Tool Details: ucan_verify

Basic Information

Tool Name:ucan_verify
Asset Name:Verify UCAN Token
Description:Verifies a UCAN capability token against this venue's trust policy and explains the verdict — the diagnostic counterpart to enforcement. Reports validity (signature at every chain hop, temporal bounds), the parsed claims, the delegation chain depth and root issuer, and a per-capability root-authority verdict: 'owner' (self-sovereign — the chain root is signed by the resource owner), 'venue' (rooted by this venue), or 'refused'. Optionally checks whether the token would authorise a specific request here. Read-only: no signing, no side effects.
Adapter:ucan
Asset Hash:0x220356fd11c834136fd53109035afd9562b582b816a1c4eff0fb6907efe4f12c
Input
PropertyTypeDescription
withstringOptional: a resource — together with 'can', asks whether the token would authorise this request on this venue
audstringOptional: the audience to evaluate the authorisation for (defaults to your own DID)
canstringOptional: an ability (e.g. crud/read) — together with 'with', asks whether the token would authorise this request
token*anyThe UCAN to verify: a JWT string (as returned by ucan_issue or minted client-side) or a token map
Output
PropertyTypeDescription
attarrayThe token's capabilities, each with a rootAuthority verdict: owner | venue | refused
reasonstringWhen invalid: a diagnosable explanation (expired, bad signature, unparseable, ...)
rootIssuerstringThe DID that signed the root of the delegation chain
validbooleanWhether the token verifies (signatures, temporal bounds, chain structure)
expintegerExpiry (unix seconds)
chainDepthintegerNumber of delegation hops above this token (0 = a root grant)
authorisesbooleanPresent when with/can supplied: whether the token authorises that request here for the audience
issstringIssuer DID
audstringAudience DID

MCP Tool Usage Examples

This tool can be called via the MCP (Model Context Protocol) endpoint. Here are examples of how to use it:

JSON-RPC Call Example:

POST to https://venue-3.covia.ai/mcp

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "ucan_verify",
    "arguments": {
      "input": "your input here"
    }
  }
}
cURL Example:
curl -X POST https://venue-3.covia.ai/mcp \\
  -H "Content-Type: application/json" \\
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "ucan_verify",
      "arguments": {
        "input": "your input here"
      }
    }
  }'
Python Example:
import requests
import json

url = "https://venue-3.covia.ai/mcp"
payload = {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
        "name": "ucan_verify",
        "arguments": {
            "input": "your input here"
        }
    }
}

response = requests.post(url, json=payload)
result = response.json()
print(result)
JavaScript/Node.js Example:
const fetch = require('node-fetch');

const url = 'https://venue-3.covia.ai/mcp';
const payload = {
    jsonrpc: '2.0',
    id: 1,
    method: 'tools/call',
    params: {
        name: 'ucan_verify',
        arguments: {
            input: 'your input here'
        }
    }
};

fetch(url, {
    method: 'POST',
    headers: {
        'Content-Type': 'application/json'
    },
    body: JSON.stringify(payload)
})
.then(response => response.json())
.then(data => console.log(data));

Asset Metadata

{
	"name": "Verify UCAN Token",
	"description": "Verifies a UCAN capability token against this venue's trust policy and explains the verdict — the diagnostic counterpart to enforcement. Reports validity (signature at every chain hop, temporal bounds), the parsed claims, the delegation chain depth and root issuer, and a per-capability root-authority verdict: 'owner' (self-sovereign — the chain root is signed by the resource owner), 'venue' (rooted by this venue), or 'refused'. Optionally checks whether the token would authorise a specific request here. Read-only: no signing, no side effects.",
	"dateCreated": "2026-07-09T00:00:00Z",
	"operation": {
		"adapter": "ucan:verify",
		"toolName": "ucan_verify",
		"input": {
			"type": "object",
			"properties": {
				"token": {
					"type": ["string", "object"],
					"description": "The UCAN to verify: a JWT string (as returned by ucan_issue or minted client-side) or a token map"
				},
				"with": {
					"type": "string",
					"description": "Optional: a resource — together with 'can', asks whether the token would authorise this request on this venue"
				},
				"can": {
					"type": "string",
					"description": "Optional: an ability (e.g. crud/read) — together with 'with', asks whether the token would authorise this request"
				},
				"aud": {
					"type": "string",
					"description": "Optional: the audience to evaluate the authorisation for (defaults to your own DID)"
				}
			},
			"required": ["token"]
		},
		"output": {
			"type": "object",
			"properties": {
				"valid": { "type": "boolean", "description": "Whether the token verifies (signatures, temporal bounds, chain structure)" },
				"reason": { "type": "string", "description": "When invalid: a diagnosable explanation (expired, bad signature, unparseable, ...)" },
				"iss": { "type": "string", "description": "Issuer DID" },
				"aud": { "type": "string", "description": "Audience DID" },
				"exp": { "type": "integer", "description": "Expiry (unix seconds)" },
				"chainDepth": { "type": "integer", "description": "Number of delegation hops above this token (0 = a root grant)" },
				"rootIssuer": { "type": "string", "description": "The DID that signed the root of the delegation chain" },
				"att": { "type": "array", "description": "The token's capabilities, each with a rootAuthority verdict: owner | venue | refused" },
				"authorises": { "type": "boolean", "description": "Present when with/can supplied: whether the token authorises that request here for the audience" }
			}
		}
	}
}

Navigation

Back to adapter details

Back to all adapters

Back to index