Open source • Community-led • Enterprise-ready

Identity and trust for MCP servers.

The Model Context Protocol (MCP) standardizes how agents call tools and data sources. The MCP Trust Framework (MCPF) adds the missing layer: who those servers are, what they claim to do, and whether they meet your security and governance expectations.

Explore on GitHub Read the Standard See the Registry Model
One-line summary: MCP tells agents how to call tools. MCPF tells them which tools are verified and allowed. 
# Quick start (community docs)
# 1) Browse repos and specs
open https://github.com/MCPTrustFramework

# 2) Adopt the trust vocabulary:
#    DID identity • VCs • issuers • revocations
#    capability snapshots • policy gates
Tip: MCPF is designed to be compatible with existing MCP runtimes. It adds a trust overlay, not a new protocol.
ID
DID-based identity

Each MCP server can be identified by a DID, with an issuer you can verify.

VC
Verifiable Credentials

Attach attestations: ownership, environment, assurance level, compliance, reviews.

RG
Registry & revocation

Discover approved servers and revoke or deprecate them centrally when needed.

PL
Policy gates

Enforce “only allow servers meeting X” before an agent ever calls a tool.

How it works

A conservative trust layer — built the way infrastructure has always worked.

Traditional IT did not let unknown endpoints into production without identity, registration, and revocation. MCPF brings the same discipline to AI toolchains.

StepWhat happens
1An MCP server publishes a manifest of tools/capabilities.
2The server is identified by a DID and can receive VCs from trusted issuers.
3A registry lists servers, issuers, and revocations in a queryable way.
4Runtimes enforce policy: allow/deny, minimum assurance, environment constraints.
What MCPF is (and is not)
  • Is: a trust vocabulary + data model + registry patterns for MCP ecosystems.
  • Is: open source, community-driven, designed for federation.
  • Is not: a replacement for MCP. It’s a layer above it.
  • Is not: tied to a single vendor — even though it was incubated with light support from the Veritrust ecosystem.
Join the community View ecosystem directory (ANS)