OpenChainGraph Suite · ART-150 · wave 27

MCP Tool Scope & Revocation Auditor

Audits scoped and revocable MCP tool access: detects ungated tool grants, validates revocation endpoint, and checks token rotation status. Root node of the agent-authorization-lifecycle chain.

New MCP SpecScope + RevocationZero PIIW3C VC §13.11

🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.

Scope

Root node of the agent-authorization-lifecycle chain (art-150→151→152). Audits scoped and revocable MCP tool access: each grant must carry explicit scopes, a revocation endpoint must be present, and token rotation must be current.

Presets

Tool Grants

tool_grants (JSON array of {tool, scopes:[]} objects, or one per line)

Revocation & Token Rotation

revocation_endpoint (OAuth 2.0 revocation URL)

token_created_unix (Unix timestamp seconds)

now_unix (Unix timestamp seconds)

max_token_age_s (max allowed token age in seconds)

next_token_present

A replacement token has already been issued (satisfies rotation requirement even if current token is past max age)

Result

Execution Hash & §4 Artifact

SHA-256 execution hash (JCS canonical — RFC 8785):