Skip to main content

MCP Integration

Rafter runs as a standard MCP server over stdio, exposing security tools to any MCP-compatible client—Cursor, Windsurf, Claude Desktop, Cline, and others. No API key required. All tools run locally.

Setup

1. Install Rafter CLI

npm install -g @rafter-security/cli

2. Add to Your MCP Client

Add Rafter to your MCP client’s server configuration: 
// ~/Library/Application Support/Claude/claude_desktop_config.json
{
  "mcpServers": {
    "rafter": {
      "command": "rafter",
      "args": ["mcp", "serve"]
    }
  }
}

3. Restart Your Client

Restart the MCP client to load Rafter’s tools. You should see four tools and two resources available.

Tools

Rafter exposes four read-only security tools over MCP.

scan_secrets

Scan files or directories for hardcoded secrets and credentials.
ParameterTypeRequiredDescription
pathstringYesFile or directory path to scan
enginestringNoauto (default), gitleaks, or patterns
Returns an array of scan results with file paths, pattern names, severity levels, and redacted matches. 
[
  {
    "file": "src/config.ts",
    "matches": [
      {
        "pattern": "AWS Access Key",
        "severity": "critical",
        "line": 12,
        "redacted": "AKIA****"
      }
    ]
  }
]

evaluate_command

Evaluate whether a shell command is allowed by Rafter security policy.
ParameterTypeRequiredDescription
commandstringYesShell command to evaluate
Returns whether the command is allowed, its risk level, and whether it requires approval. 
{
  "allowed": false,
  "risk_level": "critical",
  "requires_approval": false,
  "reason": "Matches blocked pattern: rm -rf /"
}

read_audit_log

Read Rafter audit log entries with optional filtering.
ParameterTypeRequiredDescription
limitnumberNoMaximum entries to return (default: 20)
event_typestringNoFilter: command_intercepted, secret_detected, content_sanitized, policy_override
sincestringNoISO 8601 timestamp — only entries after this time

get_config

Read Rafter configuration (full config or a specific key).
ParameterTypeRequiredDescription
keystringNoDot-path config key (e.g. agent.commandPolicy). Omit for full config.

Resources

Two read-only resources expose Rafter’s current state.
URIDescription
rafter://configCurrent Rafter configuration (JSON)
rafter://policyActive security policy — merged .rafter.yml + ~/.rafter/config.json (JSON)

How It Works

The MCP server wraps Rafter’s existing CLI classes:
  • scan_secrets uses RegexScanner (built-in 21+ patterns) with automatic fallback from Gitleaks
  • evaluate_command uses CommandInterceptor with policy-driven risk assessment
  • read_audit_log reads from ~/.rafter/audit.jsonl
  • get_config reads from ~/.rafter/config.json merged with .rafter.yml
All tools are read-only. Configuration changes go through the CLI (rafter agent config set).

Configuration

The MCP server uses the same configuration as all other Rafter commands. Set up your security policy once and it applies everywhere: 
# Initialize Rafter (creates ~/.rafter/config.json)
rafter agent init

# Customize policy
rafter agent config set agent.riskLevel moderate
rafter agent config set agent.commandPolicy.mode approve-dangerous
Or use a .rafter.yml policy file in your project root. See Policy File for details.

Verify Installation

After adding Rafter to your MCP client, test that tools are working:
  1. Ask the agent to scan a directory for secrets
  2. Ask it to evaluate whether rm -rf / is safe
  3. Ask it to show your Rafter configuration
If the agent can call these tools, Rafter is connected.

Compared to Pretool Hooks

MCP ServerPretool Hooks
PlatformAny MCP clientClaude Code only
ModelAgent calls tools explicitlyHooks intercept before every tool call
TrustAgent chooses to use toolsAgent cannot bypass hooks
SetupAdd to MCP configrafter agent init --claude-code
For maximum security on Claude Code, use both: pretool hooks for enforcement + MCP tools for agent-initiated scans. For other platforms, the MCP server is the primary integration path.

What’s Next?

Secret Scanning

21+ secret patterns detected

Policy File

Define per-project security policies

Command Reference

Full CLI reference