Verify, trust, connect. MCP Attest is a security extension for the Model Context Protocol that verifies server identity, integrity, and permissions before allowing a client to connect. Based on the paper Attested Tool-Server Admission (Alfredo Metere, May 2026).
- Identity Verification β Verify MCP server identity via TLS certificates, cryptographic signatures, or DIDs
- Integrity Attestation β Generate and verify SHA-256 manifests of exposed server tools
- Permission Auditing β Evaluate requested vs declared permissions (least privilege principle)
- Capability Fingerprinting β Create unique server capability fingerprints to detect changes
- Trust Score Calculation β Calculate trust scores (0β100) based on identity, integrity, and permissions
- Revocation Checking β Verify if a server has been revoked from a trust list
- Policy Generation β Generate MCPGuard-compatible access policies based on trust scores
| Capability | What it does | Why it matters |
|---|---|---|
| Multi-factor identity | TLS certs + crypto signatures + DIDs | Defense in depth β no single point of trust |
| Capability fingerprinting | SHA-256 hash of exposed tools | Detect tool drift, tampering, or supply-chain attacks |
| Trust scoring | Weighted 0β100 score from 4 dimensions | Quantified risk decisions, not gut feelings |
| MCPGuard integration | Auto-generates access policies | Drop-in security for existing MCP deployments |
ββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββ
β Client β β MCP Attest CLI β
β (MCP Host) β β β
β β β βββββββββββ ββββββββββββ βββββββββββββββ β
β ββββββββββ β β βIdentity β βIntegrity β βPermissions β β
β β Your β ββββββΌββΆβVerify ββββAttest ββββAudit β β
β β App β β β β(TLS/DID β β(Manifest β β(Least β β
β ββββββββββ β β β /Crypto)β β /Fp) β β Privilege) β β
β β β β ββββββ¬βββββ ββββββ¬ββββββ ββββββββ¬βββββββ β
β β β β β β β β
β βΌ β β βΌβββββββββββββΌββββββββββββββββΌ β
β ββββββββββ β β β β
β β MCP β β β βββββββββΌββββββββ β
β β Server β β β β Trust Scorer β β
β ββββββββββ β β β (0β100 score) β β
ββββββββββββββββ β βββββββββ¬ββββββββ β
β β β
β βββββββββΌββββββββ β
β β Policy β β
β β Generator ββββΆ MCPGuard β
β βββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββ
# Install from PyPI
pip install mcp-attest
# Or from source
git clone https://github.com/Carlos-Projects/mcp-attest
cd mcp-attest
pip install -e ".[dev]"
# Verify a server's identity, integrity, and trust
mcp-attest verify --server https://mcp.example.com --manifest manifest.json
# Generate a capability fingerprint
mcp-attest fingerprint --server https://mcp.example.com
# Calculate trust score
mcp-attest trust --server https://mcp.example.com
# Generate MCPGuard access policy
mcp-attest policy --server https://mcp.example.com --min-score 75from mcp_attest import Attester
attester = Attester()
report = await attester.full_attestation(
server_url="https://mcp.example.com",
)
print(f"Trust score: {report.trust.score}/100")
print(f"Identity: {'β
' if report.identity.verified else 'β'}")
print(f"Integrity: {report.integrity.status.value}")| Capability | MCP Attest | Raw MCP Client | mcp-scan |
|---|---|---|---|
| TLS identity verification | β Multi-method | Basic | β |
| Cryptographic signatures | β RSA-2048 SHA-256 | β | β |
| DID verification | β did:web + did:key | β | β |
| Capability fingerprinting | β SHA-256 manifest hash | β | β |
| Trust scoring | β Weighted (4 dimensions) | β | β |
| Permission auditing | β Least privilege scoring | β | β |
| Revocation checking | β Configurable lists | β | β |
| MCPGuard policy export | β Auto-generate YAML | β | β |
| SARIF reporting | β | β | β |
| Tool | Integration |
|---|---|
| MCPGuard | Runtime policy enforcement middleware |
| MCPscop | Dashboard visualization of attestation reports |
| mcpwn | Offensive security testing against attestation baseline |
| mcp-taxonomy | Canonical classification taxonomy for MCP security |
pip install -e ".[dev]"
ruff check .
mypy src/mcp_attest/
pytest- arXiv:2605.24248 β Attested Tool-Server Admission
- arXiv:2605.25376 β KYA: Trust Layer for Autonomous Systems
- MCP Specification
- NIST AI RMF 1.0
- MITRE ATLAS
See CONTRIBUTING.md for development guidelines.
Found a vulnerability? See SECURITY.md.
MIT β See LICENSE for details.