Tool Details: ucan_verify

Basic Information

Tool Name:ucan_verify
Asset Name:Verify UCAN Token
Description:Verifies a UCAN capability token against this venue's trust policy and explains the verdict — the diagnostic counterpart to enforcement. Reports validity (signature at every chain hop, temporal bounds), the parsed claims, the delegation chain depth and root issuer, and a per-capability root-authority verdict: 'owner' (self-sovereign — the chain root is signed by the resource owner), 'venue' (rooted by this venue), or 'refused'. Optionally checks whether the token would authorise a specific request here. Read-only: no signing, no side effects.
Adapter:ucan
Asset Hash:0x220356fd11c834136fd53109035afd9562b582b816a1c4eff0fb6907efe4f12c
Input
PropertyTypeDescription
withstringOptional: a resource — together with 'can', asks whether the token would authorise this request on this venue
canstringOptional: an ability (e.g. crud/read) — together with 'with', asks whether the token would authorise this request
token*anyThe UCAN to verify: a JWT string (as returned by ucan_issue or minted client-side) or a token map
audstringOptional: the audience to evaluate the authorisation for (defaults to your own DID)
Output
PropertyTypeDescription
attarrayThe token's capabilities, each with a rootAuthority verdict: owner | venue | refused
validbooleanWhether the token verifies (signatures, temporal bounds, chain structure)
expintegerExpiry (unix seconds)
reasonstringWhen invalid: a diagnosable explanation (expired, bad signature, unparseable, ...)
rootIssuerstringThe DID that signed the root of the delegation chain
authorisesbooleanPresent when with/can supplied: whether the token authorises that request here for the audience
issstringIssuer DID
audstringAudience DID
chainDepthintegerNumber of delegation hops above this token (0 = a root grant)

MCP Tool Usage Examples

This tool can be called via the MCP (Model Context Protocol) endpoint. Here are examples of how to use it:

JSON-RPC Call Example:

POST to https://venue-test.covia.ai/mcp

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "ucan_verify",
    "arguments": {
      "input": "your input here"
    }
  }
}
cURL Example:
curl -X POST https://venue-test.covia.ai/mcp \\
  -H "Content-Type: application/json" \\
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "ucan_verify",
      "arguments": {
        "input": "your input here"
      }
    }
  }'
Python Example:
import requests
import json

url = "https://venue-test.covia.ai/mcp"
payload = {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
        "name": "ucan_verify",
        "arguments": {
            "input": "your input here"
        }
    }
}

response = requests.post(url, json=payload)
result = response.json()
print(result)
JavaScript/Node.js Example:
const fetch = require('node-fetch');

const url = 'https://venue-test.covia.ai/mcp';
const payload = {
    jsonrpc: '2.0',
    id: 1,
    method: 'tools/call',
    params: {
        name: 'ucan_verify',
        arguments: {
            input: 'your input here'
        }
    }
};

fetch(url, {
    method: 'POST',
    headers: {
        'Content-Type': 'application/json'
    },
    body: JSON.stringify(payload)
})
.then(response => response.json())
.then(data => console.log(data));

Asset Metadata

{
	"name": "Verify UCAN Token",
	"description": "Verifies a UCAN capability token against this venue's trust policy and explains the verdict — the diagnostic counterpart to enforcement. Reports validity (signature at every chain hop, temporal bounds), the parsed claims, the delegation chain depth and root issuer, and a per-capability root-authority verdict: 'owner' (self-sovereign — the chain root is signed by the resource owner), 'venue' (rooted by this venue), or 'refused'. Optionally checks whether the token would authorise a specific request here. Read-only: no signing, no side effects.",
	"dateCreated": "2026-07-09T00:00:00Z",
	"operation": {
		"adapter": "ucan:verify",
		"toolName": "ucan_verify",
		"input": {
			"type": "object",
			"properties": {
				"token": {
					"type": ["string", "object"],
					"description": "The UCAN to verify: a JWT string (as returned by ucan_issue or minted client-side) or a token map"
				},
				"with": {
					"type": "string",
					"description": "Optional: a resource — together with 'can', asks whether the token would authorise this request on this venue"
				},
				"can": {
					"type": "string",
					"description": "Optional: an ability (e.g. crud/read) — together with 'with', asks whether the token would authorise this request"
				},
				"aud": {
					"type": "string",
					"description": "Optional: the audience to evaluate the authorisation for (defaults to your own DID)"
				}
			},
			"required": ["token"]
		},
		"output": {
			"type": "object",
			"properties": {
				"valid": { "type": "boolean", "description": "Whether the token verifies (signatures, temporal bounds, chain structure)" },
				"reason": { "type": "string", "description": "When invalid: a diagnosable explanation (expired, bad signature, unparseable, ...)" },
				"iss": { "type": "string", "description": "Issuer DID" },
				"aud": { "type": "string", "description": "Audience DID" },
				"exp": { "type": "integer", "description": "Expiry (unix seconds)" },
				"chainDepth": { "type": "integer", "description": "Number of delegation hops above this token (0 = a root grant)" },
				"rootIssuer": { "type": "string", "description": "The DID that signed the root of the delegation chain" },
				"att": { "type": "array", "description": "The token's capabilities, each with a rootAuthority verdict: owner | venue | refused" },
				"authorises": { "type": "boolean", "description": "Present when with/can supplied: whether the token authorises that request here for the audience" }
			}
		}
	}
}

Navigation

Back to adapter details

Back to all adapters

Back to index