mcptrust run
Command reference for verified artifact execution.
Synopsis
mcptrust run --lock <lockfile> [flags] [-- <command>]Description
Executes an MCP server from a verified artifact. Ensures the executed artifact matches the lockfile pin, preventing registry substitution attacks.
Workflow
- Read lockfile
artifactsection. - Download tarball from registry.
- Verify SHA-256 matches
tarball_sha256. - Verify provenance (SLSA attestation) if
--require-provenance. - Install package from verified local tarball (not from registry).
- Execute binary directly.
Flags
| Flag | Default | Description |
|---|---|---|
--lock | (required) | Path to lockfile |
--timeout | 0 | Execution timeout (0 = none) |
--dry-run | false | Verify but don't execute |
--require-provenance | true | Require SLSA attestation |
--expected-source | - | Regex for source repo |
--bin | - | Binary name (multi-bin packages) |
--allow-missing-installed-integrity | false | Proceed with warning if integrity can't be verified |
--unsafe-allow-private-tarball-hosts | false | Allow private IP registries |
Examples
# Use command from lockfile
mcptrust run --lock mcp-lock.json
# Override command
mcptrust run --lock mcp-lock.json -- "npx -y @scope/server /custom/path"
# Dry run
mcptrust run --dry-run --lock mcp-lock.json
# Multi-bin package
mcptrust run --lock mcp-lock.json --bin server