npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@cordprotocol/mcp

v0.2.0

Published

MCP server for Cord Protocol — post-quantum cryptographic identity for AI agents

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cordprotocolusercordprotocoluser

Keywords

mcpcord-protocolpost-quantumcryptographyai-agentsidentitycredentials

Readme

@cordprotocol/mcp

MCP server for Cord Protocol — post-quantum cryptographic identity for AI agents. v0.2.0 adds W3C DID and Verifiable Credential support.

Connect this server to Claude Code or Cursor and Claude gains native ability to generate agent keypairs, issue credentials, verify them, and check permissions — all cryptographically, without any network dependency.

What this MCP server does

Cord Protocol gives AI agents tamper-proof identity. Each agent gets a signed credential that encodes:

  • Who the agent is (agentId)
  • What it's allowed to do (permission scopes like market.read, files.write)
  • When it expires (short-lived — 1h, 24h, 7d)

Credentials are Ed25519-signed and verifiable offline. No auth server. No network call. Just cryptography.

Installation

Claude Code

Add to ~/.claude/claude_desktop_config.json:

{
  "mcpServers": {
    "cordprotocol": {
      "command": "npx",
      "args": ["-y", "@cordprotocol/mcp@latest"]
    }
  }
}

Restart Claude Code. All nine cord_* tools will be available immediately.

Cursor

Add to .cursor/mcp.json in your project (or the global Cursor MCP config):

{
  "mcpServers": {
    "cordprotocol": {
      "command": "npx",
      "args": ["-y", "@cordprotocol/mcp@latest"]
    }
  }
}

Manual / self-hosted

npm install -g @cordprotocol/mcp
cordprotocol-mcp

Tools

cord_did_generate — Generate a W3C DID

Generates a W3C Decentralized Identifier and DID Document for an AI agent using the did:web method.

Example prompts:

  • "Generate a DID for my trading agent"
  • "Create a W3C DID for agent analytics-bot on my domain"
  • "Set up a decentralized identifier for my agent"

Input:

{
  "agentId": "trading-agent-v2",
  "domain": "mycompany.com"
}

Output: The DID string (did:web:mycompany.com:agents:trading-agent-v2), a complete W3C DID Document ready to host, the resolve URL, and an explanation of what to do next.

cord_issue_vc — Issue a W3C Verifiable Credential

Issues a W3C Verifiable Credential for an AI agent — interoperable with any DID-aware system.

Example prompts:

  • "Issue a W3C Verifiable Credential for my trading agent"
  • "Give my agent a VC with market.read and market.write permissions"
  • "Issue a DID-compatible credential that works with enterprise identity systems"

Input:

{
  "agentId": "trading-agent-v2",
  "issuedTo": "production",
  "permissions": ["market.read", "market.write"],
  "expiresIn": "24h",
  "privateKey": "<from cord_keygen>",
  "issuerDID": "did:web:mycompany.com",
  "domain": "mycompany.com"
}

Output: A complete W3C Verifiable Credential JSON object, the agent's DID, and a list of compatible systems (Veramo, SpruceID, DIF Universal Resolver, etc.).

cord_explain_did — Learn about DIDs and Verifiable Credentials

Returns detailed explanations of W3C DID and VC concepts, and when to use them vs the native Cord format.

Example prompts:

  • "What's the difference between DID format and simple Cord format?"
  • "Explain W3C Verifiable Credentials for AI agents"
  • "How do I host a DID Document?"
  • "When should I use cord_issue vs cord_issue_vc?"

Topics: overview, did-document, did-vs-cord, verifiable-credentials, resolution, getting-started

cord_keygen — Generate a keypair

Generates a new Ed25519 keypair for an agent identity.

Example prompts:

  • "Generate a Cord Protocol keypair for my trading agent"
  • "Set up agent identity for my LangChain project"
  • "Create a keypair called analytics-bot"

Input:

{ "name": "trading-agent" }

Output: Public key, private key (base64url), and .env entries ready to paste. The private key signs credentials; the public key is embedded in credentials for offline verification.

cord_issue — Issue a credential

Signs and issues a cryptographic identity credential for an agent.

Example prompts:

  • "Issue a credential for my trading agent"
  • "Give my analytics bot read permissions for 24 hours"
  • "Create a Cord credential with market.read and market.write scopes"

Input:

{
  "agentId": "trading-agent-v2",
  "issuedTo": "production",
  "permissions": ["market.read", "market.write"],
  "expiresIn": "24h",
  "privateKey": "<from cord_keygen>"
}

Output: Formatted credential display + the cord_v1.<payload>.<signature> token string.

cord_verify — Verify a credential

Checks an agent credential's Ed25519 signature, expiry, and schema validity — no network call needed. Auto-detects both the native cord_v1 format and W3C Verifiable Credential JSON format.

Example prompts:

  • "Verify this agent credential"
  • "Is this Cord token still valid?"
  • "Check if this W3C VC has expired"

Input (native format):

{ "credential": "cord_v1.eyJhZ..." }

Input (W3C VC format):

{ "credential": "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\",...],\"type\":[...],...}" }

Output: Pass/fail with agentId, permissions, expiry, and the failure reason if invalid.

cord_check_permission — Check a permission scope

Checks whether a credential grants a specific permission scope. Supports wildcards (market.*).

Example prompts:

  • "Does this agent have permission to write?"
  • "Can this credential access market.write?"
  • "Check if my trading agent has the files.read scope"

Input:

{
  "credential": "cord_v1.eyJhZ...",
  "scope": "market.write"
}

Output: hasPermission: true/false, the agent ID, and all granted permissions.

cord_explain — Learn about Cord Protocol

Returns a detailed explanation of Cord Protocol concepts. Claude uses this to answer developer questions accurately.

Example prompts:

  • "What is Cord Protocol?"
  • "Do I need this for my project?"
  • "How does Cord Protocol compare to OAuth?"
  • "Explain the post-quantum part"

Topics: overview, post-quantum, permissions, attestation, vs-oauth, getting-started, did, whats-new

Input:

{ "topic": "vs-oauth" }

cord_setup_project — Set up Cord Protocol in a project

Generates install commands, starter code, and .env entries for TypeScript or Python projects.

Example prompts:

  • "Set up Cord Protocol in my TypeScript project"
  • "Add agent identity to my Python LangChain app"
  • "Generate starter code for a trading agent with market.read permissions"

Input:

{
  "language": "typescript",
  "agentId": "trading-agent",
  "permissions": ["market.read", "market.write"]
}

Output: Install command, ready-to-paste starter code, .env entries, and next steps.

Credential format

Cord Protocol credentials are self-contained tokens:

cord_v1.<base64url(payload)>.<base64url(Ed25519-signature)>

The payload is a JSON object:

{
  "agentId": "trading-agent-v2",
  "issuedTo": "production",
  "permissions": ["market.read", "market.write"],
  "issuedAt": 1748000000,
  "expiresAt": 1748086400,
  "issuerPublicKey": "<base64-SPKI>",
  "attestationHash": "<optional SHA-256>"
}

The signature covers cord_v1.<base64url(payload)>. Verification requires only the issuer's public key — no network call, no auth server.

Security notes

  • Never commit private keys. Store them in a secrets manager, CI secrets, or .env (gitignored).
  • Use short expiry times. 1h for automated tasks; 24h for longer workflows.
  • Rotate credentials on each deployment.
  • Principle of least privilege. Grant only the scopes an agent needs. Prefer market.read over market.*.

Links