Skip to content
/ SchemaPin Public

The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks.

schemapin.org

License

MIT license
12 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ThirdKeyAI/SchemaPin

BranchesTags

Repository files navigation

SchemaPin

Cryptographic tool schema verification for AI agents and MCP servers. Prevent "MCP Rug Pull" attacks with ECDSA signatures, DNS-anchored trust, and TOFU key pinning.

Read the Documentation →

What It Does

SchemaPin lets tool developers sign their schemas and skill folders with ECDSA P-256 keys, and lets AI agents verify that schemas haven't been tampered with. Public keys are discoverable via .well-known/schemapin.json (RFC 8615), and Trust-On-First-Use pinning protects against future key substitution.

  • ECDSA P-256 + SHA-256 cryptographic signatures
  • .well-known discovery for public keys (RFC 8615)
  • TOFU key pinning to prevent key substitution attacks
  • Key revocation with standalone revocation documents
  • Trust bundles for offline and air-gapped verification
  • Pluggable resolvers.well-known, local file, trust bundle, or chain
  • Skill folder signing for AgentSkills (SKILL.md + file manifests)
  • Cross-language — Python, JavaScript, Go, and Rust implementations

Quick Start

from schemapin.crypto import KeyManager
from schemapin.utils import SchemaSigningWorkflow, SchemaVerificationWorkflow

# Sign a schema
private_key, public_key = KeyManager.generate_keypair()
signer = SchemaSigningWorkflow(KeyManager.export_private_key_pem(private_key))
signature = signer.sign_schema({"name": "my_tool", "parameters": {...}})

# Verify a schema
verifier = SchemaVerificationWorkflow()
result = verifier.verify_schema(schema, signature, "example.com/my_tool", "example.com")

Getting Started Guide →

Installation

Python

pip install schemapin

JavaScript

npm install schemapin

Go

go install github.com/ThirdKeyAi/schemapin/go/cmd/...@latest

Rust

[dependencies]
schemapin = "1.2.0"

Documentation

Topic Link
Getting Started docs.schemapin.org/getting-started
API Reference docs.schemapin.org/api-reference
Skill Signing docs.schemapin.org/skill-signing
Trust Bundles docs.schemapin.org/trust-bundles
Deployment docs.schemapin.org/deployment
Troubleshooting docs.schemapin.org/troubleshooting
Technical Specification TECHNICAL_SPECIFICATION.md

Project Structure

python/        # Python SDK (PyPI: schemapin)
javascript/    # JavaScript SDK (npm: schemapin)
go/            # Go SDK
rust/          # Rust SDK (crates.io: schemapin)
server/        # Production .well-known endpoint server

License

MIT — Jascha Wanger / ThirdKey.ai

About

The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks.

schemapin.org

Topics

agent verify security cryptography encryption tools ai mcp protocol supply-chain verification cybersecurity information-security agents ai-agents supplychain ai-tools mcp-server mcp-client mcp-tools

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

12 stars

Watchers

0 watching

Forks

6 forks
Report repository

Releases 8

Release v1.3.0 Latest
Feb 14, 2026
+ 7 releases

Contributors 2

  •  
  •  

Languages