MCP Proxy (Tier A)
OpenCode loads MCP servers from opencode.json. Wrapping a server with mcp-proxy gives the MCP channel an adversary-resistant audit trail: the proxy runs out-of-process and signs locally, so it holds even if OpenCode itself misbehaves. This is Tier A — docs-only, reusing a shipped component. For native tool calls, see the plugin (Tier B).
Prerequisites
Section titled “Prerequisites”-
obsigna-daemoninstalled, initialised, and running — it holds the signing key and writes every receipt -
The MCP server you want to audit. The example below wraps GitHub’s official server:
Terminal window brew install github-mcp-server
Configure
Section titled “Configure”OpenCode launches local MCP servers as subprocesses. Point the command at mcp-proxy, which wraps the upstream server transparently — OpenCode doesn’t know the proxy is there. Use absolute paths; OpenCode launches MCP servers with a clean environment.
{ "$schema": "https://opencode.ai/config.json", "mcp": { "github-audited": { "type": "local", "enabled": true, "command": [ "/usr/local/bin/mcp-proxy", "-name", "github", "-issuer-name", "OpenCode", "-operator-id", "did:web:opencode.ai", "-operator-name", "OpenCode", "/usr/local/bin/github-mcp-server", "stdio" ] } }}The proxy reaches obsigna-daemon over its default platform socket automatically — no extra flag needed.
Verify
Section titled “Verify”Run an MCP tool in OpenCode (e.g. a GitHub query), then:
obsigna receipt list # receipts with channel: mcp from the proxyobsigna receipt verify # walk the chain and check signaturesReceipts from the proxy carry channel: mcp; native-tool receipts from the plugin carry channel: opencode. Both land in the same daemon chain, giving you a complete picture across both channels.