mcp-compliance-validator
v0.1.2
Published
Security validation system for MCP server implementations with enterprise-grade authentication and authorization checks
Maintainers
dankeydev_daveReadme
MCP Compliance Validator
A comprehensive security validation system for Model Context Protocol (MCP) server implementations. Provides enterprise-grade authentication, authorization, and protocol security checks to ensure your MCP servers meet the highest security standards.
Quick Start
# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
pip install mcp
pip install -e .
# Run as MCP server
python -m src.mcp_compliance_validator.simple_server
# Or validate a repository directly
python -c "
import asyncio
from src.mcp_compliance_validator.tools.validate_compliance import validate_compliance
async def validate():
result = await validate_compliance('/path/to/your/mcp-server')
print(f'Security Score: {result[\"analysis_summary\"][\"security_score\"]:.2f}')
asyncio.run(validate())
"Security Features
Advanced Authentication & Authorization
- OAuth 2.1 Compliance: PKCE, state parameters, redirect URI validation, client authentication
- JWT Security: Algorithm validation, expiration checks, issuer/audience verification, replay protection
- API Key Security: Length validation, rotation policies, rate limiting, immediate revocation
- Transport Security: HTTPS enforcement, protocol version validation, origin validation
Deep Code Analysis
- AST-based Security Analysis: Static analysis for security vulnerabilities and anti-patterns
- 100+ Security Rules: Comprehensive coverage of authentication, authorization, and protocol security
- Pattern Detection: Identifies insecure implementations and compliance violations
- Real-time Validation: On-demand security assessments with detailed remediation guidance
Enterprise Integration
- MCP Protocol Compliant: Full JSON-RPC 2.0 implementation with comprehensive validation tools
- CI/CD Integration: Automated security validation in development pipelines
- Comprehensive Reporting: Detailed findings with severity classification and remediation steps
- High Performance: 590K+ chars/sec processing, 58K+ validations/sec
MCP Documentation Monitoring
- Real-time Documentation Tracking: Monitors official MCP repositories for specification changes
- Compliance Impact Analysis: Assesses how documentation changes affect compliance validation
- Cross-Reference Analysis: Correlates documentation changes with existing tool implementations
- Automated Recommendations: Provides actionable insights for maintaining compliance
Table of Contents
- Installation
- Usage
- Security Rules
- Configuration
- Documentation Monitoring
- Documentation
- Performance
- Examples
- Development
- Contributing
- License
Installation
Quick Start (npm)
The easiest way to use the MCP Compliance Validator:
# Run directly with npx (no installation required)
npx mcp-compliance-validator
# Or install globally
npm install -g mcp-compliance-validatorDevelopment Installation
For development or custom setups:
Prerequisites
- Python 3.11 or higher
- Git (for repository analysis)
- GitHub Token (for MCP documentation monitoring - optional but recommended)
Install Dependencies
Note: Due to Python environment restrictions, a virtual environment is required.
# Create virtual environment
python3 -m venv venv
# Activate virtual environment
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Install MCP library
pip install mcp
# Install package in development mode
pip install -e .
# Development installation (includes testing and linting tools)
pip install -r requirements-dev.txt
# Set up development environment (if available)
make setupVerify Installation
# Run tests
make test
# Check code quality
make lint
# Test MCP server
./venv/bin/python -m src.mcp_compliance_validator.simple_serverBuild/Test Commands
# Run all tests
python3 -m pytest
# Run specific test
python3 -m pytest tests/contract/test_analyze_tools_contract.py::TestAnalyzeMCPToolsContract::test_tool_exists
# Run MCP server directly
python3 src/mcp_compliance_validator/simple_server.pyMCP Server Configuration
Installation
First, install the package and its dependencies in development mode:
cd /path/to/mcp-compliance-validator
pip install -r requirements.txt
pip install -e .Claude Desktop Configuration
Option 1: npm Package (Recommended)
{
"mcpServers": {
"mcp-compliance-validator": {
"command": "npx",
"args": ["-y", "mcp-compliance-validator"],
"description": "Security validation system for MCP server implementations with enterprise-grade authentication and authorization checks",
"alwaysAllow": [
"validate_compliance",
"analyze_mcp_tools",
"get_mcp_spec_version"
]
}
}
}Option 2: Local Development Installation
Note: Replace /path/to/mcp-compliance-validator with the actual path to your installation.
{
"mcpServers": {
"mcp-compliance-validator": {
"command": "/path/to/mcp-compliance-validator/venv/bin/python",
"args": [
"-m",
"src.mcp_compliance_validator.simple_server"
],
"cwd": "/path/to/mcp-compliance-validator",
"description": "Security validation system for MCP server implementations with enterprise-grade authentication and authorization checks",
"alwaysAllow": [
"validate_compliance",
"analyze_mcp_tools",
"get_mcp_spec_version"
]
}
}
}Claude Code Configuration
Option 1: npm Package (Recommended)
claude mcp add-json "mcp-compliance-validator" '{
"command": "npx",
"args": ["-y", "mcp-compliance-validator"]
}'Option 2: Import from Claude Desktop
claude mcp add-from-claude-desktopOption 3: Manual Configuration
Add to your project's .claude.json file:
{
"mcpServers": {
"mcp-compliance-validator": {
"command": "npx",
"args": ["-y", "mcp-compliance-validator"]
}
}
}Configuration Files Location
- Claude Desktop (macOS):
~/Library/Application Support/Claude/claude_desktop_config.json - Claude Desktop (Windows):
%APPDATA%\Claude\claude_desktop_config.json - Claude Desktop (Linux):
~/.config/Claude/claude_desktop_config.json - Claude Code:
~/.claude.json(global) or.claude.json(project-specific)
Verifying Server Connection
After adding the configuration, restart Claude Desktop and verify the server is connected:
- The server should appear in Claude's MCP servers list
- You can test it by asking Claude to validate an MCP server repository
- Check the logs for any connection errors
Alternative Configuration (Development)
For development or local testing, you can run the server directly:
{
"mcpServers": {
"mcp-compliance-validator": {
"command": "python",
"args": [
"/full/path/to/mcp-compliance-validator/src/mcp_compliance_validator/simple_server.py"
]
}
}
}Usage
MCP Server Mode
Run as an MCP server for integration with MCP clients:
python -m mcp_compliance_validator.simple_serverThe server exposes six powerful validation tools:
1. validate_compliance - Comprehensive Security Analysis
{
"name": "validate_compliance",
"arguments": {
"repository_path": "/path/to/your/mcp-server",
"validation_categories": ["SECURITY", "TOOLS", "PROTOCOL"],
"include_patterns": ["**/*.py"],
"exclude_patterns": ["**/test_*", "**/__pycache__/**"]
}
}Sample Response:
{
"success": true,
"analysis_summary": {
"files_analyzed": 150,
"total_findings": 23,
"security_score": 0.85,
"compliance_status": "COMPLIANT_WITH_WARNINGS"
},
"findings": [
{
"rule_id": "OAUTH-001",
"severity": "high",
"message": "PKCE not required for OAuth flows",
"recommendation": "Require PKCE for all OAuth authorization flows",
"file_path": "/path/to/oauth.py",
"line_number": 42
}
]
}2. analyze_mcp_tools - MCP Tool Implementation Analysis
{
"name": "analyze_mcp_tools",
"arguments": {
"repository_path": "/path/to/your/mcp-server",
"tool_patterns": ["@mcp.tool", "@tool", "def.*tool.*\\("]
}
}3. get_mcp_spec_version - Latest MCP Specification Info
{
"name": "get_mcp_spec_version",
"arguments": {}
}4. monitor_mcp_docs - MCP Documentation Change Monitoring
Monitor official MCP documentation repositories for recent changes and analyze their compliance impact:
{
"name": "monitor_mcp_docs",
"arguments": {
"days_back": 30,
"severity_filter": "medium",
"github_token": "ghp_xxxxxxxxxxxxxxxxxxxx"
}
}Sample Response:
{
"success": true,
"monitoring_summary": {
"monitoring_period": {
"days_back": 30,
"start_date": "2025-08-27T13:04:14.986886+00:00",
"end_date": "2025-09-26T13:04:21.509954+00:00"
},
"repositories_checked": [
"modelcontextprotocol/specification",
"modelcontextprotocol/python-sdk",
"modelcontextprotocol/typescript-sdk"
],
"raw_commits_found": 21,
"changes_detected": 44,
"changes_after_filtering": 39
},
"compliance_report": {
"priority_summary": {
"critical": 0,
"high": 15,
"medium": 24,
"low": 0
},
"changes_requiring_validation_updates": 28
}
}5. analyze_mcp_tools_comprehensive - Comprehensive Analysis
Perform comprehensive MCP tools analysis including documentation monitoring:
{
"name": "analyze_mcp_tools_comprehensive",
"arguments": {
"repository_path": ".",
"include_docs_analysis": true,
"docs_monitoring_days": 7,
"github_token": "ghp_xxxxxxxxxxxxxxxxxxxx"
}
}6. monitor_tools_compliance_drift - Compliance Drift Monitoring
Monitor compliance drift by comparing current tools status with recent documentation changes:
{
"name": "monitor_tools_compliance_drift",
"arguments": {
"repository_path": ".",
"baseline_days": 30,
"comparison_days": 7,
"github_token": "ghp_xxxxxxxxxxxxxxxxxxxx"
}
}Note: The documentation monitoring tools require a GitHub personal access token to avoid API rate limits and access recent commit history.
Direct API Usage
Use the security validators directly in your Python applications:
from mcp_compliance_validator.validators.auth_security import AuthSecurityValidator
# Initialize validator
validator = AuthSecurityValidator()
# Validate OAuth 2.1 configuration
oauth_config = {
"oauth": {
"pkce_required": True,
"state_required": True,
"redirect_uri_validation": {"enabled": True},
"authorization_code": {"expiration_seconds": 600},
"client_authentication": {"required": True}
}
}
result = validator.validate_oauth_implementation(oauth_config)
print(f"OAuth Security: {'SECURE' if result.is_secure else 'INSECURE'}")
# Validate JWT configuration
jwt_config = {
"algorithm": "RS256",
"expiration_hours": 1,
"issuer_validation": {"enabled": True},
"audience_validation": {"enabled": True}
}
jwt_result = validator.validate_jwt_security(jwt_config)
print(f"JWT Security: {'SECURE' if jwt_result.is_secure else 'INSECURE'}")CI/CD Integration
Integrate security validation into your development pipeline:
# .github/workflows/security-validation.yml
name: Security Validation
on: [push, pull_request]
jobs:
security-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.11'
- name: Install MCP Validator
run: |
git clone https://github.com/your-org/mcp-compliance-validator.git
cd mcp-compliance-validator
pip install -r requirements.txt
- name: Run Security Validation
run: |
cd mcp-compliance-validator
python -c "
import asyncio, sys
from mcp_compliance_validator.tools.validate_compliance import validate_compliance
async def validate():
result = await validate_compliance('$GITHUB_WORKSPACE',
validation_categories=['SECURITY'])
score = result['analysis_summary']['security_score']
print(f'Security Score: {score:.2f}')
# Fail if critical issues found
critical_findings = [f for f in result['findings']
if f['severity'] == 'critical']
if critical_findings:
print(f'ERROR: {len(critical_findings)} critical security issues found')
sys.exit(1)
else:
print('No critical security issues')
asyncio.run(validate())
"Security Rules
OAuth 2.1 Security Rules
| Rule ID | Severity | Description | Fix |
|---------|----------|-------------|-----|
| OAUTH-001 | HIGH | PKCE not required | Enable pkce_required: true |
| OAUTH-003 | HIGH | State parameter not required | Enable state_required: true |
| OAUTH-004 | CRITICAL | Redirect URI validation disabled | Enable redirect_uri_validation.enabled: true |
| OAUTH-005 | HIGH | No authorization code expiration | Set authorization_code.expiration_seconds |
| OAUTH-006 | HIGH | Client authentication not required | Enable client_authentication.required: true |
JWT Security Rules
| Rule ID | Severity | Description | Fix |
|---------|----------|-------------|-----|
| JWT-001 | CRITICAL | Insecure algorithm (none, HS256) | Use RS256 or ES256 |
| JWT-002 | HIGH | No token expiration | Set expiration_hours |
| JWT-004 | HIGH | No issuer validation | Enable issuer_validation.enabled: true |
| JWT-005 | HIGH | No audience validation | Enable audience_validation.enabled: true |
API Key Security Rules
| Rule ID | Severity | Description | Fix |
|---------|----------|-------------|-----|
| API-001 | HIGH | Key too short (< 32 chars) | Use key_length >= 32 |
| API-002 | MEDIUM | No rotation policy | Enable rotation_enabled: true |
| API-006 | HIGH | No revocation capability | Enable revocation.enabled: true |
Configuration
Environment Variables
# GitHub integration (required for MCP documentation monitoring)
export GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
# Security settings
export MCP_SECURITY_MIN_ENTROPY=8.0
export MCP_SECURITY_FALSE_POSITIVE_RATE=0.01
# Performance settings
export MCP_ANALYSIS_MAX_WORKERS=4
export MCP_ANALYSIS_TIMEOUT_SECONDS=300
# Logging
export MCP_LOG_LEVEL=INFO
export MCP_LOG_FORMAT=jsonConfiguration File
Create config.yaml for advanced settings:
github:
token: "ghp_xxxxxxxxxxxxxxxxxxxx" # GitHub personal access token
security:
min_secret_entropy: 8.0
false_positive_rate: 0.01
allowed_path_prefixes:
- "/safe/path"
analysis:
max_workers: 4
timeout_seconds: 300
chunk_size: 100
logging:
level: INFO
format: json
file_path: "/var/log/mcp-validator.log"Documentation Monitoring
MCP Documentation Monitoring Feature
This system provides automated tracking of changes in official MCP repositories and analyzes how these changes might affect MCP compliance validation.
Features
Repository Monitoring
- Monitors official MCP repositories:
specification,python-sdk,typescript-sdk - Tracks changes in documentation, specifications, and code examples
- Configurable monitoring periods and severity filters
- Monitors official MCP repositories:
Change Detection
- Categorizes changes by type: specification, protocol, schema, security, tools, resources
- Assesses severity levels: critical, high, medium, low
- Extracts relevant keywords and metadata
Compliance Impact Analysis
- Analyzes how documentation changes affect compliance validation
- Identifies validation rules that may need updates
- Suggests new compliance rules based on changes
- Provides actionable recommendations
Usage Examples
Basic Documentation Monitoring
from mcp_compliance_validator.tools.monitor_mcp_docs import monitor_mcp_docs
# Monitor last 7 days with medium+ severity
result = await monitor_mcp_docs(
days_back=7,
severity_filter="medium"
)
if result["success"]:
print(f"Found {len(result['detailed_changes'])} relevant changes")
for change in result['detailed_changes']:
print(f"- {change['title']} ({change['severity']})")Comprehensive Analysis with Cross-Reference
from mcp_compliance_validator.tools.analyze_mcp_tools import analyze_mcp_tools_comprehensive
# Analyze tools with documentation monitoring
result = await analyze_mcp_tools_comprehensive(
repository_path="/path/to/your/mcp/project",
include_docs_analysis=True,
docs_monitoring_days=14
)
if result["success"]:
# View tool analysis
tools = result["tools_analysis"]
print(f"Tools found: {tools['tools_found']}")
print(f"Compliant: {tools['tools_compliant']}")
# View cross-reference insights
insights = result.get("cross_reference_insights", {})
for recommendation in insights.get("recommendations", []):
print(f"Recommendation: {recommendation}")GitHub Token Configuration
For enhanced functionality and higher rate limits, configure a GitHub personal access token:
- Go to GitHub Settings > Developer settings > Personal access tokens
- Create a new token with
public_reposcope - Set the environment variable:
export GITHUB_TOKEN=your_token_here
Without a token, the system uses unauthenticated requests with lower rate limits (60 requests/hour vs 5000 requests/hour).
Documentation
Avoiding False Positives
The validator analyzes source code for MCP specification compliance. To avoid analyzing external dependencies and get accurate results:
Recommended Exclude Patterns
# Using the MCP tool directly
mcp_validate_compliance \
--repository_path /path/to/your/repo \
--exclude_patterns "test_env/**/*" "**/__pycache__/**" "**/site-packages/**" \
--exclude_test_files trueDefault Exclusions
The validator automatically excludes:
**/node_modules/**- Node.js dependencies**/.git/**- Git repository files**/venv/**,**/.venv/**,**/test_env/**- Python virtual environments**/__pycache__/**- Python cache files**/site-packages/**- Installed Python packages**/htmlcov/**- Coverage reports**/.pytest_cache/**- Pytest cache**/*.pyc,**/*.pyo,**/*.pyd- Compiled Python files
Configuration File
Create a .mcp-compliance-ignore file in your repository root:
# External dependencies
test_env/**/*
**/site-packages/**
lib/python*/site-packages/**
# Cache and build files
**/__pycache__/**
*.pyc
*.pyo
*.pyd
# Virtual environments
venv/*
.venv/*
env/*
# IDE files
.vscode/*
.idea/*Best Practices
1. Focus on Your Source Code
Only analyze the code you write, not external dependencies:
- Include:
src/**/*.py,lib/**/*.py, your main code directories - Exclude: Virtual environments, installed packages, cache files
2. Use Appropriate Severity Thresholds
# For development - see all issues
--severity_threshold INFO
# For CI/CD - only critical issues
--severity_threshold ERROR3. Categories of Validation
Choose relevant validation categories:
PROTOCOL- MCP protocol complianceSCHEMA- JSON schema validationSECURITY- Security pattern analysisTOOLS- MCP tool implementationRESOURCES- MCP resource handlingPACKAGING- MCPB bundle packaging recommendations (optional)
Example:
--validation_categories "PROTOCOL,SCHEMA,TOOLS"
# Include packaging recommendations
--validation_categories "PROTOCOL,SCHEMA,TOOLS,PACKAGING"MCPB (MCP Bundle) Support
The validator provides optional recommendations for MCPB packaging to improve distribution and installation experience. MCPB validation:
- Never fails validation for missing MCPB support
- Suggests MCPB packaging for local MCP servers
- Validates manifest.json structure if present
- Provides guidance on distribution best practices
What is MCPB?
MCPB (MCP Bundle) is a standardized packaging format for local MCP servers:
- Similar to browser extensions (.crx) or VS Code extensions (.vsix)
- Enables one-click installation in desktop applications like Claude
- Contains: MCP server files +
manifest.jsonmetadata - Optional but recommended for better user experience
MCPB Validation Rules
| Rule ID | Severity | Description |
|---------|----------|-------------|
| PACKAGING-001 | INFO | Consider MCPB packaging for easier distribution |
| PACKAGING-002 | WARNING | Invalid manifest.json structure detected |
| PACKAGING-003 | INFO | Valid MCPB manifest.json detected |
| PACKAGING-004 | INFO | MCP server appears to be for remote deployment |
When to Use MCPB
Recommended for:
- Local MCP servers for desktop integration
- Tools meant for end-user installation
- Servers requiring easy configuration
Not needed for:
- Remote/cloud MCP servers
- API services
- CI/CD or development tools
Performance
Benchmarks
- Response Time: < 2 seconds for typical repositories
- Throughput: 596,592 characters/second processing capability
- Auth Validation Rate: 58,917 validations/second
- MCP Server Performance: 2.38M requests/second
- Memory Usage: < 200MB for large codebases
Optimization Features
- Parallel Processing: Multi-threaded analysis for large codebases
- Memory Efficient: Bounded memory usage with streaming analysis
- Caching: Intelligent caching of validation results
- Incremental Analysis: Only analyze changed files when possible
Examples
Complete Security Assessment
import asyncio
from mcp_compliance_validator.tools.validate_compliance import validate_compliance
async def comprehensive_security_check():
"""Run a complete security assessment."""
result = await validate_compliance(
repository_path="/path/to/your/mcp-server",
validation_categories=["SECURITY", "TOOLS", "PROTOCOL"],
include_patterns=["**/*.py"],
exclude_patterns=["**/tests/**", "**/__pycache__/**"]
)
# Print summary
summary = result["analysis_summary"]
print(f"Security Assessment Results:")
print(f" Files Analyzed: {summary['files_analyzed']}")
print(f" Security Score: {summary['security_score']:.2f}/1.00")
print(f" Status: {summary['compliance_status']}")
# Print findings by severity
findings_by_severity = {}
for finding in result["findings"]:
severity = finding["severity"]
findings_by_severity.setdefault(severity, []).append(finding)
for severity in ["critical", "high", "medium", "low"]:
if severity in findings_by_severity:
count = len(findings_by_severity[severity])
print(f" {severity.upper()}: {count} findings")
# Print critical findings
critical_findings = findings_by_severity.get("critical", [])
if critical_findings:
print("\\nCritical Security Issues:")
for finding in critical_findings:
print(f" {finding['rule_id']}: {finding['message']}")
print(f" Location: {finding['file_path']}:{finding['line_number']}")
print(f" Recommendation: {finding['recommendation']}")
print()
return result
# Run the assessment
asyncio.run(comprehensive_security_check())Multi-Configuration Validation
from mcp_compliance_validator.validators.auth_security import AuthSecurityValidator
def validate_multiple_configs():
"""Validate multiple authentication configurations."""
validator = AuthSecurityValidator()
configs = {
"Production OAuth": {
"oauth": {
"pkce_required": True,
"state_required": True,
"redirect_uri_validation": {"enabled": True},
"client_authentication": {"required": True}
}
},
"Development JWT": {
"algorithm": "HS256", # Intentionally weak for demo
"expiration_hours": 24,
"issuer_validation": {"enabled": False}
},
"Secure API Keys": {
"key_length": 64,
"rotation_enabled": True,
"revocation": {"enabled": True}
}
}
print("Authentication Configuration Validation\\n")
for name, config in configs.items():
print(f"Testing: {name}")
# Choose appropriate validator
if "oauth" in config:
result = validator.validate_oauth_implementation(config)
elif "algorithm" in config:
result = validator.validate_jwt_security(config)
else:
result = validator.validate_api_key_security(config)
# Display results
status = "SECURE" if result.is_secure else "INSECURE"
print(f" Status: {status}")
if result.findings:
print(f" Findings: {len(result.findings)}")
for finding in result.findings[:3]: # Show first 3
print(f" [{finding.severity}] {finding.message}")
if len(result.findings) > 3:
print(f" ... and {len(result.findings) - 3} more")
print()
validate_multiple_configs()Development
Setting Up Development Environment
# Clone repository
git clone <repository-url>
cd mcp-compliance-validator
# Install development dependencies
pip install -r requirements-dev.txt
# Set up pre-commit hooks
make setup
# Run tests
make test
# Run type checking
make type-check
# Format code
make formatRunning Tests
# Run all tests
pytest
# Run with coverage
pytest --cov=mcp_compliance_validator
# Run specific test categories
pytest tests/contract/ # Contract tests
pytest tests/unit/ # Unit tests
# Run performance tests
pytest -m "not slow" # Skip slow testsCode Style Guidelines
- Python 3.x: Type hints required via
typingmodule, async/await patterns for tools - Imports: Standard library first, then external deps, then local modules (from .. import)
- Naming: snake_case for functions/variables, PascalCase for classes/enums, UPPER_SNAKE for constants
- Models: Use Pydantic BaseModel with Field descriptors for validation models
- Enums: Use str-based Enums (class MyEnum(str, Enum)) for string constants
- Error Handling: Return structured error responses in JSON-RPC format with proper error codes
- Async: All tool functions must be async (async def) for MCP compatibility
- Dataclasses: Use @dataclass for simple data containers, Pydantic for validation
- Path Handling: Use pathlib.Path for file operations, not os.path
- Testing: pytest with fixtures, mark contract tests with @pytest.mark.contract
- MCP Protocol: Follow JSON-RPC 2.0 spec, handle initialize/tools/list/tools/call methods
This project follows:
- Black for code formatting
- isort for import sorting
- flake8 for linting
- mypy for type checking
Run make format to apply all formatting rules.
Contributing
We welcome contributions! Please see our Contributing Guide for details.
Quick Contribution Steps
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'feat: add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Development Workflow
- All code must pass tests and linting
- Add tests for new functionality
- Update documentation for API changes
- Follow semantic commit conventions
Project Status
- Phase 1: Setup (Completed)
- Phase 2: Tests (Completed)
- Phase 3: Implementation (Completed)
- Phase 4: Integration (Completed)
- Phase 5: Documentation (Completed)
Recent Updates
- Complete OAuth 2.1 security validation
- Advanced JWT security checks
- API key security validation
- Full MCP protocol integration
- Performance optimization (590K+ chars/sec)
- Comprehensive documentation
- MCP documentation monitoring system
- Compliance drift detection
Roadmap
- Additional Protocol Support: WebSocket, HTTP/2
- Advanced Threat Detection: ML-based vulnerability detection
- Integration Extensions: GitHub Actions, GitLab CI, Jenkins
- Dashboard Interface: Web-based validation dashboard
- Custom Rule Engine: User-defined security rules
- Real-time Notifications: Webhook integration for documentation changes
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- Model Context Protocol team for the excellent protocol specification
- Python Security community for security best practices
- Open Source contributors who make projects like this possible
Support
- Documentation: docs/
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Built with care for the MCP community
Quick Start • Documentation • Security Features • Performance