MCP Policy Guardian MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add mcp-policy-guardian -- uvx mcp-policy-guardian
README.md

Deterministic MCP server for validating release hygiene in local repositories.

mcp-policy-guardian

Deterministic MCP server for validating release hygiene in local repositories. Network-free, read-only, governance-grade outputs.

Release Discipline & Guarantees

mcp-policy-guardian is intentionally minimal and governance-oriented.

Contract stability

  • V1 tool schemas are frozen.
  • No behavioral changes without explicit phase reopening.
  • Canonical JSON outputs documented in `docs/EXAMPLE_OUTPUTS.md`.

Determinism

  • Network-free execution.
  • Read-only repository inspection.
  • Fail-closed semantics enforced.
  • Design rationale documented in `docs/DETERMINISM_NOTES.md`.

Reproducibility

  • Published to PyPI.
  • CI-validated on push.
  • Tag-triggered PyPI install smoke test ensures external install integrity.

See `docs/V1_CONTRACT.md` for the authoritative contract.

Overview

mcp-policy-guardian exposes three tools via the Model Context Protocol:

Tool What it does
check_repo_hygiene Seven file/directory presence checks: package definition, LICENSE, README, bug report template, CI workflows, V1 contract doc, determinism notes doc
check_version_alignment Reads pyproject.toml [project].version and compares it to an optional expected tag
generate_release_checklist Generates a deterministic markdown checklist based on local repo state

All tools are:

  • Network-free — no external API calls, ever
  • Read-only — no writes to the target repository
  • Fail-closed — unresolvable state marks that result as failed, not passed

Quickstart

Install

pip install mcp-policy-guardian

Or with uv:

uv tool install mcp-policy-guardian

Run the server manually

mcp-policy-guardian

The server starts on stdio and waits for MCP messages.

Claude Desktop configuration

Add the following block to your claude_desktop_config.json (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "mcp-policy-guardian": {
      "command": "mcp-policy-guardian",
      "args": []
    }
  }
}

If you installed with uv tool:

{
  "mcpServers": {
    "mcp-policy-guardian": {
      "command": "uvx",
      "args": ["mcp-policy-guardian"]
    }
  }
}

Restart Claude Desktop after editing the config.

Tool usage examples

check_repo_hygiene

Input:

{
  "repo_path": "/ABS/PATH/TO/REPO"
}

Example response:

{
  "tool": "check_repo_hygiene",
  "repo_path": "/ABS/PATH/TO/REPO",
  "ok": true,
  "checks": [
    { "check_id": "has_package_definition",  "ok": true,  "details": "Found pyproject.toml" },
    { "check_id": "has_license",             "ok": true,  "details": "Found LICENSE" },
    { "check_id": "has_readme",              "ok": true,  "details": "Found README.md" },
    { "check_id": "has_bug_report_template", "ok": true,  "details": "Found .github/ISSUE_TEMPLATE/bug_report.yml" },
    { "check_id": "has_ci_workflows",        "ok": true,  "details": "Found .github/workflows/" },
    { "check_id": "has_v1_contract",         "ok": true,  "details": "Found docs/V1_CONTRACT.md" },
    { "check_id": "has_determinism_notes",   "ok": true,  "details": "Found docs/DETERMINISM_NOTES.md" }
  ],
  "fail_closed": false
}

ok is true only when all seven checks pass. fail_closed equals not ok.

check_version_alignment

Input:

{
  "repo_path": "/path/to/my-project",
  "expected_tag": "v1.2.0"
}

expected_tag is optional. When omitted, the tool returns version metadata without performing a comparison.

Example response (match):

{
  "tool": "check_version_alignment",
  "repo_path": "/path/to/my-project",
  "ok": true,
  "expected_tag": "v1.2.0",
  "detected": {
    "version": "1.2.0",
    "source": "pyproject.toml"
  },
  "details": "Version 1.2.0 matches expected tag v1.2.0",
  "fail_closed": false
}

Example response (version absent — fail-closed):

{
  "tool": "check_version_alignment",
  "repo_path": "/path/to/my-project",
  "ok": false,
  "expected_tag": "v1.2.0",
  "detected": {
    "version": null,
    "source": null
  },
  "details"

Tools (3)

check_repo_hygienePerforms seven file/directory presence checks including package definition, LICENSE, README, and CI workflows.
check_version_alignmentReads pyproject.toml version and compares it to an optional expected tag.
generate_release_checklistGenerates a deterministic markdown checklist based on local repository state.

Configuration

claude_desktop_config.json
{"mcpServers": {"mcp-policy-guardian": {"command": "mcp-policy-guardian", "args": []}}}

Try it

Check if my current repository meets all release hygiene requirements.
Verify if the version in my pyproject.toml matches the tag v1.2.0.
Generate a release checklist for the repository located at /path/to/my-project.
Run a full hygiene check on my project to ensure all required documentation and CI files are present.

Frequently Asked Questions

What are the key features of MCP Policy Guardian?

Network-free execution for security and privacy. Read-only repository inspection to prevent accidental changes. Fail-closed semantics for reliable governance. Deterministic output generation for release checklists. Automated version alignment verification.

What can I use MCP Policy Guardian for?

Validating repository compliance before a production release. Automating the generation of release checklists for open source projects. Ensuring consistent project structure across multiple local repositories. Verifying that project versions match git tags during CI/CD preparation.

How do I install MCP Policy Guardian?

Install MCP Policy Guardian by running: pip install mcp-policy-guardian

What MCP clients work with MCP Policy Guardian?

MCP Policy Guardian works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep MCP Policy Guardian docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all version-control servers →

Related MCP Servers

PR Review MCP Server
AI-assisted code review tool for developers/AQA engineers
version-control22 stars
Bitbucket Data Center
MCP server for Bitbucket Data Center to search code and manage pull requests.
version-control11 stars
Continuum
Git remembers what you changed. Continuum remembers why.
version-control6 stars
RepoCrunch
Analyze any public GitHub repository into structured JSON.
version-control5 stars
CERN GitLab MCP Server
Connects LLMs to CERN GitLab for discovering HEP code and documentation.
version-control3 stars
bbkt
A Bitbucket CLI and MCP server for managing workspaces and repositories.
version-control3 stars