Cryptographic hardening layer for MCP servers that signs tool manifests with Ed25519 and validates spawn calls before execution. Drop in verifyManifestStrict at startup and attestSpawnStrict before every child_process.spawn to block the command injection and malicious update vectors that hit Serverless Framework and Cursor in 2025. Ships with a TOFU trust store, default-deny argument sanitizer that blocks shell metacharacters and Unicode exploits, and a CLI for keygen, signing, and verification. Built as a direct response to marketplace poisoning and CVE-2025-69256. Reference server exposes five tools including manifest signing, spawn inspection, and key generation. Opt into Sigstore Rekor cross-reference for transparency log verification beyond local pinning.
claude mcp add --transport stdio io.studiomeyer-server-attestation -- npx -y mcp-attest-demo