HomeProductMCP API

Programmatic governance
for your AI agent fleet

Your AI agents invoke KoraSafe's governance tools via MCP: query_knowledge_base, list_documents, analyze_code, scan_dependencies, and generate_remediation. Programmatically, in real time. Built on the Model Context Protocol, so governance runs at the speed of your AI deployment.

Programmatic Governance

Agents that govern themselves

AI agents call the MCP API to query regulatory requirements, check compliance status, and verify they are authorized to act -- all at machine speed, before taking action.

  • Semantic search across the curated regulatory corpus
  • Full document catalog with metadata and jurisdiction filters
  • Standards-compliant A2A discovery endpoint
  • Web application proxy for browser-based access
Agent A Credit Scoring Agent B Claims Review Agent C Content Gen KoraSafe MCP API query / list / assess 52 Documents /.well-known/agent.json
Defense in Depth

Triple-gated security

Independent security gates protect every API request. All three must pass before any request reaches the knowledge base. A failure at any gate returns an immediate rejection.

  • Gate 1: Server-side feature flag -- global kill switch
  • Gate 2: Pre-shared API key in request header -- rotatable
  • Gate 3: Admin JWT with role-based access control
REQUEST MUST PASS ALL THREE GATES Request 1 Feature Flag MCP_ENABLED = true 2 API Key x-mcp-key header 3 Admin JWT Bearer token + role claims 404 401 403 Fail at any gate = immediate rejection
Tools and Discovery

Structured API for AI agents

Each MCP tool exposes a structured interface that AI agents call programmatically. The A2A discovery endpoint lets external agents automatically find and integrate KoraSafe governance.

  • query_knowledge_base -- semantic search across 52 regulatory documents with jurisdiction and category filters
  • list_documents -- full document catalog with metadata, source, and last-updated timestamps
  • analyze_code -- scan source code for governance violations mapped to regulatory controls
  • scan_dependencies -- audit npm and pip packages for CVEs, license issues, and supply chain risks
  • generate_remediation -- produce targeted code patches for governance findings with regulatory context
query_knowledge_base Semantic search, filters list_documents Full catalog with metadata assess_compliance Automated compliance verdict chat_regulatory_context Multi-turn regulatory Q and A A2A DISCOVERY SKILLS Regulatory Assessment Regulatory Lookup Compliance Checklist