Skip to main content

MCP install governance

ToolPin

Pre-1.0 beta · Apache-2.0 · review aids, not a safety guarantee

The missing review gate between MCP registries and the AI clients that run servers with your credentials. Inspect the install, write exact client config, commit mcp-lock.json, and fail CI when the reviewed state drifts.

Guided installs · Official/Docker metadata · 12 MCP clients · enforcing lockfile · local CI and policy

QuickstartCLI reference

Illustrative example — io.github.10iii/air is a placeholder server, not a real registry entry.

$ tpn i github
Search, review trust evidence, and preview the equivalent command.
No config or lockfile writes happen until explicit confirmation.

$ toolpin install io.github.10iii/air --client claude --verify
Resolving io.github.10iii/air from all registry source...
Installing io.github.10iii/air@0.2.8 into claude project config...

Install
--------
  server     io.github.10iii/air@0.2.8
  registry   official
  trust      87/100
  verify     passed
  scope      project folder
  clients    claude

  claude project
  config     updated: .mcp.json
  lock       mcp-lock.json updated
  - Project MCP config written.
  - Requires Node.js and npm/npx on PATH.
  done       installed for claude
{}mcp-lock.jsonsha256-9f2c3e...
toolpin ci --live · ready for required checks
{
  "lockfileVersion": 2,
  "servers": {
    "io.github.10iii/air:claude": {
      "name": "io.github.10iii/air",
      "version": "0.2.8",
      "client": "claude",
      "integrity": "sha256-9f2c3e..."
    }
  }
}

Why teams care

MCP servers are not editor themes. They can expose tools, credentials, local process access, and network access to an agent. ToolPin makes the approval visible.

Lockfiles as gates

Commit mcp-lock.json and run toolpin ci so pull requests fail when reviewed install plans drift.

Multi-client config

Generate JSON, TOML, or YAML for Claude, Cursor, VS Code, Codex, OpenCode, Continue, Gemini CLI, and more.

Honest trust checks

ToolPin separates metadata completeness from evidence-gated verification, including npm integrity, OCI digest, and allowlisted MCPB hash checks.

Not another catalog

Registries find servers. Gateways govern runtime. ToolPin owns the repo-level layer between them: reviewed config, lockfile, and CI enforcement.