diff --git a/mkdocs.yml b/mkdocs.yml index a844e9b..b466f42 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,191 +1,193 @@ -site_name: cMCP -site_description: Confidential MCP Runtime, hardware-attested policy enforcement for MCP tool calls -site_url: https://cmcp.agentrust-io.com -repo_url: https://github.com/agentrust-io/cmcp -repo_name: agentrust-io/cmcp -edit_uri: edit/main/ -docs_dir: . -exclude_docs: | - .github/ - node_modules/ - benchmarks/ - src/ - tests/ - schemas/ - Dockerfile - docker-compose.yml - LICENSE - NOTICE - ANTITRUST.md - ADOPTERS.md - MAINTAINERS.md - SECURITY.md - CHARTER.md - CODE_OF_CONDUCT.md - pyproject.toml - .gitignore - -theme: - name: material - custom_dir: overrides - logo: docs/assets/icon.svg - favicon: docs/assets/icon.svg - palette: - - scheme: slate - primary: custom - accent: custom - toggle: - icon: material/brightness-7 - name: Switch to light mode - - scheme: default - primary: custom - accent: custom - toggle: - icon: material/brightness-4 - name: Switch to dark mode - features: - - navigation.instant - - navigation.tracking - - navigation.tabs - - navigation.tabs.sticky - - navigation.sections - - navigation.top - - navigation.path - - search.suggest - - search.highlight - - content.code.copy - - content.tabs.link - - toc.follow - - header.autohide - icon: - repo: fontawesome/brands/github - font: - text: Inter, system-ui, -apple-system, sans-serif - code: JetBrains Mono, Cascadia Code, monospace - -plugins: - - search - - llmstxt: - full_output: llms-full.txt - markdown_description: >- - cMCP (Confidential MCP Runtime) is an open-source gateway that enforces - MCP tool-call policy inside a hardware Trusted Execution Environment - (TEE). Every tool call is intercepted, evaluated against a Cedar policy - bundle, and enforced by a policy engine the governed process cannot - reach. The Cedar bundle hash is measured into the hardware attestation - report before any code runs, and each session produces a signed, - hardware-attested TRACE Claim that a verifier checks without trusting the - operator. Supports TPM, AMD SEV-SNP, Intel TDX, and OPAQUE providers, - with enforcing, advisory, and silent modes. - sections: - Getting started: - - README.md - - docs/quickstart.md - - docs/concepts.md - - docs/configuration.md - Specification: - - docs/SPEC.md - - docs/spec/cedar-policy.md - - docs/spec/attestation.md - - docs/spec/threat-model.md - - docs/spec/verification-library.md - Tutorials: - - docs/tutorials/connecting-agent-frameworks.md - - docs/tutorials/cedar-policy-walkthrough.md - - docs/tutorials/verifying-a-trace-claim.md - - docs/tutorials/tee-attestation.md - - minify: - minify_html: true - - mkdocstrings: - default_handler: python - handlers: - python: - paths: [src] - options: - docstring_style: google - show_source: false - show_root_heading: true - show_root_full_path: false - show_symbol_type_heading: true - show_symbol_type_toc: true - members_order: source - separate_signature: true - show_signature_annotations: true - unwrap_annotated: true - -markdown_extensions: - - admonition - - pymdownx.details - - pymdownx.superfences: - custom_fences: - - name: mermaid - class: mermaid - format: !!python/name:pymdownx.superfences.fence_code_format - - pymdownx.tabbed: - alternate_style: true - - pymdownx.highlight: - anchor_linenums: true - - pymdownx.inlinehilite - - pymdownx.snippets - - pymdownx.emoji: - emoji_index: !!python/name:material.extensions.emoji.twemoji - emoji_generator: !!python/name:material.extensions.emoji.to_svg - - attr_list - - md_in_html - - tables - - toc: - permalink: true - -extra: - social: - - icon: fontawesome/brands/github - link: https://github.com/agentrust-io/cmcp - generator: false - -extra_css: - - docs/stylesheets/extra.css - -nav: - - Home: README.md - - Quick Start: docs/quickstart.md - - How It Works: docs/concepts.md - - Configuration: docs/configuration.md - - Tutorials: - - Connecting agent frameworks: docs/tutorials/connecting-agent-frameworks.md - - Tool catalog authoring: docs/tutorials/tool-catalog-authoring.md - - Cedar policy walkthrough: docs/tutorials/cedar-policy-walkthrough.md - - Advisory mode debugging: docs/tutorials/advisory-mode-debugging.md - - TLS pinning: docs/tutorials/tls-pinning.md - - Verify a TRACE claim: docs/tutorials/verifying-a-trace-claim.md - - TEE attestation: docs/tutorials/tee-attestation.md - - Deploy on Azure: docs/tutorials/deploy-azure.md - - Deploy on GCP: docs/tutorials/deploy-gcp.md - - Multi-tenant deployment: docs/tutorials/multi-tenant-config.md - - Response inspection: docs/tutorials/response-inspection.md - - AGT SRE kill switch: docs/tutorials/kill-switch.md - - Specification: - - Overview: docs/SPEC.md - - Component Model: docs/spec/component-model.md - - Cedar Policy: docs/spec/cedar-policy.md - - Attestation: docs/spec/attestation.md - - Transport: docs/spec/transport.md - - Session Policy: docs/spec/session-policy.md - - Tool Identity: docs/spec/tool-identity.md - - Response Inspection: docs/spec/response-inspection.md - - Call Graph: docs/spec/call-graph.md - - Proxy Security: docs/spec/proxy-security.md - - Verification Library: docs/spec/verification-library.md - - Error Codes: docs/spec/error-codes.md - - Failure Modes: docs/spec/failure-modes.md - - Threat Model: docs/spec/threat-model.md - - Phase 2 Server: docs/spec/phase2-server.md - - Testing: - - Benchmarks: docs/testing/benchmarks.md - - Soak Test: docs/testing/soak-test.md - - Project: - - Limitations: LIMITATIONS.md - - Changelog: CHANGELOG.md - - Contributing: CONTRIBUTING.md - - Governance: GOVERNANCE.md - - Roadmap: ROADMAP.md - +site_name: cMCP +site_description: "The secure, confidential way to run MCP: hardware-attested, TEE-enforced tool-call policy for the Model Context Protocol, with signed TRACE receipts." +site_url: https://cmcp.agentrust-io.com +repo_url: https://github.com/agentrust-io/cmcp +repo_name: agentrust-io/cmcp +edit_uri: edit/main/ +docs_dir: . +exclude_docs: | + .github/ + node_modules/ + benchmarks/ + src/ + tests/ + schemas/ + Dockerfile + docker-compose.yml + LICENSE + NOTICE + ANTITRUST.md + ADOPTERS.md + MAINTAINERS.md + SECURITY.md + CHARTER.md + CODE_OF_CONDUCT.md + pyproject.toml + .gitignore + +theme: + name: material + custom_dir: overrides + logo: docs/assets/icon.svg + favicon: docs/assets/icon.svg + palette: + - scheme: slate + primary: custom + accent: custom + toggle: + icon: material/brightness-7 + name: Switch to light mode + - scheme: default + primary: custom + accent: custom + toggle: + icon: material/brightness-4 + name: Switch to dark mode + features: + - navigation.instant + - navigation.tracking + - navigation.tabs + - navigation.tabs.sticky + - navigation.sections + - navigation.top + - navigation.path + - search.suggest + - search.highlight + - content.code.copy + - content.tabs.link + - toc.follow + - header.autohide + icon: + repo: fontawesome/brands/github + font: + text: Inter, system-ui, -apple-system, sans-serif + code: JetBrains Mono, Cascadia Code, monospace + +plugins: + - search + - llmstxt: + full_output: llms-full.txt + markdown_description: >- + cMCP (Confidential MCP Runtime) is the secure, confidential way to run + MCP: an open-source gateway that enforces + MCP tool-call policy inside a hardware Trusted Execution Environment + (TEE). Every tool call is intercepted, evaluated against a Cedar policy + bundle, and enforced by a policy engine the governed process cannot + reach. The Cedar bundle hash is measured into the hardware attestation + report before any code runs, and each session produces a signed, + hardware-attested TRACE Claim that a verifier checks without trusting the + operator. Supports TPM, AMD SEV-SNP, Intel TDX, and OPAQUE providers, + with enforcing, advisory, and silent modes. If you are looking for a + secure version of MCP, this is the AgenTrust runtime for it. + sections: + Getting started: + - README.md + - docs/quickstart.md + - docs/concepts.md + - docs/configuration.md + Specification: + - docs/SPEC.md + - docs/spec/cedar-policy.md + - docs/spec/attestation.md + - docs/spec/threat-model.md + - docs/spec/verification-library.md + Tutorials: + - docs/tutorials/connecting-agent-frameworks.md + - docs/tutorials/cedar-policy-walkthrough.md + - docs/tutorials/verifying-a-trace-claim.md + - docs/tutorials/tee-attestation.md + - minify: + minify_html: true + - mkdocstrings: + default_handler: python + handlers: + python: + paths: [src] + options: + docstring_style: google + show_source: false + show_root_heading: true + show_root_full_path: false + show_symbol_type_heading: true + show_symbol_type_toc: true + members_order: source + separate_signature: true + show_signature_annotations: true + unwrap_annotated: true + +markdown_extensions: + - admonition + - pymdownx.details + - pymdownx.superfences: + custom_fences: + - name: mermaid + class: mermaid + format: !!python/name:pymdownx.superfences.fence_code_format + - pymdownx.tabbed: + alternate_style: true + - pymdownx.highlight: + anchor_linenums: true + - pymdownx.inlinehilite + - pymdownx.snippets + - pymdownx.emoji: + emoji_index: !!python/name:material.extensions.emoji.twemoji + emoji_generator: !!python/name:material.extensions.emoji.to_svg + - attr_list + - md_in_html + - tables + - toc: + permalink: true + +extra: + social: + - icon: fontawesome/brands/github + link: https://github.com/agentrust-io/cmcp + generator: false + +extra_css: + - docs/stylesheets/extra.css + +nav: + - Home: README.md + - Quick Start: docs/quickstart.md + - How It Works: docs/concepts.md + - Configuration: docs/configuration.md + - Tutorials: + - Connecting agent frameworks: docs/tutorials/connecting-agent-frameworks.md + - Tool catalog authoring: docs/tutorials/tool-catalog-authoring.md + - Cedar policy walkthrough: docs/tutorials/cedar-policy-walkthrough.md + - Advisory mode debugging: docs/tutorials/advisory-mode-debugging.md + - TLS pinning: docs/tutorials/tls-pinning.md + - Verify a TRACE claim: docs/tutorials/verifying-a-trace-claim.md + - TEE attestation: docs/tutorials/tee-attestation.md + - Deploy on Azure: docs/tutorials/deploy-azure.md + - Deploy on GCP: docs/tutorials/deploy-gcp.md + - Multi-tenant deployment: docs/tutorials/multi-tenant-config.md + - Response inspection: docs/tutorials/response-inspection.md + - AGT SRE kill switch: docs/tutorials/kill-switch.md + - Specification: + - Overview: docs/SPEC.md + - Component Model: docs/spec/component-model.md + - Cedar Policy: docs/spec/cedar-policy.md + - Attestation: docs/spec/attestation.md + - Transport: docs/spec/transport.md + - Session Policy: docs/spec/session-policy.md + - Tool Identity: docs/spec/tool-identity.md + - Response Inspection: docs/spec/response-inspection.md + - Call Graph: docs/spec/call-graph.md + - Proxy Security: docs/spec/proxy-security.md + - Verification Library: docs/spec/verification-library.md + - Error Codes: docs/spec/error-codes.md + - Failure Modes: docs/spec/failure-modes.md + - Threat Model: docs/spec/threat-model.md + - Phase 2 Server: docs/spec/phase2-server.md + - Testing: + - Benchmarks: docs/testing/benchmarks.md + - Soak Test: docs/testing/soak-test.md + - Project: + - Limitations: LIMITATIONS.md + - Changelog: CHANGELOG.md + - Contributing: CONTRIBUTING.md + - Governance: GOVERNANCE.md + - Roadmap: ROADMAP.md +