CleanLibrary MCP server — exposes verdict-aware supply-chain risk assessment as Model Context Protocol tools for AI agent workflows
Project description
cleanlib-mcp-server
CleanLibrary MCP (Model Context Protocol) server — expose verdict-aware supply-chain risk assessment as MCP tools, so MCP-capable clients (Claude Code, Claude Desktop, Cursor, GitHub Copilot, and other agents) can fetch package verdicts directly inside the developer's workflow.
Ask your AI assistant "is cors@2.8.4 safe to install?" and it queries CleanLibrary for an ALLOW / DENY / WARN verdict with reasoning and confidence — without leaving the editor.
Tools
| Tool | Description |
|---|---|
cleanlib_fetch_verdict(ecosystem, package, version) |
Fetch a verdict (ALLOW / DENY / WARN) with reasoning and confidence for a package version |
cleanlib_health_check() |
Report server status + whether a live CleanLibrary backend is configured |
Install
pip install cleanlib-mcp-server
Run
cleanlib-mcp-server # stdio transport (per MCP spec)
Backend modes
- Connected — when
CLEANLIB_ENDPOINT+CLEANLIB_API_KEYare set, the server queries your CleanLibrary deployment for live verdicts. - Local fixtures — when no endpoint is configured (or the configured endpoint is unreachable), the server returns bundled demo fixtures so MCP clients always receive useful output.
MCP client integration
The server speaks standard MCP over stdio, so it works with any MCP-capable client. Example configuration (Claude Desktop — ~/Library/Application Support/Claude/claude_desktop_config.json; other clients use the same mcpServers shape):
{
"mcpServers": {
"cleanlibrary": {
"command": "cleanlib-mcp-server"
}
}
}
To connect a live CleanLibrary backend, add the endpoint + API key:
{
"mcpServers": {
"cleanlibrary": {
"command": "cleanlib-mcp-server",
"env": {
"CLEANLIB_ENDPOINT": "https://cleanapp.clnstrt.dev",
"CLEANLIB_API_KEY": "clk_..."
}
}
}
}
The same command + env pattern applies to Cursor, GitHub Copilot, and other MCP clients — consult your client's MCP server configuration docs for the exact file location.
Development
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
ruff check src tests
pytest -v
License
Proprietary. See LICENSE for terms. © 2026 CleanStart Inc.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cleanlib_mcp_server-0.2.0.tar.gz.
File metadata
- Download URL: cleanlib_mcp_server-0.2.0.tar.gz
- Upload date:
- Size: 10.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8c832c196722c5f76464d4169fe6a91de9583f237a960c1db42a23684587ec9f
|
|
| MD5 |
8d29ef1620edf7d970016f6e61122909
|
|
| BLAKE2b-256 |
3fcc5adf1bf9829bc189c5cff71d74a4fd2f144e951f1d62a91f80d924a57023
|
File details
Details for the file cleanlib_mcp_server-0.2.0-py3-none-any.whl.
File metadata
- Download URL: cleanlib_mcp_server-0.2.0-py3-none-any.whl
- Upload date:
- Size: 8.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
654c04efb766d70a81d942befcc74c557d309ee798034629692e2c5dc6f45ae2
|
|
| MD5 |
e3b3e3aa5ddb39a697fe3b20e80e25d3
|
|
| BLAKE2b-256 |
fa8067adf941e3f41f19b3fea1f6052b260922e58a1351647f9a4323d57f5d5e
|
