Status: public, synthetic, local-only reproduction fixture.
This directory contains the FastMCP 3.4.4 portion of the published
MCP-assurance evidence. It binds only to an operator-owned 127.0.0.1
endpoint using stateless JSON Streamable HTTP. Native on_call_tool
middleware reads request headers before FastMCP dispatches the one static,
read-only tool.
The application-layer policy checks a synthetic bearer marker, resource binding, active key, Ed25519 signature, exact tool/argument binding, scope, expiry, replay, and a local-only target rule. The fixture has no real MCP server, OAuth issuer, account, customer data, credential, or external target.
From a clone of this repository, using Python 3.11 or newer:
python3 -m venv .venv
.venv/bin/python -m pip install -r mcp-assurance/fastmcp-signed-agent/requirements.txt
cd mcp-assurance/fastmcp-signed-agent
../../.venv/bin/python -W error::ResourceWarning -m unittest -v test_integration.py
../../.venv/bin/python run_scenarios.py
../../.venv/bin/python verify_scenarios.py
The checked-in artifacts/latest-scenarios.json is a sanitized six-scenario
receipt. Running run_scenarios.py refreshes it locally.
The contract contains one clean synthetic read plus denials for a missing
envelope, forged signature, replayed operation, revoked key, and a
non-loopback target before fetch. Its status values are application-policy
classifications. Refused FastMCP tool calls are MCP tool errors, not asserted
HTTP authorization response statuses.
This is an application-layer fixture, not an MCP identity extension, FastMCP security assessment, protocol conformance result, cross-framework interoperability result, OAuth deployment, production key-management system, or production security claim. It is a reproducible local comparison boundary, not a shared production implementation.