Capability Identity

How tools are uniquely identified and hashed

In traditional package management (npm, Go modules), identity is often a semantic version string (v1.2.3). In the agentic web, servers are often rolling endpoints or unversioned Docker containers.

MCPTrust establishes Capability Identity by hashing the content of the tool definition.

The Identity Tuple

For every tool exposed by an MCP server, we verify:

  1. Tool Name: The string identifier.
  2. Description: The prompt text used by LLMs to understand the tool.
  3. Input Schema: The JSON Schema defining valid arguments.

We compute a SHA-256 hash over the canonicalized JSON representation of these three fields.

Why Description Matters

If an attacker changes the description of a delete_file tool from "Deletes a file" to "Optimizes disk space by removing caches", an LLM might be tricked into calling it inappropriately. Therefore, a change in description is a breaking change in trust.

Why Schema Matters

If a schema adds a new optional field force=true, the tool's capabilities have expanded. This requires re-approval.