Developers / Developer Tooling
Expose Cosantoir runtime evaluations as MCP tools for agents and internal operator workflows.
Browse Documentation
Foundation
Product
Core Platform
Developers
Developer Tooling
Operations
Business
Billing and Plans
On This Page
No section anchors
# MCP Server
@cosantoir/mcp turns the production runtime modules into MCP tools. It is designed for incident review, release checks, support triage, and agentic security workflows that need the real Cosantoir backend contract.
## Install
``bash
npm install -D @cosantoir/mcp
`
## Environment
`bash
COSANTOIR_API_KEY=dp_live_example
`
The server also reads ~/.cosantoir/config.json, so cosantoir login and cosantoir-mcp share the same local credential source.
Runtime API keys identify the billable Cosantoir workspace, project, site, environment, and policy set; pass userId to tools when an agent is evaluating a request for a specific SaaS customer.
## Tools
- check_runtime for API-key readiness, site resolution, policy, billing, and requested module scopes.
- lookup_ip for IP reputation, network, privacy, and recommended action.
- validate_email for syntax, domain, MX, disposable, and abuse checks, with optional userId.
- consume_rate_limit for route-aware rate-limit verification, with optional userId.
- evaluate_waf_rule for managed and custom WAF policy decisions, with optional userId.
- evaluate_signup for combined signup fraud decisions, with optional userId.
- evaluate_bot for verified-bot and automation scoring, with optional userId.
## Client Configuration
`json
{
"mcpServers": {
"cosantoir": {
"command": "cosantoir-mcp",
"env": {
"COSANTOIR_API_KEY": "set-your-runtime-api-key"
}
}
}
}
`
MCP tool calls return the same response envelope as the SDK: siteId, result`, request ids, correlation ids, and backend headers.