๐ MCP Provenance Monitor Dashboard
A web dashboard for monitoring the software supply chain provenance of local MCP (Model Context Protocol) server packages.
Why is MCP server xyz missing?
- Currently, only servers published on npm or PyPI are supported.
- Server data is sourced from the MCP registry at https://github.com/modelcontextprotocol/registry, which is still under development and not updated regularly. Manual additions are not supported yet.
How can I add provenance to my MCP server?
- For NPM packages, see Generating provenance statements.
- For PyPI packages, see Producing attestations.
How can I add provenance to dependencies?
- Help improve the ecosystem by contributing to dependency packages: ensure they are built in CI and publish provenance. You can also consider submitting a pull request to those projects.
I just released a new version with provenance, but it still says provenance is missing. Why?
- Data is refreshed daily. If you just published a new version, please allow up to one day for the update to appear.
Do MCP clients check provenance?
- Not yet. For updates, see this issue.
pip install -r requirements.txt
python -m collector.main --dev
python -m http.server -d webSee the LICENSE file for details.