A modern, plugin-based validation framework for MCP (Model Context Protocol) servers. Provides comprehensive testing of protocol compliance, capabilities, and security.
- Plugin-based validators: Each validation type is a separate, configurable plugin
- Flexible configuration: Multiple validation profiles with customizable parameters
- Dependency management: Validators can depend on each other and run in optimal order
- Transport abstraction: Clean separation between communication and validation logic
- Validation profiles: Pre-configured validation suites for different use cases
- Runtime configuration: Override settings via CLI, environment, or config files
- Extensible validators: Easy to add custom validation logic
- Structured results: Clear separation of different validation aspects
- Multiple output formats: Console and JSON reporting with detailed breakdown
- Progress tracking: Real-time feedback during validation execution
# Validate an MCP server
mcp-validate -- npx @dynatrace-oss/dynatrace-mcp-server
# With environment variables
mcp-validate --env DT_ENVIRONMENT=https://example.apps.dynatrace.com -- npx server
# With custom timeout
mcp-validate --timeout 60 -- python my_server.py# Use a specific validation profile
mcp-validate --profile basic -- python server.py
mcp-validate --profile security_focused -- node server.js
mcp-validate --profile comprehensive -- ./my-server# Enable/disable specific validators
mcp-validate --enable ping --disable security -- python server.py
mcp-validate --disable errors -- ./server # Skip error compliance testing# Use a custom configuration file
mcp-validate --config ./my-validation-config.json -- python server.py
# Set config via environment
export MCP_VALIDATION_CONFIG=./config.json
export MCP_VALIDATION_PROFILE=development
mcp-validate -- python server.py# List available profiles
mcp-validate --list-profiles
# List available validators
mcp-validate --list-validators- Purpose: Quick protocol compliance check
- Validators: protocol, capabilities
- Use case: Development and CI/CD pipelines
- Purpose: Complete validation with all features
- Validators: protocol, capabilities, ping, errors, security
- Use case: Thorough testing before release
- Purpose: Security-first validation
- Validators: protocol, errors (strict), security (required)
- Use case: Security audits and compliance
- Purpose: Developer-friendly validation
- Validators: protocol, capabilities, ping, errors
- Features: Detailed feedback, continues on failure
- Use case: Local development and debugging
- Purpose: Basic MCP protocol compliance
- Tests: Initialize handshake, protocol version, server info
- Dependencies: None (foundation validator)
- Purpose: Test advertised server capabilities
- Tests: tools/list, prompts/list, resources/list
- Dependencies: protocol
- Purpose: Test optional ping functionality
- Tests: Ping request/response, response time measurement
- Dependencies: protocol
- Purpose: JSON-RPC error compliance testing
- Tests: Invalid method handling, malformed request handling
- Dependencies: protocol
- Purpose: Security analysis using mcp-scan
- Tests: Vulnerability scanning, tool analysis
- Dependencies: protocol
Create a .mcp-validation.json file:
{
"active_profile": "custom",
"profiles": {
"custom": {
"description": "My custom validation profile",
"global_timeout": 30.0,
"continue_on_failure": true,
"validators": {
"protocol": {
"enabled": true,
"required": true
},
"ping": {
"enabled": true,
"required": false,
"parameters": {
"max_response_time_ms": 500
}
},
"security": {
"enabled": true,
"required": false,
"parameters": {
"run_mcp_scan": true,
"vulnerability_threshold": "medium",
"save_scan_results": true
}
}
}
}
}
}export MCP_VALIDATION_CONFIG=./config.json # Path to configuration file
export MCP_VALIDATION_PROFILE=development # Active profile nameEach validator supports custom parameters:
strict_version_check: Enforce exact protocol version matchvalidate_client_info: Validate client information format
max_items_to_list: Limit number of items to retrieve in list operationstest_all_capabilities: Test all advertised capabilities
max_response_time_ms: Maximum acceptable response time
test_malformed_requests: Test malformed JSON handlingtest_invalid_methods: Test invalid method handlingstrict_error_codes: Require exact JSON-RPC error codes
run_mcp_scan: Enable mcp-scan analysisvulnerability_threshold: Minimum severity level to reportsave_scan_results: Save detailed scan results to file
from mcp_validation import validate_server
async def main():
session = await validate_server(["python", "my_server.py"])
if session.overall_success:
print("✅ Server is MCP compliant!")
else:
print("❌ Validation failed:")
for error in session.errors:
print(f" - {error}")
import asyncio
asyncio.run(main())from mcp_validation import (
MCPValidationOrchestrator,
ConfigurationManager,
ConsoleReporter,
JSONReporter
)
async def advanced_validation():
# Load custom configuration
config_manager = ConfigurationManager("./config.json")
config_manager.set_active_profile("development")
# Create orchestrator
orchestrator = MCPValidationOrchestrator(config_manager)
# Run validation
session = await orchestrator.validate_server(
["python", "server.py"],
env_vars={"DEBUG": "1"}
)
# Generate reports
console_reporter = ConsoleReporter(verbose=True)
console_reporter.report_session(session)
json_reporter = JSONReporter()
json_reporter.save_report(session, "report.json", ["python", "server.py"])
asyncio.run(advanced_validation())from mcp_validation import BaseValidator, ValidationContext, ValidatorResult
from mcp_validation import MCPValidationOrchestrator, ConfigurationManager
class PerformanceValidator(BaseValidator):
@property
def name(self) -> str:
return "performance"
@property
def description(self) -> str:
return "Test MCP server performance characteristics"
@property
def dependencies(self) -> List[str]:
return ["protocol"]
async def validate(self, context: ValidationContext) -> ValidatorResult:
# Your custom validation logic here
start_time = time.time()
# Test response times, concurrent requests, etc.
return ValidatorResult(
validator_name=self.name,
passed=True,
errors=[],
warnings=[],
data={"response_time": 0.1},
execution_time=time.time() - start_time
)
# Register and use
config_manager = ConfigurationManager()
orchestrator = MCPValidationOrchestrator(config_manager)
orchestrator.register_validator(PerformanceValidator)See the examples/ directory for:
sample-config.json- Complete configuration examplecustom_validator.py- How to create custom validatorsvalidation-config.json- Advanced configuration scenarios
mcp-validate [OPTIONS] [--] COMMAND [ARGS...]
Options:
--config FILE Configuration file path
--profile NAME Validation profile to use
--env KEY=VALUE Set environment variable (repeatable)
--enable VALIDATOR Enable specific validator
--disable VALIDATOR Disable specific validator
--timeout SECONDS Global timeout override
--skip-mcp-scan Skip mcp-scan security analysis
--json-report FILENAME Export JSON report
--verbose Show detailed output
--list-profiles List available profiles
--list-validators List available validators
-h, --help Show help message- Command not found: Ensure the MCP server command is in your PATH
- Timeout errors: Increase timeout with
--timeoutor in config - Permission issues: Check environment variables and file permissions
- mcp-scan not found: Install with
uvx install mcp-scanor disable security validator
# Enable verbose output
mcp-validate --verbose -- python server.py
# Generate detailed JSON report
mcp-validate --json-report debug-report.json -- python server.pyexport MCP_VALIDATION_PROFILE=development # Use dev-friendly profile
export DEBUG=1 # Enable debug logging in your server