Home›Developers overview

For AI engineering teams

Ship governance
in an afternoon.

REST plus MCP 2025-06, with SDK preview access for early teams. Typed errors, idempotency on writes, stable request ids, and a policy engine that lives in your workflow, not in a separate approval queue.

Start a free trial Browse MCP methods

Quickstart

From install to your first assessed call

Preview SDK access is available for early teams. Decision returns typed findings, a signed evidence pack id, and an RFC 7807 problem document on failure.

quickstart.tspolicy.regoassess.mcpfinding.schema.json

// Step 1, install
pnpm add @korasafe/sdk
// Step 2, import
import { KoraSafe^™, assertHighRisk } from "@korasafe/sdk";

const ks = new KoraSafe^™({ tenant: "acme", policy: "finance.hiring.v3" });

// Step 3, assess an agent
const decision = await ks.assess({
  agent: "hiring-copilot-v4",
  surfaces: ["mcp", "ci", "chrome"],
  inputs: { resume, role },
  evidence: true,
});

assertHighRisk(decision); // throws w/ RFC 7807 problem+json
return decision.findings;   // typed Finding[], signed evidence_pack_id

Auth

Two paths in, one audit trail out

Bearer keys for server calls. Short-lived OAuth tokens for user and agent sessions. Every request carries a tenant, a caller identity, and a scope, and every decision logs all three.

Server-to-server

API keys

ks_live_ and ks_test_ keys scoped per tenant
mTLS available on dedicated plans
Rotate from console or API, no downtime
Scopes: read, write, dispatch, evidence, admin
Per-key and per-tenant rate pools

Agent and user sessions

OAuth 2.1 with PKCE

Short-lived access tokens, 15 minute default
Refresh tokens bound to device and IP class
On-behalf-of flow for agent-calling-agent over MCP
SSO via SAML 2.0, OIDC, SCIM provisioning
Step-up auth on T4 autonomy and admin routes

headers.http

# Server call with API key
Authorization: Bearer ks_live_9f3ac2b7...
Idempotency-Key: 01HXY2...
X-Tenant: acme

# Agent session, OAuth 2.1, 15 minute TTL
Authorization: Bearer eyJhbGciOi...
X-Actor: agent:hiring-copilot-v4
X-Scope: assess.create,evidence.verify

Every integration path your stack uses

Ship governed AI in your language and tools

MCP gateway

Model Context Protocol, governance-native

mcp://korasafe.ai, JSON-RPC 2.0

Plug governance straight into your MCP network. Every agent-to-agent call carries an identity, a policy decision, and an audit entry, with no wrapper code in the way. Spec-complete on MCP 2025-06 and works with Cursor, Cline, custom agents, and any in-house MCP client.

REST

OpenAPI 3.1 with typed errors

p50 38ms, 8k rps, 500ms timeout

Stable request ids (req_xxx). Idempotency-Key header on writes. RFC 7807 problem-details on every non-2xx. Bucketed rate limits published per route. Typed errors your code can branch on.

SDKs, preview

Node preview, with more languages after Preview

Typed clients are in preview for early teams. Node comes first, with additional language SDKs planned after Preview.

CLI

kora, pipe-friendly

brew, apt, scoop

Registry CRUD, assess, simulate policy, apply pack, export evidence, tail audit. JSON or human output. Works with jq and fzf.

CI, marketplace

GitHub Actions and GitLab pipelines

Signed evidence on release

Fail builds on unapproved model refs. Annotate PRs with risk tier changes. Attach signed evidence packs to releases.

Editor and Chrome

Inline assessments where your team works

VS Code live, Chrome Preview, Firefox roadmap

VS Code extension surfaces governance context where engineers build AI systems. Chrome extension records supported AI usage for shadow AI discovery; in Preview, install by loading the extension unpacked. One identity, one audit trail across surfaces.

Methods and routes

What your code can call

registry.tsassess.tspolicy.tsorchestrator.tsevidence.ts

// mcp://korasafe.ai, namespace: registry
export interface RegistryEntry {
  system_ref:    string;                // sys_hiring_v4
  owner:         string;                // user or team id
  data_class:    DataClass[];             // pii, credit, biometric, minors
  model_refs:    string[];                // claude-3-7-sonnet, gpt-4o, internal
  tool_scope:    ToolScope[];             // mcp, rest, ci, chrome
  autonomy_tier: "T1" | "T2" | "T3" | "T4";
  status:        "draft" | "live" | "retired";
}
export interface RegistryListQuery {
  tenant:     string;
  tier?:      "T1" | "T2" | "T3" | "T4";
  framework?: Framework;
  cursor?:    string;                // opaque, stable across inserts
  limit?:     number;                // 1..500, default 50
}

// mcp://korasafe.ai, namespace: assess
export interface AssessCreateInput {
  system_ref:   string;          // registry id (e.g. sys_hiring_v4)
  frameworks:   ("eu-ai-act" | "nist-ai-rmf" | "iso-42001" | "sr-11-7")[];
  inputs:       InputClass[];        // pii, credit_score, biometric, minors
  overlays?:    SectorOverlay[];     // financial, healthcare, public-sector
  autonomy_tier: "T1" | "T2" | "T3" | "T4";
  evidence?:    boolean;         // signed, hash-chain pack on success
}
export interface AssessResult {
  req_id:           string;
  tier:             "minimal" | "limited" | "high-risk" | "prohibited";
  findings:         Finding[];          // typed, with obligation node_ids
  evidence_pack_id: string | null;
  audit_checkpoint: string;          // merkle root, verifiable offline
}

// mcp://korasafe.ai, namespace: policy
export interface PolicyPack {
  pack_ref:   string;                // finance.hiring.v3
  version:    string;                // semver, immutable when tagged
  rules:      RegoRule[];             // compiled and pinned per version
  frameworks: Framework[];            // eu-ai-act, nist-ai-rmf, iso-42001
  overlays?:  SectorOverlay[];
}
export interface PolicySimulateInput {
  pack_ref:     string;
  system_ref:   string;
  sample_count: number;              // 1..10000, audit default 1000
  fixtures?:    InputClass[];
}
export interface PolicySimulateResult {
  pass_rate:     number;              // 0..1
  violations:    RuleHit[];            // rule_id, count, severity
  hot_reload_ms: number;              // under 2000 on live rollouts
}

// mcp://korasafe.ai, namespace: orchestrator
export interface OrchestratorPlan {
  plan_id:         string;
  steps:           PlanStep[];          // agents, tools, guardians per step
  review_required: boolean;             // true for T3 and T4
  budget_ms:       number;              // soft cap, per step and per plan
  reviewers:       string[];             // resolved from escalation rules
}
export interface OrchestratorRun {
  plan_id:          string;
  review_outcome:   "approved" | "rejected" | "conditional";
  run_id:           string;
  audit_checkpoint: string;              // merkle root per run, append-only
}

// mcp://korasafe.ai, namespace: evidence
export interface EvidencePack {
  pack_id:      string;                // ep_9f3ac2...
  system_ref:   string;
  frameworks:   Framework[];
  merkle_root:  string;                // SHA-256, verifiable offline
  sealed_at:    string;                // RFC 3339
  retention:    "7y" | "custom";         // hash-chain, seven year default
}
export interface EvidenceVerifyInput {
  pack_id:     string;
  proof:       MerkleProof;            // siblings + indices
  public_key?: string;                // tenant signing key, JWKS-resolved
}
export interface EvidenceVerifyResult {
  ok:           boolean;
  signed_at:    string;
  policy_hash:  string;                // pack version pinned at decision time
}

registry.*

list, get, upsert, retire. The single source every other call reads from. 8k rps, p50 38ms.

assess.*

create, status, export. EU AI Act Annex III, NIST AI RMF 2.0, sector overlays. 500ms timeout.

policy.*

list, apply, simulate, violation. Rego policies hot-reloaded in under two seconds.

agents.*

list, dispatch, status. Direct path when bypassing the orchestrator for low-latency flows.

orchestrator.*

plan, review, run, record. Default for multi-agent work. Your team sees the plan before any agent runs.

evidence.*

pack, verify, list. SHA-256 Merkle chained. Seven-year default retention.

First call

From import to enforced

quickstart.ts

import { KoraSafe^™ } from "@korasafe/sdk";

const ks = new KoraSafe^™({ apiKey: process.env.KS_KEY });

const result = await ks.assess({
  system: "loan-decisioning-v4",
  inputs: ["applicant_pii", "credit_score"],
  policies: ["eu-ai-act-high-risk"],
});

// result.tier === "high-risk"
// result.findings.length === 3
// result.evidence_pack_id === "ep_9f3a..."

from korasafe import KoraSafe^™
import os

ks = KoraSafe^™(api_key=os.environ["KS_KEY"])

result = await ks.assess(
    system="loan-decisioning-v4",
    inputs=["applicant_pii", "credit_score"],
    policies=["eu-ai-act-high-risk"],
)

# result.tier == "high-risk"
# len(result.findings) == 3
# result.evidence_pack_id == "ep_9f3a..."

curl -X POST https://api.korasafe.ai/v1/assess \
  -H "Authorization: Bearer $KS_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{
    "system": "loan-decisioning-v4",
    "inputs": ["applicant_pii", "credit_score"],
    "policies": ["eu-ai-act-high-risk"]
  }'

# HTTP/1.1 200 OK
# X-Request-Id: req_9f3ac2...
# { "tier": "high-risk", "findings": [...], "evidence_pack_id": "ep_9f3a..." }

// mcp://korasafe.ai, namespace: assess
{
  "jsonrpc": "2.0",
  "id": "1",
  "method": "assess.create",
  "params": {
    "system_ref": "loan-decisioning-v4",
    "frameworks": ["eu-ai-act"],
    "inputs": ["applicant_pii", "credit_score"],
    "autonomy_tier": "T3",
    "evidence": true
  }
}

// Returns { tier, findings[], evidence_pack_id, audit_checkpoint }

Rate limits and errors

Predictable, not punitive

Rate limits

Published, per route

Burst allowance via leaky bucket, not cliffs
Soft warning at 80% with Retry-After header
Per-tenant overrides for enterprise plans
Separate pools for read, write, and agent dispatch
Public status page reflects current budgets

Errors

Typed, explicit, actionable

RFC 7807 problem-details on every non-2xx
Stable error codes you can branch on
request_id echoed in the body and X-Request-Id header
Violations link to the policy rule that tripped
No silent failures; surface everything to the caller

Webhooks

Decisions and escalations, pushed to your systems

Subscribe to events your systems care about. Each delivery carries a signed envelope, a replay token, and a pointer into the evidence chain.

violation.raised.json

// POST https://hooks.example.com/korasafe
X-KoraSafe^™-Event: violation.raised
X-KoraSafe^™-Signature: sha256=b7c4...
X-KoraSafe^™-Delivery: del_9f3ac2b7
X-KoraSafe^™-Timestamp: 1745010234

{
  "event": "violation.raised",
  "tenant": "acme",
  "system_ref": "hiring-copilot-v4",
  "framework": "eu-ai-act",
  "rule": "annex-iii.1.a",
  "severity": "high",
  "evidence_pack_id": "ep_9f3a...",
  "req_id": "req_9f3ac2..."
}

assessment.completed

Assessment finishes. Decision, tier, and evidence pack id included.

violation.raised

Policy rule tripped. Rule id, severity, and citation attached.

escalation.requested

Human review needed. Reviewer queue and SLA attached.

evidence.sealed

Pack signed and anchored. Merkle root and retention window attached.

registry.changed

System added, retired, or tier changed. Field diff included.

policy.applied

New pack or version applied. Simulator diff attached.

Delivery

At-least-once, de-duplicated

Retries with exponential backoff, 24 hour budget
Delivery id stable across retries, safe to idempotently process
Dead-letter queue browsable in the console
Replay any delivery from the last seven days, one call

Signing

HMAC-SHA256, rotatable

Per-endpoint secret, rotated without drop
Dual-signing window of five minutes during rotation
Timestamp header rejects replays past a five-minute skew
JWKS-backed option for enterprise plans