Approval

Describe the human review → lock → sign workflow.

The Approval Workflow

Diagram:

Step-by-Step

1. Developer requests new MCP server integration

Creates branch, adds server to config.

2. Security review

mcptrust scan -- "npx -y @new/server"
# Review: What tools? What risk levels? What inputs?

3. Approve by locking

mcptrust lock -- "npx -y @new/server"

[!WARNING] If a lockfile already exists, you must use --force to overwrite it. This confirms you acknowledge that any existing signature will become invalid.

Advanced Locking Options

  • --v3: Explicitly use the v3 lockfile format (default behavior).
  • --pin: Pin exact artifact versions (e.g. npm tarball hashes) to ensure the exact same bytes are used every time.
  • --verify-provenance: Require valid SLSA provenance attestations from the registry before locking.

4. Sign (Team or CI)

Team key:

mcptrust sign --key private.key

Or CI (Sigstore):

mcptrust sign --sigstore

5. Commit artifacts

git add mcp-lock.json mcp-lock.json.sig
git commit -m "chore: approve @new/server MCP integration"

Handling Changes

Scenario: Upstream server releases a new version with a new tool.

Detection

mcptrust check -- "npx -y @new/server"
# ❌ Drift detected: tool_added "dangerous_tool"

Decision Tree

  • If intended: Re-run mcptrust lock --force, review, re-sign.
  • If unexpected: Investigate; possible supply chain attack. Do NOT approve.