mcp-release-guardian
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-release-guardiangenerate release checklist for /home/user/project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-release-guardian
Deterministic MCP server for validating release hygiene in local repositories. Network-free, read-only, governance-grade outputs.
Release Discipline & Guarantees
Governance Template
This repository includes a reusable scaffold for building deterministic, governance-grade MCP servers:
template/— copy/paste starter structure (README, pyproject, CI workflows, docs templates)template/ADOPTING_THIS_TEMPLATE.md— minimal adoption steps and guardrails
mcp-release-guardian is intentionally minimal and governance-oriented.
Contract stability
V1 tool schemas are frozen.
No behavioral changes without explicit phase reopening.
Canonical JSON outputs documented in
docs/EXAMPLE_OUTPUTS.md.
Determinism
Network-free execution.
Read-only repository inspection.
Fail-closed semantics enforced.
Design rationale documented in
docs/DETERMINISM_NOTES.md.
Reproducibility
Published to PyPI.
CI-validated on push.
Tag-triggered PyPI install smoke test ensures external install integrity.
See docs/V1_CONTRACT.md for the authoritative contract.
Overview
mcp-release-guardian exposes three tools via the Model Context Protocol:
Tool | What it does |
| Seven file/directory presence checks: package definition, LICENSE, README, bug report template, CI workflows, V1 contract doc, determinism notes doc |
| Reads |
| Generates a deterministic markdown checklist based on local repo state |
All tools are:
Network-free — no external API calls, ever
Read-only — no writes to the target repository
Fail-closed — unresolvable state marks that result as failed, not passed
Quickstart
Install
pip install mcp-release-guardianOr with uv:
uv tool install mcp-release-guardianRun the server manually
mcp-release-guardianThe server starts on stdio and waits for MCP messages.
Claude Desktop configuration
Add the following block to your claude_desktop_config.json
(~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"mcp-release-guardian": {
"command": "mcp-release-guardian",
"args": []
}
}
}If you installed with uv tool:
{
"mcpServers": {
"mcp-release-guardian": {
"command": "uvx",
"args": ["mcp-release-guardian"]
}
}
}Restart Claude Desktop after editing the config.
Tool usage examples
check_repo_hygiene
Input:
{
"repo_path": "/ABS/PATH/TO/REPO"
}Example response:
{
"tool": "check_repo_hygiene",
"repo_path": "/ABS/PATH/TO/REPO",
"ok": true,
"checks": [
{ "check_id": "has_package_definition", "ok": true, "details": "Found pyproject.toml" },
{ "check_id": "has_license", "ok": true, "details": "Found LICENSE" },
{ "check_id": "has_readme", "ok": true, "details": "Found README.md" },
{ "check_id": "has_bug_report_template", "ok": true, "details": "Found .github/ISSUE_TEMPLATE/bug_report.yml" },
{ "check_id": "has_ci_workflows", "ok": true, "details": "Found .github/workflows/" },
{ "check_id": "has_v1_contract", "ok": true, "details": "Found docs/V1_CONTRACT.md" },
{ "check_id": "has_determinism_notes", "ok": true, "details": "Found docs/DETERMINISM_NOTES.md" }
],
"fail_closed": false
}ok is true only when all seven checks pass. fail_closed equals not ok.
check_version_alignment
Input:
{
"repo_path": "/path/to/my-project",
"expected_tag": "v1.2.0"
}expected_tag is optional. When omitted, the tool returns version metadata without performing a comparison.
Example response (match):
{
"tool": "check_version_alignment",
"repo_path": "/path/to/my-project",
"ok": true,
"expected_tag": "v1.2.0",
"detected": {
"version": "1.2.0",
"source": "pyproject.toml"
},
"details": "Version 1.2.0 matches expected tag v1.2.0",
"fail_closed": false
}Example response (version absent — fail-closed):
{
"tool": "check_version_alignment",
"repo_path": "/path/to/my-project",
"ok": false,
"expected_tag": "v1.2.0",
"detected": {
"version": null,
"source": null
},
"details": "Could not detect version: pyproject.toml missing or [project].version absent",
"fail_closed": true
}Version is read exclusively from pyproject.toml [project].version. The leading v in expected_tag is stripped before comparison.
generate_release_checklist
Input:
{
"repo_path": "/path/to/my-project",
"target_tag": "v1.2.0"
}Example response:
{
"tool": "generate_release_checklist",
"repo_path": "/path/to/my-project",
"target_tag": "v1.2.0",
"checklist_markdown": "# Release Checklist — v1.2.0\n\n## Version alignment\n...",
"inputs_used": {
"detected_version": "1.2.0",
"has_ci_workflows": true,
"has_bug_template": true
},
"fail_closed": false
}fail_closed is true when detected_version is null (version undetectable). The checklist covers: version alignment, test run, tag creation, release notes, and adoption hooks verification.
Development
git clone https://github.com/YOUR_ORG/mcp-release-guardian.git
cd mcp-release-guardian
pip install -e .
pytest -qSee docs/V1_CONTRACT.md for the frozen tool contracts
and docs/DETERMINISM_NOTES.md for the
determinism and fail-closed design rationale.
See docs/EXAMPLE_OUTPUTS.md for canonical example outputs.
License
MIT — see LICENSE.
Governance / Contract Status (Tier 1)
This MCP guardian is intended to be governance-grade infrastructure.
Tier 1 guarantees
Deterministic output for the same inputs and environment constraints
Network-free evaluation (no implicit network calls)
Read-only evaluation (does not write to the target repo)
Fail-closed posture: inability to evaluate reliably yields a failing result (never permissive)
V1 contract: output semantics are stable under the v1 label; breaking/semantic changes require v2+ with migration notes
How to interpret results
okindicates policy success for this guardian (compliance passed)fail_closedindicates a safety posture: if true, treat the run as a hard stop for automationWhen
okis false andfail_closedis true, the guardian is explicitly refusing to approve under uncertainty
Reproducibility
For orchestration use-cases, a clean-room run should:
install a pinned guardian version (e.g.,
mcp-release-guardian==<version>)produce canonical JSON output (stable sorting / deterministic serialization)
remain network-free and read-only
If you are running via an orchestrator, treat orchestrator wrapper execution success as distinct from guardian policy success.
Tier 2 Compatibility (Multi-Guardian Composition)
This guardian is designed to operate safely under multi-guardian orchestration.
Composition assumptions:
It does not mutate shared state.
It does not depend on execution order relative to other guardians.
Its
okandfail_closedsemantics are self-contained and do not rely on wrapper-level aggregation.Missing dependency or execution failure results in explicit fail-closed behavior (e.g., guardian_import_failed when invoked via orchestrator).
Under V1 semantics:
Policy decisions should be derived from guardian-level fields.
Orchestrator wrapper execution success MUST NOT be interpreted as policy approval.
This guardian is Tier 2 compatible under the aggregation model defined in: https://github.com/curtis-d-williams/governance-blueprints
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/curtis-d-williams/mcp-release-guardian'
If you have feedback or need assistance with the MCP directory API, please join our Discord server