Model Context Protocol

ASTIS MCP

AI-native cryptography for agents

The hosted server at mcp.astis.io gives Claude Code, Cursor, Windsurf, and every other AI coding agent tooling to accelerate ASTIS integrations — endpoint reference, starter code, and static checks. Runtime crypto for agents runs in a separate self-hosted deployment inside your own infrastructure (in development).

Connect your AI agentmcp.astis.io

A Model Context Protocol server for a business-payload-blind cryptographic platform — built for AI coding agents.

Two modes

Dev-time tooling runs on the hosted server at mcp.astis.io. Runtime crypto for agents runs in a separate self-hosted deployment in your own infrastructure (in development).

Dev-time

For developers in Claude Code, Cursor, Windsurf

Your engineers ship ASTIS integrations faster. The MCP server hands their AI agent starter code, endpoint contracts, and a static validator — instead of the agent guessing from out-of-date docs.

No quota or billing
Scope: mcp:use
No runtime crypto; no production business payloads
Self-hosted · in development

Runtime

For AI agents in your own infrastructure

Customer-side MCP Runtime is in development for controlled agent operations inside your own infrastructure, with a separate mcp:runtime:* scope family. Talk to engineering for design-partner access.

MCP tools by trust boundary

Hosted dev-time tools provide endpoint reference, starter code, and static checks. Runtime tools are listed separately because they have a different trust boundary.

Dev-time tools

generate_client

Generate starter integration code in your stack — Node/TypeScript, Python, or Go — based on ASTIS integration patterns instead of guessed-at docs.

explain_endpoint

Get the zero-knowledge posture, required scopes, sealed-envelope contract, and audit fields for supported ASTIS endpoints without leaving the IDE.

validate_request

Flags common integration mistakes before you run your code.

threat_model

Generate a threat model for your specific integration — what an attacker can and cannot do given your code path.

list_endpoints

List the supported ASTIS API endpoints with their scopes and contracts, so your agent picks the right one before writing code.

scaffold_workload_secret

Scaffold the ASTIS Workload Secrets flow for Kubernetes — encrypt command, manifests, and pod-side client — so an agent can wire up secret decryption correctly.

Runtime tools — self-hosted, in development

A self-hosted runtime family (sign / verify / unseal / tokenize, behind mcp:runtime:*) is in development and runs only inside your own infrastructure — the hosted server at mcp.astis.io does not run these. Talk to engineering for design-partner access.

Trust model

Letting an AI agent act on your behalf is a security decision. Here is exactly what you are signing up for.

Opt-in by default

Every runtime scope is disabled until your admin explicitly grants it on a per-API-key basis. AI agents start with zero powers.

Hosted edge stays blind

The hosted server runs dev-time tools only — it never performs runtime crypto and never returns keys. Runtime tools, which can return a usable key to the agent, run only in your self-hosted deployment inside your own trust domain.

Two-scope requirement

Runtime tools require BOTH the data-plane scope (sign, verify, unwrap, fpe) AND a separate mcp:runtime:* scope. You can revoke agent access without revoking your own backend.

Audited at the API layer

Runtime calls that reach the api-gateway are audited there (RFC-016, exportable via /v1/audit).

Honest disclosure

Runtime crypto runs in your self-hosted deployment. For sign / verify the worker sends only a hash to ASTIS. For unseal, a usable key is returned to your local MCP client — and any data your agent then handles can reach its LLM provider. That privacy boundary is yours to manage. Each runtime scope must be assigned explicitly in the portal; base scopes (sign / verify / envelopes:unwrap) do not auto-grant agent access.

How it fits together

Two separate flows. Dev-time tooling is a thin Cloudflare Worker; runtime crypto runs from a self-hosted worker in your own infrastructure. MCP is a separate, limited surface — review the scopes before you enable runtime.

Dev-time (hosted)

Developer agent — Bearer + JSON-RPC
mcp.astis.io — CF Worker, dev-time tools
contracts · codegen · validation

No runtime crypto. No production business payloads. The hosted service processes only inputs you explicitly submit to MCP dev-time tools.

Runtime (self-hosted · in development)

Runtime agent — in your infra
self-hosted MCP — your worker, your trust domain
api-gateway — same scopes + audit
↓ operation-specific request: hash or sealed envelope
CVS / sKey

ASTIS services do not receive business-payload plaintext. CVS processes key material for unwrap/rewrap; sKey stores encrypted capsules + routing metadata.

Connect your agent

Three lines of config. Pick your agent.

Claude Code
# .mcp.json (project-scoped)
{
  "mcpServers": {
    "astis": {
      "type": "http",
      "url": "https://mcp.astis.io/v1/mcp",
      "headers": { "Authorization": "Bearer ${ASTIS_API_KEY}" }
    }
  }
}
Cursor / Windsurf / any MCP-compatible client
# ~/.cursor/mcp.json — same JSON shape works for Windsurf, Continue, Cline
{
  "mcpServers": {
    "astis": {
      "type": "http",
      "url": "https://mcp.astis.io/v1/mcp",
      "headers": { "Authorization": "Bearer ${ASTIS_API_KEY}" }
    }
  }
}

Need an API key?

Sign in at portal.astis.io, generate a key with the mcp:use scope for dev-time use. Runtime scopes (mcp:runtime:*) must be enabled separately on the same key — see portal scope descriptions for the disclosure.

Ready to connect your coding agent?

Connect once, and build your ASTIS integration in your IDE.

Get an API keyTalk to engineering
PrivacyTermsSecurity