_certificate_get until status === CERTIFIED.
Retrieves the certificate of a certified chat. Requires: chat_certificate_create → certificate id, chat_create → chatId, case_file_create → caseFileId. Returns documentUrl when status reaches CERTIFIED. Poll until CERTIFIED before using documentUrl.
Authenticates with GoCertius to obtain a session JWT. Takes NO parameters — credentials are read from the server environment (MCP_AUTH_EMAIL plus MCP_AUTH_PASSWORD, or the OpenID Connect variables). For OpenID accounts this starts an Azure AD device flow: the first call returns a browser link + code to approve in Microsoft Authenticator, then call again to finish. The MCP server manages authentication automatically; call this only if you hit 401 errors.
Retrieves information about the current authenticated session including userId, account, and token expiry. Use to verify who is authenticated or check session validity. No required parameters.
Evidence Upload (custom tool).
概要
What is GoCertius MCP?
GoCertius MCP is a server that enables AI agents to interact with GoCertius, a platform for certified evidence, dossiers, notifications, and chats. It exposes 40 tools for creating, sealing, and certifying evidence records and dossiers, as well as managing chats and notifications. It is designed for developers building AI-powered workflows that require tamper‑evident document handling.
How to use GoCertius MCP?
Install and run via npx: npx -y @g-digital/mcp-gocertius, or use Docker: docker run gdigital/gocertius:latest. Configuration requires credentials (email/password or OpenID Connect) set via environment variables. The server works with Claude Desktop, Cursor, Windsurf, Cline, VS Code, JetBrains, Zed, and other MCP clients.
Key features of GoCertius MCP
- 40 tools for evidence and dossier management.
- Supports both INTERNAL (file upload) and EXTERNAL (hash‑only) evidence.
- Seals evidence groups with qualified TSP timestamping.
- Creates tamper‑evident PDF dossiers from certified evidence.
- Ships bundled Claude Code slash commands.
- Available via npm, Docker, n8n, Smithery, and MCP registry.
- Authentication via email/password or OpenID Connect.
- Configurable security: Host & Origin validation, HTTP/stdio modes.
Use cases of GoCertius MCP
- Automating evidence collection and sealing for legal workflows.
- Creating certified dossiers from multiple evidence records.
- Integrating AI agents with GoCertius for notification and chat management.
- Building multi‑tenant public deployments with fail‑closed security.
- Running certified evidence pipelines in CI/CD or cloud environments.
FAQ from GoCertius MCP
How do I get GoCertius credentials?
Visit https://www.gocertius.io to obtain account credentials (email/password) or OpenID Connect tokens.
What authentication flows are supported?
Two flows: Flow 1 uses email (MCP_AUTH_EMAIL) and password (MCP_AUTH_PASSWORD). Flow 2 uses OpenID Connect (MCP_OPENID_ISSUER, MCP_OPENID_CLIENT_ID, MCP_OPENID_REFRESH_TOKEN). A pre‑seeded JWT can also be supplied via MCP_AUTH_JWT.
Can I run GoCertius MCP in Docker?
Yes. Use docker run --rm -i -e MCP_AUTH_EMAIL=... -e MCP_AUTH_PASSWORD=... gdigital/gocertius:latest. The container automatically binds to all interfaces.
What security restrictions can I enforce?
Set MCP_ALLOWED_HOSTS to restrict Host headers, MCP_ALLOWED_ORIGINS for browser Origin validation (DNS‑rebinding defense), and MCP_HTTP_PUBLIC=true to activate fail‑closed Host/Origin checks. Private/internal addresses are always rejected for file uploads.
Does GoCertius MCP include pre‑built AI agent prompts?
Yes. The package ships Claude Code slash commands under .claude/commands/ (e.g. /getting-started, /evidence-lifecycle). See docs/agent-prompts.md for end‑to‑end examples.
「その他」の他のコンテンツ
Production-ready MCP integrations for AI applications
Klavis-AIKlavis AI: MCP integration platforms that let AI agents use tools reliably at any scale
AutoBrowser MCP
autobrowser-aiBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
Servers
modelcontextprotocolModel Context Protocol Servers
MCP Registry
modelcontextprotocolA community driven registry service for Model Context Protocol (MCP) servers.
🚀 Model Context Protocol (MCP) Curriculum for Beginners
microsoftThis open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable,
コメント