{"id":50454124,"url":"https://github.com/mizcausevic-dev/mcp-policy-lab","last_synced_at":"2026-06-01T01:05:40.137Z","repository":{"id":357949537,"uuid":"1239250449","full_name":"mizcausevic-dev/mcp-policy-lab","owner":"mizcausevic-dev","description":"Python FastAPI service for evaluating MCP server and tool policies, trust posture, destructive-action controls, and operator-facing review workflows.","archived":false,"fork":false,"pushed_at":"2026-05-14T23:57:29.000Z","size":33,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-15T01:39:53.691Z","etag":null,"topics":["ai-governance","backend","control-plane","fastapi","mcp","platform-security","policy-engine","portfolio","python","tool-governance"],"latest_commit_sha":null,"homepage":"https://kineticgain.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mizcausevic-dev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-14T23:04:13.000Z","updated_at":"2026-05-14T23:57:33.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mizcausevic-dev/mcp-policy-lab","commit_stats":null,"previous_names":["mizcausevic-dev/mcp-policy-lab"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/mizcausevic-dev/mcp-policy-lab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmcp-policy-lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmcp-policy-lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmcp-policy-lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmcp-policy-lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mizcausevic-dev","download_url":"https://codeload.github.com/mizcausevic-dev/mcp-policy-lab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmcp-policy-lab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33755379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-governance","backend","control-plane","fastapi","mcp","platform-security","policy-engine","portfolio","python","tool-governance"],"created_at":"2026-06-01T01:05:40.071Z","updated_at":"2026-06-01T01:05:40.129Z","avatar_url":"https://github.com/mizcausevic-dev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MCP Policy Lab\r\n\r\nPython and FastAPI control surface for **evaluating MCP server trust posture**, destructive-action controls, schema hygiene, and operator-facing review workflows.\r\n\r\n\u003e **What this repo proves**\r\n\u003e\r\n\u003e MCP governance is not just about what tools exist. It is about whether those tools are reviewable, approvable, and safe enough to expose in production operator workflows.\r\n\r\n## Why this repo exists\r\n\r\nMany MCP examples stop at connectivity. Real platform and security teams need a different answer:\r\n\r\n- which servers deserve trust now\r\n- which tools should be held behind human approval\r\n- where schema coverage is too weak for safe review\r\n- where evidence retention is too thin to survive an incident review\r\n\r\n`mcp-policy-lab` models that policy layer directly. It evaluates MCP servers and tools, assigns `stable`, `review`, or `contain` posture, and gives operators a queue of what to inspect next.\r\n\r\n## Screenshots\r\n\r\n![Overview](./screenshots/01-overview.svg)\r\n![Policy queue](./screenshots/02-policy-queue.svg)\r\n![Tool matrix](./screenshots/03-tool-matrix.svg)\r\n![Audit methodology](./screenshots/04-audit-methodology.svg)\r\n\r\n## What it includes\r\n\r\n- FastAPI service with HTML proof surfaces and JSON APIs\r\n- sample MCP server inventory with tool-level risk classes\r\n- posture scoring for auth model, network zone, approval hygiene, schema coverage, and evidence retention\r\n- operator queue for `review` and `contain` lanes\r\n- SVG proof assets generated from the same service state\r\n- unit tests, smoke checks, and GitHub Actions CI\r\n\r\n## Local run\r\n\r\n```powershell\r\ncd mcp-policy-lab\r\npy -3.11 -m venv .venv\r\n.\\.venv\\Scripts\\pip.exe install -r requirements.txt\r\n.\\.venv\\Scripts\\python.exe -m app.main\r\n```\r\n\r\nOpen:\r\n\r\n- [http://127.0.0.1:4926/](http://127.0.0.1:4926/)\r\n- [http://127.0.0.1:4926/policies](http://127.0.0.1:4926/policies)\r\n- [http://127.0.0.1:4926/tool-matrix](http://127.0.0.1:4926/tool-matrix)\r\n- [http://127.0.0.1:4926/audit](http://127.0.0.1:4926/audit)\r\n- [http://127.0.0.1:4926/docs](http://127.0.0.1:4926/docs)\r\n\r\nIf the port is busy:\r\n\r\n```powershell\r\n$env:PORT = \"4930\"\r\n.\\.venv\\Scripts\\python.exe -m app.main\r\n```\r\n\r\n## Validation\r\n\r\n```powershell\r\n.\\.venv\\Scripts\\python.exe -m unittest discover -s tests\r\n.\\.venv\\Scripts\\python.exe scripts\\run_demo.py\r\n.\\.venv\\Scripts\\python.exe scripts\\smoke_check.py\r\n.\\.venv\\Scripts\\python.exe scripts\\render_readme_assets.py\r\n```\r\n\r\n## API routes\r\n\r\n- `GET /api/dashboard/summary`\r\n- `GET /api/servers`\r\n- `GET /api/servers/{server_id}`\r\n- `GET /api/tools`\r\n- `GET /api/evaluations`\r\n- `GET /api/sample`\r\n\r\n## Repo layout\r\n\r\n```text\r\napp/\r\n  data/\r\n  services/\r\ndocs/\r\nscripts/\r\nscreenshots/\r\ntests/\r\n```\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fmcp-policy-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmizcausevic-dev%2Fmcp-policy-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fmcp-policy-lab/lists"}