GitHub Stars
0
User Rating
Not Rated
Favorites
0
Views
17
Forks
0
Issues
0
MCP-TLS Tool Validation Server
โ ๏ธ This project is in early stage development โ ๏ธ
A lightweight utility server that validates tool definitions for integrity and schema correctness. This server is intended to be used as part of a broader MCP-compatible toolchain but can run independently for testing or CI verification of tool definitions.
๐ง Features
- ๐ฆ JSON-RPC 2.0-compliant request validation
- ๐ TLS transport support (with optional mTLS enforcement)
- ๐ Tool schema fingerprinting and checksum validation
- โก Fast HTTP API built with Chi
- ๐งช Unit tested components with Go test support
๐ Project Structure
.
โโโ .github
โย ย โโโ workflows/ # CI and release GitHub Actions
โโโ .gitignore
โโโ Dockerfile
โโโ README.md
โโโ VERSION
โโโ certs # Optional certs directory
โโโ cmd # Application entry points
โย ย โโโ server/
โโโ go.mod
โโโ go.sum
โโโ pkg
โโโ config/ # Project configurations
โโโ logs/ # Log output directory
โโโ mcp/ # Core MCP-TLS data structures
โโโ server/ # HTTP server, routes, and handlers
โโโ tls/ # TLS transport encryption support
โโโ util/ # JSON helpers
โโโ validate/ # Tool validation logic
๐ Getting Started
Prerequisites
- Go 1.21+
- TLS certificate (self-signed or CA-issued)
Configuration
Optional environment variables
| Environment Variable | Description | Required | Default s |
|---|---|---|---|
MCPTLS_SERVER_PORT |
Port the server listens on | No | 9090 |
MCPTLS_SERVER_ADDR |
Server address | No | localhost:9090 |
MCPTLS_LOG_LEVEL |
Log verbosity level (debug, info, warn) |
No | info |
Build and Run a binary
go build -o bin/server ./cmd/server
chmod +x ./bin/server
./bin/server
Build and run with Docker
docker build -t mcp-tls-server .
Run basic with basic configs
docker run --name mcp-tls-server \
-p 9090:9090 \
-d \
mcp-tls-server
Run using docker compose
docker compose up -d
docker compose down
API Endpoints
POST /api/tools/validate
Validates a single tool definition for schema and checksum integrity.
Example
curl -X POST https://localhost:8443/api/tools/validate \
-H "Content-Type: application/json" \
-d @tool.json
Example with TLS enabled:
curl -X POST https://localhost:8443/api/tools/validate \
-H "Content-Type: application/json" \
--cacert certs/ca.crt \
--cert certs/client.crt \
--key certs/client.key \
-d @tool.json
Request Schema (tool.json)
{
"name": "example-tool",
"description": "This tool performs a sample operation.",
"arguments": {
"inputA": "value1"
},
"parameters": {
"param1": "value1",
"param2": 42,
"param3": true
},
"inputSchema": {
"type": "object",
"properties": {
"inputA": {
"type": "string"
},
"inputB": {
"type": "number"
}
},
"required": ["inputA"]
},
"outputSchema": {
"type": "object",
"properties": {
"outputA": {
"type": "boolean"
}
},
"required": ["outputA"]
},
"annotations": {
"title": "Sample Tool",
"readOnlyHint": true,
"destructiveHint": false,
"idempotentHint": true,
"openWorldHint": false
},
"secMetaData": {
"source": "trusted-registry",
"signature": "abc123signature",
"public_key_id": "key-456",
"version": "1.0.0",
"checksum": "sha256:deadbeef"
}
}
๐งช Testing
go test -v ./...
๐ TLS Configuration
TLS is mandatory by default.
Supported Flags:
| Flag | Description |
|---|---|
--cert |
Path to TLS certificate file (PEM format) |
--key |
Path to TLS private key (PEM format) |
--ca |
Path to CA cert for verifying clients |
--require-mtls |
Require client certificate verification |
--addr |
Listen address (default: :8443) |
:robot: The free, Open Source alternative to OpenAI, Claude and others. Self-hosted and local-first. Drop-in replacement for OpenAI, running on consumer-grade hardware. No GPU required. Runs gguf, transformers, diffusers and many more. Features: Generate Text, Audio, Video, Images, Voice Cloning, Distributed, P2P and decentralized inference