SchemaPin¶

Cryptographic tool schema verification to prevent MCP Rug Pull attacks.

SchemaPin is the tool integrity layer of the ThirdKey trust stack: SchemaPin (tool integrity) → AgentPin (agent identity) → Symbiont (runtime).

What SchemaPin Does¶

SchemaPin enables developers to cryptographically sign tool schemas (ECDSA P-256 + SHA-256) and clients to verify schemas haven't been tampered with. It uses Trust-On-First-Use (TOFU) key pinning and .well-known endpoints for public key discovery.

• Schema Signing — ECDSA P-256 signatures over canonicalized JSON schemas
• Verification — Signature verification with public key discovery and TOFU pinning
• Skill Signing — Sign entire skill directories with .schemapin.sig manifests (v1.3)
• Trust Bundles — Offline verification with pluggable discovery resolvers (v1.2)
• Revocation — Key and schema revocation with standalone documents

Quick Example¶

from schemapin.crypto import KeyManager, SignatureManager
from schemapin.core import SchemaPinCore

# Generate keys
private_key, public_key = KeyManager.generate_keypair()

# Sign a schema
schema = {"name": "calculate_sum", "description": "Adds two numbers",
          "parameters": {"type": "object", "properties": {
              "a": {"type": "number"}, "b": {"type": "number"}},
              "required": ["a", "b"]}}

core = SchemaPinCore()
canonical = core.canonicalize_schema(schema)
signature = SignatureManager.sign_schema(private_key, canonical)

# Verify
is_valid = SignatureManager.verify_signature(public_key, canonical, signature)
print(f"Valid: {is_valid}")

Implementations¶

All four implementations use identical crypto (ECDSA P-256 + SHA-256) — cross-language verification works out of the box.

Documentation¶

Links¶

• GitHub
• Website
• Verify a Domain
• Technical Specification