MCP.so
登录

➡️ attestable-mcp-server

@co-browser

关于 ➡️ attestable-mcp-server

Verify that any MCP server is running the intended and untampered code via hardware attestation.

基本信息

分类

其他

运行时

python

传输方式

stdio

发布者

co-browser

配置

暂无标准配置

该服务器的 README 中没有可解析的 MCP 配置块,请前往代码仓库查看安装说明。

代码仓库

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is attestable-mcp-server?

attestable-mcp-server is an MCP (Model Context Protocol) server that can be remotely attested by MCP clients. It uses a trusted execution environment (Intel SGX) and RA-TLS to generate a certificate that proves the server is running the exact code built on GitHub Actions. This enables independent verification of the server’s integrity without trusting the hosting provider.

How to use attestable-mcp-server?

Install dependencies: Intel SGX hardware and SDK, Gramine, Python 3.13, and Ubuntu 22.04. Build the Docker image with docker build -t attestable-mcp-server . and run Gramine commands to produce a signed artifact. Start the server on secure hardware with docker run including SGX device mounts, or on a local machine without SGX. MCP clients connect using standard MCP protocol; the RA-TLS handshake provides attestation automatically.

Key features of attestable-mcp-server

  • MCP clients can remotely attest the code running on any MCP server.
  • MCP servers can optionally remotely attest MCP clients.
  • Uses RA-TLS, an extension to TLS that embeds an SGX quote.
  • Embeds SGX quote in X.509 certificate with TCG DICE “tagged evidence” OID.
  • Enables independent verification via GitHub Actions or local rebuild.
  • Docker image signed by GitHub and built in a TEE.

Use cases of attestable-mcp-server

  • Ensuring an MCP server runs unmodified code in a confidential computing environment.
  • Verifying server integrity before allowing sensitive data or agentic workflows.
  • Auditing code provenance through independently reproducible measurements.
  • Building bidirectional trust between MCP clients and servers.

FAQ from attestable-mcp-server

What is remote attestation?

Remote attestation uses a trusted execution environment to generate a certificate containing measurements of the running code. The MCP client can verify these measurements against known good values from GitHub Actions, proving the server is running the expected code.

What hardware and software dependencies does attestable-mcp-server require?

It requires Intel SGX hardware, Gramine, Python 3.13, Ubuntu 22.04, and the Intel SGX SDK & PSW. For development, emulated SGX can be used without secure hardware.

How can I independently verify the server code?

You can rebuild the Docker image locally on emulated or real SGX hardware and compare the generated measurements. The GitHub Actions workflow also produces signed artifacts that match the running server.

Does attestable-mcp-server support client attestation?

Yes, MCP servers can optionally remotely attest MCP clients, though the README notes that a client demonstration is still in development.

What protocol does attestable-mcp-server use for attestation?

It uses RA-TLS, an extension to TLS that adds machine- and code-specific measurements. The SGX quote is embedded in an X.509 certificate extension using the TCG DICE “tagged evidence” OID.

评论

其他 分类下的更多 MCP 服务器