Lockfile + Signature Ed25519 VerifiedCI-Friendly

The lockfile for the agentic web.

MCPTrust pins and cryptographically approves MCP server capabilities—so your agent doesn’t silently inherit new powers later.

go install github.com/mcptrust/mcptrust/cmd/mcptrust@latest
Get Started

Up and running in seconds.

Install the CLI, discover your tools, and lock them down.

1

Install

Get the latest version of the CLI via Go install.

go install github.com/mcptrust/mcptrust/cmd/mcptrust@latest
2

Scan

Scan your server to discover tools.

mcptrust scan -- "npx -y @modelcontextprotocol/server-filesystem /tmp"
3

Lock

Lock your server to create mcp-lock.json.

mcptrust lock -- "npx -y @modelcontextprotocol/server-filesystem /tmp"

The Problem: Silent Drift

  • Server code changes: An update to the server implementation changes behavior without your knowledge.
  • Dependency updates: A supply-chain attack or buggy dependency update alters tool safety.
  • Look-alike servers: An attacker publishes a server with the same name but malicious tools.

The Solution: Explicit Trust

MCPTrust makes MCP servers behave like pinned dependencies:Snapshot → Approve → Verify later.

  • Cryptographic Identity: Tools are identified by hashes of their declared description and input schema.
  • Tamper-Evident: Signed lockfiles guarantee the state hasn't changed.

Trusted Workflow

From initial discovery to production release, every step is verified.

01
Scan
02
Lock
03
Keygen
04
Sign
05
Verify
06
Diff
07
Policy
08
Bundle

ScanStep 01

Discover all available tools and resources in your MCP server before locking them down.

mcptrust scan -- "npx -y @modelcontextprotocol/server-filesystem /tmp"

Security Guarantees

Understand exactly what MCPTrust provides—and what it doesn't.

What it Proves
Cryptographic assurances provided by MCPTrust

Integrity

Signed lockfile tamper detection ensures files haven't changed.

Authenticity

Cryptographic proof that the lockfile was approved (signed) by the holder of the signing key.

Drift Detection

Detects any changes in declared capabilities, schema, or description.

Governance

Policy rules can block tools based on their verified manifest.

What it Doesn't
Explicit non-goals and limitations

Runtime Behavior

Doesn't prove implementation integrity if the interface schema is unchanged.

Sandboxing

Doesn't firewall tool execution or isolate side-effects at runtime.

Key Security

Trust depends entirely on private key management practices.

Adoption Patterns

Flexible workflow integration for any team size.

Local Dev
Use scan to inspect servers and lock to create snapshots during development.
CI Gate
Run verify and diff in your pipelines to block unapproved or drifted changes.
Release
Use bundle export to package approved artifacts for production release.