@kya-os/mcp-i 1.7.12 → 1.9.0

package/README.md

@@ -5,448 +5,333 @@
       <img alt="MCP-I logo" src="https://raw.githubusercontent.com/modelcontextprotocol-identity/xmcp-i/main/assets/mcp-i-logo-light.png" height="128">
     </picture>
   </a>
-  <h1>xmcp-i</h1>
+  <h1>@kya-os/mcp-i</h1>
 
-<a href="https://github.com/modelcontextprotocol-identity/xmcp-i"><img alt="XMCP-I" src="https://img.shields.io/badge/XMCP--I-000000.svg?style=for-the-badge&labelColor=000"></a>
-<a href="https://www.npmjs.com/package/xmcp-i"><img alt="NPM version" src="https://img.shields.io/npm/v/xmcp-i.svg?style=for-the-badge&labelColor=000000"></a>
-<a href="https://github.com/modelcontextprotocol-identity/xmcp-i/blob/main/license.md"><img alt="License" src="https://img.shields.io/npm/l/xmcp-i.svg?style=for-the-badge&labelColor=000000"></a>
+<a href="https://github.com/modelcontextprotocol-identity/xmcp-i"><img alt="MCP-I" src="https://img.shields.io/badge/MCP--I-000000.svg?style=for-the-badge&labelColor=000"></a>
+<a href="https://www.npmjs.com/package/@kya-os/mcp-i"><img alt="NPM version" src="https://img.shields.io/npm/v/@kya-os/mcp-i.svg?style=for-the-badge&labelColor=000000"></a>
+<a href="https://github.com/modelcontextprotocol-identity/xmcp-i/blob/main/license.md"><img alt="License" src="https://img.shields.io/npm/l/@kya-os/mcp-i.svg?style=for-the-badge&labelColor=000000"></a>
 
 </div>
 
-## Own Your AI Agent with Cryptographic Identity
+## Node.js Runtime for MCP-I
 
-`xmcp-i` enables you to **create your own AI agents** with cryptographic identity and secure delegation. Register and claim your agents with [knowthat.ai](https://knowthat.ai), store your identity securely within them, and delegate or revoke permissions as needed. Built on the XMCP framework with identity features baked in from day one.
+`@kya-os/mcp-i` is the Node.js implementation of the MCP-I (Model Context Protocol with Identity) framework. It provides identity management, cryptographic proof generation, session handling, and delegation verification for building secure AI agents.
 
 ## Quick Start
 
-Create your first owned AI agent:
-
-```bash
-npx @kya-os/create-xmcpi-app@latest my-agent
-```
-
-Then register and claim ownership at [knowthat.ai](https://knowthat.ai)
-
-> **New to XMCP-I?** Use [`@kya-os/create-xmcpi-app`](https://www.npmjs.com/package/@kya-os/create-xmcpi-app) to scaffold a complete agent with identity. For existing projects, install `@kya-os/xmcpi` directly.
-
-## Installation
-
 ### For New Projects
 
+Use the scaffolding tool to create a new MCP-I project:
+
 ```bash
-npx create-xmcpi-app@latest my-agent
+npx @kya-os/create-mcpi-app my-agent
+cd my-agent
+npm run dev
 ```
 
 ### For Existing Projects
 
 ```bash
-npx init-xmcp-i@latest
+npm install @kya-os/mcp-i
 ```
 
-This will add identity features to your existing Node.js/TypeScript project with automatic framework detection and configuration.
-
-## Why Agent Ownership Matters
-
-⊹ **True Ownership** - Your agent belongs to you, not a platform\
-⊹ **Cryptographic Security** - Ed25519 keys and DID-based identity\
-⊹ **Permission Control** - Delegate and revoke capabilities securely\
-⊹ **Verifiable Actions** - All responses are cryptographically signed\
-⊹ **Decentralized Trust** - No central authority controls your agent\
-⊹ **Portable Identity** - Move your agent between platforms while keeping ownership
+## Core Features
 
-### Cryptographic Foundation
+- **Identity Management** - Ed25519 key generation and DID-based identity
+- **Cryptographic Proofs** - JWS proof generation for tool responses
+- **Session Management** - Nonce-protected sessions with configurable TTL
+- **Delegation Verification** - Verify delegated permissions from AgentShield
+- **Tool Protection** - Configure which tools require delegation
+- **Audit Logging** - Track all identity operations
+- **Well-Known Endpoints** - Standard MCP-I discovery endpoints
 
-- **DID Generation**: Decentralized identifiers from public keys
-- **Automatic Signing**: All responses signed with your private key
-- **Key Security**: Private keys never leave your control
+## API Reference
 
-## Security and Trust
+### CLI Identity Setup
 
-**Agent Ownership Verification**: Every XMCP-I agent generates a cryptographic proof of ownership that can be verified independently. When you register your agent with knowthat.ai, you establish a permanent, tamper-proof claim to your agent's identity.
+Initialize identity for CLI tools and development:
 
-**Decentralized Trust**: Your agent's identity doesn't depend on any central authority. The cryptographic keys are generated locally and never shared. Even if knowthat.ai goes offline, your agent retains its identity and ownership proof.
-
-**Secure Delegation**: Permission delegation uses time-bound, cryptographically signed tokens. You can grant specific capabilities to other users or systems, with full audit trails and instant revocation capabilities.
-
-## Real-World Benefits for Developers & Businesses
-
-### Privacy-First Tracking & Analytics
-
-Unlike traditional web tracking (cookies, pixels), XMCP-I provides **ethical data collection**:
-
-- Users can see exactly what data is stored about them
-- Users can revoke access instantly at any time
-- Businesses get analytics for retargeting without violating privacy
-- Think "GDPR-compliant by design" - users control their data completely
-
-### XMCP-I Allows AI in Regulated Industries
-
-Industries like healthcare, law, and finance can now use AI while maintaining compliance:
-
-**The Problem**: These industries need AI efficiency but can't use most AI services due to:
+```typescript
+import { enableMCPIdentityCLI } from "@kya-os/mcp-i";
 
-- Data privacy regulations (HIPAA, GDPR, SOX)
-- Audit requirements (who did what, when?)
-- Client confidentiality obligations
+const result = await enableMCPIdentityCLI({
+  name: "my-agent",
+  description: "My AI agent with identity",
+  onProgress: (event) => {
+    console.log(`${event.stage}: ${event.message}`);
+  },
+});
 
-**The Solution**: XMCP-I provides:
+console.log(`Agent DID: ${result.identity.did}`);
+console.log(`Claim URL: ${result.metadata.claimUrl}`);
+```
 
-- **Provable Privacy**: Cryptographic proof of data handling
-- **Complete Audit Trails**: Every AI action is signed and traceable
-- **User Control**: Clients can revoke AI access to their data instantly
-- **Regulatory Compliance**: Built-in features for GDPR, HIPAA, etc.
-- **EU AI Act Compliance**: Built-in audit trails and user consent mechanisms
+**Options:**
 
-**Real Example**: A law firm can now use AI for document review because:
+| Option | Type | Description |
+|--------|------|-------------|
+| `name` | `string` | Agent name for registration |
+| `description` | `string` | Agent description |
+| `repository` | `string` | Git repository URL |
+| `endpoint` | `string` | KTA endpoint (default: `https://knowthat.ai`) |
+| `logLevel` | `'silent' \| 'info' \| 'debug'` | Logging verbosity |
+| `onProgress` | `(event) => void` | Progress callback |
+| `skipRegistration` | `boolean` | Skip KTA registration |
 
-- Clients control exactly which documents the AI can access
-- All AI actions are cryptographically logged
-- Clients can revoke access immediately if they switch firms
-- The firm can prove to regulators exactly how data was handled
+### Identity Manager
 
-## Installation
+Direct identity management for runtime use:
 
-### For New Projects
+```typescript
+import { IdentityManager, type AgentIdentity } from "@kya-os/mcp-i";
 
-```bash
-npx @kya-os/create-xmcpi-app@latest my-agent
-```
+const manager = new IdentityManager({
+  environment: "development",
+  devIdentityPath: ".mcpi/identity.json",
+});
 
-### For Existing Projects
+// Load or generate identity
+const identity: AgentIdentity = await manager.ensureIdentity();
 
-```bash
-npm install @kya-os/xmcpi
-# or
-yarn add @kya-os/xmcpi
-# or
-pnpm add @kya-os/xmcpi
+console.log(identity.did);       // did:key:z6Mk...
+console.log(identity.publicKey); // Base64-encoded Ed25519 public key
 ```
 
-## Migrating from XMCP
+### MCP-I Runtime
 
-Your existing XMCP agents can gain ownership capabilities:
+Create a full MCP-I runtime with all providers:
 
 ```typescript
-// Before (original XMCP - platform owned)
-import { createXMCPServer } from "xmcp";
+import { createMCPIRuntime } from "@kya-os/mcp-i";
 
-// After (XMCP-I - you own the agent!)
-import { createXMCPServer } from "xmcp-i";
-```
-
-Your existing code works unchanged, but now your agent:
-
-- ✅ Has its own cryptographic identity
-- ✅ Can be registered and claimed by you at knowthat.ai
-- ✅ Signs all responses automatically
-- ✅ Supports secure permission delegation
-- ✅ Provides verifiable ownership proof
-
-## Core Identity Features
-
-### Agent Identity Verification
+const runtime = await createMCPIRuntime({
+  environment: "production",
+  session: {
+    timestampSkewSeconds: 120,
+    ttlMinutes: 30,
+  },
+  audit: {
+    enabled: true,
+  },
+});
 
-Your agent provides cryptographic proof of ownership:
+// Handle MCP handshake
+const handshakeResult = await runtime.handleHandshake(request);
 
-```bash
-# Your agent's identity includes:
-{
-  "did": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
-  "publicKey": "-----BEGIN PUBLIC KEY-----\n...",
-  "privateKey": "-----BEGIN PRIVATE KEY-----\n...",  // Never shared
-  "agentId": "agent-abc123...",
-  "capabilities": {
-    "tools": true,
-    "signing": true,
-    "verification": true,
-    "delegation": true
-  }
-}
+// Process tool calls with proof generation
+const result = await runtime.processToolCall(
+  toolName,
+  args,
+  handler,
+  sessionContext
+);
 ```
 
-- **Public Key**: Can be shared and verified by anyone
-- **Private Key**: Never leaves your control, stored securely locally
-- **DID**: Globally unique identifier generated from your public key
-- **Signatures**: All agent responses include cryptographic signatures
+### Delegation Verification
 
-### Trust Infrastructure
-
-- `GET /.well-known/mcp-identity/health` - Health check with identity
-- `GET /.well-known/mcp-identity/self` - Agent identity information
-- `POST /.well-known/mcp-identity/verify` - Verify signatures
-- `GET /.well-known/mcp-identity/resolve/:did` - Resolve DIDs
-
-### Built-in Identity Tools & Self-Sovereign Features
-
-- `get-identity-info` - Comprehensive agent identity details
-- `sign-message` - Sign messages with your private key
-- `verify-signature` - Verify signatures against DIDs
-- `get-server-status` - Agent status with identity information
-- `get-user-data` - Allow users to see all stored data about them
-- `revoke-user-access` - Let users instantly revoke AI access to their data
-- `export-user-data` - Enable users to export their data for portability
-
-## Secure Permission Delegation
-
-Control what your agent can do and for whom:
+Verify delegated permissions:
 
 ```typescript
-// Delegate specific permissions to other DIDs
-await agent.delegate({
-  to: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
-  permissions: ["read:data", "execute:safe-actions"],
-  expires: new Date("2025-12-31"),
-  conditions: {
-    rate_limit: "100/hour",
-    allowed_tools: ["get-weather", "search-docs"],
-  },
+import { createDelegationVerifier } from "@kya-os/mcp-i";
+
+const verifier = createDelegationVerifier({
+  agentShieldApiUrl: "https://kya.vouched.id",
+  agentShieldApiKey: process.env.AGENTSHIELD_API_KEY,
 });
 
-// Revoke permissions instantly
-await agent.revoke({
-  delegation_id: "del_abc123",
-  reason: "Project completed",
+const result = await verifier.verify({
+  delegationToken: token,
+  requiredScopes: ["checkout:execute"],
+  agentDid: runtime.getIdentity().did,
 });
 
-// All delegation changes are cryptographically signed and verifiable
+if (result.valid) {
+  console.log("Delegation verified:", result.delegationId);
+}
 ```
 
-### Secure Delegation Example
+### Tool Protection
 
-Grant specific permissions to other users while maintaining ownership:
+Configure which tools require delegation:
 
 ```typescript
-// Example: Grant read-only access to specific tools
-await agent.delegate({
-  to: "user@example.com",
-  permissions: ["read:weather", "read:docs"],
-  expires: "2025-12-31T23:59:59Z",
-  conditions: { rate_limit: "100/hour" },
+import {
+  ToolProtectionResolver,
+  AgentShieldToolProtectionSource
+} from "@kya-os/mcp-i";
+
+// Load protection config from AgentShield
+const source = new AgentShieldToolProtectionSource({
+  apiUrl: "https://kya.vouched.id",
+  apiKey: process.env.AGENTSHIELD_API_KEY,
+  projectId: process.env.AGENTSHIELD_PROJECT_ID,
 });
-```
-
-## Platform Support with Identity Persistence
 
-Deploy your owned agents anywhere with secure identity storage:
+const resolver = new ToolProtectionResolver([source]);
+const protection = await resolver.getProtection("checkout");
 
-### Vercel
-
-- **Edge Runtime**: Fast cold starts with identity context
-- **KV Storage**: Secure identity persistence using Vercel KV
-- **Zero Config**: Deploy with `vercel --prod` and identity works
-- **Environment**: Automatic identity configuration and key management
+if (protection?.requiresDelegation) {
+  // Tool requires valid delegation token
+}
+```
 
-### AWS Lambda
+### Proof Generation
 
-- **Cold Start Optimized**: Minimal initialization with cached identity
-- **DynamoDB**: Secure identity storage with DynamoDB persistence
-- **Serverless**: Built-in serverless framework configuration
-- **IAM Integration**: Pre-configured identity and permission policies
+Generate cryptographic proofs for tool responses:
 
-### Next.js
+```typescript
+import { ProofGenerator, createProofResponse } from "@kya-os/mcp-i";
 
-- **API Routes**: Identity-enabled API endpoints out of the box
-- **Middleware**: Request-level identity verification and delegation
-- **SSR Support**: Server-side identity rendering and verification
-- **Full Stack**: Complete client and server identity integration
+const proofGenerator = new ProofGenerator(identity, clockProvider);
 
-### Express
+const proof = await proofGenerator.generateProof({
+  toolName: "get-weather",
+  input: { city: "London" },
+  output: { temperature: 20 },
+  sessionId: session.id,
+  nonce: session.nonce,
+});
 
-- **Middleware Stack**: Identity verification middleware for existing apps
-- **Flexible Routing**: Identity-aware route handlers and permission checking
-- **Production Ready**: Battle-tested middleware for production workloads
-- **Custom Auth**: Extensible identity providers and authentication flows
+// Create response with detached proof
+const response = createProofResponse(toolOutput, proof);
+```
 
-### Standalone
+### Session Management
 
-- **File Persistence**: Local identity storage with file-based backend
-- **Docker Ready**: Containerized deployment with identity intact
-- **Self Hosted**: Complete control over your agent and its identity
-- **Process Management**: PM2 and systemd configurations included
+Handle MCP sessions with nonce protection:
 
-## CLI Usage
+```typescript
+import { SessionManager, createHandshakeRequest } from "@kya-os/mcp-i";
 
-```bash
-# Development with identity features
-xmcp-i dev
+const sessionManager = new SessionManager({
+  timestampSkewSeconds: 120,
+  ttlMinutes: 30,
+});
 
-# Build for production deployment
-mcpi build
+// Create handshake request
+const request = createHandshakeRequest({
+  clientDid: "did:key:z6Mk...",
+  timestamp: Date.now(),
+  nonce: crypto.randomUUID(),
+});
 
-# Platform-specific builds with identity optimization
-mcpi build --vercel
-mcpi build --lambda
-mcpi build --docker
+// Validate and create session
+const session = await sessionManager.createSession(request);
 ```
 
-## Framework Integration
+### Well-Known Endpoints
 
-### Agent Ownership in Action
+Create standard MCP-I discovery endpoints:
 
 ```typescript
-import { createXMCPServer } from "@kya-os/xmcpi";
-
-// Create an agent with built-in cryptographic identity
-const agent = await createXMCPServer({
-  name: "my-personal-agent",
-  identity: {
-    // Identity generated automatically with Ed25519 keys
-    autoSign: true, // All responses signed with your key
-    trustEndpoints: true, // Verification endpoints enabled
-    persistence: "file", // Store identity securely
-  },
-  tools: [
-    {
-      name: "secure-action",
-      description: "Execute action with verified identity",
-      parameters: { action: { type: "string", required: true } },
-      handler: async ({ action }, context) => {
-        // Every response includes your cryptographic signature
-        return {
-          action: `Executed: ${action}`,
-          agent_did: context.server.identity.did,
-          owner: "you@knowthat.ai",
-          timestamp: new Date().toISOString(),
-          // ↑ This response is automatically signed with your private key
-        };
-      },
-    },
-  ],
-});
+import { createWellKnownHandler } from "@kya-os/mcp-i";
 
-// Register your agent's DID with knowthat.ai to claim ownership
-await agent.register("https://knowthat.ai");
-
-agent.listen(3000, () => {
-  console.log(`🤖 Your agent is running: ${agent.identity.did}`);
-  console.log(
-    `🔐 Claim ownership: https://knowthat.ai/claim/${agent.identity.did}`
-  );
+const handler = createWellKnownHandler({
+  identity,
+  serverUrl: "https://my-agent.example.com",
 });
+
+// Handle requests to:
+// - /.well-known/mcp-identity/health
+// - /.well-known/mcp-identity/self
+// - /.well-known/did.json
+const response = await handler(pathname);
 ```
 
-## Migrating from XMCP
+## Nonce Cache
 
-Your existing XMCP agents can gain ownership capabilities:
+Prevent replay attacks with nonce caching:
 
 ```typescript
-// Before (original XMCP - platform owned)
-import { createXMCPServer } from "xmcp";
+import {
+  MemoryNonceCache,
+  RedisNonceCache,
+  DynamoDBNonceCache,
+  CloudflareKVNonceCache,
+} from "@kya-os/mcp-i";
 
-// After (XMCP-I - you own the agent!)
-import { createXMCPServer } from "xmcp-i";
-```
+// In-memory (development)
+const cache = new MemoryNonceCache({ maxSize: 10000 });
 
-Your existing code works unchanged, but now your agent:
+// Redis (production)
+const cache = new RedisNonceCache({ url: process.env.REDIS_URL });
 
-- ✅ Has its own cryptographic identity
-- ✅ Can be registered and claimed by you at knowthat.ai
-- ✅ Signs all responses automatically
-- ✅ Supports secure permission delegation
-- ✅ Provides verifiable ownership proof
+// DynamoDB (AWS)
+const cache = new DynamoDBNonceCache({ tableName: "nonce-cache" });
+```
 
-## Advanced Identity Features
+## Test Infrastructure
 
-### Custom Identity Providers
+For testing MCP-I integrations:
 
 ```typescript
-import { createCustomIdentityProvider } from "@kya-os/xmcpi/platforms";
-
-const customProvider = createCustomIdentityProvider({
-  keyType: "secp256k1", // Alternative key types
-  generateDID: (pubKey) => `did:custom:${hash(pubKey)}`,
-  persistence: "redis", // Custom storage backends
-  knowthat: {
-    apiKey: process.env.KNOWTHAT_API_KEY,
-    autoRegister: true, // Automatic agent registration
-  },
+import {
+  createTestEnvironment,
+  MockIdentityProvider,
+  deterministicKeys,
+} from "@kya-os/mcp-i/test";
+
+// Set XMCP_ENV=test to enable
+const testEnv = await createTestEnvironment({
+  seed: "test-seed-123",
 });
 
-const agent = await createXMCPServer({
-  name: "my-custom-agent",
-  identity: { provider: customProvider },
-});
+// Deterministic keys for reproducible tests
+const identity = await deterministicKeys.generateIdentity("test-agent");
 ```
 
-### Identity Middleware Integration
+## Environment Variables
 
-```typescript
-import { identityMiddleware, delegationMiddleware } from "@kya-os/xmcpi";
-
-const agent = await createXMCPServer({
-  name: "my-secure-agent",
-  middlewares: [
-    identityMiddleware({
-      requireSignature: true, // Require signed requests
-      trustLevel: "verified", // Only accept verified DIDs
-    }),
-    delegationMiddleware({
-      checkPermissions: true, // Validate delegated permissions
-      rateLimiting: true, // Enforce delegation rate limits
-    }),
-  ],
-});
-```
-
-## Dependencies and Architecture
-
-XMCP-I builds on proven cryptographic foundations:
-
-### Core Identity Stack
+| Variable | Description |
+|----------|-------------|
+| `AGENT_PRIVATE_KEY` | Base64-encoded Ed25519 private key (production) |
+| `AGENT_KEY_ID` | Key ID for the agent |
+| `AGENT_DID` | Agent's DID (production) |
+| `AGENTSHIELD_API_KEY` | API key for AgentShield |
+| `AGENTSHIELD_API_URL` | AgentShield API URL (default: `https://kya.vouched.id`) |
+| `AGENTSHIELD_PROJECT_ID` | Project ID in AgentShield |
+| `XMCP_ENV` | Set to `test` to enable test infrastructure |
 
-- **@kya-os/mcp-i** - Core identity protocol implementation with knowthat.ai integration
-- **jose** - JWT and cryptographic operations (JWS, JWE, JWK)
-- **@modelcontextprotocol/sdk** - MCP protocol SDK for agent communication
-- **axios** - HTTP client for identity resolution and knowthat.ai API calls
+## Platform Support
 
-### Development Stack
+This package is for **Node.js** environments. For other platforms:
 
-- **express** - Web server framework for identity endpoints
-- **webpack** - Module bundler with identity-aware compilation
-- **chalk** - Beautiful CLI output for identity operations
-- **chokidar** - File watching with identity file monitoring
+| Platform | Package |
+|----------|---------|
+| Cloudflare Workers | `@kya-os/mcp-i-cloudflare` |
+| Platform-agnostic core | `@kya-os/mcp-i-core` |
 
-### Cryptographic Security
+## CLI Tools
 
-- **Ed25519** - Elliptic curve digital signatures (default)
-- **secp256k1** - Bitcoin-compatible signatures (optional)
-- **DID Keys** - Decentralized identifier generation from public keys
-- **JWS/JWE** - JSON Web Signatures and Encryption for secure transport
-
-## Development
-
-Build your own identity-enabled MCP agents:
+Use the `@kya-os/cli` package for command-line operations:
 
 ```bash
-# Clone the repository
-git clone https://github.com/modelcontextprotocol-identity/xmcp-i.git
-
-# Install dependencies
-pnpm install
-
-# Start development with identity features
-pnpm run dev
+npm install -g @kya-os/cli
 
-# Build for production with identity optimization
-pnpm run build
+# Initialize identity
+mcpi init
 
-# Run identity-aware tests
-pnpm run test
+# Check identity status
+mcpi check
 
-# Lint code including identity modules
-pnpm run lint
+# Rotate keys
+mcpi rotate
 ```
 
-## Learn more
+## Related Packages
 
-⊹ **Register Your Agent**: [knowthat.ai](https://knowthat.ai) - Claim ownership of your AI agents\
-⊹ **Original XMCP Framework**: [xmcp.dev](https://xmcp.dev) - Base framework documentation\
-⊹ **Model Context Protocol**: [modelcontextprotocol.io](https://modelcontextprotocol.io) - Core protocol specification
+- [`@kya-os/create-mcpi-app`](https://www.npmjs.com/package/@kya-os/create-mcpi-app) - Project scaffolding
+- [`@kya-os/mcp-i-cloudflare`](https://www.npmjs.com/package/@kya-os/mcp-i-cloudflare) - Cloudflare Workers runtime
+- [`@kya-os/mcp-i-core`](https://www.npmjs.com/package/@kya-os/mcp-i-core) - Platform-agnostic core
+- [`@kya-os/cli`](https://www.npmjs.com/package/@kya-os/cli) - CLI tools
+- [`@kya-os/contracts`](https://www.npmjs.com/package/@kya-os/contracts) - Shared types and schemas
 
-## Security
+## Learn More
 
-If you believe you have found a security vulnerability, please report it to [security@xmcp-i.dev](mailto:security@xmcp-i.dev). We take agent ownership security seriously and will investigate all reports promptly.
+- [MCP-I Documentation](https://github.com/modelcontextprotocol-identity/xmcp-i) - Full framework documentation
+- [Model Context Protocol](https://modelcontextprotocol.io) - Core protocol specification
+- [Know That AI](https://knowthat.ai) - Agent registration and claims
 
 ## License
 
-This project is licensed under the MIT License - see the [LICENSE](https://github.com/modelcontextprotocol-identity/xmcp-i/blob/main/license.md) file for details.
+MIT License - see [LICENSE](https://github.com/modelcontextprotocol-identity/xmcp-i/blob/main/license.md)