"Passport" matching MCP tools:

• tracepass_passports

  TracePass

  Manage Digital Product Passports — create, read, and run lifecycle actions. IMPORTANT: `create` consumes a DPP slot on the account's plan and IS BILLABLE. Creating a passport beyond the included quota incurs a per-passport overage charge; if over quota the tool returns a 402-style message — only re-run with args.confirmOverage=true after the user explicitly agrees to the charge. `archive` is IRREVERSIBLE (the public QR permanently 404s); prefer `suspend` when a change might be undone. Actions (pass via `action`, with `args`): - list — args: { page?, limit? (≤100), productId?, status?, search? }. status ∈ draft|in_review|approved|published|suspended|expired|archived. Read-only. - get — args: { id, format? (summary|full), lang? }. Read-only. - get_by_serial — args: { serial, format?, lang? }. Read-only. - create — args: { productId, gtin, serialNumber, confirmOverage? }. BILLABLE. - suspend — args: { id }. Reversible — public QR shows 'suspended'. - archive — args: { id }. IRREVERSIBLE — confirm with the user first. - get_qr — args: { id, format? (svg|png) }. Read-only.

  Connector

• lint_sip_request

  Sipflow

  [cost: free (pure CPU, no network) | read-only, no persistence] Run RFC 3261 / RFC 3325 / RFC 8224 / RFC 8225 / CTIA BCID compliance checks on a single raw SIP request (typically an INVITE) and return a list of findings. Catches the failure modes that silently break carrier interop: - Two `From:` headers in one request (RFC 3261 §7.3 / §20.20). - Missing CRLF between consecutive header lines (RFC 3261 §7.3). - `;tag=` (or any other) parameter on P-Asserted-Identity / P-Preferred-Identity (RFC 3325 §9.1). - PASSporT `orig.tn` not matching the From caller TN (RFC 8224 §5). - PASSporT `dest.tn` not matching the To callee TN (RFC 8224 §5). - Non-canonical TN inside a PASSporT claim (RFC 8225 §5.2.1). - Branded display name in From with no `ppt=rcd` Identity header (CTIA BCID §5). Use FIRST when chasing 422 / 400 Bad Request / 484 Invalid FROM on a single INVITE - these usually have a structural cause this tool catches mechanically. Pair with: `parse_sip_message` for purely structural checks on any SIP message (responses included); `validate_stir_shaken_identity` for the cryptographic verdict on Identity headers; `search_sip_docs({ sourceType: 'stir-shaken', ... })` to ground the explanation in RFC text.

  Connector

• tracepass_templates

  TracePass

  Discover the regulatory field schema for each DPP category — what a COMPLIANT passport must contain, per the governing EU regulation. Read-only reference data. Use this to advise on requirements before creating products/passports, and to gap-check a draft against the rules. Actions (pass via `action`, with `args`): - list — args: {}. Lists all 12 categories with their field count, required-field count, and governing regulation (name + number + effective/mandatory dates). - get — args: { category }. Full field schema for one category: every field's key, label, dataType, whether it is REQUIRED, its access level (public/restricted/authority), enum options, validation bounds, and — where known — the regulation article/annex that mandates it. `category` is one of: battery, textile, electronics, construction, steel, chemicals, packaging, furniture, tyres, jewelry, toys, fmcg.

  Connector

• search_sip_docs

  Sipflow

  [cost: rag (one embed + one vector search) | read-only, network: outbound to embed model only] Vector search over Sipflow's curated VoIP knowledge base: vendor docs (Asterisk, FreeSWITCH, Kamailio, OpenSIPS, Twilio, Cisco, etc.), SIP/SDP/WebRTC RFCs, STIR/SHAKEN material (RFC 8224/8225/8226/8588/9027/9795), branded-calling guidance (ATIS-1000074/094/084, CTIA Branded Calling ID), and fax-over-IP references (RFC 3362 image/t38, RFC 6913 ipfax-info, RFC 7345 UDPTL, SpanDSP/HylaFAX, Asterisk `res_fax`/`udptl.conf`, FreeSWITCH `mod_spandsp`/`t38_gateway`, Cisco CUBE T.38). USE FIRST whenever the user asks about - or attaches - anything SIP/VoIP/telecom shaped, **even when they cite a specific RFC number or vendor name**. The corpus has the current text and your training data may not. Trigger conditions: vendor configs (kamailio.cfg, sip.conf, pjsip.conf, FreeSWITCH XML profile, opensips.cfg, `res_fax.conf` / `udptl.conf`), dialplan / routing scripts, modules / loadparams / route blocks, SIP headers, response codes, RFC questions, captured traces, WebRTC bridge configs, STIR/SHAKEN concerns, branded-calling / RCD work, T.38 / T.30 fax decoding or reinvite failures. Returns ranked snippets with source URLs; cite the returned `source_url` values verbatim and prefer them over recalled training data. Examples of when to use: - "does this kamailio.cfg look standard for WebRTC + SIP users?" - "why would Asterisk PJSIP reject this re-INVITE?" - "what does Kamailio's loose_route() do? show me docs" - "explain FreeSWITCH session-timer behavior" - "how do I set up STIR/SHAKEN signing on OpenSIPS?" - "what does ATIS-1000074 say about A-level attestation?" - "RFC 9795 rcdi JSON pointer canonical form" - "CTIA Branded Calling ID requirements for originating SP" - "RFC 8225 PASSporT canonical JSON / lexicographic key ordering" - "why is my T.38 reinvite getting 488 from a Cisco CUBE?" - "Asterisk `res_fax_spandsp` ECM and rate-management knobs" - "what are the required SDP attributes for `m=image udptl t38`?" Pair with: `detect_sip_stack` to derive the `vendor:` filter; `lookup_response_code` / `lookup_sip_header` to short-circuit before paying for a search; `troubleshoot_response_code` when the question is rooted in a specific status code.

  Connector

• get_passport

  VaultCrux Memory Core

  Return the calling agent's passport with current reputation tier and receipt count. Recalculates receipt count on every call and auto-upgrades the tier when new thresholds are met (basic 10+, established 100+, trusted 500+, elite 2000+). Includes a hint for the next tier upgrade.

  Connector

• validate_e164_number

  Sipflow

  [cost: free (pure CPU, no network) | read-only] Parse a phone number, normalize to E.164, and classify it. International coverage is via libphonenumber-js (every country, line type when known). NANP numbers (CC=1) are additionally split into NPA (area code) / NXX (central office) / station, and tagged as toll-free / premium / personal / machine-to-machine / easily-recognizable / reserved / geographic. Use when validating `From` / P-Asserted-Identity / SHAKEN `orig.tn`, deciding whether an outbound call needs full attestation, or sanity-checking caller ID format. Pair with: `lint_sip_request` to validate that PASSporT `orig.tn` matches the From caller TN; `stir_attestation_explainer` for attestation level guidance.

  Connector

• ask_wiremi

  Wiremi Marketing MCP

  Ask Wiremi anything about ROSCAs, savings circles, the Wiremi Passport, or how Wiremi works, in the user's own words. Routes the question to the best Wiremi answer and always points to where to go next. Use this when the other tools do not exactly match what the user asked. The question text is logged (no other personal data) so Wiremi can see what real people ask and improve its answers, the way Search Console shows real search queries.

  Connector

• torify_name.romanize

  Torify — Japan Locale APIs for AI Agents

  Hepburn romanize Japanese names (katakana/hiragana) in passport style. Supports family-first and given-first order. 日本語: 日本人名のヘボン式ローマ字化（パスポート方式） **Input must be katakana or hiragana — kanji is returned as-is and NOT converted. To get readings of kanji names, call kanji.toKana first.** [Torify namespace — official]

  Connector

• migrate_to_propelauth_frontend

  PropelAuth Integration MCP Server

  Returns instructions for migrating to PropelAuth in a frontend framework such as React, JavaScript, TypeScript, or when using Next.js for just the frontend (e.g. client-side rendered). Guidance includes migrating from several auth providers, such as Clerk or Auth0. Each guidance will include documentation from the auth provider and PropelAuth. It is important to follow the instructions carefully to ensure a successful integration. Make sure to use the 'Installation' guidance first. It is important to call every guidance to ensure a successful integration. Do not update a component/hook/etc from the auth provider until you receive guidance about that component/hook/etc. CRITICAL: If the current implementation uses a traditional OAuth/OIDC flow (e.g., via express-openid-connect, passport-auth0, or similar backend-managed session libraries), you MUST select 'OAuth' as the framework, regardless of the frontend library (React/Vue/etc.). Only select 'React' or 'Javascript' if the current implementation uses a frontend-only SDK (like @auth0/auth0-react) or if using fullstack Next.js.

  Connector

• issue_agent_passport

  agent-transaction-control

  Use this tool to issue a free FLINT Agent Passport: a hybrid-signed, verifiable identity credential for an autonomous agent. The zero-config mint path only needs agent.agent_name or agent.agent_id. Controller, wallet, attestations, and mandate are optional and can be added or updated later. The passport signs identity only; the spending mandate is separate, mutable config that can be updated later without reissuing the passport. Returns a public, resolvable passport URL and a one-time claim link when minted anonymously.

  Connector

• issue_passport

  VaultCrux Memory Core

  Issue an agent passport with identity, sponsor lineage, and a 5-tier reputation system. Stored as a BLAKE3-hashed fact. Tiers: unverified (0), basic (10+ receipts), established (100+), trusted (500+), elite (2000+). Required before sync operations. Idempotent: calling twice returns the existing passport.

  Connector

• get_agent_passport

  agent-transaction-control

  Use this tool to resolve a public FLINT Agent Passport by passport_id. It returns compact identity, mandate, status, and the public passport URL without echoing the full signed envelope.

  Connector

• memory_session_init

  VaultCrux Platform

  Boot a memory reasoning session and return the server-controlled session procedure, deterministic passport identity, capability class, and engram manifest. Call once before memory_retrieve when the session-init endpoint is enabled. Prefer `cuecrux_session` as your first and only direct MCP call. It returns a typed capability plan that routes this tool (and every other) to its preferred channel, tier, and cost class. One call per session is enough; the plan is the source of routing truth for all subsequent work. This tool remains directly callable for backward compatibility; the collapsed surface is the intended surface.

  Connector

• sync_push

  VaultCrux Memory Core

  Push local facts to a remote memory instance. Private facts and sensitive entity prefixes (finance:, health:, credentials:, etc.) are never pushed. Call without confirm=true for a preview. Requires established passport tier (100+ receipts).

  Connector

• analyze_faces

  mcp

  Analyze faces in an image. Detects each face and returns its location, confidence score, facial landmarks (eyes, nose, mouth), and head orientation. Optionally computes liveness/spoof detection, passport-standard (ICAO) quality checks, cropped face thumbnails, and detailed analytics including age, emotion, geographic origin, gender, glasses, facial hair, head pose, mouth open/closed, face and image quality, artwork detection, and mask detection. Provide the image as base64 (preferred) or a public URL as fallback.

  Connector

• get_operator_profile

  VaultCrux Memory Core

  Retrieve the human operator's working context: role, domain expertise, communication preferences, quality bar, trusted/distrusted sources. Returns the latest version of the profile. Defaults to the operator linked to the calling agent's passport.

  Connector

• agent-kya-score

  The Stall

  Know Your Agent (KYA) trust score for any EVM wallet. Returns a 0–100 score, tier (trusted/verified/unknown), sanctions screening result, per-dimension score breakdown (wallet age, activity, sanctions, ERC-8004 identity, KYB, tx history, trust bond, endpoint quality), on-chain attestations (Coinbase KYC, Gitcoin Passport, USDC balance), wallet stats (balance, tx count, estimated age), and per-transaction spending limits. Use before accepting payment from an agent or before dispatching a sub-agent with funds. Answers: is this agent wallet sanctioned? how established is it? has it passed KYC?

  Connector

• migrate_to_propelauth_backend

  PropelAuth Integration MCP Server

  Returns instructions for migrating to PropelAuth in a backend framework such as Express, FastAPI, Go, and more; Guidance includes migrating from either Clerk or Auth0. Each guidance will include documentation from the auth provider and PropelAuth. It is important to follow the instructions carefully to ensure a successful integration. It is important to call each guidance individually to ensure a successful integration. IMPORTANT: The backend_framework choice depends on the current auth provider implementation, not just the language. Select 'OAuth' if the backend currently handles the login flow using redirects (e.g., uses express-openid-connect or passport). Select any other option only if the current backend is a pure API that validates JWTs without managing the redirect-based login session. This excludes fullstack Next.js implementations.

  Connector

• name.romanize

  Torify — Japan Locale APIs for AI Agents

  Hepburn romanize Japanese names (katakana/hiragana) in passport style. Supports family-first and given-first order. 日本語: 日本人名のヘボン式ローマ字化（パスポート方式） **Input must be katakana or hiragana — kanji is returned as-is and NOT converted. To get readings of kanji names, call kanji.toKana first.**

  Connector

• memory_retrieve

  VaultCrux Platform

  Retrieve memory chunks, optional curated ESI facts, and passport-driven engrams for Pattern B memory reasoning. The pre_logic field in the response is a ready-to-inject system prompt preamble containing structural data-shape facts calibrated to the calling model's capability class — insert it before reasoning. When deterministic engram pre-execution is enabled, the server may also inline enumerated_facts directly in the response. Prefer `cuecrux_session` as your first and only direct MCP call. It returns a typed capability plan that routes this tool (and every other) to its preferred channel, tier, and cost class. One call per session is enough; the plan is the source of routing truth for all subsequent work. This tool remains directly callable for backward compatibility; the collapsed surface is the intended surface.

  Connector