@@ -1912,6 +1912,108 @@ mcp docs app.py --output docs.md
19121912mcp docs app.py --format json
19131913```
19141914
1915+ ### Generate manifest.json
1916+
1917+ Generate a manifest file describing your server's capabilities, tools, prompts, and resources:
1918+
1919+ ``` bash
1920+ # Print manifest to stdout
1921+ mcp manifest app.py
1922+
1923+ # Save to file
1924+ mcp manifest app.py --output manifest.json
1925+ mcp manifest app.py --save # Shorthand for --output manifest.json
1926+
1927+ # Validate manifest
1928+ mcp manifest app.py --validate
1929+ ```
1930+
1931+ The generated manifest includes:
1932+ - Server metadata (name, version, description)
1933+ - Capabilities declaration (tools, prompts, resources, logging, completions)
1934+ - Complete tool listings with JSON Schema for parameters
1935+ - Prompt templates with argument specifications
1936+ - Resources and resource templates with URI patterns
1937+ - Generation metadata (timestamp, auto-discovery info, middleware, deployment settings)
1938+
1939+ You can also generate manifests programmatically:
1940+
1941+ ``` python
1942+ from nextmcp import NextMCP
1943+
1944+ app = NextMCP.from_config()
1945+
1946+ # Generate and save
1947+ manifest = app.generate_manifest(" manifest.json"
1948+
1949+ # Or just generate without saving
1950+ manifest = app.generate_manifest()
1951+ ```
1952+
1953+ ### Validate manifest security
1954+
1955+ Validate a manifest for security issues using static analysis:
1956+
1957+ ``` bash
1958+ # Validate a manifest file
1959+ mcp validate manifest.json
1960+
1961+ # Generate and validate from app
1962+ mcp validate --app app.py
1963+
1964+ # Fail on different risk levels
1965+ mcp validate manifest.json --fail-on high # Blocks HIGH and CRITICAL
1966+ mcp validate manifest.json --fail-on medium # Blocks MEDIUM, HIGH, and CRITICAL
1967+
1968+ # JSON output for CI/CD integration
1969+ mcp validate manifest.json --json
1970+ ```
1971+
1972+ #### ⚠️ ** CRITICAL SECURITY WARNINGS**
1973+
1974+ ** Manifest validation is NOT sufficient for security!**
1975+
1976+ The validator performs static analysis to catch obvious issues but ** CANNOT** :
1977+ - ❌ Detect malicious code in server implementation
1978+ - ❌ Verify authentication/authorization is properly implemented
1979+ - ❌ Detect runtime vulnerabilities or business logic flaws
1980+ - ❌ Prevent sophisticated attacks from determined adversaries
1981+ - ❌ Guarantee your server is secure even if validation passes
1982+
1983+ ** Manifests can be fabricated or broken:**
1984+ - Attackers can create fake manifests that look safe but hide malicious operations
1985+ - Manifest can claim strict validation that doesn't exist in code
1986+ - Schema in manifest may not match actual server behavior
1987+ - Tools can be hidden from manifest entirely
1988+
1989+ ** What the validator DOES check:**
1990+ - ✅ Dangerous operation patterns (delete, execute, admin commands)
1991+ - ✅ Missing input validation (unbounded strings, unconstrained objects)
1992+ - ✅ Common injection risks (SQL, command, path traversal, SSRF)
1993+ - ✅ Sensitive data exposure indicators
1994+ - ✅ Large attack surface (many exposed tools)
1995+ - ✅ Missing authentication indicators for dangerous operations
1996+
1997+ ** Use validation as ONE LAYER in defense-in-depth:**
1998+
1999+ ```
2000+ Security Layer 1: Manifest Validation (this tool) ← Catches obvious issues
2001+ Security Layer 2: Static Code Analysis (Bandit, Semgrep) ← Finds vulnerabilities in code
2002+ Security Layer 3: Dependency Scanning (Snyk, Safety) ← Detects known CVEs
2003+ Security Layer 4: Manual Code Review ← Human security review
2004+ Security Layer 5: Penetration Testing ← Test for exploits
2005+ Security Layer 6: Runtime Monitoring ← Detect anomalies in production
2006+ ```
2007+
2008+ ** Best practices:**
2009+ 1 . ** Never trust manifest alone** - Always review server code
2010+ 2 . ** Defense in depth** - Use multiple security layers
2011+ 3 . ** Principle of least privilege** - Only expose necessary operations
2012+ 4 . ** Assume breach** - Add audit logging, rate limiting, monitoring
2013+ 5 . ** Regular updates** - Re-validate on every change
2014+
2015+ See ` examples/security_validation/ ` for detailed examples of secure vs insecure servers.
2016+
19152017### Show version
19162018
19172019``` bash
@@ -1923,6 +2025,7 @@ mcp version
19232025Check out the ` examples/ ` directory for complete working examples:
19242026
19252027- ** blog_server** - Convention-based project structure with auto-discovery (5 tools, 3 prompts, 4 resources)
2028+ - ** security_validation** - Manifest validation examples showing secure vs insecure servers
19262029- ** auth_api_key** - API key authentication with role-based access control
19272030- ** auth_jwt** - JWT token authentication with login endpoint and token generation
19282031- ** auth_rbac** - Advanced RBAC with fine-grained permissions and wildcards
0 commit comments