veragent-mcp 0.1.0__tar.gz

veragent_mcp-0.1.0/.gitignore

@@ -0,0 +1,53 @@
+# Dependencies
+node_modules/
+venv/
+.venv/
+env/
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.pytest_cache/
+.coverage
+htmlcov/
+
+# Build and Production
+.next/
+out/
+build/
+dist/
+.vercel/
+.turbo/
+
+# Environment Files
+.env
+.env.local
+.env.production
+.env.development
+.env.*.local
+
+# Operating System
+.DS_Store
+Thumbs.db
+
+# IDEs
+.vscode/
+.idea/
+
+# Logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Playwright (frontend)
+frontend/playwright-report/
+frontend/test-results/
+frontend/blob-report/
+
+# Docker
+.dockerignore
+!backend/.dockerignore
+!frontend/.dockerignore
+mcp-server/node_modules/
+.vercel

veragent_mcp-0.1.0/PKG-INFO

@@ -0,0 +1,62 @@
+Metadata-Version: 2.4
+Name: veragent-mcp
+Version: 0.1.0
+Summary: Veragent MCP server — check the trust/security score of MCP tools before installing them in Claude.
+Project-URL: Homepage, https://veragent.store
+Project-URL: Registry, https://veragent.store/trust-registry
+Author: Sean Li
+License: MIT
+Keywords: claude,mcp,model-context-protocol,security,trust,veragent
+Requires-Python: >=3.10
+Requires-Dist: httpx>=0.27
+Requires-Dist: mcp>=1.2.0
+Description-Content-Type: text/markdown
+
+# Veragent MCP Server
+
+The trust layer for MCP — as an MCP tool. Let Claude (or any MCP client/agent) check
+whether an MCP tool is **safe before installing it**, look up the most trusted tools,
+or score an entire MCP stack — all backed by the [Veragent](https://veragent.store)
+trust registry.
+
+## Tools
+
+| Tool | What it does |
+|------|--------------|
+| `check_tool_trust(name)` | Veragent trust score + audit state for a tool/server/agent. Use **before** installing. |
+| `list_trusted_tools(query, limit)` | The most trusted MCP tools, optionally filtered. |
+| `scan_mcp_stack(mcp_config)` | Score a whole `mcp_settings.json` — per-server risk + summary. |
+
+## Install (Claude Desktop)
+
+Add to your `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "veragent": {
+      "command": "uvx",
+      "args": ["veragent-mcp"]
+    }
+  }
+}
+```
+
+Then ask Claude: *"Is the playwright-mcp server safe? Check Veragent."*
+
+## Run locally
+
+```bash
+uvx veragent-mcp
+# or
+pip install veragent-mcp && veragent-mcp
+```
+
+## Configuration
+
+- `VERAGENT_API_BASE` — override the API base (default `https://veragent.store/api/v1`).
+
+## Honesty
+
+Veragent labels static-analysis results as **Heuristic** and reserves **SGC Certified**
+for behavioral-sandbox passes. Scores are reported with this distinction.

veragent_mcp-0.1.0/README.md

@@ -0,0 +1,48 @@
+# Veragent MCP Server
+
+The trust layer for MCP — as an MCP tool. Let Claude (or any MCP client/agent) check
+whether an MCP tool is **safe before installing it**, look up the most trusted tools,
+or score an entire MCP stack — all backed by the [Veragent](https://veragent.store)
+trust registry.
+
+## Tools
+
+| Tool | What it does |
+|------|--------------|
+| `check_tool_trust(name)` | Veragent trust score + audit state for a tool/server/agent. Use **before** installing. |
+| `list_trusted_tools(query, limit)` | The most trusted MCP tools, optionally filtered. |
+| `scan_mcp_stack(mcp_config)` | Score a whole `mcp_settings.json` — per-server risk + summary. |
+
+## Install (Claude Desktop)
+
+Add to your `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "veragent": {
+      "command": "uvx",
+      "args": ["veragent-mcp"]
+    }
+  }
+}
+```
+
+Then ask Claude: *"Is the playwright-mcp server safe? Check Veragent."*
+
+## Run locally
+
+```bash
+uvx veragent-mcp
+# or
+pip install veragent-mcp && veragent-mcp
+```
+
+## Configuration
+
+- `VERAGENT_API_BASE` — override the API base (default `https://veragent.store/api/v1`).
+
+## Honesty
+
+Veragent labels static-analysis results as **Heuristic** and reserves **SGC Certified**
+for behavioral-sandbox passes. Scores are reported with this distinction.

veragent_mcp-0.1.0/pyproject.toml

@@ -0,0 +1,27 @@
+[project]
+name = "veragent-mcp"
+version = "0.1.0"
+description = "Veragent MCP server — check the trust/security score of MCP tools before installing them in Claude."
+readme = "README.md"
+requires-python = ">=3.10"
+license = { text = "MIT" }
+authors = [{ name = "Sean Li" }]
+keywords = ["mcp", "model-context-protocol", "security", "veragent", "claude", "trust"]
+dependencies = [
+    "mcp>=1.2.0",
+    "httpx>=0.27",
+]
+
+[project.urls]
+Homepage = "https://veragent.store"
+Registry = "https://veragent.store/trust-registry"
+
+[project.scripts]
+veragent-mcp = "veragent_mcp.server:main"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["veragent_mcp"]

veragent_mcp-0.1.0/test_client.py

@@ -0,0 +1,42 @@
+"""
+Live integration tests for the Veragent MCP client (no mocks — hits the real API).
+Run: python test_client.py
+"""
+from veragent_mcp import client
+
+
+def test_check_tool_trust_found():
+    res = client.check_tool_trust("playwright")
+    assert res["found"] is True, res
+    assert isinstance(res["trust_score_pct"], int)
+    assert res["audit_state"]
+    assert res["report_url"].startswith("https://veragent.store/agents/")
+    print("check_tool_trust(found):", res["name"], res["trust_score_pct"], res["audit_state"])
+
+
+def test_check_tool_trust_not_found():
+    res = client.check_tool_trust("zzz-nonexistent-tool-xyz-123")
+    assert res["found"] is False, res
+    print("check_tool_trust(not found): OK")
+
+
+def test_list_trusted_tools():
+    res = client.list_trusted_tools(limit=5)
+    assert isinstance(res, list) and len(res) > 0, res
+    assert all("report_url" in t for t in res)
+    print("list_trusted_tools:", len(res), "tools; top:", res[0]["name"], res[0]["trust_score_pct"])
+
+
+def test_scan_mcp_stack():
+    cfg = {"mcpServers": {"playwright": {"command": "npx", "args": ["-y", "@playwright/mcp"]}}}
+    res = client.scan_mcp_stack(cfg)
+    assert "total" in res and res["total"] >= 1, res
+    print("scan_mcp_stack: total", res["total"], "summary:", res["summary"])
+
+
+if __name__ == "__main__":
+    test_check_tool_trust_found()
+    test_check_tool_trust_not_found()
+    test_list_trusted_tools()
+    test_scan_mcp_stack()
+    print("\nAll live client tests passed ✓")

veragent_mcp-0.1.0/veragent_mcp/__init__.py

@@ -0,0 +1,2 @@
+"""Veragent MCP server — the MCP trust layer, as an MCP tool."""
+__version__ = "0.1.0"

veragent_mcp-0.1.0/veragent_mcp/client.py

@@ -0,0 +1,103 @@
+"""
+Veragent API client — pure functions over the public Veragent API.
+
+Kept free of MCP-protocol concerns so the trust logic is independently testable
+against the live API (no mocks). Used by server.py to back the MCP tools.
+"""
+from __future__ import annotations
+
+import os
+from typing import Any, Dict, List
+
+import httpx
+
+API_BASE = os.environ.get("VERAGENT_API_BASE", "https://veragent.store/api/v1").rstrip("/")
+_TIMEOUT = httpx.Timeout(20.0)
+
+
+def _audit_label(audit_status: str, has_report: bool) -> str:
+    s = (audit_status or "unaudited").lower()
+    if "certified" in s and has_report:
+        return "SGC Certified (behavioral sandbox)"
+    if s in ("audited", "approved") or "audited" in s:
+        return "Heuristic (static analysis only)"
+    if "pending" in s or "review" in s:
+        return "Audit pending"
+    return "Unaudited"
+
+
+def check_tool_trust(name: str) -> Dict[str, Any]:
+    """Look up an MCP tool by name and return its Veragent trust assessment."""
+    with httpx.Client(timeout=_TIMEOUT) as c:
+        r = c.get(f"{API_BASE}/search/agents", params={"q": name, "page": 1, "limit": 5})
+        r.raise_for_status()
+        agents = (r.json() or {}).get("agents", [])
+
+    # Relevance guard: Typesense fuzzy-matches, so a non-indexed name can still return an
+    # unrelated tool. Require token overlap between the query and the candidate name/tagline
+    # so we never misreport an unrelated tool as if it were the one asked about.
+    def _relevant(a: Dict[str, Any]) -> bool:
+        q_tokens = {t for t in "".join(ch if ch.isalnum() else " " for ch in name.lower()).split() if len(t) > 2}
+        if not q_tokens:
+            return True
+        hay = f"{a.get('name','')} {a.get('tagline','')} {a.get('id','')}".lower()
+        return any(t in hay for t in q_tokens)
+
+    relevant = [a for a in agents if _relevant(a)] if agents else []
+    if not relevant:
+        return {"found": False, "query": name,
+                "message": f"No tool matching '{name}' is indexed in the Veragent trust registry. "
+                           "Treat it as unverified."}
+
+    a = relevant[0]
+    pct = round((a.get("trust_score") or a.get("sgc_confidence") or 0) * 100)
+    label = _audit_label(a.get("audit_status", ""), bool(a.get("sgc_report_id")))
+    return {
+        "found": True,
+        "name": a.get("name"),
+        "trust_score_pct": pct,
+        "audit_state": label,
+        "risk_tier": a.get("sgc_risk_tier") or a.get("risk_tier"),
+        "listing_type": a.get("listing_type"),
+        "publisher": (a.get("publisher") or {}).get("name"),
+        "report_url": f"https://veragent.store/agents/{a.get('id')}",
+        "advice": (
+            "Heuristic score reflects static analysis only — review the source before "
+            "installing in production." if "Heuristic" in label
+            else "Passed Veragent behavioral sandbox audit." if "Certified" in label
+            else "Not yet audited — install with caution."
+        ),
+    }
+
+
+def list_trusted_tools(query: str = "*", limit: int = 10) -> List[Dict[str, Any]]:
+    """Return the most trusted tools matching a query (or overall)."""
+    with httpx.Client(timeout=_TIMEOUT) as c:
+        r = c.get(f"{API_BASE}/search/agents",
+                  params={"q": query or "*", "sort_by": "trust_score", "page": 1, "limit": limit})
+        r.raise_for_status()
+        agents = (r.json() or {}).get("agents", [])
+    return [{
+        "name": a.get("name"),
+        "trust_score_pct": round((a.get("trust_score") or a.get("sgc_confidence") or 0) * 100),
+        "audit_state": _audit_label(a.get("audit_status", ""), bool(a.get("sgc_report_id"))),
+        "report_url": f"https://veragent.store/agents/{a.get('id')}",
+    } for a in agents]
+
+
+def scan_mcp_stack(mcp_config: Dict[str, Any]) -> Dict[str, Any]:
+    """Score a whole MCP stack. Pass a parsed mcp_settings.json (or its mcpServers block)."""
+    with httpx.Client(timeout=_TIMEOUT) as c:
+        r = c.post(f"{API_BASE}/stack/health-check", json={"mcp_config": mcp_config})
+        r.raise_for_status()
+        rep = r.json()
+    return {
+        "total": rep.get("total_servers"),
+        "safe": rep.get("green"), "caution": rep.get("yellow"),
+        "high_risk": rep.get("red"), "unregistered": rep.get("unknown"),
+        "summary": rep.get("summary"),
+        "details": [
+            {"server": s.get("server_key"), "risk": s.get("risk_level"),
+             "signals": s.get("signals")} for s in rep.get("servers", [])
+        ],
+    }

veragent_mcp-0.1.0/veragent_mcp/server.py

@@ -0,0 +1,47 @@
+"""
+Veragent MCP server — the trust layer, as an MCP tool.
+
+Exposes Veragent's trust registry as MCP tools so Claude (and any MCP client/agent)
+can vet MCP tools *before* installing them, or score an existing stack — turning
+Veragent from "a site you visit" into "a tool the agent calls".
+
+Run:
+    uvx veragent-mcp            # or: python -m veragent_mcp.server
+"""
+from __future__ import annotations
+
+from typing import Any, Dict
+
+from mcp.server.fastmcp import FastMCP
+
+from veragent_mcp import client
+
+mcp = FastMCP("veragent")
+
+
+@mcp.tool()
+def check_tool_trust(name: str) -> Dict[str, Any]:
+    """Check the Veragent trust score and audit state of an MCP tool / server / agent by name.
+    Use this BEFORE installing or recommending an MCP tool to verify it is safe."""
+    return client.check_tool_trust(name)
+
+
+@mcp.tool()
+def list_trusted_tools(query: str = "*", limit: int = 10) -> Any:
+    """List the most trusted MCP tools, optionally filtered by a search query."""
+    return client.list_trusted_tools(query=query, limit=limit)
+
+
+@mcp.tool()
+def scan_mcp_stack(mcp_config: Dict[str, Any]) -> Dict[str, Any]:
+    """Score a whole MCP stack for security. Pass a parsed mcp_settings.json object
+    (or just its mcpServers block). Returns per-server risk levels and a summary."""
+    return client.scan_mcp_stack(mcp_config)
+
+
+def main() -> None:
+    mcp.run()
+
+
+if __name__ == "__main__":
+    main()