Rokad
Toute la documentation
Documentation dvar

MCP and lockfiles

Scan MCP servers, review capability drift, generate dvar.lock.json, and proxy tools through Dvar.

Voir le dépôt
Documentation dvar
Page 3 sur 6

Dvar can inspect and enforce Model Context Protocol tool boundaries without trusting server descriptions blindly. The review workflow is based on inventories, semantic diffs, and explicit lockfiles.

Scan an MCP server

bash
npx dvar scan https://mcp.example.com/mcp \
  --server-id production-crm \
  --out dvar.inventory.json

The inventory records observed server metadata, tool names, descriptions, schemas, annotations, inferred capabilities, destinations, risk, and canonical hashes.

Review and lock

bash
npx dvar diff dvar.inventory.json --lockfile dvar.lock.json
npx dvar lock dvar.inventory.json --out dvar.lock.json

Scanning does not mutate dvar.lock.json. A lockfile is an approval record. Treat changes to schemas, descriptions, annotations, destinations, or capabilities as review events.

Enforce MCP calls

bash
npx dvar proxy \
  --upstream https://mcp.example.com/mcp \
  --server-id production-crm \
  --policy dvar.yaml \
  --lockfile dvar.lock.json \
  --listen 127.0.0.1:4319

Point the MCP client at the local proxy. Dvar evaluates tools/call before forwarding the request upstream.

Integrity policy

yaml
integrity:
  requireLockfile: true
  onUnknownServer: deny
  onUnknownTool: require_approval
  onDescriptionChange: require_approval
  onSchemaChange: deny
  onCapabilityExpansion: deny

In strict mode, undeclared integrity failures fail closed. In monitor mode, Dvar forwards the call but records would_deny or would_require_approval.

Security boundary

A lockfile proves reviewed inventory continuity. It does not prove that a remote server implementation is benign. Keep application authorization, tenant checks, OAuth scopes, network controls, and secrets management in place.