MCP Server Integration

Integrate Aguardic with Model Context Protocol compatible AI agents.

Overview

Aguardic exposes an MCP server that AI agents can call for policy evaluation. The MCP endpoint provides an evaluate tool that agents invoke via the standard Model Context Protocol. When your agent calls the tool, Aguardic evaluates the content against bound policies and returns an outcome -- all within the MCP tool response.

This lets MCP-compatible agents govern their own actions without custom integration code.

Setup

Create an MCP Server integration

Navigate to Integrations in the Aguardic dashboard, click Add Integration, and select MCP Server. Give it a name and copy the API key.

API keys are shown only once. Store it securely. If you lose it, revoke it and create a new one.

Bind policies

Go to Policy Bindings and bind your governance policies to the MCP Server integration. The evaluate tool will check content against all bound policies.

Configure your MCP client

Point your MCP client at the Aguardic MCP endpoint with your API key.

Endpoint

POST https://api.aguardic.com/v1/mcp

Authenticated via Bearer token in the Authorization header. This is a stateless Streamable HTTP transport -- each request is independent with no server-side session tracking.

Configuration

Add Aguardic as an MCP server in your agent or editor. Select your platform below for the correct configuration format.

Claude Code

Claude Code supports HTTP transport natively. Run this command:

claude mcp add --transport http aguardic https://api.aguardic.com/v1/mcp \
  --header "Authorization: Bearer YOUR_API_KEY"

Claude Desktop

Claude Desktop does not support Streamable HTTP directly. Use mcp-remote as a stdio proxy. Add this to your claude_desktop_config.json:

{
  "mcpServers": {
    "aguardic": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://api.aguardic.com/v1/mcp",
        "--header",
        "Authorization: Bearer YOUR_API_KEY"
      ]
    }
  }
}

Requires Node.js installed. mcp-remote is installed automatically via npx on first run.

Cursor / Windsurf / VS Code

For editors with native MCP support, add to your project or global MCP config:

{
  "mcpServers": {
    "aguardic": {
      "url": "https://api.aguardic.com/v1/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

Config file locations: .cursor/mcp.json (Cursor), .windsurf/mcp.json (Windsurf), .vscode/mcp.json (VS Code).

ChatGPT

ChatGPT supports MCP via Developer Mode connectors. Your endpoint must be publicly reachable over HTTPS.

Enable Developer Mode: Settings → Apps & Connectors → Advanced → Developer Mode
Click Connectors → Create
Set the Connector URL to https://api.aguardic.com/v1/mcp

For local development, expose the endpoint via ngrok or Cloudflare Tunnel, then use the public HTTPS URL as the connector URL.

Other MCP Clients

For any MCP client that supports Streamable HTTP transport:

{
  "mcpServers": {
    "aguardic": {
      "url": "https://api.aguardic.com/v1/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

If your client only supports stdio transport, use mcp-remote as a proxy (see the Claude Desktop example above).

Recommended Agent Prompt

Add this to your agent's system prompt or rules file (e.g., CLAUDE.md, .cursorrules, .windsurfrules) so it knows when and how to call the evaluate tool:

## Governance Policy
 
You have access to an `evaluate` tool via the Aguardic MCP server. You MUST call
this tool BEFORE performing any action that could have side effects, including but
not limited to:
 
- Writing, modifying, or deleting files
- Sending emails or messages
- Making API calls to external services
- Executing shell commands
- Accessing or modifying databases
- Sharing or exporting data
 
When calling `evaluate`, provide:
- `input`: An object describing the action you are about to take. Include all
  relevant details (tool name, arguments, content, recipients, etc.)
- `targetKey`: The name of the action (e.g., "write_file", "send_email")
- `targetType`: The category of action (e.g., "file", "email", "api_call")
 
After receiving the evaluation result:
- If `outcome` is "ALLOW": Proceed with the action.
- If `outcome` is "FLAG": Proceed but inform the user of the policy warning.
- If `outcome` is "DENY": Do NOT perform the action. Explain to the user which
  policy was violated and why the action was blocked.
- If `enforcementAction` is "APPROVAL_REQUIRED": Inform the user that the action
  requires human approval and provide the review details.
 
Never skip evaluation to "save time" or because you believe the action is safe.
All actions must be evaluated against organizational policies.

Customize this prompt to match your use case — add or remove action categories, adjust the tone, or reference specific policies.

Available Tools

The MCP server exposes a single evaluate tool with the following parameters:

Field	Type	Description
`input`required	`object`	The content to evaluate. Keys and values depend on your use case.
`targetKey`	`string`	Identifier for the target being evaluated (e.g., `"send_email"`, `"write_file"`).
`targetType`	`string`	Type of target (e.g., `"email"`, `"document"`, `"chat"`).
`correlationId`	`string`	Correlation ID for request tracing.
`sessionId`	`string`	Session ID to track multi-step evaluation chains.

Dynamic Tool Description

The evaluate tool description is dynamically generated based on your bound policies. When an agent discovers the tool, it sees which policies are active, their enforcement modes, and their rules. This helps the agent understand what governance constraints apply before making tool calls.

You can preview exactly what the agent sees from the Policy Context card on your MCP integration's setup page. It shows:

Active Policies — each bound policy with its enforcement mode and rule severities
Raw Tool Description — the full text the LLM receives when it discovers the evaluate tool

If an agent isn't evaluating certain actions, check the Policy Context preview — the tool description may not include the policies you expect. Make sure they are bound to this integration.

Tool Response

The evaluate tool returns a JSON object in the tool result:

{
  "outcome": "DENY",
  "enforcementAction": "BLOCK",
  "evaluationRunId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "reviewRequestId": null,
  "pollUrl": null,
  "sessionId": null,
  "violations": [
    {
      "id": "f1e2d3c4-b5a6-7890-abcd-ef1234567890",
      "ruleId": "rule-1",
      "ruleName": "PII Detection",
      "severity": "HIGH",
      "resolvedAction": "BLOCK",
      "explanation": "Content contains social security reference",
      "field": "content",
      "snippet": "send your SSN"
    }
  ]
}

Outcomes:

ALLOW -- No violations. The agent can proceed.
FLAG -- Violations found but enforcement allows continuation. The agent should log the warning.
DENY -- Violations found. The agent must not execute the action.

When enforcementAction is APPROVAL_REQUIRED, the response includes a reviewRequestId and pollUrl for checking review status.

Example: Agent Tool Call

An MCP-compatible agent calling the evaluate tool before sending an email:

{
  "method": "tools/call",
  "params": {
    "name": "evaluate",
    "arguments": {
      "input": {
        "tool": "send_email",
        "to": "customer@example.com",
        "subject": "Account Details",
        "body": "Your account number is 1234567890"
      },
      "targetKey": "send_email",
      "targetType": "email"
    }
  }
}

The agent receives the evaluation result and decides whether to proceed based on the outcome.

Next Steps

Agent Integration -- Govern agent actions with the evaluate endpoint directly
REST API -- Use the evaluate API for non-MCP integrations
Evaluation Sessions -- Track multi-step agent workflows

Agent REST API