Attestable MCP Server
by
Verify that any MCP server is running the intended and untampered code via hardware attestation.
Attestable MCP Server Overview
What is Attestable MCP Server about?
Attestable MCP Server enables MCP clients to remotely attest the exact code running on an MCP server. It uses a Trusted Execution Environment (TEE) to generate a RA‑TLS certificate that embeds an Intel SGX quote and a hash of the server's in‑memory image, allowing clients to confirm the server is executing the same artifact built in CI.
How to use Attestable MCP Server?
# Sync dependencies
uv sync
# Build the Docker image
docker build -t attestable-mcp-server .
# Generate SGX private key (required by Gramine)
gramine-sgx-gen-private-key
# Build and sign the Gramine enclave image
git clone https://github.com/gramineproject/gsc docker/gsc
cd docker/gsc
uv run ./gsc build-gramine --rm --no-cache -c ../gramine_base.config.yaml gramine_base
uv run ./gsc build -c ../attestable-mcp-server.config.yaml --rm attestable-mcp-server ../attestable-mcp-server.manifest
uv run ./gsc sign-image -c ../attestable-mcp-server.config.yaml attestable-mcp-server "$HOME"/.config/gramine/enclave-key.pem
uv run ./gsc info-image gsc-attestable-mcp-server
Running on Secure Hardware
docker run -it \
--device=/dev/sgx_provision:/dev/sgx/provision \
--device=/dev/sgx_enclave:/dev/sgx/enclave \
-v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
-p 8000:8000 \
--rm gsc-attestable-mcp-server
Running on a Local Development Machine
docker run -p 8000:8000 --rm gsc-attestable-mcp-server
Key Features
- Remote attestation of MCP server code via RA‑TLS
- Embeds SGX quote and TCG DICE tagged‑evidence in X.509 certificates
- Supports verification of the server’s build artifact against CI‑generated signatures
- Optional attestation of MCP clients
- Works with Intel SGX hardware and Gramine runtime
Use Cases
- Secure deployment of model‑serving endpoints where clients must trust the execution environment
- Zero‑trust architectures that require proof of code integrity before data exchange
- Compliance‑driven environments needing auditable hardware‑based attestations
- Development pipelines that want reproducible attestation values across CI and local builds
FAQ
Q: Do I need Intel SGX hardware to run the server? A: Yes, the production attestation flow requires SGX. A fallback Docker run without SGX works for development but does not provide hardware attestation.
Q: How is the server’s code verified by a client?
A: The server presents an RA‑TLS certificate that contains an SGX quote and a pubkey-hash claim. Clients can rebuild the server locally, compute the same hash, and compare it with the claim to ensure identical code.
Q: Can the server attest the client as well? A: The project includes optional support for server‑to‑client attestation, though a demonstration client is listed as a TODO.
Q: What dependencies are required?
A: Intel SGX SDK & PSW, Gramine, Python 3.13, Ubuntu 22.04, and the uv Python package manager.
Q: How are the Docker images signed? A: The GitHub Action builds the Docker image inside a TEE, generates the attestation, and then the image is signed by GitHub. The same values can be reproduced independently.
Attestable MCP Server's README
➡️ attestable-mcp-server
remotely attestable MCP server
Overview
This project contains an MCP Server that is remotely attestable by MCP clients. To achieve this, a trusted execution environment is used, which generates a certificate representing the currently-running code of the attestable-mcp-server. The attestable-mcp-server sends this certificate in the TLS handshake to an MCP client before connecting that proves the code it's running is the same code built on github actions, and can be independently validated by building and running the code locally on emulated hardware or secure hardware; these values will be the same. The protocol used for client <-> server remote attestation is RA-TLS, an extension to TLS that adds machine and code specific measurements that can be verified by an MCP client.
The most important concept behind this RA-TLS certificate is that it embeds an SGX quote in the standardized X.509 extension field with the TCG DICE "tagged evidence" OID, which in turn embeds the SGX report and the complete Intel SGX certificate chain. In addition to the SGX quote, the certificate also contains the evidence claims, with the most important one being the "pubkey-hash" claim that contains the hash of the ephemeral public key (in DER format) generated by the TEE of the memory image of the running MCP server.
Features
- MCP Clients can remotely attest the code running on any MCP Server
- MCP Servers can optionally remotely attest MCP Clients
Producing Signed Artifacts
The github action script in this repo runs on a self-hosted github runner inside of a trusted execution environment (TEE). The action script will build a docker container containing the attestable-mcp-server and generate a signed attestation of the code running inside the TEE. This docker image is then signed by github. You can independently generate the same values with or without secure hardware, and query our running server and get the same values.
Dependencies
- Intel SGX Hardware
- Gramine
- python 3.13
- Ubuntu 22.04
- Intel SGX SDK & PSW
Quickstart
uv sync
docker build -t attestable-mcp-server .
gramine-sgx-gen-private-key
git clone https://github.com/gramineproject/gsc docker/gsc
cd docker/gsc
uv run ./gsc build-gramine --rm --no-cache -c ../gramine_base.config.yaml gramine_base
uv run ./gsc build -c ../attestable-mcp-server.config.yaml --rm attestable-mcp-server ../attestable-mcp-server.manifest
uv run ./gsc sign-image -c ../attestable-mcp-server.config.yaml attestable-mcp-server "$HOME"/.config/gramine/enclave-key.pem
uv run ./gsc info-image gsc-attestable-mcp-server
Starting Server on Secure Hardware
docker run -itp --device=/dev/sgx_provision:/dev/sgx/provision --device=/dev/sgx_enclave:/dev/sgx/enclave -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -p 8000:8000 --rm gsc-attestable-mcp-server
Starting Server on local development machine
docker run -p 8000:8000 --rm gsc-attestable-mcp-server
TODO
- add MCP client demonstrating ra-tls
- add intel-signed measurements from our github action to this readme for simple independent verification
Future Plans
- JSON Web Key (JWK) attestation claim validation
cobrowser.xyz
Attestable MCP Server Reviews
Login Required
Please log in to share your review and rating for this MCP.
Actions
Attestable MCP Server's Information
- Author
- co-browser
- Category
- Security
- Language
- Python
- Stars
- 16
- Updated
- 21 days ago
Similar MCP Servers like Attestable MCP Server
Explore related MCPs that share similar capabilities and solve comparable challenges
SafeLine
by chaitin
A self‑hosted web application firewall and reverse proxy that protects web applications from attacks and exploits by filtering, monitoring, and blocking malicious HTTP/S traffic.
Burp MCP Server
by PortSwigger
Enables Burp Suite to communicate with AI clients via the Model Context Protocol, providing an MCP server and bundled stdio proxy.
Cycode CLI
by cycodehq
Boost security in the development lifecycle via SAST, SCA, secrets, and IaC scanning.
Keycloak MCP Server
by ChristophEnglisch
Provides AI‑powered administration of Keycloak users and realms through the Model Context Protocol, enabling automated creation, deletion, and listing of users and realms from MCP clients such as Claude Desktop.
OpenCTI MCP Server
by Spathodea-Network
Provides a Model Context Protocol server that enables querying and retrieving threat intelligence data from OpenCTI through a standardized interface.
Authenticator App MCP Server
Officialby firstorderai
Provides seamless access to two‑factor authentication codes and passwords for AI agents, enabling automated login while maintaining security.
OPNSense MCP Server
by vespo92
Manage OPNsense firewalls through conversational AI, providing network configuration, device discovery, DNS filtering, HAProxy setup, and backup/restore via simple commands.
MalwareBazaar MCP
by mytechnotalent
Provides an AI-driven interface to Malware Bazaar, delivering real-time threat intelligence and sample metadata for authorized cybersecurity research workflows.
Shodan Mcp
by Hexix23
Provides a powerful interface to the Shodan API, enabling advanced search, host intelligence, vulnerability discovery, and network mapping for security research.