Production Ready · v0.4.1

Containerise the Future
of AI Agents.

Move from brittle MCP connections to secure, signed, and sandboxed MPP artifacts. Zero-trust by default.

Get Started with the SDKRead the Docs
WASM
Sandboxed
Ed25519
Signed
Zero-Trust
Default
mpp-verify — terminal
LIVE
MPP Runtime v0.4.1
SANDBOX ACTIVE
WebAssembly (WASM)·
Rust·
Ed25519 Signatures·
UK Research-Backed·
Zero-Trust Defaults·
WASI Runtime·
Enterprise Licensed·
Sandboxed Execution·
Intent Attestation·
Content-Addressed·

See MPP in Action

Watch how MPP secures AI agent tool execution with sandboxing, signing, and zero-trust enforcement.

The Case for MPP

Why the current model breaks, and how MPP fixes it.

MCP Today

The MCP Risk

  • Lateral movement between tool contexts
  • Silent data exfiltration via tool calls
  • No portable identity for tool authors
  • Unbounded memory and syscall access
  • Zero signature verification
  • Trust-on-first-use with no attestation

MCP connections offer no isolation boundaries, making every tool a potential lateral movement vector.

MPP Protocol

The MPP Shield

  • WASM sandbox — hardware-level memory isolation
  • Signed provenance with Ed25519 author identity
  • Portable .mpp artifacts, run anywhere
  • Strict syscall allowlisting via WASI
  • Cryptographic manifest integrity checks
  • Intent-bound attestation — permission by design

MPP artifacts are cryptographically sealed — verified identity, bounded permissions, zero implicit trust.

Core Capabilities

Security is not a feature. It's the architecture.

Core Runtime

WASM Isolation

Every MPP artifact executes inside a WebAssembly sandbox. Hardware-level memory safety, tools cannot read host memory, spawn processes, or make arbitrary network calls.

runtime: wasm32-wasi
memory: 64MB cap
syscalls: allowlist-only
Identity Layer

Signed Provenance

Every artifact is signed with Ed25519. Know exactly who authored the tool, from first publish to every update. The chain of custody is immutable.

signer: "0xA3F2...E91C"
algorithm: Ed25519
verified: true
Permission Model

Intent-Bound Attestation

Permissions only activate when the user's declared intent matches the tool's pre-approved scope. No ambient authority, every action is explicitly sanctioned.

permissions: [read-only]
intent: "query-only"
scope: user-matched
IP Provenance

UK Research

Built with Clean Room IP provenance with no proprietary code, no encumbered dependencies. MPP is an independent specification, free from legacy toolchain constraints.

origin: UK-independent
ip: clean-room
license: open-spec
Reference Implementations

Reference implementations. Production-grade security.

Quantum 2x is currently building a full registry of verified tools. These reference implementations demonstrate the protocol in action — each ships as a signed .mpp artifact you can inspect, verify, and run with confidence.

Reference Impl.

SQL-Guardian

v0.3.0

Query-only database agent with read-only WASM isolation. Executes SQL against your data store without write access, exfiltration paths, or schema mutation capabilities.

Runtime: wasm32-wasi
Permissions: read-only SELECT
Signing: Ed25519 certified
View Spec
Reference Impl.

Ghost-Browser

v0.2.1

Sandboxed headless browsing agent. Web scraping and navigation within a strict content-addressed boundary — no persistent cookies, no credential access, no DOM leak.

Runtime: wasm32-wasi
Permissions: fetch-only
Sandbox: strict-csp
View Spec
Reference Impl.

Privacy-Scanner

v0.1.4

PII and sensitive-data detection tool. Scans structured and unstructured content against a pattern manifest — zero data retention, in-process execution only.

Runtime: wasm32-wasi
Permissions: read-stream
Output: pattern-match only
View Spec
Roadmap

Production-ready today. The global standard for tomorrow.

Phase 12025

Core Spec

  • MPP manifest schema (v0.4 draft)
  • WASM runtime interface definition
  • Ed25519 signing specification
  • Reference CLI toolchain
Phase 22026

Reference Ecosystem

  • 3 signed reference implementations
  • Full tool registry — in active development
  • SDK for Go & TypeScript
  • Community review & RFC process
In progress — RFC open for community review
Phase 32026–27

Adoption & Tooling

  • IDE integration (VS Code extension)
  • CI/CD signing pipeline templates
  • Enterprise attestation authority
  • Cross-runtime compatibility layer
Phase 42027+

Global Standard

  • Submit to standards body
  • Multi-vendor runtime support
  • Interop certification program
  • IETF / W3C alignment
Contact Us

Get in Touch

Enterprise deployment of MPP is currently in a research and test phase, and we are actively working with selected organisations. Companies are welcome to apply to become part of the test deployment stage. Want to integrate, contribute, or partner? We'd love to hear from you.

Direct Contact

hello@quantum2x.com

We reply within 1–2 business days

What we can help with

  • Early access to the MPP runtime
  • Integrating MPP into your AI platform
  • Licensing the protocol for enterprise use
  • Partnership & commercialisation