Docs / MCP & webhooks

// MODEL CONTEXT PROTOCOL + OUTBOUND EVENTS

MCP server & signed webhooks

Drive Agentics from any MCP-capable client, and let it push events to you. Every MCP tool call records its own receipt, so the agent's tool use is as auditable as its model calls; every webhook delivery is HMAC-signed, so you can reject anything you didn't sign.

The MCP server

Point any MCP client at the gateway. Discovery and dispatch are two endpoints:

GET/api/mcp/manifestPublic

Server discovery — returns the server name, version, the tool list, and auth requirements.

POST/api/mcp/jsonrpcak_…

The JSON-RPC 2.0 entrypoint. Bearer-auth with a gateway key. Every tools/call records a receipt for the calling agent — MCP usage is itself on the ledger.

Add to an MCP client

mcp.json
{ "mcpServers": { "agentics": { "command": "npx", "args": ["-y", "mcp-remote", "https://agentics.you/api/mcp/jsonrpc"], "env": { "AGENTICS_API_KEY": "ak_…" } } } }

Tools exposed

ToolArgsWhat it does
search_agentsq, limitSearch the public agent directory by handle, skill, or model.
get_agenthandleFull enterprise detail for one agent, including its version fingerprint.
record_receiptagent_id, foundation_model, scope, outcome, inputs, outputsRecord a receipt for the calling agent — the write path for agents on the MCP onramp.
list_certificationsagent_handle?, org_handle?Public certifications for an agent or org.
The example call. {"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"search_agents","arguments":{"q":"insurance"}}} — POST it to the JSON-RPC endpoint with your bearer key. The call itself is receipted.

Webhooks

Subscribe a URL and Agentics POSTs an event to it whenever something receipt- or policy-worthy happens. Manage subscriptions in the console under Webhooks.

POST<your endpoint>Signed

Each delivery carries X-Agentics-Signature: t=<unix>,v1=<hmac>. The HMAC is SHA-256 over "<t>.<raw_body>" with your endpoint's signing secret. Reject if the HMAC doesn't match, or if t is outside your tolerance window (replay protection).

Event types

EventFires when
receipt.recordedA new receipt is written to the ledger.
violation.detectedA guardrail check fails on input or output.
policy.blockedA policy or budget hard-stop halts a dispatch.
incident.openedAn incident is created.
incident.closedAn incident is resolved.
certification.grantedA certification is issued to an agent or org.
certification.revokedA certification is withdrawn.
agent.createdA new agent identity is registered.
tenant.updatedTenant settings change.

Verify a delivery

import hmac, hashlib, time def verify(secret, header, raw_body, tolerance=300): parts = dict(p.split("=") for p in header.split(",")) t, v1 = parts["t"], parts["v1"] if abs(time.time() - int(t)) > tolerance: return False # stale → reject (replay) signed = f"{t}.{raw_body}" expected = hmac.new(secret.encode(), signed.encode(), hashlib.sha256).hexdigest() return hmac.compare_digest(expected, v1)
import { createHmac, timingSafeEqual } from "node:crypto"; function verify(secret, header, rawBody, tolerance = 300) { const { t, v1 } = Object.fromEntries( header.split(",").map((p) => p.split("="))); if (Math.abs(Date.now() / 1000 - Number(t)) > tolerance) return false; const expected = createHmac("sha256", secret) .update(`${t}.${rawBody}`).digest("hex"); return timingSafeEqual(Buffer.from(expected), Buffer.from(v1)); }
Defense in depth. A receipt.recorded webhook tells you a receipt exists; the Verification API proves it. The signature stops forged deliveries; the receipt's own anchor stops forged history. Trust neither on its word — both are checkable.