Comprehensive Security and Structural Validation Framework for the OpenMCP Specification
Project description
MCPcrunch 🔍
MCPcrunch is a comprehensive security and structural validation framework for the OpenMCP Specification.
Inspired by the philosophy of 42Crunch for OpenAPI, MCPcrunch applies both deterministic (static analysis) and semantic (LLM-based) validation rules to ensure that your Model Context Protocol (OpenMCP) specifications are robust, secure, and ready for autonomous agentic environments.
🚀 Key Features
- Deterministic Auditing: 20+ rules covering Format (FMT), Data Quality (DAT), and Security (SEC) categories.
- Semantic Risk Analysis: LLM-powered (Gemini/OpenAI) detection of Adversarial (ADV) threats like Prompt Injection and Sensitive Field Leakage.
- 42Crunch-Style Scoring: Instant security score (0-100) based on severity-weighted issue detection.
- Developer Friendly: Use as a standalone CLI tool or integrate directly into your Python workflows.
- Rich Reporting: Beautiful terminal output with summary tables and detailed issue breakdowns.
🛠 Installation
# From local source
pip install .
📖 Usage
Command Line Interface (CLI)
Audit an OpenMCP specification file:
# Deterministic audit (default)
mcpcrunch spec.json --schema schema.json
# Full audit with semantic analysis (Gemini)
mcpcrunch spec.json --llm gemini --api-key YOUR_GEMINI_API_KEY
[!NOTE] By omitting the
--llmflag, the auditor will only perform deterministic (static) checks.
Python API
Integrate validation directly into your application:
from mcpcrunch import MCPcrunch, GeminiProvider
# Initialize engine (Deterministic only)
crunch = MCPcrunch(schema_path="schema.json")
# Full engine (Deterministic + Semantic)
llm = GeminiProvider(api_key="your-key")
crunch_with_llm = MCPcrunch(schema_path="schema.json", llm=llm)
# Audit a specification
with open("myspec.json") as f:
spec_data = json.load(f)
report = crunch_with_llm.audit(spec_data)
print(f"Overall Security Score: {report.overall_score}/100")
for issue in report.deterministic.issues + report.semantic.issues:
print(f"[{issue.severity}] {issue.rule_id}: {issue.message}")
📋 Validation Rules
For a detailed list of all supported rules and their impact, see validations.md.
- FMT: Format integrity and versioning.
- DAT: Data boundaries and context window protection.
- SEC: Authentication and transport security.
- ADV: Adversarial threat prevention (Semantic).
🧪 Testing
Run the comprehensive test suite (16+ tests):
pytest tests/
Built with ❤️ for the AI Agent Ecosystem by Anish Chelliah CR.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcpcrunch-0.1.0.tar.gz.
File metadata
- Download URL: mcpcrunch-0.1.0.tar.gz
- Upload date:
- Size: 13.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
17fcd30d8932a92c4204ddb7d816dd1f63b4588ed4fc38c463f62a5787ea906b
|
|
| MD5 |
fcfbee42d7440d12620034b415999cff
|
|
| BLAKE2b-256 |
dc55e82e9fc5e3fa9be26a78ec003640dd501325d65399d6991e669398914744
|
File details
Details for the file mcpcrunch-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mcpcrunch-0.1.0-py3-none-any.whl
- Upload date:
- Size: 13.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c9cfdf72b8099b4f28a235cd64c9aa535dbfe65e765f61d80dd40e71b5ef737a
|
|
| MD5 |
1d355532ba253e2692bc06d9ce9e9051
|
|
| BLAKE2b-256 |
71c5e1df0defe9184eb71d1887f52bb46eaa012910ce002b88dd30f19308b5b1
|
