Add integrations: GitHub Action, pre-commit, Claude Code hook

Three adoption paths for the attestation + policy engine:

- action.yml: composite GitHub Action that attests on PR, signs with
  GitHub OIDC keyless sigstore, posts the policy report to the job
  summary, and fails the job when the policy blocks
- .pre-commit-hooks.yaml + integrations.pre_commit: refuses commits to
  MCP config files when the repo policy blocks
- integrations.claude_code_hook: PreToolUse JSON hook for Claude Code
  that denies tool calls absent from the current attestation or
  exceeding the B4 privilege threshold
- New entry points: mcp-gov-pre-commit, mcp-gov-hook

54/54 tests green, coverage 81%, mypy strict + ruff clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: linus131313

.pre-commit-hooks.yaml

@@ -0,0 +1,10 @@
+- id: mcp-governance-check
+  name: MCP governance policy check
+  description: >-
+    Refuse the commit if the MCP configuration violates the active
+    policy. See github.com/linus131313/mcp-governance-kit.
+  entry: mcp-gov-pre-commit
+  language: python
+  additional_dependencies: ["mcp-governance-kit"]
+  files: '(\.mcp\.json|claude_desktop_config\.json|\.cursor/mcp\.json)$'
+  pass_filenames: true

action.yml

@@ -0,0 +1,101 @@
+name: "MCP Governance Check"
+description: "Attest your MCP configuration and enforce a policy on every PR."
+branding:
+  icon: "shield"
+  color: "blue"
+
+inputs:
+  config-path:
+    description: "Path to the MCP config file (e.g. .mcp.json)."
+    required: true
+    default: ".mcp.json"
+  policy-path:
+    description: "Path to a policy YAML file."
+    required: true
+    default: "policies/default.yaml"
+  host-id:
+    description: "Stable host identifier recorded in the attestation."
+    required: false
+    default: "${{ github.repository }}"
+  fail-on-warn:
+    description: "If 'true', WARN results also fail the job."
+    required: false
+    default: "false"
+  sign:
+    description: "Sign the attestation with sigstore keyless (GitHub OIDC)."
+    required: false
+    default: "true"
+
+outputs:
+  attestation-path:
+    description: "Path to the produced attestation JSON."
+    value: ${{ steps.run.outputs.attestation-path }}
+  tcs:
+    description: "Tool Graph Capability Score of the attestation."
+    value: ${{ steps.run.outputs.tcs }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install mcp-governance-kit
+      shell: bash
+      run: |
+        python -m pip install --upgrade pip
+        if [[ "${{ inputs.sign }}" == "true" ]]; then
+          pip install "mcp-governance-kit[sign]"
+        else
+          pip install mcp-governance-kit
+        fi
+
+    - name: Attest and check
+      id: run
+      shell: bash
+      env:
+        FAIL_ON_WARN: ${{ inputs.fail-on-warn }}
+      run: |
+        set -euo pipefail
+        ATTEST_PATH="${RUNNER_TEMP}/attestation.json"
+        SIGN_FLAG=""
+        if [[ "${{ inputs.sign }}" == "true" ]]; then
+          SIGN_FLAG="--sign"
+        fi
+        mcp-gov attest "${{ inputs.config-path }}" \
+          --host-id "${{ inputs.host-id }}" \
+          --out "$ATTEST_PATH" \
+          $SIGN_FLAG
+        TCS_VALUE=$(python -c "import json; print(json.load(open('$ATTEST_PATH'))['tcs']['value'])")
+        echo "attestation-path=$ATTEST_PATH" >> "$GITHUB_OUTPUT"
+        echo "tcs=$TCS_VALUE" >> "$GITHUB_OUTPUT"
+
+        set +e
+        REPORT=$(mcp-gov check "$ATTEST_PATH" --policy "${{ inputs.policy-path }}")
+        RC=$?
+        set -e
+        echo "$REPORT"
+        {
+          echo "## MCP Governance Report"
+          echo
+          echo "**TCS:** $TCS_VALUE"
+          echo
+          echo '```json'
+          echo "$REPORT"
+          echo '```'
+        } >> "$GITHUB_STEP_SUMMARY"
+
+        if [[ "$RC" -ne 0 ]]; then
+          echo "::error::policy evaluation BLOCKED"
+          exit 1
+        fi
+        if [[ "$FAIL_ON_WARN" == "true" ]]; then
+          if echo "$REPORT" | python -c "import sys, json; r=json.load(sys.stdin); sys.exit(0 if r['warnings']==0 else 1)"; then
+            exit 0
+          else
+            echo "::error::policy evaluation produced warnings (fail-on-warn=true)"
+            exit 1
+          fi
+        fi

pyproject.toml

@@ -71,6 +71,8 @@ Paper = "https://github.com/linus131313/mcp-governance-kit/blob/main/paper/gover
 
 [project.scripts]
 mcp-gov = "mcp_governance_kit.cli:app"
+mcp-gov-pre-commit = "mcp_governance_kit.integrations.pre_commit:main"
+mcp-gov-hook = "mcp_governance_kit.integrations.claude_code_hook:main"
 
 [tool.hatch.version]
 source = "vcs"

src/mcp_governance_kit/integrations/__init__.py

@@ -0,0 +1,3 @@
+"""Integrations: GitHub Action (composite), pre-commit hook, Claude Code hook."""
+
+from __future__ import annotations

src/mcp_governance_kit/integrations/claude_code_hook.py

@@ -0,0 +1,100 @@
+"""Claude Code ``PreToolUse`` hook.
+
+Installed as a JSON-based hook in ``~/.claude/settings.json``, this
+script reads the pending tool-use event from stdin, looks up the tool
+in the current attestation for the workspace, and permits or denies
+the call based on the active policy.
+
+Hook wire format (PreToolUse):
+
+    {
+      "tool_name": "<string>",
+      "tool_input": {...},
+      "session_id": "<string>",
+      "transcript_path": "<path>",
+      "cwd": "<path>"
+    }
+
+The hook writes a JSON response to stdout with a ``decision`` field
+("allow" | "deny") and a short reason. A non-zero exit code converts to
+a denial with Claude Code's default behaviour.
+"""
+
+from __future__ import annotations
+
+import json
+import sys
+from pathlib import Path
+
+from mcp_governance_kit.attest import Attestation
+from mcp_governance_kit.breakpoints import Severity, b4_privilege
+from mcp_governance_kit.policy import Policy
+
+
+def _load_context(cwd: Path) -> tuple[Attestation | None, Policy | None]:
+    att_path = cwd / ".mcp-governance" / "attestation.json"
+    policy_path = cwd / ".mcp-governance" / "policy.yaml"
+    attestation = (
+        Attestation.model_validate_json(att_path.read_text(encoding="utf-8"))
+        if att_path.exists()
+        else None
+    )
+    policy = Policy.load(policy_path) if policy_path.exists() else None
+    return attestation, policy
+
+
+def main() -> int:
+    try:
+        event = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        print(json.dumps({"decision": "allow", "reason": "no event"}))
+        return 0
+
+    cwd = Path(event.get("cwd") or ".")
+    attestation, policy = _load_context(cwd)
+    tool_name = event.get("tool_name", "")
+
+    if attestation is None or policy is None:
+        print(json.dumps({"decision": "allow", "reason": "no attestation in workspace"}))
+        return 0
+
+    bound = {t.name for t in attestation.tools}
+    if tool_name and tool_name not in bound and tool_name.split("__")[-1] not in bound:
+        print(
+            json.dumps(
+                {
+                    "decision": "deny",
+                    "reason": (
+                        f"tool '{tool_name}' not present in current attestation "
+                        f"({attestation.attestation_id}); re-attest with mcp-gov attest"
+                    ),
+                }
+            )
+        )
+        return 2
+
+    # Re-run the privilege check with the attestation's stored TCS value.
+    priv = b4_privilege(
+        attestation,
+        max_tcs=policy.max_tcs,
+        warn_tcs=policy.warn_tcs,
+        require_approval_for_execute=policy.require_approval_for_execute,
+        execute_approved=policy.execute_approved,
+    )
+    if priv.severity is Severity.BLOCK:
+        print(
+            json.dumps(
+                {
+                    "decision": "deny",
+                    "reason": f"B4 blocked: {priv.summary}",
+                }
+            )
+        )
+        return 2
+
+    print(json.dumps({"decision": "allow", "reason": "within policy"}))
+    return 0
+
+
+if __name__ == "__main__":  # pragma: no cover
+    sys.exit(main())

src/mcp_governance_kit/integrations/pre_commit.py

@@ -0,0 +1,68 @@
+"""Pre-commit hook entry point.
+
+Runs :func:`build_attestation` on each changed MCP config file and
+evaluates the project's policy. Returns a non-zero exit code when any
+check blocks, so the commit is refused.
+"""
+
+from __future__ import annotations
+
+import os
+import sys
+from pathlib import Path
+
+from mcp_governance_kit.attest import build_attestation
+from mcp_governance_kit.policy import Policy, evaluate
+
+
+def _find_policy(repo_root: Path) -> Path | None:
+    override = os.environ.get("MCP_GOV_POLICY")
+    if override:
+        return Path(override)
+    for candidate in (
+        repo_root / "policies" / "default.yaml",
+        repo_root / ".mcp-governance.yaml",
+    ):
+        if candidate.exists():
+            return candidate
+    return None
+
+
+def main(argv: list[str] | None = None) -> int:
+    files = [Path(a) for a in (argv or sys.argv[1:]) if a]
+    if not files:
+        return 0
+
+    repo_root = Path.cwd()
+    policy_path = _find_policy(repo_root)
+    if policy_path is None:
+        print(
+            "[mcp-gov] no policy found (looked for policies/default.yaml, "
+            ".mcp-governance.yaml). Skipping check.",
+            file=sys.stderr,
+        )
+        return 0
+
+    policy = Policy.load(policy_path)
+    exit_code = 0
+    for path in files:
+        try:
+            att = build_attestation(path, host_id=os.environ.get("USER", "local"))
+        except Exception as exc:  # pragma: no cover - user-facing
+            print(f"[mcp-gov] failed to parse {path}: {exc}", file=sys.stderr)
+            exit_code = 2
+            continue
+        report = evaluate(att, policy)
+        status = "BLOCK" if report.blocked else ("WARN" if report.warnings else "OK")
+        print(f"[mcp-gov] {path}: {status} tcs={att.tcs.value}")
+        if report.blocked:
+            for r in report.results:
+                if r.severity.value == "block":
+                    print(f"  - {r.check_id} {r.title}: {r.summary}")
+            exit_code = 1
+
+    return exit_code
+
+
+if __name__ == "__main__":  # pragma: no cover
+    sys.exit(main())

tests/unit/test_integrations.py

@@ -0,0 +1,65 @@
+"""Integration hooks — pre-commit and Claude Code."""
+
+from __future__ import annotations
+
+import io
+import json
+from pathlib import Path
+
+import pytest
+
+from mcp_governance_kit.integrations.claude_code_hook import main as hook_main
+from mcp_governance_kit.integrations.pre_commit import main as pre_commit_main
+
+ROOT = Path(__file__).resolve().parent.parent.parent
+EXAMPLES = ROOT / "examples"
+POLICIES = ROOT / "policies"
+
+
+def test_pre_commit_pass_on_c3(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> None:
+    workspace = tmp_path / "repo"
+    (workspace / "policies").mkdir(parents=True)
+    (workspace / "policies" / "default.yaml").write_text(
+        (POLICIES / "developer.yaml").read_text(encoding="utf-8"),
+        encoding="utf-8",
+    )
+    mcp_json = workspace / ".mcp.json"
+    mcp_json.write_text(
+        (EXAMPLES / "c3-developer.mcp.json").read_text(encoding="utf-8"),
+        encoding="utf-8",
+    )
+    monkeypatch.chdir(workspace)
+    rc = pre_commit_main([str(mcp_json)])
+    assert rc == 0
+
+
+def test_pre_commit_blocks_full_stack_under_default(
+    tmp_path: Path, monkeypatch: pytest.MonkeyPatch
+) -> None:
+    workspace = tmp_path / "repo"
+    (workspace / "policies").mkdir(parents=True)
+    (workspace / "policies" / "default.yaml").write_text(
+        (POLICIES / "default.yaml").read_text(encoding="utf-8"),
+        encoding="utf-8",
+    )
+    mcp_json = workspace / ".mcp.json"
+    mcp_json.write_text(
+        (EXAMPLES / "c4-full-stack.mcp.json").read_text(encoding="utf-8"),
+        encoding="utf-8",
+    )
+    monkeypatch.chdir(workspace)
+    rc = pre_commit_main([str(mcp_json)])
+    assert rc == 1
+
+
+def test_claude_code_hook_allows_when_no_workspace_context(
+    tmp_path: Path,
+    monkeypatch: pytest.MonkeyPatch,
+    capsys: pytest.CaptureFixture[str],
+) -> None:
+    event = {"tool_name": "list_issues", "cwd": str(tmp_path)}
+    monkeypatch.setattr("sys.stdin", io.StringIO(json.dumps(event)))
+    rc = hook_main()
+    assert rc == 0
+    out = capsys.readouterr().out
+    assert json.loads(out)["decision"] == "allow"