attest-mcp-server

Issue a new root credential for a task. Use this at the start of a workflow when an orchestrator or top-level agent needs explicit scoped authority tied to a human user and instruction. Returns a signed JWT plus claims including the task tree ID; use delegate_credential for child agents instead of issuing multiple unrelated root credentials.

Create a narrower child credential from an existing parent credential. Use this when handing work to a sub-agent or isolated step that should receive only a subset of the parent scope. The server enforces that child_scope is a subset of the parent; if you need the original root authority, use issue_credential instead.

Revoke one credential and cascade that revocation through all of its descendants in the same task tree. Use this when a workflow should be stopped or contained; this is a state-changing operation, not a dry run. Returns a confirmation object, and later checks should use check_revocation or list_tasks rather than calling revoke_credential again.

Perform an offline-style validity check for one credential using the org JWKS fetched from Attest. Use this to inspect a token before acting on it or when debugging why a credential was rejected; for revocation-only checks use check_revocation instead. Requires the org_id that issued the token and returns validity, decoded claims, and warning details.

Check whether a specific credential JTI is currently revoked. Use this for a one-time revocation lookup when you already know the credential ID; it does not verify signature, expiry, or task history. Returns a small revocation status object, and network or API failures are returned as MCP errors.

List recent Attest task trees for the authenticated organization, optionally filtered by user, agent, status, or limit. Use this to recover recent workflows when you do not already know the task ID; use get_audit_trail or get_evidence once you have a specific task_id. This is a read operation that returns task summaries only and does not mutate task state.

Fetch the full audit event chain for a single task tree. Use this when you already know the task_id and need detailed chronology for issuance, delegation, actions, lifecycle events, approvals, or revocations; use list_tasks first if you need to discover candidate tasks. Returns the raw Attest audit events for that task and does not change state.

Fetch the signed evidence packet for one task tree. Use this when you need a portable proof artifact for compliance review, incident analysis, or independent verification; use get_audit_trail for a simpler raw event timeline. Returns the full evidence packet produced by Attest and does not mutate any task state.

Append a tool execution outcome to the Attest audit log for the credential in use. Use this after a meaningful business action such as sending email, updating billing, or calling an internal API; it records side effects rather than authorizing them. Returns a small confirmation object, and callers should use report_status for lifecycle transitions like started or completed.

Append an agent lifecycle event such as started, completed, or failed to the Attest audit log. Use this to mark step boundaries or overall task progress; use report_action for concrete tool outcomes instead. Returns a confirmation object and does not mint, verify, or revoke credentials.

Create a pending approval request for a high-risk delegation. Use this after issuing or delegating a credential when a human must approve extra scope before work continues. Requires a valid parent token and returns a challenge object that can later be inspected with get_approval or resolved with grant_approval or deny_approval.

Fetch the current status for one approval challenge by challenge_id. Use this after request_approval when you need a one-time status check for whether the request is still pending, approved, or rejected; it does not perform repeated polling by itself. Returns the approval record from Attest, and invalid or unknown challenge IDs will surface as an MCP error response.

Approve a pending approval challenge and mint the HITL-authorized child credential. Use this only when a human approver has already authenticated and you have their OIDC identity token; for status checks use get_approval instead. This changes system state, consumes the pending approval, and returns the delegated token that should be used for the gated step.

Reject a pending approval challenge without minting a child credential. Use this when a human declines the requested access; for passive inspection use get_approval instead. This changes the approval status in Attest and returns the final rejected state for that challenge.