The MCP server that leaves receipts.
Willow gives AI agents memory and data they can prove, and a tamper-evident receipt for everything they do. No trusting the agent — or the server behind it.
Agents you don't have to take at their word.
Agents act on what they retrieve — and today, retrieval runs on trust. A standard MCP server is an API gateway in a different shape: the audit trail is whatever the operator chose to log, altered data looks identical to honest data, and a hallucination is indistinguishable from an accurate lookup. Fine for cat facts; not for an agent moving money or summarizing regulated documents.
Willow's MCP server makes the whole exchange verifiable. Every query an agent makes — memory, indexed blockchain data, structured records — returns a proof the agent (or anyone downstream) can check. And every tool call produces a signed receipt, co-signed by the agent's host and the server, linked into a hash chain that can't be quietly rewritten.
Receipt batches are anchored to Willow consensus on a set cadence, so an agent's history becomes a public, walkable audit trail. What did the agent see, and when, and what did it do? You no longer have to ask the operator — you verify.
It plugs into the stack you already run: MCP for Claude Desktop, Claude Code, Cursor, and any other MCP client; A2A for agent-to-agent discovery; a LangChain retriever for RAG pipelines that returns documents with their proofs attached.
Provable memory
Agents store and recall knowledge, preferences, and history through MCP tools — and every read returns a proof the data is exactly what was stored.
Receipts for every action
Each tool call becomes a signed, hash-chained receipt — co-signed by both sides and anchored on-chain in Merkle batches. Tampering with the log breaks the chain.
Plugs into your stack
Standard MCP, so it works wherever your agent runs. A2A endpoints make Willow discoverable to other agents; the LangChain integration covers RAG.
From setup to verified reads.
- 01
Connect
Add the Willow MCP server to your agent's config. It speaks standard MCP — Claude Desktop, Claude Code, Cursor, or any framework that supports the protocol.
- 02
Use
The agent remembers, queries indexed chains, and stores records through fourteen tools — every response backed by a proof.
- 03
Receipt
Every call is signed into a hash chain. Batches are Merkle-anchored to Willow consensus on a set cadence.
- 04
Audit
Verify proofs locally and walk the anchored receipt trail through the public API — without trusting the agent or the operator.
{
"mcpServers": {
"willow": {
"command": "npx",
"args": ["@willow-protocol/mcp-server"],
"env": {
"WILLOW_ENDPOINT": "https://api.willow.tech"
}
}
}
}Common questions.
What can my agent actually do with it?
Store and recall memory, query indexed blockchain data, persist and search structured records, and prove all of it — fourteen MCP tools, each returning results with proofs. The same data is reachable from the six SDKs, so agents and applications share one verifiable store.
What does a receipt prove?
What the agent asked, what it was given, and when — signed by both the agent's host and the server so neither side can forge it alone. Receipts link into a hash chain, and the chain anchors on-chain, so the history can't be rewritten after the fact, even by the operator.
Does it only work with Claude?
No — any MCP client works, including Cursor and self-built agent frameworks. Beyond MCP, the A2A endpoints let other agents discover and call Willow directly, and the LangChain integration brings proof-backed retrieval to Python RAG pipelines.
Give your agent receipts.
Add the Willow MCP server to your agent's config and every action it takes starts leaving a verifiable trail.