Drift Detection

Catching unexpected changes in CI

Drift detection ensures that the server you are running matches the server you approved.

Setting up CI

In your GitHub Actions or Jenkins pipeline:

steps:
  - name: Build Server
    run: npm install && npm build
 
  - name: Start Server via MCPTrust Diff
    # 'diff' starts the server given as arguments and compares it
    run: mcptrust diff -- "npx -y @modelcontextprotocol/server-filesystem /tmp"

If diff returns exit code 1, it means drift was detected (or an error occurred), which fails the build. This prevents unreviewed changes from reaching production.

Docs — MCPTrust