mcp-warden

DataScience-EngineeringExperts/mcp-warden
★ 2 stars Python Security Updated today
CI-first MCP supply-chain integrity gate + runtime tool-result inspection. Pin an MCP server's tool surface, fail CI on drift, and block poisoned tool results (ANSI/secret-echo/exfil) at runtime.
View on GitHub → 🔍 Audit Wallet Slippage →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-warden": {
      "command": "uvx",
      "args": [
        "mcp-warden"
      ]
    }
  }
}

Or install with pip: pip install mcp-warden

README Excerpt

**mcp-warden is the lockfile and CI gate for stdio-transport MCP servers: it pins an MCP server's declared tool/resource/prompt surface into a signed `warden.lock`, then fails CI when that surface drifts from the approved baseline.** v1 covers **stdio-transport** servers; HTTP/SSE transport is a documented v1.x roadmap item.

Tools (4)

categorylocksariftimeout

Topics

ai-securitydevsecopsllm-securitymcpmodel-context-protocolprompt-injectionpythonsarifsecurity-toolssupply-chain-security