mcp-compliance-validator
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-compliance-validatorvalidate the MCP server at /projects/my-mcp-server"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Compliance Validator
A comprehensive security validation system for Model Context Protocol (MCP) server implementations. Provides enterprise-grade authentication, authorization, and protocol security checks to ensure your MCP servers meet the highest security standards.
Quick Start
# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
pip install mcp
pip install -e .
# Run as MCP server
python -m src.mcp_compliance_validator.simple_server
# Or validate a repository directly
python -c "
import asyncio
from src.mcp_compliance_validator.tools.validate_compliance import validate_compliance
async def validate():
result = await validate_compliance('/path/to/your/mcp-server')
print(f'Security Score: {result[\"analysis_summary\"][\"security_score\"]:.2f}')
asyncio.run(validate())
"Related MCP server: Waygate MCP
Security Features
Advanced Authentication & Authorization
OAuth 2.1 Compliance: PKCE, state parameters, redirect URI validation, client authentication
JWT Security: Algorithm validation, expiration checks, issuer/audience verification, replay protection
API Key Security: Length validation, rotation policies, rate limiting, immediate revocation
Transport Security: HTTPS enforcement, protocol version validation, origin validation
Deep Code Analysis
AST-based Security Analysis: Static analysis for security vulnerabilities and anti-patterns
100+ Security Rules: Comprehensive coverage of authentication, authorization, and protocol security
Pattern Detection: Identifies insecure implementations and compliance violations
Real-time Validation: On-demand security assessments with detailed remediation guidance
Enterprise Integration
MCP Protocol Compliant: Full JSON-RPC 2.0 implementation with comprehensive validation tools
CI/CD Integration: Automated security validation in development pipelines
Comprehensive Reporting: Detailed findings with severity classification and remediation steps
High Performance: 590K+ chars/sec processing, 58K+ validations/sec
MCP Documentation Monitoring
Real-time Documentation Tracking: Monitors official MCP repositories for specification changes
Compliance Impact Analysis: Assesses how documentation changes affect compliance validation
Cross-Reference Analysis: Correlates documentation changes with existing tool implementations
Automated Recommendations: Provides actionable insights for maintaining compliance
Table of Contents
Installation
Quick Start (npm)
The easiest way to use the MCP Compliance Validator:
# Run directly with npx (no installation required)
npx mcp-compliance-validator
# Or install globally
npm install -g mcp-compliance-validatorDevelopment Installation
For development or custom setups:
Prerequisites
Python 3.11 or higher
Git (for repository analysis)
GitHub Token (for MCP documentation monitoring - optional but recommended)
Install Dependencies
Note: Due to Python environment restrictions, a virtual environment is required.
# Create virtual environment
python3 -m venv venv
# Activate virtual environment
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Install MCP library
pip install mcp
# Install package in development mode
pip install -e .
# Development installation (includes testing and linting tools)
pip install -r requirements-dev.txt
# Set up development environment (if available)
make setupVerify Installation
# Run tests
make test
# Check code quality
make lint
# Test MCP server
./venv/bin/python -m src.mcp_compliance_validator.simple_serverBuild/Test Commands
# Run all tests
python3 -m pytest
# Run specific test
python3 -m pytest tests/contract/test_analyze_tools_contract.py::TestAnalyzeMCPToolsContract::test_tool_exists
# Run MCP server directly
python3 src/mcp_compliance_validator/simple_server.pyMCP Server Configuration
Installation
First, install the package and its dependencies in development mode:
cd /path/to/mcp-compliance-validator
pip install -r requirements.txt
pip install -e .Claude Desktop Configuration
Option 1: npm Package (Recommended)
{
"mcpServers": {
"mcp-compliance-validator": {
"command": "npx",
"args": ["-y", "mcp-compliance-validator"],
"description": "Security validation system for MCP server implementations with enterprise-grade authentication and authorization checks",
"alwaysAllow": [
"validate_compliance",
"analyze_mcp_tools",
"get_mcp_spec_version"
]
}
}
}Option 2: Local Development Installation
Note: Replace /path/to/mcp-compliance-validator with the actual path to your installation.
{
"mcpServers": {
"mcp-compliance-validator": {
"command": "/path/to/mcp-compliance-validator/venv/bin/python",
"args": [
"-m",
"src.mcp_compliance_validator.simple_server"
],
"cwd": "/path/to/mcp-compliance-validator",
"description": "Security validation system for MCP server implementations with enterprise-grade authentication and authorization checks",
"alwaysAllow": [
"validate_compliance",
"analyze_mcp_tools",
"get_mcp_spec_version"
]
}
}
}Claude Code Configuration
Option 1: npm Package (Recommended)
claude mcp add-json "mcp-compliance-validator" '{
"command": "npx",
"args": ["-y", "mcp-compliance-validator"]
}'Option 2: Import from Claude Desktop
claude mcp add-from-claude-desktopOption 3: Manual Configuration
Add to your project's .claude.json file:
{
"mcpServers": {
"mcp-compliance-validator": {
"command": "npx",
"args": ["-y", "mcp-compliance-validator"]
}
}
}Configuration Files Location
Claude Desktop (macOS):
~/Library/Application Support/Claude/claude_desktop_config.jsonClaude Desktop (Windows):
%APPDATA%\Claude\claude_desktop_config.jsonClaude Desktop (Linux):
~/.config/Claude/claude_desktop_config.jsonClaude Code:
~/.claude.json(global) or.claude.json(project-specific)
Verifying Server Connection
After adding the configuration, restart Claude Desktop and verify the server is connected:
The server should appear in Claude's MCP servers list
You can test it by asking Claude to validate an MCP server repository
Check the logs for any connection errors
Alternative Configuration (Development)
For development or local testing, you can run the server directly:
{
"mcpServers": {
"mcp-compliance-validator": {
"command": "python",
"args": [
"/full/path/to/mcp-compliance-validator/src/mcp_compliance_validator/simple_server.py"
]
}
}
}Usage
MCP Server Mode
Run as an MCP server for integration with MCP clients:
python -m mcp_compliance_validator.simple_serverThe server exposes six powerful validation tools:
1. validate_compliance - Comprehensive Security Analysis
{
"name": "validate_compliance",
"arguments": {
"repository_path": "/path/to/your/mcp-server",
"validation_categories": ["SECURITY", "TOOLS", "PROTOCOL"],
"include_patterns": ["**/*.py"],
"exclude_patterns": ["**/test_*", "**/__pycache__/**"]
}
}Sample Response:
{
"success": true,
"analysis_summary": {
"files_analyzed": 150,
"total_findings": 23,
"security_score": 0.85,
"compliance_status": "COMPLIANT_WITH_WARNINGS"
},
"findings": [
{
"rule_id": "OAUTH-001",
"severity": "high",
"message": "PKCE not required for OAuth flows",
"recommendation": "Require PKCE for all OAuth authorization flows",
"file_path": "/path/to/oauth.py",
"line_number": 42
}
]
}2. analyze_mcp_tools - MCP Tool Implementation Analysis
{
"name": "analyze_mcp_tools",
"arguments": {
"repository_path": "/path/to/your/mcp-server",
"tool_patterns": ["@mcp.tool", "@tool", "def.*tool.*\\("]
}
}3. get_mcp_spec_version - Latest MCP Specification Info
{
"name": "get_mcp_spec_version",
"arguments": {}
}4. monitor_mcp_docs - MCP Documentation Change Monitoring
Monitor official MCP documentation repositories for recent changes and analyze their compliance impact:
{
"name": "monitor_mcp_docs",
"arguments": {
"days_back": 30,
"severity_filter": "medium",
"github_token": "ghp_xxxxxxxxxxxxxxxxxxxx"
}
}Sample Response:
{
"success": true,
"monitoring_summary": {
"monitoring_period": {
"days_back": 30,
"start_date": "2025-08-27T13:04:14.986886+00:00",
"end_date": "2025-09-26T13:04:21.509954+00:00"
},
"repositories_checked": [
"modelcontextprotocol/specification",
"modelcontextprotocol/python-sdk",
"modelcontextprotocol/typescript-sdk"
],
"raw_commits_found": 21,
"changes_detected": 44,
"changes_after_filtering": 39
},
"compliance_report": {
"priority_summary": {
"critical": 0,
"high": 15,
"medium": 24,
"low": 0
},
"changes_requiring_validation_updates": 28
}
}5. analyze_mcp_tools_comprehensive - Comprehensive Analysis
Perform comprehensive MCP tools analysis including documentation monitoring:
{
"name": "analyze_mcp_tools_comprehensive",
"arguments": {
"repository_path": ".",
"include_docs_analysis": true,
"docs_monitoring_days": 7,
"github_token": "ghp_xxxxxxxxxxxxxxxxxxxx"
}
}6. monitor_tools_compliance_drift - Compliance Drift Monitoring
Monitor compliance drift by comparing current tools status with recent documentation changes:
{
"name": "monitor_tools_compliance_drift",
"arguments": {
"repository_path": ".",
"baseline_days": 30,
"comparison_days": 7,
"github_token": "ghp_xxxxxxxxxxxxxxxxxxxx"
}
}Note: The documentation monitoring tools require a GitHub personal access token to avoid API rate limits and access recent commit history.
Direct API Usage
Use the security validators directly in your Python applications:
from mcp_compliance_validator.validators.auth_security import AuthSecurityValidator
# Initialize validator
validator = AuthSecurityValidator()
# Validate OAuth 2.1 configuration
oauth_config = {
"oauth": {
"pkce_required": True,
"state_required": True,
"redirect_uri_validation": {"enabled": True},
"authorization_code": {"expiration_seconds": 600},
"client_authentication": {"required": True}
}
}
result = validator.validate_oauth_implementation(oauth_config)
print(f"OAuth Security: {'SECURE' if result.is_secure else 'INSECURE'}")
# Validate JWT configuration
jwt_config = {
"algorithm": "RS256",
"expiration_hours": 1,
"issuer_validation": {"enabled": True},
"audience_validation": {"enabled": True}
}
jwt_result = validator.validate_jwt_security(jwt_config)
print(f"JWT Security: {'SECURE' if jwt_result.is_secure else 'INSECURE'}")CI/CD Integration
Integrate security validation into your development pipeline:
# .github/workflows/security-validation.yml
name: Security Validation
on: [push, pull_request]
jobs:
security-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.11'
- name: Install MCP Validator
run: |
git clone https://github.com/your-org/mcp-compliance-validator.git
cd mcp-compliance-validator
pip install -r requirements.txt
- name: Run Security Validation
run: |
cd mcp-compliance-validator
python -c "
import asyncio, sys
from mcp_compliance_validator.tools.validate_compliance import validate_compliance
async def validate():
result = await validate_compliance('$GITHUB_WORKSPACE',
validation_categories=['SECURITY'])
score = result['analysis_summary']['security_score']
print(f'Security Score: {score:.2f}')
# Fail if critical issues found
critical_findings = [f for f in result['findings']
if f['severity'] == 'critical']
if critical_findings:
print(f'ERROR: {len(critical_findings)} critical security issues found')
sys.exit(1)
else:
print('No critical security issues')
asyncio.run(validate())
"Security Rules
OAuth 2.1 Security Rules
Rule ID | Severity | Description | Fix |
| HIGH | PKCE not required | Enable |
| HIGH | State parameter not required | Enable |
| CRITICAL | Redirect URI validation disabled | Enable |
| HIGH | No authorization code expiration | Set |
| HIGH | Client authentication not required | Enable |
JWT Security Rules
Rule ID | Severity | Description | Fix |
| CRITICAL | Insecure algorithm (none, HS256) | Use RS256 or ES256 |
| HIGH | No token expiration | Set |
| HIGH | No issuer validation | Enable |
| HIGH | No audience validation | Enable |
API Key Security Rules
Rule ID | Severity | Description | Fix |
| HIGH | Key too short (< 32 chars) | Use |
| MEDIUM | No rotation policy | Enable |
| HIGH | No revocation capability | Enable |
Configuration
Environment Variables
# GitHub integration (required for MCP documentation monitoring)
export GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
# Security settings
export MCP_SECURITY_MIN_ENTROPY=8.0
export MCP_SECURITY_FALSE_POSITIVE_RATE=0.01
# Performance settings
export MCP_ANALYSIS_MAX_WORKERS=4
export MCP_ANALYSIS_TIMEOUT_SECONDS=300
# Logging
export MCP_LOG_LEVEL=INFO
export MCP_LOG_FORMAT=jsonConfiguration File
Create config.yaml for advanced settings:
github:
token: "ghp_xxxxxxxxxxxxxxxxxxxx" # GitHub personal access token
security:
min_secret_entropy: 8.0
false_positive_rate: 0.01
allowed_path_prefixes:
- "/safe/path"
analysis:
max_workers: 4
timeout_seconds: 300
chunk_size: 100
logging:
level: INFO
format: json
file_path: "/var/log/mcp-validator.log"Documentation Monitoring
MCP Documentation Monitoring Feature
This system provides automated tracking of changes in official MCP repositories and analyzes how these changes might affect MCP compliance validation.
Features
Repository Monitoring
Monitors official MCP repositories:
specification,python-sdk,typescript-sdkTracks changes in documentation, specifications, and code examples
Configurable monitoring periods and severity filters
Change Detection
Categorizes changes by type: specification, protocol, schema, security, tools, resources
Assesses severity levels: critical, high, medium, low
Extracts relevant keywords and metadata
Compliance Impact Analysis
Analyzes how documentation changes affect compliance validation
Identifies validation rules that may need updates
Suggests new compliance rules based on changes
Provides actionable recommendations
Usage Examples
Basic Documentation Monitoring
from mcp_compliance_validator.tools.monitor_mcp_docs import monitor_mcp_docs
# Monitor last 7 days with medium+ severity
result = await monitor_mcp_docs(
days_back=7,
severity_filter="medium"
)
if result["success"]:
print(f"Found {len(result['detailed_changes'])} relevant changes")
for change in result['detailed_changes']:
print(f"- {change['title']} ({change['severity']})")Comprehensive Analysis with Cross-Reference
from mcp_compliance_validator.tools.analyze_mcp_tools import analyze_mcp_tools_comprehensive
# Analyze tools with documentation monitoring
result = await analyze_mcp_tools_comprehensive(
repository_path="/path/to/your/mcp/project",
include_docs_analysis=True,
docs_monitoring_days=14
)
if result["success"]:
# View tool analysis
tools = result["tools_analysis"]
print(f"Tools found: {tools['tools_found']}")
print(f"Compliant: {tools['tools_compliant']}")
# View cross-reference insights
insights = result.get("cross_reference_insights", {})
for recommendation in insights.get("recommendations", []):
print(f"Recommendation: {recommendation}")GitHub Token Configuration
For enhanced functionality and higher rate limits, configure a GitHub personal access token:
Go to GitHub Settings > Developer settings > Personal access tokens
Create a new token with
public_reposcopeSet the environment variable:
export GITHUB_TOKEN=your_token_here
Without a token, the system uses unauthenticated requests with lower rate limits (60 requests/hour vs 5000 requests/hour).
Documentation
Avoiding False Positives
The validator analyzes source code for MCP specification compliance. To avoid analyzing external dependencies and get accurate results:
Recommended Exclude Patterns
# Using the MCP tool directly
mcp_validate_compliance \
--repository_path /path/to/your/repo \
--exclude_patterns "test_env/**/*" "**/__pycache__/**" "**/site-packages/**" \
--exclude_test_files trueDefault Exclusions
The validator automatically excludes:
**/node_modules/**- Node.js dependencies**/.git/**- Git repository files**/venv/**,**/.venv/**,**/test_env/**- Python virtual environments**/__pycache__/**- Python cache files**/site-packages/**- Installed Python packages**/htmlcov/**- Coverage reports**/.pytest_cache/**- Pytest cache**/*.pyc,**/*.pyo,**/*.pyd- Compiled Python files
Configuration File
Create a .mcp-compliance-ignore file in your repository root:
# External dependencies
test_env/**/*
**/site-packages/**
lib/python*/site-packages/**
# Cache and build files
**/__pycache__/**
*.pyc
*.pyo
*.pyd
# Virtual environments
venv/*
.venv/*
env/*
# IDE files
.vscode/*
.idea/*Best Practices
1. Focus on Your Source Code
Only analyze the code you write, not external dependencies:
Include:
src/**/*.py,lib/**/*.py, your main code directoriesExclude: Virtual environments, installed packages, cache files
2. Use Appropriate Severity Thresholds
# For development - see all issues
--severity_threshold INFO
# For CI/CD - only critical issues
--severity_threshold ERROR3. Categories of Validation
Choose relevant validation categories:
PROTOCOL- MCP protocol complianceSCHEMA- JSON schema validationSECURITY- Security pattern analysisTOOLS- MCP tool implementationRESOURCES- MCP resource handlingPACKAGING- MCPB bundle packaging recommendations (optional)
Example:
--validation_categories "PROTOCOL,SCHEMA,TOOLS"
# Include packaging recommendations
--validation_categories "PROTOCOL,SCHEMA,TOOLS,PACKAGING"MCPB (MCP Bundle) Support
The validator provides optional recommendations for MCPB packaging to improve distribution and installation experience. MCPB validation:
Never fails validation for missing MCPB support
Suggests MCPB packaging for local MCP servers
Validates manifest.json structure if present
Provides guidance on distribution best practices
What is MCPB?
MCPB (MCP Bundle) is a standardized packaging format for local MCP servers:
Similar to browser extensions (.crx) or VS Code extensions (.vsix)
Enables one-click installation in desktop applications like Claude
Contains: MCP server files +
manifest.jsonmetadataOptional but recommended for better user experience
MCPB Validation Rules
Rule ID | Severity | Description |
| INFO | Consider MCPB packaging for easier distribution |
| WARNING | Invalid manifest.json structure detected |
| INFO | Valid MCPB manifest.json detected |
| INFO | MCP server appears to be for remote deployment |
When to Use MCPB
Recommended for:
Local MCP servers for desktop integration
Tools meant for end-user installation
Servers requiring easy configuration
Not needed for:
Remote/cloud MCP servers
API services
CI/CD or development tools
Performance
Benchmarks
Response Time: < 2 seconds for typical repositories
Throughput: 596,592 characters/second processing capability
Auth Validation Rate: 58,917 validations/second
MCP Server Performance: 2.38M requests/second
Memory Usage: < 200MB for large codebases
Optimization Features
Parallel Processing: Multi-threaded analysis for large codebases
Memory Efficient: Bounded memory usage with streaming analysis
Caching: Intelligent caching of validation results
Incremental Analysis: Only analyze changed files when possible
Examples
Complete Security Assessment
import asyncio
from mcp_compliance_validator.tools.validate_compliance import validate_compliance
async def comprehensive_security_check():
"""Run a complete security assessment."""
result = await validate_compliance(
repository_path="/path/to/your/mcp-server",
validation_categories=["SECURITY", "TOOLS", "PROTOCOL"],
include_patterns=["**/*.py"],
exclude_patterns=["**/tests/**", "**/__pycache__/**"]
)
# Print summary
summary = result["analysis_summary"]
print(f"Security Assessment Results:")
print(f" Files Analyzed: {summary['files_analyzed']}")
print(f" Security Score: {summary['security_score']:.2f}/1.00")
print(f" Status: {summary['compliance_status']}")
# Print findings by severity
findings_by_severity = {}
for finding in result["findings"]:
severity = finding["severity"]
findings_by_severity.setdefault(severity, []).append(finding)
for severity in ["critical", "high", "medium", "low"]:
if severity in findings_by_severity:
count = len(findings_by_severity[severity])
print(f" {severity.upper()}: {count} findings")
# Print critical findings
critical_findings = findings_by_severity.get("critical", [])
if critical_findings:
print("\\nCritical Security Issues:")
for finding in critical_findings:
print(f" {finding['rule_id']}: {finding['message']}")
print(f" Location: {finding['file_path']}:{finding['line_number']}")
print(f" Recommendation: {finding['recommendation']}")
print()
return result
# Run the assessment
asyncio.run(comprehensive_security_check())Multi-Configuration Validation
from mcp_compliance_validator.validators.auth_security import AuthSecurityValidator
def validate_multiple_configs():
"""Validate multiple authentication configurations."""
validator = AuthSecurityValidator()
configs = {
"Production OAuth": {
"oauth": {
"pkce_required": True,
"state_required": True,
"redirect_uri_validation": {"enabled": True},
"client_authentication": {"required": True}
}
},
"Development JWT": {
"algorithm": "HS256", # Intentionally weak for demo
"expiration_hours": 24,
"issuer_validation": {"enabled": False}
},
"Secure API Keys": {
"key_length": 64,
"rotation_enabled": True,
"revocation": {"enabled": True}
}
}
print("Authentication Configuration Validation\\n")
for name, config in configs.items():
print(f"Testing: {name}")
# Choose appropriate validator
if "oauth" in config:
result = validator.validate_oauth_implementation(config)
elif "algorithm" in config:
result = validator.validate_jwt_security(config)
else:
result = validator.validate_api_key_security(config)
# Display results
status = "SECURE" if result.is_secure else "INSECURE"
print(f" Status: {status}")
if result.findings:
print(f" Findings: {len(result.findings)}")
for finding in result.findings[:3]: # Show first 3
print(f" [{finding.severity}] {finding.message}")
if len(result.findings) > 3:
print(f" ... and {len(result.findings) - 3} more")
print()
validate_multiple_configs()Development
Setting Up Development Environment
# Clone repository
git clone <repository-url>
cd mcp-compliance-validator
# Install development dependencies
pip install -r requirements-dev.txt
# Set up pre-commit hooks
make setup
# Run tests
make test
# Run type checking
make type-check
# Format code
make formatRunning Tests
# Run all tests
pytest
# Run with coverage
pytest --cov=mcp_compliance_validator
# Run specific test categories
pytest tests/contract/ # Contract tests
pytest tests/unit/ # Unit tests
# Run performance tests
pytest -m "not slow" # Skip slow testsCode Style Guidelines
Python 3.x: Type hints required via
typingmodule, async/await patterns for toolsImports: Standard library first, then external deps, then local modules (from .. import)
Naming: snake_case for functions/variables, PascalCase for classes/enums, UPPER_SNAKE for constants
Models: Use Pydantic BaseModel with Field descriptors for validation models
Enums: Use str-based Enums (class MyEnum(str, Enum)) for string constants
Error Handling: Return structured error responses in JSON-RPC format with proper error codes
Async: All tool functions must be async (async def) for MCP compatibility
Dataclasses: Use @dataclass for simple data containers, Pydantic for validation
Path Handling: Use pathlib.Path for file operations, not os.path
Testing: pytest with fixtures, mark contract tests with @pytest.mark.contract
MCP Protocol: Follow JSON-RPC 2.0 spec, handle initialize/tools/list/tools/call methods
This project follows:
Black for code formatting
isort for import sorting
flake8 for linting
mypy for type checking
Run make format to apply all formatting rules.
Contributing
We welcome contributions! Please see our Contributing Guide for details.
Quick Contribution Steps
Fork the repository
Create a feature branch (
git checkout -b feature/amazing-feature)Commit your changes (
git commit -m 'feat: add amazing feature')Push to the branch (
git push origin feature/amazing-feature)Open a Pull Request
Development Workflow
All code must pass tests and linting
Add tests for new functionality
Update documentation for API changes
Follow semantic commit conventions
Project Status
Phase 1: Setup (Completed)
Phase 2: Tests (Completed)
Phase 3: Implementation (Completed)
Phase 4: Integration (Completed)
Phase 5: Documentation (Completed)
Recent Updates
Complete OAuth 2.1 security validation
Advanced JWT security checks
API key security validation
Full MCP protocol integration
Performance optimization (590K+ chars/sec)
Comprehensive documentation
MCP documentation monitoring system
Compliance drift detection
Roadmap
Additional Protocol Support: WebSocket, HTTP/2
Advanced Threat Detection: ML-based vulnerability detection
Integration Extensions: GitHub Actions, GitLab CI, Jenkins
Dashboard Interface: Web-based validation dashboard
Custom Rule Engine: User-defined security rules
Real-time Notifications: Webhook integration for documentation changes
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
Model Context Protocol team for the excellent protocol specification
Python Security community for security best practices
Open Source contributors who make projects like this possible
Support
Documentation: docs/
Issues: GitHub Issues
Discussions: GitHub Discussions
Built with care for the MCP community
Quick Start • Documentation • Security Features • Performance
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/DankeyDevDave/mcp-compliance-validator'
If you have feedback or need assistance with the MCP directory API, please join our Discord server