AGTS MCP Server

Sovereign MCP Gateway — Governed Tool Invocation for Autonomous Agents

Model Context Protocol server that turns tool calls into cryptographically authorized, verifiable actions. 115+ governed tools across 6 layers — hybrid Ed25519 + SLH-DSA signed and Merkle-anchored. Designed to support EU AI Act, GDPR, SOC 2, ISO 27001, DORA, NIS2, and FINRA compliance.

Server URL

https://mcp.obligationsign.com/mcp

Authentication

The gateway requires a Bearer token issued through the ObligationSign platform. All requests must include an Authorization header.

To obtain a token, register at obligationsign.com/start/.

Quick Start

Claude Desktop / Cursor / Windsurf

Add to your MCP configuration:

{
  "mcpServers": {
    "agts": {
      "url": "https://mcp.obligationsign.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN"
      }
    }
  }
}

Programmatic (JSON-RPC over HTTP)

curl -X POST https://mcp.obligationsign.com/mcp \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/list",
    "params": {}
  }'

What is AGTS?

AGTS (Autonomous Governance Transparency Standard) is a transparency-backed governance protocol that converts validated machine decisions into append-only cryptographic records, independently verified by a network of witnesses and monitors.

decision → record → immutable history → verifiable truth

Every tool call passes through a five-gate firewall (Statistical, Causal, Regression, Evidence, Human-Compatible Explanation) before execution. Admitted actions are Merkle-anchored into an append-only transparency log and signed with hybrid post-quantum cryptography.

Cryptography & Validator Quorum

Every governance envelope produced by this server is signed with a hybrid post-quantum signature: classical Ed25519 in parallel with SLH-DSA-SHAKE-128f. The signature is verifiable today with Ed25519-only tooling and remains forgery-resistant against future quantum adversaries via SLH-DSA. Sovereign Mail additionally uses ML-KEM-512 for encrypted key exchange, and peer-trust ceremonies use ML-DSA-44.

Admit decisions for governed tool calls require an independent 3-of-4 validator quorum with constraint regulator_count ≥ 1 and auditor_count ≥ 1. Validators are deployed as separate Cloudflare Workers (agts-validator-{a,b,c,d}) with distinct ECDSA P-256 keypairs; each validator independently re-evaluates the proof bundle and signs an AGTS_VOTE_V1 certificate. The quorum certificate is then anchored alongside the governance envelope in the Merkle transparency log, so any external party can reconstruct the four signed votes and verify that quorum was honestly met.

Tool Catalog (115+ Tools)

Layer 1 — Infrastructure

VPN & Network

Monitor

Layer 2 — Identity & Communications

Sovereign Mail

| Tool | Description | |-

... View full README on GitHub