Skip to content

Document sample MCP config coverage #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Conalh merged 1 commit into from
May 22, 2026
Merged

Document sample MCP config coverage #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,11 @@ Code review for AI agent permission drift.
ScopeTrail is a free OSS CLI and GitHub Action that reviews pull requests for risky changes to AI-agent configuration files.

- `.mcp.json`
- `.mcp.json.sample`, `.mcp.json.template`, `.mcp.json.disabled`, and `.mcp.json.example`
- `.cursor/mcp.json`
- `.vscode/mcp.json`
- `.codeium/windsurf/mcp_config.json`
- `mcp_config.json.sample`, `mcp_config.json.template`, `mcp_config.json.disabled`, and `mcp_config.json.example`
- `.claude/settings.json`
- `.codex/config.toml`
- Terminal, Markdown, JSON, and line-level GitHub annotation output
Expand Down Expand Up @@ -117,6 +119,8 @@ ScopeTrail v0 detects:
- Unpinned MCP launch commands such as `@latest`.
- Cursor, VS Code, and Windsurf MCP config files using `mcpServers` or `servers` where supported.
- Windsurf remote MCP endpoint changes through `serverUrl`.
- Sample/template/disabled MCP config drift as a separate advisory category, not active server drift.
- Risky copied MCP examples such as `.mcp.json.sample`, `.mcp.json.template`, `.mcp.json.disabled`, and nested `mcp_config.json.example` files with unpinned commands or remote endpoints.
- Broad Claude Code allow rules such as `Bash(npm *)` and `Read(~/**)`. Scoped grants (`WebFetch(domain:example.com)`, `mcp__github__get_issue`) are recognized as narrow and not flagged.
- Removed Claude Code deny rules for sensitive files such as `.env`.
- Claude Code hook changes: **removed**, **added**, and **command-changed** (a strict `PreToolUse` swapped for a no-op script is the same risk as a removal — both are now caught).
Expand Down
1 change: 1 addition & 0 deletions docs/PILOT.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ Useful checks during the trial:

- Did ScopeTrail catch real permission drift?
- Did any warning feel noisy or too broad?
- Did sample/template/disabled MCP config findings correctly stay separate from active MCP server drift?
- Did it miss an agent config surface your repository uses?
- Would a team workflow need cross-repo visibility, policy ownership, exception workflow, or reporting?

Expand Down
4 changes: 3 additions & 1 deletion docs/TRUST.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ ScopeTrail is a local-only GitHub Action and CLI for reviewing AI-agent permissi

## What It Reads

ScopeTrail reads the checked-out repository and compares supported agent configuration files between the pull request base and head refs. Supported files include `.mcp.json`, `.cursor/mcp.json`, `.vscode/mcp.json`, `.codeium/windsurf/mcp_config.json`, `.claude/settings.json`, and `.codex/config.toml`.
ScopeTrail reads the checked-out repository and compares supported agent configuration files between the pull request base and head refs. Supported active files include `.mcp.json`, `.cursor/mcp.json`, `.vscode/mcp.json`, `.codeium/windsurf/mcp_config.json`, `.claude/settings.json`, and `.codex/config.toml`.

ScopeTrail also reviews sample/template/disabled MCP config files such as `.mcp.json.sample`, `.mcp.json.template`, `.mcp.json.disabled`, `.mcp.json.example`, and nested `mcp_config.json.example` variants. Those findings are reported separately from active MCP server drift so copied examples can be reviewed without implying they are live configuration.

In GitHub Actions, `fetch-depth: 0` is required so ScopeTrail can compare the pull request base and head commits instead of only seeing the latest checkout.

Expand Down
12 changes: 12 additions & 0 deletions test/public-docs.test.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,18 @@ test('trust doc describes local-only advisory GitHub Action behavior', async ()
assert.match(trust, /does not provide a security guarantee/i);
});

test('public docs describe active and sample MCP config coverage', async () => {
const readme = await readProjectFile('README.md');
const trust = await readProjectFile('docs', 'TRUST.md');
const pilot = await readProjectFile('docs', 'PILOT.md');

assert.match(readme, /sample\/template\/disabled MCP config drift/i);
assert.match(readme, /\.mcp\.json\.sample/);
assert.match(readme, /mcp_config\.json\.example/);
assert.match(trust, /sample\/template\/disabled MCP config files/i);
assert.match(pilot, /sample\/template\/disabled MCP config findings/i);
});

test('adoption checklist defines advisory-first rollout and feedback path', async () => {
const adoption = await readProjectFile('docs', 'ADOPTION.md');

Expand Down