vouch-mcp 2.0.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- vouch_mcp-2.0.0/PKG-INFO +123 -0
- vouch_mcp-2.0.0/README.md +104 -0
- vouch_mcp-2.0.0/pyproject.toml +33 -0
- vouch_mcp-2.0.0/setup.cfg +4 -0
- vouch_mcp-2.0.0/src/vouch_mcp/__init__.py +16 -0
- vouch_mcp-2.0.0/src/vouch_mcp.egg-info/PKG-INFO +123 -0
- vouch_mcp-2.0.0/src/vouch_mcp.egg-info/SOURCES.txt +10 -0
- vouch_mcp-2.0.0/src/vouch_mcp.egg-info/dependency_links.txt +1 -0
- vouch_mcp-2.0.0/src/vouch_mcp.egg-info/entry_points.txt +2 -0
- vouch_mcp-2.0.0/src/vouch_mcp.egg-info/requires.txt +4 -0
- vouch_mcp-2.0.0/src/vouch_mcp.egg-info/top_level.txt +1 -0
- vouch_mcp-2.0.0/tests/test_smoke.py +59 -0
vouch_mcp-2.0.0/PKG-INFO
ADDED
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: vouch-mcp
|
|
3
|
+
Version: 2.0.0
|
|
4
|
+
Summary: Model Context Protocol server that issues and verifies Vouch Credentials to authorize AI agent tool calls.
|
|
5
|
+
Author: Ramprasad Gaddam
|
|
6
|
+
License: Apache-2.0
|
|
7
|
+
Project-URL: Homepage, https://vouch-protocol.com
|
|
8
|
+
Project-URL: Source, https://github.com/vouch-protocol/vouch
|
|
9
|
+
Keywords: mcp,vouch,ai-agents,verifiable-credentials,identity,eddsa-jcs-2022
|
|
10
|
+
Classifier: Development Status :: 4 - Beta
|
|
11
|
+
Classifier: License :: OSI Approved :: Apache Software License
|
|
12
|
+
Classifier: Programming Language :: Python :: 3
|
|
13
|
+
Classifier: Topic :: Security :: Cryptography
|
|
14
|
+
Requires-Python: >=3.9
|
|
15
|
+
Description-Content-Type: text/markdown
|
|
16
|
+
Requires-Dist: vouch-protocol[mcp]>=2.0.0
|
|
17
|
+
Provides-Extra: dev
|
|
18
|
+
Requires-Dist: pytest>=7.0; extra == "dev"
|
|
19
|
+
|
|
20
|
+
# vouch-mcp
|
|
21
|
+
|
|
22
|
+
A Model Context Protocol (MCP) server that lets AI agents **issue and verify**
|
|
23
|
+
[Vouch](https://vouch-protocol.com) Credentials, so every action an agent takes
|
|
24
|
+
carries cryptographic proof of who authorized it.
|
|
25
|
+
|
|
26
|
+
MCP standardized how agents call tools. It does not say *who* is calling, or on
|
|
27
|
+
*whose authority*. `vouch-mcp` adds that layer: every authorized action carries
|
|
28
|
+
a W3C Verifiable Credential with an `eddsa-jcs-2022` Data Integrity proof (or the
|
|
29
|
+
post-quantum hybrid profile), and any party can verify one over the same MCP
|
|
30
|
+
connection.
|
|
31
|
+
|
|
32
|
+
**The key stays out of the model.** MCP already runs this server in its own
|
|
33
|
+
process, so the agent's private key lives here, never in the LLM's context. A
|
|
34
|
+
prompt-injected model cannot exfiltrate a key it never holds.
|
|
35
|
+
|
|
36
|
+
## When to use this vs `vouch.autosign`
|
|
37
|
+
|
|
38
|
+
Vouch gives you two front doors onto one signing primitive:
|
|
39
|
+
|
|
40
|
+
- **`vouch.autosign`** (in-process, Python): wrap a tool with `protect([...])`
|
|
41
|
+
and every call is signed deterministically, before the tool runs, with no
|
|
42
|
+
LLM cooperation. Best when your agent is Python and you want zero-effort,
|
|
43
|
+
can't-forget signing.
|
|
44
|
+
- **`vouch-mcp`** (this package): the out-of-process, cross-language path. Any
|
|
45
|
+
MCP client in any language calls `sign` / `verify` over the
|
|
46
|
+
wire, and the key is isolated in the server process. Best for non-Python
|
|
47
|
+
agents, key isolation, or exposing verification as a shared service.
|
|
48
|
+
|
|
49
|
+
Both call the same `sign_intent` core, so credentials are identical either way.
|
|
50
|
+
|
|
51
|
+
## Install
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
pip install vouch-mcp # or: uvx vouch-mcp
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
This pulls in `vouch-protocol[mcp]`, including the official MCP SDK. For the
|
|
58
|
+
post-quantum profile, install `pip install 'vouch-protocol[mcp,pq]'`.
|
|
59
|
+
|
|
60
|
+
## Configure
|
|
61
|
+
|
|
62
|
+
```python
|
|
63
|
+
from vouch import generate_identity
|
|
64
|
+
kp = generate_identity("agent.example.com")
|
|
65
|
+
print(kp.did) # did:web:agent.example.com
|
|
66
|
+
print(kp.private_key_jwk) # set as VOUCH_PRIVATE_KEY
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
## Run
|
|
70
|
+
|
|
71
|
+
**Local (stdio)** for Claude Desktop, Cursor, and desktop agents:
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
**Remote (Streamable HTTP)** for hosted / networked deployments:
|
|
78
|
+
|
|
79
|
+
```bash
|
|
80
|
+
VOUCH_MCP_TRANSPORT=http VOUCH_MCP_HOST=0.0.0.0 VOUCH_MCP_PORT=8080 \
|
|
81
|
+
VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
```jsonc
|
|
85
|
+
// Claude Desktop / Cursor MCP config
|
|
86
|
+
{
|
|
87
|
+
"mcpServers": {
|
|
88
|
+
"vouch": {
|
|
89
|
+
"command": "vouch-mcp",
|
|
90
|
+
"env": {
|
|
91
|
+
"VOUCH_DID": "did:web:agent.example.com",
|
|
92
|
+
"VOUCH_PRIVATE_KEY": "<jwk-json-string>"
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
## Tools
|
|
100
|
+
|
|
101
|
+
| Tool | What it does |
|
|
102
|
+
|---|---|
|
|
103
|
+
| `sign(action, target, resource, post_quantum=False)` | Issue a credential authorizing one action, bound to that exact resource. Set `post_quantum=True` for the `hybrid-eddsa-mldsa44-jcs-2026` profile. |
|
|
104
|
+
| `verify(credential_json, public_key=None)` | Verify a credential another agent or service presented. Any MCP client can verify without installing an SDK. |
|
|
105
|
+
| `create_session(purpose, valid_seconds, decay_lambda, initial_trust)` | Issue a trust-decaying session voucher (Heartbeat Protocol). |
|
|
106
|
+
| `check_revocation(credential_json)` | Check a credential's `BitstringStatusList` entry: `ACTIVE`, `REVOKED`, or not individually revocable. |
|
|
107
|
+
| `get_identity()` | Return the agent's DID. |
|
|
108
|
+
|
|
109
|
+
## Why `verify` matters
|
|
110
|
+
|
|
111
|
+
Signing proves *you* acted. Verifying is how *everyone else* benefits: any
|
|
112
|
+
MCP-capable agent, in any framework, can confirm another agent's credential with
|
|
113
|
+
a single tool call and no SDK. That is what turns Vouch from a per-app library
|
|
114
|
+
into an interoperable trust layer.
|
|
115
|
+
|
|
116
|
+
## Registry
|
|
117
|
+
|
|
118
|
+
This package ships a `server.json` manifest for the MCP registry, so it can be
|
|
119
|
+
discovered and installed like any other MCP server.
|
|
120
|
+
|
|
121
|
+
## License
|
|
122
|
+
|
|
123
|
+
Apache-2.0.
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
# vouch-mcp
|
|
2
|
+
|
|
3
|
+
A Model Context Protocol (MCP) server that lets AI agents **issue and verify**
|
|
4
|
+
[Vouch](https://vouch-protocol.com) Credentials, so every action an agent takes
|
|
5
|
+
carries cryptographic proof of who authorized it.
|
|
6
|
+
|
|
7
|
+
MCP standardized how agents call tools. It does not say *who* is calling, or on
|
|
8
|
+
*whose authority*. `vouch-mcp` adds that layer: every authorized action carries
|
|
9
|
+
a W3C Verifiable Credential with an `eddsa-jcs-2022` Data Integrity proof (or the
|
|
10
|
+
post-quantum hybrid profile), and any party can verify one over the same MCP
|
|
11
|
+
connection.
|
|
12
|
+
|
|
13
|
+
**The key stays out of the model.** MCP already runs this server in its own
|
|
14
|
+
process, so the agent's private key lives here, never in the LLM's context. A
|
|
15
|
+
prompt-injected model cannot exfiltrate a key it never holds.
|
|
16
|
+
|
|
17
|
+
## When to use this vs `vouch.autosign`
|
|
18
|
+
|
|
19
|
+
Vouch gives you two front doors onto one signing primitive:
|
|
20
|
+
|
|
21
|
+
- **`vouch.autosign`** (in-process, Python): wrap a tool with `protect([...])`
|
|
22
|
+
and every call is signed deterministically, before the tool runs, with no
|
|
23
|
+
LLM cooperation. Best when your agent is Python and you want zero-effort,
|
|
24
|
+
can't-forget signing.
|
|
25
|
+
- **`vouch-mcp`** (this package): the out-of-process, cross-language path. Any
|
|
26
|
+
MCP client in any language calls `sign` / `verify` over the
|
|
27
|
+
wire, and the key is isolated in the server process. Best for non-Python
|
|
28
|
+
agents, key isolation, or exposing verification as a shared service.
|
|
29
|
+
|
|
30
|
+
Both call the same `sign_intent` core, so credentials are identical either way.
|
|
31
|
+
|
|
32
|
+
## Install
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
pip install vouch-mcp # or: uvx vouch-mcp
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
This pulls in `vouch-protocol[mcp]`, including the official MCP SDK. For the
|
|
39
|
+
post-quantum profile, install `pip install 'vouch-protocol[mcp,pq]'`.
|
|
40
|
+
|
|
41
|
+
## Configure
|
|
42
|
+
|
|
43
|
+
```python
|
|
44
|
+
from vouch import generate_identity
|
|
45
|
+
kp = generate_identity("agent.example.com")
|
|
46
|
+
print(kp.did) # did:web:agent.example.com
|
|
47
|
+
print(kp.private_key_jwk) # set as VOUCH_PRIVATE_KEY
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
## Run
|
|
51
|
+
|
|
52
|
+
**Local (stdio)** for Claude Desktop, Cursor, and desktop agents:
|
|
53
|
+
|
|
54
|
+
```bash
|
|
55
|
+
VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
**Remote (Streamable HTTP)** for hosted / networked deployments:
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
VOUCH_MCP_TRANSPORT=http VOUCH_MCP_HOST=0.0.0.0 VOUCH_MCP_PORT=8080 \
|
|
62
|
+
VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
```jsonc
|
|
66
|
+
// Claude Desktop / Cursor MCP config
|
|
67
|
+
{
|
|
68
|
+
"mcpServers": {
|
|
69
|
+
"vouch": {
|
|
70
|
+
"command": "vouch-mcp",
|
|
71
|
+
"env": {
|
|
72
|
+
"VOUCH_DID": "did:web:agent.example.com",
|
|
73
|
+
"VOUCH_PRIVATE_KEY": "<jwk-json-string>"
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
## Tools
|
|
81
|
+
|
|
82
|
+
| Tool | What it does |
|
|
83
|
+
|---|---|
|
|
84
|
+
| `sign(action, target, resource, post_quantum=False)` | Issue a credential authorizing one action, bound to that exact resource. Set `post_quantum=True` for the `hybrid-eddsa-mldsa44-jcs-2026` profile. |
|
|
85
|
+
| `verify(credential_json, public_key=None)` | Verify a credential another agent or service presented. Any MCP client can verify without installing an SDK. |
|
|
86
|
+
| `create_session(purpose, valid_seconds, decay_lambda, initial_trust)` | Issue a trust-decaying session voucher (Heartbeat Protocol). |
|
|
87
|
+
| `check_revocation(credential_json)` | Check a credential's `BitstringStatusList` entry: `ACTIVE`, `REVOKED`, or not individually revocable. |
|
|
88
|
+
| `get_identity()` | Return the agent's DID. |
|
|
89
|
+
|
|
90
|
+
## Why `verify` matters
|
|
91
|
+
|
|
92
|
+
Signing proves *you* acted. Verifying is how *everyone else* benefits: any
|
|
93
|
+
MCP-capable agent, in any framework, can confirm another agent's credential with
|
|
94
|
+
a single tool call and no SDK. That is what turns Vouch from a per-app library
|
|
95
|
+
into an interoperable trust layer.
|
|
96
|
+
|
|
97
|
+
## Registry
|
|
98
|
+
|
|
99
|
+
This package ships a `server.json` manifest for the MCP registry, so it can be
|
|
100
|
+
discovered and installed like any other MCP server.
|
|
101
|
+
|
|
102
|
+
## License
|
|
103
|
+
|
|
104
|
+
Apache-2.0.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["setuptools>=61.0"]
|
|
3
|
+
build-backend = "setuptools.build_meta"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "vouch-mcp"
|
|
7
|
+
version = "2.0.0"
|
|
8
|
+
description = "Model Context Protocol server that issues and verifies Vouch Credentials to authorize AI agent tool calls."
|
|
9
|
+
readme = "README.md"
|
|
10
|
+
requires-python = ">=3.9"
|
|
11
|
+
license = { text = "Apache-2.0" }
|
|
12
|
+
authors = [{ name = "Ramprasad Gaddam" }]
|
|
13
|
+
keywords = ["mcp", "vouch", "ai-agents", "verifiable-credentials", "identity", "eddsa-jcs-2022"]
|
|
14
|
+
classifiers = [
|
|
15
|
+
"Development Status :: 4 - Beta",
|
|
16
|
+
"License :: OSI Approved :: Apache Software License",
|
|
17
|
+
"Programming Language :: Python :: 3",
|
|
18
|
+
"Topic :: Security :: Cryptography",
|
|
19
|
+
]
|
|
20
|
+
dependencies = ["vouch-protocol[mcp]>=2.0.0"]
|
|
21
|
+
|
|
22
|
+
[project.optional-dependencies]
|
|
23
|
+
dev = ["pytest>=7.0"]
|
|
24
|
+
|
|
25
|
+
[project.urls]
|
|
26
|
+
Homepage = "https://vouch-protocol.com"
|
|
27
|
+
Source = "https://github.com/vouch-protocol/vouch"
|
|
28
|
+
|
|
29
|
+
[project.scripts]
|
|
30
|
+
vouch-mcp = "vouch_mcp:main"
|
|
31
|
+
|
|
32
|
+
[tool.setuptools.packages.find]
|
|
33
|
+
where = ["src"]
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
"""vouch-mcp: an MCP server that issues Vouch Credentials for agent tool calls.
|
|
2
|
+
|
|
3
|
+
This is a thin distribution that wraps ``vouch.integrations.mcp.server``
|
|
4
|
+
(built on the official MCP SDK / FastMCP). It exists so the server can be
|
|
5
|
+
installed and listed on its own (PyPI, the MCP server registry) while the
|
|
6
|
+
implementation stays single-sourced in the vouch-protocol package.
|
|
7
|
+
|
|
8
|
+
Run:
|
|
9
|
+
pip install vouch-mcp
|
|
10
|
+
VOUCH_PRIVATE_KEY=... VOUCH_DID=... vouch-mcp
|
|
11
|
+
"""
|
|
12
|
+
|
|
13
|
+
from vouch.integrations.mcp.server import main, mcp
|
|
14
|
+
|
|
15
|
+
__all__ = ["main", "mcp"]
|
|
16
|
+
__version__ = "2.0.0"
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: vouch-mcp
|
|
3
|
+
Version: 2.0.0
|
|
4
|
+
Summary: Model Context Protocol server that issues and verifies Vouch Credentials to authorize AI agent tool calls.
|
|
5
|
+
Author: Ramprasad Gaddam
|
|
6
|
+
License: Apache-2.0
|
|
7
|
+
Project-URL: Homepage, https://vouch-protocol.com
|
|
8
|
+
Project-URL: Source, https://github.com/vouch-protocol/vouch
|
|
9
|
+
Keywords: mcp,vouch,ai-agents,verifiable-credentials,identity,eddsa-jcs-2022
|
|
10
|
+
Classifier: Development Status :: 4 - Beta
|
|
11
|
+
Classifier: License :: OSI Approved :: Apache Software License
|
|
12
|
+
Classifier: Programming Language :: Python :: 3
|
|
13
|
+
Classifier: Topic :: Security :: Cryptography
|
|
14
|
+
Requires-Python: >=3.9
|
|
15
|
+
Description-Content-Type: text/markdown
|
|
16
|
+
Requires-Dist: vouch-protocol[mcp]>=2.0.0
|
|
17
|
+
Provides-Extra: dev
|
|
18
|
+
Requires-Dist: pytest>=7.0; extra == "dev"
|
|
19
|
+
|
|
20
|
+
# vouch-mcp
|
|
21
|
+
|
|
22
|
+
A Model Context Protocol (MCP) server that lets AI agents **issue and verify**
|
|
23
|
+
[Vouch](https://vouch-protocol.com) Credentials, so every action an agent takes
|
|
24
|
+
carries cryptographic proof of who authorized it.
|
|
25
|
+
|
|
26
|
+
MCP standardized how agents call tools. It does not say *who* is calling, or on
|
|
27
|
+
*whose authority*. `vouch-mcp` adds that layer: every authorized action carries
|
|
28
|
+
a W3C Verifiable Credential with an `eddsa-jcs-2022` Data Integrity proof (or the
|
|
29
|
+
post-quantum hybrid profile), and any party can verify one over the same MCP
|
|
30
|
+
connection.
|
|
31
|
+
|
|
32
|
+
**The key stays out of the model.** MCP already runs this server in its own
|
|
33
|
+
process, so the agent's private key lives here, never in the LLM's context. A
|
|
34
|
+
prompt-injected model cannot exfiltrate a key it never holds.
|
|
35
|
+
|
|
36
|
+
## When to use this vs `vouch.autosign`
|
|
37
|
+
|
|
38
|
+
Vouch gives you two front doors onto one signing primitive:
|
|
39
|
+
|
|
40
|
+
- **`vouch.autosign`** (in-process, Python): wrap a tool with `protect([...])`
|
|
41
|
+
and every call is signed deterministically, before the tool runs, with no
|
|
42
|
+
LLM cooperation. Best when your agent is Python and you want zero-effort,
|
|
43
|
+
can't-forget signing.
|
|
44
|
+
- **`vouch-mcp`** (this package): the out-of-process, cross-language path. Any
|
|
45
|
+
MCP client in any language calls `sign` / `verify` over the
|
|
46
|
+
wire, and the key is isolated in the server process. Best for non-Python
|
|
47
|
+
agents, key isolation, or exposing verification as a shared service.
|
|
48
|
+
|
|
49
|
+
Both call the same `sign_intent` core, so credentials are identical either way.
|
|
50
|
+
|
|
51
|
+
## Install
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
pip install vouch-mcp # or: uvx vouch-mcp
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
This pulls in `vouch-protocol[mcp]`, including the official MCP SDK. For the
|
|
58
|
+
post-quantum profile, install `pip install 'vouch-protocol[mcp,pq]'`.
|
|
59
|
+
|
|
60
|
+
## Configure
|
|
61
|
+
|
|
62
|
+
```python
|
|
63
|
+
from vouch import generate_identity
|
|
64
|
+
kp = generate_identity("agent.example.com")
|
|
65
|
+
print(kp.did) # did:web:agent.example.com
|
|
66
|
+
print(kp.private_key_jwk) # set as VOUCH_PRIVATE_KEY
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
## Run
|
|
70
|
+
|
|
71
|
+
**Local (stdio)** for Claude Desktop, Cursor, and desktop agents:
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
**Remote (Streamable HTTP)** for hosted / networked deployments:
|
|
78
|
+
|
|
79
|
+
```bash
|
|
80
|
+
VOUCH_MCP_TRANSPORT=http VOUCH_MCP_HOST=0.0.0.0 VOUCH_MCP_PORT=8080 \
|
|
81
|
+
VOUCH_PRIVATE_KEY='...' VOUCH_DID='did:web:agent.example.com' vouch-mcp
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
```jsonc
|
|
85
|
+
// Claude Desktop / Cursor MCP config
|
|
86
|
+
{
|
|
87
|
+
"mcpServers": {
|
|
88
|
+
"vouch": {
|
|
89
|
+
"command": "vouch-mcp",
|
|
90
|
+
"env": {
|
|
91
|
+
"VOUCH_DID": "did:web:agent.example.com",
|
|
92
|
+
"VOUCH_PRIVATE_KEY": "<jwk-json-string>"
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
## Tools
|
|
100
|
+
|
|
101
|
+
| Tool | What it does |
|
|
102
|
+
|---|---|
|
|
103
|
+
| `sign(action, target, resource, post_quantum=False)` | Issue a credential authorizing one action, bound to that exact resource. Set `post_quantum=True` for the `hybrid-eddsa-mldsa44-jcs-2026` profile. |
|
|
104
|
+
| `verify(credential_json, public_key=None)` | Verify a credential another agent or service presented. Any MCP client can verify without installing an SDK. |
|
|
105
|
+
| `create_session(purpose, valid_seconds, decay_lambda, initial_trust)` | Issue a trust-decaying session voucher (Heartbeat Protocol). |
|
|
106
|
+
| `check_revocation(credential_json)` | Check a credential's `BitstringStatusList` entry: `ACTIVE`, `REVOKED`, or not individually revocable. |
|
|
107
|
+
| `get_identity()` | Return the agent's DID. |
|
|
108
|
+
|
|
109
|
+
## Why `verify` matters
|
|
110
|
+
|
|
111
|
+
Signing proves *you* acted. Verifying is how *everyone else* benefits: any
|
|
112
|
+
MCP-capable agent, in any framework, can confirm another agent's credential with
|
|
113
|
+
a single tool call and no SDK. That is what turns Vouch from a per-app library
|
|
114
|
+
into an interoperable trust layer.
|
|
115
|
+
|
|
116
|
+
## Registry
|
|
117
|
+
|
|
118
|
+
This package ships a `server.json` manifest for the MCP registry, so it can be
|
|
119
|
+
discovered and installed like any other MCP server.
|
|
120
|
+
|
|
121
|
+
## License
|
|
122
|
+
|
|
123
|
+
Apache-2.0.
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
README.md
|
|
2
|
+
pyproject.toml
|
|
3
|
+
src/vouch_mcp/__init__.py
|
|
4
|
+
src/vouch_mcp.egg-info/PKG-INFO
|
|
5
|
+
src/vouch_mcp.egg-info/SOURCES.txt
|
|
6
|
+
src/vouch_mcp.egg-info/dependency_links.txt
|
|
7
|
+
src/vouch_mcp.egg-info/entry_points.txt
|
|
8
|
+
src/vouch_mcp.egg-info/requires.txt
|
|
9
|
+
src/vouch_mcp.egg-info/top_level.txt
|
|
10
|
+
tests/test_smoke.py
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
vouch_mcp
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
"""Smoke tests for the vouch-mcp package.
|
|
2
|
+
|
|
3
|
+
These prove the package imports, the server object is the official FastMCP
|
|
4
|
+
type with the expected tools registered, and the server's signing path
|
|
5
|
+
produces a credential that verifies.
|
|
6
|
+
"""
|
|
7
|
+
|
|
8
|
+
import asyncio
|
|
9
|
+
import json
|
|
10
|
+
import os
|
|
11
|
+
|
|
12
|
+
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
|
|
13
|
+
from jwcrypto.common import base64url_decode
|
|
14
|
+
|
|
15
|
+
from vouch import Verifier, generate_identity
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
def test_package_exports():
|
|
19
|
+
import vouch_mcp
|
|
20
|
+
|
|
21
|
+
assert callable(vouch_mcp.main)
|
|
22
|
+
assert type(vouch_mcp.mcp).__name__ == "FastMCP"
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
def test_registered_tool_names():
|
|
26
|
+
import vouch_mcp
|
|
27
|
+
|
|
28
|
+
tools = asyncio.run(vouch_mcp.mcp.list_tools())
|
|
29
|
+
names = {t.name for t in tools}
|
|
30
|
+
assert {
|
|
31
|
+
"sign",
|
|
32
|
+
"verify",
|
|
33
|
+
"create_session",
|
|
34
|
+
"check_revocation",
|
|
35
|
+
"get_identity",
|
|
36
|
+
} <= names
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
def test_sign_and_verify_roundtrip():
|
|
40
|
+
kp = generate_identity("agent.example.com")
|
|
41
|
+
os.environ["VOUCH_PRIVATE_KEY"] = kp.private_key_jwk
|
|
42
|
+
os.environ["VOUCH_DID"] = kp.did
|
|
43
|
+
|
|
44
|
+
from vouch.autosign import reset_default_signer
|
|
45
|
+
|
|
46
|
+
reset_default_signer()
|
|
47
|
+
|
|
48
|
+
from vouch.integrations.mcp import server
|
|
49
|
+
|
|
50
|
+
out = server.sign("read", "https://api.example.com", "customer:123")
|
|
51
|
+
cred = json.loads(out)
|
|
52
|
+
assert cred["proof"]["cryptosuite"] == "eddsa-jcs-2022"
|
|
53
|
+
|
|
54
|
+
pub = Ed25519PublicKey.from_public_bytes(base64url_decode(json.loads(kp.public_key_jwk)["x"]))
|
|
55
|
+
ok, _ = Verifier.verify(cred, public_key=pub)
|
|
56
|
+
assert ok is True
|
|
57
|
+
|
|
58
|
+
verdict = server.verify(out, public_key=None)
|
|
59
|
+
assert "VERIFIED" in verdict or "REJECTED" in verdict
|