{"id":51224854,"url":"https://github.com/saagpatel/mcp-trust","last_synced_at":"2026-06-28T10:03:28.497Z","repository":{"id":366097493,"uuid":"1268276306","full_name":"saagpatel/mcp-trust","owner":"saagpatel","description":"Neutral trust registry for MCP servers — check before you connect","archived":false,"fork":false,"pushed_at":"2026-06-28T02:28:47.000Z","size":265,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-28T04:17:26.753Z","etag":null,"topics":["ai-safety","developer-tools","mcp","model-context-protocol","python","security","trust-registry"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/saagpatel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-06-13T10:43:59.000Z","updated_at":"2026-06-28T02:28:48.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/saagpatel/mcp-trust","commit_stats":null,"previous_names":["saagpatel/mcp-trust"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/saagpatel/mcp-trust","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saagpatel%2Fmcp-trust","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saagpatel%2Fmcp-trust/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saagpatel%2Fmcp-trust/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saagpatel%2Fmcp-trust/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/saagpatel","download_url":"https://codeload.github.com/saagpatel/mcp-trust/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saagpatel%2Fmcp-trust/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34884278,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-28T02:00:05.809Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-safety","developer-tools","mcp","model-context-protocol","python","security","trust-registry"],"created_at":"2026-06-28T10:03:27.867Z","updated_at":"2026-06-28T10:03:28.492Z","avatar_url":"https://github.com/saagpatel.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MCP Trust Registry\n\n[![CI](https://github.com/saagpatel/mcp-trust/actions/workflows/ci.yml/badge.svg)](https://github.com/saagpatel/mcp-trust/actions/workflows/ci.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n\n\u003e Check before you connect. A neutral, public danger grade for the MCP servers\n\u003e your AI agents rely on.\n\n**Live:** [mcp-trust.vercel.app](https://mcp-trust.vercel.app)\n\n\u003e **Not yet published to PyPI.** Install from source using the Quickstart below.\n\nConnecting an MCP server hands it influence over what your agent does. Tool\npoisoning, prompt injection, over-broad permissions, and rug-pull tool\nmutations are documented attack classes -- and today there's no quick way to vet\na server before you wire it in. **MCP Trust Registry** scans public MCP servers\nand gives each one a single readable danger grade (A-F), a separate\ntransparency signal, and the findings behind them.\n\nThink OSV.dev / Socket.dev / haveibeenpwned, scoped to MCP servers.\n\n## Prerequisites\n\n- Python \u003e= 3.11\n- [`uv`](https://docs.astral.sh/uv/) (used for dependency management and running the project)\n\n## How it works\n\n```\nregister a server  -\u003e  scan via engine  -\u003e  derive grade  -\u003e  persist  -\u003e  serve at a stable URL\n```\n\nThe registry does **not** reimplement vulnerability detection. It orchestrates a\npluggable scan engine -- the shipping backend wraps the public\n[`mcp-audits`](https://pypi.org/project/mcp-audits/) (\u003e=2.1) package -- and owns the\ncatalog, the public trust-grade normalization, persistence, and the lookup API.\n\n## Quickstart\n\n```bash\ngit clone https://github.com/saagpatel/mcp-trust.git \u0026\u0026 cd mcp-trust\nuv pip install -e \".[dev]\"      # core + dev deps (runs on the built-in StubEngine)\nmcp-trust seed                  # load the seed catalog\nmcp-trust scan mcp-reference-time   # scan a catalog server, print its grade\nmcp-trust check mcp-reference-time  # look up the latest stored grade\nmcp-trust serve                 # serve the API on http://127.0.0.1:8000\n```\n\nFor real scanning install the engine extra and select it:\n\n```bash\nuv pip install -e \".[dev,engine]\"\nMCP_TRUST_ENGINE=mcpaudit mcp-trust scan mcp-reference-time\n```\n\nScanning launches the server's process. For **untrusted** servers, isolate\nexecution in a locked-down container (no network, read-only fs, dropped caps,\nresource limits):\n\n```bash\nMCP_TRUST_ENGINE=mcpaudit MCP_TRUST_SANDBOX=docker mcp-trust scan mcp-reference-time\n```\n\nThe default is no sandbox (safe only for servers you trust).\n\n## API\n\n| Method | Path | Purpose |\n|---|---|---|\n| `GET`  | `/` | **web** -- public catalog page (grade + transparency per server) |\n| `GET`  | `/ui/servers/{slug}` | **web** -- server detail page + README badge-embed snippet |\n| `GET`  | `/healthz` | liveness |\n| `GET`  | `/servers` | catalog + latest grade per server (JSON) |\n| `GET`  | `/servers/{slug}` | full latest scan record + metadata (JSON) |\n| `POST` | `/servers/{slug}/scan` | operator scan trigger; public deployments disable this route |\n| `GET`  | `/servers/{slug}/badge.json` | shields.io-compatible README badge |\n\nEvery server has two orthogonal signals: a **danger grade** (A-F) and a\n**transparency level** (high/medium/low, from annotation coverage). Automated\ngrades are not endorsements, certifications, or claims that a server is\nmalicious. A low grade on a low-transparency server means \"cannot verify safe,\"\nnot \"known dangerous.\"\n\nHTTP scan triggering is fail-closed by default. Public deployments should set\n`MCP_TRUST_PUBLIC_READONLY=1`, which makes `POST /servers/{slug}/scan` return\n403 before any engine can run. Operator scans should normally run through the\nCLI against the persistent registry DB, not through public traffic.\n\nFor local API demos with the deterministic `StubEngine`, set\n`MCP_TRUST_ALLOW_UNAUTHENTICATED_STUB_SCANS=1`. Do **not** set that in public.\nToken-gated API scan triggering is still available for private operator surfaces\nby setting `MCP_TRUST_SCAN_TOKEN` and passing it as `Authorization: Bearer\n\u003ctoken\u003e` or `X-MCP-Trust-Scan-Token`.\n\nSet `MCP_TRUST_RECEIPTS_DIR=/data/mcp-trust/receipts` during real scan runs to\narchive a JSON receipt for each scan and store its portable artifact filename in\n`report_ref`.\n\n## Status\n\n**Live** at [mcp-trust.vercel.app](https://mcp-trust.vercel.app) as a statically\ngenerated catalog, regenerated from the local registry. The seven official\nreference MCP servers carry real `mcp-audits` grades from network-off Docker\nsandbox scans (distribution A/B/B/C/D/F/F). Every grade is labeled by\nprovenance, so demo/stub data can never read as a real scan, and an unscanned\nserver never shows a letter grade.\n\nThe static front door is the low-ops launch path (see\n[`DEPLOY-VERCEL.md`](DEPLOY-VERCEL.md)); a weekly `launchd` job under\n[`deploy/launchd/`](deploy/launchd/) re-scans, rebuilds, and optionally\nredeploys (deploy is opt-in). The live FastAPI service + VM path remains\ndocumented in [`DEPLOY-VM.md`](DEPLOY-VM.md) as an alternative. See\n[`SPEC.md`](SPEC.md) for the full contract and [`LAUNCH-GATE.md`](LAUNCH-GATE.md)\nfor launch history.\n\n## Contributing\n\n`uv.lock` is intentionally committed to the repository to ensure reproducible\ninstalls across environments. When adding or updating dependencies, commit the\nupdated `uv.lock` alongside your `pyproject.toml` changes.\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaagpatel%2Fmcp-trust","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsaagpatel%2Fmcp-trust","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaagpatel%2Fmcp-trust/lists"}