{ "openapi": "3.1.0", "info": { "title": "UVO — Ultimate Verification Oracle", "version": "2.0.0-phase7", "summary": "9-layer defense-in-depth verification for EU regulation claims, with cryptographically signed receipts", "description": "UVO checks claims about EU regulations (DORA, MiCA, GDPR, DSA + 3 delegated DORA RTS) against the actual regulation text we ingested from the EU Publications Office. Every call returns a JWS/ES256K-signed receipt that anyone can verify offline against our public JWKS. Self-hardens nightly via two cron loops.\n\n**Endpoint protocol:** JSON-RPC 2.0 over HTTPS, MCP-compatible.\n\n**Tools (6):** uvo_verify, uvo_status, uvo_pipeline_spec, uvo_get_receipt, uvo_audit_bundle, uvo_compliance_report.\n\n**Receipt verification:** standard JWS over canonical JSON, ES256K (secp256k1). Public key at /.well-known/jwks.json.", "termsOfService": "https://feedoracle.io/terms/", "contact": { "name": "Murat Keskin", "email": "murat@feedoracle.io", "url": "https://feedoracle.io/uvo/" }, "license": { "name": "Free preview tier — no API key required", "identifier": "Proprietary" } }, "servers": [ { "url": "https://feedoracle.io/uvo/mcp/", "description": "Production MCP endpoint" } ], "externalDocs": { "description": "Live demo, robustness telemetry, and one-pager story", "url": "https://feedoracle.io/uvo/" }, "tags": [ { "name": "verification", "description": "Run the verification pipeline" }, { "name": "introspection", "description": "Service status, architecture, capabilities" }, { "name": "audit", "description": "Receipt retrieval, bundling, and human-readable reports" } ], "paths": { "/": { "post": { "summary": "JSON-RPC 2.0 endpoint for all UVO tools", "description": "All UVO tools are invoked via the standard MCP `tools/call` JSON-RPC method. Tool list is also discoverable via `tools/list`.", "operationId": "mcp_call", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/JsonRpcRequest" }, "examples": { "verify_a_lie": { "summary": "Verify a GDPR-24h hallucination", "value": { "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "uvo_verify", "arguments": { "text": "GDPR Article 33 requires breach notification within 24 hours of detection." } } } }, "list_tools": { "summary": "Discover available tools", "value": { "jsonrpc": "2.0", "id": 2, "method": "tools/list" } }, "fetch_receipt": { "summary": "Get a previously-issued receipt", "value": { "jsonrpc": "2.0", "id": 3, "method": "tools/call", "params": { "name": "uvo_get_receipt", "arguments": { "call_id": "r_481640eead194bf8" } } } }, "audit_bundle": { "summary": "Wrap N call_ids into an audit bundle", "value": { "jsonrpc": "2.0", "id": 4, "method": "tools/call", "params": { "name": "uvo_audit_bundle", "arguments": { "call_ids": [ "r_481640eead194bf8", "r_3152fb4cd8f44acd" ], "label": "Q2 GDPR review" } } } } } } } }, "responses": { "200": { "description": "JSON-RPC response with tool result and (for tools/call) cryptographic receipt in _meta", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/JsonRpcResponse" } } } }, "204": { "description": "CORS preflight (OPTIONS)" }, "429": { "description": "Rate limit exceeded" } }, "x-mcp-tools": [ { "name": "uvo_verify", "description": "Run the full 9-layer UVO verification pipeline on input text. Returns final_decision (PASS/REWRITE/ABSTAIN/ESCALATE/BLOCK), per-atom verdicts with citation chain to publications.europa.eu, and a cryptographically signed receipt.", "input_schema": { "type": "object", "properties": { "text": { "type": "string", "description": "The text/claim to verify" }, "language": { "type": "string", "description": "Language hint (auto/de/en/fr/it/es/nl)", "default": "auto" } }, "additionalProperties": false, "required": [ "text" ] } }, { "name": "uvo_status", "description": "UVO service health and version. Free tool. Returns the 9 active defense layers, indexed regulations, self-hardening cron status, and links to spec/demo/dashboard/JWKS.", "input_schema": { "type": "object", "properties": {}, "additionalProperties": false } }, { "name": "uvo_pipeline_spec", "description": "Honest description of the 9 deployed defense layers, with per-layer cost/latency/purpose, ingested regulations table, decision-output semantics, and self-hardening schedule.", "input_schema": { "type": "object", "properties": {}, "additionalProperties": false } }, { "name": "uvo_get_receipt", "description": "Fetch a previously-issued receipt by call_id. Returns the signed receipt JSON + JWKS URL + offline-verification command. Use case: third-party auditor wants to inspect a specific call.", "input_schema": { "type": "object", "properties": { "call_id": { "type": "string", "description": "Receipt id, format 'r_'" } }, "additionalProperties": false, "required": [ "call_id" ] } }, { "name": "uvo_audit_bundle", "description": "Wrap N call_ids (max 100) into a single audit bundle with a deterministic bundle_hash. The bundle includes each receipt + verification status + step-by-step instructions an external auditor can follow to verify the bundle without trusting FeedOracle. Use case: monthly evidence package for BaFin / internal audit.", "input_schema": { "type": "object", "properties": { "call_ids": { "type": "array", "items": { "type": "string" }, "description": "List of UVO call_ids (1-100)" }, "label": { "type": "string", "description": "Optional human label for the bundle (e.g. 'Q1-2026 GDPR audit')" } }, "additionalProperties": false, "required": [ "call_ids" ] } }, { "name": "uvo_compliance_report", "description": "Render a single call_id as a human-readable compliance report suitable for inclusion in audit packages, BaFin/ESMA correspondence, or customer incident write-ups. Includes signature block, auditor notes, and a verification command snippet.", "input_schema": { "type": "object", "properties": { "call_id": { "type": "string", "description": "Receipt id, format 'r_'" } }, "additionalProperties": false, "required": [ "call_id" ] } } ] }, "options": { "summary": "CORS preflight", "responses": { "204": { "description": "CORS preflight successful" } } } } }, "components": { "schemas": { "JsonRpcRequest": { "type": "object", "required": [ "jsonrpc", "id", "method" ], "properties": { "jsonrpc": { "type": "string", "const": "2.0" }, "id": { "oneOf": [ { "type": "integer" }, { "type": "string" } ] }, "method": { "type": "string", "enum": [ "tools/list", "tools/call", "initialize" ] }, "params": { "type": "object" } } }, "JsonRpcResponse": { "type": "object", "required": [ "jsonrpc", "id" ], "properties": { "jsonrpc": { "type": "string", "const": "2.0" }, "id": { "oneOf": [ { "type": "integer" }, { "type": "string" } ] }, "result": { "type": "object", "properties": { "content": { "type": "array", "items": { "type": "object" } }, "_meta": { "type": "object", "properties": { "grounding_receipt": { "$ref": "#/components/schemas/GroundingReceipt" } } } } }, "error": { "type": "object" } } }, "GroundingReceipt": { "type": "object", "description": "ES256K-signed receipt over the canonical JSON of the call. Verify offline against /.well-known/jwks.json.", "required": [ "call_id", "tool", "observed_at", "input_hash", "output_hash", "signature" ], "properties": { "call_id": { "type": "string", "pattern": "^r_[0-9a-f]+$" }, "tool": { "type": "string" }, "server_url": { "type": "string", "format": "uri" }, "server_did": { "type": "string" }, "observed_at": { "type": "string", "format": "date-time" }, "observed_ip": { "type": "string" }, "observed_ua": { "type": "string" }, "observed_auth_method": { "type": "string" }, "input_hash": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" }, "output_hash": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" }, "verdict": { "type": "string", "enum": [ "executed", "rejected" ] }, "anchor": { "type": "object", "properties": { "ledger_id": { "type": "string" }, "entry_id": { "type": "string" }, "prev_hash": { "type": "string" } } }, "signature": { "type": "object", "required": [ "alg", "kid", "jwks_url", "sig", "signed_at" ], "properties": { "alg": { "type": "string", "const": "ES256K" }, "kid": { "type": "string" }, "jwks_url": { "type": "string", "format": "uri" }, "sig": { "type": "string", "description": "Base64URL-encoded ECDSA signature over canonical JSON minus this 'sig' field" }, "signed_at": { "type": "string", "format": "date-time" } } } } } } } }