MCP-I
MCP-I extends the Model Context Protocol with cryptographic
identity.
The first enforcement surface for KYA-OS primitives.
Introduction
— Servers prove their identity.
— Authorization enforced per-tool.
— Proof of every agentic action.
1. How It Works
When an AI agent wants to use a tool, both sides prove who they are—like showing ID before entering a building.
2. The Handshake
Before any tool is called, the server cryptographically proves its identity. No more trusting random endpoints.
{
"capabilities": {
"identity": {
"challenge": "prove-yourself-123"
}
}
}
{
"identity": {
"did": "did:key:z6Mk...",
"credential": "eyJ...",
"proof": {
"signature": "z58DAdFfa9..."
}
}
}
3. Tool Authorization
Tools declare what permissions they need.
The agent checks if the
human granted those permissions before calling.
calendar:read
4. Every Action is Signed
When Claude connects, calls a tool, or returns a result, it
includes cryptographic proof.
An identity-signed receipt that can be audited later.
{
"name": "read_calendar",
"arguments": { "date": "2025-01-29" },
"authorization": {
"delegation": "eyJ...",
"proof": {
"timestamp": 1735689600,
"signature": "z58DAdFfa9..."
}
}
}
5. Error Codes
-32001 UNAUTHORIZED Missing/invalid credential -32002 FORBIDDEN Valid credential, insufficient scope -32003 DELEGATION_EXPIRED Delegation has expired -32004 DELEGATION_REVOKED Delegation was revoked
6. Implementation
Reference implementations:
npm install @kya-os/mcp-i-core # Core runtime npm install @kya-os/mcp-i-cloudflare # Cloudflare Workers adapter npx @kya-os/create-mcpi-app my-server # Project scaffolder