NEW: Listen to our podcast -- MCP is Dead. Long Live MCPS.Listen on Spotify
Interactive Demo

MCPS Playground

Generate keys, create agent passports, sign messages, verify signatures. Everything runs in your browser using Web Crypto API. No server calls. No install.

1. Keys
2. Passport
3. Sign
4. Verify
5. Tool Integrity
1
Generate ECDSA P-256 Key Pair
MCPS uses ECDSA with the P-256 curve (same as TLS, WebAuthn, Apple). The private key stays with the agent. The public key goes into the passport.
2
Create Agent Passport
An agent passport is a signed identity credential. It contains the agent's name, capabilities, public key, trust level, issuer, and expiry. The Trust Authority signs it.
3
Sign an MCP Message
Every JSON-RPC message gets wrapped in a signed envelope with a nonce (replay protection) and timestamp (5-min window). The agent signs with its private key.
4
Verify Signature
The receiving MCP server verifies the signature using the agent's public key from the passport. If the message was tampered with, verification fails.
5
Tool Integrity Binding
Tool definitions are signed by the server. If an attacker poisons a tool description (changes parameters, adds hidden instructions), the hash won't match.

Ready to add MCPS to your agents?

npm install mcp-secure  |  pip install mcp-secure

Quickstart Guide API Docs GitHub