bundle
Create a deterministic release bundle
Synopsis
mcptrust bundle export [flags]Packages the mcp-lock.json, mcp-lock.json.sig, and policy.yaml (if present) into a deterministic ZIP file.
This ZIP file has stable hashes (timestamps are set to ZIP epoch (1980-01-01) for determinism), making it suitable for reproducible builds.
Flags
| Flag | Default | Description |
|---|---|---|
-h, --help | help for export | |
-l, --lockfile | "mcp-lock.json" | Path to the lockfile |
-o, --output | "approval.zip" | Path for the output ZIP file |
-s, --signature | "mcp-lock.json.sig" | Path to the signature file |
Examples
Use bundle export before publishing a release. The resulting ZIP can be attached to GitHub Releases or sent to compliance teams for approval.