NCP v0.1 Specification

NCP v0.1 defines a portable JSON trigger for passive AI runtimes. The protocol is deployment-agnostic and can run local-first, private cloud, hosted, or hybrid.

The live validator is exposed at https://ncplabs-web--ncplabs.us-central1.hosted.app/api/ncp/validate. Schema metadata is exposed at https://ncplabs-web--ncplabs.us-central1.hosted.app/api/ncp/schema.

Validation Rules

  • ncp_version, id, and timestamp are required.
  • type must be signal or trigger.
  • confidence and personal_relevance are between 0 and 1.
  • severity and sensitivity must use allowed values.

Privacy Rule

Sensitive payloads should use context references instead of copying raw data. Avoid storing actual secrets, full private emails, bank details, school messages, legal content, or API keys in NCP events or Firestore.

NCP Auth v0.1

  • Receivers must require TLS and authenticate events before parsing or routing.
  • NCP-native senders should use Authorization: Bearer ncp_live_....
  • Production senders should sign the raw request body with X-NCP-Signature and X-NCP-Timestamp.
  • Receivers should reject stale timestamps, invalid signatures, inactive tokens, and replayed event IDs.
  • Tokens must be scoped, revocable, rotatable, and stored only as hashes by receivers.
  • Connection records should expose a user-readable app, source, audience, environment, allowed event types, and last-used time.
{
  "ncp_version": "0.1",
  "type": "signal | trigger",
  "id": "string",
  "source": {
    "system": "string",
    "event_type": "string"
  },
  "timestamp": "ISO timestamp",
  "domain": "string",
  "subject": "string",
  "summary": "string",
  "severity": "critical | high | medium | low | info | opportunity",
  "confidence": "0..1",
  "sensitivity": "public | internal | private | financial | legal | security | secret | family | health",
  "personal_relevance": "0..1 optional",
  "context_refs": "references to external context",
  "action_contract": "allowed, requires approval, forbidden",
  "delivery_policy": "urgency and channels"
}
{
  "Authorization": "Bearer ncp_live_...",
  "X-NCP-Timestamp": "2026-05-31T18:00:00Z",
  "X-NCP-Signature": "sha256=base64url(hmac_sha256(token, timestamp + '.' + raw_body))",
  "X-NCP-Event-Id": "evt_01H..."
}