Esrp Oss Mcp Test

Discover and validate Microsoft-trusted open-source packages before they enter your release or agent dependency graph.

Overview

ESRP OSS MCP Server is a MCP server for the Ship phase that exposes tools to discover and validate trusted Microsoft OSS packages for release and supply-chain checks.

What is this MCP server?

Tools to discover and validate trusted Microsoft OSS packages through MCP
Hosted streamable-http remote with ppe and prod environment choices
Local stdio packages on npm, PyPI, NuGet, and OCI docker image
Catalog version 26.527.121158 with multiple integration package versions listed
Remote environments: ppe and prod (default ppe)
4+ distribution paths: npm, PyPI, NuGet, OCI docker stdio

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You cannot manually vet every transitive OSS package before ship, and one bad dependency can tank compliance or customer trust.

Who is it for?

Builders on Microsoft release or ESRP-style pipelines who need agent-assisted OSS trust checks before publishing.

Skip if: General vulnerability scanning of arbitrary repos with no Microsoft OSS trust workflow, or production use without understanding ppe vs prod hosted endpoints.

What do I get? / Deliverables

Your agent can query validation and discovery tools so trusted-package decisions are documented in the same session as your release prep.

Agent-callable OSS discovery and validation tool results
Documented trust checks aligned to Microsoft OSS package policies
Configured remote or local ESRP MCP integration for CI or editor agents

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Supply-chain checks belong in Ship when you harden what goes out the door, not only when you first add a library. Security is the right shelf for OSS trust validation and release-gate tooling exposed via MCP.

How it compares

Trusted OSS discovery MCP for Microsoft pipelines, not a standalone Snyk-style skill or generic npm audit wrapper.

Common Questions / FAQ

Who is ESRP OSS MCP Server for?

Developers and release owners who publish Microsoft-ecosystem OSS and want MCP-driven discovery and validation of trusted packages.

When should I use ESRP OSS MCP Server?

Use it in Ship security when finalizing dependencies, validating packages for release, or automating trust checks in an agent workflow.

How do I add ESRP OSS MCP Server to my agent?

Add the streamable-http remote URL with your env variable (ppe or prod), or install the npm, PyPI, NuGet, or OCI stdio package and register it in your MCP client.

Esrp Oss Mcp Test

Discover and validate Microsoft-trusted open-source packages before they enter your release or agent dependency graph.

Overview

ESRP OSS MCP Server is a MCP server for the Ship phase that exposes tools to discover and validate trusted Microsoft OSS packages for release and supply-chain checks.

What is this MCP server?

Tools to discover and validate trusted Microsoft OSS packages through MCP
Hosted streamable-http remote with ppe and prod environment choices
Local stdio packages on npm, PyPI, NuGet, and OCI docker image
Catalog version 26.527.121158 with multiple integration package versions listed
Remote environments: ppe and prod (default ppe)
4+ distribution paths: npm, PyPI, NuGet, OCI docker stdio

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You cannot manually vet every transitive OSS package before ship, and one bad dependency can tank compliance or customer trust.

Who is it for?

Builders on Microsoft release or ESRP-style pipelines who need agent-assisted OSS trust checks before publishing.

Skip if: General vulnerability scanning of arbitrary repos with no Microsoft OSS trust workflow, or production use without understanding ppe vs prod hosted endpoints.

What do I get? / Deliverables

Your agent can query validation and discovery tools so trusted-package decisions are documented in the same session as your release prep.

Agent-callable OSS discovery and validation tool results
Documented trust checks aligned to Microsoft OSS package policies
Configured remote or local ESRP MCP integration for CI or editor agents

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Trusted OSS discovery MCP for Microsoft pipelines, not a standalone Snyk-style skill or generic npm audit wrapper.

Common Questions / FAQ

Who is ESRP OSS MCP Server for?

Developers and release owners who publish Microsoft-ecosystem OSS and want MCP-driven discovery and validation of trusted packages.

When should I use ESRP OSS MCP Server?

Use it in Ship security when finalizing dependencies, validating packages for release, or automating trust checks in an agent workflow.

How do I add ESRP OSS MCP Server to my agent?

Add the streamable-http remote URL with your env variable (ppe or prod), or install the npm, PyPI, NuGet, or OCI stdio package and register it in your MCP client.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is ESRP OSS MCP Server for?

When should I use ESRP OSS MCP Server?

How do I add ESRP OSS MCP Server to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is ESRP OSS MCP Server for?

When should I use ESRP OSS MCP Server?

How do I add ESRP OSS MCP Server to my agent?