# KeyCard AI MCP SDK
A comprehensive Python SDK for Model Context Protocol (MCP) functionality that simplifies authentication and authorization concerns for developers working with AI/LLM integrations.
## Installation
```bash
pip install keycardai-mcp
```
## Quick Start
```python
from keycardai.mcp import *
# MCP Server with authentication
server = MCPServer(
name="my-mcp-server",
version="1.0.0",
auth_config=MCPAuthConfig(
oauth_client_id="your_client_id",
oauth_client_secret="your_client_secret"
)
)
# Register authenticated resources
@server.resource("user-data")
async def get_user_data(context: MCPContext) -> MCPResource:
# Automatic token validation and user context
user = context.authenticated_user
return MCPResource(
uri=f"user://{user.id}/data",
content=await fetch_user_data(user.id)
)
# MCP Client with token management
client = MCPClient(
server_url="https://api.example.com/mcp",
auth=MCPOAuthAuth(
client_id="client_id",
client_secret="client_secret"
)
)
# Access authenticated resources
user_data = await client.get_resource("user-data")
```
## 🏗️ Architecture & Features
This SDK provides comprehensive MCP functionality with enterprise-grade security:
### Core MCP Components
| Component | Module | Description |
|-----------|---------|-------------|
| **MCP Server** | `server.py` | **Authenticated MCP Server** - Host MCP resources with built-in OAuth 2.0 authentication |
| **MCP Client** | `client.py` | **Secure MCP Client** - Connect to MCP servers with automatic token management |
| **Resource Management** | `resources.py` | **Authenticated Resources** - Secure resource access with user context |
| **Tool Integration** | `tools.py` | **Secure Tools** - Execute MCP tools with proper authorization |
### Authentication & Security
| Feature | Module | Description |
|---------|---------|-------------|
| **OAuth 2.0 Integration** | `auth.py` | **Token Management** - Seamless OAuth integration for MCP operations |
| **Token Validation** | `validation.py` | **Security Middleware** - Automatic token validation and user context |
| **Scope Management** | `scopes.py` | **Permission Control** - Fine-grained access control for MCP resources |
| **Session Management** | `sessions.py` | **Secure Sessions** - Persistent authenticated sessions for MCP clients |
### MCP Protocol Extensions
| Standard | Module | Description |
|----------|---------|-------------|
| **Resource Templates** | `templates.py` | **Dynamic Resources** - Template-based resource generation with auth context |
| **Prompt Security** | `prompts.py` | **Secure Prompts** - User-aware prompt templates and execution |
| **Tool Authorization** | `tools.py` | **Permission Checks** - Role-based access control for MCP tools |
| **Logging & Monitoring** | `monitoring.py` | **Security Audit** - Comprehensive logging of authenticated operations |
## Features
- ✅ **MCP Protocol Compliance**: Full implementation of Model Context Protocol standards
- ✅ **OAuth 2.0 Integration**: Seamless authentication with industry-standard OAuth flows
- ✅ **Type Safe**: Full type hints with Pydantic models for all MCP operations
- ✅ **Async Support**: Native async/await support for all MCP operations
- ✅ **Enterprise Security**: Token validation, scope management, and audit logging
- ✅ **Developer Friendly**: Simplified API that abstracts away authentication complexity
- ✅ **Production Ready**: Battle-tested security patterns and comprehensive error handling
## Use Cases
### 🤖 AI Agent Platforms
```python
# Secure MCP server for AI agents
server = MCPServer(auth_required=True)
@server.tool("execute-query")
async def execute_query(context: MCPContext, query: str) -> dict:
# Only authenticated users with 'query:execute' scope
if not context.has_scope("query:execute"):
raise MCPAuthError("Insufficient permissions")
return await database.execute(query, user=context.user)
```
### 🔐 Enterprise LLM Integration
```python
# Corporate LLM with secure resource access
client = MCPClient(
server_url="https://corp-llm.company.com/mcp",
auth=MCPOAuthAuth.from_client_credentials(
client_id="corp-client",
client_secret="secret",
scopes=["documents:read", "calendar:read"]
)
)
# Access corporate resources securely
documents = await client.list_resources("documents")
```
### 🌐 Multi-Tenant SaaS
```python
# Tenant-aware MCP resources
@server.resource("tenant-data")
async def get_tenant_data(context: MCPContext) -> MCPResource:
tenant_id = context.user.tenant_id
return await fetch_tenant_data(tenant_id, user=context.user)
```
## Security Best Practices
### Token Management
- Automatic token refresh and rotation
- Secure token storage with encryption
- Scope-based permission validation
- Session timeout and cleanup
### Authentication Flows
- Authorization Code flow for web applications
- Client Credentials flow for service-to-service
- Device Code flow for CLI applications
- PKCE for public clients
### Monitoring & Compliance
- Comprehensive audit logging
- Rate limiting and abuse prevention
- GDPR-compliant user data handling
- SOC 2 security controls
## Development
This package is part of the [KeycardAI Python SDK workspace](../../README.md).
To develop:
```bash
# From workspace root
uv sync
uv run --package keycardai-mcp pytest
```
## Examples
See the [examples directory](examples/) for comprehensive examples including:
- Basic MCP server setup
- OAuth integration patterns
- Multi-tenant configurations
- Enterprise deployment guides
## License
MIT License - see [LICENSE](../../LICENSE) file for details.
## Support
- 📖 [Documentation](https://docs.keycardai.com/mcp)
- 🐛 [Issue Tracker](https://github.com/keycardai/python-sdk/issues)
- 💬 [Community Discussions](https://github.com/keycardai/python-sdk/discussions)
- 📧 [Support Email](mailto:support@keycard.ai)
Raw data
{
"_id": null,
"home_page": null,
"name": "keycardai-mcp",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "ai, authentication, authorization, llm, mcp, model-context-protocol",
"author": null,
"author_email": "KeyCard AI <support@keycard.ai>",
"download_url": "https://files.pythonhosted.org/packages/16/1f/4f46df7d60cf730a76c607a33ff357aaea9de105d6f22c276edf1b4a2247/keycardai_mcp-0.1.0.tar.gz",
"platform": null,
"description": "# KeyCard AI MCP SDK\n\nA comprehensive Python SDK for Model Context Protocol (MCP) functionality that simplifies authentication and authorization concerns for developers working with AI/LLM integrations.\n\n## Installation\n\n```bash\npip install keycardai-mcp\n```\n\n## Quick Start\n\n```python\nfrom keycardai.mcp import *\n\n# MCP Server with authentication\nserver = MCPServer(\n name=\"my-mcp-server\",\n version=\"1.0.0\",\n auth_config=MCPAuthConfig(\n oauth_client_id=\"your_client_id\",\n oauth_client_secret=\"your_client_secret\"\n )\n)\n\n# Register authenticated resources\n@server.resource(\"user-data\")\nasync def get_user_data(context: MCPContext) -> MCPResource:\n # Automatic token validation and user context\n user = context.authenticated_user\n return MCPResource(\n uri=f\"user://{user.id}/data\",\n content=await fetch_user_data(user.id)\n )\n\n# MCP Client with token management\nclient = MCPClient(\n server_url=\"https://api.example.com/mcp\",\n auth=MCPOAuthAuth(\n client_id=\"client_id\",\n client_secret=\"client_secret\"\n )\n)\n\n# Access authenticated resources\nuser_data = await client.get_resource(\"user-data\")\n```\n\n## \ud83c\udfd7\ufe0f Architecture & Features\n\nThis SDK provides comprehensive MCP functionality with enterprise-grade security:\n\n### Core MCP Components\n\n| Component | Module | Description |\n|-----------|---------|-------------|\n| **MCP Server** | `server.py` | **Authenticated MCP Server** - Host MCP resources with built-in OAuth 2.0 authentication |\n| **MCP Client** | `client.py` | **Secure MCP Client** - Connect to MCP servers with automatic token management |\n| **Resource Management** | `resources.py` | **Authenticated Resources** - Secure resource access with user context |\n| **Tool Integration** | `tools.py` | **Secure Tools** - Execute MCP tools with proper authorization |\n\n### Authentication & Security\n\n| Feature | Module | Description |\n|---------|---------|-------------|\n| **OAuth 2.0 Integration** | `auth.py` | **Token Management** - Seamless OAuth integration for MCP operations |\n| **Token Validation** | `validation.py` | **Security Middleware** - Automatic token validation and user context |\n| **Scope Management** | `scopes.py` | **Permission Control** - Fine-grained access control for MCP resources |\n| **Session Management** | `sessions.py` | **Secure Sessions** - Persistent authenticated sessions for MCP clients |\n\n### MCP Protocol Extensions\n\n| Standard | Module | Description |\n|----------|---------|-------------|\n| **Resource Templates** | `templates.py` | **Dynamic Resources** - Template-based resource generation with auth context |\n| **Prompt Security** | `prompts.py` | **Secure Prompts** - User-aware prompt templates and execution |\n| **Tool Authorization** | `tools.py` | **Permission Checks** - Role-based access control for MCP tools |\n| **Logging & Monitoring** | `monitoring.py` | **Security Audit** - Comprehensive logging of authenticated operations |\n\n## Features\n\n- \u2705 **MCP Protocol Compliance**: Full implementation of Model Context Protocol standards\n- \u2705 **OAuth 2.0 Integration**: Seamless authentication with industry-standard OAuth flows\n- \u2705 **Type Safe**: Full type hints with Pydantic models for all MCP operations\n- \u2705 **Async Support**: Native async/await support for all MCP operations\n- \u2705 **Enterprise Security**: Token validation, scope management, and audit logging\n- \u2705 **Developer Friendly**: Simplified API that abstracts away authentication complexity\n- \u2705 **Production Ready**: Battle-tested security patterns and comprehensive error handling\n\n## Use Cases\n\n### \ud83e\udd16 AI Agent Platforms\n```python\n# Secure MCP server for AI agents\nserver = MCPServer(auth_required=True)\n\n@server.tool(\"execute-query\")\nasync def execute_query(context: MCPContext, query: str) -> dict:\n # Only authenticated users with 'query:execute' scope\n if not context.has_scope(\"query:execute\"):\n raise MCPAuthError(\"Insufficient permissions\")\n \n return await database.execute(query, user=context.user)\n```\n\n### \ud83d\udd10 Enterprise LLM Integration\n```python\n# Corporate LLM with secure resource access\nclient = MCPClient(\n server_url=\"https://corp-llm.company.com/mcp\",\n auth=MCPOAuthAuth.from_client_credentials(\n client_id=\"corp-client\",\n client_secret=\"secret\",\n scopes=[\"documents:read\", \"calendar:read\"]\n )\n)\n\n# Access corporate resources securely\ndocuments = await client.list_resources(\"documents\")\n```\n\n### \ud83c\udf10 Multi-Tenant SaaS\n```python\n# Tenant-aware MCP resources\n@server.resource(\"tenant-data\")\nasync def get_tenant_data(context: MCPContext) -> MCPResource:\n tenant_id = context.user.tenant_id\n return await fetch_tenant_data(tenant_id, user=context.user)\n```\n\n## Security Best Practices\n\n### Token Management\n- Automatic token refresh and rotation\n- Secure token storage with encryption\n- Scope-based permission validation\n- Session timeout and cleanup\n\n### Authentication Flows\n- Authorization Code flow for web applications\n- Client Credentials flow for service-to-service\n- Device Code flow for CLI applications\n- PKCE for public clients\n\n### Monitoring & Compliance\n- Comprehensive audit logging\n- Rate limiting and abuse prevention\n- GDPR-compliant user data handling\n- SOC 2 security controls\n\n## Development\n\nThis package is part of the [KeycardAI Python SDK workspace](../../README.md). \n\nTo develop:\n\n```bash\n# From workspace root\nuv sync\nuv run --package keycardai-mcp pytest\n```\n\n## Examples\n\nSee the [examples directory](examples/) for comprehensive examples including:\n- Basic MCP server setup\n- OAuth integration patterns\n- Multi-tenant configurations\n- Enterprise deployment guides\n\n## License\n\nMIT License - see [LICENSE](../../LICENSE) file for details.\n\n## Support\n\n- \ud83d\udcd6 [Documentation](https://docs.keycardai.com/mcp)\n- \ud83d\udc1b [Issue Tracker](https://github.com/keycardai/python-sdk/issues)\n- \ud83d\udcac [Community Discussions](https://github.com/keycardai/python-sdk/discussions)\n- \ud83d\udce7 [Support Email](mailto:support@keycard.ai)\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A Python SDK for Model Context Protocol (MCP) functionality with simplified authentication and authorization",
"version": "0.1.0",
"project_urls": {
"Documentation": "https://docs.keycardai.com",
"Homepage": "https://github.com/keycardai/python-sdk",
"Issues": "https://github.com/keycardai/python-sdk/issues",
"Repository": "https://github.com/keycardai/python-sdk"
},
"split_keywords": [
"ai",
" authentication",
" authorization",
" llm",
" mcp",
" model-context-protocol"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "0d498fd4d2039c6ab8866ad71223ac996645647088dbaba59aa819e97b96d502",
"md5": "16501a666e8f9f18ad7e1d531378005c",
"sha256": "2782de30c5a58e207c996df98d9b66ac06ec203e53a38fd34f6d0547d926f216"
},
"downloads": -1,
"filename": "keycardai_mcp-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "16501a666e8f9f18ad7e1d531378005c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 4094,
"upload_time": "2025-09-10T16:47:50",
"upload_time_iso_8601": "2025-09-10T16:47:50.905342Z",
"url": "https://files.pythonhosted.org/packages/0d/49/8fd4d2039c6ab8866ad71223ac996645647088dbaba59aa819e97b96d502/keycardai_mcp-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "161f4f46df7d60cf730a76c607a33ff357aaea9de105d6f22c276edf1b4a2247",
"md5": "b2be1524394a4eee997aaab492b9774c",
"sha256": "1f30c91ab0576f48111639ad3b9cf1dffc1104f715fb5b2c92c6d9a98b51b04a"
},
"downloads": -1,
"filename": "keycardai_mcp-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "b2be1524394a4eee997aaab492b9774c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 5959,
"upload_time": "2025-09-10T16:47:51",
"upload_time_iso_8601": "2025-09-10T16:47:51.640553Z",
"url": "https://files.pythonhosted.org/packages/16/1f/4f46df7d60cf730a76c607a33ff357aaea9de105d6f22c276edf1b4a2247/keycardai_mcp-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-10 16:47:51",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "keycardai",
"github_project": "python-sdk",
"github_not_found": true,
"lcname": "keycardai-mcp"
}
JSON
