Do Not Act MCP Server

Do Not Act MCP

Use the Do Not Act MCP server when an agent runtime should call the Risk Gateway before continuing on a prediction-market workflow.

Machine-readable install manifest:

• /mcp.json
• /.well-known/mcp.json

Remote MCP endpoint

Do Not Act also exposes a hosted MCP endpoint for clients and registries that prefer connecting by URL instead of launching a local stdio package.

https://donotact.com/mcp

Transport: MCP Streamable HTTP (POST JSON-RPC, optional GET text/event-stream, OPTIONS CORS preflight).

Authentication:

Authorization: Bearer <DONOTACT_API_KEY>

The same user API key used by the REST API is required. Do not pass keys in query strings. Gateways that use a config form should ask for one secret field: apiKey, then inject it as a bearer token or private header.

Minimal JSON-RPC checks:

curl -sS https://donotact.com/mcp \
  -H 'Authorization: Bearer <DONOTACT_API_KEY>' \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"manual-check","version":"0.1.0"}}}'

curl -sS https://donotact.com/mcp \
  -H 'Authorization: Bearer <DONOTACT_API_KEY>' \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}'

tools/list returns the same seven tools as the stdio package: donotact_dispute, donotact_resolution_risk, donotact_preflight, donotact_preflight_token, donotact_watchlist_add, donotact_alerts, and donotact_dispute_history_csv.

Install from public archive

The MCP package is currently source-installable from a public Do Not Act archive. It is not published to a package registry yet, and does not require GitHub authentication.

python -m pip install https://donotact.com/downloads/mcp-donotact-0.3.0.tar.gz

Archive URL: /downloads/mcp-donotact-0.3.0.tar.gz

Runtime configuration

export DONOTACT_BASE_URL=https://donotact.com
export DONOTACT_API_KEY=ce_...
export DONOTACT_SOURCE=mcp-donotact/0.3.0
mcp-donotact

Do not print, log, commit, or expose DONOTACT_API_KEY.

Tools

• donotact_dispute
• donotact_watchlist_add
• donotact_alerts
• donotact_preflight
• donotact_preflight_token
• donotact_resolution_risk
• donotact_dispute_history_csv

The shortest safety policy:

1. Call donotact_preflight before continuing on a market.
2. Include intended side, requested notional, slippage policy and horizon when known.
3. Continue only if verdict/decision == READY.
4. If verdict/decision is DO_NOT_ACT or INSUFFICIENT_EVIDENCE, stop automated action.
5. Preserve decision, component_scores, risk_factors, risk_factor_bitmap, risk_factor_bit_index, blocking_reasons, safe_operating_limits, no_trade_reasons, what_would_change_this, source_refs and not_advice.
6. Use donotact_dispute for focused UMA lifecycle checks.
7. Use donotact_preflight_token for token-risk checks by chain and contract address.
8. If continuing, register donotact_watchlist_add for recurring dispute monitoring.
9. Use donotact_alerts as the backup alert feed and delivery-state truth.

Boundary

Do Not Act is diagnostics and control logic only. The caller keeps execution, custody, private keys, signing and order routing outside Do Not Act.

Useful public proof

• Public Dispute Risk Index: /dispute-risk
• Public event feed: /dispute-events.atom
• Public proof cases: /proof-cases
• Signed resolved UMA proof cases: /resolved-proof-cases.json
• Example resolved proof case: /resolved-proof-cases/donotact-polymarket-580810-resolved-uma-dispute
• Default safety snippets: /docs/default-safety-check
• Machine-payment proof and CDP Bazaar indexed 0.01 USDC route: /docs/x402
• Accountless token-risk x402 route: /x402/v1/preflight/token/{chain}/{address}

---

Agent Discovery

• llms.txt: /llms.txt
• Full context: /llms-full.txt
• Agent manifest: /agent.json
• OpenAPI: /openapi.json
• Discovery docs: /docs/discovery