-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Add Enhanced Tool Definition Interface (ETDI): Prevents Tool Poisoning and Rug Pull Attacks with Immutable Versioned Definitions, Cryptographic Signing, Granular Permissions, Trust Chains, and OAuth 2.0 Integration #845
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
vineethsai
wants to merge
48
commits into
modelcontextprotocol:main
Choose a base branch
from
vineethsai:main
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+28,171
−426
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added some defaults and fix some import issues
- Replace with secure environment variables using os.getenv() - Add .env.example template for easy setup - Implement automatic secret redaction tooling - Create comprehensive tool poisoning attack demonstration - Implement legitimate ETDI-protected server with OAuth authentication - Add malicious server simulation for educational purposes - Provide real-time security analysis and threat blocking - Add comprehensive tool poisoning demo documentation - Include Auth0 setup guide and troubleshooting sections - Add requirements.txt with all necessary dependencies - Create setup verification and testing scripts - Implement automatic environment configuration - Add comprehensive error handling and user guidance - examples/README.md: Complete rewrite with ETDI focus - examples/etdi/oauth_providers.py: Secret redaction + env vars - examples/etdi/run_e2e_demo.py: Secret redaction + env vars - src/mcp/etdi/server/tool_provider.py: Enhanced functionality - examples/etdi/.env.example: Environment variable template - examples/etdi/tool_poisoning_demo/: Complete demo directory - examples/etdi/tool_poisoning_demo/requirements.txt: Dependencies - examples/etdi/tool_poisoning_demo/README.md: Setup documentation - examples/etdi/legitimate_etdi_server.py: ETDI-protected server - examples/etdi/tool_poisoning_demo/malicious_server.py: Attack simulation - examples/etdi/tool_poisoning_demo/etdi_attack_prevention_client.py: ETDI client - examples/etdi/tool_poisoning_demo/run_real_server_demo.py: Demo orchestrator
Tested tool poisoining, tested standard MCP wasn't impacted as well with claude integration
Add request signing to the SDK
Adding all of the docs
fixed some docs
update docs
https://vineethsai.github.io/python-sdk/etdi-concepts/#introduction-the-imperative-for-secure-mcp Docs as github pages /cc @ihrpr |
Changed Documentation links from relative to absolute for Integration Guide, API Reference, and Security Best Practices.
…inks Update README.md
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces the Enhanced Tool Definition Interface (ETDI) to the Python SDK. ETDI is a security and trust framework designed to ensure the authenticity, integrity, and traceability of data and actions within distributed AI and automation systems. This is the first integration of ETDI into this project.
Motivation and Context
The Model Context Protocol (MCP) enables powerful AI applications by allowing LLMs to interact with external tools and data sources. However, the standard MCP specification lacks robust security mechanisms, making it vulnerable to attacks such as Tool Poisoning and Rug Pulls.
ETDI addresses these critical security gaps by introducing:
This change is needed to ensure that users and applications can trust the tools they interact with, prevent unauthorized data access or manipulation, and provide a foundation for secure, auditable, and transparent AI/automation workflows.
How Has This Been Tested?
examples/etdi
directory.Breaking Changes
No breaking changes.
All ETDI features are additive and opt-in. Existing code and workflows will continue to function as before. Users can adopt ETDI incrementally.
Types of changes
Checklist
Additional context
docs/etdi-concepts.md
for a full conceptual and technical overview.