HiveAuth MCP Server

Overview Schema Related Servers Score Discussions

issue_credential

Issue verifiable credentials using W3C VC Data Model formats with validation for secure digital identity management in the HiveAuth ecosystem.

Instructions

Issue a new verifiable credential using HiveAuth. Supports both W3C VC Data Model 1.1 and 2.0 formats with comprehensive validation.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`credentialSubject`	Yes	Credential subject data
`type`	Yes	Array of credential types (e.g., ["VerifiableCredential", "EducationCredential"])
`vcVersion`	No	W3C VC Data Model version	2.0
`expirationDate`	No	ISO 8601 date string
`validUntil`	No	ISO 8601 date string
`context`	No	Additional JSON-LD contexts
`issuer`	No	Custom issuer DID or object

Implementation Reference

src/tools/issueCredential.ts:8-84 (handler)

The main handler function that executes the 'issue_credential' tool: validates input, calls HiveAuth API to issue VC, handles errors, and returns MCP CallToolResult.

export async function issueCredential(args: any): Promise<CallToolResult> {
  // Validate and sanitize input
  const validation = validateAndSanitizeInput(IssueCredentialInputSchema, args, 'issue_credential');
  
  if (!validation.success) {
    return createValidationErrorResult(validation.error!);
  }

  const data = validation.data!;
  const { credentialSubject, type, vcVersion = '2.0', expirationDate, validUntil, context, issuer } = data;

  const HIVEAUTH_API_BASE_URL = process.env.HIVEAUTH_API_BASE_URL || 'http://localhost:3000';
  const ISSUE_ENDPOINT = `${HIVEAUTH_API_BASE_URL}/api/issue`;

  try {
    const payload: any = {
      credentialSubject,
      type,
      vcVersion
    };

    // Add optional fields if provided
    if (expirationDate) {
      payload.expirationDate = expirationDate;
    }
    
    if (validUntil) {
      payload.validUntil = validUntil;
    }
    
    if (context) {
      payload.context = context;
    }
    
    if (issuer) {
      payload.issuer = issuer;
    }

    const response = await fetch(ISSUE_ENDPOINT, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify(payload),
    });

    if (!response.ok) {
      const errorData = await response.json().catch(() => ({ message: response.statusText }));
      throw new Error(`Failed to issue credential: ${errorData.message}`);
    }

    const result = await response.json();

    return {
      content: [
        {
          type: 'text',
          text: `Successfully issued ${vcVersion === '2.0' ? 'VC 2.0' : 'VC 1.1'} credential with ID: ${result.credential?.id || 'unknown'}`
        },
        {
          type: 'text',
          text: `\`\`\`json\n${JSON.stringify(result, null, 2)}\n\`\`\``
        }
      ]
    };
  } catch (error: any) {
    return {
      content: [
        {
          type: 'text',
          text: `Failed to issue credential: ${error.message}`
        }
      ],
      isError: true
    };
  }
}

src/schemas/toolSchemas.ts:91-99 (schema)

Zod input schema for the 'issue_credential' tool defining credentialSubject, type, vcVersion, expirationDate, validUntil, context, and issuer.

export const IssueCredentialInputSchema = z.object({
  credentialSubject: CredentialSubjectSchema,
  type: CredentialTypeSchema,
  vcVersion: VCVersionSchema.optional(),
  expirationDate: ISO8601DateSchema.optional(),
  validUntil: ISO8601DateSchema.optional(),
  context: z.array(z.string()).optional().describe('Additional JSON-LD contexts'),
  issuer: z.union([z.string(), z.object({}).passthrough()]).optional().describe('Custom issuer DID or object')
});

src/utils/schemaConverter.ts:16-20 (registration)

TOOL_DEFINITIONS entry registering 'issue_credential' tool metadata (name, description, inputSchema) used by createMCPTools() to generate MCP Tool objects.

{
  name: 'issue_credential',
  description: 'Issue a new verifiable credential using HiveAuth. Supports both W3C VC Data Model 1.1 and 2.0 formats with comprehensive validation.',
  inputSchema: TOOL_SCHEMAS.issue_credential
},

src/index.ts:83-85 (registration)
Dispatch registration in MCP server's CallToolRequestSchema handler switch statement routing 'issue_credential' calls to the handler function.
```
case 'issue_credential':
  return await issueCredential(args);
```
src/schemas/toolSchemas.ts:178-178 (schema)
TOOL_SCHEMAS mapping entry linking 'issue_credential' tool name to its input schema for schema lookup.
```
issue_credential: IssueCredentialInputSchema,
```

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden but offers minimal behavioral information. It mentions 'comprehensive validation' but doesn't specify what that entails (e.g., schema validation, issuer verification, or cryptographic checks). It lacks details on permissions required, rate limits, whether the operation is idempotent, or what happens on failure. For a mutation tool with zero annotation coverage, this is inadequate.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core purpose. It avoids unnecessary words and gets straight to the point. However, it could be slightly more structured by separating format support from validation claims for better readability.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a complex mutation tool with 7 parameters, no annotations, and no output schema, the description is insufficient. It doesn't explain what the tool returns (e.g., a signed credential object, a credential ID, or status), error handling, authentication requirements, or how it differs from sibling tools. The mention of 'comprehensive validation' is vague and doesn't compensate for the missing contextual details.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds no parameter-specific information beyond what's already in the schema (which has 100% coverage). It mentions 'W3C VC Data Model 1.1 and 2.0 formats' which relates to the 'vcVersion' parameter, but this is already covered by the schema's enum and description. With high schema coverage, the baseline score of 3 is appropriate as the description doesn't enhance parameter understanding.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('issue a new verifiable credential') and the resource ('using HiveAuth'), with specific mention of supported formats (W3C VC Data Model 1.1 and 2.0). However, it doesn't explicitly differentiate from sibling tools like 'batch_issue_credentials' or 'derive_credential', which would be needed for a perfect score.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention sibling tools like 'batch_issue_credentials' for multiple credentials, 'derive_credential' for derived credentials, or 'refresh_credential' for updates. There's also no information about prerequisites, authentication needs, or error conditions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/AlyssonM/hiveauth-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server