Getting Started
Hosted MCP (OAuth, no key copying)
mcp.fidacy.com is the Fidacy MCP server we run for you. Point any MCP client at it, approve once in the console, and your agent gets assess_action and artifact anchoring, no key pasted into a config file. Prefer to run it yourself? The npm package is still there.
assess. Disconnecting is one click: revoke that key. It can never touch keys, members or billing.Claude Code
claude mcp add --transport http fidacy https://mcp.fidacy.com/mcp
On first use Claude Code opens your browser to the Fidacy console; sign in (or you already are), click Approve, and it is connected.
Cursor
Settings → MCP → Add new MCP server, or add this to ~/.cursor/mcp.json:
{
"mcpServers": {
"fidacy": {
"url": "https://mcp.fidacy.com/mcp"
}
}
}Cursor prompts to authenticate on first call; approve in the console.
OpenClaw
Add a remote MCP server pointing at the streamable-HTTP URL. In your OpenClaw config:
{
"mcpServers": {
"fidacy": {
"type": "http",
"url": "https://mcp.fidacy.com/mcp"
}
}
}OpenClaw runs the OAuth flow in your browser on connect. (Prefer the native plugin? @fidacy/openclaw-plugin installs the same tools locally.)
Hermes
Register a streamable-HTTP MCP server with the same URL; Hermes handles the OAuth handshake and stores the token for you:
{
"mcp": {
"servers": {
"fidacy": { "transport": "http", "url": "https://mcp.fidacy.com/mcp" }
}
}
}What your agent gets
- ·
assess_action— a signed approve / review / deny verdict on a payment mandate, before the money moves. - ·
anchor_artifact— anchor a sha256 digest (contract, invoice, transcript) into your audit chain, checkpointed to Bitcoin. Hash-only. - ·
check_artifact— look up whether a digest was anchored and its status.
How the connection is secured
- ·OAuth 2.1 with PKCE (S256) and dynamic client registration.
- ·The consent happens in the Fidacy console, under your existing session (and your 2FA, if enabled), never on a third-party screen.
- ·The token issued to the client is a real, scoped, revocable API key. Every tool call is authorized and signed by the engine under your org, exactly like a direct API call.