Skip to content

Commit 72121e0

Browse files
authored
Merge pull request #3 from jaschadub/main
feat: integrate SchemaPin security framework for MCP tool validation
2 parents 4ffbc07 + 5c88505 commit 72121e0

22 files changed

Lines changed: 5080 additions & 35 deletions

CHANGELOG.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,39 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
1919

2020
### Security
2121

22+
## [2.3.0] - 2025-06-08
23+
24+
### Added
25+
- **🔐 SchemaPin Integration**: Revolutionary cryptographic schema verification for MCP tools
26+
- ECDSA P-256 signature verification with SHA-256 hashing
27+
- Trust-On-First-Use (TOFU) key pinning with automatic discovery
28+
- Configurable security policies: enforce, warn, and log modes
29+
- Comprehensive audit logging and compliance tracking
30+
- Hybrid architecture with graceful fallback when SchemaPin library unavailable
31+
- Complete integration with MockLoop's existing audit and proxy systems
32+
- 56 comprehensive tests (42 unit + 14 integration tests)
33+
- Extensive examples and documentation in `examples/schemapin/`
34+
- New dependency: `schemapin>=1.0.0`
35+
- **📚 Comprehensive Documentation**: Complete SchemaPin integration guide
36+
- Detailed integration guide at `docs/guides/schemapin-integration.md`
37+
- Updated main README.md with SchemaPin section
38+
- Migration guide for existing users
39+
- Security best practices and threat analysis
40+
- Troubleshooting guide and API reference
41+
42+
### Security
43+
- **MCP Rug Pull Protection**: Prevents malicious schema modifications through cryptographic verification
44+
- **Enhanced Audit Logging**: SchemaPin verification events integrated with MockLoop's compliance system
45+
- **Key Pinning Security**: TOFU model prevents man-in-the-middle attacks on schema verification
46+
- **Policy-Based Security**: Configurable enforcement levels for different environments
47+
- **Compliance Support**: Audit trails support GDPR, SOX, HIPAA regulatory requirements
48+
49+
### Changed
50+
- Enhanced MCP tool execution flow to include optional schema verification
51+
- Extended audit logging system to support SchemaPin verification events
52+
- Updated proxy configuration to support SchemaPin integration
53+
- Improved security posture with cryptographic schema verification
54+
2255
## [2.2.9] - 2025-06-02
2356

2457
### Added

README.md

Lines changed: 272 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -819,7 +819,278 @@ MockLoop MCP is designed for enterprise-scale performance:
819819
- **Threat Modeling**: AI-driven threat analysis
820820
- **Security Reporting**: Comprehensive security analytics
821821

822-
## 🛣️ Future Development
822+
## 🔐 SchemaPin Integration - Cryptographic Schema Verification
823+
824+
MockLoop MCP now includes **SchemaPin integration** - the industry's first cryptographic schema verification system for MCP tools, preventing "MCP Rug Pull" attacks through ECDSA signature verification and Trust-On-First-Use (TOFU) key pinning.
825+
826+
### Revolutionary Security Enhancement
827+
828+
SchemaPin integration transforms MockLoop MCP into the most secure MCP testing platform by providing:
829+
830+
- **🔐 Cryptographic Verification**: ECDSA P-256 signatures ensure schema integrity
831+
- **🔑 TOFU Key Pinning**: Automatic key discovery and pinning for trusted domains
832+
- **📋 Policy Enforcement**: Configurable security policies (enforce/warn/log modes)
833+
- **📊 Comprehensive Auditing**: Complete verification logs for compliance
834+
- **🔄 Graceful Fallback**: Works with or without SchemaPin library
835+
- **🏗️ Hybrid Architecture**: Seamless integration with existing MockLoop systems
836+
837+
### Quick Start Configuration
838+
839+
```python
840+
from mockloop_mcp.schemapin import SchemaPinConfig, SchemaVerificationInterceptor
841+
842+
# Basic configuration
843+
config = SchemaPinConfig(
844+
enabled=True,
845+
policy_mode="warn", # enforce, warn, or log
846+
auto_pin_keys=False,
847+
trusted_domains=["api.example.com"],
848+
interactive_mode=False
849+
)
850+
851+
# Initialize verification
852+
interceptor = SchemaVerificationInterceptor(config)
853+
854+
# Verify tool schema
855+
result = await interceptor.verify_tool_schema(
856+
tool_name="database_query",
857+
schema=tool_schema,
858+
signature="base64_encoded_signature",
859+
domain="api.example.com"
860+
)
861+
862+
if result.valid:
863+
print("✓ Schema verification successful")
864+
else:
865+
print(f"✗ Verification failed: {result.error}")
866+
```
867+
868+
### Production Configuration
869+
870+
```python
871+
# Production-ready configuration
872+
config = SchemaPinConfig(
873+
enabled=True,
874+
policy_mode="enforce", # Block execution on verification failure
875+
auto_pin_keys=True, # Auto-pin keys for trusted domains
876+
key_pin_storage_path="/secure/path/keys.db",
877+
discovery_timeout=60,
878+
cache_ttl=7200,
879+
trusted_domains=[
880+
"api.corp.com",
881+
"tools.internal.com"
882+
],
883+
well_known_endpoints={
884+
"api.corp.com": "https://api.corp.com/.well-known/schemapin.json"
885+
},
886+
revocation_check=True,
887+
interactive_mode=False
888+
)
889+
```
890+
891+
### Security Benefits
892+
893+
#### MCP Rug Pull Protection
894+
SchemaPin prevents malicious actors from modifying tool schemas without detection:
895+
896+
- **Cryptographic Signatures**: Every tool schema is cryptographically signed
897+
- **Key Pinning**: TOFU model prevents man-in-the-middle attacks
898+
- **Audit Trails**: Complete verification logs for security analysis
899+
- **Policy Enforcement**: Configurable responses to verification failures
900+
901+
#### Compliance & Governance
902+
- **Regulatory Compliance**: Audit logs support GDPR, SOX, HIPAA requirements
903+
- **Enterprise Security**: Integration with existing security frameworks
904+
- **Risk Management**: Configurable security policies for different environments
905+
- **Threat Detection**: Automated detection of schema tampering attempts
906+
907+
### Integration Examples
908+
909+
#### Basic Tool Verification
910+
```python
911+
# Verify a single tool
912+
from mockloop_mcp.schemapin import SchemaVerificationInterceptor
913+
914+
interceptor = SchemaVerificationInterceptor(config)
915+
result = await interceptor.verify_tool_schema(
916+
"api_call", tool_schema, signature, "api.example.com"
917+
)
918+
```
919+
920+
#### Batch Verification
921+
```python
922+
# Verify multiple tools efficiently
923+
from mockloop_mcp.schemapin import SchemaPinWorkflowManager
924+
925+
workflow = SchemaPinWorkflowManager(config)
926+
results = await workflow.verify_tool_batch([
927+
{"name": "tool1", "schema": schema1, "signature": sig1, "domain": "api.com"},
928+
{"name": "tool2", "schema": schema2, "signature": sig2, "domain": "api.com"}
929+
])
930+
```
931+
932+
#### MCP Proxy Integration
933+
```python
934+
# Integrate with MCP proxy for seamless security
935+
class SecureMCPProxy:
936+
def __init__(self, config):
937+
self.interceptor = SchemaVerificationInterceptor(config)
938+
939+
async def proxy_tool_request(self, tool_name, schema, signature, domain, data):
940+
# Verify schema before execution
941+
result = await self.interceptor.verify_tool_schema(
942+
tool_name, schema, signature, domain
943+
)
944+
945+
if not result.valid:
946+
return {"error": "Schema verification failed"}
947+
948+
# Execute tool with verified schema
949+
return await self.execute_tool(tool_name, data)
950+
```
951+
952+
### Policy Modes
953+
954+
#### Enforce Mode
955+
```python
956+
config = SchemaPinConfig(policy_mode="enforce")
957+
# Blocks execution on verification failure
958+
# Recommended for production critical tools
959+
```
960+
961+
#### Warn Mode
962+
```python
963+
config = SchemaPinConfig(policy_mode="warn")
964+
# Logs warnings but allows execution
965+
# Recommended for gradual rollout
966+
```
967+
968+
#### Log Mode
969+
```python
970+
config = SchemaPinConfig(policy_mode="log")
971+
# Logs events without blocking
972+
# Recommended for monitoring and testing
973+
```
974+
975+
### Key Management
976+
977+
#### Trust-On-First-Use (TOFU)
978+
```python
979+
# Automatic key discovery and pinning
980+
key_manager = KeyPinningManager("keys.db")
981+
982+
# Pin key for trusted tool
983+
success = key_manager.pin_key(
984+
tool_id="api.example.com/database_query",
985+
domain="api.example.com",
986+
public_key_pem=discovered_key,
987+
metadata={"developer": "Example Corp"}
988+
)
989+
990+
# Check if key is pinned
991+
if key_manager.is_key_pinned("api.example.com/database_query"):
992+
print("Key is pinned and trusted")
993+
```
994+
995+
#### Key Discovery
996+
SchemaPin automatically discovers public keys via `.well-known` endpoints:
997+
```
998+
https://api.example.com/.well-known/schemapin.json
999+
```
1000+
1001+
Expected format:
1002+
```json
1003+
{
1004+
"public_key": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----",
1005+
"algorithm": "ES256",
1006+
"created_at": "2023-01-01T00:00:00Z"
1007+
}
1008+
```
1009+
1010+
### Audit & Compliance
1011+
1012+
#### Comprehensive Logging
1013+
```python
1014+
from mockloop_mcp.schemapin import SchemaPinAuditLogger
1015+
1016+
audit_logger = SchemaPinAuditLogger("audit.db")
1017+
1018+
# Verification events are automatically logged
1019+
stats = audit_logger.get_verification_stats()
1020+
print(f"Total verifications: {stats['total_verifications']}")
1021+
print(f"Success rate: {stats['successful_verifications'] / stats['total_verifications'] * 100:.1f}%")
1022+
```
1023+
1024+
#### Compliance Reporting
1025+
```python
1026+
# Generate compliance reports
1027+
from mockloop_mcp.mcp_compliance import MCPComplianceReporter
1028+
1029+
reporter = MCPComplianceReporter("audit.db")
1030+
report = reporter.generate_schemapin_compliance_report()
1031+
1032+
print(f"Compliance score: {report['compliance_score']:.1f}%")
1033+
print(f"Verification coverage: {report['verification_statistics']['unique_tools']} tools")
1034+
```
1035+
1036+
### Documentation & Examples
1037+
1038+
- **📚 Complete Integration Guide**: [`docs/guides/schemapin-integration.md`](docs/guides/schemapin-integration.md)
1039+
- **🔧 Basic Usage Example**: [`examples/schemapin/basic_usage.py`](examples/schemapin/basic_usage.py)
1040+
- **⚡ Advanced Patterns**: [`examples/schemapin/advanced_usage.py`](examples/schemapin/advanced_usage.py)
1041+
- **🏗️ Architecture Documentation**: [`SchemaPin_MockLoop_Integration_Architecture.md`](SchemaPin_MockLoop_Integration_Architecture.md)
1042+
- **🧪 Test Coverage**: 56 comprehensive tests (42 unit + 14 integration)
1043+
1044+
### Migration for Existing Users
1045+
1046+
SchemaPin integration is **completely backward compatible**:
1047+
1048+
1. **Opt-in Configuration**: SchemaPin is disabled by default
1049+
2. **No Breaking Changes**: Existing tools continue to work unchanged
1050+
3. **Gradual Rollout**: Start with `log` mode, progress to `warn`, then `enforce`
1051+
4. **Zero Downtime**: Enable verification without service interruption
1052+
1053+
```python
1054+
# Migration example: gradual rollout
1055+
# Phase 1: Monitoring (log mode)
1056+
config = SchemaPinConfig(enabled=True, policy_mode="log")
1057+
1058+
# Phase 2: Warnings (warn mode)
1059+
config = SchemaPinConfig(enabled=True, policy_mode="warn")
1060+
1061+
# Phase 3: Enforcement (enforce mode)
1062+
config = SchemaPinConfig(enabled=True, policy_mode="enforce")
1063+
```
1064+
1065+
### Performance Impact
1066+
1067+
SchemaPin is designed for minimal performance impact:
1068+
1069+
- **Verification Time**: ~5-15ms per tool (cached results)
1070+
- **Memory Usage**: <10MB additional memory
1071+
- **Network Overhead**: Key discovery only on first use
1072+
- **Database Size**: ~1KB per pinned key
1073+
1074+
### Use Cases
1075+
1076+
#### Development Teams
1077+
- **Secure Development**: Verify tool schemas during development
1078+
- **Code Review**: Ensure schema integrity in pull requests
1079+
- **Testing**: Validate tool behavior with verified schemas
1080+
1081+
#### Enterprise Security
1082+
- **Threat Prevention**: Block malicious schema modifications
1083+
- **Compliance**: Meet regulatory requirements with audit trails
1084+
- **Risk Management**: Configurable security policies
1085+
- **Incident Response**: Detailed logs for security analysis
1086+
1087+
#### DevOps & CI/CD
1088+
- **Pipeline Security**: Verify schemas in deployment pipelines
1089+
- **Environment Promotion**: Ensure schema consistency across environments
1090+
- **Monitoring**: Continuous verification monitoring
1091+
- **Automation**: Automated security policy enforcement
1092+
1093+
## �️ Future Development
8231094

8241095
### Upcoming Features 🚧
8251096

0 commit comments

Comments
 (0)