ocentra-enforcer
OfficialSupports integration with plain Git hooks to enforce rules locally.
Enables enforcement rules to be run as part of GitHub Actions workflows.
Supports integration with Lefthook for managing Git hooks with enforcement rules.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ocentra-enforcerexplain rule RR-7.3"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Ocentra Enforcer
Standalone enforcement system for humans, CI, Codex skills, and MCP clients. Rust, TypeScript/JavaScript, Python, common security/generated-artifact guards, compact harness diagnostics, generic coordination, and architecture gates are implemented as the first reusable platform slice.
Default consumption is package plus Codex plugin/MCP. Git submodules are allowed only for projects that need source pinning; they are not the default install model.
1. Hard Gates Over Trust
Rules, AGENTS files, and skill docs are guidance, not enforcement. They help a strong model choose the right path and they save tokens with indexed routing, but models can miss rules when context is full, a smaller model is used, or the task pressure is high. Humans can miss or bypass the same rules.
Ocentra Enforcer is built on zero trust for AI and humans. The point is not to hope the writer remembers every rule; the harness, hooks, MCP tools, and CI gates must reject bad code before it is accepted. A normal flow is:
Route to the smallest relevant rule docs.
Validate the exact file, crate, package, or repo scope.
Store compact structured diagnostics instead of forcing agents to read raw terminal walls.
Hard-fail violations in local runs, pre-commit, PR checks, and CI.
Policy therefore has two layers:
Indexed rules explain what to do and keep agent context small.
Validators and harness checks decide whether the work is accepted.
Every enforced rule must keep that dual shape. A TS-*, PY-*, RR-*, or
common SEC-*/TEST-*/SRC-* finding is not just a lint message: it must have
a rules/rules.json registry entry, a routed rule doc, a validator that emits
the same ruleId, and an explain/MCP path that tells Codex which rule to read
next. JSON and MCP reports include a doc anchor on findings for that reason.
If docs and validators disagree, the hard gate wins. Fix the code, fix the docs, or strengthen the validator; do not add bypass comments or weaken checks to make an agent pass.
Related MCP server: mcp-lint-tools
2. Indexed Decision Trees Save Context
Long plans, AGENTS files, workpacks, and rulebooks can consume the same context the agent needs for the actual implementation. Ocentra Enforcer treats those documents as routed knowledge, not default reading.
The intended pattern is:
Read a small index or decision matrix first.
Classify the task by language, files, scope, risk, and command.
Open only the rule docs and workpack sections that apply.
Fall back to broad reading only when the route is unknown or policy itself is being changed.
This gives large models less noise and gives small models a bounded path they can follow. The route is also machine-readable, so Codex or another MCP client can ask for the relevant rule IDs and docs before scanning or editing.
3. Structured Diagnostics Save Tokens
Raw command output is a poor agent interface. cargo check, test runners,
linters, and security tools often produce duplicate lines, progress noise, and
large terminal walls that burn context before the agent reaches the real failure.
Ocentra Enforcer runs commands through a harness that keeps the full raw artifacts, then emits compact structured data:
Raw stdout and stderr are preserved for audit and fallback.
NDJSON events and diagnostics capture the useful facts.
DuckDB-backed queries are the intended compact retrieval path when available.
MCP tools expose last failure, diagnostics by run, file, rule, severity, crate, package, test, and artifact.
The agent should normally ask the harness for the last failure or scoped diagnostics instead of reading the full terminal dump. Raw logs remain available only when the compact result is not enough.
4. Coordination Belongs Outside Product Repos
Lane ownership, hub mail, exact-file claims, worker/task status, peer sync, and
Codex hook write-safety are harness concerns. They should not live inside a
product repo. Ocentra Parent currently has legacy tools/ocentra-ledger and
tools/no-reexports surfaces, but those are migration sources, not the target
architecture.
See docs/COORDINATION.md for the full hub/ledger/mail model, storage layout, sync contract, safety decisions, and MCP/CLI workflow.
The generic direction is:
Enforcer owns coordination and architecture tooling.
A target repo only keeps configuration and thin command aliases.
Live coordination state stays under the Enforcer install ledger root, normally
<enforcer-install>/.ledger/<hub>.Parent is the first consumer fixture, not a hardcoded owner.
Coordination MCP tools return compact machine-readable write-safety decisions:
canInspect, canLockPaths, canWriteClaimedPaths, mustWait, and
mustRepairLedger. Agents should use those instead of reading giant lane/worker
terminal dumps.
The lock model is deterministic:
Same project, same worktree, same file is a hard
writeLock.Different worktree, same branch, same file is a hard
branchWriteConflict.Different branch, same file is a
mergeRiskwarning for edit and a blocker forpr_readyunless waived.Lockfiles, generated contracts/schema outputs, migrations, release files, and workflow config are
globalWriteLocksingleton paths by default.Blocked edit claims can use
onConflict=intent; release sends mail to the next queued lane, which must re-read before editing.
Coordination also exposes a presence matrix. It answers which PC, project, worktree, branch, Codex thread/session, lane, task, inbox, and exact-file claims are active. Canonical truth is still append-only NDJSON streams under the install ledger root. Generated JSON views and the optional SQLite read index are disposable and can be rebuilt from streams after local writes, compaction, or LAN/WAN peer sync.
LAN/WAN sync uses stream manifests plus suffix transfer. Peers compare event counts and tail hashes, transfer only missing NDJSON lines, and write conflict copies instead of overwriting divergent streams. The transport can be direct LAN HTTP or a token-protected mesh/tunnel endpoint such as Tailscale, Cloudflare Tunnel, WireGuard, or HTTPS.
During migration from legacy Parent wrappers, coordination event hashes use the
v1 ledger envelope so old readers and Enforcer agree. Enforcer still stores
extended context metadata for presence, but extension metadata is not part of
the v1 wire hash. If an early Enforcer build wrote context-hashed events into a
live legacy ledger, run coordination repair legacy-hash first as a dry-run,
then rerun with --write after reviewing the backup paths.
If doctor reports sequence break or previous event pointer does not match stream tip, run coordination repair sequence as a dry-run, then rerun with
--write after reviewing changed streams and backup paths. If health still
reports stale ownership conflicts after stream repair, use
coordination repair stale-claims --paths <exact-paths> to inspect the matching
claims. Add --owner <writer> to preserve one active owner, or omit --owner
to clear all active claims for the exact paths. The write form appends a
claim.resolve event; it does not delete historical stream lines.
For subagents, prefer unique child lanes such as codex-a-parser or
codex-a-ui instead of multiple sessions trying to own the same codex-a
lease. The coordinator can keep the parent lane, while child lanes use exact
file claims and coordination health/guard for write safety. Same-lane work is
only safe when one process owns the lease or the environment has moved fully to
Enforcer claim checks without legacy wrapper lease enforcement.
5. Proof Claims Need Evidence, Not Hope
Product proof scripts are another zero-trust surface. A PR-ready or workpack claim is not accepted because an agent says it ran something; it must point to a fresh proof run with structured output, present artifacts, current commit/scope, and explicit platform capability state.
Enforcer now owns the generic proof harness:
proof/INDEX.mdroutes by files, plan, capability, or proof id.proof/proofs.jsonis the machine-readable proof registry.Proof runs are stored locally under the target repo at
.enforce/proofs.Raw logs and screenshots stay local or CI-artifact-only by default.
proof claim --pr-readyrejects missing, stale, manual-required, failed, or artifact-broken claims.
This is the migration path for repos like Ocentra Parent that accumulated many
bespoke scripts/test/*proof*.mjs files. Product repos should expose source,
generated artifacts, config, and domain expectations. Enforcer should own the
runner, proof inventory, compact diagnostics, retention, and MCP query surface.
Commands
npm test
npm run test:rules
npm run test:mcp
npm run enforcer:init:dry-run
npm run codex:install:dry-run
npm run codex:doctor
npm run enforcer:rules:scan
npm run enforcer:rules
npm run proof:smoke
npm run proof:run:smokeDirect CLI forms:
node scripts/rust-rules.mjs init --root C:/path/to/repo --profile strict --adapters codex,mcp,precommit,github-actions --dry-run
node scripts/rust-rules.mjs codex install --dry-run
node scripts/rust-rules.mjs codex install
node scripts/rust-rules.mjs codex doctor
node scripts/rust-rules.mjs codex install --root C:/path/to/repo --profile strict --dry-run
node scripts/rust-rules.mjs scan --root C:/path/to/repo --files src/lib.rs
node scripts/rust-rules.mjs scan --root C:/path/to/repo --crate my-crate
node scripts/rust-rules.mjs scan --root C:/path/to/repo --workspace
node scripts/rust-rules.mjs scan --root C:/path/to/repo --base origin/main --head HEAD
node scripts/rust-rules.mjs scan --root C:/path/to/repo --languages typescript,python,common --files src tests
node scripts/rust-rules.mjs check no-zod-source --root C:/path/to/repo --files src/index.ts
node scripts/rust-rules.mjs check validation-bypass --root C:/path/to/repo --files src/index.ts
node scripts/rust-rules.mjs check weak-assertions --root C:/path/to/repo --files tests/example.test.ts
node scripts/rust-rules.mjs check placeholder-implementation --root C:/path/to/repo --files src/index.ts
node scripts/rust-rules.mjs check source-shape --root C:/path/to/repo --workspace
node scripts/rust-rules.mjs check single-source-contracts --root C:/path/to/repo --check-config scripts/check-single-source-contracts.json
node scripts/rust-rules.mjs check sbom --root C:/path/to/repo --output target/security --dry-run
node scripts/rust-rules.mjs cargo --root C:/path/to/repo --crate my-crate
node scripts/rust-rules.mjs doctor --root C:/path/to/repo --workspace
node scripts/rust-rules.mjs explain RR-7.3
node scripts/rust-rules.mjs run --root C:/path/to/repo --tool tsc -- npx tsc --noEmit --pretty false
node scripts/rust-rules.mjs runs last-failure --root C:/path/to/repo --json
node scripts/rust-rules.mjs proof route --root C:/path/to/repo --files scripts/test/example-proof.mjs --json
node scripts/rust-rules.mjs proof inventory --root C:/path/to/repo --json
node scripts/rust-rules.mjs proof inventory --root C:/path/to/repo --include-scripts --limit 20 --json
node scripts/rust-rules.mjs proof run --root C:/path/to/repo --proof PROOF-COMMAND-GENERIC --json -- node --version
node scripts/rust-rules.mjs proof claim --root C:/path/to/repo --proof PROOF-COMMAND-GENERIC --pr-ready --json
node scripts/rust-rules.mjs proof last-failure --root C:/path/to/repo --json
node scripts/rust-rules.mjs coordination init my-hub --lane codex-a --hub my-hub
node scripts/rust-rules.mjs coordination doctor --hub my-hub
node scripts/rust-rules.mjs coordination presence --hub my-hub
node scripts/rust-rules.mjs coordination index --hub my-hub
node scripts/rust-rules.mjs coordination manifest --hub my-hub
node scripts/rust-rules.mjs coordination peer add office http://office-pc:8787 --mode pull --hub my-hub
node scripts/rust-rules.mjs coordination sync --peer office --hub my-hub
node scripts/rust-rules.mjs coordination claim --hub my-hub --lane codex-a --paths src/lib.rs --operation edit --on-conflict intent --reason "exact file claim"
node scripts/rust-rules.mjs coordination guard --hub my-hub --lane codex-a --paths src/lib.rs --operation commit --json
node scripts/rust-rules.mjs coordination release --hub my-hub --lane codex-a --paths src/lib.rs --reason "exact file release"
node scripts/rust-rules.mjs coordination repair legacy-hash --hub my-hub
node scripts/rust-rules.mjs coordination repair legacy-hash --hub my-hub --write
node scripts/rust-rules.mjs coordination repair sequence --hub my-hub
node scripts/rust-rules.mjs coordination repair sequence --hub my-hub --write
node scripts/rust-rules.mjs coordination repair stale-claims --hub my-hub --paths src/lib.rs
node scripts/rust-rules.mjs coordination repair stale-claims --hub my-hub --paths src/lib.rs --owner node_abc.codex-a --write
node scripts/rust-rules.mjs architecture check --language rust --scope files --files src/lib.rs --root C:/path/to/repoUse --state-root <exact-hub-root> only for legacy-root repair/import or other
emergency exact-root operations. Normal coordination uses OCENTRA_LEDGER_HOME
from Codex setup plus --hub <hub>.
Proof inventory is summary-only by default so agents do not load hundreds of
legacy proof scripts into context. Use --include-scripts --limit <n> only for
targeted migration batches.
After package install, the canonical entrypoints are:
ocentra-enforcer scan --root C:/path/to/project --files src/lib.rs
ocentra-enforcer-mcpCompatibility aliases remain for one Rust-pack release:
rust-rules scan --root C:/path/to/project --files src/lib.rs
rust-rules-mcpInstall / Init Model
Start with INSTALL.md for a fresh machine or fresh Codex setup. Use docs/CODEX_SETUP.md for MCP and skill wiring, and docs/TARGET_REPO_WIRING.md for target repo setup. For Ocentra Parent migration status, see docs/OCENTRA_PARENT_PARITY.md.
Run the Codex installer from the enforcer install path. By default it is a
global Codex setup: MCP config, user skill, and a managed global AGENTS.md
block. Pass --root only when you also want target repo wiring generated.
ocentra-enforcer codex install --dry-run
ocentra-enforcer codex install
ocentra-enforcer codex install --ledger-root E:/ocentra-enforcer/.ledger
ocentra-enforcer codex doctor
ocentra-enforcer codex install --root C:/path/to/repo --profile strict --dry-run
ocentra-enforcer codex doctor --root C:/path/to/repoThis updates Codex Desktop's global config.toml with an ocentra-enforcer
MCP server, installs the user skill, creates global agent instructions if
missing, and configures OCENTRA_LEDGER_HOME. By default the ledger root is
<enforcer-install>/.ledger, so hubs live under .ledger/<hub> and move with
the Enforcer install. Existing Codex config and global AGENTS.md are backed up
before they are changed. The installer writes TOML directly because
codex mcp add behavior can vary by app/CLI version and has been the most
common setup failure.
For hooks and CI adapters, run init separately:
ocentra-enforcer init --root C:/path/to/repo --profile strict --adapters codex,mcp,precommit,github-actions --dry-run--dry-run prints the exact file plan without writing. The default hook adapter
is a plain Git hook for cross-platform use. Husky is generated only when
requested or when the target repo already uses Husky. Lefthook is opt-in.
MCP runs from the enforcer install path. Target projects always pass root plus
either configPath for project-specific policy or profile for a named pack
policy such as strict or ocentra-parent.
Example global MCP wiring:
{
"mcpServers": {
"ocentra-enforcer": {
"command": "node",
"args": ["C:/path/to/ocentra-enforcer/mcp/rust-rules-mcp.mjs"]
}
}
}Canonical MCP tools:
ocentra_enforcer_route
ocentra_enforcer_scan
ocentra_enforcer_check
ocentra_enforcer_doctor
ocentra_enforcer_explain
ocentra_enforcer_mcp_status
ocentra_enforcer_run
ocentra_enforcer_run_status
ocentra_enforcer_diagnostics
ocentra_enforcer_last_failure
ocentra_enforcer_artifact
ocentra_enforcer_reset_runs
ocentra_enforcer_proof_route
ocentra_enforcer_proof_run
ocentra_enforcer_proof_status
ocentra_enforcer_proof_inventory
ocentra_enforcer_proof_claim
ocentra_enforcer_proof_last_failure
ocentra_enforcer_proof_diagnostics
ocentra_enforcer_proof_artifact
ocentra_enforcer_proof_reset
ocentra_enforcer_proof_prune
ocentra_enforcer_proof_export
ocentra_enforcer_coordination_init
ocentra_enforcer_coordination_health
ocentra_enforcer_coordination_presence
ocentra_enforcer_coordination_index
ocentra_enforcer_coordination_streams
ocentra_enforcer_coordination_sync
ocentra_enforcer_coordination_peer
ocentra_enforcer_coordination_ensure
ocentra_enforcer_coordination_compact
ocentra_enforcer_coordination_notify
ocentra_enforcer_coordination_mail
ocentra_enforcer_coordination_inbox
ocentra_enforcer_coordination_claim
ocentra_enforcer_coordination_release
ocentra_enforcer_coordination_guard
ocentra_enforcer_coordination_report
ocentra_enforcer_coordination_message
ocentra_enforcer_coordination_workers
ocentra_enforcer_coordination_tasksFor broad MCP scan and check calls, prefer compact output controls before
asking Codex to read a full report:
{
"diagnosticLimit": 20,
"groupBy": "slice",
"includeScope": false
}summaryOnly: true returns counts, rule IDs, docs, and optional groups without
individual diagnostics. Direct MCP scan/check calls also update an in-process
validation summary, so ocentra_enforcer_run_status can return the latest
validation summary even when no harness command was run.
Legacy rust_rules_* MCP tool aliases remain for one Rust-pack compatibility
release.
Before direct MCP coordination writes, call ocentra_enforcer_mcp_status.
If it reports stale: true, restart Codex/MCP or call the updated CLI through
ocentra_enforcer_run. Stale MCP processes fail closed for coordination writes
because old code can corrupt live append-only ledger streams.
Also require writeCompatible: true; this is a deterministic hash self-test
that proves extended presence context metadata is excluded from the legacy
wire hash before any direct coordination writer appends to a stream.
ocentra_enforcer_coordination_guard and CLI coordination guard are focused by
default when paths or changedPaths are provided. Findings contain blockers
for the requested changed paths; unrelated lane conflicts or old stream sequence
breaks are returned as bounded globalWarnings with counts. Use
focused: false or CLI --all-conflicts only for broad ledger triage.
Dedicated coordination write tools are not generic action dispatchers:
ocentra_enforcer_coordination_claim rejects action: "release", and release
must use ocentra_enforcer_coordination_release.
MCP setup is intentionally documented in detail because path mistakes are the
most common failure. Run npm run mcp:smoke, npm run mcp:smoke:ndjson, and
npm run codex:doctor from this repo to separate MCP server protocol failures
from Codex app config failures before blaming the rules engine.
Indexed Rules
Agents should read rules/INDEX.md first, call MCP ocentra_enforcer_route,
and then open only the returned docs. docs/RustRules.md remains the legacy
monolithic reference, not the default context load.
rules/rules.json is validated by Effect Schema at runtime and by tests.
JSON-schema-compatible artifacts live under schemas/json/ for docs, MCP
clients, and non-Effect consumers.
Profiles And Severity
Profiles decide what runs, what fails, and what is advisory. The default model is strict about safety, architecture, bypasses, secrets, dependency policy, and test integrity, while documentation/comment checks are warnings unless a project opts into making them hard gates.
{
"profileName": "strict",
"failOn": ["error"],
"rules": {
"DOC-1.1": { "enabled": true, "severity": "warning" },
"TS-2.1": { "severity": "error" }
},
"tools": {
"cargoDoc": { "enabled": false, "severity": "warning" },
"cargoDeny": { "enabled": true, "severity": "error" }
}
}violations are findings whose severity is listed in failOn; they fail CLI,
MCP, hook, and CI gates. warnings are returned in reports but do not fail when
failOn is ["error"]. A project can disable noisy advisory rules with
"enabled": false, or upgrade them with "severity": "error".
Harness Diagnostics
Use ocentra-enforcer run or MCP ocentra_enforcer_run for cargo, npm, tsc,
ESLint, Ruff, Pyright, mypy, pytest, and similar checks. The harness stores raw
stdout/stderr plus schema-shaped NDJSON under the target repo:
.enforce/runs/<runId>/
.enforce/db/Agents should query runs last-failure or ocentra_enforcer_last_failure
before opening raw artifacts.
Main Files
scripts/rust-rules.mjs: CLI compatibility entrypoint, Rust scanner, generic scanner integration, init, route, and harness command handling.mcp/rust-rules-mcp.mjs: MCP stdio server with canonicalocentra_enforcer_*tools and legacyrust_rules_*aliases.server.json: MCP server manifest for registries and future package/plugin consumers.src/: reusable routing, generic scanner, migrated check, path, and harness modules.src/codex-install.mjs: Codex Desktop MCP config installer with idempotent TOML upsert and backup-before-write.schemas/effect/enforcer-schemas.mjs: Effect Schema contract source for configs, profiles, registry, route requests, reports, violations, init, runs, diagnostics, and MCP payloads.schemas/json/*.schema.json: JSON-schema-compatible contract artifacts.rules/INDEX.md: agent-facing routing index.rules/rules.json: machine-readable rule registry.rules/rust/*.md,rules/typescript/*.md,rules/python/*.md,rules/common/*.md: small rule-family docs for selective loading.adapters/: templates for Codex/MCP wiring, plain Git hooks, Husky, Lefthook, GitHub Actions, CodeQL, dependency policy, secret scan, and SBOM.INSTALL.md: clone/install/validate flow for a fresh machine or fresh Codex.docs/CODEX_SETUP.md: Codex MCP registration, manual config fallback, skill setup, and troubleshooting.docs/COORDINATION.md: generic hub/ledger/mail/worktree coordination model, storage, sync, presence, and safety gates.docs/TARGET_REPO_WIRING.md: how a target repo calls the external enforcer.docs/BOOTSTRAP_PROMPT.md: copy-paste prompt for a future Codex to install and wire the enforcer.docs/INSTALL_REFERENCE_LESSONS.md: install lessons adopted from the codebase-memory-mcp setup pattern and remaining public-packaging gaps.profiles/ocentra-parent.json: migrated Ocentra Parent strict Rust profile.rust-rules.config.json: legacy strict default profile file, still supported.
Migration Model
Generic guards should move into Ocentra Enforcer as reusable, profile-backed checks. Generic coordination, hub mail, exact-file claims, worker/task status, peer sync, and architecture enforcement belong in Ocentra Enforcer. Ocentra Parent should keep product code, product-specific dev server/release packaging, and thin consumer wrappers/config only until Enforcer parity is proven.
For current Ocentra Parent migration:
Add generic guard parity in Ocentra Enforcer.
Keep old repo guards as thin wrappers.
Prove file, crate, workspace, and diff scopes match or exceed old behavior.
Rewire wrappers to call
ocentra-enforcer scan,ocentra-enforcer check, orocentra-enforcer run.Wire CI and hooks to the pack command.
Remove duplicated repo-local guards only after parity is proven.
Remove legacy repo-local hub/ledger tooling only after Enforcer coordination MCP/CLI/API parity is proven with external ledger-root storage.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ocentra/ocentra-enforcer'
If you have feedback or need assistance with the MCP directory API, please join our Discord server