Attestable

v1.0.0Securitystable

Verify that any MCP server is running the intended and untampered code via hardware attestation.

mcpmcp-serverremote-attestationteeverification
Share:
18
Stars
0
Downloads
0
Weekly
0/5

What is Attestable?

Attestable is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to verify that any mcp server is running the intended and untampered code via hardware attestation.

Verify that any MCP server is running the intended and untampered code via hardware attestation.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Verify that any MCP server is running the intended and untam

Use Cases

Verify MCP server code integrity through hardware attestation. Ensure servers run untampered code using trusted execution environments. Validate server authenticity and security.
LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx attestable

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Attestable

Attestable is a security-focused MCP server that uses hardware-based remote attestation to verify that any MCP server is running exactly the intended, untampered code inside an Intel SGX Trusted Execution Environment (TEE). It leverages the RA-TLS protocol to embed SGX quotes directly into X.509 certificates, giving clients cryptographic proof of server integrity. Developers and security teams use it to ensure that sensitive AI tool servers cannot be silently modified or replaced without detection.

Prerequisites

  • Intel SGX-capable hardware (with /dev/sgx_enclave and /dev/sgx_provision devices available)
  • Ubuntu 22.04 operating system (required for Gramine compatibility)
  • Docker installed and running on the host machine
  • Gramine and Intel SGX SDK/PSW installed (for building the SGX-protected image)
  • Python 3.13 and uv package manager (for dependency management)
1

Install system dependencies

Ensure you are running Ubuntu 22.04 with Intel SGX hardware. Install the Intel SGX SDK, PSW (Platform Software), and Gramine following their official documentation. These are required to build and sign the SGX enclave.

sudo apt-get install -y intel-sgx-sdk intel-sgx-psw gramine
2

Clone the repository and sync dependencies

Clone the attestable-mcp-server repository and use uv to install Python dependencies into an isolated virtual environment.

git clone https://github.com/kontext-security/attestable-mcp-server.git
cd attestable-mcp-server
uv sync
3

Build the base Docker image

Build the standard Docker container that packages the MCP server code. This image will later be wrapped with Gramine GSC to add SGX attestation support.

docker build -t attestable-mcp-server .
4

Generate SGX signing key and build the GSC-protected image

Generate a private key for signing the SGX enclave, clone the Gramine GSC tooling, then use GSC to build and sign the attestable image so it runs inside an SGX enclave.

gramine-sgx-gen-private-key
git clone https://github.com/gramineproject/gsc docker/gsc
# Follow GSC docs to build and sign the gsc-attestable-mcp-server image
5

Run the server on SGX hardware

Start the attestable MCP server inside the SGX enclave. The server listens on port 8000 and exposes RA-TLS endpoints for clients to verify server integrity. For local development without real SGX hardware, omit the device flags.

docker run -itp 8000:8000 \
  --device=/dev/sgx_provision:/dev/sgx/provision \
  --device=/dev/sgx_enclave:/dev/sgx/enclave \
  -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \
  --rm gsc-attestable-mcp-server
6

Configure your MCP client to connect

Point your MCP client at the running server. Because this server uses RA-TLS over HTTP, configure the client with the server URL. The client can then verify the SGX attestation quote embedded in the TLS certificate before trusting the server.

{
  "mcpServers": {
    "attestable": {
      "url": "http://localhost:8000"
    }
  }
}

Attestable Examples

Client configuration

Connect Claude Desktop or another MCP client to the locally running attestable server after starting the Docker container.

{
  "mcpServers": {
    "attestable": {
      "url": "http://localhost:8000"
    }
  }
}

Prompts to try

After connecting, ask your AI assistant to verify server integrity via attestation.

- "Verify the attestation of the connected MCP server and show me the SGX quote details."
- "Check if the MCP server is running untampered code using hardware attestation."
- "What is the pubkey hash of the currently attested server session?"

Troubleshooting Attestable

Docker container fails to start with 'device not found' errors for /dev/sgx_enclave or /dev/sgx_provision

Your hardware may not support SGX, or the SGX kernel modules are not loaded. Run 'ls /dev/sgx*' to check device availability and ensure the intel-sgx-psw service (aesmd) is running: 'sudo systemctl start aesmd'.

Gramine GSC build fails during image signing

Ensure you have generated the SGX private key with 'gramine-sgx-gen-private-key' before running GSC build commands. Also confirm your Gramine and GSC versions are compatible with each other and with your kernel's SGX support level.

Client cannot connect to the server on port 8000

Verify the Docker container is running with 'docker ps' and that port 8000 is not blocked by a firewall. For development without SGX, run the plain Docker image: 'docker run -p 8000:8000 --rm attestable-mcp-server'.

Frequently Asked Questions about Attestable

What is Attestable?

Attestable is a Model Context Protocol (MCP) server that verify that any mcp server is running the intended and untampered code via hardware attestation. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Attestable?

Follow the installation instructions on the Attestable GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Attestable?

Attestable works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Attestable free to use?

Yes, Attestable is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Attestable Alternatives — Similar Security Servers

Looking for alternatives to Attestable? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "attestable": { "command": "npx", "args": ["-y", "attestable"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Attestable?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides