io.github.chudah1/attest-mcp

MCPcommunity
v0.1.0io.github.chudah1UnknownUpdated 2mo agonpmGitHub

Credential enforcement middleware for MCP servers — verifies scoped tokens on every tool call

Attest credential enforcement middleware for Model Context Protocol servers. Two lines to protect every tool call on an existing MCP server. ships both the core client and the MCP middleware as a single package with two entry points. patches in place and returns the same server object typed as the original. Everything else — , , transports — works unchanged. On every tool call, before the handler…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
2mo agoLast update
Package
Authorio.github.chudah1
LicenseUnknown
Version0.1.0
Sourcemcp-registry
Trust Status
B
60/100Good
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+0/5
Publish from GitHub Actions with the --provenance flag
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance
Dependencies60 resolved+ · none vulnerable
Tool surface1 tool · none privileged
Security scan✓ Cleanv0.1.0 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Attest credential enforcement middleware for Model Context Protocol servers. Two lines to protect every tool call on an existing MCP server. ships both the core client and the MCP middleware as a single package with two entry points. patches in place and returns the same server object typed as the original. Everything else — , , transports — works unchanged. On every tool call, before the handler executes: 1. Extract credential from (MCP auth middleware path), , or 2. Verify RS256 signature +…

Keywords
mcp