MCP ExplorerExplorer

Secure Mcp Grpc

@mstantonon a month ago
1 MIT
FreeCommunity
AI Systems
Secure gRPC transport for MCP with advanced security and telemetry.

Overview

What is Secure Mcp Grpc

secure-mcp-grpc is a secure gRPC transport layer for the Model Context Protocol (MCP) that enhances communication between AI models and external tools with advanced security features and real-time telemetry.

Use cases

Use cases include secure communication between AI models and APIs, real-time monitoring of model performance, anomaly detection in data streams, and ensuring compliance with security standards in enterprise environments.

How to use

To use secure-mcp-grpc, set up the environment with the required prerequisites, configure the gRPC server with mutual TLS and token-based authentication, and deploy it using Docker or manual installation methods as outlined in the documentation.

Key features

Key features include mutual TLS authentication, token-based authentication (JWT and OAuth 2.0), fine-grained authorization, rate limiting, anomaly detection, comprehensive telemetry, and visual traffic analysis.

Where to use

secure-mcp-grpc can be used in various fields such as AI model deployment, data analytics, cybersecurity, and any application requiring secure communication between models and external data sources.

Content

Secure MCP-gRPC

License
Python Version
Build Status
Security Rating

A secure gRPC transport layer for Model Context Protocol (MCP) with advanced security features, comprehensive telemetry, and real-time visualization.

Developed by Matthew Stanton & Claude AI

🌟 Overview

The Model Context Protocol (MCP) enables AI models to communicate with external tools and data sources. This project adds a secure gRPC transport layer for MCP, providing:

  • Enhanced Security: Zero-trust architecture with mutual TLS, token-based authentication, and fine-grained authorization
  • Comprehensive Telemetry: Detailed insights into model interactions, performance metrics, and security events
  • Visual Traffic Analysis: Real-time visualization of traffic patterns and model communication graphs
  • Enterprise-Grade Features: Rate limiting, audit logging, anomaly detection, and more

📋 Table of Contents

✨ Features

🔒 Security Features

  • Mutual TLS Authentication: Secure client-server identification with certificate validation
  • Token-based Authentication: Support for JWT and OAuth 2.0
  • Fine-grained Authorization: Role-based access control for specific model capabilities
  • Rate Limiting: Protection against DoS attacks with per-client limits
  • Anomaly Detection: Identification of unusual patterns and potential threats
  • Audit Logging: Comprehensive event tracking for compliance requirements
  • Secure Defaults: All security features enabled by default with sensible configurations

📊 Telemetry Capabilities

  • Performance Monitoring: Response times, throughput, and resource utilization tracking
  • Security Event Logging: Authentication attempts, authorization failures, and suspicious activities
  • Usage Analytics: Understanding how models are being used and by whom
  • Health Monitoring: Real-time status of all system components
  • Anonymous Reporting: Privacy-preserving aggregated insights

🔍 Interaction Tracing

  • Request/Response Capture: Full payload logging with configurable sanitization
  • Connection Metadata: Detailed information about clients and sessions
  • Path Traversal: Tracking of multi-model interaction chains
  • Data Lineage: Understanding how data flows between models
  • Timing Analysis: Performance bottleneck identification

📈 Visualization Dashboard

  • Traffic Flow Diagrams: Sankey diagrams showing request patterns
  • Model Interaction Networks: Graph visualization of model communication
  • Security Event Heatmaps: Temporal analysis of security incidents
  • Latency Distribution Charts: Performance profiles across different methods
  • Real-Time Monitoring: Live updates on system status and metrics

🏗️ Architecture

The Secure MCP-gRPC system consists of several core components:

┌───────────────────┐     ┌───────────────────┐     ┌───────────────────┐
│                   │     │                   │     │                   │
│   AI Model with   │     │  Secure MCP-gRPC  │     │   AI Model with   │
│    MCP Client     │◄───►│      Server       │◄───►│    MCP Client     │
│                   │     │                   │     │                   │
└───────────────────┘     └─────────┬─────────┘     └───────────────────┘
                                   │
                                   ▼
                          ┌─────────────────┐
                          │   Interaction   │
                          │     Tracer      │
                          └─────────┬───────┘
                                   │
                                   ▼
┌───────────────────┐     ┌─────────────────┐     ┌───────────────────┐
│                   │     │                 │     │                   │
│     Prometheus    │◄───►│   Telemetry     │◄───►│     Dashboard     │
│                   │     │   Dashboard     │     │                   │
└───────────────────┘     └─────────────────┘     └───────────────────┘

Key Components:

  1. Secure MCP-gRPC Server: Core server that handles authentication, authorization, and request processing
  2. Interaction Tracer: Captures detailed information about model interactions
  3. Telemetry Dashboard: Web-based visualization of traffic patterns and metrics
  4. MCP Clients: AI models that communicate with the server
  5. Prometheus/Grafana: Additional monitoring and alerting tools

📋 Prerequisites

  • Docker and Docker Compose
  • Python 3.8+ (for development)
  • OpenSSL (for certificate generation)
  • Git

🚀 Quick Start

  1. Clone the repository:

    git clone https://github.com/yourusername/secure-mcp-grpc.git
    cd secure-mcp-grpc
    
  2. Run the setup script:

    ./setup.sh
    
  3. Start the services:

    docker-compose -f docker/docker-compose.yml up -d
    
  4. Access the services:

🐳 Docker Deployment

Production Deployment

  1. Build and start all services:

    docker-compose -f docker/docker-compose.yml up -d
    
  2. View logs:

    docker-compose -f docker/docker-compose.yml logs -f
    
  3. Stop services:

    docker-compose -f docker/docker-compose.yml down
    

Service Details

  • MCP Server: Secure gRPC server with mTLS authentication
  • Dashboard: Real-time visualization of traffic and metrics
  • Prometheus: Metrics collection and storage
  • Grafana: Advanced metrics visualization and alerting

Resource Management

Each service has resource limits and reservations:

  • MCP Server: 1 CPU, 1GB RAM
  • Dashboard: 0.5 CPU, 512MB RAM
  • Prometheus: 0.5 CPU, 1GB RAM
  • Grafana: 0.5 CPU, 512MB RAM

⚙️ Configuration

Environment Variables

Key environment variables for the MCP server:

MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=50051
MCP_AUTH_TYPE=mtls
MCP_CERT_PATH=/app/certs/server.crt
MCP_KEY_PATH=/app/certs/server.key
MCP_CA_PATH=/app/certs/ca.crt

Configuration Files

  • Server config: config/server.yaml
  • Prometheus config: config/prometheus/prometheus.yml
  • Grafana config: config/grafana/provisioning/

🔒 Security

Certificate Management

  1. Generate certificates:

    ./scripts/generate_certs.sh
    
  2. Update certificates:

    ./scripts/update_certs.sh
    

Security Best Practices

  1. Use strong passwords for Grafana
  2. Keep certificates secure and regularly rotated
  3. Monitor security events in Grafana
  4. Use rate limiting for all clients
  5. Enable audit logging

📊 Monitoring

Metrics

Key metrics available in Prometheus:

  • Request rate
  • Response time
  • Error rates
  • Resource utilization
  • Security events

Dashboards

Pre-configured Grafana dashboards:

  • Traffic Overview
  • Performance Metrics
  • Security Events
  • Resource Usage

👩‍💻 Development

Local Development

  1. Install development dependencies:

    pip install -e ".[dev]"
    
  2. Run tests:

    pytest tests/
    
  3. Run benchmarks:

    pytest tests/benchmarks/
    

Code Style

  • Use Black for formatting
  • Use isort for import sorting
  • Use mypy for type checking
  • Follow PEP 8 guidelines

🤝 Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Run tests and linting
  5. Submit a pull request

See CONTRIBUTING.md for detailed guidelines.

📄 License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

🙏 Acknowledgments

  • Matthew Stanton: Lead architect and security expert
  • Claude AI: Co-creator and documentation contributor
  • Anthropic for their work on Model Context Protocol (MCP)
  • The gRPC team for their excellent communication framework

For more detailed information, please refer to the documentation.

Security issues should be reported according to our security policy.

Tools

No tools

Comments

Recommend MCP Servers

View All MCP Servers