evidra

Evidra is an MCP server that sits between AI agents and your infrastructure, enforcing policy-driven safety before destructive or high-risk actions are allowed to proceed. It exposes a validate tool that the agent uses to map a tool invocation (such as kubectl, terraform, or argocd) to an intent (destructive vs. read-only) and then evaluates that intent against a versioned OPA policy bundle. If the action is deemed safe, the operation can proceed; otherwise it is denied and an evidence record is written to the hash-linked log. Agents should always call Evidra’s validate step before executing potentially destructive commands. In practice, you can run Evidra locally or in CI using the hosted MCP server and then direct your agent prompts to the Evidra endpoint for policy evaluation. The server supports multiple protection levels (ops, baseline, and planned devsec), with the default ensuring destructive actions are blocked unless explicitly allowed by policy.

To use Evidra with your tooling, configure your MCP client to target the Evidra MCP server, call the validate tool with the appropriate tool, operation, and payload, and then act on the allow/deny decision returned by Evidra along with any risk level, rule IDs, or hints. The decision is recorded in the Evidra evidence chain, providing traceability for audits and CI pipelines.

Prerequisites:

• Docker installed on the host where you will run Evidra (Docker Desktop on Windows or macOS, or a Linux host with systemd or your preferred init).
• Access to pull the Evidra image (public or private registry).
• Optional: a path for persistent logs/evidence if you want to store evidence locally.

1. Install Docker

• macOS / Windows: install Docker Desktop from https://www.docker.com/products/docker-desktop
• Linux: follow your distribution’s instructions, e.g. sudo apt-get install docker.io

2. Pull and run Evidra in Docker

• Ensure you have network access to pull the image from the registry.
• Start the container (adjust as needed for your environment, e.g., mounting volumes for logs or configuring environment variables):

docker pull vitas/evidra:latest

docker run -d --name evidra-mcp -i
-e EVIDRA_CONFIG_PATH=/etc/evidra/config
-e EVIDRA_LOG_LEVEL=info
vitas/evidra:latest

3. Verify the server is running

• Check container status: docker ps
• Look at logs: docker logs evidra-mcp

4. Configure MCP client to use Evidra

• Point your MCP client to the Evidra server endpoint (as documented in your deployment, e.g., https://<host>/mcp) and use the validate tool when issuing destructive commands.

Tips and common considerations:

• If running in CI, you can use Evidra in a CI-only mode by invoking the same validate step without requiring an actual destructive execution. This preserves the hash-linked evidence chain for auditing.
• Ensure your policy bundles (ops-v0.1, baseline-v0.1, etc.) are versioned and accessible by the Evidra deployment. You may pin a specific bundle path in your EVIDRA_CONFIG_PATH or container startup to guarantee deterministic behavior.
• If you encounter permission or access-denied issues, verify that the MCP client has the correct tool mappings to the Evidra policy bundle and that the target namespace or scope is provided when required by the policy.
• For debugging, enable a verbose log level (EVIDRA_LOG_LEVEL=debug) and inspect the evidence log at ~/.evidra/evidence if you mount a host volume for persistence.