Metadata-Version: 2.4
Name: mcp-secure
Version: 1.0.0
Summary: MCPS -- MCP Secure. Cryptographic identity, message signing, and trust verification for the Model Context Protocol.
Author: CyberSecAI Ltd
License: MIT
Project-URL: Homepage, https://mcp-secure.dev
Project-URL: Repository, https://github.com/razashariff/mcps
Project-URL: Documentation, https://mcp-secure.dev
Keywords: mcp,mcps,mcp-secure,model-context-protocol,agent-security,agent-identity,passport,message-signing,ecdsa,trust,revocation,owasp,agentsign,secure-mcp
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: cryptography>=41.0.0
Dynamic: license-file

# MCPS -- MCP Secure

**Cryptographic identity, message signing, and trust verification for the Model Context Protocol.**

The HTTPS of the agent era. MCP becomes MCPS.

## Install

```bash
pip install mcp-secure
```

## Quick Start

```python
from mcp_secure import generate_key_pair, create_passport, sign_passport, verify_passport_signature
from mcp_secure import sign_message, verify_message, sign_tool, verify_tool

# Generate keys
keys = generate_key_pair()

# Create and sign a passport
passport = create_passport(
    name="my-agent",
    version="1.0.0",
    public_key=keys["public_key"],
    capabilities=["read", "write"],
)

# Trust Authority signs the passport
ta_keys = generate_key_pair()
signed = sign_passport(passport, ta_keys["private_key"])
assert verify_passport_signature(signed, ta_keys["public_key"])

# Sign MCP messages
envelope = sign_message(
    {"jsonrpc": "2.0", "method": "tools/list", "id": 1},
    signed["passport_id"],
    keys["private_key"],
)

# Verify
result = verify_message(envelope, keys["public_key"])
assert result["valid"]

# Tool integrity
tool = {"name": "read_file", "description": "Read a file", "inputSchema": {"type": "object"}}
sig = sign_tool(tool, keys["private_key"])
assert verify_tool(tool, sig, keys["public_key"])
```

## What MCPS Adds to MCP

| Feature | Description |
|---------|-------------|
| Agent Passports | ECDSA P-256 signed identity credentials |
| Message Signing | Every JSON-RPC message wrapped in signed envelope |
| Tool Integrity | Signed tool definitions prevent poisoning |
| Replay Protection | Nonce + 5-min timestamp window |
| Revocation | Real-time passport revocation via Trust Authority |
| Trust Levels | L0 (unsigned) to L4 (audited) |

## OWASP MCP Top 10

Mitigates 8/10 OWASP MCP vulnerabilities: tool poisoning, supply chain attacks, auth bypass, shadow servers, and more.

## Links

- **Website**: [mcp-secure.dev](https://mcp-secure.dev)
- **npm**: [mcp-secure](https://www.npmjs.com/package/mcp-secure)
- **Spec**: [SPEC.md](https://github.com/razashariff/mcps/blob/main/SPEC.md)

## License

MIT -- CyberSecAI Ltd
