mcp-ipfs

w3_bridge_generate_tokens

Generate authentication tokens for the UCAN-HTTP bridge, enabling delegated capabilities and expiration settings for secure access to MCP IPFS server resources.

Instructions

Generates authentication tokens for using the UCAN-HTTP bridge.

Input Schema

TableJSON Schema

Name	Required	Description
`capabilities`	Yes	One or more capabilities to delegate (e.g., ['space/info']).
`expiration`	No	Unix timestamp (in seconds) for expiration. Zero means no expiration.
`json`	No	Output JSON suitable for fetch headers (default: true).

Implementation Reference

src/tool_handlers.ts:430-485 (handler)

The primary handler function for the 'w3_bridge_generate_tokens' tool. Validates input arguments using the corresponding Zod schema, constructs the 'w3 bridge generate-tokens' CLI command based on capabilities, expiration, and json flag, executes it via runW3Command utility, handles JSON parsing, and formats the response as MCP content.

const handleW3BridgeGenerateTokens: ToolHandler = async (args) => {
  const parsed = Schemas.W3BridgeGenerateTokensArgsSchema.safeParse(args);
  if (!parsed.success)
    throw new Error(
      `Invalid arguments for w3_bridge_generate_tokens: ${parsed.error.message}`
    );
  const { capabilities, expiration, json } = parsed.data;
  let command = "bridge generate-tokens";
  capabilities.forEach((cap) => {
    command += ` --can '${cap}'`;
  });
  if (expiration !== undefined) command += ` --expiration ${expiration}`;
  if (json) command += " --json";
  const { stdout } = await runW3Command(command);
  if (json) {
    try {
      const tokenData = JSON.parse(stdout);
      return {
        content: [
          {
            type: "text",
            text: JSON.stringify({
              message: "Bridge tokens generated (JSON format).",
              tokenData,
            }),
          },
        ],
      };
    } catch (e) {
      logger.warn("Failed to parse bridge tokens JSON, returning raw.");
      return {
        content: [
          {
            type: "text",
            text: JSON.stringify({
              message: "Bridge tokens generated (raw output).",
              output: stdout.trim(),
            }),
          },
        ],
      };
    }
  } else {
    return {
      content: [
        {
          type: "text",
          text: JSON.stringify({
            message: "Bridge tokens generated (raw output).",
            output: stdout.trim(),
          }),
        },
      ],
    };
  }
};

src/schemas.ts:168-188 (schema)

Zod schema defining the input parameters for the 'w3_bridge_generate_tokens' tool, including required capabilities array, optional expiration timestamp, and json output flag with descriptions.

export const W3BridgeGenerateTokensArgsSchema = z
  .object({
    capabilities: z
      .array(z.string())
      .min(1)
      .describe("One or more capabilities to delegate (e.g., ['space/info'])."),
    expiration: z
      .number()
      .int()
      .positive()
      .optional()
      .describe(
        "Unix timestamp (in seconds) for expiration. Zero means no expiration."
      ),
    json: z
      .boolean()
      .optional()
      .default(true)
      .describe("Output JSON suitable for fetch headers (default: true)."),
  })
  .describe("Generates authentication tokens for using the UCAN-HTTP bridge.");

src/tool_handlers.ts:961-961 (registration)
Maps the tool name 'w3_bridge_generate_tokens' to its handler function in the exported toolHandlers object, which is imported and used by the main MCP server in index.ts to dispatch tool calls.
```
w3_bridge_generate_tokens: handleW3BridgeGenerateTokens,
```

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It states the tool 'generates authentication tokens' but lacks details on behavioral traits: it doesn't specify if this is a read-only or mutating operation, what permissions are needed, whether tokens are stored or transient, rate limits, or error conditions. The description is minimal and misses key operational context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that directly states the tool's purpose without redundancy. It is appropriately sized and front-loaded, with no wasted words or unnecessary elaboration.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of authentication token generation, no annotations, and no output schema, the description is insufficient. It lacks details on what the tool returns (e.g., token format, headers), error handling, security implications, or integration with other tools. For a critical operation like token generation, more context is needed to ensure safe and correct usage.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, providing clear documentation for all parameters (capabilities, expiration, json). The description adds no additional parameter semantics beyond the schema, such as examples of capability strings or implications of expiration settings. Baseline 3 is appropriate as the schema handles the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'generates' and the resource 'authentication tokens', specifying they are for 'using the UCAN-HTTP bridge'. It distinguishes from most siblings by focusing on token generation rather than operations like listing or creating resources, though it doesn't explicitly differentiate from similar tools like w3_login or w3_delegation_create.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., authentication state), compare to siblings like w3_login for initial authentication or w3_delegation_create for delegation, or specify scenarios where token generation is required.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Related Tools

w3_space_addD
@alexbakers/mcp-ipfs
token_authD
@ricauts/CyberMCP
create_access_tokenC
@usegranthq/mcp-server
w3_delegation_createC
@alexbakers/mcp-ipfs
affine_list_access_tokensB
@DAWNCR0W/affine-mcp-server
w3_upC
@alexbakers/mcp-ipfs

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/alexbakers/mcp-ipfs'

If you have feedback or need assistance with the MCP directory API, please join our Discord server