Security Model

How MCPTrust guarantees integrity and authenticity in the agent supply chain.

Threat Model

MCPTrust is designed to protect against specific supply-chain attacks targeting Model Context Protocol servers. We assume the following threats:

  • Upstream Compromise: An attacker pushes malicious code to a repository you depend on, changing tool behavior.
  • Drift: A legitimate update changes a tool's schema or description (which LLMs rely on) without review.
  • Man-in-the-Middle (Artifacts): An attacker modifies the lockfile or server definition in transit.

Security Guarantees

Understand exactly what MCPTrust provides—and what it doesn't.

What it Proves
Cryptographic assurances provided by MCPTrust

Integrity

Signed lockfile tamper detection ensures files haven't changed.

Authenticity

Cryptographic proof that the lockfile was approved (signed) by the holder of the signing key.

Drift Detection

Detects any changes in declared capabilities, schema, or description.

Governance

Policy rules can block tools based on their verified manifest.

What it Doesn't
Explicit non-goals and limitations

Runtime Behavior

Doesn't prove implementation integrity if the interface schema is unchanged.

Sandboxing

Doesn't firewall tool execution or isolate side-effects at runtime.

Key Security

Trust depends entirely on private key management practices.

Key Management

Security relies entirely on the safety of your signing keys.

  • Private Key (mcptrust.key): Keep this offline or in a secure secrets manager (Vault, 1Password). Never commit it to git.
  • Public Key (mcptrust.pub): Commit this to your repo. It is used by CI and verifiers to check signatures.

Verification Nuance

The verify command performs a purely cryptographic check of the lockfile against the signature. It does not talk to the live MCP server.

To check if the live server matches the lockfile, you must use the diff command.

Disclosure & Reporting

If you find a security vulnerability in MCPTrust itself, please do not open a public issue. Email us at security@mcptrust.dev or use ourGitHub Security Advisory form.