MPPDOCS
Contact Us →
OverviewWhy MPP?Getting StartedSecurity & TrustBuild with MPPIntegrate MPPComing from MCPFAQGlossary
Reference

Glossary

Plain-language definitions for key concepts and terms used throughout the MPP ecosystem.

AgentAn AI system that can invoke tools on behalf of a user to complete tasks. Examples include coding assistants, research agents, and enterprise automation bots.
AuthorThe individual or organisation that creates and maintains an MPP tool. Authors sign their packages, making their identity cryptographically verifiable.
CapabilityA declared permission in a tool package. Each capability specifies what the tool is allowed to access — a file path, a network destination, an environment variable. Users approve capabilities before the tool runs.
Confirmation StepA user-facing prompt that appears before a sensitive tool operation proceeds. The user must explicitly approve the action. This cannot be bypassed by the agent or the tool.
EcosystemThe collection of tools, publishers, hosts, and registries that participate in the MPP protocol.
FederationA capability that allows multiple registries to share and discover packages across their boundaries, expanding the available tool catalogue without centralisation.
HostAn application that embeds the MPP runtime and makes tools available to users and AI agents. Examples include IDEs, enterprise AI platforms, and agent frameworks.
ManifestA declaration file shipped inside every MPP package. It records the tool’s name, version, author, declared permissions, and operation classifications. It is signed and cannot be altered after publication.
MPPModel Package Protocol — a licensed protocol for packaging, verifying, distributing, and safely executing AI agent tools. Developed and maintained by Quantum 2x Ltd, a UK-based AI security, architecture and governance organisation.
PackageA distributable unit that contains one or more tools, signed by their author. Packages are self-contained: they carry their manifest, their executable, and their signature in a single file.
PermissionSee Capability.
Privacy FilterAn optional mechanism that automatically removes personally identifiable information from a tool’s output before it is returned to the AI model. Configured by the tool author in the manifest.
PublisherAn author who has registered with an MPP registry and holds a signing identity. Publishing associates a package with a named, verifiable identity.
RegistryA service that hosts MPP packages for discovery, installation, and version management. Registries can be public or private. Packages in a registry are verified before being served.
SandboxThe isolated execution environment in which an MPP tool runs. The sandbox enforces the tool’s declared permissions and prevents any access or action outside the approved scope.
Sensitive OperationA tool action that is destructive, irreversible, or involves significant access to user data or systems. Sensitive operations require explicit user confirmation before proceeding.
SignatureA cryptographic proof attached to every MPP package by its publisher. The signature guarantees the package’s origin and confirms it has not been altered since publication.
Storage (Scoped)A per-tool persistent data layer that allows tools to remember state across invocations. Scoped storage is isolated to the specific tool, size-limited, and cleared on uninstall.
ToolA single function that an AI agent can invoke. A tool performs a specific task — querying data, fetching web content, processing a file — and returns a structured result.
Trust StoreA list maintained by the host of publisher identities the user has approved. Packages from publishers in the trust store are loaded without a new approval prompt.
VerificationThe process the MPP runtime performs before any tool is allowed to run. It confirms the package’s signature, checks the manifest, and ensures the publisher is trusted.
VersionA specific, immutable release of a tool package. Each version is independently signed and can be individually installed, pinned, or deprecated.
Zero TrustA security principle applied throughout MPP: no tool is assumed safe until it has been cryptographically verified, regardless of where it came from or how recently it was used.