MCP server for TLS certificate analysis via the Model Context Protocol

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sreengineer from gravatar.com sreengineer

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sreengineer
  • Tags ai-tools , certificate , fastmcp , mcp , model-context-protocol , security , tls , x509
  • Requires: Python >=3.10
  • Provides-Extra: dev , otel
Classifiers
Report project as malware

Project description

dcert (Python)

CI/CD Pipeline PyPI version License: MIT

A Python MCP wrapper for the dcert Rust server.

Uses FastMCP to create a transparent proxy around the dcert-mcp Rust binary, exposing all TLS certificate tools via the Model Context Protocol. New tools added to the Rust binary are automatically available without any Python code changes.

Requirements

  • Python 3.12+
  • The dcert-mcp Rust binary is bundled in platform-specific wheels (no network access needed at runtime)

Installation

pip install dcert

Platform-specific wheels are available for:

  • Linux x86_64 (Ubuntu 22.04+, glibc 2.35+)
  • macOS Intel (x86_64)
  • macOS Apple Silicon (ARM64)

A universal fallback wheel auto-downloads the binary on first use if no platform wheel matches.

Quick Start

As a server

from dcert import create_server

server = create_server()
server.run()  # stdio mode (default)

As a client

import asyncio
from dcert import create_client

async def main():
    async with create_client() as client:
        tools = await client.list_tools()
        print(f"Available tools: {len(tools)}")

        result = await client.call_tool(
            "analyze_certificate", {"target": "example.com"}
        )
        print(result)

asyncio.run(main())

Typed async tool wrappers

For production use with type safety, timeouts, and automatic reconnection:

import asyncio
from dcert.tools import DcertClient

async def main():
    async with DcertClient(timeout=60.0) as dcert:
        # Analyze a certificate
        result = await dcert.analyze_certificate(target="example.com")

        # Check expiry with custom threshold
        expiry = await dcert.check_expiry(target="example.com", days=90)

        # Get TLS connection details
        info = await dcert.tls_connection_info(target="example.com")

        # Export PEM chain
        pem = await dcert.export_pem(target="example.com", output_path="chain.pem")

asyncio.run(main())

All 11 tools are available as typed async methods:

Method Description
analyze_certificate() Decode and analyze TLS certificates
check_expiry() Check certificate expiry within N days
check_revocation() Check OCSP revocation status
compare_certificates() Compare certificates between two targets
tls_connection_info() Get TLS connection details (cipher, protocol, latency)
export_pem() Export certificate chain as PEM
verify_key_match() Verify private key matches a certificate
convert_pfx_to_pem() Convert PKCS12/PFX to PEM files
convert_pem_to_pfx() Convert PEM cert+key to PKCS12/PFX
create_keystore() Create PKCS12 keystore (Java-compatible)
create_truststore() Create PKCS12 truststore from CA certs

Error handling

from dcert.tools import (
    DcertClient,
    DcertError,          # Base exception
    DcertTimeoutError,   # Tool call timed out
    DcertConnectionError,# Subprocess died
    DcertToolError,      # MCP tool returned an error
)

async with DcertClient(timeout=30.0, max_reconnects=3) as dcert:
    try:
        result = await dcert.analyze_certificate(target="example.com")
    except DcertTimeoutError:
        print("Tool call timed out")
    except DcertToolError as e:
        print(f"Tool error: {e} (tool={e.tool})")
    except DcertConnectionError:
        print("Binary subprocess crashed")

CLI

# stdio mode (default, for MCP clients like Claude Code)
dcert-python

# HTTP mode
dcert-python --transport http --host 0.0.0.0 --port 8080

# Pre-download binary (universal wheel only)
dcert-python --setup

# Explicit binary path
dcert-python --binary /usr/local/bin/dcert-mcp

Binary Discovery

The package locates the dcert-mcp Rust binary in this order:

  1. DCERT_MCP_BINARY environment variable
  2. Bundled binary in the package bin/ directory
  3. dcert-mcp on PATH (platform wheels install the binary here)
  4. Auto-download from GitHub Releases (universal wheel fallback, with SHA256 verification)

Environment Variables

The proxy forwards these environment variables to the Rust binary:

Category Variables
Proxy HTTP_PROXY, HTTPS_PROXY, NO_PROXY (and lowercase variants)
TLS SSL_CERT_FILE, SSL_CERT_DIR
dcert DCERT_PATH, DCERT_MCP_TIMEOUT, DCERT_MCP_CONNECTION_TIMEOUT, DCERT_MCP_READ_TIMEOUT

Scalability

This package uses the MCP proxy pattern: the Python layer never needs to know about individual dcert tools. All tool discovery, input schemas, and invocations are forwarded to the Rust binary via the MCP protocol at runtime. When new capabilities are added to the Rust server, they are immediately available through the Python wrapper.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sreengineer from gravatar.com sreengineer

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: sreengineer
  • Tags ai-tools , certificate , fastmcp , mcp , model-context-protocol , security , tls , x509
  • Requires: Python >=3.10
  • Provides-Extra: dev , otel
Classifiers

Release history Release notifications | RSS feed

3.0.32

3.0.31

3.0.30

3.0.29

This version

3.0.28

3.0.27

3.0.26

3.0.25

3.0.24

3.0.23

3.0.22

3.0.21

3.0.20

3.0.19

3.0.18

3.0.17

3.0.15

3.0.14

3.0.13

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

dcert-3.0.28-py3-none-manylinux_2_35_x86_64.whl (8.0 MB view details)

Uploaded Python 3manylinux: glibc 2.35+ x86-64

dcert-3.0.28-py3-none-macosx_11_0_arm64.whl (7.3 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

dcert-3.0.28-py3-none-macosx_10_15_x86_64.whl (7.7 MB view details)

Uploaded Python 3macOS 10.15+ x86-64

dcert-3.0.28-py3-none-any.whl (23.4 kB view details)

Uploaded Python 3

File details

Details for the file dcert-3.0.28-py3-none-manylinux_2_35_x86_64.whl.

File metadata

File hashes

Hashes for dcert-3.0.28-py3-none-manylinux_2_35_x86_64.whl
Algorithm Hash digest
SHA256 d9dd111376c9cb68671c23d1a43a155a99ec7beefdbfe9bfebbde1bade9c85bb
MD5 3467cf3330689385c321f14d12294235
BLAKE2b-256 7101f8499326db21ab89a9bb6e7513980315f5d77185b706c975dbce4b21e844

See more details on using hashes here.

Provenance

The following attestation bundles were made for dcert-3.0.28-py3-none-manylinux_2_35_x86_64.whl:

Publisher: ci.yml on SCGIS-Wales/dcert

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dcert-3.0.28-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for dcert-3.0.28-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 d82e9d3ecf04fbbb7b03588dfeb794a09c146ee6c320c72e5f8f0b92eb8fc7ce
MD5 20fe09e36a604b05666c30083587a715
BLAKE2b-256 fcacb8bc7fc87a0d4219c8019dd501fbc61610950310be44f381c8e44a8a7c8b

See more details on using hashes here.

Provenance

The following attestation bundles were made for dcert-3.0.28-py3-none-macosx_11_0_arm64.whl:

Publisher: ci.yml on SCGIS-Wales/dcert

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dcert-3.0.28-py3-none-macosx_10_15_x86_64.whl.

File metadata

File hashes

Hashes for dcert-3.0.28-py3-none-macosx_10_15_x86_64.whl
Algorithm Hash digest
SHA256 3f1bd0f2f35797e378a1f7ada76c065136b27defc798bac2833098f82f7d79b0
MD5 5611f108770e3329061eef89afae596a
BLAKE2b-256 234fbe62e3c31354cdb22552d0028fc5e31fbf4e206d20dbd5bc3f659cbdfae1

See more details on using hashes here.

Provenance

The following attestation bundles were made for dcert-3.0.28-py3-none-macosx_10_15_x86_64.whl:

Publisher: ci.yml on SCGIS-Wales/dcert

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dcert-3.0.28-py3-none-any.whl.

File metadata

  • Download URL: dcert-3.0.28-py3-none-any.whl
  • Upload date:
  • Size: 23.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for dcert-3.0.28-py3-none-any.whl
Algorithm Hash digest
SHA256 ebc7bd128e5eee818e882e420183133dd964ce173bbeb211a0260e84b9a14cc1
MD5 858e63809a161129a2427d3e95e259f1
BLAKE2b-256 87e193be3d1d277e478b01d3d00bd99a7118bc74cfa000cda2b9f601b6a7578b

See more details on using hashes here.

Provenance

The following attestation bundles were made for dcert-3.0.28-py3-none-any.whl:

Publisher: ci.yml on SCGIS-Wales/dcert

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page