Implement Keylime MCP Server with Tools, Resources, and Prompts

[Copilot]

This PR implements a complete Model Context Protocol (MCP) server for the Keylime remote attestation framework, enabling AI assistants to provide intelligent help for working with Keylime.

Overview

The Keylime MCP server provides AI assistants with comprehensive tools, documentation resources, and interactive prompts for managing Keylime agents and attestation policies. This implementation bridges the gap between AI assistance and Keylime operations, making it easier for users to work with remote attestation.

What's Included

Tools (5)

• check_agent_status - Query agent operational state and attestation status
• list_agents - Retrieve all registered agents from the verifier
• get_agent_info - Get detailed agent information including TPM data and IMA logs
• validate_attestation_policy - Validate JSON attestation policy syntax and structure
• generate_ima_policy - Generate IMA policy templates (basic, strict, or custom)

Resources (4)

• Quick Start Guide - Step-by-step introduction to Keylime
• Architecture Overview - Detailed explanation of verifier, registrar, agent, and tenant components
• Attestation Guide - Policy configuration and attestation monitoring
• IMA Policy Guide - Working with Integrity Measurement Architecture policies

Prompts (3)

• setup_new_agent - Interactive guide for agent installation and configuration
• troubleshoot_attestation - Systematic debugging workflow for attestation failures
• create_ima_policy - Step-by-step policy creation wizard

Technical Implementation

• Language: TypeScript with full type safety
• MCP SDK: @modelcontextprotocol/sdk v1.20.0
• Transport: Stdio-based communication
• Build System: TypeScript compiler with source maps and declarations
• License: Apache-2.0 (matching Keylime project)

Usage Example

Once configured in Claude Desktop or another MCP client:

User: "Help me set up a new Keylime agent"
→ Activates the setup_new_agent prompt with installation steps

User: "Generate a basic IMA policy for my web server"
→ Uses generate_ima_policy tool to create a customized template

User: "My agent is failing attestation, what should I check?"
→ Activates troubleshoot_attestation prompt with debugging workflow

Documentation

Complete documentation is provided:

• README.md - Installation, configuration, and getting started
• USAGE.md - Practical examples and usage patterns
• CONTRIBUTING.md - Guidelines for contributors
• examples/claude_config.json - Example configuration for Claude Desktop

Testing

The server has been validated to:

• ✅ Build successfully with TypeScript
• ✅ Start and initialize correctly
• ✅ Implement all MCP protocol requirements
• ✅ Provide helpful, accurate information about Keylime

Future Enhancements

This initial implementation provides templates and guidance. Future enhancements could include:

• Direct integration with Keylime REST APIs
• Authentication/authorization support
• Real-time agent monitoring
• Policy deployment automation

Installation

npm install
npm run build

Configure in Claude Desktop by adding to claude_desktop_config.json:

{
  "mcpServers": {
    "keylime": {
      "command": "node",
      "args": ["/path/to/keylime-mcp/dist/index.js"]
    }
  }
}

This experimental MCP server makes Keylime more accessible by bringing expert knowledge and helpful tools directly into AI assistant workflows.

Original prompt

An experimental (in progress) repository to host an MCP for the Keylime project

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.