Gemara MCP Server - A Model Context Protocol server for Gemara artifact management.
Build the binary:
make buildTo use this server with an MCP client, add it to your MCP configuration file.
Add the following configuration (adjust the path to your binary):
{
"mcpServers": {
"gemara-mcp": {
"command": "/absolute/path/to/gemara-mcp/bin/gemara-mcp",
"args": ["serve"]
}
}
}If running from Docker, use:
{
"mcpServers": {
"gemara-mcp": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"ghcr.io/gemaraproj/gemara-mcp:latest",
"serve"
]
}
}
}The server operates in one of two modes, selected with the --mode flag (default: artifact).
| Mode | Purpose |
|---|---|
advisory |
Read-only analysis and validation of existing artifacts |
artifact |
All advisory capabilities plus guided artifact creation wizards |
gemara-mcp serve --mode advisory
gemara-mcp serve --mode artifact| Tool | Description |
|---|---|
validate_gemara_artifact |
Validate YAML content against Gemara CUE schema definitions |
migrate_gemara_artifact |
Migrate a Gemara artifact to v1 schema using CUE transformations |
| Resource URI | Description |
|---|---|
gemara://lexicon |
Term definitions for the Gemara security model |
gemara://schema/definitions |
CUE schema definitions for all Gemara artifact types (latest version) |
gemara://schema/definitions{?version} |
CUE schema definitions for a specific Gemara module version |
| Prompt | Description |
|---|---|
threat_assessment |
Interactive wizard for creating a Gemara-compatible Threat Catalog |
control_catalog |
Interactive wizard for creating a Gemara-compatible Control Catalog |
migration |
Interactive wizard that guides you through migrating Gemara artifacts from v0 to v1 schema |
Released container images are signed with cosign using keyless signing via GitHub Actions OIDC. Signatures are attached to the image manifest digest.
cosign verify \
--certificate-identity-regexp="https://github.com/gemaraproj/gemara-mcp/.github/workflows/release.yml" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/gemaraproj/gemara-mcp@<DIGEST>docker build --build-arg VERSION=$(git describe --tags --always) --build-arg BUILD=$(git rev-parse --short HEAD) -t gemara-mcp .