OPEN SOURCE · APACHE 2.0

The only AI infrastructure
worth building on is
infrastructure you can verify

Trellis MCP gives AI agents structured access to Hiero's distributed ledger and Guardian governance — through five auditable layers, each independently attestable. No trust-me APIs. Every action traces to the ledger. Every layer can be verified in isolation.

Layered attestation Each layer auditable in isolation. Auditors can verify L1 through L5 independently.
Cryptographic provenance Every agent action traces to a Hiero transaction with consensus timestamp.
Trust compounds with adoption Every new domain attested on Trellis strengthens every other domain on the platform.
View on GitHub See the architecture →
$ git clone https://github.com/trellis-mcp/trellis-mcp.git click to copy
Architecture

Five layers. Each does one thing.

Infrastructure separated from domain logic. Open-source core that anyone can build on. Domain layers where your application plugs in. Developers work in their domain language — certificates, milestones, provenance — not Hedera's infrastructure language. The ledger is the trust layer, not the interface layer.

L5
Application + Server — WHERE
MCP servers exposing domain tools to AI agents
YOUR DOMAIN
L4
Domain Rules — WHY
Business constraints and schemas composing core primitives
YOUR DOMAIN
Open Source · Apache 2.0
L3
Asset Types — WHAT
7 universal primitives + 5 operation factories for any tokenized asset
OPEN SOURCE
L2
Guardian Tools — WHO
Identity, governance, and verification through Hedera Guardian
OPEN SOURCE
L1
Hashgraph Tools — HOW
19 infrastructure primitives for Hiero: accounts, tokens, topics, NFTs, queries
OPEN SOURCE
Layer 3 · Asset Type Primitives

Seven schemas that model any tokenized asset

Each primitive maps a real-world business concept directly to ledger mechanics. No custom integration. No bespoke schema design.

Certificate
Verified attestations — crop yields, drug lots, quality certs
Provenance
Origin and custody tracking — parts, supply chain steps
Credit
Quantifiable units of value — energy credits, carbon removal
Agreement
Multi-party contracts — leases, NDAs, service agreements
Inspection
Evaluation results — soil tests, audits, assessments
Milestone
Progress markers — payments, deliverables, phases
Claim
Assertions requiring verification — insurance, warranties
Why This Matters

Trust is the scarcest resource in AI

Every other MCP server is a trust-me API. An agent calls a tool, gets a result, and has no way to verify the response wasn't spoofed, manipulated, or fabricated. That's fine for weather data. It's unacceptable for finance, procurement, or carbon verification.

01

Agents don't trust tools.
They trust the ledger.

Every Trellis MCP response traces to a Hiero transaction with a consensus timestamp and cryptographic proof. The trust is mathematical, not reputational.

02

Layered architecture
enables layered audit.

A monolithic AI system is a black box. Five independent layers with bounded scope and deterministic behavior can be attested in isolation — by auditors, by regulators, by anyone.

03

Every domain attested
strengthens every other.

An auditor attests procurement governance on Layer 1–5. The same methodology transfers to carbon verification, supply chain, healthcare — at decreasing cost and increasing confidence. Trust compounds with adoption.

Agentic Transparency

The execution boundary is
the accountability boundary

The LLM's internal reasoning will always be opaque — and that's irrelevant. The model has no unmediated authority. It can only call tools with defined parameters, and every action is validated by deterministic layers below. The LLM proposes. The ledger disposes.

Standardized tool contracts

Not loose prompt-based tool calling. Every agent–tool interaction uses explicit JSON-RPC schemas with defined parameters, constraints, and predictable responses. Developers and auditors inspect exact interfaces without touching model weights.

Built-in traceability

Every MCP interaction is inherently loggable: tool discovery, calls, parameters, results, errors. A machine-readable chain of actions far easier to audit than opaque neural activations or scattered custom integrations.

Ledger-grounded trust

Other frameworks let agents blindly trust tool responses. Trellis grounds every high-stakes action in on-ledger proofs — consensus timestamps and cryptographic signatures. Even if the AI hallucinates, the outcome is verifiable against the immutable ledger.

Detecting agentic drift

Over autonomous iterations, AI agents gradually diverge from intended parameters — individually small deviations that become collectively significant. Fixed-contract interfaces and per-action ledger attestation make drift detectable by design, not in retrospect.

Compounding attestation value: Each domain verified on Trellis creates a reusable attestation methodology that transfers to the next domain at reduced cost. An auditor attests procurement governance across Layers 1–5 — the same methodology applies to carbon verification, supply chain, and healthcare at decreasing cost and increasing confidence. Compliance is the floor. The compounding trust network is the ceiling.
Example Domains

Five complete implementations included

Each demonstrates the full Layer 4 + Layer 5 pattern. Define your domain, spin up the server, and you have an enterprise-grade AI-native application on Hiero.

🌾
Agriculture
Issue and verify crop yield certificates with farm-level audit trails. Crop categories, certification standards, and seasonal tracking.
crop-cert · 5 tools
🏗️
Supply Chain
Track parts provenance with quality certifications and custody chains. Material types, quality grades, and verification bodies.
parts-prov · 5 tools
Energy
Mint renewable energy credits as fungible tokens with generation certificates. Energy sources and verification bodies.
rec · 6 tools
🏠
Real Estate
Grant lease agreements as NFTs, record payment milestones, and verify tenancy. Property types and lease lifecycle.
lease · 5 tools
💊
Healthcare
Certify drug lots with GMP compliance, track cold-chain custody. Drug classifications and storage conditions.
drug-cert · 5 tools
Commercial Verticals

Built natively on Trellis

Independent commercial entities proving the enterprise-readiness of the architecture. Each vertical is a complete network application executing on Hiero.

bulKrete
Verity Test Infrastructure
Verified construction materials procurement and heavy infrastructure governance. Carbon-negative concrete with physics-bounded quality verification.
dotOS
Hospitality Registry System
Agentic workflows and verifiable asset management platform for the hospitality industry.
doqUmint
Legal Document Verification
Cryptographically secure legal document verification and execution. Every signature, every version, every interaction on-chain.
reTerra
Bioactive Carbon Bond
Asset-backed environmental finance primitives with real-time dMRV verification. Green sukuk on Guardian.
konTrax
Infrastructure Contract System
Verifiable coordination and project management for Public-Private Partnerships. Managed in partnership with Big Four advisory firms.
Commercial Extensions

Beyond open source

Production deployments requiring advanced resilience and physics-bounded intelligence.

Resilience Layer
LNC COMING SOON
Linear Network Coding solves the Dual-Record Pattern vulnerability — where on-chain hashes point to off-chain data that can disappear. Polynomial proofs and coded packets ensure data is mathematically reconstructible from any sufficient subset of nodes.
Learn more & licensing
Intelligence Layer
DCL COMING SOON
Domain Coupled Learning enforces physical laws on AI agent actions. An LLM proposes, DCL validates against domain physics, and only physically possible actions execute on-chain. Protected by 24 issued MIMO patents.
Learn more & licensing
Quick Start

Running in ten minutes

Clone, build, connect your MCP client. The agent discovers tools automatically.

terminal
# Clone and build
git clone https://github.com/trellis-mcp/trellis-mcp.git
cd trellis-mcp
bun install
bun run build

# Configure Hedera testnet
export HEDERA_NETWORK=testnet
export HEDERA_OPERATOR_ID=0.0.xxxxx
export HEDERA_OPERATOR_KEY=your-private-key
export HEDERA_SUPPLY_KEY=your-supply-key

# Start any example server
cd examples/servers/crop-cert
bun run dev

# Connect Claude Desktop, Cursor, or any MCP client
# Agent discovers tools: crop_cert_issue, crop_cert_verify, crop_cert_get_audit