MCP Server
Trestle implements a server for the Model Context Protocol, so AI coding assistants can scan content before writing it to disk. Before producing a file change, the assistant is instructed to call Trestle to scan the proposed content. When a credential is detected, the assistant is directed to address the finding instead of writing the file.
Setup
Run trestle install in the project root. Trestle creates or updates the project's .mcp.json with a server entry that runs trestle mcp, and writes instruction files that describe when AI coding assistants should call the scan tools.
Any MCP-compatible coding assistant that reads .mcp.json loads the server on its next start. To configure Trestle manually, add an entry that runs:
trestle mcpThe server communicates over stdio. No ports, no daemons, and no network access is required.
Tools
The server exposes the following tools. Assistants select the appropriate tool based on whether the content is already on disk.
scan_proposed
Scans content that has not been written to disk. The assistant provides the full post-change file content and the workspace-relative file name the content will be saved as. Trestle scans the content as if it were that file, using the file extension for language detection. This tool is used for every proposed file change.
scan_path
Scans a file or directory that exists on disk. Used before suggesting a commit or after writing changes through other tools.
status
Returns Trestle's version and a short description of the other tools. Used to confirm that Trestle is reachable.
install
Configures Trestle for the current workspace. Equivalent to running trestle install from the command line. The operation is idempotent.
uninstall
Removes the configuration added by install.
Responses
Scan tools return either the findings, formatted for the assistant to read, or a confirmation that no findings were detected. Errors are returned as text that begins with trestle: so that the assistant can recognize them.
The MCP server uses the same scanner, the same rules, and the same exclusions as the command line.
What the MCP server does not do
- The server does not make network calls or share scan content with any third party. The scan runs locally in the same binary the assistant launched.
- The server does not retain scanned content. Findings are returned only in the tool response.
- The server does not decide how the assistant should respond to a finding. Trestle reports what was detected; the assistant follows its own instructions.
The full list of scanner options (including file selection and exclusions) is documented in Command Line. The Configuration File applies to MCP scans as well.