mozilla-ai
diff --git a/‎PROPOSAL_AGNTCY_IDENTITY.md
Lines changed: 143 additions & 0 deletions b/‎PROPOSAL_AGNTCY_IDENTITY.md
Lines changed: 143 additions & 0 deletions
diff --git a/‎cmd/identity.go
Lines changed: 133 additions & 0 deletions b/‎cmd/identity.go
Lines changed: 133 additions & 0 deletions
@@ -0,0 +1,143 @@
+# Proposal: AGNTCY Identity Support for mcpd
+
+## Summary
+
+This proposal introduces AGNTCY Identity standard support to mcpd, enabling cryptographically verifiable identities for MCP servers. This creates a bridge between Mozilla's developer-friendly tools and enterprise-grade security standards.
+
+## Motivation
+
+As AI agents become critical infrastructure, establishing trust and security in agent-to-agent communication is essential. The AGNTCY project (Linux Foundation) is standardizing these interactions. By adopting AGNTCY Identity standards in mcpd, we:
+
+1. **Enable Secure Communication**: MCP servers can verify each other's identities
+2. **Build Trust Networks**: Organizations can establish trusted agent ecosystems  
+3. **Maintain Simplicity**: Progressive enhancement keeps the developer experience simple
+4. **Foster Interoperability**: Work with any AGNTCY-compliant system
+
+## Design
+
+### Core Principles
+
+1. **Optional by Default**: Identity features are disabled by default - zero impact on existing users
+2. **Progressive Enhancement**: Works locally for development, scales to production
+3. **Standards Compliant**: Full compatibility with AGNTCY Identity v1alpha1
+4. **Developer First**: Simple commands and configuration
+
+### Implementation Overview
+
+```
+# Development - Local identity files
+export MCPD_IDENTITY_ENABLED=true
+mcpd identity init my-server
+mcpd daemon --dev
+
+# Production - AGNTCY Identity Node
+export MCPD_IDENTITY_NODE_URL=https://identity.corp.com
+mcpd identity init my-server --organization "Corp" 
+mcpd daemon
+```
+
+### Key Features
+
+1. **MCP Server Badges**: Verifiable credentials containing server metadata
+2. **Trust Configuration**: Define trusted issuers and required credentials
+3. **Development Mode**: Local credentials for testing without infrastructure
+4. **Production Mode**: Full integration with AGNTCY Identity Nodes
+
+## Benefits
+
+### For Mozilla
+
+- Positions mcpd as enterprise-ready without sacrificing simplicity
+- Creates pathway for adoption in security-conscious organizations
+- Demonstrates leadership in AI agent security standards
+
+### For Developers
+
+- Zero-config development with local identities
+- Gradual adoption path from development to production
+- No changes required for existing workflows
+
+### For Organizations
+
+- Cryptographic verification of agent identities
+- Compliance with emerging industry standards
+- Interoperability with AGNTCY ecosystem
+
+## Implementation Status
+
+A complete proof-of-concept has been implemented including:
+
+- ✅ AGNTCY Identity Node client
+- ✅ Credential generation and verification
+- ✅ MCP Server Badge credentials
+- ✅ Development and production modes
+- ✅ CLI commands for identity management
+- ✅ Configuration integration
+- ✅ Documentation and examples
+
+## Rollout Plan
+
+### Phase 1: Community Feedback (Current)
+- Share proposal with Mozilla AI and AGNTCY communities
+- Gather feedback on implementation approach
+- Refine based on input
+
+### Phase 2: Experimental Release
+- Merge as experimental feature (disabled by default)
+- Early adopters test in real environments
+- Iterate based on usage patterns
+
+### Phase 3: Stabilization
+- Address feedback from early adopters
+- Add comprehensive test coverage
+- Performance optimization
+
+### Phase 4: General Availability
+- Enable by default for new projects
+- Migration guide for existing users
+- Integration with AGNTCY ecosystem
+
+## Open Questions
+
+1. Should we support additional DID methods beyond AGNTCY's?
+2. How should credential refresh be handled automatically?
+3. What telemetry would help understand identity usage?
+4. Should mcpd run its own Identity Node for development?
+
+## Call to Action
+
+We invite feedback from both communities:
+
+**Mozilla Community**: 
+- Does this maintain our simplicity principles?
+- What concerns do you have about added complexity?
+- How can we make this more developer-friendly?
+
+**AGNTCY Community**:
+- Does this implementation align with AGNTCY standards?
+- What additional features would enhance interoperability?
+- How can we collaborate on specifications?
+
+## Next Steps
+
+1. Review and discussion in both communities
+2. Refine implementation based on feedback
+3. Create comprehensive test suite
+4. Submit PR for review
+5. Plan experimental release
+
+## References
+
+- [AGNTCY Identity Specification](https://docs.agntcy.org/identity)
+- [Implementation Branch](https://github.com/mozilla-ai/mcpd/tree/feat/agntcy-identity-support)
+- [Technical Specification](./docs/AGNTCY_IDENTITY_SPEC.md)
+- [Example Configuration](./examples/identity-example.toml)
+
+---
+
+**Author**: Anivar Aravind  
+**Date**: 2025-01-23  
+**Status**: Proposal  
+**Discussions**: 
+- Mozilla AI: [GitHub Discussions](#)
+- AGNTCY: [GitHub Discussions](https://github.com/orgs/agntcy/discussions)
@@ -0,0 +1,133 @@
+package cmd
+
+import (
+	"context"
+	"fmt"
+	
+	"github.com/spf13/cobra"
+	
+	"github.com/mozilla-ai/mcpd/v2/internal/config"
+	"github.com/mozilla-ai/mcpd/v2/internal/identity"
+)
+
+// identityCmd represents the identity command group
+var identityCmd = &cobra.Command{
+	Use:   "identity",
+	Short: "Manage AGNTCY identity for MCP servers",
+	Long: `Identity management commands for AGNTCY-compliant verification.
+
+mcpd supports the AGNTCY Identity standard for secure agent-to-agent communication.
+In development mode, identities are stored locally. In production, they integrate
+with AGNTCY Identity Nodes.`,
+}
+
+// identityInitCmd creates identity credentials for a server
+var identityInitCmd = &cobra.Command{
+	Use:   "init [server-name]",
+	Short: "Initialize identity for an MCP server",
+	Long: `Create AGNTCY-compliant identity credentials for an MCP server.
+
+In development mode (default), this creates local credentials.
+In production mode (with MCPD_IDENTITY_NODE_URL set), this registers
+with the AGNTCY Identity Node.`,
+	Args: cobra.ExactArgs(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		serverName := args[0]
+		
+		// Get organization and common name from flags
+		organization, _ := cmd.Flags().GetString("organization")
+		commonName, _ := cmd.Flags().GetString("common-name")
+		authType, _ := cmd.Flags().GetString("auth-type")
+		
+		// Create issuer
+		issuer := &identity.Issuer{
+			Organization: organization,
+			CommonName:   commonName,
+			AuthType:     identity.AuthType(authType),
+		}
+		
+		// Initialize identity manager
+		nodeURL, _ := cmd.Flags().GetString("identity-node-url")
+		// Use a basic logger for now
+		manager := identity.NewManager(nil, nodeURL)
+		
+		if !manager.IsEnabled() {
+			return fmt.Errorf("identity is not enabled. Set MCPD_IDENTITY_ENABLED=true or provide --identity-node-url")
+		}
+		
+		// Generate identity
+		ctx := context.Background()
+		cred, err := manager.GenerateServerIdentity(ctx, serverName, issuer)
+		if err != nil {
+			return fmt.Errorf("failed to generate identity: %w", err)
+		}
+		
+		fmt.Printf("Created identity for server '%s'\n", serverName)
+		fmt.Printf("DID: %s\n", cred.ResolverMetadata.ID)
+		fmt.Printf("Credential ID: %s\n", cred.Credential.ID)
+		
+		return nil
+	},
+}
+
+// identityShowCmd displays identity information for a server
+var identityShowCmd = &cobra.Command{
+	Use:   "show [server-name]",
+	Short: "Show identity credentials for an MCP server",
+	Args:  cobra.ExactArgs(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		serverName := args[0]
+		
+		// Initialize identity manager
+		nodeURL, _ := cmd.Flags().GetString("identity-node-url")
+		// Use a basic logger for now
+		manager := identity.NewManager(nil, nodeURL)
+		
+		if !manager.IsEnabled() {
+			return fmt.Errorf("identity is not enabled")
+		}
+		
+		// Get credentials
+		credentials, err := manager.GetServerCredentials(serverName)
+		if err != nil {
+			return fmt.Errorf("failed to get credentials: %w", err)
+		}
+		
+		if len(credentials) == 0 {
+			fmt.Printf("No identity credentials found for server '%s'\n", serverName)
+			return nil
+		}
+		
+		// Display credentials
+		for i, cred := range credentials {
+			fmt.Printf("Credential %d:\n", i+1)
+			fmt.Printf("  ID: %s\n", cred.ID)
+			fmt.Printf("  Type: %v\n", cred.Type)
+			fmt.Printf("  Issuer: %s\n", cred.Issuer)
+			fmt.Printf("  Issued: %s\n", cred.IssuanceDate)
+			if cred.ExpirationDate != "" {
+				fmt.Printf("  Expires: %s\n", cred.ExpirationDate)
+			}
+		}
+		
+		return nil
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(identityCmd)
+	identityCmd.AddCommand(identityInitCmd)
+	identityCmd.AddCommand(identityShowCmd)
+	
+	// Flags for identity init
+	identityInitCmd.Flags().String("organization", "Mozilla AI", "Organization name for the issuer")
+	identityInitCmd.Flags().String("common-name", "mcpd", "Common name for the issuer")
+	identityInitCmd.Flags().String("auth-type", "SELF", "Authentication type (SELF or IDP)")
+	identityInitCmd.Flags().String("identity-node-url", "", "AGNTCY Identity Node URL")
+	
+	// Flags for identity show
+	identityShowCmd.Flags().String("identity-node-url", "", "AGNTCY Identity Node URL")
+	
+	// Global identity flags
+	identityCmd.PersistentFlags().String("identity-node-url", "", "AGNTCY Identity Node URL")
+}