The Vouch SDK wraps your MCP client. It observes tool calls in the background, contributes anonymous performance data to the community trust registry, and enables runtime circuit breaking — all without touching your hot path.
# npm npm install @vouch-agent/sdk # or drop-in replace your MCP client import { VouchMCPClient } from '@vouch-agent/sdk' // Identical API — nothing else changes const linear = new VouchMCPClient('https://mcp.linear.app')
The SDK accumulates data locally in memory and flushes asynchronously on a 60-second timer. Your agent never waits for Vouch. If Vouch is down, your agent is unaffected.
The SDK intercepts tool calls to record timing, then immediately passes them through. No await, no blocking, no round trip to Vouch in the call path.
Telemetry is fire-and-forget. If the flush fails, the SDK retries silently on the next interval. Your agent continues working identically with no errors surfaced.
The SDK never reads tool call arguments or responses. It records only the method name, latency, and success/failure. No user data. No content. No PII.
An Ed25519 keypair is generated locally on first run and stored at ~/.vouch/key. Your public key registers itself on first flush. No email. No form. No friction.
If an endpoint has been degraded for 20 minutes, your agent knows before it makes the call. Instead of a silent timeout, it gets a structured response: "Linear MCP has been degraded since 14:22 — 94% success today." Fail fast, surface clearly.
Every flush you send contributes to the community adoption data that makes Class A meaningful. You put one agent's experience into the registry; you get back the aggregate of thousands. The more agents that contribute, the more reliable the signal for everyone.
If you also run MCP servers, SDK adoption among your users is what earns them Class A — the highest trust rating, requiring community verification. The SDK in your integration docs is the most direct path to getting there.
Replace your MCP client with VouchMCPClient. Identical API. Wraps the connection, observes calls, contributes data. Circuit breaking on by default.
import { VouchMCPClient } from '@vouch-agent/sdk' // Before // const client = new MCPClient(url) // After — nothing else changes const client = new VouchMCPClient(url) // Same interface throughout await client.callTool('createIssue', { title })
One line at app startup instruments all MCP connections in the process. No per-connection code. Works with LangChain, AutoGen, Pydantic AI, Claude Desktop, Cursor, and any framework that manages MCP clients.
import { VouchTelemetry } from '@vouch-agent/sdk' // Once at app startup VouchTelemetry.init({ autoInstrument: true }) // All MCP connections are now observed. // No other changes needed.
The SDK buffers tool call stats in memory. Every 60 seconds (or after 100 calls, whichever comes first), it sends a single signed payload to Vouch — one compact summary per endpoint, never one request per call. The payload is signed with a local Ed25519 key so contributions are cryptographically distinct and replay-resistant. On process exit, a final flush is attempted automatically.
An Ed25519 keypair is auto-generated on first run and stored locally at ~/.vouch/key. The private key never leaves your machine. The public key registers with Vouch on the first flush and is used to verify that contributions are distinct and not replayed. You contribute anonymously by default. You can optionally claim the keypair later to link contributions to a Vouch account — but this is never required.
No. Remove it and your agent runs identically. The SDK is a passive observer — it holds no state your application depends on. Circuit breaking stops working, and you stop contributing telemetry, but nothing breaks.
The flush fails silently and is retried on the next interval. Your agent is never told about Vouch being down, and no errors are surfaced. The only consequence is a gap in your contribution window.
Yes. Initialise with telemetry: false and circuitBreaker: true. Circuit breaking reads from the public /api/v1/status endpoint, which requires no SDK contribution.
By default, yes — the key lives at ~/.vouch/key. In serverless or container environments, set the VOUCH_PRIVATE_KEY environment variable to a base64-encoded private key. If no key is found, an ephemeral key is generated per process — contributions are still valid, just not persistent identity.
No. The SDK collects method names and aggregate latency — nothing that could identify an application, a user, or a use case. The reporter key is a random Ed25519 public key with no connection to your identity unless you explicitly claim it.
TypeScript/JavaScript ships first. Python (vouch-agent on PyPI) follows with identical behaviour and the same privacy contract.
Every SDK integration adds one agent's experience to the community signal. That signal makes the registry more trustworthy for everyone. Zero overhead. No account. Nothing to configure.