AgentPassports.ethAgent permission manager
Agent Permission Manager · MCP

AgentPassports MCP

Connect your MCP-capable agent to https://mcp.agentpassports.xyz/mcp. MCP stays thin: it builds unsigned task intents, submits locally signed payloads, and polls KeeperHub for final status.

Passport/Visa authority: KeeperHub validates scope, routes execution, and emits KeeperHub Stamps.

Hosted endpointhttps://mcp.agentpassports.xyz/mcp

Public MCP runtime. Owner wallet control stays in the web app and local signing environment.

01Passport

The agent proves identity through its Agent Passport and local signer.

02Visa

The signed intent carries the requested target, selector, spend, and Visa Scope.

03KeeperHub Stamp

KeeperHub validates the Passport/Visa, executes allowed work, and returns proof.

Prompt

Use agentpassport_keeperhub_gate

Guides task-intent build, local signing, async KeeperHub submit, and final status polling.

Private key stays local

Sign with the skill script

Use sign-intent.ts and .agentPassports/keys.txt. Never send the private key to MCP.

Safe Passport/Visa execution flow

  1. Use the agentpassport_keeperhub_gate prompt for guided execution.
  2. Call build_task_intent with explicit public inputs to receive unsigned intent JSON and typed data.
  3. Sign locally with the skill-provided sign-intent.ts script.
  4. Call submit_task with the signed payload; it returns a KeeperHub execution id quickly by default.
  5. Call check_task_status with that execution id until KeeperHub returns final status, logs, errors, tx hash evidence, and KeeperHub Stamps.

Authority boundary

KeeperHub validates the Agent Passport, Visa Scope, action limits, workflow routing, and execution. MCP does not create keys, receive private keys, perform local authorization checks, or convert KeeperHub output into a local approval decision.

Thin MCP tools

Build unsigned intentbuild_task_intent

Packages explicit public task inputs into typed data. No local Visa validation happens inside MCP.

Submit signed payloadsubmit_task

Forwards the owner-approved, locally signed payload to KeeperHub and returns an execution id quickly.

Poll KeeperHub statuscheck_task_status

Reads final KeeperHub execution state, logs, errors, tx hashes, and KeeperHub Stamp evidence.

Resources

Task intent guideagentpassport://tasks/{agentName}

Agent-facing task input shape for a Passport and its scoped Visa.

KeeperHub guideagentpassport://keeperhub/{agentName}

Execution and Stamp context for the KeeperHub workflow protecting that Passport.

Stop conditions

Stop if a private key would leave the local machine, the unsigned intent JSON is altered before signing, the signature is malformed, or KeeperHub returns a blocked/error Stamp.