Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

attestable-mcp-server

MCP.Pizza Chef: co-browser

The attestable-mcp-server is an MCP server that leverages trusted execution environments to provide remote attestation, ensuring the server runs verified, untampered code. It generates a cryptographic certificate during the TLS handshake, proving to MCP clients that the server's code matches the officially built and validated version. This enhances security and trust in MCP deployments by enabling independent validation of server integrity on both emulated and secure hardware.

Use This MCP server To

Verify MCP server code integrity before client connection Ensure MCP server runs untampered, trusted code remotely Enable secure MCP client-server communication with attestation Validate MCP server builds via hardware-backed certificates Integrate trusted execution environments for MCP server security Support compliance with data governance via remote attestation Detect unauthorized code changes in MCP server deployments

README

➡️ attestable-mcp-server

remotely attestable MCP server

Overview

This project contains an MCP Server that is remotely attestable by MCP clients. To achieve this, a trusted execution environment is used, which generates a certificate representing the currently-running code of the attestable-mcp-server. The attestable-mcp-server sends this certificate in the TLS handshake to an MCP client before connecting that proves the code it's running is the same code built on github actions, and can be independently validated by building and running the code locally on emulated hardware or secure hardware; these values will be the same. The protocol used for client <-> server remote attestation is RA-TLS, an extension to TLS that adds machine and code specific measurements that can be verified by an MCP client.

The most important concept behind this RA-TLS certificate is that it embeds an SGX quote in the standardized X.509 extension field with the TCG DICE "tagged evidence" OID, which in turn embeds the SGX report and the complete Intel SGX certificate chain. In addition to the SGX quote, the certificate also contains the evidence claims, with the most important one being the "pubkey-hash" claim that contains the hash of the ephemeral public key (in DER format) generated by the TEE of the memory image of the running MCP server.

Features

  • MCP Clients can remotely attest the code running on any MCP Server
  • MCP Servers can optionally remotely attest MCP Clients
Producing Signed Artifacts

The github action script in this repo runs on a self-hosted github runner inside of a trusted execution environment (TEE). The action script will build a docker container containing the attestable-mcp-server and generate a signed attestation of the code running inside the TEE. This docker image is then signed by github. You can independently generate the same values with or without secure hardware, and query our running server and get the same values.

Dependencies

  • Intel SGX Hardware
  • Gramine
  • python 3.13
  • Ubuntu 22.04
  • Intel SGX SDK & PSW

Quickstart

uv sync
docker build -t attestable-mcp-server .
gramine-sgx-gen-private-key
git clone https://github.com/gramineproject/gsc docker/gsc
cd docker/gsc
uv run ./gsc build-gramine --rm --no-cache -c ../gramine_base.config.yaml gramine_base
uv run ./gsc build -c ../attestable-mcp-server.config.yaml --rm attestable-mcp-server ../attestable-mcp-server.manifest
uv run ./gsc sign-image -c ../attestable-mcp-server.config.yaml  attestable-mcp-server "$HOME"/.config/gramine/enclave-key.pem
uv run ./gsc info-image gsc-attestable-mcp-server

Starting Server on Secure Hardware

docker run -itp --device=/dev/sgx_provision:/dev/sgx/provision  --device=/dev/sgx_enclave:/dev/sgx/enclave -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -p 8000:8000 --rm gsc-attestable-mcp-server

Starting Server on local development machine

docker run -p 8000:8000 --rm gsc-attestable-mcp-server

TODO

  • add MCP client demonstrating ra-tls
  • add intel-signed measurements from our github action to this readme for simple independent verification

Future Plans

  • JSON Web Key (JWK) attestation claim validation

cobrowser.xyz

attestable-mcp-server FAQ

How does remote attestation work in attestable-mcp-server?
It uses a trusted execution environment to generate a cryptographic certificate proving the server's running code matches the verified build, sent during TLS handshake.
Can I independently verify the server code integrity?
Yes, by building and running the code locally on emulated or secure hardware, you can compare attestation certificates to ensure integrity.
What security benefits does this server provide?
It guarantees MCP clients connect only to servers running untampered, trusted code, enhancing trust and preventing malicious code execution.
Is this compatible with standard MCP clients?
Yes, MCP clients that support remote attestation can validate the server's code integrity before interaction.
What environments does the attestable-mcp-server support for attestation?
It supports trusted execution environments on both emulated hardware and secure hardware platforms.
How does this server improve compliance and governance?
By providing verifiable proof of code integrity, it helps meet data governance and security compliance requirements.
Does the attestation process impact performance?
The attestation occurs during the TLS handshake, adding minimal overhead while significantly improving security.
Can this server be integrated into existing MCP infrastructures?
Yes, it acts as a drop-in MCP server with added remote attestation capabilities.