Skip to content

Add Trust Levels to Adapter Schema #59

Closed
Closed
Add Trust Levels to Adapter Schema#59
Labels
adapterAdapter development relatedenhancementNew feature or requestphase-3Adapter: Adapter specifications and interfacessecuritySecurity model and policiesspecCore specification content
@mickdarling

Description

@mickdarling
mickdarling
opened on Jan 26, 2026

Summary

Define trust levels as a first-class concept in the MCP-AQL spec for adapters (and potentially other elements). Trust levels indicate the verification/validation status of an adapter and can be used to gate which operations are permitted.

Motivation

Adapters can be:

  • Dynamically generated from API interrogation
  • Hand-crafted by developers
  • Community-contributed via collection
  • Officially certified by API vendors

Each source has different reliability guarantees. Trust levels allow systems to make informed decisions about what operations to permit based on the adapter's provenance and validation status.

Proposed Trust Levels

Level Description Typical Permissions
untested Newly generated, no validation Introspection only
generated Programmatically generated, basic checks passed Read operations
validated Passed programmatic test harness Read + safe create
community-reviewed Validated + community vetting All non-destructive
certified Official verification (vendor or authority) All operations

Proposed Schema Addition

# Adapter front matter
---
name: example-api
type: adapter
version: "1.0.0"
trust:
  level: validated  # untested | generated | validated | community-reviewed | certified
  generated_at: "2026-01-15T10:00:00Z"
  validated_at: "2026-01-15T12:00:00Z"
  validated_by: "mcpaql-test-harness-v2"
  validation_report:
    tests_passed: 47
    tests_total: 47
    endpoints_verified: 23
  certification: null  # or: { authority: "GitHub", signature: "...", expires: "2027-01-15" }
  promoted_from: "generated"  # track promotion history
---

Behavior

  1. Promotion path: untested → generated → validated → community-reviewed → certified
  2. Demotion: If an adapter fails validation after API changes, trust level can be demoted
  3. Permission gating: Systems can configure minimum trust levels for operation categories
  4. Collection integration: Trust level is part of adapter metadata when published to collection

Related

  • Adapter element type definition
  • Security gatekeeper for dangerous operations
  • Collection submission/validation workflow

Tasks

  • Define trust level enum in spec
  • Add trust metadata schema
  • Document promotion/demotion rules
  • Define permission gating recommendations
  • Integration with collection workflow

Metadata

Metadata

Assignees

No one assigned

    Labels

    adapterAdapter development relatedenhancementNew feature or requestphase-3Adapter: Adapter specifications and interfacessecuritySecurity model and policiesspecCore specification content

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions