wcpd: reference implementation of the Workstation Capability Protocol (WCP)
Project description
wcpd — Workstation Capability Protocol (reference server)
wcpd is the reference implementation of the Workstation Capability Protocol (WCP) — an open, vendor-neutral standard that lets an AI agent discover, understand, and operate a whole workstation under governed, audited, revocable authority.
It exposes 35 capability families / 258 operations — accessibility tree, windows, screen, files, processes, packages, services, containers, VMs, Kubernetes, git, networking, a browser (Chrome DevTools), and an RDF/PROV-O knowledge-graph view of the machine — behind least-privilege scopes, sandbox confinement, and a hash-chained tamper-evident audit log. It speaks the Model Context Protocol, so any MCP client (Claude Desktop, Claude Code, …) can use it today.
Install
pip install wcp
pip install "wcp[graph]" # + live SPARQL (rdflib) for wcp.graph.export
Extras: graph (rdflib for live SPARQL), linux-ax (PyGObject for the Linux AT-SPI2 accessibility backend), windows-ax (comtypes for the Windows UI Automation backend).
Run
wcpd stdio # local single-user MCP over stdio (OS session = trust boundary)
wcpd serve # HTTP/MCP binding (workstation-addressed JWT) for networked use
wcpd doctor # probe which capability tiers this host supports
Restricted scopes are off by default and opt-in per flag:
--allow-input --allow-osa --allow-browser-eval --allow-scheduler --allow-secrets.
Security
Every operation carries exactly one scope (wcp:<family>:<class>); five restricted scopes (input:synthesize, osa:run, browser:evaluate, scheduler:control, security:secrets) are never granted by wildcard and are opt-in per flag. Filesystem-touching families are sandbox-confined; every invocation (including denials) is appended to a SHA-256 hash-chained audit log that wcp.security.audit_verify can re-check for tampering. WCP never bypasses SIP/TCC/sudo — where a capability isn't available it returns WCP_BACKEND_UNAVAILABLE rather than faking a result.
Connect to Claude Desktop
Install into a venv outside macOS TCC-protected folders, add a wcp entry to
~/Library/Application Support/Claude/claude_desktop_config.json, restart Claude Desktop,
and grant Accessibility + Screen Recording. Full guide, complete capability catalog, and
the normative spec: https://github.com/kchemorion/WorkstationCapabilityProtocol
License
Apache-2.0. See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wcp-0.1.0.tar.gz.
File metadata
- Download URL: wcp-0.1.0.tar.gz
- Upload date:
- Size: 393.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0963e13538f91829cba5cca9366867260ca1fda8527982ad205703dc422da7c1
|
|
| MD5 |
6784c19b90de056a551139213f5a71d2
|
|
| BLAKE2b-256 |
e121b536d90df89523ec81a45cac4ff6d1a0274bfd7c1a261c8982621f93f159
|
Provenance
The following attestation bundles were made for wcp-0.1.0.tar.gz:
Publisher:
release.yml on kchemorion/WorkstationCapabilityProtocol
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wcp-0.1.0.tar.gz -
Subject digest:
0963e13538f91829cba5cca9366867260ca1fda8527982ad205703dc422da7c1 - Sigstore transparency entry: 2052976810
- Sigstore integration time:
-
Permalink:
kchemorion/WorkstationCapabilityProtocol@33d878ed3503c1211c0601347feaee8676b2ed02 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/kchemorion
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@33d878ed3503c1211c0601347feaee8676b2ed02 -
Trigger Event:
push
-
Statement type:
File details
Details for the file wcp-0.1.0-py3-none-any.whl.
File metadata
- Download URL: wcp-0.1.0-py3-none-any.whl
- Upload date:
- Size: 342.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6822aa553f6d71dc7bf7350c3a963b4008ce2411aefbaabc8a7fa34cc9bb0638
|
|
| MD5 |
f4056cc213606f82507251b2bd52b501
|
|
| BLAKE2b-256 |
54f55b964a4c6e4267106c381f41c60e5b57a4cf7e44b72a83b7ef323423ccc4
|
Provenance
The following attestation bundles were made for wcp-0.1.0-py3-none-any.whl:
Publisher:
release.yml on kchemorion/WorkstationCapabilityProtocol
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wcp-0.1.0-py3-none-any.whl -
Subject digest:
6822aa553f6d71dc7bf7350c3a963b4008ce2411aefbaabc8a7fa34cc9bb0638 - Sigstore transparency entry: 2052676802
- Sigstore integration time:
-
Permalink:
kchemorion/WorkstationCapabilityProtocol@33d878ed3503c1211c0601347feaee8676b2ed02 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/kchemorion
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@33d878ed3503c1211c0601347feaee8676b2ed02 -
Trigger Event:
push
-
Statement type: