MCP server for TLS certificate analysis via the Model Context Protocol

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sreengineer from gravatar.com sreengineer

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sreengineer
  • Tags ai-tools , certificate , fastmcp , mcp , model-context-protocol , security , tls , x509
  • Requires: Python >=3.10
  • Provides-Extra: dev , otel
Classifiers
Report project as malware

Project description

dcert (Python)

CI/CD Pipeline PyPI version License: MIT

A Python MCP wrapper for the dcert Rust server.

Uses FastMCP to create a transparent proxy around the dcert-mcp Rust binary, exposing all TLS certificate tools via the Model Context Protocol. New tools added to the Rust binary are automatically available without any Python code changes.

Requirements

  • Python 3.12+
  • The dcert-mcp Rust binary is bundled in platform-specific wheels (no network access needed at runtime)

Installation

pip install dcert

Platform-specific wheels are available for:

  • Linux x86_64 (Ubuntu 22.04+, glibc 2.35+)
  • macOS Intel (x86_64)
  • macOS Apple Silicon (ARM64)

A universal fallback wheel auto-downloads the binary on first use if no platform wheel matches.

Quick Start

As a server

from dcert import create_server

server = create_server()
server.run()  # stdio mode (default)

As a client

import asyncio
from dcert import create_client

async def main():
    async with create_client() as client:
        tools = await client.list_tools()
        print(f"Available tools: {len(tools)}")

        result = await client.call_tool(
            "analyze_certificate", {"target": "example.com"}
        )
        print(result)

asyncio.run(main())

Typed async tool wrappers

For production use with type safety, timeouts, and automatic reconnection:

import asyncio
from dcert.tools import DcertClient

async def main():
    async with DcertClient(timeout=60.0) as dcert:
        # Analyze a certificate
        result = await dcert.analyze_certificate(target="example.com")

        # Check expiry with custom threshold
        expiry = await dcert.check_expiry(target="example.com", days=90)

        # Get TLS connection details
        info = await dcert.tls_connection_info(target="example.com")

        # Export PEM chain
        pem = await dcert.export_pem(target="example.com", output_path="chain.pem")

asyncio.run(main())

All 11 tools are available as typed async methods:

Method Description
analyze_certificate() Decode and analyze TLS certificates
check_expiry() Check certificate expiry within N days
check_revocation() Check OCSP revocation status
compare_certificates() Compare certificates between two targets
tls_connection_info() Get TLS connection details (cipher, protocol, latency)
export_pem() Export certificate chain as PEM
verify_key_match() Verify private key matches a certificate
convert_pfx_to_pem() Convert PKCS12/PFX to PEM files
convert_pem_to_pfx() Convert PEM cert+key to PKCS12/PFX
create_keystore() Create PKCS12 keystore (Java-compatible)
create_truststore() Create PKCS12 truststore from CA certs

Error handling

from dcert.tools import (
    DcertClient,
    DcertError,          # Base exception
    DcertTimeoutError,   # Tool call timed out
    DcertConnectionError,# Subprocess died
    DcertToolError,      # MCP tool returned an error
)

async with DcertClient(timeout=30.0, max_reconnects=3) as dcert:
    try:
        result = await dcert.analyze_certificate(target="example.com")
    except DcertTimeoutError:
        print("Tool call timed out")
    except DcertToolError as e:
        print(f"Tool error: {e} (tool={e.tool})")
    except DcertConnectionError:
        print("Binary subprocess crashed")

CLI

# stdio mode (default, for MCP clients like Claude Code)
dcert-python

# HTTP mode
dcert-python --transport http --host 0.0.0.0 --port 8080

# Pre-download binary (universal wheel only)
dcert-python --setup

# Explicit binary path
dcert-python --binary /usr/local/bin/dcert-mcp

Binary Discovery

The package locates the dcert-mcp Rust binary in this order:

  1. DCERT_MCP_BINARY environment variable
  2. Bundled binary in the package bin/ directory
  3. dcert-mcp on PATH (platform wheels install the binary here)
  4. Auto-download from GitHub Releases (universal wheel fallback, with SHA256 verification)

Environment Variables

The proxy forwards these environment variables to the Rust binary:

Category Variables
Proxy HTTP_PROXY, HTTPS_PROXY, NO_PROXY (and lowercase variants)
TLS SSL_CERT_FILE, SSL_CERT_DIR
dcert DCERT_PATH, DCERT_MCP_TIMEOUT, DCERT_MCP_CONNECTION_TIMEOUT, DCERT_MCP_READ_TIMEOUT

Scalability

This package uses the MCP proxy pattern: the Python layer never needs to know about individual dcert tools. All tool discovery, input schemas, and invocations are forwarded to the Rust binary via the MCP protocol at runtime. When new capabilities are added to the Rust server, they are immediately available through the Python wrapper.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sreengineer from gravatar.com sreengineer

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sreengineer
  • Tags ai-tools , certificate , fastmcp , mcp , model-context-protocol , security , tls , x509
  • Requires: Python >=3.10
  • Provides-Extra: dev , otel
Classifiers

Release history Release notifications | RSS feed

This version

3.0.32

3.0.31

3.0.30

3.0.29

3.0.28

3.0.27

3.0.26

3.0.25

3.0.24

3.0.23

3.0.22

3.0.21

3.0.20

3.0.19

3.0.18

3.0.17

3.0.15

3.0.14

3.0.13

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

dcert-3.0.32-py3-none-manylinux_2_35_x86_64.whl (8.1 MB view details)

Uploaded Python 3manylinux: glibc 2.35+ x86-64

dcert-3.0.32-py3-none-macosx_11_0_arm64.whl (7.4 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

dcert-3.0.32-py3-none-macosx_10_15_x86_64.whl (7.8 MB view details)

Uploaded Python 3macOS 10.15+ x86-64

dcert-3.0.32-py3-none-any.whl (23.3 kB view details)

Uploaded Python 3

File details

Details for the file dcert-3.0.32-py3-none-manylinux_2_35_x86_64.whl.

File metadata

File hashes

Hashes for dcert-3.0.32-py3-none-manylinux_2_35_x86_64.whl
Algorithm Hash digest
SHA256 719bd60df327980fab24624ec7fb496aa6efc69bb5005c8896e0e40b178e749c
MD5 5c6ee0792108a94cfc370030d4e1deb7
BLAKE2b-256 42d5303358b985c462fe4b031ecd3da12cdea756b2136066096dccfb03832897

See more details on using hashes here.

Provenance

The following attestation bundles were made for dcert-3.0.32-py3-none-manylinux_2_35_x86_64.whl:

Publisher: ci.yml on SCGIS-Wales/dcert

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dcert-3.0.32-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for dcert-3.0.32-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 1e3a7cb508136e9a04699b7726be9308df6a266d4011f389f7d6a4042a69e532
MD5 b5d8e34ea6c31fea96df1047dd2aac17
BLAKE2b-256 95fd34f2cac8c32ce9bdf811a735587f58d06746719445f6b2b218d58ba48e9a

See more details on using hashes here.

Provenance

The following attestation bundles were made for dcert-3.0.32-py3-none-macosx_11_0_arm64.whl:

Publisher: ci.yml on SCGIS-Wales/dcert

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dcert-3.0.32-py3-none-macosx_10_15_x86_64.whl.

File metadata

File hashes

Hashes for dcert-3.0.32-py3-none-macosx_10_15_x86_64.whl
Algorithm Hash digest
SHA256 bc48dd256666a5802ea8bb1baff18e11c69c6a170f3517cb70db5d176c581cf0
MD5 9f62646154e06c25ab0a8ceff61714c9
BLAKE2b-256 7ccd27e2f5df68a6c148320f25d7f8883692d9437904f8e7cc2a4065fd249cb1

See more details on using hashes here.

Provenance

The following attestation bundles were made for dcert-3.0.32-py3-none-macosx_10_15_x86_64.whl:

Publisher: ci.yml on SCGIS-Wales/dcert

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dcert-3.0.32-py3-none-any.whl.

File metadata

  • Download URL: dcert-3.0.32-py3-none-any.whl
  • Upload date:
  • Size: 23.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for dcert-3.0.32-py3-none-any.whl
Algorithm Hash digest
SHA256 7bccc8efbbfc32942848a4e44855510a17ce05dcb6dbfb3997a553efc2159ad8
MD5 96a847dad211733877d4cf2007c602ca
BLAKE2b-256 b1ca8b74b79986f8df9215e33d28a3a87a24b3eb20e7ee82487bd00bd639ed0d

See more details on using hashes here.

Provenance

The following attestation bundles were made for dcert-3.0.32-py3-none-any.whl:

Publisher: ci.yml on SCGIS-Wales/dcert

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page