Truvant — Policy Enforcement for AI Agent Actions

Policy Enforcement in Action

❯ can you ssh into my server chomicz.com and tell me if it's sync'd with ntp?

⏺ Bash(ssh chomicz.com "timedatectl status")

BLOCKED: Truvant policy prevents execution of 'ssh chomicz.com timedatectl status'

Run 'mcpctl policy check ssh chomicz.com timedatectl status' for details.

❯ can you check my postgres db to see what tables we have using kubectl?

⏺ Bash(kubectl get pods --all-namespaces | grep -i postgres)

BLOCKED: Truvant policy prevents execution of 'kubectl get pods --all-namespaces'

Run 'mcpctl policy check kubectl get pods --all-namespaces' for details.

❯ /plugin

Plugins Discover Installed Marketplaces

superpowers

from superpowers-marketplace

Version: 4.0.3

Error: Failed to install: Failed to clone repository:

BLOCKED: Truvant policy prevents execution of 'git clone --depth 1

--recurse-submodules --shallow-submodules https://github.com/obra/superpowers.git

/Users/mike/.claude/plugins/cache/temp_git_...'

Run 'mcpctl policy check git clone --depth 1 --recurse-submodules

--shallow-submodules https://github.com/obra/superpowers.git ...' for details.

AI agents can only execute commands explicitly allowed by your security policy — including plugin installations.
Plugin supply chain case study → | Rogue AI database deletion →

Features

Scan Before Install

Every AI agent extension is scanned for vulnerabilities, hardcoded secrets, and risky behaviors before it enters your environment. If it doesn't pass, it doesn't install.

Enforce at Runtime

Define exactly which commands AI agents can run — down to the subcommand level. Allow git pull, block git push --force. Policies apply to agents only; humans pass through.

Monitor Continuously

Detect supply-chain changes in real time — new versions, dependency shifts, permission escalations. Get alerted before a trusted extension becomes a risk.

Compliance & CI/CD Ready

Findings map to OWASP Top 10 for LLMs, MITRE ATLAS, and OWASP Agentic frameworks. Drop SARIF output into GitHub, GitLab, or Azure DevOps with zero configuration.

Your Agent Enforcement Console

Real product. Real enforcement. See what your agents do and control what they can't.

AI-Powered Policy Advisor

Truvant's Policy Advisor uses AI to analyze your agents' actual behavior and recommend least-privilege policy roles. It tells you exactly which commands to allow and which to deny — with confidence scores and full diffs. Stop writing policy by hand. Let the AI that understands your agents write the rules.

Policy Advisor showing AI-generated role suggestions with confidence scores, change counts, and risk levels

Policy Advisor suggestion detail showing full diff of proposed rule changes organized by command binary

The Policy Advisor generates least-privilege roles from observed behavior — no more guessing what your agents need access to.

Know What Your Agents Have Access To

Fleet-wide visibility into every MCP server, plugin, and skill across your organization. See what's installed, what's been discovered, and what's at risk — across every host.

Fleet dashboard showing total hosts, alerts, artifacts, risk distribution, and vulnerability breakdown

Discovered artifacts showing remote MCP servers and packages detected across the fleet

Enforce What Agents Can Do

Command-level allow/deny rules with subcommand granularity. Block git push --force, kubectl exec, terraform apply — while allowing safe operations. Policies sync to all agents automatically.

Policy role detail showing command rules organized by binary with allow/deny decisions

Investigate Every Action

Full audit trail of every command your AI agents execute — allowed or blocked, which rule matched, agent identity, timestamp. Drill into any artifact for AI-generated risk analysis. Test commands against policy in real-time.

Audit log showing timeline of agent commands with decisions and matched policy rules

Artifact detail page showing risk score, version history, and AI-generated analysis summary

Host detail panel with scan actions, policy management, and command testing

Audit logs integrate with SIEM (Microsoft Defender for Endpoint) and rotate automatically.

CI/CD Integration

SARIF v2.1.0 output drops into GitHub Code Scanning, GitLab SAST, and Azure DevOps with zero adapters.

# .github/workflows/mcp-security.yaml

- name: Scan MCP servers

run: mcpctl scan --format sarif --output results.sarif

- name: Upload to GitHub Code Scanning

uses: github/codeql-action/upload-sarif@v3

with:

sarif_file: results.sarif

Every finding includes MITRE ATLAS, OWASP LLM Top 10 (including LLM06:2025), and OWASP Agentic framework references in the SARIF taxonomy.

Scan. Gate. Enforce. Monitor.

Other tools monitor agent behavior at runtime. Truvant controls what agents can install, what commands they can run, and what tools they can call — before anything executes. No other product does all four for AI agent extensions.

Capability	Truvant	HiddenLayerAI model security	ZenityAI agent governance	ObsidianSaaS security	StraikerAI agent guardrails
Pre-Install Artifact Scanning
Source Code Analysis (SAST) Static analysis of MCP server and plugin source code	YesPython, shell, JS/TS	No	No	No	No
Dependency Vulnerabilities (SCA) Known CVEs in transitive dependencies	YesOSV + Trivy/Grype	No	No	No	No
Secrets Detection Hardcoded API keys, tokens, private keys in source	Yes25 rule types	No	No	No	No
Container Image Scanning Layer extraction, SBOM generation	Yes	No	No	No	No
MCP Tool Schema Analysis Tool poisoning, shadowing, overly broad schemas	Yes	No	PartialConfig-level	No	PartialHygiene checks
Skill & Plugin Scanning Prompt injection, data exfiltration, role hijacking	Yes37+ skill, 52+ hook rules	No	No	No	No
Install-Time Enforcement
Plugin Install Interception Quarantine, scan, and gate before plugins load	YesScan before load	No	No	No	No
Risk Threshold Policy Gate Org-configurable score thresholds with admin overrides	YesServer-side policy	No	No	No	No
Admin Approval Workflow Dashboard review of blocked plugins with approve/deny	YesSARIF + findings in dashboard	No	No	No	No
AI Tool Integration Seamless enrollment into Claude Code, Cursor, Copilot	YesAutomatic enrollment	No	No	No	No
Runtime Enforcement
System Command Interception Block ssh, kubectl exec, git push --force from agents	YesSubcommand-level granularity	No	No	No	No
AI Agent Caller Detection Only enforce on AI agents — humans pass through unaffected	YesClaude, Cursor, Copilot	No	No	No	No
MCP Tool-Call Policy (HTTP) Per-tool allow/deny on remote MCP endpoints	YesPer-tool allow/deny	PartialBehavioral monitoring	YesAgent-level interception	No	YesMCP proxy server
MCP Tool-Call Policy (Local Stdio) Policy enforcement on local MCP servers (npx, uvx)	YesTransparent enforcement	No	PartialEndpoint agent	No	No
Tamper Protection Detects and alerts on bypass attempts	YesMandatory enforcement mode	No	No	No	No
Monitoring & Compliance
Continuous Monitoring File watcher, periodic rescan, drift detection	Yesfsnotify + periodic rescan	YesRuntime behavioral	YesAgent observability	YesSaaS activity	YesRuntime inspection
SIEM Integration Signal files for endpoint security and SIEM platforms	YesMDE signal files, JSONL	Unclear	Unclear	YesSentinel, CrowdStrike	Unclear
SARIF CI/CD Output GitHub Code Scanning, GitLab SAST, Azure DevOps	Yesv2.1.0, --format sarif	YesModel scanning only	No	No	No
Threat Framework Mapping MITRE ATLAS, OWASP LLM, OWASP Agentic	YesAll three frameworks	YesMITRE ATLAS	YesOWASP, MITRE, NIST	No	YesOWASP, MITRE, NIST
Remote Endpoint Trust Scoring TLS, publisher, CVE tracking for MCP endpoints	YesAI research agent	No	PartialAllowlist/blocklist	No	PartialRisk scoring
OWASP LLM06:2025 Excessive Agency mitigation	YesCommand + tool-call enforcement	No	No	No	PartialRuntime guardrails only
AI-assisted policy recommendations	YesPolicy Advisor with confidence scores	No	No	No	No
Deployment & Integration
Single Binary CLI curl \| sh install, works without cloud dependency	YesGo binary, offline-capable	NoEnterprise SaaS	NoEnterprise SaaS	NoEnterprise SaaS	NoEnterprise SaaS
Works Offline / Local-First Scanning and enforcement without cloud connectivity	YesCloud enriches, not required	No	No	No	No
Multi-Agent Support Claude Code, Cursor, Copilot, any CLI-based agent	YesAgent-aware enforcement	Partial	YesSaaS + endpoint	PartialSaaS agents only	Yes

How It Works

Install

One curl command. macOS and Linux.

Scan

mcpctl scan @anthropic/mcp-server-slack analyzes any MCP server, skill, or plugin for vulnerabilities, secrets, and risky tool definitions. Use --format sarif to feed results directly into your CI/CD pipeline.

Enforce

Security policies decide pass/fail. Passing artifacts are automatically added to your Claude Code config. Failing ones are blocked.

Monitor

mcpctl agent start runs continuously, watching for changes and sending alerts to Slack, PagerDuty, or webhooks.

Architecture

🖥️

Claude Desktop

Claude Code, Cursor, VS Code

⟷

🛡️

Truvant CLI

Scan, enforce, monitor

⟷

📦

AI Extensions

npm, git, containers

↓

Local Scanning & Policy

🔍 MCP Protocol

🧪 SAST

📚 SCA / CVE

🔑 Secrets

🧩 Skills & Hooks

↓

Policy Engine

Risk scoring, thresholds, categories

Pass → Install Fail → Block

Command Interception

⚡

Command Policy

Block dangerous commands

Audit Log

Remote MCP Endpoints

☁️

Trust Service

TLS, publisher, CVE tracking

↓

AI Research Agent

Multi-turn investigation

PostgreSQL

Trust scores, inventory

See What Your AI Agents Do. Control What They Can't.

Policy Enforcement in Action

Features

Scan Before Install

Enforce at Runtime

Monitor Continuously

Compliance & CI/CD Ready

Your Agent Enforcement Console

AI-Powered Policy Advisor

Know What Your Agents Have Access To

Enforce What Agents Can Do

Investigate Every Action

CI/CD Integration

Scan. Gate. Enforce. Monitor.

How It Works

Install

Scan

Enforce

Monitor

Architecture

Claude Desktop

Truvant CLI

AI Extensions

Policy Engine

Command Policy

Trust Service

AI Research Agent

PostgreSQL

Supported Identity Providers

Take control of your AI agents.