➡️ attestable-mcp-server
@co-browser
➡️ attestable-mcp-server について
Verify that any MCP server is running the intended and untampered code via hardware attestation.
基本情報
設定
ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is attestable-mcp-server?
attestable-mcp-server is an MCP (Model Context Protocol) server that can be remotely attested by MCP clients. It uses a trusted execution environment (Intel SGX) and RA-TLS to generate a certificate that proves the server is running the exact code built on GitHub Actions. This enables independent verification of the server’s integrity without trusting the hosting provider.
How to use attestable-mcp-server?
Install dependencies: Intel SGX hardware and SDK, Gramine, Python 3.13, and Ubuntu 22.04. Build the Docker image with docker build -t attestable-mcp-server . and run Gramine commands to produce a signed artifact. Start the server on secure hardware with docker run including SGX device mounts, or on a local machine without SGX. MCP clients connect using standard MCP protocol; the RA-TLS handshake provides attestation automatically.
Key features of attestable-mcp-server
- MCP clients can remotely attest the code running on any MCP server.
- MCP servers can optionally remotely attest MCP clients.
- Uses RA-TLS, an extension to TLS that embeds an SGX quote.
- Embeds SGX quote in X.509 certificate with TCG DICE “tagged evidence” OID.
- Enables independent verification via GitHub Actions or local rebuild.
- Docker image signed by GitHub and built in a TEE.
Use cases of attestable-mcp-server
- Ensuring an MCP server runs unmodified code in a confidential computing environment.
- Verifying server integrity before allowing sensitive data or agentic workflows.
- Auditing code provenance through independently reproducible measurements.
- Building bidirectional trust between MCP clients and servers.
FAQ from attestable-mcp-server
What is remote attestation?
Remote attestation uses a trusted execution environment to generate a certificate containing measurements of the running code. The MCP client can verify these measurements against known good values from GitHub Actions, proving the server is running the expected code.
What hardware and software dependencies does attestable-mcp-server require?
It requires Intel SGX hardware, Gramine, Python 3.13, Ubuntu 22.04, and the Intel SGX SDK & PSW. For development, emulated SGX can be used without secure hardware.
How can I independently verify the server code?
You can rebuild the Docker image locally on emulated or real SGX hardware and compare the generated measurements. The GitHub Actions workflow also produces signed artifacts that match the running server.
Does attestable-mcp-server support client attestation?
Yes, MCP servers can optionally remotely attest MCP clients, though the README notes that a client demonstration is still in development.
What protocol does attestable-mcp-server use for attestation?
It uses RA-TLS, an extension to TLS that adds machine- and code-specific measurements. The SGX quote is embedded in an X.509 certificate extension using the TCG DICE “tagged evidence” OID.
「その他」の他のコンテンツ
MCP Registry
modelcontextprotocolA community driven registry service for Model Context Protocol (MCP) servers.
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
Awesome Mlops
visengerA curated list of references for MLOps
Inbox Zero AI MCP
elie222The world's best AI personal assistant for email. Open source app to help you reach inbox zero fast.
🚀 Model Context Protocol (MCP) Curriculum for Beginners
microsoftThis open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable,
コメント