MCP Server

Name: QuantaSeal
Brand: QuantaSeal
Price: 69 AUD

@quantaseal/mcp-server gives Claude Desktop, Cursor, GPT-4, and any MCP-compatible AI agent direct access to vault, encryption, compliance, and audit - secured by your API key.

Overview#

The MCP server exposes 21 tools across 8 domains. It supports three transports:

stdio — for Claude Desktop and local agents. Each session creates a completely isolated server instance.
Streamable HTTP — MCP 2025-11-05 spec transport. Recommended for new integrations and cloud agents.
SSE (Server-Sent Events) — legacy transport for LangChain, HTTP-based MCP clients, and existing GPT-4 custom integrations.

bash

# Run via npx (no install needed)
npx -y @quantaseal/mcp-server

# Or install globally
npm install -g @quantaseal/mcp-server

# Or build from source (monorepo)
cd sdk/mcp && npm install && npm run build   # → dist/server.js

Registries#

@quantaseal/mcp-server is listed on all major MCP discovery platforms. One-click install is available on Smithery.

Registry	Identifier	Status
npm	`@quantaseal/mcp-server@1.1.4`	Published ↗
Smithery	`io.github.Lokeshwaranramu/quantaseal`	Listed ↗
MCP Registry	`io.github.Lokeshwaranramu/quantaseal`	Listed ↗

Claude Desktop Setup#

Add the QuantaSeal MCP server to your Claude Desktop configuration file. Each session creates an isolated server instance - your API key is read at request time and never cached between requests.

Config file location (macOS): ~/Library/Application Support/Claude/claude_desktop_config.json

json

{
  "mcpServers": {
    "quantaseal": {
      "command": "node",
      "args": [
        "/usr/local/lib/node_modules/@quantaseal/mcp-server/dist/server.js"
      ],
      "env": {
        "QUANTASEAL_API_KEY": "qs_live_your_key_here"
      }
    }
  }
}

Note: Adjust the path in args if you built from source - use the absolute path to sdk/mcp/dist/server.js.

Hosted & SSE Transport#

Connect to the hosted endpoint at mcp.quantaseal.io for zero-ops deployment, or self-host in SSE mode for LangChain and HTTP-based MCP clients.

json

// Claude Desktop — hosted endpoint (no local install)
{
  "mcpServers": {
    "quantaseal": {
      "url": "https://mcp.quantaseal.io/sse",
      "headers": { "Authorization": "Bearer qs_live_your_key_here" }
    }
  }
}

bash

# Self-host in SSE mode on port 3050
QUANTASEAL_API_KEY=qs_live_… node dist/server.js --transport sse --port 3050
# → SSE endpoint: http://localhost:3050/sse

# Docker example
docker run -e QUANTASEAL_API_KEY=qs_live_… \
  -p 3050:3050 \
  ghcr.io/quantaseal/mcp-server:latest --transport sse --port 3050

Each SSE connection creates a completely isolated server instance with no shared state between sessions. Suitable for multi-agent deployments.

21 Tool Reference#

21 tools across 8 domains. All tools enforce tenant isolation server-side. Tool names use snake_case and are prefixed by domain.

Health(1 tool)

Tool Name	Description
`quantaseal_health`	Check API connectivity, backend health, and subscription status.

Vault(5 tools)

Tool Name	Description
`vault_seal`	Store a credential in QuantaVault with 3-layer ML-KEM-768 encryption.
`vault_unseal`	Retrieve and decrypt a vault entry by credential_id.
`vault_list`	List all vault entries (metadata only - no plaintext values).
`vault_rotate`	Re-encrypt a vault entry with a fresh ML-KEM-768 key pair.
`vault_delete`	Permanently delete a vault entry (logged to audit chain).

Encryption(4 tools)

Tool Name	Description
`encrypt`	Encrypt data with ML-KEM-768 + AES-256-GCM (NIST FIPS 203).
`decrypt`	Decrypt a HybridCryptoEnvelope. Signature verified before decryption.
`sign`	Sign a payload with ML-DSA-65 + HMAC-SHA-512 (NIST FIPS 204).
`verify_signature`	Verify both ML-DSA-65 and HMAC-SHA-512 signatures (bitwise &).

Integrations(3 tools)

Tool Name	Description
`list_integrations`	List all system integrations connected to your tenant.
`test_integration`	Test connectivity for a specific integration by ID.
`proxy_request`	Execute an outbound proxy operation through the QuantaSeal proxy engine.

Compliance(3 tools)

Tool Name	Description
`get_compliance_score`	Get the live compliance score (0–100) for a framework from the audit chain.
`generate_compliance_report`	Generate a PDF compliance report with evidence citations.
`list_compliance_reports`	List previously generated compliance reports with download URLs.

Audit(1 tool)

Tool Name	Description
`list_audit_logs`	Query the immutable SHA3-256 audit hash chain. Filter by event type, user, or time range.

Metrics(1 tool)

Tool Name	Description
`get_metrics`	Retrieve usage metrics: API calls, encryption operations, vault unseals, proxy requests.

AI Agent Market(3 tools)

Tool Name	Description
`get_pqc_readiness_score`	Instant AI Market Readiness score: quantum threat exposure, algorithm coverage, and actionable hardening steps.
`get_regulatory_alerts`	Real-time APRA, NIST, and CISA regulatory change alerts affecting your connected integrations.
`get_cbom`	Generate a Cryptographic Bill of Materials (CBOM) — full inventory of algorithms, key lengths, and compliance status per integration.

Security Model#

The MCP server is designed to be safe to embed in AI agent workflows.

Tenant Isolation

Each API key maps to exactly one tenant. The server passes the key on every request - tenant enforcement happens server-side in the QuantaSeal backend, never in the MCP server itself.

Key Never Cached

getApiKey() is called at request time on every tool invocation. The API key is never stored in memory between requests or logged.

Session Isolation

Each SSE session creates a completely isolated server instance. No shared state between sessions. Suitable for multi-agent deployments.

Full Audit Trail

Every tool call is logged to the immutable audit chain with args_hash, response_hash, and ML-DSA-65 signatures. Use list_audit_logs to review AI agent activity.

All tool names:

quantaseal_healthvault_sealvault_unsealvault_listvault_rotatevault_deleteencryptdecryptsignverify_signaturelist_integrationstest_integrationproxy_requestget_compliance_scoregenerate_compliance_reportlist_compliance_reportslist_audit_logsget_metricsget_pqc_readiness_scoreget_regulatory_alertsget_cbom

CLI Reference SDKs

MCP Server

@quantaseal/mcp-server gives Claude Desktop, Cursor, GPT-4, and any MCP-compatible AI agent direct access to vault, encryption, compliance, and audit - secured by your API key.

Overview#

The MCP server exposes 21 tools across 8 domains. It supports three transports:

stdio — for Claude Desktop and local agents. Each session creates a completely isolated server instance.
Streamable HTTP — MCP 2025-11-05 spec transport. Recommended for new integrations and cloud agents.
SSE (Server-Sent Events) — legacy transport for LangChain, HTTP-based MCP clients, and existing GPT-4 custom integrations.

bash

# Run via npx (no install needed)
npx -y @quantaseal/mcp-server

# Or install globally
npm install -g @quantaseal/mcp-server

# Or build from source (monorepo)
cd sdk/mcp && npm install && npm run build   # → dist/server.js

Registries#

@quantaseal/mcp-server is listed on all major MCP discovery platforms. One-click install is available on Smithery.

Registry	Identifier	Status
npm	`@quantaseal/mcp-server@1.1.4`	Published ↗
Smithery	`io.github.Lokeshwaranramu/quantaseal`	Listed ↗
MCP Registry	`io.github.Lokeshwaranramu/quantaseal`	Listed ↗

Claude Desktop Setup#

Add the QuantaSeal MCP server to your Claude Desktop configuration file. Each session creates an isolated server instance - your API key is read at request time and never cached between requests.

Config file location (macOS): ~/Library/Application Support/Claude/claude_desktop_config.json

json

{
  "mcpServers": {
    "quantaseal": {
      "command": "node",
      "args": [
        "/usr/local/lib/node_modules/@quantaseal/mcp-server/dist/server.js"
      ],
      "env": {
        "QUANTASEAL_API_KEY": "qs_live_your_key_here"
      }
    }
  }
}

Note: Adjust the path in args if you built from source - use the absolute path to sdk/mcp/dist/server.js.

Hosted & SSE Transport#

Connect to the hosted endpoint at mcp.quantaseal.io for zero-ops deployment, or self-host in SSE mode for LangChain and HTTP-based MCP clients.

json

// Claude Desktop — hosted endpoint (no local install)
{
  "mcpServers": {
    "quantaseal": {
      "url": "https://mcp.quantaseal.io/sse",
      "headers": { "Authorization": "Bearer qs_live_your_key_here" }
    }
  }
}

bash

# Self-host in SSE mode on port 3050
QUANTASEAL_API_KEY=qs_live_… node dist/server.js --transport sse --port 3050
# → SSE endpoint: http://localhost:3050/sse

# Docker example
docker run -e QUANTASEAL_API_KEY=qs_live_… \
  -p 3050:3050 \
  ghcr.io/quantaseal/mcp-server:latest --transport sse --port 3050

Each SSE connection creates a completely isolated server instance with no shared state between sessions. Suitable for multi-agent deployments.

21 Tool Reference#

21 tools across 8 domains. All tools enforce tenant isolation server-side. Tool names use snake_case and are prefixed by domain.

Health(1 tool)

Tool Name	Description
`quantaseal_health`	Check API connectivity, backend health, and subscription status.

Vault(5 tools)

Tool Name	Description
`vault_seal`	Store a credential in QuantaVault with 3-layer ML-KEM-768 encryption.
`vault_unseal`	Retrieve and decrypt a vault entry by credential_id.
`vault_list`	List all vault entries (metadata only - no plaintext values).
`vault_rotate`	Re-encrypt a vault entry with a fresh ML-KEM-768 key pair.
`vault_delete`	Permanently delete a vault entry (logged to audit chain).

Encryption(4 tools)

Tool Name	Description
`encrypt`	Encrypt data with ML-KEM-768 + AES-256-GCM (NIST FIPS 203).
`decrypt`	Decrypt a HybridCryptoEnvelope. Signature verified before decryption.
`sign`	Sign a payload with ML-DSA-65 + HMAC-SHA-512 (NIST FIPS 204).
`verify_signature`	Verify both ML-DSA-65 and HMAC-SHA-512 signatures (bitwise &).

Integrations(3 tools)

Tool Name	Description
`list_integrations`	List all system integrations connected to your tenant.
`test_integration`	Test connectivity for a specific integration by ID.
`proxy_request`	Execute an outbound proxy operation through the QuantaSeal proxy engine.

Compliance(3 tools)

Tool Name	Description
`get_compliance_score`	Get the live compliance score (0–100) for a framework from the audit chain.
`generate_compliance_report`	Generate a PDF compliance report with evidence citations.
`list_compliance_reports`	List previously generated compliance reports with download URLs.

Audit(1 tool)

Tool Name	Description
`list_audit_logs`	Query the immutable SHA3-256 audit hash chain. Filter by event type, user, or time range.

Metrics(1 tool)

Tool Name	Description
`get_metrics`	Retrieve usage metrics: API calls, encryption operations, vault unseals, proxy requests.

AI Agent Market(3 tools)

Tool Name	Description
`get_pqc_readiness_score`	Instant AI Market Readiness score: quantum threat exposure, algorithm coverage, and actionable hardening steps.
`get_regulatory_alerts`	Real-time APRA, NIST, and CISA regulatory change alerts affecting your connected integrations.
`get_cbom`	Generate a Cryptographic Bill of Materials (CBOM) — full inventory of algorithms, key lengths, and compliance status per integration.

Security Model#

The MCP server is designed to be safe to embed in AI agent workflows.

Tenant Isolation

Each API key maps to exactly one tenant. The server passes the key on every request - tenant enforcement happens server-side in the QuantaSeal backend, never in the MCP server itself.

Key Never Cached

getApiKey() is called at request time on every tool invocation. The API key is never stored in memory between requests or logged.

Session Isolation

Each SSE session creates a completely isolated server instance. No shared state between sessions. Suitable for multi-agent deployments.

Full Audit Trail

Every tool call is logged to the immutable audit chain with args_hash, response_hash, and ML-DSA-65 signatures. Use list_audit_logs to review AI agent activity.

All tool names:

CLI Reference SDKs