← Back to Home

Agentic Web — MCP Server Profile

A profile for turning any website into an AI-native endpoint — a real MCP server. Uses JSON-RPC 2.0, Streamable HTTP transport, tools, and cryptographic verification. The same protocol that AI agents already speak. See the reference implementation on GitHub.

Overview

The Agentic Web specification is an MCP Server Profile — a set of conventions for implementing any business's endpoint as a standard MCP server. It is not a separate protocol. Any MCP-compatible client (Claude, ChatGPT, custom agents) can connect without special adapters.

Architecture

The agentic web follows a three-party interaction model:

User

→

AI Agent (MCP Client)

⇄

Vendor MCP Server

Users interact with AI agents which connect to vendor MCP servers over Streamable HTTP. The vendor exposes tools through the standard MCP protocol — including tools for answering questions, taking actions, and qualifying buyers. The vendor maintains full control over responses, qualification logic, and available capabilities.

Key Capabilities

Tools

Enable AI agents to take actions — ask questions, schedule demos, open tickets, request quotes — via standard tools/call.

Qualification Flows

Collect buyer context through a qualify tool before revealing pricing or booking calls. Progressive, conversational data collection.

Verified Responses

Cryptographically sign tool results with Ed25519 so agents can verify that data comes directly from the vendor.

Resources

Servers MAY also expose MCP resources for bulk data access, but the primary interaction model is through tools.

MCP Compatibility

This profile targets the MCP 2025-03-26 specification. All messages are JSON-RPC 2.0. Transport is Streamable HTTP. Most interactions are anonymous — see Access Model for details.

Transport & Initialization

Agentic Web servers use Streamable HTTP — the MCP transport where a single HTTPS endpoint accepts JSON-RPC 2.0 messages via POST. Responses may be returned as a single JSON body or streamed via Server-Sent Events (SSE).

Endpoint

The vendor exposes a single MCP endpoint, for example:

POST https://acme.com/mcp
Content-Type: application/json
Accept: application/json, text/event-stream

All MCP methods (initialize, tools/list, tools/call, etc.) are sent to this single URL.

Initialize Handshake

Every session begins with an initialize request. The client declares its supported protocol version and capabilities, and the server responds with its own:

// Client → Server
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "initialize",
  "params": {
    "protocolVersion": "2025-03-26",
    "capabilities": {},
    "clientInfo": {
      "name": "claude-desktop",
      "version": "1.0.0"
    }
  }
}

// Server → Client
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "protocolVersion": "2025-03-26",
    "capabilities": {
      "tools": { "listChanged": true }
    },
    "serverInfo": {
      "name": "acme-agentic-web",
      "version": "1.0.0"
    }
  }
}

Session Management

After initialize, the server returns an Mcp-Session-Id header. The client includes this header on all subsequent requests to maintain session state:

POST https://acme.com/mcp
Content-Type: application/json
Mcp-Session-Id: sess_a1b2c3d4e5f6

Note

The Mcp-Session-Id header is how the server tracks qualification state, conversation context, and progressive data collection across multiple requests.

Tools

Vendor actions are exposed as MCP tools. Agents discover them via tools/list and invoke them via tools/call. Each tool includes a full JSON Schema inputSchema so agents know exactly what parameters to provide.

Required, optional, and custom tools

Category	Tools	Rule
Required	`ask_question`	Every Agentic Web server MUST implement this. It's the baseline: your business can answer questions.
Optional (standard)	`qualify`, `schedule_demo`, `request_quote`, `open_ticket`, `start_trial`	Implement whichever ones make sense. A bakery doesn't need `schedule_demo`. A SaaS company probably does.
Custom	Anything you want	Add your own tools: `place_order`, `check_stock`, `book_table`, `get_directions`. Agents discover them at runtime via `tools/list`.

Tip

The spec defines standard tool names so agents can recognize common patterns across servers. But you're not limited to them. If your business needs a reserve_court or check_availability tool, add it. The agent reads the description and inputSchema to figure out how to use it.

Listing Tools

// Client → Server
{
  "jsonrpc": "2.0",
  "id": 4,
  "method": "tools/list",
  "params": {}
}

// Server → Client
{
  "jsonrpc": "2.0",
  "id": 4,
  "result": {
    "tools": [
      {
        "name": "ask_question",
        "description": "Ask a free-form question about Acme's products, pricing, integrations, or compliance",
        "inputSchema": {
          "type": "object",
          "properties": {
            "question": { "type": "string", "description": "The question to ask" }
          },
          "required": ["question"]
        }
      },
      {
        "name": "schedule_demo",
        "description": "Book a product demo with a sales representative",
        "inputSchema": {
          "type": "object",
          "properties": {
            "preferred_times": {
              "type": "array",
              "items": { "type": "string", "format": "date-time" },
              "description": "ISO 8601 preferred meeting times"
            },
            "timezone": { "type": "string", "description": "IANA timezone (e.g. America/New_York)" },
            "topics": {
              "type": "array",
              "items": { "type": "string" },
              "description": "Topics to cover in the demo"
            }
          },
          "required": ["preferred_times", "timezone"]
        }
      },
      {
        "name": "qualify",
        "description": "Submit buyer qualification data to unlock gated actions",
        "inputSchema": { /* see Section 5 */ }
      }
    ]
  }
}

Standard Tools

ask_question

Free-form questions about products, pricing, integrations, and compliance. Returns verified answers.

schedule_demo

Book a product demonstration with a sales representative. Requires qualification.

open_ticket

Create a support ticket with full conversation context attached.

request_quote

Request custom pricing based on collected requirements.

start_trial

Initiate a free trial or sandbox environment for the user.

qualify

Submit buyer qualification data to unlock gated actions.

Calling a Tool

// Client → Server
{
  "jsonrpc": "2.0",
  "id": 5,
  "method": "tools/call",
  "params": {
    "name": "ask_question",
    "arguments": {
      "question": "Does Acme support Salesforce integration?"
    }
  }
}

// Server → Client
{
  "jsonrpc": "2.0",
  "id": 5,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "Yes, Acme offers native Salesforce integration on all paid plans. Setup takes approximately 15 minutes with our guided wizard."
      }
    ],
    "structuredContent": {
      "answer": "Yes, Acme offers native Salesforce integration on all paid plans.",
      "confidence": 1.0,
      "sources": [
        {
          "type": "documentation",
          "url": "https://docs.acme.com/integrations/salesforce"
        }
      ],
      "suggestedActions": ["schedule_demo", "start_trial"],
      "verification": {
        "algorithm": "Ed25519",
        "keyId": "acme-2025-03",
        "signature": "base64-encoded-signature..."
      }
    }
  }
}

Structured Content

The content array contains human-readable text for display. The structuredContent object contains typed, machine-readable data — including verification signatures — for programmatic use by the agent.

Small Business Example

The same protocol powers small businesses too. Here's how Rosa's Bakery handles a customer question through an AI agent:

// Client → Server (ask about a gluten-free cake)
{
  "jsonrpc": "2.0",
  "id": 11,
  "method": "tools/call",
  "params": {
    "name": "ask_question",
    "arguments": {
      "question": "Can I order a gluten-free birthday cake for Saturday?"
    }
  }
}

// Server → Client
{
  "jsonrpc": "2.0",
  "id": 11,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "Yes! Rosa's Bakery offers gluten-free Vanilla Bean cakes in 6-inch ($30) and 8-inch ($42) sizes. We need 48 hours notice for custom orders, so Saturday pickup is available if you order by Thursday."
      }
    ],
    "structuredContent": {
      "answer": "Gluten-free Vanilla Bean cakes available in 6-inch and 8-inch sizes.",
      "confidence": 1.0,
      "availability": {
        "glutenFree": "true",
        "sizes": ["6-inch", "8-inch"],
        "pricing": { "6-inch": 30, "8-inch": 42 },
        "leadTime": "48 hours",
        "saturdayPickup": "available if ordered by Thursday"
      },
      "suggestedActions": ["place_order", "view_menu"],
      "verification": {
        "algorithm": "Ed25519",
        "keyId": "rosas-2025-06",
        "signature": "base64-encoded-signature..."
      }
    }
  }
}

Tip

The same MCP tools pattern works whether you're a SaaS company with Salesforce integrations or a bakery taking cake orders. The protocol is the same — only the tools change.

Qualification & Sessions

The qualify tool enables progressive, conversational data collection. Vendors can gate pricing, quotes, and demo scheduling behind qualification — collecting buyer context through multiple rounds of interaction within a single MCP session.

Session States

State	Description	Available Capabilities
`unqualified`	Session created, no buyer data collected	`ask_question`, `qualify`
`qualifying`	Partial buyer data collected	`ask_question`, `qualify`
`qualified`	All required buyer data collected	All tools

The qualify Tool

// Client → Server: submit qualification data
{
  "jsonrpc": "2.0",
  "id": 6,
  "method": "tools/call",
  "params": {
    "name": "qualify",
    "arguments": {
      "company_name": "Globex Corporation",
      "company_size": "500-1000",
      "use_case": "API platform for internal tooling",
      "email": "buyer@globex.com"
    }
  }
}

// Server → Client: qualification incomplete, more data needed
{
  "jsonrpc": "2.0",
  "id": 6,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "Thanks! I have your company info. To provide accurate pricing, I also need your expected monthly API volume and deployment preference."
      }
    ],
    "structuredContent": {
      "status": "qualifying",
      "collected": ["company_name", "company_size", "use_case", "email"],
      "remaining": [
        {
          "field": "monthly_api_volume",
          "type": "select",
          "options": ["under-10k", "10k-100k", "100k-1m", "1m+"],
          "description": "Expected monthly API calls"
        },
        {
          "field": "deployment",
          "type": "select",
          "options": ["cloud", "on-premise", "hybrid"],
          "description": "Deployment preference"
        }
      ]
    }
  }
}

Gated Content

When an agent requests gated content before qualifying, the server includes a qualificationRequired flag:

// Server → Client: gated resource response
{
  "jsonrpc": "2.0",
  "id": 7,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "Pricing details require qualification. Please provide your information using the qualify tool."
      }
    ],
    "structuredContent": {
      "qualificationRequired": true,
      "reason": "Pricing details require company information",
      "requiredFields": ["company_name", "company_size", "email"]
    }
  }
}

Important

The vendor controls all qualification logic. AI agents cannot bypass access restrictions — they must complete the required qualification flow by calling the qualify tool with the requested data.

Response Verification

Verified responses use Ed25519 signatures over JCS-canonicalized structuredContent. This lets agents cryptographically confirm that data came directly from the vendor and hasn't been tampered with.

Signature Format

Every tool result that includes structuredContent can carry a verification object:

"verification": {
  "algorithm": "Ed25519",
  "keyId": "acme-2025-03",
  "signature": "base64url-encoded-Ed25519-signature",
  "timestamp": "2025-03-15T10:30:00Z"
}

Public Key Distribution

Vendors publish their public keys at /.well-known/jwks.json following RFC 7517 (JSON Web Key Set):

// GET https://acme.com/.well-known/jwks.json
{
  "keys": [
    {
      "kty": "OKP",
      "crv": "Ed25519",
      "kid": "acme-2025-03",
      "x": "base64url-encoded-public-key",
      "use": "sig"
    }
  ]
}

Verification Steps

Extract the structuredContent object from the tool result (excluding the verification field itself).
Canonicalize the object using JCS (RFC 8785 — JSON Canonicalization Scheme) to produce a deterministic byte string.
Fetch the vendor's public key from /.well-known/jwks.json, matching by keyId → kid.
Verify the Ed25519 signature over the canonicalized bytes using the matched public key.
Check that the timestamp is within an acceptable window (recommended: 5 minutes).

Tip

Agents should cache the JWKS response with standard HTTP cache headers. Key rotation is signaled by publishing a new key with a different kid while keeping the old key available during the transition period.

Access Model

The Agentic Web works like a website: anyone can visit and ask questions without logging in. Authentication is only required when a user needs access to their own account data or performs sensitive actions tied to an existing relationship.

Three tiers of access

Tier	How it works	Available tools	Website analogy
Anonymous	Agent connects, initializes, asks questions. No identity required.	`ask_question`	Browsing a website
Qualified	Agent submits buyer info via the `qualify` tool. Conversational, not OAuth.	`ask_question`, `schedule_demo`, `request_quote`, `start_trial`	Filling out a contact form
Authenticated	User logs in via OAuth 2.1 (per MCP spec). Only when accessing account-specific data.	Account tools: `view_my_tickets`, `manage_subscription`	Logging into your account

Anonymous access (default)

Most interactions require no authentication. An agent connects, calls initialize, and immediately starts using ask_question. The Mcp-Session-Id header provides continuity across requests but does not identify the user.

// No auth headers needed — just connect and ask
POST https://acme.com/mcp
Content-Type: application/json
Mcp-Session-Id: sess_a1b2c3d4e5f6

{
  "jsonrpc": "2.0",
  "id": 5,
  "method": "tools/call",
  "params": {
    "name": "ask_question",
    "arguments": {
      "question": "What are your pricing plans?"
    }
  }
}

Qualified access (via the qualify tool)

When the server needs buyer context before unlocking certain tools, it returns a qualificationRequired flag (see Section 4). The agent collects information conversationally and submits it via the qualify tool. This is not OAuth — it's a structured conversation within the same session.

After qualification, the session unlocks gated tools like schedule_demo and request_quote. No tokens, no login screens, no redirect flows. The vendor has the buyer's info because the buyer chose to share it.

Authenticated access (optional)

Some vendors may offer tools that require knowing who the user is — viewing their own support tickets, managing a subscription, or accessing account-specific data. For these cases, the server can require OAuth 2.1 authentication per the MCP spec.

When a tool requires authentication, the server responds with 401 and the standard MCP OAuth flow begins:

// Server responds 401 for account-specific tools
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer resource_metadata="https://acme.com/.well-known/oauth-protected-resource"

// After OAuth, requests include a Bearer token
POST https://acme.com/mcp
Authorization: Bearer eyJhbGciOiJFZDI1NTE5...
Mcp-Session-Id: sess_a1b2c3d4e5f6

{
  "jsonrpc": "2.0",
  "id": 8,
  "method": "tools/call",
  "params": {
    "name": "view_my_tickets",
    "arguments": {}
  }
}

Tip

Most businesses won't need the authenticated tier. A bakery taking cake orders, a SaaS company answering product questions, a consultant booking calls — all of these work with anonymous + qualified access only. Reserve OAuth for when users need to access their own data.

Rate limiting

Vendors should protect their endpoints from abuse. Common approaches:

IP-based rate limiting — standard web server configuration
Session-based limits — cap requests per Mcp-Session-Id
API keys — optional, issued to AI platforms for higher rate limits

When rate-limited, the server returns a standard JSON-RPC error with code -32000 and a Retry-After header.

Glossary

Agentic Web: The ecosystem of AI-native endpoints implemented as MCP servers, enabling direct communication between AI agents and any business.
MCP Server Profile: A set of conventions for implementing a specific type of MCP server. The Agentic Web profile defines how any business exposes tools for AI agent interactions.
JSON-RPC 2.0: The message format used by MCP. Every request and response is a JSON-RPC 2.0 object with jsonrpc, method (or result/error), and id fields.
Streamable HTTP: The MCP transport used by this profile. A single HTTPS endpoint accepts JSON-RPC 2.0 messages via POST. Responses can be returned as JSON or streamed via Server-Sent Events.
Tool: An MCP primitive representing an action the agent can take (ask a question, schedule a demo, open a ticket). Discovered via tools/list, invoked via tools/call.
Session: A stateful MCP interaction tracked via the Mcp-Session-Id header. Sessions maintain qualification state, conversation context, and action history.
Qualification: Progressive buyer data collection via the qualify tool. Transitions the session from unqualified → qualifying → qualified, unlocking gated actions.
structuredContent: A typed, machine-readable object in tool results alongside the human-readable content array. Used for verification signatures, qualification status, and programmatic data.
Verified Response: A tool result whose structuredContent carries an Ed25519 signature, allowing agents to cryptographically verify that data came directly from the vendor.