Deterministic MCP server for validating release hygiene in local repositories
Project description
mcp-release-guardian
Deterministic MCP server for validating release hygiene in local repositories. Network-free, read-only, governance-grade outputs.
Overview
mcp-release-guardian exposes three tools via the Model Context Protocol:
| Tool | What it does |
|---|---|
check_repo_hygiene |
Seven file/directory presence checks: package definition, LICENSE, README, bug report template, CI workflows, V1 contract doc, determinism notes doc |
check_version_alignment |
Reads pyproject.toml [project].version and compares it to an optional expected tag |
generate_release_checklist |
Generates a deterministic markdown checklist based on local repo state |
All tools are:
- Network-free — no external API calls, ever
- Read-only — no writes to the target repository
- Fail-closed — unresolvable state marks that result as failed, not passed
Quickstart
Install
pip install mcp-release-guardian
Or with uv:
uv tool install mcp-release-guardian
Run the server manually
mcp-release-guardian
The server starts on stdio and waits for MCP messages.
Claude Desktop configuration
Add the following block to your claude_desktop_config.json
(~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"mcp-release-guardian": {
"command": "mcp-release-guardian",
"args": []
}
}
}
If you installed with uv tool:
{
"mcpServers": {
"mcp-release-guardian": {
"command": "uvx",
"args": ["mcp-release-guardian"]
}
}
}
Restart Claude Desktop after editing the config.
Tool usage examples
check_repo_hygiene
Input:
{
"repo_path": "/ABS/PATH/TO/REPO"
}
Example response:
{
"tool": "check_repo_hygiene",
"repo_path": "/ABS/PATH/TO/REPO",
"ok": true,
"checks": [
{ "check_id": "has_package_definition", "ok": true, "details": "Found pyproject.toml" },
{ "check_id": "has_license", "ok": true, "details": "Found LICENSE" },
{ "check_id": "has_readme", "ok": true, "details": "Found README.md" },
{ "check_id": "has_bug_report_template", "ok": true, "details": "Found .github/ISSUE_TEMPLATE/bug_report.yml" },
{ "check_id": "has_ci_workflows", "ok": true, "details": "Found .github/workflows/" },
{ "check_id": "has_v1_contract", "ok": true, "details": "Found docs/V1_CONTRACT.md" },
{ "check_id": "has_determinism_notes", "ok": true, "details": "Found docs/DETERMINISM_NOTES.md" }
],
"fail_closed": false
}
ok is true only when all seven checks pass. fail_closed equals not ok.
check_version_alignment
Input:
{
"repo_path": "/path/to/my-project",
"expected_tag": "v1.2.0"
}
expected_tag is optional. When omitted, the tool returns version metadata without performing a comparison.
Example response (match):
{
"tool": "check_version_alignment",
"repo_path": "/path/to/my-project",
"ok": true,
"expected_tag": "v1.2.0",
"detected": {
"version": "1.2.0",
"source": "pyproject.toml"
},
"details": "Version 1.2.0 matches expected tag v1.2.0",
"fail_closed": false
}
Example response (version absent — fail-closed):
{
"tool": "check_version_alignment",
"repo_path": "/path/to/my-project",
"ok": false,
"expected_tag": "v1.2.0",
"detected": {
"version": null,
"source": null
},
"details": "Could not detect version: pyproject.toml missing or [project].version absent",
"fail_closed": true
}
Version is read exclusively from pyproject.toml [project].version. The leading v in expected_tag is stripped before comparison.
generate_release_checklist
Input:
{
"repo_path": "/path/to/my-project",
"target_tag": "v1.2.0"
}
Example response:
{
"tool": "generate_release_checklist",
"repo_path": "/path/to/my-project",
"target_tag": "v1.2.0",
"checklist_markdown": "# Release Checklist — v1.2.0\n\n## Version alignment\n...",
"inputs_used": {
"detected_version": "1.2.0",
"has_ci_workflows": true,
"has_bug_template": true
},
"fail_closed": false
}
fail_closed is true when detected_version is null (version undetectable). The checklist covers: version alignment, test run, tag creation, release notes, and adoption hooks verification.
Development
git clone https://github.com/YOUR_ORG/mcp-release-guardian.git
cd mcp-release-guardian
pip install -e .
pytest -q
See docs/V1_CONTRACT.md for the frozen tool contracts
and docs/DETERMINISM_NOTES.md for the
determinism and fail-closed design rationale.
See docs/EXAMPLE_OUTPUTS.md for canonical example outputs.
License
MIT — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_release_guardian-0.1.4.tar.gz.
File metadata
- Download URL: mcp_release_guardian-0.1.4.tar.gz
- Upload date:
- Size: 15.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
769e42602536ee8bf9ebfab9891a623dc954218fb0ae679844588a93b0d39a8d
|
|
| MD5 |
8502979202fc3454538d38839e8b3a84
|
|
| BLAKE2b-256 |
53cf2e1c0bd62c8832f1f61b9006929f5870f13b7742f3a77308143651ee470e
|
File details
Details for the file mcp_release_guardian-0.1.4-py3-none-any.whl.
File metadata
- Download URL: mcp_release_guardian-0.1.4-py3-none-any.whl
- Upload date:
- Size: 8.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
77c6ea52da71e23d2e4e4e22af5ef6ab58763d2a5a7b855b8fd8525bad330445
|
|
| MD5 |
9e8ee0791c547c66750b00c2d5a2aa87
|
|
| BLAKE2b-256 |
7fe9c1495dc8850a8e5affeee4a708287117e67864598f828bae182c0c2b3188
|
