PIC (Provenance & Intent Contracts) is a lightweight protocol that forces AI agents to prove every important action before it happens, requiring agents to declare intent, impact, provenance, and evidence.

pic-standard

Name: pic-standard
Rating: 2.1 (23 reviews)
Author: madeinplutofabio

by madeinplutofabio·★ 23·Score 43

MCP server providing Provenance & Intent Contracts (PIC) to verify agent actions before execution.

securityai-llmdeveloper-tools

Forks

Open issues

this month

Last commit

2d ago

Indexed

Overview

The pic-standard MCP server implements a safety protocol that constrains what AI agents are allowed to do based on verifiable provenance and evidence. It prevents prompt injections and blind tool calls by requiring agents to prove their intent, impact, provenance, and evidence before high-impact actions execute. The server works 100% locally with zero cloud dependencies and integrates with MCP to provide fail-closed tool guarding.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Preventing unauthorized financial transactions by AI agents

you:Blocking data export from prompt injection attacks

you:Verifying AI agent tool calls before execution in high-risk systems

you:What is PIC?

you:How does PIC integrate with MCP?

When to choose this

Choose PIC when building AI systems that must verify the intent and provenance of high-impact actions before execution, particularly in financial, privacy, or regulated environments.

When NOT to choose this

Don't choose PIC if you need simple tool access controls without provenance verification, or if you're working in an environment where local-only solutions aren't acceptable.

Tools this server exposes

2 tools extracted from the README

verify
Verify an action proposal against the PIC contract
keys
Manage the keyring of trusted signers

Note: Inferred from CLI commands in the README. While the MCP integration is mentioned, specific MCP tool names aren't clearly documented in the provided excerpt.

Comparable tools

action-guardiantool-verification-mcpai-trust-framework

Installation

Install the PIC standard package:

pip install pic-standard[mcp]

To use with Claude Desktop, add to your config.json:

{
  "mcpServers": {
    "pic": {
      "command": "python",
      "args": ["-m", "pic_standard.mcp"]
    }
  }
}

FAQ

What is PIC?: PIC (Provenance & Intent Contracts) is a lightweight protocol that forces AI agents to prove every important action before it happens, requiring agents to declare intent, impact, provenance, and evidence.
How does PIC integrate with MCP?: PIC provides an MCP integration that offers enterprise tool guarding with fail-closed defaults, request correlation, DoS limits, and evidence sandboxing for MCP tools.

On Hacker News

Recent discussion from the developer community.

Fail-closed evidence for LLM tool calls (SHA-256 and MCP)▲ 1
Story by fabsalvadori · 2026-01-23
Show HN: Pic-Standard – Open Protocol for Agentic AI Safety▲ 1
Story by fabsalvadori · 2026-01-13

Compare pic-standard with

pic-standard vs ultimate_mcp_server pic-standard vs mcp-server-chart pic-standard vs everything pic-standard vs filesystem pic-standard vs time

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.