Skip to main content

Postgres demo

This is the end-to-end demo path for the X07 MCP lane: run a real MCP server, then capture a deterministic Hardproof scan report plus replay, trust, and bundle evidence you can keep in CI or attach to a review.

What you run

  • The postgres-mcp reference server (x07-native MCP authoring path).
  • A local Postgres via Docker Compose.

What you verify

  • Scan: one report with five dimensions (conformance, reliability, performance, security, trust) plus token/context usage metrics
  • Replay: record and replay a minimal deterministic cassette
  • Trust: verify release metadata (server.json)
  • Bundle: verify server.json.mcpb integrity

Command sequence

git clone https://github.com/x07lang/x07-mcp
cd x07-mcp/demos/postgres-public-beta

# 1) Start Postgres (Docker Compose)
./scripts/run_demo.sh --deps-only

# 2) Build + run the MCP server (in another terminal)
./scripts/run_demo.sh --server

# 3) Run verifier checks (in another terminal)
./scripts/verify_demo.sh

# 4) Copy outputs into a captured asset set
./scripts/capture_outputs.sh

Current hardened output (example)

This is an example rich summary from the demo’s publishable/full-score path (Trust evaluated). Exact timings and scores may vary slightly run-to-run.

+-----------------------------------------------+
| Hardproof - FULL SCORE                        |
+-----------------------------------------------+
| AI Infrastructure Score | Score Truth: [PASS] |
|                                               |
| target: http://127.0.0.1:8403/mcp             |
| transport: streamable_http                    |
| elapsed_ms: 14089ms                           |
| status: [WARN]                                |
| score: 93                                     |
| findings: critical 0, warning 2               |
+-----------------------------------------------+

== Dimensions ==
conformance  [########|#] 100 [PASS]
security     [########|#] 100 [PASS]
performance  [########~-] 83 [WARN]
trust        [########~-] 80 [WARN]
reliability  [########|#] 100 [PASS]

== Findings ==
warning:
- PERF-CONCURRENT-TOOLS-CALL-LOW: Low concurrent tool-call success
- TRUST-TRUSTPACK-MISSING: Trust pack metadata missing

The demo produces artifacts under demos/postgres-public-beta/out/, including scan/scan.json, scan/scan.events.jsonl, replay.session.json, trust.summary.json, and bundle.verify.json.

Related pages: Codespaces, Hardproof methodology, report format, sample report viewer.