secure-harness-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@secure-harness-mcpgenerate a secure Go HTTP server with SQLite"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
secure-harness-mcp
A verify-and-repair secure-coding harness, exposed as an MCP server (and a transparent proxy).
Consumer / self-hosted LLMs write code with the security posture of their training data — which is to say, insecurely by default, and often plausibly wrong: code that looks fine and isn't. This project wraps any OpenAI-compatible model in a verify-and-repair loop — generate, then build and security-scan the result, feed every compiler error and finding back, and regenerate — so the model cannot ship code that fails to compile or trips a detector without you knowing.
It is the operational form of a simple research result: how you wrap the model (the harness) determines output security far more than which model you pick, and a secure-coding prompt alone is a trap — only the feedback loop delivers both security and buildability.
⚠️ A strong filter, not a proof. The harness removes what its instruments can see (build errors, pattern detectors,
bandit) and reports honest residuals for the rest. It does not guarantee security — static analysis still misses classes such as argument injection. Treat its output as hardened and checked, not certified.
What it gives you
MCP tools (Go-focused: build + pattern-scan + repair loop):
tool | what it does |
| write new Go for a spec, guided prompt + build/scan repair loop; returns vetted code |
| take existing code, fix its weaknesses, return a before/after comparison |
| run the pattern detectors (+ CWE + rationale) — candidates, not verdicts |
| build/robustness + findings scorecard for a snippet |
A transparent proxy (secure-harness-proxy, Go and Python): an OpenAI-compatible endpoint that
fronts any model; every completion containing code is run through the loop automatically, so any
client pointed at it is hardened with no client change.
Related MCP server: pci-dss-mcp
How the loop works
spec ─▶ generate (model) ─▶ build + scan (self-tested) ─▶ clean & builds? ──yes──▶ return
▲ │
└──────────── feed each error/finding back ◀───no (≤ N iters)Every instrument is self-tested: a known-insecure snippet must score worse than a secure one, and
a broken snippet must fail to build — so a reported "0 findings" means the instrument looked and found
nothing, not that it was misconfigured. Known false-positive classes (e.g. bandit's advisory-only
subprocess notices, or Go's secure exec.Command(bin, args...) form) are quarantined and documented,
while genuine injection (shell=True) stays blocking.
Requirements
Python 3.10+ with
mcp,PyYAML(andbanditfor the Python proxy path).Go on
PATH(the build check compiles generated Go; also enablesgolang.org/x/cryptoso secure choices likebcryptbuild).An OpenAI-compatible model endpoint (local vLLM / llama.cpp / Ollama, or a hosted API).
Install
Homebrew (recommended)
brew tap calvarado2004/secure-harness https://github.com/calvarado2004/secure-harness-mcp
brew install --HEAD secure-harness-mcpThis installs two commands: secure-harness-mcp (the MCP server) and secure-harness-proxy (the
transparent proxy), each in its own virtualenv, with go and python@3.12 as dependencies.
(Or, from a clone: brew install --HEAD ./Formula/secure-harness-mcp.rb.)
From source
git clone https://github.com/calvarado2004/secure-harness-mcp
cd secure-harness-mcp
python3 -m venv .venv && . .venv/bin/activate
pip install -r requirements.txt
python secure_coding_mcp.py # stdio MCP serverConfigure the model backend
The harness hardens the output of whatever model you point it at (model choice barely matters — that's
the thesis). Set three env vars (copy .env.example):
export SECURE_HARNESS_MODEL_URL=http://localhost:11434/v1 # any OpenAI-compatible endpoint
export SECURE_HARNESS_MODEL=qwen2.5-coder:32b # the served model id
export SECURE_HARNESS_KEY=dummy # API key if the endpoint needs oneAdd the MCP to your tools
Qwen Code
One-liner:
qwen mcp add secure-coding secure-harness-mcpOr add it to ~/.qwen/settings.json under mcpServers (use the from-source path if not installed via
Homebrew):
{
"mcpServers": {
"secure-coding": {
"command": "secure-harness-mcp",
"env": {
"SECURE_HARNESS_MODEL_URL": "http://localhost:11434/v1",
"SECURE_HARNESS_MODEL": "qwen2.5-coder:32b",
"SECURE_HARNESS_KEY": "dummy"
},
"description": "Verify-and-repair secure-coding harness"
}
}
}Verify it connected, then use it (headless runs need -y to auto-approve tool calls):
qwen mcp list # → secure-coding ... Connected
qwen -y -p "Use secure_generate to write a Go HTTP handler that returns a file from ./data by name.
Report builds and findings."Claude Code
claude mcp add secure-coding \
-e SECURE_HARNESS_MODEL_URL=http://localhost:11434/v1 \
-e SECURE_HARNESS_MODEL=qwen2.5-coder:32b \
-- secure-harness-mcpCursor / any MCP client
Add to the client's mcp.json:
{
"mcpServers": {
"secure-coding": {
"command": "secure-harness-mcp",
"env": {
"SECURE_HARNESS_MODEL_URL": "http://localhost:11434/v1",
"SECURE_HARNESS_MODEL": "qwen2.5-coder:32b"
}
}
}
}If you installed from source instead of Homebrew, replace "command": "secure-harness-mcp" with
"command": "/absolute/path/to/.venv/bin/python" and "args": ["/absolute/path/to/secure_coding_mcp.py"].
Bonus: the transparent proxy (harden any client automatically)
Instead of calling a tool, front your model with the loop so every request is hardened — no client change, the model can't opt out:
# run it directly
secure-harness-proxy --port 8090 # env: SECURE_PROXY_UPSTREAM / SECURE_PROXY_KEY / SECURE_PROXY_MAX_ITERS
# or always-on via Docker (toolchain baked in)
cp .env.example .env # set SECURE_PROXY_UPSTREAM
docker compose up -d # -> http://localhost:8090/v1Then point any OpenAI-compatible client (Qwen Code, Cursor, curl) at http://localhost:8090/v1.
Code that already builds clean passes through with zero extra model calls (cost is proportional to
risk); risky code is repaired and returned with an honest residual note.
Recursive by design
An agent that writes code can call harden_code on its own output before returning it — the research
result as a runtime safety layer.
Honest caveats
Filter, not proof — it removes what the instruments detect; static analysis misses some classes.
Some weaknesses resist the loop — e.g. code that needs restructuring rather than a local fix; the residual note says so plainly.
Needs the toolchain — without
go/banditpresent, the loop degrades to prompt-only (a trap); the Docker image bakes them in so this can't happen silently.Cost — each risky generation costs 1 + up-to-N repair passes; well spent when quality matters.
License
MIT — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/calvarado2004/secure-harness-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server