vouch-mcp 2.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,123 @@
1
+ Metadata-Version: 2.4
2
+ Name: vouch-mcp
3
+ Version: 2.0.0
4
+ Summary: Model Context Protocol server that issues and verifies Vouch Credentials to authorize AI agent tool calls.
5
+ Author: Ramprasad Gaddam
6
+ License: Apache-2.0
7
+ Project-URL: Homepage, https://vouch-protocol.com
8
+ Project-URL: Source, https://github.com/vouch-protocol/vouch
9
+ Keywords: mcp,vouch,ai-agents,verifiable-credentials,identity,eddsa-jcs-2022
10
+ Classifier: Development Status :: 4 - Beta
11
+ Classifier: License :: OSI Approved :: Apache Software License
12
+ Classifier: Programming Language :: Python :: 3
13
+ Classifier: Topic :: Security :: Cryptography
14
+ Requires-Python: >=3.9
15
+ Description-Content-Type: text/markdown
16
+ Requires-Dist: vouch-protocol[mcp]>=2.0.0
17
+ Provides-Extra: dev
18
+ Requires-Dist: pytest>=7.0; extra == "dev"
19
+
20
+ # vouch-mcp
21
+
22
+ A Model Context Protocol (MCP) server that lets AI agents **issue and verify**
23
+ [Vouch](https://vouch-protocol.com) Credentials, so every action an agent takes
24
+ carries cryptographic proof of who authorized it.
25
+
26
+ MCP standardized how agents call tools. It does not say *who* is calling, or on
27
+ *whose authority*. `vouch-mcp` adds that layer: every authorized action carries
28
+ a W3C Verifiable Credential with an `eddsa-jcs-2022` Data Integrity proof (or the
29
+ post-quantum hybrid profile), and any party can verify one over the same MCP
30
+ connection.
31
+
32
+ **The key stays out of the model.** MCP already runs this server in its own
33
+ process, so the agent's private key lives here, never in the LLM's context. A
34
+ prompt-injected model cannot exfiltrate a key it never holds.
35
+
36
+ ## When to use this vs `vouch.autosign`
37
+
38
+ Vouch gives you two front doors onto one signing primitive:
39
+
40
+ - **`vouch.autosign`** (in-process, Python): wrap a tool with `protect([...])`
41
+ and every call is signed deterministically, before the tool runs, with no
42
+ LLM cooperation. Best when your agent is Python and you want zero-effort,
43
+ can't-forget signing.
44
+ - **`vouch-mcp`** (this package): the out-of-process, cross-language path. Any
45
+ MCP client in any language calls `sign` / `verify` over the
46
+ wire, and the key is isolated in the server process. Best for non-Python
47
+ agents, key isolation, or exposing verification as a shared service.
48
+
49
+ Both call the same `sign_intent` core, so credentials are identical either way.
50
+
51
+ ## Install
52
+
53
+ ```bash
54
+ pip install vouch-mcp # or: uvx vouch-mcp
55
+ ```
56
+
57
+ This pulls in `vouch-protocol[mcp]`, including the official MCP SDK. For the
58
+ post-quantum profile, install `pip install 'vouch-protocol[mcp,pq]'`.
59
+
60
+ ## Configure
61
+
62
+ ```python
63
+ from vouch import generate_identity
64
+ kp = generate_identity("agent.example.com")
65
+ print(kp.did) # did:web:agent.example.com
66
+ print(kp.private_key_jwk) # set as VOUCH_PRIVATE_KEY
67
+ ```
68
+
69
+ ## Run
70
+
71
+ **Local (stdio)** for Claude Desktop, Cursor, and desktop agents:
72
+
73
+ ```bash
74
+ VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
75
+ ```
76
+
77
+ **Remote (Streamable HTTP)** for hosted / networked deployments:
78
+
79
+ ```bash
80
+ VOUCH_MCP_TRANSPORT=http VOUCH_MCP_HOST=0.0.0.0 VOUCH_MCP_PORT=8080 \
81
+ VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
82
+ ```
83
+
84
+ ```jsonc
85
+ // Claude Desktop / Cursor MCP config
86
+ {
87
+ "mcpServers": {
88
+ "vouch": {
89
+ "command": "vouch-mcp",
90
+ "env": {
91
+ "VOUCH_DID": "did:web:agent.example.com",
92
+ "VOUCH_PRIVATE_KEY": "<jwk-json-string>"
93
+ }
94
+ }
95
+ }
96
+ }
97
+ ```
98
+
99
+ ## Tools
100
+
101
+ | Tool | What it does |
102
+ |---|---|
103
+ | `sign(action, target, resource, post_quantum=False)` | Issue a credential authorizing one action, bound to that exact resource. Set `post_quantum=True` for the `hybrid-eddsa-mldsa44-jcs-2026` profile. |
104
+ | `verify(credential_json, public_key=None)` | Verify a credential another agent or service presented. Any MCP client can verify without installing an SDK. |
105
+ | `create_session(purpose, valid_seconds, decay_lambda, initial_trust)` | Issue a trust-decaying session voucher (Heartbeat Protocol). |
106
+ | `check_revocation(credential_json)` | Check a credential's `BitstringStatusList` entry: `ACTIVE`, `REVOKED`, or not individually revocable. |
107
+ | `get_identity()` | Return the agent's DID. |
108
+
109
+ ## Why `verify` matters
110
+
111
+ Signing proves *you* acted. Verifying is how *everyone else* benefits: any
112
+ MCP-capable agent, in any framework, can confirm another agent's credential with
113
+ a single tool call and no SDK. That is what turns Vouch from a per-app library
114
+ into an interoperable trust layer.
115
+
116
+ ## Registry
117
+
118
+ This package ships a `server.json` manifest for the MCP registry, so it can be
119
+ discovered and installed like any other MCP server.
120
+
121
+ ## License
122
+
123
+ Apache-2.0.
@@ -0,0 +1,104 @@
1
+ # vouch-mcp
2
+
3
+ A Model Context Protocol (MCP) server that lets AI agents **issue and verify**
4
+ [Vouch](https://vouch-protocol.com) Credentials, so every action an agent takes
5
+ carries cryptographic proof of who authorized it.
6
+
7
+ MCP standardized how agents call tools. It does not say *who* is calling, or on
8
+ *whose authority*. `vouch-mcp` adds that layer: every authorized action carries
9
+ a W3C Verifiable Credential with an `eddsa-jcs-2022` Data Integrity proof (or the
10
+ post-quantum hybrid profile), and any party can verify one over the same MCP
11
+ connection.
12
+
13
+ **The key stays out of the model.** MCP already runs this server in its own
14
+ process, so the agent's private key lives here, never in the LLM's context. A
15
+ prompt-injected model cannot exfiltrate a key it never holds.
16
+
17
+ ## When to use this vs `vouch.autosign`
18
+
19
+ Vouch gives you two front doors onto one signing primitive:
20
+
21
+ - **`vouch.autosign`** (in-process, Python): wrap a tool with `protect([...])`
22
+ and every call is signed deterministically, before the tool runs, with no
23
+ LLM cooperation. Best when your agent is Python and you want zero-effort,
24
+ can't-forget signing.
25
+ - **`vouch-mcp`** (this package): the out-of-process, cross-language path. Any
26
+ MCP client in any language calls `sign` / `verify` over the
27
+ wire, and the key is isolated in the server process. Best for non-Python
28
+ agents, key isolation, or exposing verification as a shared service.
29
+
30
+ Both call the same `sign_intent` core, so credentials are identical either way.
31
+
32
+ ## Install
33
+
34
+ ```bash
35
+ pip install vouch-mcp # or: uvx vouch-mcp
36
+ ```
37
+
38
+ This pulls in `vouch-protocol[mcp]`, including the official MCP SDK. For the
39
+ post-quantum profile, install `pip install 'vouch-protocol[mcp,pq]'`.
40
+
41
+ ## Configure
42
+
43
+ ```python
44
+ from vouch import generate_identity
45
+ kp = generate_identity("agent.example.com")
46
+ print(kp.did) # did:web:agent.example.com
47
+ print(kp.private_key_jwk) # set as VOUCH_PRIVATE_KEY
48
+ ```
49
+
50
+ ## Run
51
+
52
+ **Local (stdio)** for Claude Desktop, Cursor, and desktop agents:
53
+
54
+ ```bash
55
+ VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
56
+ ```
57
+
58
+ **Remote (Streamable HTTP)** for hosted / networked deployments:
59
+
60
+ ```bash
61
+ VOUCH_MCP_TRANSPORT=http VOUCH_MCP_HOST=0.0.0.0 VOUCH_MCP_PORT=8080 \
62
+ VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
63
+ ```
64
+
65
+ ```jsonc
66
+ // Claude Desktop / Cursor MCP config
67
+ {
68
+ "mcpServers": {
69
+ "vouch": {
70
+ "command": "vouch-mcp",
71
+ "env": {
72
+ "VOUCH_DID": "did:web:agent.example.com",
73
+ "VOUCH_PRIVATE_KEY": "<jwk-json-string>"
74
+ }
75
+ }
76
+ }
77
+ }
78
+ ```
79
+
80
+ ## Tools
81
+
82
+ | Tool | What it does |
83
+ |---|---|
84
+ | `sign(action, target, resource, post_quantum=False)` | Issue a credential authorizing one action, bound to that exact resource. Set `post_quantum=True` for the `hybrid-eddsa-mldsa44-jcs-2026` profile. |
85
+ | `verify(credential_json, public_key=None)` | Verify a credential another agent or service presented. Any MCP client can verify without installing an SDK. |
86
+ | `create_session(purpose, valid_seconds, decay_lambda, initial_trust)` | Issue a trust-decaying session voucher (Heartbeat Protocol). |
87
+ | `check_revocation(credential_json)` | Check a credential's `BitstringStatusList` entry: `ACTIVE`, `REVOKED`, or not individually revocable. |
88
+ | `get_identity()` | Return the agent's DID. |
89
+
90
+ ## Why `verify` matters
91
+
92
+ Signing proves *you* acted. Verifying is how *everyone else* benefits: any
93
+ MCP-capable agent, in any framework, can confirm another agent's credential with
94
+ a single tool call and no SDK. That is what turns Vouch from a per-app library
95
+ into an interoperable trust layer.
96
+
97
+ ## Registry
98
+
99
+ This package ships a `server.json` manifest for the MCP registry, so it can be
100
+ discovered and installed like any other MCP server.
101
+
102
+ ## License
103
+
104
+ Apache-2.0.
@@ -0,0 +1,33 @@
1
+ [build-system]
2
+ requires = ["setuptools>=61.0"]
3
+ build-backend = "setuptools.build_meta"
4
+
5
+ [project]
6
+ name = "vouch-mcp"
7
+ version = "2.0.0"
8
+ description = "Model Context Protocol server that issues and verifies Vouch Credentials to authorize AI agent tool calls."
9
+ readme = "README.md"
10
+ requires-python = ">=3.9"
11
+ license = { text = "Apache-2.0" }
12
+ authors = [{ name = "Ramprasad Gaddam" }]
13
+ keywords = ["mcp", "vouch", "ai-agents", "verifiable-credentials", "identity", "eddsa-jcs-2022"]
14
+ classifiers = [
15
+ "Development Status :: 4 - Beta",
16
+ "License :: OSI Approved :: Apache Software License",
17
+ "Programming Language :: Python :: 3",
18
+ "Topic :: Security :: Cryptography",
19
+ ]
20
+ dependencies = ["vouch-protocol[mcp]>=2.0.0"]
21
+
22
+ [project.optional-dependencies]
23
+ dev = ["pytest>=7.0"]
24
+
25
+ [project.urls]
26
+ Homepage = "https://vouch-protocol.com"
27
+ Source = "https://github.com/vouch-protocol/vouch"
28
+
29
+ [project.scripts]
30
+ vouch-mcp = "vouch_mcp:main"
31
+
32
+ [tool.setuptools.packages.find]
33
+ where = ["src"]
@@ -0,0 +1,4 @@
1
+ [egg_info]
2
+ tag_build =
3
+ tag_date = 0
4
+
@@ -0,0 +1,16 @@
1
+ """vouch-mcp: an MCP server that issues Vouch Credentials for agent tool calls.
2
+
3
+ This is a thin distribution that wraps ``vouch.integrations.mcp.server``
4
+ (built on the official MCP SDK / FastMCP). It exists so the server can be
5
+ installed and listed on its own (PyPI, the MCP server registry) while the
6
+ implementation stays single-sourced in the vouch-protocol package.
7
+
8
+ Run:
9
+ pip install vouch-mcp
10
+ VOUCH_PRIVATE_KEY=... VOUCH_DID=... vouch-mcp
11
+ """
12
+
13
+ from vouch.integrations.mcp.server import main, mcp
14
+
15
+ __all__ = ["main", "mcp"]
16
+ __version__ = "2.0.0"
@@ -0,0 +1,123 @@
1
+ Metadata-Version: 2.4
2
+ Name: vouch-mcp
3
+ Version: 2.0.0
4
+ Summary: Model Context Protocol server that issues and verifies Vouch Credentials to authorize AI agent tool calls.
5
+ Author: Ramprasad Gaddam
6
+ License: Apache-2.0
7
+ Project-URL: Homepage, https://vouch-protocol.com
8
+ Project-URL: Source, https://github.com/vouch-protocol/vouch
9
+ Keywords: mcp,vouch,ai-agents,verifiable-credentials,identity,eddsa-jcs-2022
10
+ Classifier: Development Status :: 4 - Beta
11
+ Classifier: License :: OSI Approved :: Apache Software License
12
+ Classifier: Programming Language :: Python :: 3
13
+ Classifier: Topic :: Security :: Cryptography
14
+ Requires-Python: >=3.9
15
+ Description-Content-Type: text/markdown
16
+ Requires-Dist: vouch-protocol[mcp]>=2.0.0
17
+ Provides-Extra: dev
18
+ Requires-Dist: pytest>=7.0; extra == "dev"
19
+
20
+ # vouch-mcp
21
+
22
+ A Model Context Protocol (MCP) server that lets AI agents **issue and verify**
23
+ [Vouch](https://vouch-protocol.com) Credentials, so every action an agent takes
24
+ carries cryptographic proof of who authorized it.
25
+
26
+ MCP standardized how agents call tools. It does not say *who* is calling, or on
27
+ *whose authority*. `vouch-mcp` adds that layer: every authorized action carries
28
+ a W3C Verifiable Credential with an `eddsa-jcs-2022` Data Integrity proof (or the
29
+ post-quantum hybrid profile), and any party can verify one over the same MCP
30
+ connection.
31
+
32
+ **The key stays out of the model.** MCP already runs this server in its own
33
+ process, so the agent's private key lives here, never in the LLM's context. A
34
+ prompt-injected model cannot exfiltrate a key it never holds.
35
+
36
+ ## When to use this vs `vouch.autosign`
37
+
38
+ Vouch gives you two front doors onto one signing primitive:
39
+
40
+ - **`vouch.autosign`** (in-process, Python): wrap a tool with `protect([...])`
41
+ and every call is signed deterministically, before the tool runs, with no
42
+ LLM cooperation. Best when your agent is Python and you want zero-effort,
43
+ can't-forget signing.
44
+ - **`vouch-mcp`** (this package): the out-of-process, cross-language path. Any
45
+ MCP client in any language calls `sign` / `verify` over the
46
+ wire, and the key is isolated in the server process. Best for non-Python
47
+ agents, key isolation, or exposing verification as a shared service.
48
+
49
+ Both call the same `sign_intent` core, so credentials are identical either way.
50
+
51
+ ## Install
52
+
53
+ ```bash
54
+ pip install vouch-mcp # or: uvx vouch-mcp
55
+ ```
56
+
57
+ This pulls in `vouch-protocol[mcp]`, including the official MCP SDK. For the
58
+ post-quantum profile, install `pip install 'vouch-protocol[mcp,pq]'`.
59
+
60
+ ## Configure
61
+
62
+ ```python
63
+ from vouch import generate_identity
64
+ kp = generate_identity("agent.example.com")
65
+ print(kp.did) # did:web:agent.example.com
66
+ print(kp.private_key_jwk) # set as VOUCH_PRIVATE_KEY
67
+ ```
68
+
69
+ ## Run
70
+
71
+ **Local (stdio)** for Claude Desktop, Cursor, and desktop agents:
72
+
73
+ ```bash
74
+ VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
75
+ ```
76
+
77
+ **Remote (Streamable HTTP)** for hosted / networked deployments:
78
+
79
+ ```bash
80
+ VOUCH_MCP_TRANSPORT=http VOUCH_MCP_HOST=0.0.0.0 VOUCH_MCP_PORT=8080 \
81
+ VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
82
+ ```
83
+
84
+ ```jsonc
85
+ // Claude Desktop / Cursor MCP config
86
+ {
87
+ "mcpServers": {
88
+ "vouch": {
89
+ "command": "vouch-mcp",
90
+ "env": {
91
+ "VOUCH_DID": "did:web:agent.example.com",
92
+ "VOUCH_PRIVATE_KEY": "<jwk-json-string>"
93
+ }
94
+ }
95
+ }
96
+ }
97
+ ```
98
+
99
+ ## Tools
100
+
101
+ | Tool | What it does |
102
+ |---|---|
103
+ | `sign(action, target, resource, post_quantum=False)` | Issue a credential authorizing one action, bound to that exact resource. Set `post_quantum=True` for the `hybrid-eddsa-mldsa44-jcs-2026` profile. |
104
+ | `verify(credential_json, public_key=None)` | Verify a credential another agent or service presented. Any MCP client can verify without installing an SDK. |
105
+ | `create_session(purpose, valid_seconds, decay_lambda, initial_trust)` | Issue a trust-decaying session voucher (Heartbeat Protocol). |
106
+ | `check_revocation(credential_json)` | Check a credential's `BitstringStatusList` entry: `ACTIVE`, `REVOKED`, or not individually revocable. |
107
+ | `get_identity()` | Return the agent's DID. |
108
+
109
+ ## Why `verify` matters
110
+
111
+ Signing proves *you* acted. Verifying is how *everyone else* benefits: any
112
+ MCP-capable agent, in any framework, can confirm another agent's credential with
113
+ a single tool call and no SDK. That is what turns Vouch from a per-app library
114
+ into an interoperable trust layer.
115
+
116
+ ## Registry
117
+
118
+ This package ships a `server.json` manifest for the MCP registry, so it can be
119
+ discovered and installed like any other MCP server.
120
+
121
+ ## License
122
+
123
+ Apache-2.0.
@@ -0,0 +1,10 @@
1
+ README.md
2
+ pyproject.toml
3
+ src/vouch_mcp/__init__.py
4
+ src/vouch_mcp.egg-info/PKG-INFO
5
+ src/vouch_mcp.egg-info/SOURCES.txt
6
+ src/vouch_mcp.egg-info/dependency_links.txt
7
+ src/vouch_mcp.egg-info/entry_points.txt
8
+ src/vouch_mcp.egg-info/requires.txt
9
+ src/vouch_mcp.egg-info/top_level.txt
10
+ tests/test_smoke.py
@@ -0,0 +1,2 @@
1
+ [console_scripts]
2
+ vouch-mcp = vouch_mcp:main
@@ -0,0 +1,4 @@
1
+ vouch-protocol[mcp]>=2.0.0
2
+
3
+ [dev]
4
+ pytest>=7.0
@@ -0,0 +1 @@
1
+ vouch_mcp
@@ -0,0 +1,59 @@
1
+ """Smoke tests for the vouch-mcp package.
2
+
3
+ These prove the package imports, the server object is the official FastMCP
4
+ type with the expected tools registered, and the server's signing path
5
+ produces a credential that verifies.
6
+ """
7
+
8
+ import asyncio
9
+ import json
10
+ import os
11
+
12
+ from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
13
+ from jwcrypto.common import base64url_decode
14
+
15
+ from vouch import Verifier, generate_identity
16
+
17
+
18
+ def test_package_exports():
19
+ import vouch_mcp
20
+
21
+ assert callable(vouch_mcp.main)
22
+ assert type(vouch_mcp.mcp).__name__ == "FastMCP"
23
+
24
+
25
+ def test_registered_tool_names():
26
+ import vouch_mcp
27
+
28
+ tools = asyncio.run(vouch_mcp.mcp.list_tools())
29
+ names = {t.name for t in tools}
30
+ assert {
31
+ "sign",
32
+ "verify",
33
+ "create_session",
34
+ "check_revocation",
35
+ "get_identity",
36
+ } <= names
37
+
38
+
39
+ def test_sign_and_verify_roundtrip():
40
+ kp = generate_identity("agent.example.com")
41
+ os.environ["VOUCH_PRIVATE_KEY"] = kp.private_key_jwk
42
+ os.environ["VOUCH_DID"] = kp.did
43
+
44
+ from vouch.autosign import reset_default_signer
45
+
46
+ reset_default_signer()
47
+
48
+ from vouch.integrations.mcp import server
49
+
50
+ out = server.sign("read", "https://api.example.com", "customer:123")
51
+ cred = json.loads(out)
52
+ assert cred["proof"]["cryptosuite"] == "eddsa-jcs-2022"
53
+
54
+ pub = Ed25519PublicKey.from_public_bytes(base64url_decode(json.loads(kp.public_key_jwk)["x"]))
55
+ ok, _ = Verifier.verify(cred, public_key=pub)
56
+ assert ok is True
57
+
58
+ verdict = server.verify(out, public_key=None)
59
+ assert "VERIFIED" in verdict or "REJECTED" in verdict