R3E Network has released v3.1.0 of its Neo N3 MCP Server, redesigning how AI agents interact with the blockchain by making all state-changing operations fail-closed and approval-gated by default. The update, published on July 11 by Jimmy Liao, R3E Network founder and Neo core developer, represents a fundamental architectural shift from the previous v2.x series.
MCP, or Model Context Protocol, is an open standard introduced by Anthropic for connecting AI tools to external services, now adopted by OpenAI and developer tools including Cursor. The Neo N3 MCP Server uses this protocol to give AI agents structured access to Neo N3 blockchain data and operations.
Writes disabled by default
The most significant change in v3.x is that all write operations are turned off unless explicitly enabled. In previous versions, state-changing tools accepted WIF private keys directly in request bodies and could execute transactions immediately via a confirm: true flag. The new release removes this path entirely.
Write tools, transfer_assets, invoke_contract_write, claim_gas, and deploy_contract, only register when the NEO_ENABLE_WRITES environment variable is set to true. Without it, the server exposes a read-only surface of 19 tools covering blockchain queries, balance checks, contract invocation, fee estimation, and transaction lookups.
Server-side signing
Private keys no longer pass through AI agent requests under any circumstances. Instead, the server loads a single WIF from a file specified by NEO_SIGNER_WIF_FILE, stored with owner-only permissions. Write requests that include fromWIF, wif, privateKey, password, or confirm fields are actively rejected with a 400 error.
The invoke_contract tool, previously capable of both reads and writes, is now strictly read-only. Wallet creation and import tools have been removed from the MCP surface altogether. Credential management now takes place outside the AI agent layer.
Intent and approval flow
Every state-changing operation follows a multi-step intent and approval process. When a write is requested, the server creates an immutable intent record with a SHA-256 fingerprint of the canonical payload. For MCP clients, the server uses form elicitation to present the signer address, payload details, and the exact 64-character fingerprint to the user for approval. Any mismatch between the submitted and expected fingerprint results in rejection.
For HTTP clients, the flow is similar: a write request returns 202 Awaiting Approval with an intentId and fingerprint. A separate approval endpoint, secured by an independent HTTP_WRITE_APPROVAL_API_KEY, executes the transaction only when the fingerprint matches.
Intent records are persisted as mode-0600 files in an owner-only directory. Before broadcast, signed transaction bytes, transaction ID, and validity height are written to a durable idempotency journal. On retry, the server reconciles against the stored transaction ID and only relays the byte-identical stored transaction, preventing duplicate broadcasts.
Additional hardening
The release includes several other security measures. HTTP binding defaults to loopback, 127.0.0.1, with non-loopback access requiring an API key of at least 32 bytes. CORS uses an exact-origin allowlist with no wildcard support. Remote plaintext HTTP RPC connections are rejected by default, and all RPC operations are bounded by a configurable timeout. A transaction fee cap, defaulting to 20 GAS, rejects transactions exceeding the threshold before signing.
On the infrastructure side, Docker containers run with a read-only root filesystem, no Linux capabilities, and no privilege escalation. The CI/CD pipeline now includes a dedicated security audit job, release-gate validation, and container health checks under production resource constraints before publishing.
Broader context
The release arrives amid Neo’s broader push toward AI agent infrastructure, with Da Hongfei positioning autonomous agents as the next major on-chain user category and SpoonOS incorporating MCP client support.
The Neo N3 MCP Server is MIT licensed, written in TypeScript, and requires Node.js 22 or higher.
The full release notes and migration guide can be found at the link below:
https://github.com/r3e-network/neo-n3-mcp/releases/tag/v3.1.0





About The Author: Dean Jeffs
Dean is a digital project manager who has worked extensively with start ups and agencies in the marketing space. Fascinated by the potential applications of blockchain technology, Dean has a passion for realising the new smart economy.
More posts by Dean Jeffs