The MCP server in this repo runs on stdio, uses the same runtime env vars as the SDK and CLI, exposes a small tool surface, and records tool telemetry so agent activity is not invisible.

tool count

IP lookup, email validation, and WAF evaluation.

transport

stdio

Designed for agent hosts that can spawn a local MCP server process.

shared config

API key, site id, and gateway URL match the SDK and CLI contract.

cosantoir-mcplookup_ipvalidate_emailevaluate_waf_ruletelemetrystdiocosantoir-mcplookup_ipvalidate_emailevaluate_waf_ruletelemetrystdio

Bounded capability

Tool surface

The point of MCP is deliberate narrowness. A good tool surface returns the context an agent needs without leaking the rest of the machine.

Network context

`lookup_ip`

Inspect abuse posture, proxy state, and location for a source IP.

Identity hygiene

`validate_email`

Check disposable and MX posture before models suggest a signup policy change.

Request simulation

`evaluate_waf_rule`

Run a candidate request through the active WAF path and read the returned result.

Server bootstrap

The MCP process reads the same runtime contract as the SDK and CLI. That alignment is what keeps agent answers honest.

Read `COSANTOIR_API_KEY`, `COSANTOIR_SITE_ID`, and `COSANTOIR_GATEWAY_URL` from the environment.

Initialize one shared runtime client at process startup.

Expose only the tool names that map cleanly to evaluator capabilities.

Launch

Start the MCP server

bash

01export COSANTOIR_API_KEY=dp_live_example
02export COSANTOIR_SITE_ID=site_prod_web
03export COSANTOIR_GATEWAY_URL=http://localhost:4000
04 
05cosantoir-mcp

Tool registry

Exposed tool names

text

01lookup_ip(ip)
02validate_email(email)
03evaluate_waf_rule(ip, method, path, userAgent?)

Access discipline

Safety boundary

A useful MCP surface is opinionated about what it will not do. That boundary is the whole reason it exists.

Shared contract

Same env line

Use the same runtime key, site id, and gateway origin the rest of the stack already trusts.

Narrow scope

Three tools only

Keep the tool surface small enough that every exposed capability is easy to justify.

Recorded calls

Telemetry on every tool

Write each MCP action into the same local telemetry trail the audit lane can later summarize.

Telemetry

Recorded agent actions

jsonl

01{"timestamp":"2026-03-24T13:10:04.000Z","source":"mcp-agent","action":"lookup_ip","ip":"198.51.100.24"}
02{"timestamp":"2026-03-24T13:10:18.000Z","source":"mcp-agent","action":"evaluate_waf_rule","path":"/signup","result":"allow"}

Exposed capability list

Available tools

Keep the tool contract crisp enough that an agent can reason about it without guessing what is hidden behind the server.

IP lookup

Maps to `cs.ip.lookup({ ip })` on the shared runtime client.

Email validation

Maps to `cs.email.validate({ email })` and returns the raw evaluator result.

WAF evaluation

Maps to `cs.waf.evaluate({ ip, method, path, userAgent })` for request simulation.

Usage patterns

Agent patterns

The best MCP flows are the ones where the agent becomes better informed without becoming more privileged than it needs to be.

Support agents

Let support-side models inspect IP, email, and WAF posture without full dashboard access.

Coding agents

Let engineering agents verify runtime assumptions during implementation and incident response.

Policy review agents

Let internal reviewers read the active protection context without touching production credentials directly.

Last updated Mar 24, 2026

SDKs

Overview