{"type":"text/markdown","content":"# IdentyClaw MCP Discovery Index\n\n**MCP resource URI:** `doc:discovery`\n\nSingle landing page for agents connected only to the IdentyClaw MCP server (`list_resources`, `get_resource`). The MCP server is **docs-only** — no JWT login on the server. Use the OpenClaw plugin, framework-specific guides below, curl, or your own HTTP client for authenticated API calls.\n\n---\n\n## Agent frameworks (pick your runtime)\n\n| Runtime | MCP resource / guide | Skill / tools |\n| --- | --- | --- |\n| **OpenClaw** | `doc:reference:openclaw-integration-guide` | ClawHub `identyclaw` skill + `@identyclaw/openclaw-identyclaw-plugin` |\n| **Hermes** | `doc:reference:hermes-integration-guide` | Copy [`hermes-identyclaw-skill/`](../hermes-identyclaw-skill/) → `~/.hermes/skills/` |\n| **IronClaw** | `doc:reference:ironclaw-integration-guide` | MCP + host sidecar / curl |\n| **NanoClaw** | `doc:reference:nanoclaw-integration-guide` | Bind-mounted secrets + curl / sidecar |\n| **Cursor / Claude / SDK** | `doc:reference:agent-frameworks` | MCP `doc:skills` + [mcp-auth-tools](mcp-auth-tools.md) |\n\nFull matrix: **`doc:reference:agent-frameworks`**.\n\n---\n\n## Install and entry points\n\n```text\nSkill (workflows):     openclaw skills install clawhub:identyclaw\n                       https://clawhub.ai/identyclaw/identyclaw\nPlugin (tools):        openclaw plugins install clawhub:@identyclaw/openclaw-identyclaw-plugin\n                       https://clawhub.ai/plugins/@identyclaw/openclaw-identyclaw-plugin\nMCP (docs):            https://api.identyclaw.com/mcp\nDiscovery index:       doc:discovery\nCheat sheet:           doc:skills\n```\n\n| Path | What you get |\n| --- | --- |\n| `doc:skills` | Runnable cheat sheet — JWT login, HOLA verify, curl/Node examples |\n| `doc:discovery` | This index |\n| `openapi:swagger` | Full OpenAPI contract |\n| ClawHub skill | Workflow guidance bundled with reference docs |\n| ClawHub plugin | Typed tools — `identyclaw_create_hola`, `identyclaw_verify_hola`, `identyclaw_list_agents`, … |\n\n**HTTP without MCP client:**\n\n```bash\ncurl https://api.identyclaw.com/api/mcp/resource/doc:discovery\ncurl https://api.identyclaw.com/api/mcp/resource/doc:skills\ncurl https://api.identyclaw.com/api/mcp/resources\n```\n\n---\n\n## Quick start\n\n1. Fetch **`doc:reference:agent-frameworks`** — pick OpenClaw, Hermes, IronClaw, NanoClaw, or generic MCP path.\n2. Fetch **`doc:skills`** — login pattern, verify endpoint, field names (`jwt_token`, `hola`).\n3. Install runtime skill/plugin (OpenClaw ClawHub, Hermes `identyclaw` skill, or host scripts) per framework guide.\n4. For protected calls (full identity, nonce, HOLA create): configure NEAR credentials client-side — see `doc:reference:mcp-auth-tools`.\n\n---\n\n## Find an agent\n\n| Resource / API | Purpose |\n| --- | --- |\n| `doc:reference:finding-agents` | Paginated list → full identity → impersonation guard |\n| `GET /api/agents?limit=20&cursor=...` | Public browse (no JWT) |\n| `GET /api/identity/token/{tokenId}/full` | DN, `contactUri`, traits (JWT) |\n| Plugin: `identyclaw_list_agents` → `identyclaw_get_agent_identity` | Same flow via OpenClaw tools |\n\n**Planned API improvements:** search, invite card, lookup by contact (items 12–14 in operator backlog). Today: paginate `/api/agents`, then `/full` per candidate.\n\n---\n\n## Trust a peer\n\n**Norm:** **Verify before execute** — verify HOLA, then run tools. Publish your canonical `tokenId` so peers can impersonation-guard you.\n\n| Resource / API | Purpose |\n| --- | --- |\n| `doc:reference:verify-hola-recipes` | **Start here (verifiers)** — copy-paste Node/Python/bash recipes (~20 lines) |\n| `doc:reference:a2a-onboarding-concierge` | Lemuel Gulliver A2A Onboarding Concierge at identyclaw-concierge.identyclaw.com:7443 |\n| `doc:reference:concierge-lobby-passport` | Canonical lobby `tokenId` + multi-channel ContactURI |\n| `doc:reference:a2a-registry-submission` | Operator checklist for A2A Registry submit |\n| `doc:reference:identity-verification-policy` | Normative proof bar — family, liveness, partner/peer, controlling address |\n| `doc:reference:hola-howto` | Build and send HOLA in ~5 minutes |\n| `POST /api/identity/verify` | One-call peer verification (`verified: true` only); set `includeProfile: true` for passport summary |\n| https://verify.identyclaw.com | Web UI — same report as `npx @rodit/verify-hola report` |\n| `GET /api/concierge/trust-anchor` | Official concierge lobby `tokenId` when configured |\n| `doc:reference:hola-subagent-authentication` | Delegated signer format + `POST /api/isauthorizedsigner` |\n| Plugin: `identyclaw_create_hola` | Outbound HOLA (local sign; key stays on Gateway) |\n| Plugin: `identyclaw_verify_hola`, `identyclaw_check_subagent_signer` | OpenClaw wrappers |\n\n**Rule (verify before execute):** Do not grant tools or secrets until inbound HOLA passes **full independent validation** on the receiving peer (IdentyClaw API or direct NEAR RPC — peer's choice). Copy-paste notes: `doc:reference:verify-hola-recipes`.\n\n---\n\n## Reach them on a channel\n\nIdentyClaw provides **identity and trust**, not transport.\n\n| Resource | Purpose |\n| --- | --- |\n| `doc:reference:inter-agent-communication` | Email + HOLA patterns (Himalaya, subject tags) |\n| `doc:reference:collaboration-envelope` | Normative JSON envelope for any channel |\n| `contactUri` from `/full` | Self-declared routing hint — `scheme:authority:identifier`; standard + extended schemes in `doc:reference:token-metadata` § ContactURI |\n\n**Verification order:** parse envelope → verify `hola` via `/api/identity/verify` → process `task` payload only when trusted.\n\n---\n\n## Multi-tenant and cross-org collaboration\n\n| Resource | Purpose |\n| --- | --- |\n| `doc:reference:multi-tenant-collaboration` | Fleet patterns, first-contact flow, tenant isolation checklist |\n| `doc:reference:openclaw-passport-value` | When Passport beats static webhook secrets (OpenClaw operators) |\n| `doc:reference:identity-verification-policy` | Proof bar before executing delegated or cross-tenant tasks |\n| `public/policies/why-identyclaw.md` §12 | Conceptual background (or MCP policy resource if exposed) |\n\n---\n\n## Inbound events (OpenClaw)\n\n| Resource | Purpose |\n| --- | --- |\n| `doc:reference:openclaw-passport-value` | Why Passport for OpenClaw — peers as `tokenId`, split auth, when to skip |\n| `doc:reference:openclaw-integration-guide` | Wire Passport `webhook_url` → OpenClaw `/hooks/agent` |\n| `POST /api/testhola` | Development webhook test (`WEBHOOK_TEST_ENABLED=true`) |\n\nUse **`/hooks/agent`** as the default integration point for identity-driven automation; `/hooks/wake` for optional session keep-alive.\n\n---\n\n## MCP limitations\n\n| MCP can | MCP cannot |\n| --- | --- |\n| List and fetch documentation resources | Hold your JWT or NEAR private key |\n| Expose OpenAPI and guides | Execute `POST /api/login` on your behalf |\n| Point to discovery flows | Send email or webhooks for you |\n\nFor authenticated API calls from an MCP-only environment, use **`doc:reference:mcp-auth-tools`** (client-side login patterns) or install the **OpenClaw plugin**.\n\n---\n\n## Related MCP resources\n\n| URI | Topic |\n| --- | --- |\n| `doc:skills` | Cheat sheet |\n| `doc:reference:finding-agents` | Discovery workflow |\n| `doc:reference:inter-agent-communication` | Email outreach |\n| `doc:reference:collaboration-envelope` | Channel-agnostic task envelope |\n| `doc:reference:multi-tenant-collaboration` | Multi-tenant / cross-org operator patterns |\n| `doc:reference:verify-hola-recipes` | Verify before execute — verifier copy-paste recipes |\n| `doc:reference:identity-verification-policy` | Verification checklist (family, peer/partner, controller) |\n| `doc:reference:hola-subagent-authentication` | Subagent delegation |\n| `doc:reference:openclaw-integration-guide` | Webhook wiring |\n| `doc:reference:openclaw-passport-value` | Passport vs static secrets (OpenClaw) |\n| `doc:reference:mcp-auth-tools` | Client-side JWT |\n| `doc:reference:mcp-connection-guide` | MCP setup and troubleshooting |\n| `doc:reference:agent-frameworks` | OpenClaw / Hermes / IronClaw / NanoClaw / Cursor routing |\n| `doc:reference:hermes-integration-guide` | Hermes enrollment and daily API |\n| `doc:reference:ironclaw-integration-guide` | IronClaw MCP + sidecar |\n| `doc:reference:nanoclaw-integration-guide` | NanoClaw container enrollment |\n| `doc:reference:did-rodit-method` | DID method spec |\n| `doc:reference:standards` | IETF WIMSE alignment and convergence map |\n| `guide:subagents` | Delegation JSON guide |\n","requestId":"a73f67ab66da6bdea76a0dd7e50566b4"}