Skip to main content

wcpd: reference implementation of the Workstation Capability Protocol (WCP)

Project description

wcpd — Workstation Capability Protocol (reference server)

wcpd is the reference implementation of the Workstation Capability Protocol (WCP) — an open, vendor-neutral standard that lets an AI agent discover, understand, and operate a whole workstation under governed, audited, revocable authority.

It exposes 35 capability families / 258 operations — accessibility tree, windows, screen, files, processes, packages, services, containers, VMs, Kubernetes, git, networking, a browser (Chrome DevTools), and an RDF/PROV-O knowledge-graph view of the machine — behind least-privilege scopes, sandbox confinement, and a hash-chained tamper-evident audit log. It speaks the Model Context Protocol, so any MCP client (Claude Desktop, Claude Code, …) can use it today.

Install

pip install wcp
pip install "wcp[graph]"     # + live SPARQL (rdflib) for wcp.graph.export

Extras: graph (rdflib for live SPARQL), linux-ax (PyGObject for the Linux AT-SPI2 accessibility backend), windows-ax (comtypes for the Windows UI Automation backend).

Run

wcpd stdio     # local single-user MCP over stdio (OS session = trust boundary)
wcpd serve     # HTTP/MCP binding (workstation-addressed JWT) for networked use
wcpd doctor    # probe which capability tiers this host supports

Restricted scopes are off by default and opt-in per flag: --allow-input --allow-osa --allow-browser-eval --allow-scheduler --allow-secrets.

Security

Every operation carries exactly one scope (wcp:<family>:<class>); five restricted scopes (input:synthesize, osa:run, browser:evaluate, scheduler:control, security:secrets) are never granted by wildcard and are opt-in per flag. Filesystem-touching families are sandbox-confined; every invocation (including denials) is appended to a SHA-256 hash-chained audit log that wcp.security.audit_verify can re-check for tampering. WCP never bypasses SIP/TCC/sudo — where a capability isn't available it returns WCP_BACKEND_UNAVAILABLE rather than faking a result.

Connect to Claude Desktop

Install into a venv outside macOS TCC-protected folders, add a wcp entry to ~/Library/Application Support/Claude/claude_desktop_config.json, restart Claude Desktop, and grant Accessibility + Screen Recording. Full guide, complete capability catalog, and the normative spec: https://github.com/kchemorion/WorkstationCapabilityProtocol

License

Apache-2.0. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wcp-0.1.0.tar.gz (393.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wcp-0.1.0-py3-none-any.whl (342.4 kB view details)

Uploaded Python 3

File details

Details for the file wcp-0.1.0.tar.gz.

File metadata

  • Download URL: wcp-0.1.0.tar.gz
  • Upload date:
  • Size: 393.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for wcp-0.1.0.tar.gz
Algorithm Hash digest
SHA256 0963e13538f91829cba5cca9366867260ca1fda8527982ad205703dc422da7c1
MD5 6784c19b90de056a551139213f5a71d2
BLAKE2b-256 e121b536d90df89523ec81a45cac4ff6d1a0274bfd7c1a261c8982621f93f159

See more details on using hashes here.

Provenance

The following attestation bundles were made for wcp-0.1.0.tar.gz:

Publisher: release.yml on kchemorion/WorkstationCapabilityProtocol

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file wcp-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: wcp-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 342.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for wcp-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6822aa553f6d71dc7bf7350c3a963b4008ce2411aefbaabc8a7fa34cc9bb0638
MD5 f4056cc213606f82507251b2bd52b501
BLAKE2b-256 54f55b964a4c6e4267106c381f41c60e5b57a4cf7e44b72a83b7ef323423ccc4

See more details on using hashes here.

Provenance

The following attestation bundles were made for wcp-0.1.0-py3-none-any.whl:

Publisher: release.yml on kchemorion/WorkstationCapabilityProtocol

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page