BCP

Manifest spec

The full field-by-field reference. A BCP manifest is a JSON-LD document that subclasses schema:Organization. It has exactly five top-level blocks plus an envelope and an optional signature.

Updated today

Envelope

The top-level fields every manifest must have.

At a glance
@context
JSON-LD context array. Always includes https://schema.org and the BCP context URL.
@type
Always ["Organization", "BusinessCard"].
@id
Canonical URL of the manifest itself. Should equal the URL it is served from.
bcp:version
Semver string matching the spec revision. v1 is "1.0.0".
bcp:updated
RFC 3339 timestamp of the manifest's last material change.
bcp:expires
RFC 3339 timestamp after which the manifest must be re-fetched. Optional. Recommended for signed manifests.
envelope.jsonjson
1{
2 "@context": [
3 "https://schema.org",
4 "https://bcp.51ultron.com/schema/v1"
5 ],
6 "@type": ["Organization", "BusinessCard"],
7 "@id": "https://acme.com/.well-known/business.json",
8 "bcp:version": "1.0.0",
9 "bcp:updated": "2026-05-19T14:30:00Z",
10 "bcp:expires": "2026-06-19T14:30:00Z",
11
12 "identity": { /* … */ },
13 "capabilities": { /* … */ },
14 "commerce": { /* … */ },
15 "policy": { /* … */ },
16 "state": { /* … */ },
17 "signature": { /* … */ }
18}

Identity block

Who the company legally is.

FieldTypeRequiredNotes
legalNamestringyesRegistered legal name. Matches the LEI Level-1 record when an LEI is present.
domainstringyesBare host (no protocol). Must match the host the manifest is served from.
leistringno20-character LEI (ISO 17442). When present, the legalName must match GLEIF Level-1.
vleiCredentialstringnoURL to the vLEI credential JSON. Used during signature verification.
jurisdictionstringyesISO 3166-2 code (e.g. US-DE, RO-B).
legalFormstringyesISO 20275 ELF code or human label (Corporation, SRL).
incorporationDatestringnoISO date.
registeredAddressobjectnoSchema.org PostalAddress.
taxIdsobjectnoMap of jurisdiction code to tax id ({ EIN: '12-3456789' }).
naicsstring[]noNAICS industry codes.
isicstring[]noISIC industry codes (international alternative).
sameAsstring[]noURLs to the same entity on Wikidata, Crunchbase, LinkedIn, etc.
identity.jsonjson
1{
2 "identity": {
3 "legalName": "Acme Corporation, Inc.",
4 "domain": "acme.com",
5 "lei": "5493000IBP32UQZ0KL24",
6 "vleiCredential": "https://acme.com/.well-known/vlei.json",
7 "jurisdiction": "US-DE",
8 "legalForm": "Corporation",
9 "incorporationDate": "2018-03-12",
10 "registeredAddress": {
11 "@type": "PostalAddress",
12 "streetAddress": "1 Main Street",
13 "addressLocality": "Wilmington",
14 "addressRegion": "DE",
15 "postalCode": "19801",
16 "addressCountry": "US"
17 },
18 "taxIds": { "EIN": "12-3456789" },
19 "naics": ["541511"],
20 "sameAs": [
21 "https://www.wikidata.org/wiki/Q12345678",
22 "https://www.crunchbase.com/organization/acme",
23 "https://www.linkedin.com/company/acme"
24 ]
25 }
26}

Capabilities block

How an agent reaches the company programmatically. References to other protocols.

FieldTypeRequiredNotes
mcpServersobject[]noOne or more MCP server descriptors. See below.
a2aAgentCardsstring[]noURLs to A2A agent cards. Usually https://<host>/.well-known/agent.json.
nlwebEndpointstringnoNLWeb /ask URL.
openApistringnoOpenAPI 3.x spec URL.
cliobjectnoOptional CLI install descriptor.

mcpServers entries

FieldTypeRequiredNotes
urlstringyesHTTP URL for streamable transport or stdio:// command.
transportstringyesOne of http, sse, stdio.
authstring[]yesSupported auth: oauth2, bearer, apikey, mtls, none.
scopesstring[]noAvailable scopes. Mirrors policy.allowActions.
labelstringnoShort human label for the server.
capabilities.jsonjson
1{
2 "capabilities": {
3 "mcpServers": [
4 {
5 "url": "https://api.acme.com/mcp",
6 "transport": "http",
7 "auth": ["oauth2", "bearer"],
8 "scopes": ["catalog.read", "pricing.read", "bookings.write", "leads.create"],
9 "label": "Acme public surface"
10 }
11 ],
12 "a2aAgentCards": [
13 "https://api.acme.com/.well-known/agent.json"
14 ],
15 "nlwebEndpoint": "https://acme.com/api/ask",
16 "openApi": "https://api.acme.com/openapi.json",
17 "cli": {
18 "install": "npm install -g @acme/cli",
19 "command": "acme"
20 }
21 }
22}
Note
The manifest never enumerates individual tools. Listing tools is MCP's job. The manifest only points at the server and declares which scopes the server exposes.

Commerce block

How an agent transacts. Optional. Non-commercial entities omit this block.

FieldTypeRequiredNotes
catalogstringnoUCP-compatible catalog endpoint.
pricingstringnoHuman-readable pricing page URL.
currenciesstring[]noISO 4217 currency codes.
termsOfSalestringnoURL to terms of sale or T&C.
returnPolicystringnoURL to return / refund policy.
supportedJurisdictionsstring[]noISO 3166-1 country codes the company sells to.
paymentRailsobject[]noOne entry per supported payment protocol.

paymentRails entries

FieldTypeRequiredNotes
protocolstringyesOne of AP2, ACP, UCP, x402.
endpointstringyesHTTPS endpoint.
instrumentsstring[]yesAccepted instruments: card, ach, wire, sepa, stablecoin:USDC, etc.
commerce.jsonjson
1{
2 "commerce": {
3 "catalog": "https://api.acme.com/catalog",
4 "pricing": "https://acme.com/pricing",
5 "currencies": ["USD", "EUR"],
6 "termsOfSale": "https://acme.com/terms",
7 "returnPolicy": "https://acme.com/returns",
8 "supportedJurisdictions": ["US", "EU", "UK", "CA"],
9 "paymentRails": [
10 {
11 "protocol": "AP2",
12 "endpoint": "https://api.acme.com/ap2",
13 "instruments": ["card", "ach"]
14 },
15 {
16 "protocol": "x402",
17 "endpoint": "https://api.acme.com/x402",
18 "instruments": ["stablecoin:USDC"]
19 }
20 ]
21 }
22}

Policy block

What agents are allowed to do. Honoured on a trust basis. Treat as advisory unless backed by auth.

FieldTypeDefaultNotes
allowTrainingbooleanfalseWhether content from the company's surfaces may be used to train models.
allowRAGbooleantrueWhether content may be embedded into RAG indices at inference time.
allowActionsstring[][]Whitelist of action scopes agents may invoke without prior contract.
denyActionsstring[][]Explicit deny list. Overrides allowActions on conflict.
rateLimitobject{}Per-class rate limit (anonymous, authenticated, verified).
robotsTxtstring-Cross-reference to the canonical robots.txt URL.
llmsTxtstring-Cross-reference to the canonical llms.txt URL.
licenseUrlstring-AI-usage license terms URL.
agentAllowlistobject[][]Per-agent grants (named agent name → permitted scopes).
policy.jsonjson
1{
2 "policy": {
3 "allowTraining": false,
4 "allowRAG": true,
5 "allowActions": [
6 "catalog.read",
7 "pricing.read",
8 "bookings.create",
9 "leads.create"
10 ],
11 "denyActions": [
12 "leads.delete",
13 "billing.modify"
14 ],
15 "rateLimit": {
16 "anonymous": "10/hour",
17 "authenticated": "1000/hour",
18 "verified": "10000/hour"
19 },
20 "robotsTxt": "https://acme.com/robots.txt",
21 "llmsTxt": "https://acme.com/llms.txt",
22 "licenseUrl": "https://acme.com/ai-license"
23 }
24}
Warning
Policy is signaling, not enforcement. A server that exposes actions in policy.allowActions must still enforce auth, rate limits, and abuse protection at the MCP layer. Reading the manifest does not grant any access.

State block

Operational state. Expected to change often.

FieldTypeRequiredNotes
statusstringyesOne of operational, degraded, maintenance, retired.
incidentWebhookstringnoHTTPS endpoint to subscribe to incident updates.
statusPagestringnoPublic status page URL.
slaobjectnoTargets: uptime, responseTime.
supportContactobjectyesEmail plus hours plus timezone. Required so an agent can escalate.
state.jsonjson
1{
2 "state": {
3 "status": "operational",
4 "statusPage": "https://status.acme.com",
5 "incidentWebhook": "https://acme.com/api/incidents/subscribe",
6 "sla": {
7 "uptime": "99.9",
8 "responseTime": "PT24H"
9 },
10 "supportContact": {
11 "email": "support@acme.com",
12 "hours": "Mo-Fr 09:00-18:00",
13 "timezone": "America/New_York"
14 }
15 }
16}

Signature block

Detached JWS over the canonicalised manifest body. Strongly recommended.

FieldTypeRequiredNotes
algstringyesJOSE algorithm. ES256 for vLEI-bound credentials.
kidstringyesKey id. Format: vlei:<LEI>:ofcr:<role>:<period> for vLEI.
valuestringyesBase64url-encoded JWS detached signature.
signedAtstringyesRFC 3339 timestamp the signature was produced.
x5ustringnoURL to a certificate chain when not using vLEI.
signature.jsonjson
1{
2 "signature": {
3 "alg": "ES256",
4 "kid": "vlei:5493000IBP32UQZ0KL24:ofcr:CEO:2026-Q2",
5 "signedAt": "2026-05-19T14:30:00Z",
6 "value": "eyJhbGciOiJFUzI1NiIsImtpZCI6InZsZWk..."
7 }
8}
Note
Canonicalisation algorithm: JSON Canonicalization Scheme (JCS, RFC 8785) over the manifest body with thesignature block removed. Seethe signing page for the full algorithm.

Minimal manifest

The smallest manifest a v1 consumer must accept.

minimal-business.jsonjson
1{
2 "@context": [
3 "https://schema.org",
4 "https://bcp.51ultron.com/schema/v1"
5 ],
6 "@type": ["Organization", "BusinessCard"],
7 "@id": "https://tiny.dev/.well-known/business.json",
8 "bcp:version": "1.0.0",
9 "bcp:updated": "2026-05-19T10:00:00Z",
10
11 "identity": {
12 "legalName": "Tiny Software SRL",
13 "domain": "tiny.dev",
14 "jurisdiction": "RO-B",
15 "legalForm": "SRL"
16 },
17
18 "capabilities": {
19 "mcpServers": [
20 {
21 "url": "https://api.tiny.dev/mcp",
22 "transport": "http",
23 "auth": ["oauth2"]
24 }
25 ]
26 },
27
28 "policy": {
29 "allowTraining": false,
30 "allowRAG": true,
31 "allowActions": ["catalog.read"]
32 },
33
34 "state": {
35 "status": "operational",
36 "supportContact": {
37 "email": "hi@tiny.dev",
38 "hours": "Mo-Fr 10:00-18:00",
39 "timezone": "Europe/Bucharest"
40 }
41 }
42}
Tip
This is the floor. No LEI, no signature, no commerce block. Consumers must accept this and treat it as advisory. Adding the signature block upgrades the manifest from advisory to authoritative.

Conformance levels

A grading system for manifests.

LevelRequirementsUse case
L0 - AdvisoryValid JSON-LD. Identity + capabilities + state blocks. No signature, no LEI.Solo developers, side projects, pre-registration entities. Read-only operations only.
L1 - IdentifiedL0 plus an LEI in identity.legalName matches GLEIF Level-1.Registered companies. Can be cited in agent decisions. Still no cryptographic proof.
L2 - SignedL1 plus a signature block. Algorithm ES256 or RS256. Public key reachable.Companies that want their manifest to be authoritative for agent actions.
L3 - vLEIL2 plus the signing key is a vLEI role credential issued by an accredited QVI.Regulated industries, M&A counterparties, banking. Cryptographic chain to GLEIF root.
Note
The level a manifest reaches is up to the publisher. Consumers declare in their policy what minimum level they will act on (e.g. "L2 required for write actions, L0 acceptable for read-only queries").

Reserved fields

Top-level field names that are reserved for future versions.

Consumers must ignore top-level fields they do not recognise. The following names are reserved by the spec and will be assigned semantics in future versions. Implementations should not use them for vendor extensions.

FieldReserved for
peopleOfficers and authorised agent signing keys (v1.1)
financialRevenue attestation endpoint, audited financials (v2)
acquisitionM&A-specific 'Acquisition Card' sub-spec (v2)
autonomousAgent-formed entity declaration (v2)
bcp:extensionsVendor extensions namespace. Reserved but unallocated.
Tip
Vendor-specific fields must use a custom prefix (ultron: for ours) and live underbcp:extensions when v1.1 ships.