
GoCertius MCP
@g-digital-by-Garrigues
GoCertius — Digital Trust services APIs for your agents. Bridges any MCP-compatible client (Claude Code, Claude Desktop, Cursor, etc.) to certified photos & videos, certified chats, signatures and certified notifications.
Overview
What is GoCertius MCP?
GoCertius MCP is a server that enables AI agents to interact with GoCertius, a platform for certified evidence, dossiers, notifications, and chats. It exposes 40 tools for creating, sealing, and certifying evidence records and dossiers, as well as managing chats and notifications. It is designed for developers building AI-powered workflows that require tamper‑evident document handling.
How to use GoCertius MCP?
Install and run via npx: npx -y @g-digital/mcp-gocertius, or use Docker: docker run gdigital/gocertius:latest. Configuration requires credentials (email/password or OpenID Connect) set via environment variables. The server works with Claude Desktop, Cursor, Windsurf, Cline, VS Code, JetBrains, Zed, and other MCP clients.
Key features of GoCertius MCP
- 40 tools for evidence and dossier management.
- Supports both INTERNAL (file upload) and EXTERNAL (hash‑only) evidence.
- Seals evidence groups with qualified TSP timestamping.
- Creates tamper‑evident PDF dossiers from certified evidence.
- Ships bundled Claude Code slash commands.
- Available via npm, Docker, n8n, Smithery, and MCP registry.
- Authentication via email/password or OpenID Connect.
- Configurable security: Host & Origin validation, HTTP/stdio modes.
Use cases of GoCertius MCP
- Automating evidence collection and sealing for legal workflows.
- Creating certified dossiers from multiple evidence records.
- Integrating AI agents with GoCertius for notification and chat management.
- Building multi‑tenant public deployments with fail‑closed security.
- Running certified evidence pipelines in CI/CD or cloud environments.
FAQ from GoCertius MCP
How do I get GoCertius credentials?
Visit https://www.gocertius.io to obtain account credentials (email/password) or OpenID Connect tokens.
What authentication flows are supported?
Two flows: Flow 1 uses email (MCP_AUTH_EMAIL) and password (MCP_AUTH_PASSWORD). Flow 2 uses OpenID Connect (MCP_OPENID_ISSUER, MCP_OPENID_CLIENT_ID, MCP_OPENID_REFRESH_TOKEN). A pre‑seeded JWT can also be supplied via MCP_AUTH_JWT.
Can I run GoCertius MCP in Docker?
Yes. Use docker run --rm -i -e MCP_AUTH_EMAIL=... -e MCP_AUTH_PASSWORD=... gdigital/gocertius:latest. The container automatically binds to all interfaces.
What security restrictions can I enforce?
Set MCP_ALLOWED_HOSTS to restrict Host headers, MCP_ALLOWED_ORIGINS for browser Origin validation (DNS‑rebinding defense), and MCP_HTTP_PUBLIC=true to activate fail‑closed Host/Origin checks. Private/internal addresses are always rejected for file uploads.
Does GoCertius MCP include pre‑built AI agent prompts?
Yes. The package ships Claude Code slash commands under .claude/commands/ (e.g. /getting-started, /evidence-lifecycle). See docs/agent-prompts.md for end‑to‑end examples.

