Tools & scopes — the Passport MCP catalog
Every tool the Passport MCP advertises, the scope each requires, and how discovery works. A connection only sees a tool when its token holds every scope that tool declares.
#Scopes
Tools declare the scopes they need; a connection sees a tool only when its token holds every required scope (so it's never advertised, not just denied at call time). The in-run session token holds all three:
| Scope | Session token | User's personal token |
|---|---|---|
identity:read | ✓ | ✓ |
conversation:read | ✓ | — |
conversation:write | ✓ | — |
#The tool catalog
| Tool | Returns | Requires |
|---|---|---|
get_identity | Display name, handle, bio, member-since date. See Identity. | Any token |
get_conversation_history | The transcript of the current conversation. See Conversation history. | Session token only |
post_reply | Append an assistant message. The first reply closes the active turn; later replies append while the token is valid. See Replies. | Session token only |
list_jobs | Read active/all jobs in this conversation. See Jobs. | Session token only |
propose_job | Propose a user-approved billable job. See Jobs. | Session token only |
complete_job | Complete a job and capture any approved hold. See Jobs. | Session token only |
cancel_job | Cancel a job and release any approved hold. See Jobs. | Session token only |
#Discovery & health check
GET is your discovery endpoint: There's no separate /healthz — an unauthenticated GET https://onbf.ai/api/mcp is your health/discovery endpoint. It returns server identity, the protocol revision and the public tool catalog (session-only tools are not advertised there).