atlasent-mcp
OfficialServer Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| ATLASENT_MODE | No | Force 'local' or 'remote' mode | auto-detect |
| ATLASENT_API_KEY | No | Bearer token for the hosted API (required for remote mode) | |
| ATLASENT_ANON_KEY | No | Optional x-anon-key header | |
| ATLASENT_BASE_URL | No | AtlaSent API base URL | https://api.atlasent.io/functions/v1 |
| ATLASENT_MCP_READONLY | No | If '1' or 'true', skip registration of mutating tools | |
| ATLASENT_MCP_RATE_LIMIT | No | Per-tool calls per minute | 600 |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| evaluateA | Call this BEFORE performing any sensitive action. Returns a Decision: |
| verify_permitA | Call this AFTER completing an authorized action. Confirms the permit issued by |
| deploy_serviceA | Example protected tool. Every call is authorized by AtlaSent BEFORE the deploy runs. Denied or held calls are blocked and never touch the target system. On allow, the deploy executes and a permit_token is returned. |
| atlasent_evaluateA | Evaluate an action against your published AtlaSent policies. Returns allow/deny/hold/escalate with a permitToken on allow. Use this when ATLASENT_MODE=remote and you need to gate an action against your hosted policy engine. |
| atlasent_list_policiesA | List all constraint bundles / policies for this organization. |
| atlasent_get_policyA | Retrieve a single constraint bundle / policy by ID. |
| atlasent_list_audit_eventsB | Retrieve recent evaluation events from the audit log. |
| atlasent_create_policyA | Create a new constraint bundle for an action. The bundle starts in 'draft' status — call update_policy to publish it. |
| atlasent_update_policyA | Update a constraint bundle — change rules, title, or publish/archive it. Only fields you provide are updated; omitted fields are unchanged. |
| atlasent_delete_policyA | Permanently delete a constraint bundle. Prefer archiving over deleting. |
| atlasent_revoke_permitA | Revoke a permit before it expires. The permit immediately becomes invalid for verify_permit calls. |
| atlasent_list_permitsA | List issued permit tokens for audit and monitoring. |
| atlasent_permitA | Manually issue a permit token for an action. Use for pre-authorized operations where a full evaluate call is not practical. |
| atlasent_verify_permitA | Verify a permit token with full binding inputs against the V1 endpoint. Use this for production verification — under-specified verification is a bypass vector. |
| atlasent_create_approval_requestA | Create an approval request for a held action. The request ID is returned in the evaluate response when decision is 'hold'. Submit resolution via atlasent_resolve_approval_request. |
| atlasent_resolve_approval_requestA | Approve or deny an approval request. On approval, the held evaluation may proceed; on denial, it stays blocked. |
| atlasent_record_execution_evaluationA | Record the outcome of an execution that was permitted by a prior evaluate call. Closes the audit loop with the actual execution result. |
| atlasent_create_webhookA | Register a webhook URL to receive evaluation events. |
| atlasent_delete_webhookB | Remove a registered webhook. |
| atlasent_trajectory_verifyA | Verify that the agent's current execution step is on an authorized trajectory. Call this at each step to ensure the agent has not deviated from the permitted plan. Returns on_trajectory=true to continue or on_trajectory=false (with a deviation reason) to halt. Fail-closed: network errors return on_trajectory=false. |
| atlasent_lookup_actionA | Look up canonical action specifications from the Authorization Intelligence Library. Returns gate flags (requires_human_approval, requires_mfa, requires_verified_actor, requires_state_snapshot), authorization patterns, risk posture, AI risk classification, regulatory mappings, and evidence requirements for any of the 17 governed action types. Use |
| atlasent_evaluate_manyA | Evaluate up to 100 actions in a single request against your published AtlaSent policies. Returns decisions in input order. Optional batch_id (UUID) provides idempotency. Closed-by-default: 404 surfaces as a |
| atlasent_evaluate_streamA | Evaluate up to 100 actions via the streaming endpoint. The tool buffers the SSE stream and returns the complete result set (same shape as atlasent_evaluate_many). Per-item RPC failures surface in the items array with |
| atlasent_queryA | Run a read-only GraphQL query against the AtlaSent V2 GraphQL endpoint. Wave A schema: |
| atlasent_list_scim_usersA | List provisioned users via SCIM 2.0 (RFC 7643) for an organization. Supports filter expressions (e.g. 'userName eq "alice"') and startIndex/count pagination. |
| atlasent_get_scim_userA | Retrieve a single provisioned SCIM user by ID. |
| atlasent_create_scim_userA | Provision a new user via SCIM 2.0. Adds the user to the AtlaSent directory and makes them available for policy evaluation. |
| atlasent_patch_scim_userA | Update a provisioned user using RFC 7644 SCIM PatchOp operations. Each operation has op (add/remove/replace), an optional path, and a value. |
| atlasent_delete_scim_userA | Deprovision a SCIM user. Removes them from the AtlaSent directory. This is irreversible — prefer disabling (patch active=false) over deleting. |
| atlasent_list_scim_groupsB | List provisioned groups via SCIM 2.0 for an organization. |
| atlasent_get_siem_configA | Retrieve the SIEM export configuration for an organization. Enterprise plan required. The credential field is never returned. |
| atlasent_upsert_siem_configA | Create or update the SIEM export configuration for an organization. Enterprise plan required. destinationUrl must be HTTPS. The credential field is stored securely and never returned by GET. |
| atlasent_test_siem_deliveryA | Send a test event to the configured SIEM destination and report the result. Returns { success, statusCode, durationMs, error? }. Returns 409 if SIEM is not configured or is disabled. |
| atlasent_list_evidence_exportsA | List compliance evidence bundles for an organization. Enterprise plan required. Each record includes status and SHA-256 hash. |
| atlasent_get_evidence_exportA | Retrieve a specific compliance evidence bundle by ID. Includes status, SHA-256 hash for tamper verification, and download URL when complete. |
| atlasent_create_evidence_exportA | Generate a compliance evidence bundle for audit regimes (SOC 2 Type II, HIPAA, GDPR). Enterprise plan required. Returns SHA-256 for tamper verification. Default window is the past 90 days; use date_from/date_to to narrow it. |
| atlasent_vqp_generateB | Score a constraint bundle against the 6 VQP criteria (access_control CC6.1, audit_coverage CC7.2, escalation_paths CC7.4, deny_specificity CC8.1, hold_conditions CC6.3, override_governance CC5.2). Stores a tamper-evident snapshot with a SHA-256 prompt_hash in vqp_snapshots. Verdicts: qualified (≥85, no fails), conditionally_qualified (≥60), not_qualified. Requires ATLASENT_SUPABASE_URL and ATLASENT_SUPABASE_SERVICE_ROLE_KEY. |
| atlasent_vqp_verifyA | Re-derive the VQP prompt from current bundle data and verify it matches the stored SHA-256 prompt_hash. Detects tampering (hash_match: false) and optionally re-runs the AI model to detect score drift (score_delta, verdict_changed). Writes a vqp_audit_log row for SOC 2 CC7.2 / 21 CFR Part 11 evidence. Requires ATLASENT_SUPABASE_URL and ATLASENT_SUPABASE_SERVICE_ROLE_KEY. |
| atlasent_vqp_audit_summaryA | Retrieve a summary of VQP audit activity — hash match rates, drift event counts, and verdict changes — from the BCCAE compliance report. Use for SOC 2 evidence collection and monitoring dashboards. |
| atlasent_vqp_drift_eventsA | List VQP snapshots where the re-run AI score drifted by ≥10 points or the verdict changed (e.g. qualified → not_qualified). Use for compliance investigation and QA-VQP-002 § 7 deviation reporting. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AtlaSent-Systems-Inc/atlasent-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server