Skip to main content
This is the technical reference for the Inheribase MCP server v2.0. It covers the authentication protocol, full tool definitions with argument and return schemas, a JSON-RPC implementation example, and security best practices for integrators building on top of the Inheribase protocol.

Protocol authentication

Agents connecting via MCP must provide a valid API key in the INHERIBASE_API_KEY environment variable. Inheribase supports two key classes with different permission scopes:
Key typePrefixAccess
Human-bound keysk_human_...Unrestricted access to the user’s vault
Scoped agent keysk_agent_...Restricted to specific tools like check_in and store_asset
Set the key in your MCP server environment before starting the server: 
export INHERIBASE_API_KEY=sk_agent_your_key_here

Tool definitions

1. store_asset

Persists a file to the vault with client-side encryption. The file content is encrypted on the agent before it is transmitted to Inheribase. Arguments:
NameTypeDescription
filenamestringRequiredThe destination path in the vault
datastringRequiredBase64-encoded file content
metadataobjectOptionalTags or descriptions for the asset
Returns:
NameTypeDescription
hashstringThe Arweave transaction ID
timestampstringThe cryptographic anchoring time (ISO 8601)

2. check_status

Retrieves the current state of the vault and succession timeline. Arguments:
NameTypeDescription
vaultIdstringOptionalDefaults to the key’s primary vault
Returns:
NameTypeDescription
statestringOne of active, releasing, or released
daysRemainingnumberDays until the current trigger executes

3. check_in

Executes an Audit Pulse to reset the Dead Man’s Switch timer. This confirms the user is active and restarts the check-in countdown. Arguments:
NameTypeDescription
notestringOptionalA brief log entry for the audit trail
Returns:
NameTypeDescription
nextCheckInDuestringISO timestamp of the next required Vitality Event

Implementation example

The following JSON-RPC payload demonstrates how to call the check_in tool from a compatible MCP client: 
{
  "method": "tools/call",
  "params": {
    "name": "check_in",
    "arguments": {
      "note": "Daily automated status verification"
    }
  }
}

Security best practices

  1. Never share sk_human_... keys. Use scoped sk_agent_... keys for shared or automated integrations. Human-bound keys grant unrestricted vault access and should only be used in fully controlled personal environments.
  2. Handle 402 errors in store_asset calls. The MCP server returns a 402 status when the Vault Credits balance is insufficient to store a file. Build retry logic that checks for credits before attempting large uploads.
  3. Review the audit trail regularly. All MCP actions are logged in your vault’s Activity Monitoring section. Review these logs periodically to verify that agent activity matches your expectations.