{ "schemaVersion": "1.0", "item": { "slug": "bind-protocol-mcp", "name": "Bind Protocol MCP Server Use", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/jason-c-child/bind-protocol-mcp", "canonicalUrl": "https://clawhub.ai/jason-c-child/bind-protocol-mcp", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/bind-protocol-mcp", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=bind-protocol-mcp", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/bind-protocol-mcp" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/bind-protocol-mcp", "agentPageUrl": "https://openagent3.xyz/skills/bind-protocol-mcp/agent", "manifestUrl": "https://openagent3.xyz/skills/bind-protocol-mcp/agent.json", "briefUrl": "https://openagent3.xyz/skills/bind-protocol-mcp/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Bind MCP Server — Agent Skill Guide", "body": "You have access to the Bind Protocol MCP server. This document teaches you how to use it." }, { "title": "Requirements", "body": "Node.js >= 18 — Required to run the server (npx handles package installation automatically)\nBind account — Required for API-backed tools. Create one at https://dashboard.bindprotocol.xyz\nAgent key (idbr_agent_...) — Required for API-backed tools. Regular API keys (idbr_) are not supported for MCP." }, { "title": "Credential Setup", "body": "Bind uses agent keys for MCP authentication. Agent keys are scoped API keys that let org admins control exactly which tools are available, set daily rate limits, and get audit logs.\n\nKey typeFormatMCP supportedAgent keyidbr_agent__Yes — required for API-backed toolsRegular API keyidbr__No — rejected by MCP server\n\nTo create an agent key:\n\nSign in at https://dashboard.bindprotocol.xyz\nNavigate to Settings > Agent Keys\nSelect which tool categories the key can access (e.g., credential verification only, or policy authoring + verification)\nCopy the key — it is shown only once" }, { "title": "MCP Server Configuration", "body": "Add the server to your MCP client configuration. The exact file depends on your tool:\n\nToolConfig fileClaude Code.mcp.json in your project root, or ~/.claude/claude_desktop_config.jsonClaude DesktopSettings > Developer > Edit ConfigCursor.cursor/mcp.json in your project rootWindsurfMCP settings\n\nConfiguration JSON:\n\n{\n \"mcpServers\": {\n \"bind\": {\n \"command\": \"npx\",\n \"args\": [\"@bind-protocol/mcp-server\"],\n \"env\": {\n \"BIND_API_KEY\": \"${BIND_API_KEY}\"\n }\n }\n }\n}\n\nThe BIND_API_KEY environment variable must be set in your shell to your agent key before launching your AI tool. Never hardcode the key directly in config files — always use environment variable references to avoid accidental credential leakage in shared configs or repositories.\n\nEnvironment variables:\n\nVariableRequiredDefaultDescriptionBIND_API_KEYFor API-backed tools—Agent key (idbr_agent_...). Without this, only local tools are available.BIND_API_URLNohttps://api.bindprotocol.xyzBase URL for API callsBIND_RECEIPTS_PATHNo~/.bind/receiptsDirectory for receipt chain dataLOG_LEVELNoinfoLogging verbosity (debug, info, warn, error)" }, { "title": "Verifying the Setup", "body": "If you do not have bind tools available, prompt the user to complete the setup above. You can test connectivity by calling bind_whoami — if it returns org info, the agent key is authenticated. Without a BIND_API_KEY, only local tools (parse, verify, hash) are available." }, { "title": "Architecture & Data Flow", "body": "The server runs locally via npx and communicates with your AI tool over stdio. It provides both local tools (always available) and API-backed tools (require an agent key). You just call the tool by name — routing is handled automatically.\n\nTool typeAuthPurposeLocal toolsNoneParse, verify, and hash VC-JWTs on-deviceAPI-backed toolsAgent key via BIND_API_KEYPolicies, proofs, issuers, revocation, and more" }, { "title": "What stays local vs. what calls the API", "body": "This is critical for understanding the privacy model:\n\nLocal tools (credential data NEVER leaves the machine):\n\nbind_parse_credential — Decodes the JWT entirely on your machine\nbind_verify_credential — Fetches the issuer's public JWKS from the Bind API (public keys only), then verifies the signature locally. The credential itself is never sent.\nbind_hash_credential — Computes a SHA-256 hash locally. Only the irreversible hash is used for revocation checks.\n\nAPI-backed tools (send requests to api.bindprotocol.xyz):\n\nbind_check_revocation — Sends only the credential hash (not the credential). The hash is not reversible.\nbind_resolve_issuer — Fetches public keys for an org. No credential data involved.\nbind_explain_policy, bind_list_policies, bind_list_circuits — Read-only public metadata. No credential data involved.\nbind_submit_prove_job — Sends circuit inputs to the Bind proving service. These are the raw values being proven (e.g., income amount, mileage count).\nbind_issue_credential — Requests the Bind API to sign and issue a VC-JWT from a completed proof.\nbind_create_policy, bind_validate_policy — Sends policy spec JSON to Bind for validation/storage.\nbind_share_proof — Shares a proof record with a verifier org via the Bind API.\n\nIn short: Raw credentials are local-only. Hashes, policy specs, proof inputs, and metadata go to the API." }, { "title": "Local Tools (no auth required, credential data stays on-machine)", "body": "ToolWhat it doesbind_parse_credentialDecode a VC-JWT into header + payload + signature without verificationbind_verify_credentialFull verification: parse, fetch issuer JWKS, verify ES256 signature, check expiration. Does NOT check revocation.bind_hash_credentialSHA-256 hash a VC-JWT. Use the hash with bind_check_revocation." }, { "title": "API-Backed Tools (require agent key via BIND_API_KEY)", "body": "Discovery & Inspection\n\nToolWhat it doesbind_resolve_issuerFetch an org's public signing keys (JWKS) by org IDbind_explain_policyGet the public spec for a policy by policy IDbind_check_revocationCheck if a credential is revoked by its hash (hash only — not the credential)bind_list_policiesList available policies (supports limit/offset pagination)bind_list_circuitsList available ZK circuits\n\nProof Generation & Credential Issuance\n\nToolWhat it doesbind_submit_prove_jobSubmit a ZK proof generation job with circuit ID and inputsbind_get_prove_jobPoll a prove job's status by job IDbind_list_prove_jobsList prove jobs, optionally filtered by statusbind_issue_credentialIssue a verifiable credential from a completed prove jobbind_share_proofShare a completed proof with a verifier orgbind_list_shared_proofsList proofs shared with/by your org\n\nPolicy Authoring\n\nToolWhat it doesbind_whoamiGet authenticated org info, tier, policy limits, and agent key permissionsbind_validate_policyDry-run validation of a policy spec (catches errors before creation)bind_create_policyCreate a new verification policybind_generate_circuitTrigger ZK circuit compilation for a saved policybind_get_circuit_statusPoll circuit compilation job status" }, { "title": "Workflow 1: Full Credential Verification", "body": "When to use: A user gives you a VC-JWT string (starts with eyJ...) and wants to know if it's valid.\n\nSteps:\n\nbind_parse_credential — Decode the JWT to inspect claims\nbind_verify_credential — Verify signature and expiration\nbind_hash_credential — Compute SHA-256 hash\nbind_check_revocation — Send the hash (not the credential) to check revocation\n\nSteps 1 and 2 can be combined (verify includes parsing), but parsing first lets you show the user what the credential contains before the full check. Steps 1–3 run locally; step 4 sends only the hash to the API.\n\nImportant: bind_verify_credential does NOT check revocation. You must always follow up with hash + revocation check for a complete verification.\n\nparse → verify → hash → check_revocation" }, { "title": "Workflow 2: Investigate an Issuer", "body": "When to use: A user wants to know about an organization's keys or policies.\n\nbind_resolve_issuer(orgId) — Fetch their JWKS\nbind_list_policies or bind_explain_policy — Look up their policies" }, { "title": "Workflow 3: Create a Policy", "body": "When to use: A user wants to define a new verification policy.\n\nSteps:\n\nbind_whoami — Check org name, tier, and limits. You need the org name for the namespace.\nBuild the policy spec (see Policy Spec Reference below)\nbind_validate_policy — Dry-run to catch errors before creation\nFix any validation errors and re-validate\nbind_create_policy — Save the policy\nbind_generate_circuit — Queue ZK circuit compilation\nbind_get_circuit_status — Poll until status is completed or failed\n\nCritical rules:\n\nmetadata.namespace MUST start with your org's slugified name (from bind_whoami). The namespaces bind and system are reserved.\nThe policy id MUST start with the namespace (e.g., acme.finance.creditCheck for namespace acme).\nALWAYS validate before creating. Fix all errors first.\nString inputs MUST have an encoding block mapping values to numbers (ZK circuits only work with numbers)." }, { "title": "Workflow 4: Generate a Proof and Issue a Credential", "body": "When to use: A user wants to generate a ZK proof and get a verifiable credential.\n\nbind_list_policies or bind_explain_policy — Find the right policy/circuit\nbind_submit_prove_job(circuitId, inputs) — Submit the proof job\nbind_get_prove_job(jobId) — Poll until status is completed\nbind_issue_credential(proveJobId) — Issue the VC from the completed proof\nOptionally: bind_share_proof(proveJobId, verifierOrgId) — Share with a verifier" }, { "title": "Policy Spec Reference", "body": "A policy is a JSON object with this structure. All fields shown are required unless marked optional.\n\n{\n \"id\": \"..\",\n \"version\": \"0.1.0\",\n \"metadata\": {\n \"title\": \"Human-readable title\",\n \"description\": \"What this policy verifies\",\n \"category\": \"finance|mobility|identity|demo\",\n \"namespace\": \"your-org-name\"\n },\n \"subject\": {\n \"type\": \"individual|organization|vehicle|device\",\n \"identifier\": \"wallet_address|did|vin|vehicleTokenId\"\n },\n\n \"inputs\": [\n {\n \"id\": \"input_name\",\n \"source\": { \"kind\": \"static|api\", \"api\": \"optional_api_name\" },\n \"signal\": \"input_name\",\n \"valueType\": \"number|boolean|string\",\n \"unit\": \"USD|count|months\",\n \"time\": { \"mode\": \"point|range|relative\", \"lookback\": \"30d\" },\n \"aggregation\": { \"op\": \"latest|sum|mean|count\" },\n \"encoding\": {\n \"type\": \"enum\",\n \"values\": { \"label1\": 1, \"label2\": 2 }\n }\n }\n ],\n\n \"rules\": [\n {\n \"id\": \"rule_name\",\n \"description\": \"Human-readable description\",\n \"assert\": { /* expression — see below */ },\n \"severity\": \"fail|warn|info\"\n }\n ],\n\n \"evaluation\": {\n \"kind\": \"PASS_FAIL|SCORE\",\n \"scoreRange\": { \"min\": 0, \"max\": 100 },\n \"baseline\": 50,\n \"contributions\": [\n { \"ruleId\": \"rule_name\", \"points\": 30, \"whenPasses\": true }\n ]\n },\n\n \"outputs\": [\n {\n \"name\": \"output_name\",\n \"type\": \"boolean|enum|number\",\n \"derive\": {\n \"kind\": \"PASS_FAIL|SCORE|BAND|CONST\",\n \"from\": \"SCORE|input_id\",\n \"bands\": [\n { \"label\": \"LOW\", \"minInclusive\": 0, \"maxExclusive\": 40 },\n { \"label\": \"HIGH\", \"minInclusive\": 40, \"maxExclusive\": 101 }\n ],\n \"value\": 42\n },\n \"disclosed\": true\n }\n ],\n\n \"validity\": { \"ttl\": \"P30D\" },\n \"disclosure\": {\n \"default\": \"SELECTIVE\",\n \"exposeClaims\": [\"output_name\"]\n },\n\n \"proving\": {\n \"circuitId\": \"..v\",\n \"inputTypes\": { \"input_name\": \"u32\" },\n \"outputType\": \"u8\"\n }\n}" }, { "title": "Expression Types (used in rules[].assert)", "body": "TypeShapeExampleref{ \"type\": \"ref\", \"inputId\": \"\" }Reference an input valueconst{ \"type\": \"const\", \"value\": }Literal number or boolean (never strings)cmp{ \"type\": \"cmp\", \"cmp\": \">=|<=|>|<|==|!=\", \"left\": , \"right\": }Comparisonop{ \"type\": \"op\", \"op\": \"+|-|*|/\", \"args\": [, ...] }Arithmeticand{ \"type\": \"and\", \"args\": [, ...] }Logical ANDor{ \"type\": \"or\", \"args\": [, ...] }Logical ORnot{ \"type\": \"not\", \"arg\": }Logical NOT\n\nField name gotchas:\n\nUse \"inputId\" in ref expressions, NOT \"path\"\nUse \"cmp\" for the comparison operator, NOT \"operator\"\nUse \"args\" for operand lists, NOT \"children\"\nUse \"arg\" (singular) for not, NOT \"expr\"\nconst values must be numbers or booleans, never strings" }, { "title": "Evaluation Kinds", "body": "PASS_FAIL: All severity: \"fail\" rules must pass. No scoring.\n\nSCORE: Starts at baseline, adds/subtracts points from rule contributions.\n\n{\n \"kind\": \"SCORE\",\n \"scoreRange\": { \"min\": 0, \"max\": 100 },\n \"baseline\": 50,\n \"contributions\": [\n { \"ruleId\": \"has_high_income\", \"points\": 25, \"whenPasses\": true },\n { \"ruleId\": \"has_delinquencies\", \"points\": -20, \"whenPasses\": true }\n ]\n}" }, { "title": "Output Derive Kinds", "body": "KindUse forRequired fieldsPASS_FAILBoolean pass/fail from evaluationNoneSCORERaw numeric scorefrom: \"SCORE\"BANDMap score to labeled bandsfrom: \"SCORE\", bands arrayCONSTFixed valuevalue" }, { "title": "Working with String Inputs", "body": "ZK circuits only work with numbers. When a policy uses string inputs (employer names, country codes, etc.), you MUST include an encoding block:\n\n{\n \"id\": \"employer\",\n \"source\": { \"kind\": \"static\" },\n \"signal\": \"employer\",\n \"valueType\": \"string\",\n \"encoding\": {\n \"type\": \"enum\",\n \"values\": {\n \"Acme Corp\": 1,\n \"Globex Inc\": 2,\n \"Initech\": 3\n }\n }\n}" }, { "title": "Proving Section", "body": "The proving section maps inputs to Noir types for the ZK circuit:\n\n{\n \"proving\": {\n \"circuitId\": \"acme.safe_driver.v0_1_0\",\n \"inputTypes\": {\n \"miles_driven\": \"u32\",\n \"hard_brake_pct\": \"u8\",\n \"is_commercial\": \"bool\"\n },\n \"outputType\": \"u8\"\n }\n}\n\nAvailable Noir types: u8, u16, u32, u64, i8, i16, i32, i64, bool, Field" }, { "title": "Tier Restrictions", "body": "Policy authoring is gated by organization tier. Always call bind_whoami first to check limits.\n\nTierCan Create PoliciesNotesBasicNoVerification onlyPremiumYesLimited inputs/rules/outputsScaleYesExpanded limits, can create extractorsEnterpriseYesUnlimitedVerifierNoCannot create proofs or policies" }, { "title": "Common Errors and Fixes", "body": "ErrorCauseFixNAMESPACE_MISMATCHPolicy namespace doesn't match your orgUse your org name from bind_whoami as the namespace prefixTIER_LIMIT_EXCEEDEDYour tier doesn't allow this operationCheck bind_whoami for limitsINVALID_EXPRESSIONMalformed rule assertionCheck expression field names (inputId, cmp, args, arg)MISSING_ENCODINGString input without encodingAdd encoding.type: \"enum\" with values mapCIRCUIT_COMPILATION_FAILEDCircuit couldn't compileCheck the error in bind_get_circuit_status, fix the policy, recreate, and regenerate" }, { "title": "Example: Complete Policy Creation", "body": "Here is a complete example of creating a credit score policy for org acme:\n\n{\n \"id\": \"acme.finance.credit-check\",\n \"version\": \"0.1.0\",\n \"metadata\": {\n \"title\": \"Credit Eligibility Check\",\n \"description\": \"Evaluates creditworthiness based on income and debt ratio\",\n \"category\": \"finance\",\n \"namespace\": \"acme\"\n },\n \"subject\": {\n \"type\": \"individual\",\n \"identifier\": \"wallet_address\"\n },\n \"inputs\": [\n {\n \"id\": \"annual_income\",\n \"source\": { \"kind\": \"static\" },\n \"signal\": \"annual_income\",\n \"valueType\": \"number\",\n \"unit\": \"USD\"\n },\n {\n \"id\": \"debt_ratio\",\n \"source\": { \"kind\": \"static\" },\n \"signal\": \"debt_ratio\",\n \"valueType\": \"number\",\n \"unit\": \"percent\"\n }\n ],\n \"rules\": [\n {\n \"id\": \"min_income\",\n \"description\": \"Annual income must be at least $30,000\",\n \"assert\": {\n \"type\": \"cmp\",\n \"cmp\": \">=\",\n \"left\": { \"type\": \"ref\", \"inputId\": \"annual_income\" },\n \"right\": { \"type\": \"const\", \"value\": 30000 }\n },\n \"severity\": \"fail\"\n },\n {\n \"id\": \"max_debt_ratio\",\n \"description\": \"Debt-to-income ratio must be under 40%\",\n \"assert\": {\n \"type\": \"cmp\",\n \"cmp\": \"<\",\n \"left\": { \"type\": \"ref\", \"inputId\": \"debt_ratio\" },\n \"right\": { \"type\": \"const\", \"value\": 40 }\n },\n \"severity\": \"fail\"\n }\n ],\n \"evaluation\": {\n \"kind\": \"PASS_FAIL\"\n },\n \"outputs\": [\n {\n \"name\": \"eligible\",\n \"type\": \"boolean\",\n \"derive\": { \"kind\": \"PASS_FAIL\" },\n \"disclosed\": true\n }\n ],\n \"validity\": { \"ttl\": \"P30D\" },\n \"disclosure\": {\n \"default\": \"SELECTIVE\",\n \"exposeClaims\": [\"eligible\"]\n },\n \"proving\": {\n \"circuitId\": \"acme.credit_check.v0_1_0\",\n \"inputTypes\": {\n \"annual_income\": \"u32\",\n \"debt_ratio\": \"u8\"\n },\n \"outputType\": \"u8\"\n }\n}\n\nAgent workflow for this:\n\nbind_whoami — Confirm org is acme and tier allows policy creation\nbind_validate_policy(policy) — Dry-run validation\nbind_create_policy(policy) — Create the policy\nbind_generate_circuit(\"acme.finance.credit-check\") — Compile the circuit\nbind_get_circuit_status(jobId) — Poll until complete" } ], "body": "Bind MCP Server — Agent Skill Guide\n\nYou have access to the Bind Protocol MCP server. This document teaches you how to use it.\n\nPrerequisites & Installation\nRequirements\nNode.js >= 18 — Required to run the server (npx handles package installation automatically)\nBind account — Required for API-backed tools. Create one at https://dashboard.bindprotocol.xyz\nAgent key (idbr_agent_...) — Required for API-backed tools. Regular API keys (idbr_) are not supported for MCP.\nCredential Setup\n\nBind uses agent keys for MCP authentication. Agent keys are scoped API keys that let org admins control exactly which tools are available, set daily rate limits, and get audit logs.\n\nKey type\tFormat\tMCP supported\nAgent key\tidbr_agent__\tYes — required for API-backed tools\nRegular API key\tidbr__\tNo — rejected by MCP server\n\nTo create an agent key:\n\nSign in at https://dashboard.bindprotocol.xyz\nNavigate to Settings > Agent Keys\nSelect which tool categories the key can access (e.g., credential verification only, or policy authoring + verification)\nCopy the key — it is shown only once\nMCP Server Configuration\n\nAdd the server to your MCP client configuration. The exact file depends on your tool:\n\nTool\tConfig file\nClaude Code\t.mcp.json in your project root, or ~/.claude/claude_desktop_config.json\nClaude Desktop\tSettings > Developer > Edit Config\nCursor\t.cursor/mcp.json in your project root\nWindsurf\tMCP settings\n\nConfiguration JSON:\n\n{\n \"mcpServers\": {\n \"bind\": {\n \"command\": \"npx\",\n \"args\": [\"@bind-protocol/mcp-server\"],\n \"env\": {\n \"BIND_API_KEY\": \"${BIND_API_KEY}\"\n }\n }\n }\n}\n\n\nThe BIND_API_KEY environment variable must be set in your shell to your agent key before launching your AI tool. Never hardcode the key directly in config files — always use environment variable references to avoid accidental credential leakage in shared configs or repositories.\n\nEnvironment variables:\n\nVariable\tRequired\tDefault\tDescription\nBIND_API_KEY\tFor API-backed tools\t—\tAgent key (idbr_agent_...). Without this, only local tools are available.\nBIND_API_URL\tNo\thttps://api.bindprotocol.xyz\tBase URL for API calls\nBIND_RECEIPTS_PATH\tNo\t~/.bind/receipts\tDirectory for receipt chain data\nLOG_LEVEL\tNo\tinfo\tLogging verbosity (debug, info, warn, error)\nVerifying the Setup\n\nIf you do not have bind tools available, prompt the user to complete the setup above. You can test connectivity by calling bind_whoami — if it returns org info, the agent key is authenticated. Without a BIND_API_KEY, only local tools (parse, verify, hash) are available.\n\nArchitecture & Data Flow\n\nThe server runs locally via npx and communicates with your AI tool over stdio. It provides both local tools (always available) and API-backed tools (require an agent key). You just call the tool by name — routing is handled automatically.\n\nTool type\tAuth\tPurpose\nLocal tools\tNone\tParse, verify, and hash VC-JWTs on-device\nAPI-backed tools\tAgent key via BIND_API_KEY\tPolicies, proofs, issuers, revocation, and more\nWhat stays local vs. what calls the API\n\nThis is critical for understanding the privacy model:\n\nLocal tools (credential data NEVER leaves the machine):\n\nbind_parse_credential — Decodes the JWT entirely on your machine\nbind_verify_credential — Fetches the issuer's public JWKS from the Bind API (public keys only), then verifies the signature locally. The credential itself is never sent.\nbind_hash_credential — Computes a SHA-256 hash locally. Only the irreversible hash is used for revocation checks.\n\nAPI-backed tools (send requests to api.bindprotocol.xyz):\n\nbind_check_revocation — Sends only the credential hash (not the credential). The hash is not reversible.\nbind_resolve_issuer — Fetches public keys for an org. No credential data involved.\nbind_explain_policy, bind_list_policies, bind_list_circuits — Read-only public metadata. No credential data involved.\nbind_submit_prove_job — Sends circuit inputs to the Bind proving service. These are the raw values being proven (e.g., income amount, mileage count).\nbind_issue_credential — Requests the Bind API to sign and issue a VC-JWT from a completed proof.\nbind_create_policy, bind_validate_policy — Sends policy spec JSON to Bind for validation/storage.\nbind_share_proof — Shares a proof record with a verifier org via the Bind API.\n\nIn short: Raw credentials are local-only. Hashes, policy specs, proof inputs, and metadata go to the API.\n\nTool Inventory\nLocal Tools (no auth required, credential data stays on-machine)\nTool\tWhat it does\nbind_parse_credential\tDecode a VC-JWT into header + payload + signature without verification\nbind_verify_credential\tFull verification: parse, fetch issuer JWKS, verify ES256 signature, check expiration. Does NOT check revocation.\nbind_hash_credential\tSHA-256 hash a VC-JWT. Use the hash with bind_check_revocation.\nAPI-Backed Tools (require agent key via BIND_API_KEY)\n\nDiscovery & Inspection\n\nTool\tWhat it does\nbind_resolve_issuer\tFetch an org's public signing keys (JWKS) by org ID\nbind_explain_policy\tGet the public spec for a policy by policy ID\nbind_check_revocation\tCheck if a credential is revoked by its hash (hash only — not the credential)\nbind_list_policies\tList available policies (supports limit/offset pagination)\nbind_list_circuits\tList available ZK circuits\n\nProof Generation & Credential Issuance\n\nTool\tWhat it does\nbind_submit_prove_job\tSubmit a ZK proof generation job with circuit ID and inputs\nbind_get_prove_job\tPoll a prove job's status by job ID\nbind_list_prove_jobs\tList prove jobs, optionally filtered by status\nbind_issue_credential\tIssue a verifiable credential from a completed prove job\nbind_share_proof\tShare a completed proof with a verifier org\nbind_list_shared_proofs\tList proofs shared with/by your org\n\nPolicy Authoring\n\nTool\tWhat it does\nbind_whoami\tGet authenticated org info, tier, policy limits, and agent key permissions\nbind_validate_policy\tDry-run validation of a policy spec (catches errors before creation)\nbind_create_policy\tCreate a new verification policy\nbind_generate_circuit\tTrigger ZK circuit compilation for a saved policy\nbind_get_circuit_status\tPoll circuit compilation job status\nWorkflow 1: Full Credential Verification\n\nWhen to use: A user gives you a VC-JWT string (starts with eyJ...) and wants to know if it's valid.\n\nSteps:\n\nbind_parse_credential — Decode the JWT to inspect claims\nbind_verify_credential — Verify signature and expiration\nbind_hash_credential — Compute SHA-256 hash\nbind_check_revocation — Send the hash (not the credential) to check revocation\n\nSteps 1 and 2 can be combined (verify includes parsing), but parsing first lets you show the user what the credential contains before the full check. Steps 1–3 run locally; step 4 sends only the hash to the API.\n\nImportant: bind_verify_credential does NOT check revocation. You must always follow up with hash + revocation check for a complete verification.\n\nparse → verify → hash → check_revocation\n\nWorkflow 2: Investigate an Issuer\n\nWhen to use: A user wants to know about an organization's keys or policies.\n\nbind_resolve_issuer(orgId) — Fetch their JWKS\nbind_list_policies or bind_explain_policy — Look up their policies\nWorkflow 3: Create a Policy\n\nWhen to use: A user wants to define a new verification policy.\n\nSteps:\n\nbind_whoami — Check org name, tier, and limits. You need the org name for the namespace.\nBuild the policy spec (see Policy Spec Reference below)\nbind_validate_policy — Dry-run to catch errors before creation\nFix any validation errors and re-validate\nbind_create_policy — Save the policy\nbind_generate_circuit — Queue ZK circuit compilation\nbind_get_circuit_status — Poll until status is completed or failed\n\nCritical rules:\n\nmetadata.namespace MUST start with your org's slugified name (from bind_whoami). The namespaces bind and system are reserved.\nThe policy id MUST start with the namespace (e.g., acme.finance.creditCheck for namespace acme).\nALWAYS validate before creating. Fix all errors first.\nString inputs MUST have an encoding block mapping values to numbers (ZK circuits only work with numbers).\nWorkflow 4: Generate a Proof and Issue a Credential\n\nWhen to use: A user wants to generate a ZK proof and get a verifiable credential.\n\nbind_list_policies or bind_explain_policy — Find the right policy/circuit\nbind_submit_prove_job(circuitId, inputs) — Submit the proof job\nbind_get_prove_job(jobId) — Poll until status is completed\nbind_issue_credential(proveJobId) — Issue the VC from the completed proof\nOptionally: bind_share_proof(proveJobId, verifierOrgId) — Share with a verifier\nPolicy Spec Reference\n\nA policy is a JSON object with this structure. All fields shown are required unless marked optional.\n\n{\n \"id\": \"..\",\n \"version\": \"0.1.0\",\n \"metadata\": {\n \"title\": \"Human-readable title\",\n \"description\": \"What this policy verifies\",\n \"category\": \"finance|mobility|identity|demo\",\n \"namespace\": \"your-org-name\"\n },\n \"subject\": {\n \"type\": \"individual|organization|vehicle|device\",\n \"identifier\": \"wallet_address|did|vin|vehicleTokenId\"\n },\n\n \"inputs\": [\n {\n \"id\": \"input_name\",\n \"source\": { \"kind\": \"static|api\", \"api\": \"optional_api_name\" },\n \"signal\": \"input_name\",\n \"valueType\": \"number|boolean|string\",\n \"unit\": \"USD|count|months\",\n \"time\": { \"mode\": \"point|range|relative\", \"lookback\": \"30d\" },\n \"aggregation\": { \"op\": \"latest|sum|mean|count\" },\n \"encoding\": {\n \"type\": \"enum\",\n \"values\": { \"label1\": 1, \"label2\": 2 }\n }\n }\n ],\n\n \"rules\": [\n {\n \"id\": \"rule_name\",\n \"description\": \"Human-readable description\",\n \"assert\": { /* expression — see below */ },\n \"severity\": \"fail|warn|info\"\n }\n ],\n\n \"evaluation\": {\n \"kind\": \"PASS_FAIL|SCORE\",\n \"scoreRange\": { \"min\": 0, \"max\": 100 },\n \"baseline\": 50,\n \"contributions\": [\n { \"ruleId\": \"rule_name\", \"points\": 30, \"whenPasses\": true }\n ]\n },\n\n \"outputs\": [\n {\n \"name\": \"output_name\",\n \"type\": \"boolean|enum|number\",\n \"derive\": {\n \"kind\": \"PASS_FAIL|SCORE|BAND|CONST\",\n \"from\": \"SCORE|input_id\",\n \"bands\": [\n { \"label\": \"LOW\", \"minInclusive\": 0, \"maxExclusive\": 40 },\n { \"label\": \"HIGH\", \"minInclusive\": 40, \"maxExclusive\": 101 }\n ],\n \"value\": 42\n },\n \"disclosed\": true\n }\n ],\n\n \"validity\": { \"ttl\": \"P30D\" },\n \"disclosure\": {\n \"default\": \"SELECTIVE\",\n \"exposeClaims\": [\"output_name\"]\n },\n\n \"proving\": {\n \"circuitId\": \"..v\",\n \"inputTypes\": { \"input_name\": \"u32\" },\n \"outputType\": \"u8\"\n }\n}\n\nExpression Types (used in rules[].assert)\nType\tShape\tExample\nref\t{ \"type\": \"ref\", \"inputId\": \"\" }\tReference an input value\nconst\t{ \"type\": \"const\", \"value\": }\tLiteral number or boolean (never strings)\ncmp\t{ \"type\": \"cmp\", \"cmp\": \">=|<=|>|<|==|!=\", \"left\": , \"right\": }\tComparison\nop\t{ \"type\": \"op\", \"op\": \"+|-|*|/\", \"args\": [, ...] }\tArithmetic\nand\t{ \"type\": \"and\", \"args\": [, ...] }\tLogical AND\nor\t{ \"type\": \"or\", \"args\": [, ...] }\tLogical OR\nnot\t{ \"type\": \"not\", \"arg\": }\tLogical NOT\n\nField name gotchas:\n\nUse \"inputId\" in ref expressions, NOT \"path\"\nUse \"cmp\" for the comparison operator, NOT \"operator\"\nUse \"args\" for operand lists, NOT \"children\"\nUse \"arg\" (singular) for not, NOT \"expr\"\nconst values must be numbers or booleans, never strings\nEvaluation Kinds\n\nPASS_FAIL: All severity: \"fail\" rules must pass. No scoring.\n\nSCORE: Starts at baseline, adds/subtracts points from rule contributions.\n\n{\n \"kind\": \"SCORE\",\n \"scoreRange\": { \"min\": 0, \"max\": 100 },\n \"baseline\": 50,\n \"contributions\": [\n { \"ruleId\": \"has_high_income\", \"points\": 25, \"whenPasses\": true },\n { \"ruleId\": \"has_delinquencies\", \"points\": -20, \"whenPasses\": true }\n ]\n}\n\nOutput Derive Kinds\nKind\tUse for\tRequired fields\nPASS_FAIL\tBoolean pass/fail from evaluation\tNone\nSCORE\tRaw numeric score\tfrom: \"SCORE\"\nBAND\tMap score to labeled bands\tfrom: \"SCORE\", bands array\nCONST\tFixed value\tvalue\nWorking with String Inputs\n\nZK circuits only work with numbers. When a policy uses string inputs (employer names, country codes, etc.), you MUST include an encoding block:\n\n{\n \"id\": \"employer\",\n \"source\": { \"kind\": \"static\" },\n \"signal\": \"employer\",\n \"valueType\": \"string\",\n \"encoding\": {\n \"type\": \"enum\",\n \"values\": {\n \"Acme Corp\": 1,\n \"Globex Inc\": 2,\n \"Initech\": 3\n }\n }\n}\n\nProving Section\n\nThe proving section maps inputs to Noir types for the ZK circuit:\n\n{\n \"proving\": {\n \"circuitId\": \"acme.safe_driver.v0_1_0\",\n \"inputTypes\": {\n \"miles_driven\": \"u32\",\n \"hard_brake_pct\": \"u8\",\n \"is_commercial\": \"bool\"\n },\n \"outputType\": \"u8\"\n }\n}\n\n\nAvailable Noir types: u8, u16, u32, u64, i8, i16, i32, i64, bool, Field\n\nTier Restrictions\n\nPolicy authoring is gated by organization tier. Always call bind_whoami first to check limits.\n\nTier\tCan Create Policies\tNotes\nBasic\tNo\tVerification only\nPremium\tYes\tLimited inputs/rules/outputs\nScale\tYes\tExpanded limits, can create extractors\nEnterprise\tYes\tUnlimited\nVerifier\tNo\tCannot create proofs or policies\nCommon Errors and Fixes\nError\tCause\tFix\nNAMESPACE_MISMATCH\tPolicy namespace doesn't match your org\tUse your org name from bind_whoami as the namespace prefix\nTIER_LIMIT_EXCEEDED\tYour tier doesn't allow this operation\tCheck bind_whoami for limits\nINVALID_EXPRESSION\tMalformed rule assertion\tCheck expression field names (inputId, cmp, args, arg)\nMISSING_ENCODING\tString input without encoding\tAdd encoding.type: \"enum\" with values map\nCIRCUIT_COMPILATION_FAILED\tCircuit couldn't compile\tCheck the error in bind_get_circuit_status, fix the policy, recreate, and regenerate\nExample: Complete Policy Creation\n\nHere is a complete example of creating a credit score policy for org acme:\n\n{\n \"id\": \"acme.finance.credit-check\",\n \"version\": \"0.1.0\",\n \"metadata\": {\n \"title\": \"Credit Eligibility Check\",\n \"description\": \"Evaluates creditworthiness based on income and debt ratio\",\n \"category\": \"finance\",\n \"namespace\": \"acme\"\n },\n \"subject\": {\n \"type\": \"individual\",\n \"identifier\": \"wallet_address\"\n },\n \"inputs\": [\n {\n \"id\": \"annual_income\",\n \"source\": { \"kind\": \"static\" },\n \"signal\": \"annual_income\",\n \"valueType\": \"number\",\n \"unit\": \"USD\"\n },\n {\n \"id\": \"debt_ratio\",\n \"source\": { \"kind\": \"static\" },\n \"signal\": \"debt_ratio\",\n \"valueType\": \"number\",\n \"unit\": \"percent\"\n }\n ],\n \"rules\": [\n {\n \"id\": \"min_income\",\n \"description\": \"Annual income must be at least $30,000\",\n \"assert\": {\n \"type\": \"cmp\",\n \"cmp\": \">=\",\n \"left\": { \"type\": \"ref\", \"inputId\": \"annual_income\" },\n \"right\": { \"type\": \"const\", \"value\": 30000 }\n },\n \"severity\": \"fail\"\n },\n {\n \"id\": \"max_debt_ratio\",\n \"description\": \"Debt-to-income ratio must be under 40%\",\n \"assert\": {\n \"type\": \"cmp\",\n \"cmp\": \"<\",\n \"left\": { \"type\": \"ref\", \"inputId\": \"debt_ratio\" },\n \"right\": { \"type\": \"const\", \"value\": 40 }\n },\n \"severity\": \"fail\"\n }\n ],\n \"evaluation\": {\n \"kind\": \"PASS_FAIL\"\n },\n \"outputs\": [\n {\n \"name\": \"eligible\",\n \"type\": \"boolean\",\n \"derive\": { \"kind\": \"PASS_FAIL\" },\n \"disclosed\": true\n }\n ],\n \"validity\": { \"ttl\": \"P30D\" },\n \"disclosure\": {\n \"default\": \"SELECTIVE\",\n \"exposeClaims\": [\"eligible\"]\n },\n \"proving\": {\n \"circuitId\": \"acme.credit_check.v0_1_0\",\n \"inputTypes\": {\n \"annual_income\": \"u32\",\n \"debt_ratio\": \"u8\"\n },\n \"outputType\": \"u8\"\n }\n}\n\n\nAgent workflow for this:\n\nbind_whoami — Confirm org is acme and tier allows policy creation\nbind_validate_policy(policy) — Dry-run validation\nbind_create_policy(policy) — Create the policy\nbind_generate_circuit(\"acme.finance.credit-check\") — Compile the circuit\nbind_get_circuit_status(jobId) — Poll until complete" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/jason-c-child/bind-protocol-mcp", "publisherUrl": "https://clawhub.ai/jason-c-child/bind-protocol-mcp", "owner": "jason-c-child", "version": "2.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/bind-protocol-mcp", "downloadUrl": "https://openagent3.xyz/downloads/bind-protocol-mcp", "agentUrl": "https://openagent3.xyz/skills/bind-protocol-mcp/agent", "manifestUrl": "https://openagent3.xyz/skills/bind-protocol-mcp/agent.json", "briefUrl": "https://openagent3.xyz/skills/bind-protocol-mcp/agent.md" } }