Enterprise-Grade MCP (Model Context Protocol) Security and Management Platform
graph TD
A[MCP Server Discovery] --> B[Documentation Generation]
B --> C[Security Testing]
C --> D[Risk Analysis]
D --> E[Remediation]
- Key Features
- Technology Stack
- Quick Start
- API Documentation
- Configuration
- Development
- Contributing
- Security Best Practices
- Roadmap
- Support
- License
- Automated discovery of MCP endpoints and services
- Comprehensive catalog of available MCP servers and tools
- Version tracking and compatibility management
- Service health monitoring and status reporting
- Interactive API documentation (similar to Swagger)
- Tool and endpoint specifications
- Usage examples and code snippets
- Versioned documentation history
- Comprehensive test suite for MCP implementations
- Automated security scanning
- Integration with CI/CD pipelines
- Test case management and reporting
- Real-time security monitoring
- Vulnerability assessment
- Compliance checking
- Risk scoring and prioritization
- Secure configuration templates
- Deployment best practices
- Environment validation
- Rollback and recovery procedures
- Language: Go 1.21+
- Web Framework: Gin
- Database: PostgreSQL (via Supabase)
- Authentication: JWT
- Logging: Zap
- Configuration: Viper
- Testing: Go Test
- Containerization: Docker
- Framework: Next.js 14 (App Router)
- UI Library: React 18 + TypeScript
- Styling: Tailwind CSS
- State Management: React Query
- Form Handling: React Hook Form + Zod
- UI Components: Radix UI + Custom Components
- Charts: Recharts
- Icons: Lucide React
- Database: Supabase (PostgreSQL)
- Deployment: Docker, Kubernetes
- CI/CD: GitHub Actions
- Monitoring: Prometheus, Grafana (Planned)
MCP servers are composed of executable code, so users should only use MCP servers that they trust. Key considerations include:
- Code Signing: All MCP components must be signed by the developer for integrity verification
- Build Pipeline Security: Implement SAST (Static Application Security Testing) and SCA (Software Composition Analysis)
- Dependency Management: Regular scanning and updating of all dependencies
- Cloud Service Verification: Implement cryptographic server verification for cloud-hosted MCP servers
-
Prompt Injection
- Risk: Malicious inputs manipulating AI behavior
- Mitigation: Implement input validation and monitoring
-
Tool Poisoning
- Risk: Compromised tool metadata leading to malicious actions
- Mitigation: Regular validation of tool metadata
-
Privilege Abuse
- Risk: Excessive permissions leading to unauthorized access
- Mitigation: Follow principle of least privilege
-
Tool Shadowing
- Risk: Rogue tools mimicking legitimate services
- Mitigation: Maintain a verified registry of trusted tools
-
Indirect Prompt Injection
- Risk: Hidden malicious instructions in external data
- Mitigation: Monitor and validate external content
-
Sensitive Data Exposure
- Risk: Leakage of API keys and credentials
- Mitigation: Secure credential storage and access controls
-
Command/SQL Injection
- Risk: Unauthorized command execution
- Mitigation: Input validation and parameterized queries
-
Rug Pull Attacks
- Risk: Legitimate tools turning malicious
- Mitigation: Behavior monitoring and sandboxing
-
Denial of Wallet/Service
- Risk: Resource exhaustion leading to service disruption
- Mitigation: Implement rate limiting and quotas
-
Authentication Bypass
- Risk: Weak authentication mechanisms
- Mitigation: Multi-factor authentication and regular audits
- Go 1.21+ (for backend)
- Node.js 18+ (for frontend)
- Docker (optional, for containerized deployment)
- Supabase account (for database)
-
Clone the repository
git clone https://github.com/radhi1991/aran-mcp-sentinel.git cd aran-mcp-sentinel -
Set up backend environment
cd backend cp configs/config.example.yaml configs/config.yaml # Update the configuration in configs/config.yaml
-
Install Go dependencies
go mod download
-
Start the backend server
go run cmd/server/main.go
-
Verify the API is running
curl http://localhost:8080/health
-
Navigate to frontend directory
cd frontend -
Install Node.js dependencies
npm install
-
Start the development server
npm run dev
-
Open your browser Navigate to http://localhost:3000
-
Build and run with Docker Compose
docker-compose up --build
-
Access the application
- Frontend: http://localhost:3000
- Backend API: http://localhost:8080
For comprehensive API documentation, see docs/API_DOCUMENTATION.md.
GET /api/v1/mcp/servers- List all MCP serversGET /api/v1/mcp/servers/:id- Get MCP server detailsPOST /api/v1/mcp/servers- Add a new MCP serverGET /api/v1/mcp/servers/:id/status- Get server status
POST /api/v1/mcp/tests- Run a test against an MCP serverGET /api/v1/mcp/tests/:id- Get test results
GET /health- Service health status
Coming soon - JWT-based authentication planned
-
MCP Discovery
- Automated detection of MCP servers
- Endpoint analysis
- Service mapping
-
Threat Detection
- Real-time traffic analysis
- Anomaly detection
- Pattern recognition
-
Security Analysis
- Vulnerability assessment
- Risk scoring
- Compliance checks
Create a .env.local file in the root directory with the following variables:
# API Configuration
NEXT_PUBLIC_API_URL=http://localhost:3000/api
# Authentication
NEXTAUTH_SECRET=your-secret-here
NEXTAUTH_URL=http://localhost:3000
# Logging
LOG_LEVEL=info
# Feature Flags
ENABLE_EXPERIMENTAL_FEATURES=falsearan-mcp-sentinel/
├── backend/ # Go backend application
│ ├── cmd/server/ # Main application entry point
│ ├── internal/ # Internal packages
│ ├── configs/ # Configuration files
│ └── go.mod # Go module file
├── frontend/ # Next.js frontend application
│ ├── src/ # Source code
│ ├── public/ # Static assets
│ └── package.json # Node.js dependencies
├── docs/ # Documentation
├── deploy/ # Deployment configurations
└── README.md # This file
# Development
go run cmd/server/main.go
# Build
go build -o bin/mcp-sentinel cmd/server/main.go
# Test
go test ./...
# Lint
golangci-lint run# Development
npm run dev
# Build
npm run build
# Start production
npm start
# Lint
npm run lint
# Test
npm testThis project uses:
- Backend: Go modules, Go 1.21+ features, Gin framework
- Frontend: TypeScript, ESLint, Prettier, Tailwind CSS
- Testing: Go Test, Jest, React Testing Library
- Documentation: Markdown, JSDoc, API documentation
We welcome contributions from the community! Please see our Contributing Guidelines for details.
- Fork the repository
- Choose an issue from our Issue List
- Create a feature branch from
main - Make your changes following our coding standards
- Write tests for new functionality
- Submit a pull request
Looking for a place to start? Check out our Good First Issues for beginner-friendly tasks.
See the Development section above for setup instructions.
For detailed information about our development plans and upcoming features, see our Roadmap.
- Phase 1: Foundation & Core Features (Q1 2024)
- Phase 2: Security & Monitoring (Q2 2024)
- Phase 3: Advanced Features & Integration (Q3 2024)
- Phase 4: Enterprise & Scale (Q4 2024)
- Documentation: docs/ - Comprehensive documentation
- API Reference: docs/API_DOCUMENTATION.md - Complete API documentation
- Issues: GitHub Issues - Bug reports and feature requests
- Discussions: GitHub Discussions - Community discussions
- Email: support@aran-mcp-sentinel.com
- Discord: Join our Discord server
- Twitter: @AranMcpSentinel
- Blog: Blog posts and updates
This project is licensed under the MIT License - see the LICENSE file for details.
- MCP Protocol: Built on the Model Context Protocol
- Open Source: Thanks to all the open source projects that make this possible
- Community: Special thanks to our contributors and users