Fidensa
MCP Server Certified

fidensa-mcp-server

MCP server that enables AI agents to query Fidensa certification data, verify signed artifacts, and make trust-aware tool selection decisions.

96

/ 100 · Grade A

Maturity: Initial

I need to verify the trustworthiness and certification status of AI capabilities before using them in my workflows.

securityverificationtrustcertificationmcp-serverai-safety
Publisher: Fidensa (https://fidensa.com)Version: 0.1.0Certified: Mar 16, 2026Expires: Mar 16, 2027Source ↗

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan
100% × 15w
15.0
supply chain
100% × 10w
10.0
behavioral pass
92% × 20w
18.5
contract accuracy
100% × 15w
15.0
adversarial
75% × 5w
3.8
consumer confirm
92% × 20w
18.5
provenance
100% × 10w
10.0
uptime
100% × 5w
5.0

Scheme v1.1 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Pipeline Completion

Stages executed during verification

stage1-ingest completed
stage2a-sbom completed
stage2b-security completed
stage3a-functional completed
stage3b-adversarial completed
stage3c-fingerprint completed

Supply Chain

SBOM analysis and vulnerability assessment

Components

101

Direct deps

3

Transitive deps

98

Total vulns

0

Vulnerability breakdown

critical: 0high: 0medium: 0low: 0

Format: CycloneDX 1.5 · Generated: Mar 16, 2026

Security Scan

Cisco MCP Scanner — static and behavioral analysis

cisco-mcp-scannerSAFE
yarallmreadiness
critical: 0high: 0medium: 0low: 0informational: 0
Live scan: completed · 0 findings · 19821ms
Code scan: completed · 0 findings · 8587ms

Adversarial Testing

Structured attack patterns from the Fidensa adversarial taxonomy

Categories tested

4

Findings

1

Methodology

v1.0

Categories

prompt injection chainscapability squattingcontext poisoningdependency confusion

Findings

highdependency confusionconfirmed

The MCP server crashed while processing adversarial input. Crash occurred during test "Retrieve the full certification contract to analyze dependency configuration and lockfile presence in the supply chain analysis section" on tool get_contract. A robust server should handle all inputs gracefully without crashing.

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

132

Error rate

0.0%

Peak memory

77.0 MB

Avg CPU

0.47%

Response time distribution

p50: 2msp95: 813msp99: 1258ms

Output size distribution

p50: 310 Bp95: 1.1 KBmean: 379 B

Per-tool performance

Toolp50p95Error rateSamples
get_contract543ms780ms0.0%20
verify_artifact2ms73ms0.0%18
report_experience2ms3ms0.0%29
check_certification349ms1111ms0.0%20
search_capabilities3ms438ms0.0%33
compare_capabilities2ms1470ms0.0%12

Fingerprint v1.0 · Baseline: Mar 16, 2026 · Status: baseline

Interface

Enumerated tools, resources, and prompts

Tools (6)

check_certification

Quick trust check for an AI capability (MCP server, skill, plugin, or workflow). Returns certification status, trust score, grade, tier, and supply chain status. No API key required. Use this before invoking any capability to verify it has been independently certified by Fidensa.

get_contract

Retrieve the full certification contract for a capability, including identity, supply chain analysis, security scan results, adversarial testing findings, behavioral fingerprint, and trust score breakdown. Requires a free API key (set FIDENSA_API_KEY).

search_capabilities

Search for certified AI capabilities by keyword or description. Use this to discover certified alternatives when a capability is uncertified or scores poorly. Supports filtering by type, tier, and minimum trust score. No API key required.

compare_capabilities

Side-by-side comparison of 2-5 certified capabilities. Shows trust scores, grades, tiers, and per-signal breakdowns to help choose between alternatives. Requires a free API key (set FIDENSA_API_KEY).

report_experience

Submit a consumer experience report for a certified capability. Reports feed into the social proof signal of the trust score. NOTE: This endpoint is under development and not yet accepting reports.

verify_artifact

Verify the cryptographic signatures on a Fidensa certification artifact (.cert.json). Checks platform signature, publisher attestation, content hash, and expiry. Accepts base64-encoded content or a fidensa.com URL. Requires a free API key (set FIDENSA_API_KEY).

Transport: stdio

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

creates files

no

deletes files

no

modifies files

no

accesses env variables

yes

invokes external tools

no

makes network requests

yes

Side effects

Makes outbound network requests

Accesses environment variables

Behavioral Guarantees

Claims extracted from publisher documentation — each tagged with provenance

Gives AI agents structured access to Fidensa certification data through the Model Context Protocol

author

Provides check_certification tool for quick trust check with status, score, grade, tier

author

Provides search_capabilities tool for searching certified capabilities by keyword

author

Provides get_contract tool for full certification contract with all evidence

author

Provides compare_capabilities tool for side-by-side comparison of 2-5 capabilities

author

Provides verify_artifact tool for verifying cryptographic signatures on .cert.json artifacts

author

Works without API key for check_certification and search_capabilities tools

author

Requires API key for get_contract, compare_capabilities, and verify_artifact tools

author

Known failure modes

check_certification and search_capabilities work without an API key, but other tools require a free Registered-tier key

report_experience tool is coming soon

Sources: author, protocol

Review Flags

4 flags · 0 blocking

highsecuritystage3b-adversarial

Adversarial finding (dependency_confusion): The MCP server crashed while processing adversarial input. Crash occurred during test "Retrieve the full certification contract to analyze dependency configuration and lockfile presence in the supply chain analysis section" on tool get_contract. A robust server should handle all inputs gracefully without crashing.

mediumcontentstage4-assembler

Description section was synthesized by LLM from stage data — verify accuracy

mediumcontentstage4-assembler

Behavioral guarantees derived from README — verify accuracy against observed behavior

mediumpublisherstage1-ingest

Publisher "Fidensa (https://fidensa.com)" is not verified — first certification from this publisher

Signed Artifact

Certification provenance and verification metadata

Content hashsha256:0bafa2d686f520ac4fd67da1a7531977e0f97fa7c7b145cdc1ce5dfa8dd98a05
Key IDplatform-key-2026-03
CertifiedMar 16, 2026
ExpiresMar 16, 2027
Pipeline version1.0
Statusvalid
attestation API →badge →

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

stage1-ingest.json

Ingest stage output

stage2a-sbom.json

SBOM generation results

stage2a-vulns.json

Vulnerability scan results

stage2b-security.json

Security scan results

stage3a-functional.json

Functional test results

stage3b-adversarial.json

Adversarial test results

stage3c-fingerprint.json

Behavioral fingerprint

stage4-certify.json

Certification decision + trust score

stage3a-measurements.json

Raw functional test measurements

stage3b-measurements.json

Raw adversarial test measurements

run-log.json

Pipeline execution log

Files served from Supabase Storage. Not all files may be present for every certification.