{ "identity": { "name": "fidensa-mcp-server", "version": "0.4.1", "publisher": { "name": "Fidensa (https://fidensa.com)", "verified": false }, "source": "https://github.com/fidensa/mcp-server", "license": "MIT", "type": "mcp_server", "git_sha": "c39fcc1d1a92511afa5402f44dd1a94f9b173bbb" }, "description": { "summary": "MCP server that provides AI agents with access to Fidensa certification data for verifying capabilities, checking trust scores, and searching certified tools.", "semantic": { "capabilities": [ "certification_verification", "trust_scoring", "capability_search", "artifact_verification", "file_integrity", "experience_reporting", "capability_comparison" ], "constraints": { "api_key_required": "Some tools require free API key registration", "network_access": "Requires internet connection to Fidensa API", "mcp_protocol": "Must be used within MCP-compatible environment" } }, "categories": [ "security", "verification", "trust", "certification", "mcp-server", "ai-tools" ], "solves": "I need to verify the trustworthiness and certification status of AI capabilities and tools before using them in my agent workflows." }, "dependencies": [ { "type": "runtime", "name": "node", "version": ">=22.0.0", "required": true }, { "type": "npm_package", "name": "@modelcontextprotocol/sdk", "version": "^1.27.0", "required": true }, { "type": "npm_package", "name": "zod", "version": "^3.25.0", "required": true }, { "type": "npm_package", "name": "jose", "version": "^6.2.0", "required": true } ], "supply_chain": { "sbom": { "format": "CycloneDX", "version": "1.5", "generated_at": "2026-03-29T17:50:17.624Z", "component_count": 101, "direct_dependencies": 3, "transitive_dependencies": 98, "vulnerability_summary": { "critical": 0, "high": 0, "medium": 0, "low": 0, "none": 0, "total": 0 }, "flagged_components": [] }, "last_dependency_audit": "2026-03-29T17:50:17.624Z" }, "provenance": { "license_present": false, "license_file": null, "security_md_present": false, "readme_present": true, "readme_empty": false, "namespace_match": true, "last_commit_date": "2026-03-29T13:16:02-04:00", "contributor_count": 1, "repo_age_days": 0, "template_description": false }, "owasp_mcp_coverage": [ { "id": "MCP01", "name": "Excessive Agency & Permissions", "covered_by": [ { "stage": "security", "description": "Cisco scanner behavioral analysis of permission scope" } ], "status": "covered" }, { "id": "MCP02", "name": "Unauthorized Data Access", "covered_by": [ { "stage": "adversarial", "description": "Category 3 (data exfiltration) attack patterns" } ], "status": "covered" }, { "id": "MCP03", "name": "Tool Poisoning", "covered_by": [ { "stage": "adversarial", "description": "Category 1 (prompt injection) and Category 5 (context poisoning) attack patterns" } ], "status": "covered" }, { "id": "MCP04", "name": "Supply Chain Vulnerabilities", "covered_by": [ { "stage": "sbom", "description": "SBOM generation (syft/cdxgen) and vulnerability scanning (grype/osv-scanner/npm audit)" } ], "status": "covered" }, { "id": "MCP05", "name": "Command Injection", "covered_by": [ { "stage": "adversarial", "description": "Category 2 (privilege escalation) and Category 6 (repo config injection) attack patterns" } ], "status": "covered" }, { "id": "MCP06", "name": "Intent Subversion", "covered_by": [ { "stage": "adversarial", "description": "Category 1 (prompt injection) and Category 4 (capability squatting) attack patterns" } ], "status": "covered" }, { "id": "MCP07", "name": "Insecure Data Handling", "covered_by": [ { "stage": "security", "description": "Cisco scanner data flow and sensitive data handling analysis" } ], "status": "covered" }, { "id": "MCP08", "name": "Insufficient Logging", "covered_by": [], "status": "gap", "gap_note": "Not directly tested — logging adequacy requires runtime observation beyond current pipeline scope" }, { "id": "MCP09", "name": "Resource Exhaustion", "covered_by": [ { "stage": "fingerprint", "description": "Resource profiling (CPU, memory) during functional and adversarial testing" } ], "status": "covered" }, { "id": "MCP10", "name": "Context Injection", "covered_by": [ { "stage": "adversarial", "description": "Category 5 (context poisoning) attack patterns" } ], "status": "covered" } ], "composability": { "tested_with": [], "known_conflicts": [], "certified_workflows": [] }, "trust": { "score": 97, "grade": "A", "maturity": "Initial", "scheme_version": "2.0", "verified_at": "2026-03-29T17:53:58.094Z", "consumer_confirmations": { "total": 0, "confirmation_rate": 0, "last_30_days": { "consumptions": 0, "confirmations": 0, "disputes": 0, "dispute_categories": {} } }, "provenance": { "hash": "sha256:6f79da81604e74bf9fc0326cf8ea857e4980c1127368a43c597b3acd1e153cbd", "signed_by": "fidensa.com", "signature": "see .cert.json artifact", "source_verified": true, "last_source_audit": "2026-03-29T17:53:58.094Z", "attestation_url": "https://fidensa.com/v1/attestation/" }, "history": { "first_verified": "2026-03-29T17:53:58.094Z", "total_versions_verified": 1, "breaking_changes_detected": 0 }, "behavioral_fingerprint": { "fingerprint_version": "1.0", "baseline_created_at": "2026-03-29T17:53:52.451Z", "baseline_sample_size": 536, "signals": { "response_time_ms": { "p50": 1, "p95": 320, "p99": 658 }, "error_rate": 0, "output_size_bytes": { "p50": 318, "p95": 643, "mean": 349.26 }, "resource_profile": { "peak_memory_mb": 78.1, "avg_cpu_percent": 0.04 }, "per_tool": { "check_certification": { "p50_ms": 166, "p95_ms": 649, "error_rate": 0, "sample_count": 61 }, "get_contract": { "p50_ms": 290, "p95_ms": 424, "error_rate": 0, "sample_count": 61 }, "search_capabilities": { "p50_ms": 1, "p95_ms": 222, "error_rate": 0, "sample_count": 119 }, "compare_capabilities": { "p50_ms": 1, "p95_ms": 1326, "error_rate": 0, "sample_count": 12 }, "report_experience": { "p50_ms": 1, "p95_ms": 173, "error_rate": 0, "sample_count": 115 }, "verify_artifact": { "p50_ms": 1, "p95_ms": 2, "error_rate": 0, "sample_count": 109 }, "verify_file": { "p50_ms": 174, "p95_ms": 248, "error_rate": 0, "sample_count": 59 } } }, "drift_status": "baseline" }, "score_breakdown": [ { "signal": "security_scan", "score": 1, "weight": 0.15, "contribution": 0.15, "source": "stage2b-security", "rationale": "No security findings" }, { "signal": "supply_chain", "score": 1, "weight": 0.1, "contribution": 0.1, "source": "stage2a-sbom", "rationale": "Clean supply chain (101 components, 0 vulnerabilities)" }, { "signal": "adversarial", "score": 1, "weight": 0.25, "contribution": 0.25, "source": "stage3b-adversarial", "rationale": "No adversarial findings — clean" }, { "signal": "provenance", "score": 1, "weight": 0.2, "contribution": 0.2, "source": "stage1-ingest", "rationale": "source hash present, publisher identified, build succeeded, live MCP enumeration" }, { "signal": "consumer_confirm", "score": 0.913, "weight": 0.1, "contribution": 0.09132947976878614, "source": "stage3a-functional", "rationale": "Pipeline-derived baseline: 91.3% functional pass rate (no external reports yet)" }, { "signal": "behavioral_pass", "score": 0.913, "weight": 0.1, "contribution": 0.09132947976878614, "source": "stage3a-functional", "rationale": "91.3% of functional tests passed" }, { "signal": "contract_accuracy", "score": 1, "weight": 0.06, "contribution": 0.06, "source": "stage3a-functional", "rationale": "Avg contract accuracy across 7 tools: 100.0%" }, { "signal": "uptime", "score": 1, "weight": 0.04, "contribution": 0.04, "source": "pipeline-derived", "rationale": "Server responded throughout pipeline testing — baseline uptime 100% (no monitoring data yet)" } ], "max_achievable_score": 100, "review_flags": [ { "category": "content", "severity": "medium", "source": "stage4-assembler", "description": "Description section was synthesized by LLM from stage data — verify accuracy", "blocks_certification": false, "kind": "note" }, { "category": "content", "severity": "medium", "source": "stage4-assembler", "description": "Behavioral guarantees derived from README — verify accuracy against observed behavior", "blocks_certification": false, "kind": "note" }, { "category": "publisher", "severity": "medium", "source": "stage1-ingest", "description": "Publisher \"Fidensa (https://fidensa.com)\" is not verified — first certification from this publisher", "blocks_certification": false, "kind": "note" }, { "category": "provenance", "severity": "medium", "source": "stage1-provenance", "description": "No license file found in repository", "blocks_certification": false, "kind": "note" }, { "category": "provenance", "severity": "low", "source": "stage1-provenance", "description": "No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process", "blocks_certification": false, "kind": "note" }, { "category": "provenance", "severity": "low", "source": "stage1-provenance", "description": "Single contributor — no peer review evidence in commit history", "blocks_certification": false, "kind": "note" }, { "category": "provenance", "severity": "low", "source": "stage1-provenance", "description": "Repository is 0 days old — recently created", "blocks_certification": false, "kind": "note" } ] }, "mcp_server": { "interface": { "transport": [ "stdio" ], "tools": [ { "name": "check_certification", "description": "Quick trust check for an AI capability (MCP server, skill, plugin, or workflow). Returns certification status, trust score, grade, tier, and supply chain status. No API key required. Use this before invoking any capability to verify it has been independently certified by Fidensa.", "input_schema": { "type": "object", "properties": { "capability_id": { "type": "string", "description": "Capability identifier (e.g. \"mcp-server-filesystem\")" }, "version": { "type": "string", "description": "Specific version to check (e.g. \"1.0.0\"). Omit for latest." } }, "required": [ "capability_id" ], "additionalProperties": false, "$schema": "http://json-schema.org/draft-07/schema#" } }, { "name": "get_contract", "description": "Retrieve the full certification contract for a capability, including identity, supply chain analysis, security scan results, adversarial testing findings, behavioral fingerprint, and trust score breakdown. Requires a free API key (set FIDENSA_API_KEY).", "input_schema": { "type": "object", "properties": { "capability_id": { "type": "string", "description": "Capability identifier" }, "version": { "type": "string", "description": "Specific version (omit for latest)" } }, "required": [ "capability_id" ], "additionalProperties": false, "$schema": "http://json-schema.org/draft-07/schema#" } }, { "name": "search_capabilities", "description": "Search for certified AI capabilities by keyword or description. Use this to discover certified alternatives when a capability is uncertified or scores poorly. Supports filtering by type, tier, and minimum trust score. No API key required.", "input_schema": { "type": "object", "properties": { "query": { "type": "string", "description": "Search query (natural language or keywords)" }, "type": { "type": "string", "enum": [ "mcp_server", "skill", "rules_file", "hook", "sub_agent", "plugin" ], "description": "Filter by capability type" }, "tier": { "type": "string", "enum": [ "certified", "verified", "evaluated" ], "description": "Filter by certification tier" }, "min_score": { "type": "integer", "minimum": 0, "maximum": 100, "description": "Minimum trust score (0-100)" }, "limit": { "type": "integer", "minimum": 1, "maximum": 50, "description": "Maximum number of results (default: 10)" } }, "required": [ "query" ], "additionalProperties": false, "$schema": "http://json-schema.org/draft-07/schema#" } }, { "name": "compare_capabilities", "description": "Side-by-side comparison of 2-5 certified capabilities. Shows trust scores, grades, tiers, and per-signal breakdowns to help choose between alternatives. Requires a free API key (set FIDENSA_API_KEY).", "input_schema": { "type": "object", "properties": { "capability_ids": { "type": "array", "items": { "type": "string" }, "minItems": 2, "maxItems": 5, "description": "Array of 2-5 capability IDs to compare" } }, "required": [ "capability_ids" ], "additionalProperties": false, "$schema": "http://json-schema.org/draft-07/schema#" } }, { "name": "report_experience", "description": "Submit an experience report for a certified capability. Reports feed into the social proof signal of the trust score. Requires the content_hash from the .cert.json artifact (proves you've encountered the certified file). API key optional but recommended for higher rate limits.", "input_schema": { "type": "object", "properties": { "capability_id": { "type": "string", "description": "Capability identifier" }, "content_hash": { "type": "string", "description": "SHA-256 content hash from the .cert.json artifact or the certification block. This proves you have the certified file." }, "outcome": { "type": "string", "enum": [ "success", "failure", "partial" ], "description": "Overall outcome of using the capability" }, "version": { "type": "string", "description": "Capability version (e.g. \"1.0.0\"). Server defaults to latest if omitted." }, "environment": { "type": "object", "properties": { "agent_platform": { "type": "string", "description": "Agent platform (e.g. \"claude-code\", \"cursor\")" }, "agent_version": { "type": "string", "description": "Agent version" }, "os": { "type": "string", "description": "Operating system" }, "runtime_version": { "type": "string", "description": "Runtime version (e.g. \"node-22.x\")" } }, "required": [ "agent_platform" ], "additionalProperties": false, "description": "Environment context" }, "details": { "type": "object", "properties": { "tools_used": { "type": "array", "items": { "type": "string" }, "description": "Which tools were used" }, "failure_description": { "type": "string", "description": "What went wrong" }, "unexpected_behavior": { "type": "string", "description": "Unexpected behavior observed" } }, "additionalProperties": false, "description": "Additional details" } }, "required": [ "capability_id", "content_hash", "outcome" ], "additionalProperties": false, "$schema": "http://json-schema.org/draft-07/schema#" } }, { "name": "verify_artifact", "description": "Verify the cryptographic signature on a Fidensa certification artifact (.cert.json). Checks platform signature, content hash, expiry, and optionally code integrity (git SHA match) and file integrity (file hash match). For true offline verification, pass the .cert.json content from the capability's published package via the content parameter. Requires a free API key (set FIDENSA_API_KEY).", "input_schema": { "type": "object", "properties": { "content": { "type": "string", "description": "Base64-encoded .cert.json artifact content. Preferred for independent verification." }, "url": { "type": "string", "description": "fidensa.com URL to fetch the artifact (convenience, but verification is circular since the artifact comes from the same authority verifying it)." }, "installed_git_sha": { "type": "string", "description": "Git commit SHA of the installed code (from \"git rev-parse HEAD\"). When provided, verifies that the installed code matches the certified commit." }, "file_hash": { "type": "string", "description": "SHA-256 hash of the capability file (excluding the residual comment line). When provided, verifies the file matches the certified original." } }, "additionalProperties": false, "$schema": "http://json-schema.org/draft-07/schema#" } }, { "name": "verify_file", "description": "Quick file integrity check: pass the SHA-256 hash of a capability file and its capability_id to verify the file matches what Fidensa certified. This is the simplest verification path — no .cert.json needed. No API key required.", "input_schema": { "type": "object", "properties": { "capability_id": { "type": "string", "description": "Capability identifier" }, "file_hash": { "type": "string", "description": "SHA-256 hash of the capability file (excluding the residual comment line if present)." } }, "required": [ "capability_id", "file_hash" ], "additionalProperties": false, "$schema": "http://json-schema.org/draft-07/schema#" } } ], "resources": [], "prompts": [] }, "behavioral_guarantees": { "contracts": [ { "given": "Valid request", "then": "Provides structured access to Fidensa certification data through MCP tool calls", "source": "author" }, { "given": "Valid request", "then": "Checks trust scores of capabilities", "source": "author" }, { "given": "Valid request", "then": "Searches for certified alternatives", "source": "author" }, { "given": "Valid request", "then": "Compares capabilities side-by-side", "source": "author" }, { "given": "Valid request", "then": "Verifies signed artifacts", "source": "author" }, { "given": "Valid request", "then": "Checks file integrity by hashing capability files and verifying against Fidensa certified versions", "source": "author" }, { "given": "Valid request", "then": "Reports runtime experience", "source": "author" }, { "given": "Valid request", "then": "Provides check_certification tool for quick trust check with status, score, grade, tier", "source": "author" }, { "given": "Valid request", "then": "Provides search_capabilities tool to search for certified capabilities by keyword, type, tier, or score", "source": "author" }, { "given": "Valid request", "then": "Provides verify_file tool for quick file integrity check", "source": "author" }, { "given": "Valid request", "then": "Provides report_experience tool to submit runtime experience reports", "source": "author" }, { "given": "Valid request", "then": "Provides get_contract tool for full certification contract with all evidence (requires API key)", "source": "author" }, { "given": "Valid request", "then": "Provides compare_capabilities tool for side-by-side comparison of 2-5 capabilities (requires API key)", "source": "author" }, { "given": "Valid request", "then": "Provides verify_artifact tool to verify cryptographic signatures on .cert.json artifacts with optional file and code integrity checks (requires API key)", "source": "author" }, { "given": "Valid request", "then": "Works with some tools without API key (check_certification, search_capabilities, verify_file, and report_experience)", "source": "author" }, { "given": "Valid request", "then": "Provides higher rate limits for report_experience with API key", "source": "author" }, { "given": "Valid request", "then": "Connects to production API at https://fidensa.com by default", "source": "author" }, { "given": "Valid request", "then": "Provides tool \"check_certification\": Quick trust check for an AI capability (MCP server, skill, plugin, or workflow). Returns certification status, trust score, grade, tier, and supply chain status. No API key required. Use this before invoking any capability to verify it has been independently certified by Fidensa.", "source": "author" }, { "given": "Valid request", "then": "Provides tool \"get_contract\": Retrieve the full certification contract for a capability, including identity, supply chain analysis, security scan results, adversarial testing findings, behavioral fingerprint, and trust score breakdown. Requires a free API key (set FIDENSA_API_KEY).", "source": "author" }, { "given": "Valid request", "then": "Provides tool \"search_capabilities\": Search for certified AI capabilities by keyword or description. Use this to discover certified alternatives when a capability is uncertified or scores poorly. Supports filtering by type, tier, and minimum trust score. No API key required.", "source": "author" }, { "given": "Valid request", "then": "Provides tool \"compare_capabilities\": Side-by-side comparison of 2-5 certified capabilities. Shows trust scores, grades, tiers, and per-signal breakdowns to help choose between alternatives. Requires a free API key (set FIDENSA_API_KEY).", "source": "author" }, { "given": "Valid request", "then": "Provides tool \"report_experience\": Submit an experience report for a certified capability. Reports feed into the social proof signal of the trust score. Requires the content_hash from the .cert.json artifact (proves you've encountered the certified file). API key optional but recommended for higher rate limits.", "source": "author" }, { "given": "Valid request", "then": "Provides tool \"verify_artifact\": Verify the cryptographic signature on a Fidensa certification artifact (.cert.json). Checks platform signature, content hash, expiry, and optionally code integrity (git SHA match) and file integrity (file hash match). For true offline verification, pass the .cert.json content from the capability's published package via the content parameter. Requires a free API key (set FIDENSA_API_KEY).", "source": "author" }, { "given": "Valid request", "then": "Provides tool \"verify_file\": Quick file integrity check: pass the SHA-256 hash of a capability file and its capability_id to verify the file matches what Fidensa certified. This is the simplest verification path — no .cert.json needed. No API key required.", "source": "author" } ], "failure_modes": [ "Some tools require API key while others work without any configuration", "API key provides higher rate limits for report_experience tool", "Server shows different startup messages depending on whether FIDENSA_API_KEY is set" ], "side_effects": [ "Makes outbound network requests", "Accesses environment variables" ], "guarantee_sources": [ "author", "protocol" ], "scope_boundaries": { "modifies_files": false, "creates_files": false, "deletes_files": false, "makes_network_requests": true, "accesses_env_variables": true, "invokes_external_tools": false } }, "security": { "permissions_required": [ "network:outbound" ], "data_accessed": [ "FIDENSA_API_KEY environment variable" ], "network_calls": [], "sandboxable": true, "scan_results": { "cisco_mcp_scanner": { "status": "SAFE", "severity": "SAFE", "analyzers": [ "yara", "llm", "readiness" ], "scanned_at": "2026-03-29T17:50:29.903Z", "findings_summary": { "critical": 0, "high": 0, "medium": 0, "low": 0, "informational": 0 }, "live_scan": { "status": "completed", "finding_count": 0, "findings": [], "duration_ms": 7599 }, "code_scan": { "status": "completed", "finding_count": 0, "findings": [], "duration_ms": 4673 } } }, "adversarial_testing": { "methodology_version": "1.0", "categories_tested": [ "prompt_injection_chains", "capability_squatting", "context_poisoning", "dependency_confusion" ], "findings": [], "tested_at": "2026-03-29T17:53:58.089Z" } } } }