Introduction
The lockfile for the Agentic Web.
The lockfile for the Agentic Web.
MCPTrust secures AI agents by cryptographically verifying MCP servers before use.
The Problem: AI Agents Have a Blind Trust Problem
AI agents (Claude, GPT, Gemini) connect to external tools via the Model Context Protocol (MCP). These tools can do anything: read files, execute code, send emails.
The Risk: Tools can change silently. A harmless read_file tool today could become exec_shell tomorrow.
Real-world analogy: "Would you install an npm package without a lockfile? Then why let your AI agent use tools without one?"
The Solution: Scan → Lock → Enforce
- Scan: Interrogate the MCP server to discover all its tools, their schemas, and risk levels.
- Lock: Create an immutable
mcp-lock.jsonthat captures the exact shape of the server. - Enforce: Before every use, verify the server hasn't drifted from the locked state.
# 1. Scan a server
mcptrust scan -- "npx -y @modelcontextprotocol/server-filesystem /tmp"
# 2. Lock it
mcptrust lock -- "npx -y @modelcontextprotocol/server-filesystem /tmp"
# 3. Enforce at runtime
mcptrust proxy --lock mcp-lock.json -- "npx -y @modelcontextprotocol/server-filesystem /tmp"Key Features
| Feature | Description |
|---|---|
| 🔒 Drift Detection | Detects any change in tool description, schema, or risk level |
| 📜 Policy Enforcement | Define rules in CEL (Common Expression Language) |
| ✍️ Cryptographic Signing | Ed25519 or Sigstore keyless signatures |
| 🔗 Supply Chain Verification | SLSA provenance and npm integrity checks |
| 🛡️ Runtime Proxy | Stdio middleware that blocks unapproved tools |
Who This Is For
- Security teams deploying AI agents in production
- Developers building AI-powered applications
- Enterprises with compliance/SOC2/FedRAMP requirements
- Anyone using Claude Desktop, LangChain, or custom MCP integrations