attest-mcp-server

attest-mcp-server

An MCP server that exposes tools for issuing scoped agent credentials, delegating narrower child credentials, handling approvals, revoking task trees, and retrieving audit trails and evidence packets.

Category
Visit Server

README

Attest

License: Apache 2.0

Attest is a cryptographic credentialing standard for AI agent pipelines. When an orchestrator spawns sub-agents to complete a task, Attest issues each agent a short-lived, scope-limited JWT that is cryptographically bound to the original human instruction via a SHA-256 intent hash. Every delegation narrows scope, cannot outlive the parent, and is recorded in an append-only, hash-chained audit log — so the full chain of authority from a human principal down to any tool call is provable, revocable in a single operation, and independently verifiable by any party with access to the public key.

This repository also includes a standalone MCP server:

  • TypeScript MCP server — a real stdio Model Context Protocol server that exposes Attest tools like issue_credential, delegate_credential, list_tasks, get_audit_trail, get_evidence, and approval actions.
  • TypeScript MCP middleware — middleware for protecting your own MCP server with Attest.

Quickstart (TypeScript)

import { AttestClient, isScopeSubset } from '@attest-dev/sdk';

const client = new AttestClient({ baseUrl: 'http://localhost:8080', apiKey: 'dev' });

// 1. Issue a root credential for your orchestrator
const { token: rootToken, claims: root } = await client.issue({
  agent_id:    'orchestrator-v1',
  user_id:     'usr_alice',
  scope:       ['research:read', 'gmail:send'],
  instruction: 'Research our top 3 competitors and email a summary to the board',
});

// 2. Delegate a narrowed credential to a sub-agent
const { token: childToken, claims: child } = await client.delegate({
  parent_token: rootToken,
  child_agent:  'email-agent-v1',
  child_scope:  ['gmail:send'],        // subset of parent — enforced server-side
});

// 3. Verify offline (no network call after fetching JWKS once)
const jwks   = await client.fetchJWKS('org_abc123');
const result = await client.verify(childToken, jwks);
console.log(result.valid, result.warnings);

// 4. Revoke the entire task tree in one call
await client.revoke(root.jti);

// 5. Retrieve the tamper-evident audit chain
const chain = await client.audit(root.att_tid);
chain.events.forEach(e => console.log(e.event_type, e.jti, e.created_at));

Scope syntax

Scopes follow the pattern resource:action. Either field may be * as a wildcard.

Expression Meaning
gmail:send Send via Gmail only
gmail:* All Gmail actions
*:read Read access to any resource
*:* Full access (root grants only)

Delegation enforces that the child scope is a strict subset of the parent scope. The utility isScopeSubset(parentScope, childScope) replicates this check client-side.

Getting started

Prerequisites: Docker and Docker Compose.

# Clone and start everything
git clone https://github.com/attest-dev/attest
cd attest
docker compose up

# The server is now running at http://localhost:8080
# PostgreSQL at localhost:5432

# Issue your first credential (replace YOUR_API_KEY with the key from POST /v1/orgs)
curl -s -X POST http://localhost:8080/v1/credentials \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -d '{
    "agent_id":    "orchestrator-v1",
    "user_id":     "usr_alice",
    "scope":       ["research:read", "gmail:send"],
    "instruction": "Research competitors and email the board"
  }' | jq .

# Open the interactive demo
open demo/index.html

Without Docker (dev mode — ephemeral key, no database):

cd server
go run ./cmd/attest          # starts on :8080, warns about missing DB

API reference

Method Path Description
POST /v1/orgs Create an organization and get an API key
POST /v1/credentials Issue a root credential
POST /v1/credentials/delegate Delegate to a child agent
DELETE /v1/credentials/{jti} Revoke credential and all descendants
GET /v1/revoked/{jti} Check revocation status (public, no auth)
GET /v1/tasks/{tid}/audit Retrieve the audit chain for a task
POST /v1/audit/report Report an agent action to the audit log
POST /v1/audit/status Report agent lifecycle event (started/completed/failed)
POST /v1/approvals Request human-in-the-loop approval
POST /v1/approvals/{id}/grant Grant a pending HITL approval
GET /orgs/{orgId}/jwks.json Public key set for offline verification
GET /health Health check

Specification

The credential format is defined in spec/WCS-01.md (Attest Credential Standard, revision 01).

License

Apache 2.0 — see LICENSE.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured