policy
Evaluate CEL policies against server capabilities
Synopsis
mcptrust policy check -- <command> [flags]Scans the live server and evaluates a CEL (Common Expression Language) policy file against it.
Flags
| Flag | Default | Description |
|---|---|---|
-h, --help | help for check | |
-P, --policy | Path to policy YAML file (uses default if not provided) | |
-t, --timeout | 10s | Timeout for MCP operations |
Examples
# Check policy against the live server
mcptrust policy check --policy ./policy.yaml -- "npx -y @modelcontextprotocol/server-filesystem /tmp"
# Check with default policy
mcptrust policy check -- "python mcp_server.py"Policy File Format
rules:
- name: "No write operations"
expr: "!input.tools.exists(t, t.name.contains('write'))"
- name: "Must have description"
expr: "input.tools.all(t, t.description != '')"Exit Codes
0: All policy rules passed.1: One or more rules failed.