Docs — MCPTrust

High-Level Data Flow

Module Reference

Scanner (`internal/scanner/engine.go`)

Purpose: Interrogate MCP servers. Key Functions: Connect(), Initialize(), ListTools(), ListPrompts(), ListResourceTemplates(), Scan(). Components: RiskAnalyzer (scans for dangerous keywords).

Locker (`internal/locker/`)

Purpose: Create lockfiles with crypto hashes. Key Functions: CreateLockfile(), Save(), Load(), DetectDrift().

Differ (`internal/differ/`)

Purpose: Compare locked vs live state. Key Functions: ComputeDiff(), Translate(), GetSeverity().

Policy (`internal/policy/engine.go`)

Purpose: CEL evaluation. Key Functions: NewEngine(), Evaluate().

Crypto (`internal/crypto/signer.go`)

Purpose: Ed25519/Sigstore signing. Key Functions: GenerateKeys(), Sign(), Verify().

Bundler (`internal/bundler/writer.go`)

Purpose: Deterministic ZIP creation. Key Functions: CreateBundle().

Proxy (`internal/proxy/`)

Purpose: Runtime enforcement and stdio proxy. Key Functions: Preflight(), Bridge(), TranslateID().

Runner (`internal/runner/`)

Purpose: Verified execution logic.

Artifact (`internal/artifact/`)

Purpose: Secure dependency resolution (e.g. npm tarballs).

Observability (`internal/observability/`)

Purpose: OpenTelemetry tracing and JSONL/structured logging.

Netutil (`internal/netutil/`)

Purpose: SSRF-safe HTTP clients and downloaders.

External Dependencies

Library	Version	Purpose
spf13/cobra	v1.10.2	CLI framework
google/cel-go	v0.26.1	Policy language
wI2L/jsondiff	v0.7.0	JSON patching
sigstore/cosign	v2.4.1	Keyless signing

Architecture

High-Level Data Flow

Module Reference

Scanner (internal/scanner/engine.go)

Locker (internal/locker/)

Differ (internal/differ/)

Policy (internal/policy/engine.go)

Crypto (internal/crypto/signer.go)

Bundler (internal/bundler/writer.go)

Proxy (internal/proxy/)

Runner (internal/runner/)

Artifact (internal/artifact/)

Observability (internal/observability/)

Netutil (internal/netutil/)