# MCP Security Framework
[](https://badge.fury.io/py/mcp-security-framework)
[](https://www.python.org/downloads/)
[](https://opensource.org/licenses/MIT)
[](https://github.com/psf/black)
[](https://pycqa.github.io/isort/)
Universal security framework for microservices with SSL/TLS, authentication, authorization, and rate limiting.
## Features
- 🔐 **Multi-method Authentication**: API keys, JWT tokens, X.509 certificates
- 🛡️ **SSL/TLS Management**: Server and client certificate handling
- 🔑 **Role-based Authorization**: Flexible permission system with role hierarchy
- ⚡ **Rate Limiting**: Configurable request rate limiting
- 🚀 **Framework Agnostic**: Works with FastAPI, Flask, Django, and standalone
- 🛠️ **CLI Tools**: Certificate management and security testing
- 📊 **Comprehensive Logging**: Security event logging and monitoring
## Quick Start
### Installation
```bash
# Basic installation
pip install mcp-security-framework
# With framework support
pip install mcp-security-framework[fastapi]
pip install mcp-security-framework[flask]
pip install mcp-security-framework[django]
# Development installation
pip install mcp-security-framework[dev]
```
### Basic Usage
```python
from mcp_security_framework import SecurityManager, SecurityConfig
from mcp_security_framework.schemas.config import AuthConfig, PermissionConfig
# Create configuration
config = SecurityConfig(
auth=AuthConfig(
enabled=True,
methods=["api_key"],
api_keys={"admin": "admin_key_123"}
),
permissions=PermissionConfig(roles_file="roles.json")
)
# Create security manager
security_manager = SecurityManager(config)
# Validate request
result = security_manager.validate_request({
"api_key": "admin_key_123",
"required_permissions": ["read", "write"]
})
if result.is_valid:
print("Access granted!")
else:
print(f"Access denied: {result.error_message}")
```
### FastAPI Integration
```python
from fastapi import FastAPI
from mcp_security_framework import create_fastapi_security_middleware, SecurityConfig
# Configuration
config = SecurityConfig(
auth=AuthConfig(
enabled=True,
methods=["api_key", "jwt"],
api_keys={"user": "user_key_456"}
),
permissions=PermissionConfig(roles_file="roles.json")
)
# Create FastAPI app
app = FastAPI()
# Add security middleware
security_middleware = create_fastapi_security_middleware(config)
app.add_middleware(security_middleware)
@app.get("/secure")
async def secure_endpoint():
return {"message": "Access granted"}
@app.get("/public")
async def public_endpoint():
return {"message": "Public access"}
```
### Flask Integration
```python
from flask import Flask
from mcp_security_framework import create_flask_security_middleware, SecurityConfig
# Configuration
config = SecurityConfig(
auth=AuthConfig(
enabled=True,
methods=["api_key"]
),
permissions=PermissionConfig(roles_file="roles.json")
)
# Create Flask app
app = Flask(__name__)
# Add security middleware
security_middleware = create_flask_security_middleware(config)
app.wsgi_app = security_middleware(app.wsgi_app)
@app.route("/secure")
def secure_endpoint():
return {"message": "Access granted"}
```
## CLI Tools
### Certificate Management
```bash
# Create root CA
mcp-cert create-ca --ca-name "My Root CA" --output-dir ./certs
# Create client certificate
mcp-cert create-client-cert --name "client1" --roles "user,admin" --permissions "read,write"
# Create server certificate
mcp-cert create-server-cert --name "api-server" --domains "api.example.com"
```
### Security Testing
```bash
# Validate configuration
mcp-security validate-config --config-file security_config.json
# Test authentication
mcp-security test-auth --config-file security_config.json --api-key "test_key"
```
## Configuration
### Basic Configuration File
```json
{
"ssl": {
"enabled": true,
"cert_file": "server.crt",
"key_file": "server.key",
"ca_cert_file": "ca.crt",
"verify_mode": "CERT_REQUIRED",
"min_version": "TLSv1.2"
},
"auth": {
"enabled": true,
"methods": ["api_key", "jwt", "certificate"],
"api_keys": {
"admin": "admin_key_123",
"user": "user_key_456"
},
"jwt_secret": "your_jwt_secret_key",
"jwt_expiry_hours": 24,
"public_paths": ["/docs", "/health"]
},
"certificates": {
"ca_dir": "./certs",
"roles_oid": "1.3.6.1.4.1.99999.1.1",
"permissions_oid": "1.3.6.1.4.1.99999.1.2",
"verify_certificates": true,
"check_revocation": true
},
"permissions": {
"roles_file": "roles.json",
"deny_by_default": true,
"case_sensitive": false,
"allow_wildcard": true
},
"rate_limit": {
"enabled": true,
"rate_limit": 100,
"time_window": 60,
"by_ip": true,
"by_user": true
}
}
```
### Roles and Permissions
```json
{
"roles": {
"admin": {
"name": "admin",
"description": "Administrator role",
"permissions": ["read", "write", "delete", "admin"],
"priority": 100
},
"user": {
"name": "user",
"description": "Regular user role",
"permissions": ["read", "write"],
"priority": 50
},
"guest": {
"name": "guest",
"description": "Guest role",
"permissions": ["read"],
"priority": 10
}
},
"role_hierarchy": {
"roles": {
"admin": ["user"],
"user": ["guest"]
}
},
"default_policy": {
"deny_by_default": true,
"require_role_match": true,
"case_sensitive": false,
"allow_wildcard": true
}
}
```
## Documentation
- [Installation Guide](docs/installation.md)
- [Configuration Reference](docs/configuration.md)
- [API Reference](docs/api_reference.md)
- [Examples](docs/examples/)
- [FastAPI Integration](docs/examples/fastapi_integration.md)
- [Flask Integration](docs/examples/flask_integration.md)
- [Standalone Usage](docs/examples/standalone_usage.md)
- [Security Guide](docs/security/)
- [SSL/TLS Setup](docs/security/ssl_tls.md)
- [Authentication Methods](docs/security/authentication.md)
- [Authorization and Roles](docs/security/authorization.md)
- [Certificate Management](docs/security/certificates.md)
- [Troubleshooting](docs/troubleshooting.md)
## Development
### Setup Development Environment
```bash
# Clone repository
git clone https://github.com/mcp-security/mcp-security-framework.git
cd mcp-security-framework
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
# Install development dependencies
pip install -e ".[dev]"
# Install pre-commit hooks
pre-commit install
```
### Running Tests
```bash
# Run all tests
pytest
# Run with coverage
pytest --cov=mcp_security_framework --cov-report=html
# Run specific test categories
pytest -m unit
pytest -m integration
pytest -m "not slow"
```
### Code Quality
```bash
# Format code
black src tests
isort src tests
# Lint code
flake8 src tests
mypy src
# Run all quality checks
tox
```
### Building Documentation
```bash
# Install documentation dependencies
pip install -e ".[docs]"
# Build documentation
sphinx-build -b html docs docs/_build/html
```
## Contributing
We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.
### Development Workflow
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Make your changes
4. Add tests for new functionality
5. Ensure all tests pass (`pytest`)
6. Format and lint your code (`black`, `isort`, `flake8`, `mypy`)
7. Commit your changes (`git commit -m 'Add amazing feature'`)
8. Push to the branch (`git push origin feature/amazing-feature`)
9. Open a Pull Request
## Security
If you discover a security vulnerability, please report it to us at security@mcp.example.com.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Support
- 📖 [Documentation](https://mcp-security-framework.readthedocs.io/)
- 🐛 [Issue Tracker](https://github.com/mcp-security/mcp-security-framework/issues)
- 💬 [Discussions](https://github.com/mcp-security/mcp-security-framework/discussions)
- 📧 [Email Support](mailto:support@mcp.example.com)
## Changelog
See [CHANGELOG.md](CHANGELOG.md) for a list of changes and version history.
Raw data
{
"_id": null,
"home_page": null,
"name": "mcp-security-framework",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "Vasiliy Zdanovskiy <vasilyvz@gmail.com>",
"keywords": "security, authentication, authorization, ssl, tls, microservices, fastapi, flask",
"author": null,
"author_email": "Vasiliy Zdanovskiy <vasilyvz@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/26/98/3d32851d19c286d2eb0309ca7e1c3cfd933df0c1d83b84f138b81b88ab82/mcp_security_framework-0.1.0.tar.gz",
"platform": null,
"description": "# MCP Security Framework\n\n[](https://badge.fury.io/py/mcp-security-framework)\n[](https://www.python.org/downloads/)\n[](https://opensource.org/licenses/MIT)\n[](https://github.com/psf/black)\n[](https://pycqa.github.io/isort/)\n\nUniversal security framework for microservices with SSL/TLS, authentication, authorization, and rate limiting.\n\n## Features\n\n- \ud83d\udd10 **Multi-method Authentication**: API keys, JWT tokens, X.509 certificates\n- \ud83d\udee1\ufe0f **SSL/TLS Management**: Server and client certificate handling\n- \ud83d\udd11 **Role-based Authorization**: Flexible permission system with role hierarchy\n- \u26a1 **Rate Limiting**: Configurable request rate limiting\n- \ud83d\ude80 **Framework Agnostic**: Works with FastAPI, Flask, Django, and standalone\n- \ud83d\udee0\ufe0f **CLI Tools**: Certificate management and security testing\n- \ud83d\udcca **Comprehensive Logging**: Security event logging and monitoring\n\n## Quick Start\n\n### Installation\n\n```bash\n# Basic installation\npip install mcp-security-framework\n\n# With framework support\npip install mcp-security-framework[fastapi]\npip install mcp-security-framework[flask]\npip install mcp-security-framework[django]\n\n# Development installation\npip install mcp-security-framework[dev]\n```\n\n### Basic Usage\n\n```python\nfrom mcp_security_framework import SecurityManager, SecurityConfig\nfrom mcp_security_framework.schemas.config import AuthConfig, PermissionConfig\n\n# Create configuration\nconfig = SecurityConfig(\n auth=AuthConfig(\n enabled=True,\n methods=[\"api_key\"],\n api_keys={\"admin\": \"admin_key_123\"}\n ),\n permissions=PermissionConfig(roles_file=\"roles.json\")\n)\n\n# Create security manager\nsecurity_manager = SecurityManager(config)\n\n# Validate request\nresult = security_manager.validate_request({\n \"api_key\": \"admin_key_123\",\n \"required_permissions\": [\"read\", \"write\"]\n})\n\nif result.is_valid:\n print(\"Access granted!\")\nelse:\n print(f\"Access denied: {result.error_message}\")\n```\n\n### FastAPI Integration\n\n```python\nfrom fastapi import FastAPI\nfrom mcp_security_framework import create_fastapi_security_middleware, SecurityConfig\n\n# Configuration\nconfig = SecurityConfig(\n auth=AuthConfig(\n enabled=True,\n methods=[\"api_key\", \"jwt\"],\n api_keys={\"user\": \"user_key_456\"}\n ),\n permissions=PermissionConfig(roles_file=\"roles.json\")\n)\n\n# Create FastAPI app\napp = FastAPI()\n\n# Add security middleware\nsecurity_middleware = create_fastapi_security_middleware(config)\napp.add_middleware(security_middleware)\n\n@app.get(\"/secure\")\nasync def secure_endpoint():\n return {\"message\": \"Access granted\"}\n\n@app.get(\"/public\")\nasync def public_endpoint():\n return {\"message\": \"Public access\"}\n```\n\n### Flask Integration\n\n```python\nfrom flask import Flask\nfrom mcp_security_framework import create_flask_security_middleware, SecurityConfig\n\n# Configuration\nconfig = SecurityConfig(\n auth=AuthConfig(\n enabled=True,\n methods=[\"api_key\"]\n ),\n permissions=PermissionConfig(roles_file=\"roles.json\")\n)\n\n# Create Flask app\napp = Flask(__name__)\n\n# Add security middleware\nsecurity_middleware = create_flask_security_middleware(config)\napp.wsgi_app = security_middleware(app.wsgi_app)\n\n@app.route(\"/secure\")\ndef secure_endpoint():\n return {\"message\": \"Access granted\"}\n```\n\n## CLI Tools\n\n### Certificate Management\n\n```bash\n# Create root CA\nmcp-cert create-ca --ca-name \"My Root CA\" --output-dir ./certs\n\n# Create client certificate\nmcp-cert create-client-cert --name \"client1\" --roles \"user,admin\" --permissions \"read,write\"\n\n# Create server certificate\nmcp-cert create-server-cert --name \"api-server\" --domains \"api.example.com\"\n```\n\n### Security Testing\n\n```bash\n# Validate configuration\nmcp-security validate-config --config-file security_config.json\n\n# Test authentication\nmcp-security test-auth --config-file security_config.json --api-key \"test_key\"\n```\n\n## Configuration\n\n### Basic Configuration File\n\n```json\n{\n \"ssl\": {\n \"enabled\": true,\n \"cert_file\": \"server.crt\",\n \"key_file\": \"server.key\",\n \"ca_cert_file\": \"ca.crt\",\n \"verify_mode\": \"CERT_REQUIRED\",\n \"min_version\": \"TLSv1.2\"\n },\n \"auth\": {\n \"enabled\": true,\n \"methods\": [\"api_key\", \"jwt\", \"certificate\"],\n \"api_keys\": {\n \"admin\": \"admin_key_123\",\n \"user\": \"user_key_456\"\n },\n \"jwt_secret\": \"your_jwt_secret_key\",\n \"jwt_expiry_hours\": 24,\n \"public_paths\": [\"/docs\", \"/health\"]\n },\n \"certificates\": {\n \"ca_dir\": \"./certs\",\n \"roles_oid\": \"1.3.6.1.4.1.99999.1.1\",\n \"permissions_oid\": \"1.3.6.1.4.1.99999.1.2\",\n \"verify_certificates\": true,\n \"check_revocation\": true\n },\n \"permissions\": {\n \"roles_file\": \"roles.json\",\n \"deny_by_default\": true,\n \"case_sensitive\": false,\n \"allow_wildcard\": true\n },\n \"rate_limit\": {\n \"enabled\": true,\n \"rate_limit\": 100,\n \"time_window\": 60,\n \"by_ip\": true,\n \"by_user\": true\n }\n}\n```\n\n### Roles and Permissions\n\n```json\n{\n \"roles\": {\n \"admin\": {\n \"name\": \"admin\",\n \"description\": \"Administrator role\",\n \"permissions\": [\"read\", \"write\", \"delete\", \"admin\"],\n \"priority\": 100\n },\n \"user\": {\n \"name\": \"user\",\n \"description\": \"Regular user role\",\n \"permissions\": [\"read\", \"write\"],\n \"priority\": 50\n },\n \"guest\": {\n \"name\": \"guest\",\n \"description\": \"Guest role\",\n \"permissions\": [\"read\"],\n \"priority\": 10\n }\n },\n \"role_hierarchy\": {\n \"roles\": {\n \"admin\": [\"user\"],\n \"user\": [\"guest\"]\n }\n },\n \"default_policy\": {\n \"deny_by_default\": true,\n \"require_role_match\": true,\n \"case_sensitive\": false,\n \"allow_wildcard\": true\n }\n}\n```\n\n## Documentation\n\n- [Installation Guide](docs/installation.md)\n- [Configuration Reference](docs/configuration.md)\n- [API Reference](docs/api_reference.md)\n- [Examples](docs/examples/)\n - [FastAPI Integration](docs/examples/fastapi_integration.md)\n - [Flask Integration](docs/examples/flask_integration.md)\n - [Standalone Usage](docs/examples/standalone_usage.md)\n- [Security Guide](docs/security/)\n - [SSL/TLS Setup](docs/security/ssl_tls.md)\n - [Authentication Methods](docs/security/authentication.md)\n - [Authorization and Roles](docs/security/authorization.md)\n - [Certificate Management](docs/security/certificates.md)\n- [Troubleshooting](docs/troubleshooting.md)\n\n## Development\n\n### Setup Development Environment\n\n```bash\n# Clone repository\ngit clone https://github.com/mcp-security/mcp-security-framework.git\ncd mcp-security-framework\n\n# Create virtual environment\npython -m venv .venv\nsource .venv/bin/activate # On Windows: .venv\\Scripts\\activate\n\n# Install development dependencies\npip install -e \".[dev]\"\n\n# Install pre-commit hooks\npre-commit install\n```\n\n### Running Tests\n\n```bash\n# Run all tests\npytest\n\n# Run with coverage\npytest --cov=mcp_security_framework --cov-report=html\n\n# Run specific test categories\npytest -m unit\npytest -m integration\npytest -m \"not slow\"\n```\n\n### Code Quality\n\n```bash\n# Format code\nblack src tests\nisort src tests\n\n# Lint code\nflake8 src tests\nmypy src\n\n# Run all quality checks\ntox\n```\n\n### Building Documentation\n\n```bash\n# Install documentation dependencies\npip install -e \".[docs]\"\n\n# Build documentation\nsphinx-build -b html docs docs/_build/html\n```\n\n## Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n### Development Workflow\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Make your changes\n4. Add tests for new functionality\n5. Ensure all tests pass (`pytest`)\n6. Format and lint your code (`black`, `isort`, `flake8`, `mypy`)\n7. Commit your changes (`git commit -m 'Add amazing feature'`)\n8. Push to the branch (`git push origin feature/amazing-feature`)\n9. Open a Pull Request\n\n## Security\n\nIf you discover a security vulnerability, please report it to us at security@mcp.example.com.\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Support\n\n- \ud83d\udcd6 [Documentation](https://mcp-security-framework.readthedocs.io/)\n- \ud83d\udc1b [Issue Tracker](https://github.com/mcp-security/mcp-security-framework/issues)\n- \ud83d\udcac [Discussions](https://github.com/mcp-security/mcp-security-framework/discussions)\n- \ud83d\udce7 [Email Support](mailto:support@mcp.example.com)\n\n## Changelog\n\nSee [CHANGELOG.md](CHANGELOG.md) for a list of changes and version history.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Universal security framework for microservices with SSL/TLS, authentication, authorization, and rate limiting",
"version": "0.1.0",
"project_urls": {
"Bug Tracker": "https://github.com/maverikod/mcp-security-framework/issues",
"Documentation": "https://mcp-security-framework.readthedocs.io/",
"Homepage": "https://github.com/maverikod/mcp-security-framework",
"Repository": "https://github.com/maverikod/mcp-security-framework",
"Security Policy": "https://github.com/maverikod/mcp-security-framework/security/policy"
},
"split_keywords": [
"security",
" authentication",
" authorization",
" ssl",
" tls",
" microservices",
" fastapi",
" flask"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "12ad32d12a9e1a359dd7f82597f294a2359a6bd6287142b138dfaf390e244cc3",
"md5": "88722ce2a59eb52a8755cf81dfe11893",
"sha256": "1b7a9f6207e2e3a88e9d2b91cc79b0f5f498519ce7fae7608116255009a6b075"
},
"downloads": -1,
"filename": "mcp_security_framework-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "88722ce2a59eb52a8755cf81dfe11893",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 238752,
"upload_time": "2025-08-19T11:50:18",
"upload_time_iso_8601": "2025-08-19T11:50:18.522980Z",
"url": "https://files.pythonhosted.org/packages/12/ad/32d12a9e1a359dd7f82597f294a2359a6bd6287142b138dfaf390e244cc3/mcp_security_framework-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "26983d32851d19c286d2eb0309ca7e1c3cfd933df0c1d83b84f138b81b88ab82",
"md5": "7ee3f9fa4d08c1dad382749ceb4b8c8a",
"sha256": "a612238571aec4fcca91cfb60638244c33fd4f0808f0c731cbbdcf8f5c731d23"
},
"downloads": -1,
"filename": "mcp_security_framework-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "7ee3f9fa4d08c1dad382749ceb4b8c8a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 181695,
"upload_time": "2025-08-19T11:50:20",
"upload_time_iso_8601": "2025-08-19T11:50:20.491963Z",
"url": "https://files.pythonhosted.org/packages/26/98/3d32851d19c286d2eb0309ca7e1c3cfd933df0c1d83b84f138b81b88ab82/mcp_security_framework-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-19 11:50:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "maverikod",
"github_project": "mcp-security-framework",
"github_not_found": true,
"lcname": "mcp-security-framework"
}
JSON
