Connect FLINTover MCP

Agents are already transacting across organizational boundaries. The live Cloudflare and Stripe agent protocol lets an agent open accounts and spend on its own, with a monthly cap as the only guardrail. Inside one organization, identity is solved: SPIFFE issues workload identities, A2A signs agent cards, your platform governs its own agents. None of that travels across the boundary.

FLINT is the Know Your Agent layer that does. An agent mints a portable Agent Passport and runs transaction-time verification, accepted where the issuer is not a party to the deal. The passport is the agent's portable identity; the verification record is the signed evidence a merchant keeps. FLINT is rail-neutral: payment providers move value, FLINT verifies the agent before it moves.

{
  "mcpServers": {
    "flint": {
      "type": "streamable-http",
      "url": "https://flint.network/mcp"
    }
  }
}

In Claude Desktop, add it as a custom remote connector with that URL. On connect, the server returns instructions pointing the agent to issue a passport first.

The fastest path. One install gives you the FLINT connector and the skill that runs the verify-before-pay loop, so Claude knows when to verify, not just how. It works in Cowork, Claude.ai, and Claude Code.

/plugin marketplace add thefraudfather/flint-plugin
/plugin install flint@flint-network

Updates sync automatically from the repository.

The only required field for a Cross-Domain Agent Passport is name.

issue_agent_passport
{ "agent": { "agent_name": "Invoice Bot" } }

{
  "passport_id": "kya_01J7QJ3VQV4X30B6XEXBHHDM",
  "passport_url": "https://flint.network/passport/kya_01J7QJ3VQV4X30B6XEXBHHDM",
  "claim_url": "https://flint.network/claim?passport_id=kya_01J7QJ3VQV4X30B6XEXBHHDM&token=8f3a2e1b",
  "owned": false,
  "signature_valid": true
}

Controller, wallet, attestations, and the spending mandate are optional and updatable later without reissuing. Signed in, the passport binds to your account; anonymous, the claim link attaches it whenever you want.

FLINT does not replace your identity provider, it composes with it. Pass your agent's SPIFFE SVID or a signed agent card as the runtime claim, and FLINT verifies authority and behavior on top of the identity you already issue. SPIFFE is the driver's license inside your organization. FLINT is the passport for when your agent leaves it.

issue_authorization_record
{
  "transaction": { "amount_display": "847.00 USDC", "merchant_reference": "order_847" },
  "agent_claim": { "spiffe_svid": "spiffe://acme.example/ns/agents/sa/invoice-bot" }
}

The call returns a four-state verdict, allow, step-up, review, or block, plus a compact JWS verifiable against flint.network/.well-known/jwks.json.

Issuing an Agent Passport is free. Passports are signed and publicly resolvable by design, so counterparties can verify the credential without opening an account. FLINT uses the verification data you submit to train and improve its own fraud-detection models, the protective intelligence that defends your agent against takeover, diversion, and impersonation. FLINT does not sell your data, does not share raw identifiers, and does not use it to train third-party or general-purpose models. Runtime and reputation identifiers are partner-scoped so cross-domain trust never becomes cross-domain tracking. Read the privacy policy.