Open source • Community-led • Enterprise-ready

Identity and trust for MCP servers

The Model Context Protocol (MCP) standardizes how agents call tools and data sources. The MCP Trust Framework (MCPF) adds the missing layer: who those servers are, what they claim to do, and whether they meet your security and governance requirements.

Explore on GitHub Read the Standard Registry Model
One-line summary: MCP tells agents how to call tools. MCPF tells them which tools are verified and allowed. 
# Quick start
# 1) Browse repositories and specs
open https://github.com/MCPTrustFramework

# 2) Core repositories:
#    MCPF-specification  - The standard
#    MCPF-ans            - Agent Name Service
#    MCPF-registry       - Trust Registry
#    MCPF-python         - Python SDK
#    MCPF-typescript     - TypeScript SDK

# 3) Get started in minutes:
#    MCPF-quickstarts    - 5min/15min/1hr paths
Tip: MCPF is designed to be compatible with existing MCP servers. It adds a trust overlay, not a new protocol.
ID
DID-based Identity

Each MCP server identified by a W3C DID, with verifiable controller keys.

VC
Verifiable Credentials

Attach attestations: ownership, environment, assurance level, compliance status.

RG
Registry & Discovery

Discover approved servers and revoke or deprecate them centrally when needed.

PL
Policy Gates

Enforce "only allow servers meeting X" before an agent ever calls a tool.

How it works

A conservative trust layer — built the way infrastructure has always worked

Traditional IT did not let unknown endpoints into production without identity, registration, and revocation. MCPF brings the same discipline to AI toolchains.

StepWhat happens
1MCP server publishes a manifest of tools/capabilities.
2Server is identified by a DID and receives VCs from trusted issuers.
3Registry lists servers, issuers, and revocations in a queryable way.
4Runtimes enforce policy: allow/deny, minimum assurance, environment constraints.
What MCPF is (and is not)
  • Is: A trust vocabulary + data model + registry patterns for MCP ecosystems
  • Is: Open source, community-driven, designed for federation
  • Is not: A replacement for MCP. It's a layer above it
  • Is not: Tied to a single vendor — originally incubated with VeriTrust support
Join the Community View Specification