Metadata-Version: 2.4
Name: mcp-anvil
Version: 0.1.3
Summary: Scaffold, audit, and inspect Model Context Protocol (MCP) servers from the CLI.
Project-URL: Homepage, https://aiinfradecoded.com/mcp-anvil
Project-URL: Documentation, https://aiinfradecoded.com/mcp-anvil/docs
Project-URL: Repository, https://github.com/aiinfradecoded/mcp-anvil
Project-URL: Issues, https://github.com/aiinfradecoded/mcp-anvil/issues
Author-email: AI Infra Decoded <hello@aiinfradecoded.com>
License: Commercial — see LICENSE.md
Keywords: ai-agents,llm,mcp,model-context-protocol,scaffolding,security-audit
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Software Development :: Code Generators
Classifier: Topic :: Software Development :: Testing
Requires-Python: >=3.11
Requires-Dist: anyio>=4.4
Requires-Dist: cryptography>=42.0
Requires-Dist: fastapi>=0.115
Requires-Dist: httpx>=0.27
Requires-Dist: jinja2>=3.1
Requires-Dist: mcp>=1.0
Requires-Dist: pydantic>=2.7
Requires-Dist: rich>=13.7
Requires-Dist: typer>=0.12
Requires-Dist: uvicorn>=0.30
Provides-Extra: dev
Requires-Dist: mypy>=1.10; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
Requires-Dist: pytest>=8.0; extra == 'dev'
Requires-Dist: ruff>=0.6; extra == 'dev'
Description-Content-Type: text/markdown

# MCP Anvil

> Scaffold, audit, and inspect Model Context Protocol (MCP) servers from
> one CLI. The missing toolbox for MCP server authors.

[![PyPI version](https://img.shields.io/pypi/v/mcp-anvil.svg)](https://pypi.org/project/mcp-anvil/)
[![Python](https://img.shields.io/pypi/pyversions/mcp-anvil.svg)](https://pypi.org/project/mcp-anvil/)
[![Site](https://img.shields.io/badge/site-aiinfradecoded.com%2Fmcp--anvil-22d3ee)](https://aiinfradecoded.com/mcp-anvil)

```bash
pipx install mcp-anvil
mcp-anvil new my-server          # scaffold a real working server  (free)
mcp-anvil audit ./my-server      # 21-rule security + health audit (paid)
mcp-anvil inspect ./my-server    # live tool playground :7800       (paid)
```

## Why MCP Anvil

Every MCP server shipped in 2026 reinvents the same plumbing — manifest,
tool hygiene, a security audit nobody runs, a debugger that's barely
there. Anthropic's official MCP Inspector is fine for one-off pokes but
not a toolbox. The published fault taxonomies
([arXiv 2506.13538](https://arxiv.org/abs/2506.13538) — 1,899 servers
empirically studied; [arXiv 2603.05637](https://arxiv.org/abs/2603.05637)
— two-thirds Windows-specific faults) aren't productized anywhere.

MCP Anvil fills the gap. One CLI for the three things every MCP author does
between "git init" and "ship":

### 1. Scaffold (free forever — lead-magnet on purpose)

```bash
mcp-anvil new my-server --lang python
```

Generates a complete project — `pyproject.toml`, MCP manifest, FastMCP-based
server, working sample tool, tests, Dockerfile, README. Python and TypeScript
templates both pass `mcp-anvil audit .` on first run.

### 2. Audit (21-rule security + health pass)

```bash
mcp-anvil audit ./my-server                   # full audit
mcp-anvil audit ./my-server --html report.html # share with security review
mcp-anvil audit ./my-server --strict          # fail CI on any warning
```

12 static rules + 9 runtime probes, grounded in the published research
above + AgentDojo's injection benchmark. Sample findings:

- `static.tools.name_collision` — `Search` and `search` differ only by case
- `static.security.hardcoded_secret` — `sk-ant-api03-...` shape in your manifest
- `runtime.handshake.failed` — server crashes on `initialize`
- `runtime.windows.large_payload_breaks_stream` — cp1252 mangles long JSON

Adversarial fuzzing is opt-in (`--enable-fuzz`) because it really does call
your tools with injection payloads.

### 3. Inspect (live playground at localhost:7800)

```bash
mcp-anvil inspect ./my-server
```

Opens a browser dashboard that auto-renders forms from each tool's JSON
schema, fires real MCP calls through a held stdio connection, and shows a
run history with per-call latency. Beats the official MCP Inspector on
polish — fixture-saving and response-diffing land in v1.1.

## Pricing

| Tier         | Price        | What you get                                |
| ------------ | ------------ | ------------------------------------------- |
| **Free**     | $0           | `new` command + demo mode for audit/inspect |
| **Personal** | $29 one-time | Everything. 1 developer, 1 year of updates  |
| **Team**     | $99 one-time | Everything. 5 developer seats, 1 year       |

14-day full-feature trial on first paid-command run. No signup. License is
[Ed25519-signed offline](https://en.wikipedia.org/wiki/EdDSA#Ed25519) — no
network call on the happy path. 14-day refund on email request.

[Buy a license](https://aiinfradecoded.com/mcp-anvil) →

## Install

```bash
pipx install mcp-anvil          # recommended — isolated install
# or
pip install mcp-anvil           # works fine too
```

Requirements: Python 3.11+. Docker, Node, etc. are NOT required by MCP Anvil
itself — they're requirements of the servers you scaffold.

## Quickstart

```bash
mcp-anvil new my-first-server
cd my-first-server
python -m venv .venv
.venv\Scripts\activate          # Windows
# source .venv/bin/activate    # macOS/Linux
pip install -e .
mcp-anvil inspect .
```

Click the `echo` tool in the browser dashboard, type something, watch the
round-trip in the timeline. That's the trial loop.

## Activate a license

After purchase, you receive a base32-encoded blob via email. Activate it:

```bash
mcp-anvil license activate "AB3CD4EF..."   # paste your key
mcp-anvil license status                   # confirm
```

The license is stored at `~/.mcp-anvil/license.json`. Verified locally with
the embedded public key — no phoning home.

## Status

**v0.1.x — alpha.** API surface is stable; rule additions ship in patch
releases. v0.2 plans: fixture saving, response diffing, AgentDojo full-corpus
adapter, Rust + Go templates.

## Support

- Site: <https://aiinfradecoded.com/mcp-anvil>
- Issues: <https://github.com/aiinfradecoded/mcp-anvil/issues>
- Email: <hello@aiinfradecoded.com>

Built by [AI Infra Decoded](https://aiinfradecoded.com). Commercial license,
single-developer terms — see [LICENSE.md](./LICENSE.md).
