MCPHARDEN — MCP server hardening linter — capability declarations, transport, tool descriptions

Part of the Cognis Neural Suite by Cognis Digital Cognis Open Collaboration License (COCL) v1.0 · domain: ai-security

MCP server hardening linter — capability declarations, transport, tool descriptions.

AI Security & Governance — securing LLMs, agents, and the MCP supply chain.

Why

Security and intelligence teams need MCP server hardening linter — capability declarations, transport, tool descriptions without standing up heavyweight infrastructure. mcpharden is single-purpose, scriptable, CI-friendly, and self-hostable: point it at a target, get prioritized findings in the format your workflow already speaks (table, JSON, SARIF, HTML), and wire it into agents over MCP when you want it autonomous.

Install

pip install cognis-mcpharden
# or, from this repo:
pip install -e ".[dev]"

Quick start

mcpharden --version
mcpharden scan demos/                      # run against the bundled demo
mcpharden scan demos/ --format sarif --out r.sarif --fail-on high
mcpharden scan demos/ --format html --out report.html
mcpharden mcp                              # expose as an MCP server (Cognis.Studio / Claude Desktop / Cursor)

Built-in demo scenarios

Each scenario folder includes a SCENARIO.md describing the situation and the findings to expect.

• demos/01-basic/
• demos/01-public-mcp-no-auth/
• demos/02-internal-stdio/
• demos/03-shared-multi-server/

Output formats

• Table (default) — human-readable terminal summary
• JSON — machine-readable findings for pipelines
• SARIF — drops into GitHub code-scanning / IDE problem panes
• HTML — shareable report with severity rollups

Credits / Built on

Cognis composes and credits the best of open source. This tool builds on / interoperates with:

• ModelContextProtocol-Security/mcpserver-audit — fork base
• slowmist/MCP-Security-Checklist — checklist source

Missing a credit? Open a PR — see CONTRIBUTING.md.

How it fits the Cognis Neural Suite

mcpharden is one of 52 tools in the Cognis Neural Suite. Every tool ships an MCP server, so Cognis.Studio agents can call them as scoped capabilities.

Sibling tools in ai-security: aegis, promptmirror, ledgermind, adversa, guardpost, hallumark, aicard, biascope, agentlog, ragshield

Architecture & roadmap

• Design notes: docs/ARCHITECTURE.md
• Planned work: ROADMAP.md

Contributing

PRs, new detections, and demo scenarios are welcome under the collaboration-pull model. See CONTRIBUTING.md and SECURITY.md.

License

Source-available under the Cognis Open Collaboration License (COCL) v1.0 — free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.

Responsible use

This is dual-use security software. Use it only against systems, data, and identities you own or are explicitly authorized in writing to test, and in compliance with applicable law.

About

Cognis Digital — Wyoming, USA · Making Tomorrow Better Today: Advanced Cybersecurity, AI Innovation, and Blockchain Expertise.