Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

LaunchTrust

БесплатноНе проверен

Compliance & security scan for your app: secrets, exposed files, headers, privacy, AI-disclosure.

GitHubEmbed

Описание

Compliance & security scan for your app: secrets, exposed files, headers, privacy, AI-disclosure.

README

Run a compliance + security scan on your app — without leaving Claude Code.

MCP Transport Hosted

LaunchTrust scans a public URL for the compliance and security gaps that get indie apps rejected or fined — leaked frontend API keys, exposed .env/.git, missing privacy/terms pages, absent security headers, undisclosed AI interactions, tracker/cookie issues — mapped to 39 jurisdictions (EU AI Act, GDPR, US state privacy laws, app-store policies).

It's a remote, hosted MCP server — nothing to install, build, or run. Add the URL and go.

⚖️ Compliance aid, not legal advice. Not a certification of compliance.

Install (Claude Code)

claude mcp add --transport http launchtrust https://mcp.launchtrust.co/mcp

Then ask Claude:

"Scan https://my-app.com for compliance and security issues."

Works in any MCP client that supports remote Streamable HTTP servers (Claude Code, Claude Desktop, …).

What the free scan checks

scan_url runs a focused, high-signal subset of detectors against any public URL — no account needed:

  • 🔑 Leaked frontend API keys / secrets
  • 📂 Exposed .env / .git / config files
  • 🛡️ Security headers (CSP, HSTS, X-Frame-Options, …) + HTTPS/HSTS
  • 📄 Missing privacy / terms pages
  • 🤖 Undisclosed AI interactions
  • 🍪 Trackers / cookie-consent

The result is plain text, unsigned and not stored.

Tools

Free — no account

Tool Description
scan_url Quick compliance + security scan of any public URL.
list_jurisdictions Jurisdictions & categories covered (EU AI Act, GDPR, US states, app stores).
get_compliance_rules Sourced compliance rule snapshots, filterable by jurisdiction.
verify_record Independently verify the ES256 signature on a LaunchTrust signed record.

Account — needs a token

The full version runs all 27 detectors across 39 jurisdictions, stores a signed, dated evidence record, and monitors continuously. Connect with your LaunchTrust token:

claude mcp add --transport http launchtrust https://mcp.launchtrust.co/mcp \
  --header "Authorization: Bearer lt_pat_..."
Tool Description
register_app Register a web app to scan & monitor (idempotent).
scan_app Full 27-detector signed scan of a registered app.
get_scan_history Recent scans for an app.
get_market_report Findings annotated by your target-market jurisdictions.
list_my_apps Your registered apps + latest status.

Get a token at launchtrust.co.

Use in other MCP clients

LaunchTrust is a standard remote (Streamable HTTP) MCP server — it works in any MCP-compatible client, not just Claude Code.

Codex CLI — add to ~/.codex/config.toml:

[mcp_servers.launchtrust]
url = "https://mcp.launchtrust.co/mcp"

Gemini CLI — add to ~/.gemini/settings.json:

{
  "mcpServers": {
    "launchtrust": { "httpUrl": "https://mcp.launchtrust.co/mcp" }
  }
}

Cursor, Windsurf, and others — point them at the remote URL https://mcp.launchtrust.co/mcp (Streamable HTTP).

For the account-gated tools, pass your token as an Authorization: Bearer lt_pat_... header (Claude Code: --header; Codex: http_headers = { Authorization = "Bearer lt_pat_..." }; Gemini: "headers": { "Authorization": "Bearer lt_pat_..." }).

How it works

  • Transport: stateless Streamable HTTP (MCP spec 2025-11-25) at POST /mcp.
  • Privacy: the free scan stores nothing — it fetches your URL, runs detectors, returns findings. Premium scans store a signed record under your account only.
  • Honesty: it never invents findings. Every result traces to what was actually on the page, and it reports mechanical signals (detected / not_detected) — never a verdict of "compliant".

Links

Development

Zero-dependency Cloudflare Worker; a thin client over the LaunchTrust API.

npm install
npm run typecheck
npm run dev        # wrangler dev — POST http://localhost:8787/mcp
npm run deploy     # wrangler deploy (custom domain in wrangler.toml)

LaunchTrust is a compliance aid, not legal advice, and is not a certification of compliance with any law.

from github.com/mustafasalimerek-bit/launchtrust-mcp

Установка LaunchTrust

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/mustafasalimerek-bit/launchtrust-mcp

FAQ

LaunchTrust MCP бесплатный?

Да, LaunchTrust MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для LaunchTrust?

Нет, LaunchTrust работает без API-ключей и переменных окружения.

LaunchTrust — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить LaunchTrust в Claude Desktop, Claude Code или Cursor?

Открой LaunchTrust на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare LaunchTrust with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai