Skip to content

feat: Add optional AGNTCY Identity support for MCP servers #154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: Add optional AGNTCY Identity support for MCP servers #154

wants to merge 5 commits into from
+260 −0

Conversation

anivar
Copy link

@anivar anivar commented Aug 23, 2025
edited
Loading

Adds optional identity support to mcpd using AGNTCY Identity spec.

What it does:

  • Generates Ed25519 keys for MCP servers
  • Creates W3C DIDs: did:agntcy:mcpd:{org}:{server}
  • Stores keys with 0600 permissions
  • Loads identity on startup

What it doesn't do yet:

  • Send identity headers in requests
  • Verify signatures
  • Enforce access control

Usage:

export MCPD_IDENTITY_ENABLED=true
mcpd identity init my-server --org "my-org"
mcpd daemon --dev

Implementation:

  • 4 files, ~300 lines
  • No impact when disabled

This PR adds the identity foundation. Authentication will come later.

Closes #156

@anivar anivar force-pushed the feat/agntcy-identity-support branch 2 times, most recently from 9939910 to 1338d64 Compare August 23, 2025 19:40
feat: Add minimal AGNTCY Identity support
5dade48 
- Optional identity verification for MCP servers
- AGNTCY-compatible Verifiable Credentials
- Simple file-based storage for development
- Non-blocking verification on server startup
- Only 132 lines of code across 2 files

Enable with: export MCPD_IDENTITY_ENABLED=true
Initialize: mcpd identity init <server-name>
@anivar anivar force-pushed the feat/agntcy-identity-support branch from 1338d64 to 5dade48 Compare August 23, 2025 19:45
Anivar Aravind added 4 commits August 24, 2025 01:28
fix: Align with AGNTCY Identity spec structure
fef9dda 
- Use proper ResolverMetadata format per spec
- Switch to did:agntcy: DID method
- Include assertionMethod and service endpoints
- Update docs with correct identity format

Spec reference: https://spec.identity.agntcy.org/docs/id/definitions
fix: Remove hardcoded localhost:8090 from service endpoint
b9dcf7f 
Use relative path instead - lets resolver determine base URL
refactor: Improve identity code structure and documentation
fd3d4b3 
- Match mcpd code style with comprehensive godoc comments
- Add helper methods for better maintainability
- Improve error handling with proper context
- Add verbose logging option to CLI
- Follow existing manager patterns from codebase
Simplify identity implementation
ee6a4a1 
Remove over-engineered features:
- Remove identity show command
- Remove test file
- Simplify documentation
- Keep only essential init functionality
This was referenced Aug 24, 2025
Open
Closed
Closed
@anivar anivar changed the title feat: Add AGNTCY Identity support for secure MCP server verification feat: Add optional AGNTCY Identity support for MCP servers Aug 26, 2025
@peteski22 peteski22 self-requested a review August 27, 2025 15:05
@peteski22 peteski22 self-assigned this Aug 27, 2025
@anivar anivar mentioned this pull request Sep 2, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peteski22 peteski22 Awaiting requested review from peteski22

At least 1 approving review is required to merge this pull request.

Assignees

@peteski22 peteski22

Labels
needs-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add optional AGNTCY Identity support for MCP servers
2 participants
@anivar @peteski22