← Back to Daily Builds

Daily build note · June 1, 2026

MCP ToolScope

MCP ToolScope is a local-first CLI and service kit that inventories the tool surface available to AI agents, classifies risky tools, and generates reviewable allowlists before agents mutate...

MCP Toolscope Scan Build note published Public demo coming soon

What shipped

This build implements a focused local MVP for mcp-toolscope:

  • Dependency-free Python CLI with init, samples, scan, and validate commands.
  • Static discovery for common MCP and agent files.
  • Manual tools.manifest.yaml support for tools that cannot be discovered automatically.
  • Deterministic risk classification and severity assignment.
  • Markdown, JSON, and YAML allowlist artifact generation.
  • Seeded sample workspace for a no-secret demo flow.
  • Unit tests and a smoke script.

Architecture

  • Python 3.11 standard library only, so the scanner is easy to inspect and run locally.
  • Static file scanning instead of live MCP protocol introspection.
  • Deterministic keyword rules in mcp_toolscope/classifier.py instead of LLM-based classification.
  • A tiny YAML subset reader/writer with optional PyYAML support when available.
  • Structured JSON report as the stable output for future dashboards or CI integrations.
  • Starter allowlist generation separated from scanning so policy logic can evolve independently.

Trimmed scope

The MVP deliberately omits:

  • Hosted dashboard or report history.
  • Runtime enforcement or approval proxy.
  • Live OAuth, token brokerage, or credential testing.
  • Running MCP servers to introspect live tool schemas.
  • GitHub/Slack/Stripe API calls.
  • Full support for every possible MCP client config shape.

Limitations

  • Classification is keyword-based and can over-classify ambiguous tools.
  • YAML fallback supports the simple subset used by the generated manifests, not every YAML feature.
  • .codex/config.toml support covers common mcp_servers tables only.
  • Reports show a current-state snapshot, not scan diffs.
  • Allowlists are starter recommendations and are not enforcement.

Verification

Run:

``bash python -m unittest bash scripts/smoke_demo.sh ``

The smoke script creates /tmp/toolscope-demo, scans it, validates artifacts, and prints the generated Markdown report path.

Suggested next steps

  • Add report diffing between two JSON scans.
  • Add CI mode with configurable failure thresholds.
  • Support more MCP client config variants.
  • Add richer owner/log/credential policy checks.
  • Add optional live MCP introspection for teams that want deeper schema coverage.
  • Package the scanner as a signed single-file binary or installer for client audits.