Agent CertAgent Cert
Reference

MCP Server.

Agent Cert exposes a Model Context Protocol server so any MCP-capable agent can certify decisions without writing a single line of HTTP code. Two transports, nine tools, the same API-key authentication as the REST API.

Security note. The MCP endpoint enforces X-API-Key authentication on every request via an ASGI middleware. Requests without a valid key receive HTTP 401 immediately — no tool can be invoked anonymously. Each tool execution is scoped to the caller's account via a contextvar set during auth.

Endpoints — two transports

Both transports expose the same nine tools behind the same X-API-Key auth. Pick the one your client speaks:

https://api.agentcert.net/mcp           # Streamable HTTP — Copilot Studio, modern clients
https://api.agentcert.net/mcp-sse/sse   # SSE — Claude Code, Cursor, OpenAI Codex
  • Streamable HTTP (/mcp) — the current MCP spec transport. Required by Microsoft Copilot Studio.
  • SSE (/mcp-sse/sse) — the older transport, still used by Claude Code, Cursor, and the OpenAI Codex CLI.

Prefer deterministic, in-topic invocation in Power Platform? A Swagger 2.0 connector is published at https://api.agentcert.net/openapi/connector.yaml — see the Copilot Studio guide.

Authentication

Pass your API key as X-API-Key in the SSE connection headers. The middleware:

  1. Reads X-API-Key from the incoming SSE request.
  2. Hashes the key and looks up an active row in the api_keys table.
  3. Rejects with HTTP 401 if the key is missing, unknown, or revoked.
  4. On success, stores user_id in a contextvar so every tool query is scoped to your account.

Revoking your API key at /settings/api-keysimmediately disconnects any active MCP session using that key.

Tools

certify_decision

Submit an agent execution for evaluation and return a signed Decision Receipt. The MCP equivalent of POST /v1/receipts.

Parameters:

  • agent_id: string — your stable agent identifier
  • platform: string — "bedrock" | "copilot" | "openai" | "claude" | etc.
  • user_intent: string
  • agent_output: string
  • tools_used: string[]
  • retrieval_summary: string (optional)
  • policy_rules: string[] (optional ad-hoc rules)
  • metadata: object (optional structured fields)

v2 capture fields (all optional, recommended for Article 12 traceability — bound into the receipt's execution_hash when set):

  • acting_model: string — the model that actually made the decision, e.g. gpt-4o, claude-sonnet-4. Distinct from the Agent Cert evaluator that scores it. Capture this so every receipt records which model produced the output.
  • acting_model_version: string — version/snapshot of that model
  • parent_receipt_id: string — the upstream receipt this decision was triggered by (builds the provenance chain)
  • permission_snapshot: object — what the agent was allowed to do at decision time
  • memory_context_hash: string — hash (not content) of the memory/context the agent acted on

get_receipt

Fetch a single Decision Receipt by ID.

Parameters: receipt_id: string

verify_receipt

Re-verify a receipt — recomputes hashes, validates the Ed25519 signature, returns the verification result.

Parameters: receipt_id: string

get_anchor_proof

Return the on-chain Solana anchor proof for a receipt — tx signature, explorer URL, network, and the hash-match result.

Parameters: receipt_id: string

list_my_receipts

List your most recent receipts. Admins see all receipts in the system; non-admins see only their own (enforced server-side).

Parameters: limit: integer (default 25)

check_credits

Return your current credit balance.

Parameters: none

generate_audit_report

Generate an EU AI Act Article 12 / ISO 42001 compliance audit report from your receipts — summary stats, embedded verification instructions, and one entry per receipt. Free (read-only). See Compliance. (PDF export is via the REST endpoint POST /v1/reports with format: "pdf".)

Parameters: agent_id (optional), start / end (ISO-8601, optional), limit (default 1000, max 10000).

get_decision_history

Walk the cross-agent chain of custody upstream from a receipt via parent_receipt_id. Returns the ordered chain (target → parent → … → root). Free. See Provenance.

Parameters: receipt_id: string

replay_decision

Reconstruct a decision from its stored record — the original request (user intent, agent output, tools, context) and the evaluation. Owner/admin only (returns decision content). Free.

Parameters: receipt_id: string

Connecting from Copilot Studio

See the full walkthrough at Integrations → Microsoft Copilot Studio. Summary:

  1. In your Copilot Studio agent, open the Add a tool dialog and choose Model Context Protocol.
  2. Server URL: https://api.agentcert.net/mcp (Streamable HTTP — required by Copilot Studio)
  3. Auth: select API key, header name X-API-Key, value = your Agent Cert key from /welcome.
  4. Copilot Studio auto-discovers all nine tools.
  5. Enable the agent's generative orchestration (or wire certify_decision into a topic) so meaningful responses generate a receipt.

Connecting from Claude Code / Claude Desktop

Claude clients use the SSE transport:

{
  "mcpServers": {
    "agent-cert": {
      "type": "sse",
      "url": "https://api.agentcert.net/mcp-sse/sse",
      "headers": {
        "X-API-Key": "ait_..."
      }
    }
  }
}

The "type": "sse" line is required — it tells the client this is a remote SSE server (not a local stdio command). Claude Code reads this from .mcp.json / ~/.claude/settings.json; Claude Desktop reads it from claude_desktop_config.json.

Connecting from a custom MCP client

Use https://api.agentcert.net/mcp for Streamable HTTP or https://api.agentcert.net/mcp-sse/sse for SSE. Pass the API key in the connection headers. The server speaks the standard MCP wire protocol — no custom extensions.

Troubleshooting

  • HTTP 401 on connect — API key missing, malformed, or revoked. Check X-API-Key spelling (case-insensitive but the value must match exactly).
  • Tools missing in client — the SSE handshake completed but tool discovery failed. Check the SSE event stream for protocol errors.
  • Insufficient credits during certify_decision — top up via the CERT bridge (see CERT & credits).