MCP Server.
Agent Cert exposes a Model Context Protocol server so any MCP-capable agent can certify decisions without writing a single line of HTTP code. Two transports, nine tools, the same API-key authentication as the REST API.
Security note. The MCP endpoint enforcesX-API-Keyauthentication on every request via an ASGI middleware. Requests without a valid key receiveHTTP 401immediately — no tool can be invoked anonymously. Each tool execution is scoped to the caller's account via a contextvar set during auth.
Endpoints — two transports
Both transports expose the same nine tools behind the same X-API-Key auth. Pick the one your client speaks:
https://api.agentcert.net/mcp # Streamable HTTP — Copilot Studio, modern clients
https://api.agentcert.net/mcp-sse/sse # SSE — Claude Code, Cursor, OpenAI Codex- Streamable HTTP (
/mcp) — the current MCP spec transport. Required by Microsoft Copilot Studio. - SSE (
/mcp-sse/sse) — the older transport, still used by Claude Code, Cursor, and the OpenAI Codex CLI.
Prefer deterministic, in-topic invocation in Power Platform? A Swagger 2.0 connector is published at https://api.agentcert.net/openapi/connector.yaml — see the Copilot Studio guide.
Authentication
Pass your API key as X-API-Key in the SSE connection headers. The middleware:
- Reads
X-API-Keyfrom the incoming SSE request. - Hashes the key and looks up an active row in the
api_keystable. - Rejects with
HTTP 401if the key is missing, unknown, or revoked. - On success, stores
user_idin a contextvar so every tool query is scoped to your account.
Revoking your API key at /settings/api-keysimmediately disconnects any active MCP session using that key.
Tools
certify_decision
Submit an agent execution for evaluation and return a signed Decision Receipt. The MCP equivalent of POST /v1/receipts.
Parameters:
agent_id: string — your stable agent identifierplatform: string — "bedrock" | "copilot" | "openai" | "claude" | etc.user_intent: stringagent_output: stringtools_used: string[]retrieval_summary: string (optional)policy_rules: string[] (optional ad-hoc rules)metadata: object (optional structured fields)
v2 capture fields (all optional, recommended for Article 12 traceability — bound into the receipt's execution_hash when set):
acting_model: string — the model that actually made the decision, e.g.gpt-4o,claude-sonnet-4. Distinct from the Agent Cert evaluator that scores it. Capture this so every receipt records which model produced the output.acting_model_version: string — version/snapshot of that modelparent_receipt_id: string — the upstream receipt this decision was triggered by (builds the provenance chain)permission_snapshot: object — what the agent was allowed to do at decision timememory_context_hash: string — hash (not content) of the memory/context the agent acted on
get_receipt
Fetch a single Decision Receipt by ID.
Parameters: receipt_id: string
verify_receipt
Re-verify a receipt — recomputes hashes, validates the Ed25519 signature, returns the verification result.
Parameters: receipt_id: string
get_anchor_proof
Return the on-chain Solana anchor proof for a receipt — tx signature, explorer URL, network, and the hash-match result.
Parameters: receipt_id: string
list_my_receipts
List your most recent receipts. Admins see all receipts in the system; non-admins see only their own (enforced server-side).
Parameters: limit: integer (default 25)
check_credits
Return your current credit balance.
Parameters: none
generate_audit_report
Generate an EU AI Act Article 12 / ISO 42001 compliance audit report from your receipts — summary stats, embedded verification instructions, and one entry per receipt. Free (read-only). See Compliance. (PDF export is via the REST endpoint POST /v1/reports with format: "pdf".)
Parameters: agent_id (optional), start / end (ISO-8601, optional), limit (default 1000, max 10000).
get_decision_history
Walk the cross-agent chain of custody upstream from a receipt via parent_receipt_id. Returns the ordered chain (target → parent → … → root). Free. See Provenance.
Parameters: receipt_id: string
replay_decision
Reconstruct a decision from its stored record — the original request (user intent, agent output, tools, context) and the evaluation. Owner/admin only (returns decision content). Free.
Parameters: receipt_id: string
Connecting from Copilot Studio
See the full walkthrough at Integrations → Microsoft Copilot Studio. Summary:
- In your Copilot Studio agent, open the Add a tool dialog and choose Model Context Protocol.
- Server URL:
https://api.agentcert.net/mcp(Streamable HTTP — required by Copilot Studio) - Auth: select API key, header name
X-API-Key, value = your Agent Cert key from /welcome. - Copilot Studio auto-discovers all nine tools.
- Enable the agent's generative orchestration (or wire
certify_decisioninto a topic) so meaningful responses generate a receipt.
Connecting from Claude Code / Claude Desktop
Claude clients use the SSE transport:
{
"mcpServers": {
"agent-cert": {
"type": "sse",
"url": "https://api.agentcert.net/mcp-sse/sse",
"headers": {
"X-API-Key": "ait_..."
}
}
}
}The "type": "sse" line is required — it tells the client this is a remote SSE server (not a local stdio command). Claude Code reads this from .mcp.json / ~/.claude/settings.json; Claude Desktop reads it from claude_desktop_config.json.
Connecting from a custom MCP client
Use https://api.agentcert.net/mcp for Streamable HTTP or https://api.agentcert.net/mcp-sse/sse for SSE. Pass the API key in the connection headers. The server speaks the standard MCP wire protocol — no custom extensions.
Troubleshooting
- HTTP 401 on connect — API key missing, malformed, or revoked. Check
X-API-Keyspelling (case-insensitive but the value must match exactly). - Tools missing in client — the SSE handshake completed but tool discovery failed. Check the SSE event stream for protocol errors.
- Insufficient credits during
certify_decision— top up via the CERT bridge (see CERT & credits).