Standardize trust-verification action schemas and fix MCP compatibility#6
Merged
Merged
Conversation
- src/index.js: replace z.unknown() with z.record(z.string(), z.unknown()) for validate_receipt_schema input — z.unknown() is not a valid MCP inputSchema shape (MCP requires an object schema at the input boundary) - src/registry/actions.js: fix endorse schema_path from non-existent 'schemas/trust-verification/endorsing/schema.v1.json' to correct 'schemas/trust-verification/endorse/schema.v1.json'; fix sign schema_path from 'schemas/trust-verification/signing/schema.v1.json' to 'schemas/trust-verification/sign/schema.v1.json' - src/registry/schemas.js: add missing 'endorse' entry to TRUST_SCHEMAS; fix 'sign' entry so clas/action/namespace are canonical (sign, clas.sign.v1, signagent.eth) not the filesystem-derived 'signing' values - schemas/trust-verification/signing/schema.v1.json: correct clas to clas.sign.v1, action to sign, namespace to signagent.eth to match registry - schemas/trust-verification/endorse/schema.v1.json: create missing schema file for the endorse action (referenced by registry but no file existed) CRITICAL (flagged for approval, not auto-fixed): Missing all 11 verify.* tool schemas (verify.credential, verify.identity, verify.authorization, verify.capability, verify.signature, verify.receipt, verify.attestation, verify.provenance, verify.integrity, verify.compliance, verify.delegation). These require product/protocol decision on input/output contracts before schema files can be authored.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR standardizes the naming and structure of trust-verification action schemas, deprecates the legacy "signing" schema in favor of "sign", and fixes MCP schema compatibility for the validate_receipt_schema tool.
Key Changes
signandendorseactions underschemas/trust-verification/{sign,endorse}/directoriesschemas/trust-verification/signing/schema.v1.jsonas deprecated with a note directing users to the newsignschema, while retaining it for backwards-compatibility discoverysrc/registry/actions.jsto reference the new canonical schema paths for both sign and endorse actionsvalidate_receipt_schematool input schema fromz.unknown()toz.record(z.string(), z.unknown())to comply with MCP requirements, with a comment explaining that the handler re-parses internally with the proper receiptSchemaImplementation Details
The schema changes align the action naming convention to use the singular form ("sign" instead of "signing", "endorse" instead of "endorsing"), which is reflected in both the schema files and the action registry. The deprecated signing schema is retained to avoid breaking existing discovery mechanisms while guiding users toward the canonical sign schema.
The MCP schema fix ensures that object types are properly represented using
z.record()rather thanz.unknown(), which is required for MCP tool schema validation while maintaining internal validation flexibility.https://claude.ai/code/session_016igMwkFir2FkLQCHL6a34z