Skip to content

UCCA MCP Server Brief v1

Machine-queryable interface to UCCA Inc

SURFACE: mcp.ucca.online (ucca-engine repo)
CF ACCOUNT: e5a9830215a8d88961dc6c80a8c7442a (UCCA account)
DO NOT TOUCH: ucco.foundation, ops.ucco.foundation, pioneer.ucco.foundation,
              pr.ucco.foundation, mcp.ucco.foundation, ops.ucca.online,
              ir.ucca.online, keys.ucca.online, rtopacks.com.au,
              or ANY other surface.
⚠️ WRANGLER LOGIN: This deploys to the UCCA Cloudflare account, NOT the Foundation account.
   Confirm you are logged into the correct account before any wrangler command.

What this is: MCP server for UCCA Inc — the commercial entity that implements the UCCO open standard. Same architecture as mcp.ucco.foundation (which you just built), different entity, different data.

Build approach: Clone the mcp.ucco.foundation architecture exactly. Same Worker structure, same MCP protocol, same OAuth 2.1 pattern, same ops endpoint pattern. Different D1 database, different content, different domain.

→ ALEX

Part 1 — Infrastructure

1.1 — DNS

Add mcp CNAME to ucca.online zone pointing to the Worker route.

1.2 — D1 Database

Create a new D1 database mcp-db in the UCCA Cloudflare account. This is separate from engine-db and ops-db.

Tables — clone the OAuth tables from mcp.ucco.foundation exactly:

CREATE TABLE oauth_clients (
  client_id TEXT PRIMARY KEY,
  client_secret_hash TEXT NOT NULL,
  client_name TEXT NOT NULL,
  redirect_uris TEXT NOT NULL,
  grant_types TEXT NOT NULL DEFAULT '["authorization_code"]',
  scope TEXT NOT NULL DEFAULT 'read',
  created_at TEXT NOT NULL DEFAULT (datetime('now')),
  active INTEGER NOT NULL DEFAULT 1
);

CREATE TABLE oauth_codes (
  code TEXT PRIMARY KEY,
  client_id TEXT NOT NULL,
  redirect_uri TEXT NOT NULL,
  code_challenge TEXT,
  code_challenge_method TEXT DEFAULT 'S256',
  scope TEXT NOT NULL DEFAULT 'read',
  expires_at TEXT NOT NULL,
  used INTEGER NOT NULL DEFAULT 0,
  created_at TEXT NOT NULL DEFAULT (datetime('now')),
  FOREIGN KEY (client_id) REFERENCES oauth_clients(client_id)
);

CREATE TABLE oauth_tokens (
  token_hash TEXT PRIMARY KEY,
  client_id TEXT NOT NULL,
  scope TEXT NOT NULL DEFAULT 'read',
  expires_at TEXT NOT NULL,
  revoked INTEGER NOT NULL DEFAULT 0,
  created_at TEXT NOT NULL DEFAULT (datetime('now')),
  FOREIGN KEY (client_id) REFERENCES oauth_clients(client_id)
);

CREATE TABLE oauth_usage (
  id INTEGER PRIMARY KEY AUTOINCREMENT,
  client_id TEXT NOT NULL,
  tool_name TEXT NOT NULL,
  timestamp TEXT NOT NULL DEFAULT (datetime('now')),
  FOREIGN KEY (client_id) REFERENCES oauth_clients(client_id)
);

CREATE TABLE mcp_usage (
  id INTEGER PRIMARY KEY AUTOINCREMENT,
  tool_name TEXT NOT NULL,
  authenticated INTEGER NOT NULL DEFAULT 0,
  timestamp TEXT NOT NULL DEFAULT (datetime('now'))
);

1.3 — Worker

New Cloudflare Worker: ucca-mcp Route: mcp.ucca.online/*

Clone the full architecture from mcp.ucco.foundation: - MCP JSON-RPC handler at /mcp - Root / returns server info JSON - OAuth 2.1 endpoints: /oauth/authorize, /oauth/token, /oauth/revoke - OAuth metadata: /.well-known/oauth-authorization-server - Ops endpoints: /ops/clients, /ops/usage (protected by X-OPS-Key) - Documentation page at root for browser visitors

1.4 — OAuth

Identical OAuth 2.1 implementation to mcp.ucco.foundation: - PKCE required (S256) - Authorization codes: single-use, 10-minute expiry - Access tokens: 1-hour expiry, no refresh tokens - Unauthenticated access continues to work - All the same security requirements from the foundation OAuth addendum

Seed one test client. Save credentials to ~/projects/ucca-project/.credentials/mcp-test-client.env.

1.5 — Env vars

[vars]
OPS_API_KEY = ""  # Generate new, separate from foundation

Generate a new OPS_API_KEY for UCCA MCP. Do NOT reuse the foundation's key.

Part 2 — Tools (Stub Content)

8 tools. All return valid JSON. Content is placeholder — Tim and Pace will provide final copy later. The important thing is the tool names, descriptions, and response structure are correct now.

2.1 — get_company_info

Description: "Get information about UCCA Inc — the commercial entity implementing the UCCO open standard."

{
  "name": "UCCA Inc",
  "dba": "Universal Capability Certification Authority",
  "type": "Delaware C-Corp",
  "jurisdiction": "Delaware, United States",
  "file_number": "7824354",
  "ein": "84-4522608",
  "duns": "119-199-377",
  "trademark": "USPTO Reg. No. 7,619,705 — Int. Cl. 41",
  "first_use_in_commerce": "September 25, 2017",
  "website": "https://ucca.online",
  "contact": "admin@ucca.online",
  "relationship_to_standard": "UCCA Inc is the first commercial implementation of the UCCO open standard, and publisher of the specification.",
  "standard_governance": "UCCO Foundation, Inc. (https://ucco.foundation)"
}

2.2 — get_services

Description: "Get an overview of UCCA's capability verification services."

{
  "summary": "Content pending — service descriptions in development.",
  "status": "stub"
}

2.3 — get_products

Description: "Get information about UCCA's product suite."

{
  "summary": "Content pending — product descriptions in development.",
  "status": "stub"
}

2.4 — get_verification_info

Description: "Learn how UCCA's cryptographic capability verification works."

{
  "summary": "Content pending — verification methodology description in development.",
  "status": "stub"
}

2.5 — get_pricing

Description: "Get UCCA's commercial pricing tiers."

{
  "summary": "Content pending — pricing information in development.",
  "status": "stub"
}

2.6 — get_standard_relationship

Description: "Understand the relationship between UCCA Inc (commercial) and the UCCO open standard (foundation)."

{
  "commercial_entity": "UCCA Inc",
  "standard": "Universal Capability Chain Object (UCCO)",
  "governing_body": "UCCO Foundation, Inc.",
  "relationship": "UCCA Inc is the first certified commercial implementation of the UCCO open standard. The standard is governed independently by the UCCO Foundation. UCCA Inc published the original specification and donated governance to the Foundation.",
  "standard_website": "https://ucco.foundation",
  "standard_mcp": "https://mcp.ucco.foundation",
  "commercial_website": "https://ucca.online"
}

2.7 — get_contact

Description: "Get contact information for UCCA Inc."

{
  "general": "admin@ucca.online",
  "website": "https://ucca.online",
  "press": "https://ucca.online",
  "registered_address": "1207 Delaware Ave #1678, Wilmington, DE 19806",
  "operational_headquarters": "Brisbane, Australia"
}

2.8 — get_australian_entity

Description: "Get information about UCCA's Australian entity."

{
  "name": "UCCAustralia Pty Ltd",
  "abn": "59 168 872 535",
  "address": "149 Wickham Tce, Spring Hill QLD 4000",
  "relationship": "Australian operating entity of UCCA Inc",
  "website": "https://ucca.com.au"
}

Part 3 — Root Endpoint

GET / returns:

{
  "name": "ucca-inc",
  "version": "1.0.0",
  "protocol": "2025-03-26",
  "endpoint": "https://mcp.ucca.online/mcp",
  "tools": [
    "get_company_info",
    "get_services",
    "get_products",
    "get_verification_info",
    "get_pricing",
    "get_standard_relationship",
    "get_contact",
    "get_australian_entity"
  ]
}

Part 4 — Documentation Page

Browser visitors to mcp.ucca.online (Accept: text/html) get a clean documentation page. Same pattern as mcp.ucco.foundation but branded for UCCA:

  • Title: "UCCA Inc — MCP Server"
  • Subtitle: "Machine-queryable interface to UCCA capability verification services"
  • List of 8 tools with descriptions
  • Connection instruction: claude mcp add ucca-inc https://mcp.ucca.online/mcp
  • OAuth metadata link
  • Link to UCCO Foundation MCP server for standard queries

Part 5 — Ops Stub

Add a stub page to ops.ucca.online under Infrastructure → MCP Server. Same pattern as the foundation ops page. Shows: - Server status (up/down) - Tool list - Usage stats from mcp_usage table - OAuth client list from oauth_clients table

Part 6 — Testing

Same test sequence as the foundation server:

# 1. Root endpoint
curl -s https://mcp.ucca.online

# 2. OAuth metadata
curl -s https://mcp.ucca.online/.well-known/oauth-authorization-server

# 3. All tools respond
for tool in get_company_info get_services get_products get_verification_info get_pricing get_standard_relationship get_contact get_australian_entity; do
  echo "=== $tool ==="
  curl -s -X POST https://mcp.ucca.online/mcp \
    -H "Content-Type: application/json" \
    -d "{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"tools/call\",\"params\":{\"name\":\"$tool\"}}"
  echo -e "\n"
done

# 4. OAuth flow (use test client credentials)
# Same 7-step test sequence from foundation OAuth addendum

→ TIM

What this does

Builds the UCCA Inc MCP server — same architecture Alex just deployed for the foundation, but for the commercial entity. Eight tools, OAuth 2.1, registry-ready from day one.

Why stubs

Five of the eight tools return placeholder content. This is deliberate — we're shipping infrastructure now while Alex is hot, then you and Pace fill in the content at your pace. The tool names, descriptions, and response structures are locked. Only the content payloads change later.

What's live vs stub

  • Live content: get_company_info, get_standard_relationship, get_contact, get_australian_entity — these are factual data that won't change
  • Stub content: get_services, get_products, get_verification_info, get_pricing — these need the signal discussion before going live

After this deploys

Two MCP servers running: - mcp.ucco.foundation — the standard (foundation) - mcp.ucca.online — the business (commercial)

Any AI on earth can query either one. The separation between foundation and commercial is clean and machine-readable.

UCCA MCP Server Brief v1 15 March 2026 — Session 9