AffixIOAFFIXIO
Contact

Home / Connector updates

Proof Connector Updates

The complete guide to Proof by AffixIO, the remote MCP connector for Claude. Install, authorise, and call 23 verification tools from chat: zero-knowledge proofs, ML-DSA attestation, Merkle audit, legacy QR migration, and offline gate tickets. Machine endpoint: https://affix-io.com/mcp.

This page is available at www.affix-io.com/connector-updates and affix-io.com/connector-updates (with or without trailing slash).

Claude MCP Model Context Protocol zero-knowledge proofs ML-DSA-65 Merkle audit offline tickets QR migration
23Tools
1.2.0Version
106+ZK circuits
OAuthAuth
CONNECTOR ARCHITECTURE ClaudeWeb · Desktop · Code MCP layeraffix-io.com/mcpStreamable HTTP AffixIO APINoir + Barretenbergapi.affix-io.com MerkleAudit tree CMS edgeTickets · QR migrateOffline verify Returns: proof_ref · proof_digest · ML-DSA attestation · Merkle inclusion · gate tokensNo raw PII in proof outputs. Use synthetic test data only.
Proof by AffixIO sits between Claude and AffixIO verification infrastructure. Proofs and attestations are shareable; underlying data stays with you.
PII warning. Do not put names, government IDs, health records, or financial details in Claude prompts when calling AffixIO tools. Use synthetic identifiers and sandbox-style test payloads.

This page is separate from the REST API changelog. /mcp is the live connector endpoint. /connector-updates is the human-readable install guide, tool encyclopaedia, and dated release feed.

Install

Three paths depending on which Claude product you use. All connect to the same hosted endpoint.

Claude.ai (browser)

  1. Open Settings (profile menu, bottom left).
  2. Go to Connectors or Integrations.
  3. Click Add connector or Custom connector.
  4. Paste the URL below. Name it Proof by AffixIO if prompted.
  5. Click through OAuth authorisation when AffixIO opens the consent screen.
  6. Start a new chat. Claude can now call AffixIO tools when relevant.
https://affix-io.com/mcp

Claude Desktop

Same flow as Claude.ai. Settings → Connectors → Add custom connector → paste URL → authorise.

Desktop persists the connector across sessions. Re-authorise if you revoke access in AffixIO OAuth settings.

Claude Code (CLI)

Run from your project directory:

claude mcp add --transport http affixio-proof https://affix-io.com/mcp

List: claude mcp list · Remove: claude mcp remove affixio-proof

Cursor and other MCP clients

Any MCP client supporting Streamable HTTP and OAuth can use the same URL. See WP-040 for Cursor-specific notes.

Server name in metadata: affixio-proof · Version: 1.2.0

OAuth authorisation

The hosted connector uses OAuth 2.0. You authorise once per client. AffixIO issues a bearer token for MCP requests.

You Claude AffixIO OAuth /mcp 1. Add connector URL in Claude settings 2. Browser opens AffixIO consent · 3. Bearer token issued · 4. Tool calls proxied to verification API
OAuth protects the connector. No API key paste in chat. Revoke access from AffixIO if needed.

Workflows and example prompts

Ask Claude in plain language. It selects the right tool. Below are tested patterns.

1. Age eligibility without revealing exact age

Claude calls zk_scenario_match then zk_prove with circuit health_age.

"Use AffixIO to prove someone meets an 18+ threshold. Use test values only: age 25, threshold 18. Return the proof_ref."

2. Three-condition eligibility (voting, employment, access)

Circuit yesno. Three boolean fields must all be 1 to pass.

"Generate a yesno ZK proof: UK residency met, age requirement met, no disqualifying record. Mark each condition 1 or 0 with labels."

3. PQC-attested proof

Set request_attestation: true on prove. Returns ML-DSA-65 signature on the outcome.

"Run zk_prove on yesno with all three conditions true and request_attestation true. Show the attestation digest."

4. Verify a shared proof_ref

"Verify proof_ref 1:abc… on the yesno circuit using zk_verify."

5. Merkle audit confirmation

"Fetch the Merkle inclusion proof for digest abc… using zk_merkle_proof, then confirm the path with zk_merkle_verify."

6. Legacy QR migration

"Migrate this legacy event URL to an AffixIO PQC ticket: https://example.com/ticket/12345. Source label: demo_provider. Event: Test Concert."

7. Offline gate ticket

"Issue an edge ticket for event Arena Night, entry point gate-a, maxUses 1. Then verify and consume it."

8. Merkle-signed QR code

"Create a Merkle-signed QR encoding proof_ref 1:… from the last prove result."
AI agent verification gate before payment or tool access
Agent gate: verify before autonomous action.
Audit flow from policy inputs to signed proof
Merkle audit path for compliance review.
AffixIO decision flow yes or no with proof
Signed yes/no at the decision boundary.
Verification infrastructure flow
Stateless per-request evaluation.
Connector flow diagram
End-to-end connector path.
AffixIO
Proof by AffixIO · v1.2.0

Tool reference (23 tools)

Full catalogue for connector version 1.2.0. Grouped by function.

Prove and verify

ToolPurposeKey inputs
zk_proveGenerate ZK proof on any compiled circuitcircuit_id, fields, request_attestation
zk_verifyCryptographic verify + double-spend detectioncircuit_id, proof (id, ref, digest, or hex)
zk_batch_proveUp to 8 scenarios in one callscenarios[]
zk_identity_verifyDeclarative rules → KYC proofrecords, rules, request_attestation
zk_eligibilityQuick sector attestation demoidentifier (8+ chars), sector
zk_scenario_matchNatural language → circuit recommendationscenario text
zk_list_circuitsBrowse 106+ compiled circuitsOptional filter, group

PQC and QR migration

ToolPurposeKey inputs
zk_attestML-DSA-65 sign JSON payloadpayload object
zk_attest_verifyVerify ML-DSA attestationpayload, attestation
zk_migrate_qrWrap legacy QR in PQC compact-v3 ticketlegacyUrl / legacyData / legacyToken

Offline gate tickets

ToolPurposeKey inputs
zk_issue_ticketMint compact-v3 offline ticketevent, entryPoint, maxUses, exp
zk_verify_ticketEdge verify without live DBtoken, gateId
zk_consume_ticketMark spent, return spent digesttoken, entryPoint

Audit and Merkle

ToolPurposeKey inputs
zk_merkle_proofInclusion proof for digestdigest or proof_ref
zk_merkle_verifyVerify sibling pathleaf_hash, proof[]
zk_proof_traceFull audit trail for digestdigest
zk_audit_feedRecent audit log entriesoffset, limit, circuit_id
zk_governance_statsTree size, circuit breakdownnone
zk_healthEngine and circuit readinessnone

Codes

ToolPurposeKey inputs
zk_make_qrMerkle-signed QR from text, URL, or proof_reftext / url / proof_ref
zk_make_proof_qrQR optimised for proof_ref scanningproof_ref, optional verify_url
zk_make_barcodeMerkle-signed barcode (Code 128, EAN, etc.)data, symbology
zk_barcode_symbologiesList supported encodersnone

Circuits for zk_prove

Core connector circuits plus the full sandbox catalogue (106+). Call zk_list_circuits for the live list.

CircuitFieldsTypical use
yesnocondition_greater1–3 (0/1)Multi-condition eligibility: voting, employment, access
health_ageage, threshold (integers)18+, 21+, 65+ without revealing exact age
kycrule1–5 (0/1)Five-rule identity attestation
edu_*, cross_*, etc.Per circuit schemaSector sandbox proofs. See circuit catalogue.

PQC attestation (ML-DSA-65)

Post-quantum signatures on proof outcomes and migration manifests. NIST-aligned ML-DSA-65 (Dilithium class).

Proof outcome JSON SHA-256 digestpayload_digest ML-DSA-65 signaturemldsa_signature_b64 zk_attest_verify
Attestation binds a digest to a lattice signature. Verify offline with the same payload.

Enable on prove: request_attestation: true. Standalone: zk_attest / zk_attest_verify. Background: PQC field note, WP-002.

Offline gate tickets

Compact-v3 tokens embed proof at issue time. Scanners verify locally. No personal data in the scan path.

zk_issue_ticket QR scan zk_verify_ticket zk_consume_ticket spent digest → Merkle
Issue, verify at gate, consume once. Double-scan blocked with spent proof.

Venue use cases: offline tickets sector, anti-scalping guide.

Merkle audit

Every verified operation can append a leaf to the shared sha256-sorted-pairs tree on api.affix-io.com.

  • proof_ref format: 1:digest (pass) or 0:digest (fail)
  • zk_merkle_proof returns sibling path and leaf metadata
  • zk_proof_trace shows position in tree and path validity
  • Browser verifier: /tools/merkle-verifier

Release history

Newest first. Connector versioning is independent of OpenAPI API 1.4.2.

25 June 2026 v1.2.0 Current

PQC attestation, QR migration, and edge tickets

New tools

  • zk_attest and zk_attest_verify for ML-DSA-65 sign and verify
  • zk_migrate_qr fingerprints legacy QR input, mints compact-v3, signs migration manifest
  • zk_issue_ticket, zk_verify_ticket, zk_consume_ticket for offline gates

Enhanced

  • zk_prove accepts any circuit from zk_list_circuits, not only yesno / health_age / kyc
  • request_attestation flag on zk_prove and zk_identity_verify
  • zk_batch_prove supports any circuit id and attestation per scenario
  • Shared prove runner across MCP entry points for consistent output

Infrastructure

  • CMS client for ticket and migration APIs on local port 3000
  • Connector metadata bumped to version 1.2.0
  • This documentation page launched at /connector-updates
22 June 2026 v1.1.0

Extended tool catalogue

New tools

  • zk_list_circuits, zk_identity_verify, zk_health
  • zk_audit_feed, zk_merkle_verify, zk_proof_trace
  • zk_batch_prove, zk_scenario_match, zk_eligibility
  • zk_make_qr, zk_make_barcode, zk_make_proof_qr, zk_barcode_symbologies

Platform

  • OAuth authorisation UI with AffixIO branding
  • Protected-resource metadata at /.well-known/oauth-protected-resource/mcp
  • Merkle-signed codes return inclusion paths in tool responses
  • Proof cache for session-scoped verify (7-day TTL)
Early June 2026 v1.0.0

Initial public connector

  • Core tools: zk_prove, zk_verify, zk_merkle_proof, zk_governance_stats
  • Streamable HTTP MCP transport at affix-io.com/mcp
  • Circuits: yesno, health_age, kyc
  • Proofs recorded on api.affix-io.com with Merkle audit
  • Claude.ai custom connector support documented on homepage

Troubleshooting

IssueFix
Connector not listed in ClaudeRe-add URL. Check you used https://affix-io.com/mcp not /connector-updates.
401 on tool callsRe-authorise OAuth. Token may have expired.
Cannot verify from proof_ref aloneUse proof_id from same session, or pass raw proof hex. For audit-only checks use zk_merkle_proof.
Double-spend detectedProof already verified. Expected behaviour. Use zk_merkle_proof for confirmation.
Circuit not foundRun zk_list_circuits for valid ids. Some aliases map (e.g. health_age_verification → health_age).
QR migration unauthorisedHosted connector includes CMS auth. Retry or check status.
Tools not visible after updateDisconnect and reconnect connector in Claude settings to refresh tool list.

FAQ

Does this page work on www and non-www?

Yes. Use www.affix-io.com/connector-updates or affix-io.com/connector-updates. Canonical URL for search engines is the www form.

Is /mcp the same as this page?

No. /mcp is the machine endpoint. This page is documentation.

Do I need an API key?

The hosted connector uses OAuth. Self-hosted integrations use API keys via AI integration.

Where do proofs land?

On api.affix-io.com. Merkle leaves are queryable via audit tools.

Can I use production data?

No. Synthetic test payloads only in Claude prompts.

Does this work in Cursor?

Yes, with MCP HTTP transport. See WP-040 for Cursor-specific setup.

How is this different from the API changelog?

API changelog tracks REST contract versions. This page tracks the Claude MCP connector tools and behaviour.

What circuits can zk_prove use?

All compiled circuits from zk_list_circuits. Core three: yesno, health_age, kyc.

Is ML-DSA the same as Dilithium?

ML-DSA-65 is the NIST standardised form (FIPS 204). AffixIO uses ML-DSA-65 for attestations.