Protocol

MCP Integration

Point agents to your MCP server with a minimal URL + auth config. AWP doesn't replicate the MCP spec — it just tells agents where to connect.

Design philosophy

AWP's MCP schema is intentionally minimal. The MCP protocol already advertises tools, resources, and prompts once an agent connects — AWP's job is simpler: tell the agent where the door is and how to knock.

Rule of thumb

If information is already in the MCP handshake, don't duplicate it in mcp.json. AWP just needs URL + transport + auth.

SSE is deprecated

Streamable HTTP ("transport": "http") is the current MCP standard. SSE is legacy — use it only for older servers that haven't migrated yet.

Authentication types

No authentication

/awp/mcp/mcp.json
{
  "url": "https://api.example.com/mcp",
  "transport": "http",
  "mcp_version": "2024-11-05",
  "authentication": { "type": "none" }
}

Bearer token

/awp/mcp/mcp.json
{
  "url": "https://api.example.com/mcp",
  "transport": "http",
  "mcp_version": "2024-11-05",
  "authentication": {
    "type": "bearer",
    "header": "Authorization",
    "registration_url": "https://api.example.com/awp/auth/register"
  }
}

API key

/awp/mcp/mcp.json
{
  "url": "https://api.example.com/mcp",
  "transport": "http",
  "authentication": {
    "type": "api_key",
    "header": "X-API-Key",
    "registration_url": "https://example.com/developers/keys"
  }
}

OAuth 2.1

Full OAuth 2.1 flow — agent fetches a token from token_url then uses it as Bearer. This is the MCP-recommended auth for production remote servers.

/awp/mcp/mcp.json
{
  "url": "https://api.example.com/mcp",
  "transport": "http",
  "mcp_version": "2024-11-05",
  "authentication": {
    "type": "oauth2",
    "token_url": "https://auth.example.com/oauth/token",
    "scopes": ["mcp:read", "mcp:execute"],
    "registration_url": "https://example.com/oauth/apps"
  }
}

Transport types

Transport	Status	Use when
`http`	Recommended	All new MCP servers. Streamable HTTP — scalable, cloud-ready.
`sse`	Legacy	Older MCP servers not yet migrated to Streamable HTTP.
`stdio`	Local only	Subprocess/local servers. Rarely used in public AWP context.

Validate your MCP config

typescript
import { AWPValidator } from '@agentic-web-protocol/validator';

const v = new AWPValidator();
const result = v.validateMCP({
  url: "https://api.example.com/mcp",
  transport: "http",
  authentication: { type: "bearer", header: "Authorization" },
});

console.log(result.valid ? '✓ Valid' : result.errors);

python
from agentic_web_protocol import AWPValidator

v = AWPValidator()
result = v.validate_mcp({
    "url": "https://api.example.com/mcp",
    "transport": "http",
    "authentication": {"type": "bearer", "header": "Authorization"},
})
print("✓ Valid" if result.valid else result.errors)

Wire into discovery

/.well-known/agentic-web-protocol.json (partial)
{
  "capabilities": ["content", "search", "mcp"],
  "endpoints": {
    "manifest": "/awp/manifest.json",
    "mcp": "/awp/mcp/mcp.json"
  }
}