Build with Membrane.

Install and verify in three lines

Membrane ships as a library plus a CLI. Install the SDK in TypeScript or Python; the kwi-verify CLI comes with it. Verification runs offline against public chain state — there is no Membrane service to sign up for.

# TypeScript / Node
$ npm install @kwi/membrane

# Python
$ pip install kwi-membrane

# verify a proof bundle — offline, no trust in Membrane
$ kwi-verify bundle.json
✓ bundle verified — 6/6 checks passed

Wrap a tool call, emit an attestation

The SDK's job is to sit in the path of an action your agent already takes, capture the pieces, and emit a Membrane attestation. One import, sane defaults.

import { Membrane } from "@kwi/membrane";

const m = new Membrane({
  chain: "avalanche-fuji",        // anchor target
  issuer: "erc-8004:eip155:1:0x…/4217",  // agent identity
  policy: "./spending_policy.yaml",
});

// wrap the action — intent in, attestation out
const att = await m.attest({
  intent:   intentMandate,        // AP2 or Membrane-native
  call:     mcpToolCall,          // the tool-call envelope
  receipt:  x402Receipt,          // optional payment receipt
  response: result,               // hashed, not stored
  memory:   memoryEntry,          // commitment + provenance
});

await m.anchor(att);   // batched → Merkle root → on-chain

The Python SDK mirrors this surface exactly. Both expose the same attestation shape, the same verification routine, and the same chain config — so a bundle produced by one verifies with the other.

kwi-verify — offline, independent

The verifier is chain-config-driven. It reads the bundle's CAIP-2 chain id, resolves the right RPC and anchor contract, confirms the root is on-chain and past finality, checks the Merkle inclusion proof, and verifies issuer signatures. Nothing in the path trusts Membrane.

$ kwi-verify bundle.json
✓ intent mandate signature
✓ spending policy — not violated
✓ payment receipt — matches policy
✓ response hash — matches output
✓ memory entry — commitment matches
✓ anchor — avalanche-fuji · block 41,208,917
bundle verified — 6/6 checks passed

Chains are declared in membrane-chains.yaml, shipped with the SDK and overridable. Each entry carries the CAIP-2 id, the anchor address, RPC endpoints (with mandatory fallbacks), and a per-chain finality_blocks value — so a root is never trusted before its chain has finalised it.

Attestation as a one-server add

The Membrane MCP server exposes attestation as MCP tools. Any MCP-aware agent — a coding agent, a desktop assistant, an autonomous worker — gets Membrane attestation by adding one server to its config. This is the single biggest distribution lever in the roadmap, because MCP is the de-facto tool-call plumbing.

Receipt-format pluralist

Membrane does not pick a winner in the payments-rail war. Every rail's receipt is an equivalent input into the same attestation. Whoever wins, Membrane is still useful.

On-chain anchoring

Two contracts, ~250 lines of Solidity, zero external dependencies. Built and tested with Foundry. Full design rationale is in the architecture page.

$ forge install foundry-rs/forge-std
$ forge build
Compiling 26 files with Solc 0.8.24 ... done
$ forge test
[PASS] MembraneAnchorTest         16 passed
[PASS] MembraneRootRegistryTest   22 passed
→ 38/38 tests passed  (unit + fuzz)

What a proof bundle looks like

A bundle is a flat, content-addressed object. Sample bundles ship in the repo under samples/ so anyone can verify offline with kwi-verify — the samples are the documentation.

{
  "intent_anchor":  "0x9f3c…a17",   // ap2:intent-mandate
  "policy_id":      "0x71b2…0e4",
  "issuer":         "eip155:1:0x…/4217",  // erc-8004
  "parent_call":    "mcp:call:7a1f…",
  "payment_receipt":"x402:0x4e1d…b02",
  "response_hash":  "0xc7a9…3f1",
  "memory_entry":   "0xe520…9ac",
  "anchor": {
    "caip2":  "eip155:43113",         // avalanche-fuji
    "root":   "0x8d44…c10",
    "block":  41208917
  },
  "commitment":     "0x2fae…b88"    // the bundle's own hash
}

Verifiable USDC spend, end to end

The reference demo is the fastest way to see every layer working at once: an agent on Avalanche Fuji buys an API key with real USDC through a real x402 endpoint, and Membrane emits one composite proof.

• Intent. "Buy a 30-day API key from Provider X if it's under $20" — signed as an intent mandate.
• Call & pay. The agent hits the x402 endpoint, gets a payment-required challenge, signs and broadcasts a USDC payment within the active policy.
• Receipt & response. An x402 receipt and the API key come back; the response is content-hashed.
• Memory. "Purchased API key for Provider X, expires <date>" is written with full provenance.
• Bundle & anchor. Intent, policy, receipt, response hash, memory entry — bound into one attestation and anchored to Fuji.
• Verify. kwi-verify bundle.json → six green checks, offline.

Built in public

Membrane is Apache-2.0 and developed in the open by Kwizerana Finance. The contracts, the SDK, the verifier, and these docs all live in one repository.

• Repository. github.com/kwizeranafinance-kind/KWI_MEMBRANE — contracts, docs, and site.
• Good first issues. The wedge-demo proof bundle, the MCP server scaffold, and the AP2-mandate adapter are the open near-term workstreams.
• Standards. Membrane aims to contribute openly to the x402, AP2, A2A, ERC-8004, and MCP communities rather than compete with them.