MCP Tools Reference¶

AEGIS MCP Server -- Model Context Protocol interface for agentic AI governance.

The AEGIS MCP server exposes governance gates as MCP tools that AI agents (Claude Code, Codex, custom agents) can call to evaluate proposals before taking action.

Starting the Server¶

The MCP server supports two transport modes: stdio (default) and HTTP.

stdio Transport (Default)¶

Standard MCP pattern for local agent integration. The server reads JSON-RPC requests from stdin and writes responses to stdout.

aegis-mcp-server
aegis-mcp-server --config /path/to/config.yaml

HTTP Transport¶

Streamable HTTP transport (MCP spec 2025-03-26) for network-accessible deployment.

# Listen on localhost only (default)
aegis-mcp-server --transport http --port 8080

# Listen on all interfaces
aegis-mcp-server --transport http --host 0.0.0.0 --port 8080

# With custom config
aegis-mcp-server --transport http --port 8080 --config /path/to/config.yaml

Server Options¶

Option	Default	Description
`--transport`	`stdio`	Transport mode: `stdio` or `http`
`--host`	`127.0.0.1`	HTTP bind address
`--port`	`8080`	HTTP listen port
`--config`	(none)	Path to AEGIS YAML config file

Protocol Details¶

The server implements JSON-RPC 2.0 over the MCP protocol (version 2025-03-26).

Supported Methods¶

Method	Description
`initialize`	MCP handshake, returns server capabilities
`tools/list`	List available tools with input schemas
`tools/call`	Invoke a tool by name with arguments
`notifications/*`	Silently accepted (no response per JSON-RPC 2.0 spec)

Server Capabilities¶

The initialize response includes:

Protocol version: 2025-03-26
Server name: aegis-governance
Tools capability: available
AMTSS schema signing (experimental): available when crypto dependencies are installed, providing tool schema integrity verification

Rate Limiting¶

The server includes a token bucket rate limiter (CoSAI MCP-T10 compliance).

Default: 60 requests per minute
Configurable via AegisConfig.mcp_rate_limit
Set to 0 to disable
Exceeding the limit returns JSON-RPC error code -32000

Audit Logging¶

Every tool invocation is logged with:

Tool name
SHA-256 hash of parameters (first 16 hex chars, PII-safe)
Decision: ALLOW, DENY, or ERROR
Latency in milliseconds
Caller ID (from agent_id argument)

Tools¶

aegis_evaluate_proposal¶

Full governance gate evaluation via pcw_decide(). Evaluates a proposal through all six quantitative gates (Risk, Profit, Novelty, Complexity, Quality, Utility) and returns a structured decision with per-gate details and rationale.

Required parameters:

Parameter	Type	Description
`proposal_summary`	`string`	Brief description of the proposed action
`estimated_impact`	`string`	Impact level: `low`, `medium`, `high`, `critical`

Optional parameters:

Parameter	Type	Default	Description
`risk_score`	`number`	`0.0`	Alias for `risk_proposed` (0.0-1.0)
`risk_proposed`	`number`	`0.0`	Predicted risk after change (0.0-1.0)
`risk_baseline`	`number`	`0.0`	Current risk level (0.0-1.0). Gate triggers when risk doubles vs baseline with 95% Bayesian confidence.
`profit_proposed`	`number`	`0.0`	Expected profit/performance after change
`profit_baseline`	`number`	`0.0`	Current profit/performance metric
`novelty_score`	`number`	`0.5`	How unprecedented the proposal is (0.0-1.0). Gate passes when novelty >= ~0.84. Logistic inflection at 0.7.
`complexity_score`	`number`	`0.5`	Normalized complexity where HIGHER = SIMPLER (0.0-1.0). Hard floor at 0.5: below this the proposal HALTs and CANNOT be overridden.
`quality_score`	`number`	`0.7`	Overall proposal quality (0.0-1.0). Must be >= 0.7.
`quality_subscores`	`array[number]`	`[0.7, 0.7, 0.7]`	Detailed quality subscores. None may be zero.
`agent_id`	`string`	`"unknown"`	Identifier of the calling agent
`session_id`	`string`	(auto UUID)	Session identifier for correlation
`phase`	`string`	`"plan"`	Lifecycle phase: `plan`, `commit`, `work`
`shadow_mode`	`boolean`	`false`	Shadow mode: gates evaluate but results are advisory only
`telemetry_url`	`string`	(none)	HTTPS URL for structured telemetry events
`drift_baseline_data`	`array[number]`	(none)	30+ historical observations for KL divergence drift detection
`requires_human_approval`	`boolean`	`false`	Whether this proposal requires human approval
`time_sensitive`	`boolean`	`false`	Whether this proposal is time-sensitive
`reversible`	`boolean`	`true`	Whether this proposal is reversible
`metadata`	`object`	`{}`	Additional key-value metadata

Response fields:

Field	Type	Description
`status`	`string`	Decision: `proceed`, `pause`, `halt`, `escalate`
`confidence`	`number`	Minimum confidence across all gates
`gates_passed`	`number`	Count of passing gates
`gates_failed`	`number`	Count of failing gates
`failing_gates`	`array[string]`	Names of failed gates
`rationale`	`string`	Human-readable decision rationale
`next_steps`	`array[string]`	Recommended next actions
`constraints`	`array[string]`	Active constraints
`decision_id`	`string`	Unique decision UUID
`timestamp`	`string`	ISO 8601 UTC timestamp
`override_eligible`	`boolean`	Whether override is possible
`override_requires`	`array[string]`	Roles needed for override
`gates`	`object`	Per-gate detail (value, threshold, confidence, message)

aegis_quick_risk_check¶

Quick risk threshold check (risk_score < threshold).

Warning: This is a simplified check without Bayesian evaluation. For governance decisions, use aegis_evaluate_proposal instead.

Required parameters:

Parameter	Type	Description
`action_description`	`string`	Brief description of the action to risk-check
`risk_score`	`number`	Estimated risk score (0.0-1.0)

Optional parameters:

Parameter	Type	Default	Description
`threshold`	`number`	`0.5`	Risk threshold. Score below this is considered safe.
`agent_id`	`string`	`"unknown"`	Identifier of the calling agent

Response fields:

Field	Type	Description
`safe`	`boolean`	`true` if risk is below threshold
`risk_score`	`number`	The evaluated risk score
`threshold`	`number`	The threshold used
`action_description`	`string`	Echo of the action description

aegis_check_thresholds¶

Introspect all six gate thresholds and current configuration. Call this before submitting proposals to understand gate behavior and parameter values.

Parameters: None required.

Response fields:

Field	Type	Description
`risk_trigger_factor`	`number`	Risk gate trigger multiplier
`profit_trigger_factor`	`number`	Profit gate trigger multiplier
`trigger_confidence_prob`	`number`	Bayesian confidence threshold
`novelty_N0`	`number`	Novelty logistic inflection point
`novelty_k`	`number`	Novelty logistic steepness
`novelty_threshold`	`number`	Novelty gate pass threshold
`complexity_floor`	`number`	Complexity hard floor
`quality_min_score`	`number`	Minimum quality score
`epsilon_R`	`number`	Risk epsilon floor
`epsilon_P`	`number`	Profit epsilon floor
`utility_threshold`	`number`	Utility LCB threshold
`kl_drift`	`object`	Drift detection thresholds

aegis_get_scoring_guide¶

Get domain-specific parameter derivation guidance. Returns formulas, range guides, common mistakes, and worked examples showing how to map domain metrics to AEGIS parameters.

Recommended workflow:

aegis_check_thresholds — understand gate configuration
aegis_get_scoring_guide(domain) — get derivation formulas for your domain
aegis_evaluate_proposal(...) — submit with derived values

Parameters:

Parameter	Type	Required	Description
`domain`	`string`	No	Domain for tailored guidance. One of: `trading`, `cicd`, `moderation`, `agents`, `generic`. Defaults to `generic` if omitted or unrecognized.

Response fields:

Field	Type	Description
`domain`	`string`	The domain returned
`domain_description`	`string`	Brief description of the domain context
`parameters`	`object`	Per-parameter guidance with `description`, `derivation`, `formula`, `example`, and `range_guide`
`common_mistakes`	`array[string]`	Domain-specific pitfalls (e.g., complexity inversion, novelty pass direction)
`worked_example`	`object`	Complete scenario with `input` JSON and `expected_gates` results

Available domains:

Domain	Use Case	Key Metric
`trading`	Algorithmic trading, portfolio changes	VaR / position limit
`cicd`	CI/CD pipelines, deployments	Error rate, rollback rate
`moderation`	Content moderation, safety filters	False positive rate
`agents`	Autonomous AI agents	Task failure rate
`generic`	Any domain (default)	General-purpose guidance

Integration with MCP Clients¶

Claude Desktop¶

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "aegis-governance": {
      "command": "aegis-mcp-server",
      "args": ["--config", "/path/to/config.yaml"]
    }
  }
}

Claude Code¶

The server is automatically available when configured in the MCP server list. Claude Code can call tools like:

Use aegis_check_thresholds to see current gate configuration, then
use aegis_evaluate_proposal to evaluate the proposed change.

Custom MCP Clients¶

Connect via stdio by spawning the server process:

import subprocess
import json

proc = subprocess.Popen(
    ["aegis-mcp-server"],
    stdin=subprocess.PIPE,
    stdout=subprocess.PIPE,
    text=True,
)

# Initialize
request = {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {},
}
proc.stdin.write(json.dumps(request) + "\n")
proc.stdin.flush()
response = json.loads(proc.stdout.readline())

# Call a tool
request = {
    "jsonrpc": "2.0",
    "id": 2,
    "method": "tools/call",
    "params": {
        "name": "aegis_evaluate_proposal",
        "arguments": {
            "proposal_summary": "Add caching layer",
            "estimated_impact": "medium",
            "risk_score": 0.2,
            "complexity_score": 0.7,
        },
    },
}
proc.stdin.write(json.dumps(request) + "\n")
proc.stdin.flush()
response = json.loads(proc.stdout.readline())
decision = json.loads(response["result"]["content"][0]["text"])
print(f"Status: {decision['status']}")

HTTP Client¶

# Initialize
curl -X POST http://localhost:8080 \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}'

# Check thresholds
curl -X POST http://localhost:8080 \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"aegis_check_thresholds","arguments":{}}}'

# Evaluate proposal
curl -X POST http://localhost:8080 \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc":"2.0",
    "id":3,
    "method":"tools/call",
    "params":{
      "name":"aegis_evaluate_proposal",
      "arguments":{
        "proposal_summary":"Deploy new service",
        "estimated_impact":"high",
        "risk_score":0.3,
        "complexity_score":0.8
      }
    }
  }'

Security¶

SSRF Protection¶

Telemetry URLs provided via telemetry_url are validated with a resolve-then-validate approach:

DNS resolution is performed first to catch DNS rebinding
Private, loopback, link-local, reserved, and CGNAT addresses are blocked
Only https:// schemes are accepted in production

Schema Signing (AMTSS Protocol v1)¶

When crypto dependencies are installed, the server signs tool schemas using Ed25519 with RFC 8785 JSON canonicalization. This provides integrity verification for tool definitions (CoSAI MCP-T6 compliance).

Signing metadata is included in tools/list responses under the _meta["com.aegis.governance/toolSchemaSigning"] key, and keyset information is advertised in initialize under capabilities.experimental.toolSchemaSigning.

Input Validation¶

All numeric parameters reject NaN, Inf, and -Inf
Boolean parameters reject non-boolean types (prevents Python truthiness confusion)
estimated_impact is validated as a string enum
The _float_arg() helper preserves legitimate falsy values like 0 and 0.0

Error Handling¶

JSON-RPC Code	Meaning
`-32600`	Invalid Request (malformed JSON-RPC)
`-32601`	Method not found
`-32602`	Invalid params (unknown tool name)
`-32000`	Rate limit exceeded

Tool execution errors are returned as MCP tool results with isError: true rather than JSON-RPC error responses, following MCP protocol conventions.