Skip to content

agentrust-io/cmcp

BranchesTags

Repository files navigation

cMCP

cMCP: Confidential MCP Runtime

Enforce MCP tool policy where it cannot be tampered with

Full Documentation

Quick Start  |  Architecture  |  Specification  |  Changelog

CI License: MIT PyPI Discord

Developer Preview — launching at Confidential Computing Summit, June 23 2026.

Hardware-attested policy enforcement for MCP tool calls. cMCP intercepts every tool call, evaluates it against a Cedar policy bundle, and enforces the decision inside a Trusted Execution Environment (TEE). The policy bundle hash is measured into the hardware attestation report before any code runs — the control plane governing tool calls runs where it cannot be reached by the process it governs.

Every tool call produces a signed TRACE record: cryptographic proof of what ran, under which policy, in which TEE.

Quick start

pip install cmcp-runtime
# cmcp-config.yaml
attestation:
  platform: amd-sev-snp
policy:
  bundle: ./policy.tar.gz
  enforcement_mode: enforce
cmcp start --config cmcp-config.yaml

Resources
📖 Full documentation cmcp.agentrust-io.com
📄 Specification docs/spec/
🔑 Cedar policies examples/policies/
🔗 TRACE attestation trace-spec
🐳 Docker Dockerfile
💬 Discussions GitHub Discussions
📋 Changelog CHANGELOG.md

Contributing

See CONTRIBUTING.md and GOVERNANCE.md.

About

cMCP — Confidential MCP Gateway. Hardware-attested policy enforcement for MCP tool calls.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

cmcp-runtime 0.2.0 Latest
Jun 12, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages