MockLoop MCP - AI-Native Testing Platform

The world's first AI-native API testing platform powered by the Model Context Protocol (MCP). MockLoop MCP revolutionizes API testing with comprehensive AI-driven scenario generation, automated test execution, and intelligent analysis capabilities.

🚀 Revolutionary Capabilities: 5 AI Prompts • 15 Scenario Resources • 16 Testing Tools • 10 Context Tools • 4 Core Tools • Complete MCP Integration

📚 Documentation: https://docs.mockloop.com
📦 PyPI Package: https://pypi.org/project/mockloop-mcp/
🐙 GitHub Repository: https://github.com/mockloop/mockloop-mcp

🌟 What Makes MockLoop MCP Revolutionary?

MockLoop MCP represents a paradigm shift in API testing, introducing the world's first AI-native testing architecture that combines:

• 🤖 AI-Driven Test Generation: 5 specialized MCP prompts for intelligent scenario creation
• 📦 Community Scenario Packs: 15 curated testing resources with community architecture
• ⚡ Automated Test Execution: 30 comprehensive MCP tools for complete testing workflows (16 testing + 10 context + 4 core)
• 🔄 Stateful Testing: Advanced context management with GlobalContext and AgentContext
• 📊 Enterprise Compliance: Complete audit logging and regulatory compliance tracking
• 🏗️ Dual-Port Architecture: Eliminates /admin path conflicts with separate mocked API and admin ports

🎯 Core AI-Native Architecture

MCP Audit Logging

Enterprise-grade compliance and regulatory tracking

• Complete request/response audit trails
• Regulatory compliance monitoring
• Performance metrics and analytics
• Security event logging

MCP Prompts (5 AI-Driven Capabilities)

Intelligent scenario generation powered by AI

• analyze_openapi_for_testing - Comprehensive API analysis for testing strategies
• generate_scenario_config - Dynamic test scenario configuration
• optimize_scenario_for_load - Load testing optimization
• generate_error_scenarios - Error condition simulation
• generate_security_test_scenarios - Security vulnerability testing

MCP Resources (15 Scenario Packs)

Community-driven testing scenarios with advanced architecture

• Load Testing Scenarios: High-volume traffic simulation
• Error Simulation Packs: Comprehensive error condition testing
• Security Testing Suites: Vulnerability assessment scenarios
• Performance Benchmarks: Standardized performance testing
• Integration Test Packs: Cross-service testing scenarios
• Community Architecture: Collaborative scenario sharing and validation

MCP Tools (16 Automated Testing Tools)

Complete automated test execution capabilities

Scenario Management (4 tools)

• validate_scenario_config - Scenario validation and verification
• deploy_scenario - Automated scenario deployment
• switch_scenario - Dynamic scenario switching
• list_active_scenarios - Active scenario monitoring

Test Execution (4 tools)

• execute_test_plan - Comprehensive test plan execution
• run_test_iteration - Individual test iteration management
• run_load_test - Load testing execution
• run_security_test - Security testing automation

Analysis & Reporting (4 tools)

• analyze_test_results - Intelligent test result analysis
• generate_test_report - Comprehensive reporting
• compare_test_runs - Test run comparison and trends
• get_performance_metrics - Performance metrics collection

Workflow Management (4 tools)

• create_test_session - Test session initialization
• end_test_session - Session cleanup and finalization
• schedule_test_suite - Automated test scheduling
• monitor_test_progress - Real-time progress monitoring

MCP Context Management (10 Stateful Workflow Tools)

Advanced state management for complex testing workflows

Context Creation & Management

• create_test_session_context - Test session state management
• create_workflow_context - Complex workflow orchestration
• create_agent_context - AI agent state management

Data Management

• get_context_data - Context data retrieval
• update_context_data - Dynamic context updates
• list_contexts_by_type - Context discovery and listing

Snapshot & Recovery

• create_context_snapshot - State snapshot creation
• restore_context_snapshot - State rollback capabilities

Global Context

• get_global_context_data - Cross-session data sharing
• update_global_context_data - Global state management

🚀 Quick Start

Get started with the world's most advanced AI-native testing platform:

# 1. Install MockLoop MCP
pip install mockloop-mcp

# 2. Verify installation
mockloop-mcp --version

# 3. Configure with your MCP client (Cline, Claude Desktop, etc.)
# See configuration examples below

📋 Prerequisites

• Python 3.10+
• Pip package manager
• Docker and Docker Compose (for containerized mock servers)
• An MCP-compatible client (Cline, Claude Desktop, etc.)

🔧 Installation

Option 1: Install from PyPI (Recommended)

# Install the latest stable version
pip install mockloop-mcp

# Or install with optional dependencies
pip install mockloop-mcp[dev]   # Development tools
pip install mockloop-mcp[docs]  # Documentation tools
pip install mockloop-mcp[all]   # All optional dependencies

# Verify installation
mockloop-mcp --version

Option 2: Development Installation

# Clone the repository
git clone https://github.com/mockloop/mockloop-mcp.git
cd mockloop-mcp

# Create and activate virtual environment
python3 -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install in development mode
pip install -e ".[dev]"

⚙️ Configuration

MCP Client Configuration

Cline (VS Code Extension)

Add to your Cline MCP settings file:

{
  "mcpServers": {
    "MockLoopLocal": {
      "autoApprove": [],
      "disabled": false,
      "timeout": 60,
      "command": "mockloop-mcp",
      "args": [],
      "transportType": "stdio"
    }
  }
}

Claude Desktop

Add to your Claude Desktop configuration:

{
  "mcpServers": {
    "mockloop": {
      "command": "mockloop-mcp",
      "args": []
    }
  }
}

Virtual Environment Installations

For virtual environment installations, use the full Python path:

{
  "mcpServers": {
    "MockLoopLocal": {
      "command": "/path/to/your/venv/bin/python",
      "args": ["-m", "mockloop_mcp"],
      "transportType": "stdio"
    }
  }
}

🛠️ Available MCP Tools

Core Mock Generation

generate_mock_api

Generate sophisticated FastAPI mock servers with dual-port architecture.

Parameters:

• spec_url_or_path (string, required): API specification URL or local file path
• output_dir_name (string, optional): Output directory name
• auth_enabled (boolean, optional): Enable authentication middleware (default: true)
• webhooks_enabled (boolean, optional): Enable webhook support (default: true)
• admin_ui_enabled (boolean, optional): Enable admin UI (default: true)
• storage_enabled (boolean, optional): Enable storage functionality (default: true)

Revolutionary Dual-Port Architecture:

• Mocked API Port: Serves your API endpoints (default: 8000)
• Admin UI Port: Separate admin interface (default: 8001)
• Conflict Resolution: Eliminates /admin path conflicts in OpenAPI specs
• Enhanced Security: Port-based access control and isolation

Advanced Analytics

query_mock_logs

Query and analyze request logs with AI-powered insights.

Parameters:

• server_url (string, required): Mock server URL
• limit (integer, optional): Maximum logs to return (default: 100)
• offset (integer, optional): Pagination offset (default: 0)
• method (string, optional): Filter by HTTP method
• path_pattern (string, optional): Regex pattern for path filtering
• time_from (string, optional): Start time filter (ISO format)
• time_to (string, optional): End time filter (ISO format)
• include_admin (boolean, optional): Include admin requests (default: false)
• analyze (boolean, optional): Perform AI analysis (default: true)

AI-Powered Analysis:

• Performance metrics (P95/P99 response times)
• Error rate analysis and categorization
• Traffic pattern detection
• Automated debugging recommendations
• Session correlation and tracking

discover_mock_servers

Intelligent server discovery with dual-port architecture support.

Parameters:

• ports (array, optional): Ports to scan (default: common ports)
• check_health (boolean, optional): Perform health checks (default: true)
• include_generated (boolean, optional): Include generated mocks (default: true)

Advanced Discovery:

• Automatic architecture detection (single-port vs dual-port)
• Health status monitoring
• Server correlation and matching
• Port usage analysis

manage_mock_data

Dynamic response management without server restart.

Parameters:

• server_url (string, required): Mock server URL
• operation (string, required): Operation type ("update_response", "create_scenario", "switch_scenario", "list_scenarios")
• endpoint_path (string, optional): API endpoint path
• response_data (object, optional): New response data
• scenario_name (string, optional): Scenario name
• scenario_config (object, optional): Scenario configuration

Dynamic Capabilities:

• Real-time response updates
• Scenario-based testing
• Runtime configuration management
• Zero-downtime modifications

🌐 MCP Proxy Functionality

MockLoop MCP includes revolutionary proxy capabilities that enable seamless switching between mock and live API environments. This powerful feature transforms your testing workflow by providing:

Core Proxy Capabilities

• 🔄 Seamless Mode Switching: Transition between mock, proxy, and hybrid modes without code changes
• 🎯 Intelligent Routing: Smart request routing based on configurable rules and conditions
• 🔐 Universal Authentication: Support for API Key, Bearer Token, Basic Auth, and OAuth2
• 📊 Response Comparison: Automated comparison between mock and live API responses
• ⚡ Zero-Downtime Switching: Change modes dynamically without service interruption

Operational Modes

Mock Mode (MOCK)

• All requests handled by generated mock responses
• Predictable, consistent testing environment
• Ideal for early development and isolated testing
• No external dependencies or network calls

Proxy Mode (PROXY)

• All requests forwarded to live API endpoints
• Real-time data and authentic responses
• Full integration testing capabilities
• Network-dependent operation with live credentials

Hybrid Mode (HYBRID)

• Intelligent routing between mock and proxy based on rules
• Conditional switching based on request patterns, headers, or parameters
• Gradual migration from mock to live environments
• A/B testing and selective endpoint proxying

Quick Start Example

from mockloop_mcp.mcp_tools import create_mcp_plugin

# Create a proxy-enabled plugin
plugin_result = await create_mcp_plugin(
    spec_url_or_path="https://api.example.com/openapi.json",
    mode="hybrid",  # Start with hybrid mode
    plugin_name="example_api",
    target_url="https://api.example.com",
    auth_config={
        "auth_type": "bearer_token",
        "credentials": {"token": "your-token"}
    },
    routing_rules=[
        {
            "pattern": "/api/critical/*",
            "mode": "proxy",  # Critical endpoints use live API
            "priority": 10
        },
        {
            "pattern": "/api/dev/*",
            "mode": "mock",   # Development endpoints use mocks
            "priority": 5
        }
    ]
)

Advanced Features

• 🔍 Response Validation: Compare mock vs live responses for consistency
• 📈 Performance Monitoring: Track response times and throughput across modes
• 🛡️ Error Handling: Graceful fallback mechanisms and retry policies
• 🎛️ Dynamic Configuration: Runtime mode switching and rule updates
• 📋 Audit Logging: Complete request/response tracking across all modes

Authentication Support

The proxy system supports comprehensive authentication schemes:

• API Key: Header, query parameter, or cookie-based authentication
• Bearer Token: OAuth2 and JWT token support
• Basic Auth: Username/password combinations
• OAuth2: Full OAuth2 flow with token refresh
• Custom: Extensible authentication handlers for proprietary schemes

Use Cases

• Development Workflow: Start with mocks, gradually introduce live APIs
• Integration Testing: Validate against real services while maintaining test isolation
• Performance Testing: Compare mock vs live API performance characteristics
• Staging Validation: Ensure mock responses match production API behavior
• Hybrid Deployments: Route critical operations to live APIs, others to mocks

📚 Complete Guide: For detailed configuration, examples, and best practices, see the MCP Proxy Guide.

🤖 AI Framework Integration

MockLoop MCP provides native integration with popular AI frameworks:

LangGraph Integration

from langgraph.graph import StateGraph, END
from mockloop_mcp import MockLoopClient

# Initialize MockLoop client
mockloop = MockLoopClient()

def setup_ai_testing(state):
    """AI-driven test setup"""
    # Generate mock API with AI analysis
    result = mockloop.generate_mock_api(
        spec_url_or_path="https://api.example.com/openapi.json",
        output_dir_name="ai_test_environment"
    )
    
    # Use AI prompts for scenario generation
    scenarios = mockloop.analyze_openapi_for_testing(
        api_spec=state["api_spec"],
        analysis_depth="comprehensive",
        include_security_tests=True
    )
    
    state["mock_server_url"] = "http://localhost:8000"
    state["test_scenarios"] = scenarios
    return state

def execute_ai_tests(state):
    """Execute AI-generated test scenarios"""
    # Deploy AI-generated scenarios
    for scenario in state["test_scenarios"]:
        mockloop.deploy_scenario(
            server_url=state["mock_server_url"],
            scenario_config=scenario
        )
        
        # Execute load tests with AI optimization
        results = mockloop.run_load_test(
            server_url=state["mock_server_url"],
            scenario_name=scenario["name"],
            duration=300,
            concurrent_users=100
        )
        
        # AI-powered result analysis
        analysis = mockloop.analyze_test_results(
            test_results=results,
            include_recommendations=True
        )
        
        state["test_results"].append(analysis)
    
    return state

# Build AI-native testing workflow
workflow = StateGraph(dict)
workflow.add_node("setup_ai_testing", setup_ai_testing)
workflow.add_node("execute_ai_tests", execute_ai_tests)
workflow.set_entry_point("setup_ai_testing")
workflow.add_edge("setup_ai_testing", "execute_ai_tests")
workflow.add_edge("execute_ai_tests", END)

app = workflow.compile()

CrewAI Multi-Agent Testing

from crewai import Agent, Task, Crew
from mockloop_mcp import MockLoopClient

# Initialize MockLoop client
mockloop = MockLoopClient()

# AI Testing Specialist Agent
api_testing_agent = Agent(
    role='AI API Testing Specialist',
    goal='Generate and execute comprehensive AI-driven API tests',
    backstory='Expert in AI-native testing with MockLoop MCP integration',
    tools=[
        mockloop.generate_mock_api,
        mockloop.analyze_openapi_for_testing,
        mockloop.generate_scenario_config
    ]
)

# Performance Analysis Agent
performance_agent = Agent(
    role='AI Performance Analyst',
    goal='Analyze API performance with AI-powered insights',
    backstory='Specialist in AI-driven performance analysis and optimization',
    tools=[
        mockloop.run_load_test,
        mockloop.get_performance_metrics,
        mockloop.analyze_test_results
    ]
)

# Security Testing Agent
security_agent = Agent(
    role='AI Security Testing Expert',
    goal='Conduct AI-driven security testing and vulnerability assessment',
    backstory='Expert in AI-powered security testing methodologies',
    tools=[
        mockloop.generate_security_test_scenarios,
        mockloop.run_security_test,
        mockloop.compare_test_runs
    ]
)

# Define AI-driven tasks
ai_setup_task = Task(
    description='Generate AI-native mock API with comprehensive testing scenarios',
    agent=api_testing_agent,
    expected_output='Mock server with AI-generated test scenarios deployed'
)

performance_task = Task(
    description='Execute AI-optimized performance testing and analysis',
    agent=performance_agent,
    expected_output='Comprehensive performance analysis with AI recommendations'
)

security_task = Task(
    description='Conduct AI-driven security testing and vulnerability assessment',
    agent=security_agent,
    expected_output='Security test results with AI-powered threat analysis'
)

# Create AI testing crew
ai_testing_crew = Crew(
    agents=[api_testing_agent, performance_agent, security_agent],
    tasks=[ai_setup_task, performance_task, security_task],
    verbose=True
)

# Execute AI-native testing workflow
results = ai_testing_crew.kickoff()

LangChain AI Testing Tools

from langchain.agents import Tool, AgentExecutor, create_react_agent
from langchain.prompts import PromptTemplate
from langchain_openai import ChatOpenAI
from mockloop_mcp import MockLoopClient

# Initialize MockLoop client
mockloop = MockLoopClient()

# AI-Native Testing Tools
def ai_generate_mock_api(spec_path: str) -> str:
    """Generate AI-enhanced mock API with intelligent scenarios"""
    # Generate mock API
    result = mockloop.generate_mock_api(spec_url_or_path=spec_path)
    
    # Use AI to analyze and enhance
    analysis = mockloop.analyze_openapi_for_testing(
        api_spec=spec_path,
        analysis_depth="comprehensive",
        include_security_tests=True
    )
    
    return f"AI-enhanced mock API generated: {result}\nAI Analysis: {analysis['summary']}"

def ai_execute_testing_workflow(server_url: str) -> str:
    """Execute comprehensive AI-driven testing workflow"""
    # Create test session context
    session = mockloop.create_test_session_context(
        session_name="ai_testing_session",
        configuration={"ai_enhanced": True}
    )
    
    # Generate and deploy AI scenarios
    scenarios = mockloop.generate_scenario_config(
        api_spec=server_url,
        scenario_types=["load", "error", "security"],
        ai_optimization=True
    )
    
    results = []
    for scenario in scenarios:
        # Deploy scenario
        mockloop.deploy_scenario(
            server_url=server_url,
            scenario_config=scenario
        )
        
        # Execute tests with AI monitoring
        test_result = mockloop.execute_test_plan(
            server_url=server_url,
            test_plan=scenario["test_plan"],
            ai_monitoring=True
        )
        
        results.append(test_result)
    
    # AI-powered analysis
    analysis = mockloop.analyze_test_results(
        test_results=results,
        include_recommendations=True,
        ai_insights=True
    )
    
    return f"AI testing workflow completed: {analysis['summary']}"

# Create LangChain tools
ai_testing_tools = [
    Tool(
        name="AIGenerateMockAPI",
        func=ai_generate_mock_api,
        description="Generate AI-enhanced mock API with intelligent testing scenarios"
    ),
    Tool(
        name="AIExecuteTestingWorkflow",
        func=ai_execute_testing_workflow,
        description="Execute comprehensive AI-driven testing workflow with intelligent analysis"
    )
]

# Create AI testing agent
llm = ChatOpenAI(temperature=0)
ai_testing_prompt = PromptTemplate.from_template("""
You are an AI-native testing assistant powered by MockLoop MCP.
You have access to revolutionary AI-driven testing capabilities including:
- AI-powered scenario generation
- Intelligent test execution
- Advanced performance analysis
- Security vulnerability assessment
- Stateful workflow management

Tools available: {tools}
Tool names: {tool_names}

Question: {input}
{agent_scratchpad}
""")

agent = create_react_agent(llm, ai_testing_tools, ai_testing_prompt)
agent_executor = AgentExecutor(agent=agent, tools=ai_testing_tools, verbose=True)

# Execute AI-native testing
response = agent_executor.invoke({
    "input": "Generate a comprehensive AI-driven testing environment for a REST API and execute full testing workflow"
})

🏗️ Dual-Port Architecture

MockLoop MCP introduces a revolutionary dual-port architecture that eliminates common conflicts and enhances security:

Architecture Benefits

• 🔒 Enhanced Security: Complete separation of mocked API and admin functionality
• ⚡ Zero Conflicts: Eliminates /admin path conflicts in OpenAPI specifications
• 📊 Clean Analytics: Admin calls don't appear in mocked API metrics
• 🔄 Independent Scaling: Scale mocked API and admin services separately
• 🛡️ Port-Based Access Control: Enhanced security through network isolation

Port Configuration

# Generate mock with dual-port architecture
result = mockloop.generate_mock_api(
    spec_url_or_path="https://api.example.com/openapi.json",
    business_port=8000,  # Mocked API port
    admin_port=8001,     # Admin UI port
    admin_ui_enabled=True
)

Access Points

• Mocked API: http://localhost:8000 - Your API endpoints
• Admin UI: http://localhost:8001 - Management interface
• API Documentation: http://localhost:8000/docs - Interactive Swagger UI
• Health Check: http://localhost:8000/health - Server status

📊 Enterprise Features

Compliance & Audit Logging

MockLoop MCP provides enterprise-grade compliance features:

• Complete Audit Trails: Every request/response logged with metadata
• Regulatory Compliance: GDPR, SOX, HIPAA compliance support
• Performance Metrics: P95/P99 response times, error rates
• Security Monitoring: Threat detection and analysis
• Session Tracking: Cross-request correlation and analysis

Advanced Analytics

• AI-Powered Insights: Intelligent analysis and recommendations
• Traffic Pattern Detection: Automated anomaly detection
• Performance Optimization: AI-driven performance recommendations
• Error Analysis: Intelligent error categorization and resolution
• Trend Analysis: Historical performance and usage trends

🔄 Stateful Testing Workflows

MockLoop MCP supports complex, stateful testing workflows through advanced context management:

Context Types

• Test Session Context: Maintain state across test executions
• Workflow Context: Complex multi-step testing orchestration
• Agent Context: AI agent state management and coordination
• Global Context: Cross-session data sharing and persistence

Example: Stateful E-commerce Testing

# Create test session context
session = mockloop.create_test_session_context(
    session_name="ecommerce_integration_test",
    configuration={
        "test_type": "integration",
        "environment": "staging",
        "ai_enhanced": True
    }
)

# Create workflow context for multi-step testing
workflow = mockloop.create_workflow_context(
    workflow_name="user_journey_test",
    parent_context=session["context_id"],
    steps=[
        "user_registration",
        "product_browsing",
        "cart_management",
        "checkout_process",
        "order_fulfillment"
    ]
)

# Execute stateful test workflow
for step in workflow["steps"]:
    # Update context with step data
    mockloop.update_context_data(
        context_id=workflow["context_id"],
        data={"current_step": step, "timestamp": datetime.now()}
    )
    
    # Execute step-specific tests
    test_result = mockloop.execute_test_plan(
        server_url="http://localhost:8000",
        test_plan=f"{step}_test_plan",
        context_id=workflow["context_id"]
    )
    
    # Create snapshot for rollback capability
    snapshot = mockloop.create_context_snapshot(
        context_id=workflow["context_id"],
        snapshot_name=f"{step}_completion"
    )

# Analyze complete workflow results
final_analysis = mockloop.analyze_test_results(
    test_results=workflow["results"],
    context_id=workflow["context_id"],
    include_recommendations=True
)

🚀 Running Generated Mock Servers

Using Docker Compose (Recommended)

# Navigate to generated mock directory
cd generated_mocks/your_api_mock

# Start with dual-port architecture
docker-compose up --build

# Access points:
# Mocked API: http://localhost:8000
# Admin UI: http://localhost:8001

Using Uvicorn Directly

# Install dependencies
pip install -r requirements_mock.txt

# Start the mock server
uvicorn main:app --reload --port 8000

Enhanced Features Access

• Admin UI: http://localhost:8001 - Enhanced management interface
• API Documentation: http://localhost:8000/docs - Interactive Swagger UI
• Health Check: http://localhost:8000/health - Server status and metrics
• Log Analytics: http://localhost:8001/api/logs/search - Advanced log querying
• Performance Metrics: http://localhost:8001/api/logs/analyze - AI-powered insights
• Scenario Management: http://localhost:8001/api/mock-data/scenarios - Dynamic testing

📈 Performance & Scalability

MockLoop MCP is designed for enterprise-scale performance:

Performance Metrics

• Response Times: P50, P95, P99 percentile tracking
• Throughput: Requests per second monitoring
• Error Rates: Comprehensive error analysis
• Resource Usage: Memory, CPU, and network monitoring
• Concurrency: Multi-user load testing support

Scalability Features

• Horizontal Scaling: Multi-instance deployment support
• Load Balancing: Built-in load balancing capabilities
• Caching: Intelligent response caching
• Database Optimization: Efficient SQLite and PostgreSQL support
• Container Orchestration: Kubernetes and Docker Swarm ready

🔒 Security Features

Built-in Security

• Authentication Middleware: Configurable auth mechanisms
• Rate Limiting: Prevent abuse and DoS attacks
• Input Validation: Comprehensive request validation
• Security Headers: CORS, CSP, and security headers
• Audit Logging: Complete security event logging

Security Testing

• Vulnerability Assessment: AI-powered security testing
• Penetration Testing: Automated security scenario generation
• Compliance Checking: Security standard compliance verification
• Threat Modeling: AI-driven threat analysis
• Security Reporting: Comprehensive security analytics

🔐 SchemaPin Integration - Cryptographic Schema Verification

MockLoop MCP now includes SchemaPin integration - the industry's first cryptographic schema verification system for MCP tools, preventing "MCP Rug Pull" attacks through ECDSA signature verification and Trust-On-First-Use (TOFU) key pinning.

Revolutionary Security Enhancement

SchemaPin integration transforms MockLoop MCP into the most secure MCP testing platform by providing:

• 🔐 Cryptographic Verification: ECDSA P-256 signatures ensure schema integrity
• 🔑 TOFU Key Pinning: Automatic key discovery and pinning for trusted domains
• 📋 Policy Enforcement: Configurable security policies (enforce/warn/log modes)
• 📊 Comprehensive Auditing: Complete verification logs for compliance
• 🔄 Graceful Fallback: Works with or without SchemaPin library
• 🏗️ Hybrid Architecture: Seamless integration with existing MockLoop systems

Quick Start Configuration

from mockloop_mcp.schemapin import SchemaPinConfig, SchemaVerificationInterceptor

# Basic configuration
config = SchemaPinConfig(
    enabled=True,
    policy_mode="warn",  # enforce, warn, or log
    auto_pin_keys=False,
    trusted_domains=["api.example.com"],
    interactive_mode=False
)

# Initialize verification
interceptor = SchemaVerificationInterceptor(config)

# Verify tool schema
result = await interceptor.verify_tool_schema(
    tool_name="database_query",
    schema=tool_schema,
    signature="base64_encoded_signature",
    domain="api.example.com"
)

if result.valid:
    print("✓ Schema verification successful")
else:
    print(f"✗ Verification failed: {result.error}")

Production Configuration

# Production-ready configuration
config = SchemaPinConfig(
    enabled=True,
    policy_mode="enforce",  # Block execution on verification failure
    auto_pin_keys=True,     # Auto-pin keys for trusted domains
    key_pin_storage_path="/secure/path/keys.db",
    discovery_timeout=60,
    cache_ttl=7200,
    trusted_domains=[
        "api.corp.com",
        "tools.internal.com"
    ],
    well_known_endpoints={
        "api.corp.com": "https://api.corp.com/.well-known/schemapin.json"
    },
    revocation_check=True,
    interactive_mode=False
)

Security Benefits

MCP Rug Pull Protection

SchemaPin prevents malicious actors from modifying tool schemas without detection:

• Cryptographic Signatures: Every tool schema is cryptographically signed
• Key Pinning: TOFU model prevents man-in-the-middle attacks
• Audit Trails: Complete verification logs for security analysis
• Policy Enforcement: Configurable responses to verification failures

Compliance & Governance

• Regulatory Compliance: Audit logs support GDPR, SOX, HIPAA requirements
• Enterprise Security: Integration with existing security frameworks
• Risk Management: Configurable security policies for different environments
• Threat Detection: Automated detection of schema tampering attempts

Integration Examples

Basic Tool Verification

# Verify a single tool
from mockloop_mcp.schemapin import SchemaVerificationInterceptor

interceptor = SchemaVerificationInterceptor(config)
result = await interceptor.verify_tool_schema(
    "api_call", tool_schema, signature, "api.example.com"
)

Batch Verification

# Verify multiple tools efficiently
from mockloop_mcp.schemapin import SchemaPinWorkflowManager

workflow = SchemaPinWorkflowManager(config)
results = await workflow.verify_tool_batch([
    {"name": "tool1", "schema": schema1, "signature": sig1, "domain": "api.com"},
    {"name": "tool2", "schema": schema2, "signature": sig2, "domain": "api.com"}
])

MCP Proxy Integration

# Integrate with MCP proxy for seamless security
class SecureMCPProxy:
    def __init__(self, config):
        self.interceptor = SchemaVerificationInterceptor(config)
    
    async def proxy_tool_request(self, tool_name, schema, signature, domain, data):
        # Verify schema before execution
        result = await self.interceptor.verify_tool_schema(
            tool_name, schema, signature, domain
        )
        
        if not result.valid:
            return {"error": "Schema verification failed"}
        
        # Execute tool with verified schema
        return await self.execute_tool(tool_name, data)

Policy Modes

Enforce Mode

config = SchemaPinConfig(policy_mode="enforce")
# Blocks execution on verification failure
# Recommended for production critical tools

Warn Mode

config = SchemaPinConfig(policy_mode="warn")
# Logs warnings but allows execution
# Recommended for gradual rollout

Log Mode

config = SchemaPinConfig(policy_mode="log")
# Logs events without blocking
# Recommended for monitoring and testing

Key Management

Trust-On-First-Use (TOFU)

# Automatic key discovery and pinning
key_manager = KeyPinningManager("keys.db")

# Pin key for trusted tool
success = key_manager.pin_key(
    tool_id="api.example.com/database_query",
    domain="api.example.com",
    public_key_pem=discovered_key,
    metadata={"developer": "Example Corp"}
)

# Check if key is pinned
if key_manager.is_key_pinned("api.example.com/database_query"):
    print("Key is pinned and trusted")

Key Discovery

SchemaPin automatically discovers public keys via .well-known endpoints:

https://api.example.com/.well-known/schemapin.json

Expected format:

{
  "public_key": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----",
  "algorithm": "ES256",
  "created_at": "2023-01-01T00:00:00Z"
}

Audit & Compliance

Comprehensive Logging

from mockloop_mcp.schemapin import SchemaPinAuditLogger

audit_logger = SchemaPinAuditLogger("audit.db")

# Verification events are automatically logged
stats = audit_logger.get_verification_stats()
print(f"Total verifications: {stats['total_verifications']}")
print(f"Success rate: {stats['successful_verifications'] / stats['total_verifications'] * 100:.1f}%")

Compliance Reporting

# Generate compliance reports
from mockloop_mcp.mcp_compliance import MCPComplianceReporter

reporter = MCPComplianceReporter("audit.db")
report = reporter.generate_schemapin_compliance_report()

print(f"Compliance score: {report['compliance_score']:.1f}%")
print(f"Verification coverage: {report['verification_statistics']['unique_tools']} tools")

Documentation & Examples

• 📚 Complete Integration Guide: docs/guides/schemapin-integration.md
• 🔧 Basic Usage Example: examples/schemapin/basic_usage.py
• ⚡ Advanced Patterns: examples/schemapin/advanced_usage.py
• 🏗️ Architecture Documentation: SchemaPin_MockLoop_Integration_Architecture.md
• 🧪 Test Coverage: 56 comprehensive tests (42 unit + 14 integration)

Migration for Existing Users

SchemaPin integration is completely backward compatible:

1. Opt-in Configuration: SchemaPin is disabled by default
2. No Breaking Changes: Existing tools continue to work unchanged
3. Gradual Rollout: Start with log mode, progress to warn, then enforce
4. Zero Downtime: Enable verification without service interruption

# Migration example: gradual rollout
# Phase 1: Monitoring (log mode)
config = SchemaPinConfig(enabled=True, policy_mode="log")

# Phase 2: Warnings (warn mode)
config = SchemaPinConfig(enabled=True, policy_mode="warn")

# Phase 3: Enforcement (enforce mode)
config = SchemaPinConfig(enabled=True, policy_mode="enforce")

Performance Impact

SchemaPin is designed for minimal performance impact:

• Verification Time: ~5-15ms per tool (cached results)
• Memory Usage: <10MB additional memory
• Network Overhead: Key discovery only on first use
• Database Size: ~1KB per pinned key

Use Cases

Development Teams

• Secure Development: Verify tool schemas during development
• Code Review: Ensure schema integrity in pull requests
• Testing: Validate tool behavior with verified schemas

Enterprise Security

• Threat Prevention: Block malicious schema modifications
• Compliance: Meet regulatory requirements with audit trails
• Risk Management: Configurable security policies
• Incident Response: Detailed logs for security analysis

DevOps & CI/CD

• Pipeline Security: Verify schemas in deployment pipelines
• Environment Promotion: Ensure schema consistency across environments
• Monitoring: Continuous verification monitoring
• Automation: Automated security policy enforcement

�️ Future Development

Upcoming Features 🚧

Enhanced AI Capabilities

• Advanced ML Models: Custom model training for API testing
• Predictive Analytics: AI-powered failure prediction
• Intelligent Test Generation: Self-improving test scenarios
• Natural Language Testing: Plain English test descriptions

Extended Protocol Support

• GraphQL Support: Native GraphQL API testing
• gRPC Integration: Protocol buffer testing support
• WebSocket Testing: Real-time communication testing
• Event-Driven Testing: Async and event-based API testing

Enterprise Integration

• CI/CD Integration: Native pipeline integration
• Monitoring Platforms: Datadog, New Relic, Prometheus integration
• Identity Providers: SSO and enterprise auth integration
• Compliance Frameworks: Extended regulatory compliance support

🤝 Contributing

We welcome contributions to MockLoop MCP! Please see our Contributing Guidelines for details.

Development Setup

# Fork and clone the repository
git clone https://github.com/your-username/mockloop-mcp.git
cd mockloop-mcp

# Create development environment
python3 -m venv .venv
source .venv/bin/activate

# Install development dependencies
pip install -e ".[dev]"

# Run tests
pytest tests/

# Run quality checks
ruff check src/
bandit -r src/

Community

• GitHub Repository: mockloop/mockloop-mcp
• Issues & Bug Reports: GitHub Issues
• Feature Requests: GitHub Issues
• Documentation: docs.mockloop.com

📄 License

MockLoop MCP is licensed under the MIT License.

---

🎉 Get Started Today!

Ready to revolutionize your API testing with the world's first AI-native testing platform?

pip install mockloop-mcp

Join the AI-native testing revolution and experience the future of API testing with MockLoop MCP!

🚀 Get Started Now →