Context License

Context License is the buyer-side discovery metadata format. A single JSON file a publisher serves from /.well-known/context-license.json declares price, license, payout, permitted use, and a signing key for response attestation. Agents read it before they make a request — to know what they're getting into.

It sits above the protocol layer (MCP / REST / OpenAPI) and below the marketplace layer.

Spec: context-license.org/v0.1 — CC0 1.0
Reference parser: @crawlertoll/parser — Apache 2.0
Buyer SDK: @crawlertoll/client — Apache 2.0
Publisher CLI: @crawlertoll/publisher — Apache 2.0

Sixty-second adoption

npx @crawlertoll/publisher init

Six prompts → schema-valid context-license.json + Ed25519 keypair + a 5-line next-steps README. Deploy the file at https://your-domain/.well-known/context-license.json.

Schema

{
  "$schema": "https://schemas.crawlertoll.com/context-license/v1.json",
  "version": "1.0.0",
  "publisher": {
    "name": "Example Publisher",
    "slug": "example",
    "domain": "example.com",
    "contact": "ai@example.com"
  },
  "endpoints": [
    {
      "name": "search",
      "url": "https://example.com/mcp/search",
      "transport": "streamable-http",
      "description": "Search across our content corpus.",
      "schema_org_types": ["NewsArticle"]
    }
  ],
  "pricing": {
    "model": "per_query",
    "currency": "USD",
    "unit_price_micros": 5000
  },
  "auth": {
    "schemes": ["anonymous", "api_key", "x402"]
  },
  "terms_of_use": "https://example.com/ai-terms",
  "quality_signals": {
    "uptime_sla_pct": 99.0,
    "freshness_target_seconds": 86400,
    "last_updated": "2026-05-19T00:00:00Z"
  },
  "attestation": {
    "public_key_pem": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----",
    "kid": "ct_sign_example_2026-05",
    "algorithm": "ed25519"
  }
}

Validate

npx @crawlertoll/publisher validate https://your-site.example/.well-known/context-license.json

Exit code 0 = valid; 1 = invalid (errors on stderr); 2 = couldn't fetch.

Programmatic API

import { parse, fetchAndParse } from "@crawlertoll/parser";
 
const result = parse(jsonText);
if (result.ok) {
  console.log(result.value.publisher.name);
}
 
// Or, fetch a live publisher in one call:
const live = await fetchAndParse(
  "https://matriculix.com/.well-known/context-license.json",
);

Attestation envelopes

Publishers can sign per-response envelopes proving the response came from them. The buyer SDK verifies via:

import { verify } from "@crawlertoll/client";
 
const verdict = await verify(attestation, publisher_public_key_pem);
if (verdict.valid) {
  // response is cryptographically proven to come from publisher
}

Signing scheme: Ed25519 over the JCS-canonical envelope minus its signature field, domain-separated by "ct_att_v1:". Same canonicalisation across both sides.

Spec governance

The Context License spec is CC0. The reference implementations are Apache 2.0. The maintainer (Charthouse Ltd) plans to donate the spec to a vendor-neutral standards body on the OpenAPI/SmartBear timeline (~month 9-12 post-publication). Until then, it sits openly governable by anyone.