A production-ready Model Context Protocol (MCP) server that provides controlled, secure access to the Windows Registry for AI models.
This server follows a clean, layered architecture with strict separation of concerns:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MCP Protocol Layer β
β (JSON-RPC, stdio transport, request/response handling) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββ
β Application/Use-Case Layer β
β - Tool Handlers (RegistryToolHandlers) β
β - Resource Handlers (RegistryResourceHandlers) β
β - Authorization & Access Control β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββ
β Domain Layer β
β - Registry Operations (IRegistryService) β
β - Domain Models (RegistryKey, RegistryValue) β
β - Business Rules & Validation β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββ
β Infrastructure Layer β
β - WinReg Adapter (wraps Win32 Registry API) β
β - Configuration Provider β
β - Logging & Metrics β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- β Read Registry Values - Query specific registry keys/values with path validation
- β Enumerate Keys - List subkeys under a specific parent key
- β Enumerate Values - List values under a specific key
- β Write Registry Values - Create/update registry values with authorization
- β Delete Registry Items - Remove keys/values with strict permission controls
- β Query Key Metadata - Get information about keys (modification time, value count)
- π Path Allow-List - Only configured registry paths are accessible
- π Authorization Levels - READ_ONLY, READ_WRITE, ADMIN access control
- π Data Exfiltration Protection - Limits on enumeration depth and value counts
- π Audit Logging - All operations logged with correlation IDs
- π Rate Limiting - Configurable request rate limits
- π Timeout Controls - All operations have execution time limits
- π Metrics - Prometheus-compatible metrics for operations, latency, errors
- π Structured Logging - JSON-formatted logs with correlation IDs
- π₯ Health Checks - Liveness, readiness, and startup health endpoints
- .NET 8.0 or later
- Windows OS (Server 2016+ or Windows 10+)
# Clone the repository
git clone <repository-url>
cd winregcsharp-mcp
# Build the solution
dotnet build
# Run the server
dotnet run --project src/WinRegMcp.ServerCreate a config/allowed_paths.json file:
{
"allowed_roots": [
{
"path": "HKEY_CURRENT_USER\\Software\\MyApp",
"access": "read_write",
"max_depth": 5
}
],
"denied_paths": [
"HKEY_LOCAL_MACHINE\\SECURITY",
"HKEY_LOCAL_MACHINE\\SAM"
]
}Set environment variables:
WINREG_MCP_AUTHORIZATION_LEVEL=READ_ONLY
WINREG_MCP_ALLOWED_PATHS_FILE=config/allowed_paths.json
WINREG_MCP_LOG_LEVEL=infoRead a specific registry value.
Parameters:
path(string): Full registry path (e.g., "HKEY_CURRENT_USER\Software\MyApp")value_name(string): Name of the value to read
Returns: Value data and type information
Write or update a registry value.
Parameters:
path(string): Full registry pathvalue_name(string): Name of the valuevalue_data(string): Data to writevalue_type(string): Registry type (String, DWord, QWord, Binary, etc.)
List subkeys under a registry path.
Parameters:
path(string): Parent registry pathmax_depth(integer, optional): Maximum enumeration depth (default: 1)
Returns: List of subkey names
List all values in a registry key.
Parameters:
path(string): Registry key path
Returns: List of value names and types
Get metadata about a registry key.
Parameters:
path(string): Registry key path
Returns: Key information (subkey count, value count, last modified time)
Delete a registry value.
Parameters:
path(string): Registry key pathvalue_name(string): Name of the value to delete
Delete a registry key (requires ADMIN authorization).
Parameters:
path(string): Registry key path to delete
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionHKEY_CURRENT_USER\Software(limited depth)
HKEY_LOCAL_MACHINE\SECURITYHKEY_LOCAL_MACHINE\SAMHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- READ_ONLY: Can only read from allowed paths
- READ_WRITE: Can read and write to allowed paths
- ADMIN: Full access (requires explicit configuration)
src/
βββ WinRegMcp.Domain/ # Domain models and interfaces
β βββ Models/ # Registry domain models
β βββ Services/ # Domain service interfaces
β βββ Exceptions/ # Domain exceptions
βββ WinRegMcp.Infrastructure/ # External adapters
β βββ Registry/ # Win32 Registry adapter
β βββ Configuration/ # Config providers
β βββ Observability/ # Logging and metrics
βββ WinRegMcp.Application/ # Use cases and handlers
β βββ Handlers/ # MCP tool handlers
β βββ Authorization/ # Access control
β βββ DTOs/ # MCP contract DTOs
βββ WinRegMcp.Server/ # MCP server entry point
βββ Program.cs
tests/
βββ WinRegMcp.Tests/ # Unit and integration tests
dotnet testdotnet publish -c Release -r win-x64 --self-containedCurrent version: 1.0.0
- Breaking changes increment major version
- New optional parameters increment minor version
- Bug fixes increment patch version
- Deprecation notice period: 3 months
MIT License - See LICENSE file for details
Contributions welcome! Please read CONTRIBUTING.md for guidelines.