Manifest spec
The full field-by-field reference. A BCP manifest is a JSON-LD document that subclasses schema:Organization. It has exactly five top-level blocks plus an envelope and an optional signature.
Envelope
The top-level fields every manifest must have.
- @context
- JSON-LD context array. Always includes
https://schema.organd the BCP context URL. - @type
- Always
["Organization", "BusinessCard"]. - @id
- Canonical URL of the manifest itself. Should equal the URL it is served from.
- bcp:version
- Semver string matching the spec revision. v1 is
"1.0.0". - bcp:updated
- RFC 3339 timestamp of the manifest's last material change.
- bcp:expires
- RFC 3339 timestamp after which the manifest must be re-fetched. Optional. Recommended for signed manifests.
Identity block
Who the company legally is.
| Field | Type | Required | Notes |
|---|---|---|---|
| legalName | string | yes | Registered legal name. Matches the LEI Level-1 record when an LEI is present. |
| domain | string | yes | Bare host (no protocol). Must match the host the manifest is served from. |
| lei | string | no | 20-character LEI (ISO 17442). When present, the legalName must match GLEIF Level-1. |
| vleiCredential | string | no | URL to the vLEI credential JSON. Used during signature verification. |
| jurisdiction | string | yes | ISO 3166-2 code (e.g. US-DE, RO-B). |
| legalForm | string | yes | ISO 20275 ELF code or human label (Corporation, SRL). |
| incorporationDate | string | no | ISO date. |
| registeredAddress | object | no | Schema.org PostalAddress. |
| taxIds | object | no | Map of jurisdiction code to tax id ({ EIN: '12-3456789' }). |
| naics | string[] | no | NAICS industry codes. |
| isic | string[] | no | ISIC industry codes (international alternative). |
| sameAs | string[] | no | URLs to the same entity on Wikidata, Crunchbase, LinkedIn, etc. |
Capabilities block
How an agent reaches the company programmatically. References to other protocols.
| Field | Type | Required | Notes |
|---|---|---|---|
| mcpServers | object[] | no | One or more MCP server descriptors. See below. |
| a2aAgentCards | string[] | no | URLs to A2A agent cards. Usually https://<host>/.well-known/agent.json. |
| nlwebEndpoint | string | no | NLWeb /ask URL. |
| openApi | string | no | OpenAPI 3.x spec URL. |
| cli | object | no | Optional CLI install descriptor. |
mcpServers entries
| Field | Type | Required | Notes |
|---|---|---|---|
| url | string | yes | HTTP URL for streamable transport or stdio:// command. |
| transport | string | yes | One of http, sse, stdio. |
| auth | string[] | yes | Supported auth: oauth2, bearer, apikey, mtls, none. |
| scopes | string[] | no | Available scopes. Mirrors policy.allowActions. |
| label | string | no | Short human label for the server. |
Commerce block
How an agent transacts. Optional. Non-commercial entities omit this block.
| Field | Type | Required | Notes |
|---|---|---|---|
| catalog | string | no | UCP-compatible catalog endpoint. |
| pricing | string | no | Human-readable pricing page URL. |
| currencies | string[] | no | ISO 4217 currency codes. |
| termsOfSale | string | no | URL to terms of sale or T&C. |
| returnPolicy | string | no | URL to return / refund policy. |
| supportedJurisdictions | string[] | no | ISO 3166-1 country codes the company sells to. |
| paymentRails | object[] | no | One entry per supported payment protocol. |
paymentRails entries
| Field | Type | Required | Notes |
|---|---|---|---|
| protocol | string | yes | One of AP2, ACP, UCP, x402. |
| endpoint | string | yes | HTTPS endpoint. |
| instruments | string[] | yes | Accepted instruments: card, ach, wire, sepa, stablecoin:USDC, etc. |
Policy block
What agents are allowed to do. Honoured on a trust basis. Treat as advisory unless backed by auth.
| Field | Type | Default | Notes |
|---|---|---|---|
| allowTraining | boolean | false | Whether content from the company's surfaces may be used to train models. |
| allowRAG | boolean | true | Whether content may be embedded into RAG indices at inference time. |
| allowActions | string[] | [] | Whitelist of action scopes agents may invoke without prior contract. |
| denyActions | string[] | [] | Explicit deny list. Overrides allowActions on conflict. |
| rateLimit | object | {} | Per-class rate limit (anonymous, authenticated, verified). |
| robotsTxt | string | - | Cross-reference to the canonical robots.txt URL. |
| llmsTxt | string | - | Cross-reference to the canonical llms.txt URL. |
| licenseUrl | string | - | AI-usage license terms URL. |
| agentAllowlist | object[] | [] | Per-agent grants (named agent name → permitted scopes). |
policy.allowActions must still enforce auth, rate limits, and abuse protection at the MCP layer. Reading the manifest does not grant any access.State block
Operational state. Expected to change often.
| Field | Type | Required | Notes |
|---|---|---|---|
| status | string | yes | One of operational, degraded, maintenance, retired. |
| incidentWebhook | string | no | HTTPS endpoint to subscribe to incident updates. |
| statusPage | string | no | Public status page URL. |
| sla | object | no | Targets: uptime, responseTime. |
| supportContact | object | yes | Email plus hours plus timezone. Required so an agent can escalate. |
Signature block
Detached JWS over the canonicalised manifest body. Strongly recommended.
| Field | Type | Required | Notes |
|---|---|---|---|
| alg | string | yes | JOSE algorithm. ES256 for vLEI-bound credentials. |
| kid | string | yes | Key id. Format: vlei:<LEI>:ofcr:<role>:<period> for vLEI. |
| value | string | yes | Base64url-encoded JWS detached signature. |
| signedAt | string | yes | RFC 3339 timestamp the signature was produced. |
| x5u | string | no | URL to a certificate chain when not using vLEI. |
signature block removed. Seethe signing page for the full algorithm.Minimal manifest
The smallest manifest a v1 consumer must accept.
Conformance levels
A grading system for manifests.
| Level | Requirements | Use case |
|---|---|---|
| L0 - Advisory | Valid JSON-LD. Identity + capabilities + state blocks. No signature, no LEI. | Solo developers, side projects, pre-registration entities. Read-only operations only. |
| L1 - Identified | L0 plus an LEI in identity.legalName matches GLEIF Level-1. | Registered companies. Can be cited in agent decisions. Still no cryptographic proof. |
| L2 - Signed | L1 plus a signature block. Algorithm ES256 or RS256. Public key reachable. | Companies that want their manifest to be authoritative for agent actions. |
| L3 - vLEI | L2 plus the signing key is a vLEI role credential issued by an accredited QVI. | Regulated industries, M&A counterparties, banking. Cryptographic chain to GLEIF root. |
Reserved fields
Top-level field names that are reserved for future versions.
Consumers must ignore top-level fields they do not recognise. The following names are reserved by the spec and will be assigned semantics in future versions. Implementations should not use them for vendor extensions.
| Field | Reserved for |
|---|---|
| people | Officers and authorised agent signing keys (v1.1) |
| financial | Revenue attestation endpoint, audited financials (v2) |
| acquisition | M&A-specific 'Acquisition Card' sub-spec (v2) |
| autonomous | Agent-formed entity declaration (v2) |
| bcp:extensions | Vendor extensions namespace. Reserved but unallocated. |
ultron: for ours) and live underbcp:extensions when v1.1 ships.