@kya-os/mcp 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (182) hide show
  1. package/CHANGELOG.md +64 -0
  2. package/LICENSE +21 -0
  3. package/README.md +135 -0
  4. package/dist/auth/handshake.d.ts +119 -0
  5. package/dist/auth/handshake.d.ts.map +1 -0
  6. package/dist/auth/handshake.js +267 -0
  7. package/dist/auth/handshake.js.map +1 -0
  8. package/dist/auth/index.d.ts +3 -0
  9. package/dist/auth/index.d.ts.map +1 -0
  10. package/dist/auth/index.js +2 -0
  11. package/dist/auth/index.js.map +1 -0
  12. package/dist/auth/types.d.ts +31 -0
  13. package/dist/auth/types.d.ts.map +1 -0
  14. package/dist/auth/types.js +7 -0
  15. package/dist/auth/types.js.map +1 -0
  16. package/dist/delegation/audience-validator.d.ts +9 -0
  17. package/dist/delegation/audience-validator.d.ts.map +1 -0
  18. package/dist/delegation/audience-validator.js +17 -0
  19. package/dist/delegation/audience-validator.js.map +1 -0
  20. package/dist/delegation/bitstring.d.ts +37 -0
  21. package/dist/delegation/bitstring.d.ts.map +1 -0
  22. package/dist/delegation/bitstring.js +117 -0
  23. package/dist/delegation/bitstring.js.map +1 -0
  24. package/dist/delegation/cascading-revocation.d.ts +45 -0
  25. package/dist/delegation/cascading-revocation.d.ts.map +1 -0
  26. package/dist/delegation/cascading-revocation.js +150 -0
  27. package/dist/delegation/cascading-revocation.js.map +1 -0
  28. package/dist/delegation/delegation-graph.d.ts +49 -0
  29. package/dist/delegation/delegation-graph.d.ts.map +1 -0
  30. package/dist/delegation/delegation-graph.js +99 -0
  31. package/dist/delegation/delegation-graph.js.map +1 -0
  32. package/dist/delegation/did-key-resolver.d.ts +64 -0
  33. package/dist/delegation/did-key-resolver.d.ts.map +1 -0
  34. package/dist/delegation/did-key-resolver.js +157 -0
  35. package/dist/delegation/did-key-resolver.js.map +1 -0
  36. package/dist/delegation/did-web-resolver.d.ts +83 -0
  37. package/dist/delegation/did-web-resolver.d.ts.map +1 -0
  38. package/dist/delegation/did-web-resolver.js +218 -0
  39. package/dist/delegation/did-web-resolver.js.map +1 -0
  40. package/dist/delegation/index.d.ts +21 -0
  41. package/dist/delegation/index.d.ts.map +1 -0
  42. package/dist/delegation/index.js +21 -0
  43. package/dist/delegation/index.js.map +1 -0
  44. package/dist/delegation/outbound-headers.d.ts +79 -0
  45. package/dist/delegation/outbound-headers.d.ts.map +1 -0
  46. package/dist/delegation/outbound-headers.js +138 -0
  47. package/dist/delegation/outbound-headers.js.map +1 -0
  48. package/dist/delegation/outbound-proof.d.ts +43 -0
  49. package/dist/delegation/outbound-proof.d.ts.map +1 -0
  50. package/dist/delegation/outbound-proof.js +52 -0
  51. package/dist/delegation/outbound-proof.js.map +1 -0
  52. package/dist/delegation/statuslist-manager.d.ts +47 -0
  53. package/dist/delegation/statuslist-manager.d.ts.map +1 -0
  54. package/dist/delegation/statuslist-manager.js +139 -0
  55. package/dist/delegation/statuslist-manager.js.map +1 -0
  56. package/dist/delegation/storage/memory-graph-storage.d.ts +70 -0
  57. package/dist/delegation/storage/memory-graph-storage.d.ts.map +1 -0
  58. package/dist/delegation/storage/memory-graph-storage.js +145 -0
  59. package/dist/delegation/storage/memory-graph-storage.js.map +1 -0
  60. package/dist/delegation/storage/memory-statuslist-storage.d.ts +19 -0
  61. package/dist/delegation/storage/memory-statuslist-storage.d.ts.map +1 -0
  62. package/dist/delegation/storage/memory-statuslist-storage.js +33 -0
  63. package/dist/delegation/storage/memory-statuslist-storage.js.map +1 -0
  64. package/dist/delegation/utils.d.ts +49 -0
  65. package/dist/delegation/utils.d.ts.map +1 -0
  66. package/dist/delegation/utils.js +131 -0
  67. package/dist/delegation/utils.js.map +1 -0
  68. package/dist/delegation/vc-issuer.d.ts +56 -0
  69. package/dist/delegation/vc-issuer.d.ts.map +1 -0
  70. package/dist/delegation/vc-issuer.js +80 -0
  71. package/dist/delegation/vc-issuer.js.map +1 -0
  72. package/dist/delegation/vc-verifier.d.ts +112 -0
  73. package/dist/delegation/vc-verifier.d.ts.map +1 -0
  74. package/dist/delegation/vc-verifier.js +280 -0
  75. package/dist/delegation/vc-verifier.js.map +1 -0
  76. package/dist/errors.d.ts +42 -0
  77. package/dist/errors.d.ts.map +1 -0
  78. package/dist/errors.js +45 -0
  79. package/dist/errors.js.map +1 -0
  80. package/dist/index.d.ts +47 -0
  81. package/dist/index.d.ts.map +1 -0
  82. package/dist/index.js +56 -0
  83. package/dist/index.js.map +1 -0
  84. package/dist/logging/index.d.ts +2 -0
  85. package/dist/logging/index.d.ts.map +1 -0
  86. package/dist/logging/index.js +2 -0
  87. package/dist/logging/index.js.map +1 -0
  88. package/dist/logging/logger.d.ts +23 -0
  89. package/dist/logging/logger.d.ts.map +1 -0
  90. package/dist/logging/logger.js +82 -0
  91. package/dist/logging/logger.js.map +1 -0
  92. package/dist/middleware/index.d.ts +12 -0
  93. package/dist/middleware/index.d.ts.map +1 -0
  94. package/dist/middleware/index.js +12 -0
  95. package/dist/middleware/index.js.map +1 -0
  96. package/dist/middleware/mcpi-transport.d.ts +39 -0
  97. package/dist/middleware/mcpi-transport.d.ts.map +1 -0
  98. package/dist/middleware/mcpi-transport.js +121 -0
  99. package/dist/middleware/mcpi-transport.js.map +1 -0
  100. package/dist/middleware/with-mcpi-server.d.ts +78 -0
  101. package/dist/middleware/with-mcpi-server.d.ts.map +1 -0
  102. package/dist/middleware/with-mcpi-server.js +109 -0
  103. package/dist/middleware/with-mcpi-server.js.map +1 -0
  104. package/dist/middleware/with-mcpi.d.ts +202 -0
  105. package/dist/middleware/with-mcpi.d.ts.map +1 -0
  106. package/dist/middleware/with-mcpi.js +625 -0
  107. package/dist/middleware/with-mcpi.js.map +1 -0
  108. package/dist/proof/errors.d.ts +49 -0
  109. package/dist/proof/errors.d.ts.map +1 -0
  110. package/dist/proof/errors.js +61 -0
  111. package/dist/proof/errors.js.map +1 -0
  112. package/dist/proof/generator.d.ts +65 -0
  113. package/dist/proof/generator.d.ts.map +1 -0
  114. package/dist/proof/generator.js +163 -0
  115. package/dist/proof/generator.js.map +1 -0
  116. package/dist/proof/index.d.ts +4 -0
  117. package/dist/proof/index.d.ts.map +1 -0
  118. package/dist/proof/index.js +4 -0
  119. package/dist/proof/index.js.map +1 -0
  120. package/dist/proof/verifier.d.ts +108 -0
  121. package/dist/proof/verifier.d.ts.map +1 -0
  122. package/dist/proof/verifier.js +299 -0
  123. package/dist/proof/verifier.js.map +1 -0
  124. package/dist/providers/base.d.ts +64 -0
  125. package/dist/providers/base.d.ts.map +1 -0
  126. package/dist/providers/base.js +19 -0
  127. package/dist/providers/base.js.map +1 -0
  128. package/dist/providers/index.d.ts +4 -0
  129. package/dist/providers/index.d.ts.map +1 -0
  130. package/dist/providers/index.js +4 -0
  131. package/dist/providers/index.js.map +1 -0
  132. package/dist/providers/memory.d.ts +33 -0
  133. package/dist/providers/memory.d.ts.map +1 -0
  134. package/dist/providers/memory.js +102 -0
  135. package/dist/providers/memory.js.map +1 -0
  136. package/dist/providers/node-crypto.d.ts +26 -0
  137. package/dist/providers/node-crypto.d.ts.map +1 -0
  138. package/dist/providers/node-crypto.js +69 -0
  139. package/dist/providers/node-crypto.js.map +1 -0
  140. package/dist/session/index.d.ts +2 -0
  141. package/dist/session/index.d.ts.map +1 -0
  142. package/dist/session/index.js +2 -0
  143. package/dist/session/index.js.map +1 -0
  144. package/dist/session/manager.d.ts +83 -0
  145. package/dist/session/manager.d.ts.map +1 -0
  146. package/dist/session/manager.js +267 -0
  147. package/dist/session/manager.js.map +1 -0
  148. package/dist/types/protocol.d.ts +320 -0
  149. package/dist/types/protocol.d.ts.map +1 -0
  150. package/dist/types/protocol.js +229 -0
  151. package/dist/types/protocol.js.map +1 -0
  152. package/dist/utils/base58.d.ts +31 -0
  153. package/dist/utils/base58.d.ts.map +1 -0
  154. package/dist/utils/base58.js +104 -0
  155. package/dist/utils/base58.js.map +1 -0
  156. package/dist/utils/base64.d.ts +13 -0
  157. package/dist/utils/base64.d.ts.map +1 -0
  158. package/dist/utils/base64.js +99 -0
  159. package/dist/utils/base64.js.map +1 -0
  160. package/dist/utils/crypto-service.d.ts +37 -0
  161. package/dist/utils/crypto-service.d.ts.map +1 -0
  162. package/dist/utils/crypto-service.js +154 -0
  163. package/dist/utils/crypto-service.js.map +1 -0
  164. package/dist/utils/did-helpers.d.ts +168 -0
  165. package/dist/utils/did-helpers.d.ts.map +1 -0
  166. package/dist/utils/did-helpers.js +211 -0
  167. package/dist/utils/did-helpers.js.map +1 -0
  168. package/dist/utils/ed25519-constants.d.ts +18 -0
  169. package/dist/utils/ed25519-constants.d.ts.map +1 -0
  170. package/dist/utils/ed25519-constants.js +21 -0
  171. package/dist/utils/ed25519-constants.js.map +1 -0
  172. package/dist/utils/index.d.ts +5 -0
  173. package/dist/utils/index.d.ts.map +1 -0
  174. package/dist/utils/index.js +5 -0
  175. package/dist/utils/index.js.map +1 -0
  176. package/package.json +115 -0
  177. package/schemas/README.md +117 -0
  178. package/schemas/delegation-credential.json +312 -0
  179. package/schemas/detached-proof.json +97 -0
  180. package/schemas/handshake-request.json +84 -0
  181. package/schemas/handshake-response.json +67 -0
  182. package/schemas/well-known-mcpi.json +176 -0
@@ -0,0 +1,312 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://schema.modelcontextprotocol-identity.io/xmcp-i/credentials/delegation-credential.v1.0.0.json",
4
+ "title": "MCP-I Delegation Credential",
5
+ "description": "W3C Verifiable Credential containing an MCP-I delegation with CRISP constraints.",
6
+ "type": "object",
7
+ "required": ["@context", "type", "issuer", "issuanceDate", "credentialSubject"],
8
+ "properties": {
9
+ "@context": {
10
+ "type": "array",
11
+ "items": {
12
+ "oneOf": [
13
+ { "type": "string", "format": "uri" },
14
+ { "type": "object" }
15
+ ]
16
+ },
17
+ "minItems": 2,
18
+ "description": "JSON-LD context. MUST include W3C VC context as first element and MCP-I delegation context."
19
+ },
20
+ "id": {
21
+ "type": "string",
22
+ "format": "uri",
23
+ "description": "Unique credential identifier (URN or URL)."
24
+ },
25
+ "type": {
26
+ "type": "array",
27
+ "items": { "type": "string" },
28
+ "contains": { "const": "VerifiableCredential" },
29
+ "minItems": 2,
30
+ "description": "Credential types. MUST include 'VerifiableCredential' and 'DelegationCredential'."
31
+ },
32
+ "issuer": {
33
+ "oneOf": [
34
+ { "type": "string", "pattern": "^did:.+$" },
35
+ {
36
+ "type": "object",
37
+ "required": ["id"],
38
+ "properties": {
39
+ "id": { "type": "string", "pattern": "^did:.+$" }
40
+ }
41
+ }
42
+ ],
43
+ "description": "Issuer DID or issuer object containing id."
44
+ },
45
+ "issuanceDate": {
46
+ "type": "string",
47
+ "format": "date-time",
48
+ "description": "ISO 8601 datetime when the credential was issued."
49
+ },
50
+ "expirationDate": {
51
+ "type": "string",
52
+ "format": "date-time",
53
+ "description": "ISO 8601 datetime when the credential expires."
54
+ },
55
+ "credentialSubject": {
56
+ "$ref": "#/$defs/DelegationCredentialSubject"
57
+ },
58
+ "credentialStatus": {
59
+ "$ref": "#/$defs/CredentialStatus"
60
+ },
61
+ "proof": {
62
+ "$ref": "#/$defs/Proof"
63
+ }
64
+ },
65
+ "additionalProperties": true,
66
+ "$defs": {
67
+ "DelegationCredentialSubject": {
68
+ "type": "object",
69
+ "required": ["id", "delegation"],
70
+ "properties": {
71
+ "id": {
72
+ "type": "string",
73
+ "pattern": "^did:.+$",
74
+ "description": "Subject DID (the delegate receiving the authorization)."
75
+ },
76
+ "delegation": {
77
+ "type": "object",
78
+ "required": ["id", "issuerDid", "subjectDid", "constraints", "status"],
79
+ "properties": {
80
+ "id": {
81
+ "type": "string",
82
+ "description": "Unique delegation identifier."
83
+ },
84
+ "issuerDid": {
85
+ "type": "string",
86
+ "pattern": "^did:.+$",
87
+ "description": "DID of the delegation issuer (delegator)."
88
+ },
89
+ "subjectDid": {
90
+ "type": "string",
91
+ "pattern": "^did:.+$",
92
+ "description": "DID of the delegation subject (delegate)."
93
+ },
94
+ "userDid": {
95
+ "type": "string",
96
+ "pattern": "^did:.+$",
97
+ "description": "DID of the end user on whose behalf the delegation acts."
98
+ },
99
+ "userIdentifier": {
100
+ "type": "string",
101
+ "description": "Alternative user identifier (e.g., email, username)."
102
+ },
103
+ "sessionId": {
104
+ "type": "string",
105
+ "description": "Session binding for session-scoped delegations."
106
+ },
107
+ "scopes": {
108
+ "type": "array",
109
+ "items": { "type": "string" },
110
+ "description": "Authorized scope strings."
111
+ },
112
+ "controller": {
113
+ "type": "string",
114
+ "pattern": "^did:.+$",
115
+ "description": "Controller DID for delegation management."
116
+ },
117
+ "parentId": {
118
+ "type": "string",
119
+ "description": "Parent delegation ID for chained delegations."
120
+ },
121
+ "constraints": {
122
+ "$ref": "#/$defs/DelegationConstraints"
123
+ },
124
+ "status": {
125
+ "type": "string",
126
+ "enum": ["active", "revoked", "expired"],
127
+ "description": "Current delegation status."
128
+ },
129
+ "createdAt": {
130
+ "type": "integer",
131
+ "description": "Unix timestamp when delegation was created."
132
+ },
133
+ "metadata": {
134
+ "type": "object",
135
+ "description": "Additional delegation metadata.",
136
+ "additionalProperties": true
137
+ }
138
+ },
139
+ "additionalProperties": true
140
+ }
141
+ }
142
+ },
143
+ "DelegationConstraints": {
144
+ "type": "object",
145
+ "properties": {
146
+ "notBefore": {
147
+ "type": "integer",
148
+ "description": "Unix timestamp before which the delegation is not valid."
149
+ },
150
+ "notAfter": {
151
+ "type": "integer",
152
+ "description": "Unix timestamp after which the delegation expires."
153
+ },
154
+ "scopes": {
155
+ "type": "array",
156
+ "items": { "type": "string" },
157
+ "description": "Authorized scope strings."
158
+ },
159
+ "audience": {
160
+ "oneOf": [
161
+ { "type": "string" },
162
+ { "type": "array", "items": { "type": "string" } }
163
+ ],
164
+ "description": "Intended audience DID(s) for the delegation."
165
+ },
166
+ "crisp": {
167
+ "type": "object",
168
+ "required": ["scopes"],
169
+ "properties": {
170
+ "budget": {
171
+ "type": "object",
172
+ "required": ["unit", "cap"],
173
+ "properties": {
174
+ "unit": {
175
+ "type": "string",
176
+ "enum": ["USD", "ops", "points"],
177
+ "description": "Budget unit type."
178
+ },
179
+ "cap": {
180
+ "type": "number",
181
+ "minimum": 0,
182
+ "description": "Maximum budget amount."
183
+ },
184
+ "window": {
185
+ "type": "object",
186
+ "required": ["kind", "durationSec"],
187
+ "properties": {
188
+ "kind": {
189
+ "type": "string",
190
+ "enum": ["rolling", "fixed"]
191
+ },
192
+ "durationSec": {
193
+ "type": "integer",
194
+ "minimum": 1
195
+ }
196
+ }
197
+ }
198
+ }
199
+ },
200
+ "scopes": {
201
+ "type": "array",
202
+ "items": {
203
+ "type": "object",
204
+ "required": ["resource", "matcher"],
205
+ "properties": {
206
+ "resource": { "type": "string" },
207
+ "matcher": {
208
+ "type": "string",
209
+ "enum": ["exact", "prefix", "regex"]
210
+ },
211
+ "constraints": {
212
+ "type": "object",
213
+ "additionalProperties": true
214
+ }
215
+ }
216
+ }
217
+ }
218
+ },
219
+ "additionalProperties": true
220
+ }
221
+ },
222
+ "additionalProperties": true
223
+ },
224
+ "CredentialStatus": {
225
+ "type": "object",
226
+ "required": ["id", "type", "statusPurpose", "statusListIndex", "statusListCredential"],
227
+ "properties": {
228
+ "id": {
229
+ "type": "string",
230
+ "format": "uri",
231
+ "description": "Status entry identifier."
232
+ },
233
+ "type": {
234
+ "type": "string",
235
+ "const": "StatusList2021Entry"
236
+ },
237
+ "statusPurpose": {
238
+ "type": "string",
239
+ "enum": ["revocation", "suspension"]
240
+ },
241
+ "statusListIndex": {
242
+ "type": "string",
243
+ "pattern": "^[0-9]+$",
244
+ "description": "Index in the status list bitstring."
245
+ },
246
+ "statusListCredential": {
247
+ "type": "string",
248
+ "format": "uri",
249
+ "description": "URL of the StatusList2021 credential."
250
+ }
251
+ }
252
+ },
253
+ "Proof": {
254
+ "type": "object",
255
+ "required": ["type"],
256
+ "properties": {
257
+ "type": {
258
+ "type": "string",
259
+ "description": "Proof type (e.g., 'Ed25519Signature2020', 'JsonWebSignature2020')."
260
+ },
261
+ "created": {
262
+ "type": "string",
263
+ "format": "date-time"
264
+ },
265
+ "verificationMethod": {
266
+ "type": "string",
267
+ "description": "DID URL of the verification key."
268
+ },
269
+ "proofPurpose": {
270
+ "type": "string",
271
+ "description": "Purpose of the proof (e.g., 'assertionMethod')."
272
+ },
273
+ "proofValue": {
274
+ "type": "string",
275
+ "description": "Base64-encoded signature value."
276
+ },
277
+ "jws": {
278
+ "type": "string",
279
+ "description": "Compact JWS signature."
280
+ }
281
+ },
282
+ "additionalProperties": true
283
+ }
284
+ },
285
+ "examples": [
286
+ {
287
+ "@context": [
288
+ "https://www.w3.org/2018/credentials/v1",
289
+ "https://schema.modelcontextprotocol-identity.io/xmcp-i/credentials/delegation.v1.0.0.json"
290
+ ],
291
+ "id": "urn:uuid:12345678-1234-1234-1234-123456789abc",
292
+ "type": ["VerifiableCredential", "DelegationCredential"],
293
+ "issuer": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
294
+ "issuanceDate": "2024-03-12T00:00:00Z",
295
+ "expirationDate": "2024-03-13T00:00:00Z",
296
+ "credentialSubject": {
297
+ "id": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH",
298
+ "delegation": {
299
+ "id": "del-001",
300
+ "issuerDid": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
301
+ "subjectDid": "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH",
302
+ "scopes": ["read:documents", "write:documents"],
303
+ "constraints": {
304
+ "notBefore": 1710201600,
305
+ "notAfter": 1710288000
306
+ },
307
+ "status": "active"
308
+ }
309
+ }
310
+ }
311
+ ]
312
+ }
@@ -0,0 +1,97 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://schema.modelcontextprotocol-identity.io/xmcp-i/proof/detached-proof.v1.0.0.json",
4
+ "title": "MCP-I Detached Proof",
5
+ "description": "Cryptographic proof binding an MCP tool request/response pair to an agent's identity and session context.",
6
+ "type": "object",
7
+ "required": ["jws", "meta"],
8
+ "properties": {
9
+ "jws": {
10
+ "type": "string",
11
+ "minLength": 1,
12
+ "pattern": "^[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+$",
13
+ "description": "Compact JWS (header.payload.signature) signed with Ed25519. The payload contains canonicalized proof metadata."
14
+ },
15
+ "meta": {
16
+ "$ref": "#/$defs/ProofMeta"
17
+ }
18
+ },
19
+ "additionalProperties": false,
20
+ "$defs": {
21
+ "ProofMeta": {
22
+ "type": "object",
23
+ "required": ["did", "kid", "ts", "nonce", "audience", "sessionId", "requestHash", "responseHash"],
24
+ "properties": {
25
+ "did": {
26
+ "type": "string",
27
+ "pattern": "^did:(key|web):.+$",
28
+ "description": "Signer's DID."
29
+ },
30
+ "kid": {
31
+ "type": "string",
32
+ "minLength": 1,
33
+ "description": "Key identifier for the signing key (matches JWS header kid)."
34
+ },
35
+ "ts": {
36
+ "type": "integer",
37
+ "minimum": 1,
38
+ "description": "Unix timestamp in seconds when the proof was generated."
39
+ },
40
+ "nonce": {
41
+ "type": "string",
42
+ "minLength": 1,
43
+ "description": "Session nonce from the handshake, binding proof to session."
44
+ },
45
+ "audience": {
46
+ "type": "string",
47
+ "minLength": 1,
48
+ "description": "Intended audience (server DID or URL)."
49
+ },
50
+ "sessionId": {
51
+ "type": "string",
52
+ "minLength": 1,
53
+ "description": "Session identifier from handshake response."
54
+ },
55
+ "requestHash": {
56
+ "type": "string",
57
+ "pattern": "^sha256:[a-f0-9]{64}$",
58
+ "description": "SHA-256 hash of JCS-canonicalized request. Format: 'sha256:<64 hex chars>'."
59
+ },
60
+ "responseHash": {
61
+ "type": "string",
62
+ "pattern": "^sha256:[a-f0-9]{64}$",
63
+ "description": "SHA-256 hash of JCS-canonicalized response. Format: 'sha256:<64 hex chars>'."
64
+ },
65
+ "scopeId": {
66
+ "type": "string",
67
+ "description": "Optional scope identifier for fine-grained authorization tracking."
68
+ },
69
+ "delegationRef": {
70
+ "type": "string",
71
+ "description": "Optional reference to delegation credential authorizing this action."
72
+ },
73
+ "clientDid": {
74
+ "type": "string",
75
+ "pattern": "^did:.+$",
76
+ "description": "Optional client DID for multi-party scenarios."
77
+ }
78
+ },
79
+ "additionalProperties": false
80
+ }
81
+ },
82
+ "examples": [
83
+ {
84
+ "jws": "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa2hhWGdCWkR2b3REa0w1MjU3ZmFpenRpR2lDMlF0S0xHcGJubkVHdGEyZG9LI3o2TWtoYVhnQlpEdm90RGtMNTI1N2ZhaXp0aUdpQzJRdEtMR3Bibm5FR3RhMmRvSyJ9.eyJhdWQiOiJkaWQ6d2ViOmV4YW1wbGUuY29tIiwic3ViIjoiZGlkOmtleTp6Nk1raGFYZ0JaRHZvdERrTDUyNTdmYWl6dGlHaUMyUXRLTEdwYm5uRUd0YTJkb0siLCJpc3MiOiJkaWQ6a2V5Ono2TWtoYVhnQlpEdm90RGtMNTI1N2ZhaXp0aUdpQzJRdEtMR3Bibm5FR3RhMmRvSyIsInJlcXVlc3RIYXNoIjoic2hhMjU2OjcyYjgwYTRhYTZhYjlmNTNhZThmZTcyN2I2N2I5Y2I3ZjQ5OTk3ZjM2MjE3OTg5OTI3MTI1OGMzMjY1YmZiMWMiLCJyZXNwb25zZUhhc2giOiJzaGEyNTY6MWI0ZjBhMWVlNzcwOGQ0YzM5OGZmOWE0OTM3YjI0MjFhNmQzYTQ4MjRiNmE2ZjFhNmJlOGJhY2I3ZWYyNzlkYSIsInRzIjoxNzEwMjY4ODAwLCJub25jZSI6Ims3SHk5bU5wUXJTdFV2V3hZejAxQWEiLCJzZXNzaW9uSWQiOiJzZXNzX2FiYzEyM3h5eiJ9.signature",
85
+ "meta": {
86
+ "did": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
87
+ "kid": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK#z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
88
+ "ts": 1710268800,
89
+ "nonce": "k7Hy9mNpQrStUvWxYz01Aa",
90
+ "audience": "did:web:example.com",
91
+ "sessionId": "sess_abc123xyz",
92
+ "requestHash": "sha256:72b80a4aa6ab9f53ae8fe727b67b9cb7f49997f362179899271258c3265bfb1c",
93
+ "responseHash": "sha256:1b4f0a1ee7708d4c398ff9a4937b2421a6d3a4824b6a6f1a6be8bacb7ef279da"
94
+ }
95
+ }
96
+ ]
97
+ }
@@ -0,0 +1,84 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://schema.modelcontextprotocol-identity.io/xmcp-i/handshake/handshake-request.v1.0.0.json",
4
+ "title": "MCP-I Handshake Request",
5
+ "description": "Client-initiated handshake request to establish an MCP-I session with nonce-based replay protection.",
6
+ "type": "object",
7
+ "required": ["nonce", "audience", "timestamp"],
8
+ "properties": {
9
+ "nonce": {
10
+ "type": "string",
11
+ "minLength": 22,
12
+ "description": "Base64url-encoded random value (minimum 16 bytes) for replay prevention. Each nonce MUST be unique per session."
13
+ },
14
+ "audience": {
15
+ "type": "string",
16
+ "description": "The intended recipient's DID (did:key or did:web). MUST match the server's DID for the request to be accepted."
17
+ },
18
+ "timestamp": {
19
+ "type": "integer",
20
+ "minimum": 0,
21
+ "description": "Unix timestamp in seconds. Server MAY reject requests with timestamps outside acceptable skew window (default: 120 seconds)."
22
+ },
23
+ "agentDid": {
24
+ "type": "string",
25
+ "pattern": "^did:(key|web):.+$",
26
+ "description": "The agent's DID if authenticated. Required for authenticated sessions."
27
+ },
28
+ "clientInfo": {
29
+ "type": "object",
30
+ "description": "Optional client metadata for session context.",
31
+ "properties": {
32
+ "name": {
33
+ "type": "string",
34
+ "description": "Client application name."
35
+ },
36
+ "title": {
37
+ "type": "string",
38
+ "description": "Human-readable client title."
39
+ },
40
+ "version": {
41
+ "type": "string",
42
+ "description": "Client version string."
43
+ },
44
+ "platform": {
45
+ "type": "string",
46
+ "description": "Operating system or platform identifier."
47
+ },
48
+ "vendor": {
49
+ "type": "string",
50
+ "description": "Client vendor or organization."
51
+ },
52
+ "persistentId": {
53
+ "type": "string",
54
+ "description": "Persistent client identifier across sessions."
55
+ },
56
+ "clientId": {
57
+ "type": "string",
58
+ "description": "Unique client instance identifier."
59
+ }
60
+ },
61
+ "required": ["name"]
62
+ },
63
+ "clientProtocolVersion": {
64
+ "type": "string",
65
+ "pattern": "^\\d+\\.\\d+$",
66
+ "description": "Client's supported MCP-I protocol version (e.g., '1.0')."
67
+ },
68
+ "clientCapabilities": {
69
+ "type": "object",
70
+ "description": "Client capability flags for feature negotiation.",
71
+ "additionalProperties": true
72
+ }
73
+ },
74
+ "additionalProperties": false,
75
+ "examples": [
76
+ {
77
+ "nonce": "k7Hy9mNpQrStUvWxYz01Aa",
78
+ "audience": "did:web:example.com",
79
+ "timestamp": 1710268800,
80
+ "agentDid": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
81
+ "clientProtocolVersion": "1.0"
82
+ }
83
+ ]
84
+ }
@@ -0,0 +1,67 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://schema.modelcontextprotocol-identity.io/xmcp-i/handshake/handshake-response.v1.0.0.json",
4
+ "title": "MCP-I Handshake Response",
5
+ "description": "Server response to a successful handshake request, establishing session context.",
6
+ "type": "object",
7
+ "required": ["sessionId", "serverDid", "protocolVersion"],
8
+ "properties": {
9
+ "sessionId": {
10
+ "type": "string",
11
+ "minLength": 1,
12
+ "description": "Unique session identifier. Clients MUST include this in subsequent requests."
13
+ },
14
+ "serverDid": {
15
+ "type": "string",
16
+ "pattern": "^did:(key|web):.+$",
17
+ "description": "The server's DID used for proof verification."
18
+ },
19
+ "protocolVersion": {
20
+ "type": "string",
21
+ "pattern": "^\\d+\\.\\d+$",
22
+ "description": "Negotiated MCP-I protocol version (e.g., '1.0')."
23
+ },
24
+ "serverCapabilities": {
25
+ "type": "object",
26
+ "description": "Server capability flags indicating supported features.",
27
+ "properties": {
28
+ "proofs": {
29
+ "type": "boolean",
30
+ "description": "Server supports detached proofs on tool responses."
31
+ },
32
+ "delegation": {
33
+ "type": "boolean",
34
+ "description": "Server supports W3C delegation credentials."
35
+ },
36
+ "statusList": {
37
+ "type": "boolean",
38
+ "description": "Server supports StatusList2021 revocation checking."
39
+ }
40
+ },
41
+ "additionalProperties": true
42
+ },
43
+ "sessionTtl": {
44
+ "type": "integer",
45
+ "minimum": 1,
46
+ "description": "Session time-to-live in seconds. Client SHOULD refresh before expiration."
47
+ },
48
+ "nonce": {
49
+ "type": "string",
50
+ "description": "Echo of the client's nonce for binding verification."
51
+ }
52
+ },
53
+ "additionalProperties": false,
54
+ "examples": [
55
+ {
56
+ "sessionId": "sess_abc123xyz",
57
+ "serverDid": "did:web:api.example.com",
58
+ "protocolVersion": "1.0",
59
+ "serverCapabilities": {
60
+ "proofs": true,
61
+ "delegation": true,
62
+ "statusList": true
63
+ },
64
+ "sessionTtl": 1800
65
+ }
66
+ ]
67
+ }