Trust & Agent Safety

5 MCP servers that make autonomous AI agents safe, accountable, and controllable. Authentication, risk scoring, audit trails, persistent memory, task scheduling, and an emergency kill switch.

5
Safety Servers
75
Tools
258
Risk Policies
144
Scopes
🛡️
AgentGuard
The safety layer between your AI agent and the real world. OAuth/KYA authentication, 258 risk policies, tamper-proof SHA-256 audit trail, 5-state agent lifecycle, emergency kill switch. Protects all 317 DORA OS tools.
258 Risk Policies 144 Scopes Kill Switch 5 Agent States
20 tools · Port 12001
tooloracle.io/agentguard/mcp/
Details →
🔏
TrustOracle
Verifiable evidence layer for AI agents. ES256K signatures, SHA-256 content hashing, blockchain anchoring (Polygon + XRPL), JWKS key verification, evidence registry. Every response cryptographically provable.
ES256K Signing Polygon + XRPL JWKS
10 tools · Port 10401
tooloracle.io/feedtrustlayer/mcp/
🧠
MemoryOracle
Persistent long-term memory for AI agents. Store facts, context, and decisions across sessions. Namespace isolation, TTL expiry, semantic search. Agents that remember what they did and why.
Persistent Namespaced Semantic Search
10 tools · Port 10601
tooloracle.io/memory/mcp/
SchedulerOracle
Autonomous task scheduling. Cron expressions, one-time jobs, recurring workflows. Persistent across restarts. Integrates with AgentGuard for gated execution — no task runs without safety clearance.
Cron Persistent AgentGuard Gated
9 tools · Port 10701
tooloracle.io/scheduler/mcp/
💰
Decision Preflight
Budget and policy check before execution. Validates spend limits, transaction policies, and compliance rules. An agent must pass preflight before making any payment or state-changing action.
Budget Check Spend Limits Policy Gate
6 tools · Port 10501
tooloracle.io/decisionpreflight/mcp/

The autonomous agent safety stack

SchedulerOracle triggers a task (cron or event)
AgentGuard checks: Is the agent authenticated? What risk score? Approved scope?
Decision Preflight checks: Within budget? Policy-compliant?
Tool executes (any of the 317+ MCP tools across ToolOracle)
AgentGuard post-scan: Output safe? PII leak? Policy violation?
TrustOracle signs result: ES256K + SHA-256 content hash + blockchain anchor
MemoryOracle persists: Decision, reasoning, evidence — across sessions
AgentGuard audit trail: Chain-linked, tamper-proof, SHA-256 signed

DORA OS protection

All 21 DORA OS oracles (317 MCP tools) are protected by AgentGuard:

Read-only tools (cloud_status, predict_score, deadline_tracker): Risk 5-15, scope: compliance:read or public
State-changing tools (run_workflow, emit_event, sync_to_ampel): Risk 25-45, scope: compliance:write
Sensitive tools (incident_report, approve_report, emergency_kill): Risk 50+, scope: compliance:write or tenant:admin

Role hierarchy: admin → compliance_officer → auditor → developer → readonly
Each role sees only the tools it's authorized for. Every call is risk-scored and audit-logged.

Operator-in-the-Loop

ToolOracle agents are observed and scored — but not auto-throttled.
Agent traffic is classified, fingerprinted, and surfaced to operators as advisory recommendations.

What our automation does: observe · classify · score · surface · audit
What it never does: auto-ban · auto-merge · auto-whitelist · auto-restrict · auto-sandbox

Every restriction action requires explicit operator decision. Recommendations carry counter-signals — explicit statements about what the data does NOT prove (no agent identity claim, no attack claim, no automatic action).

No customer agent is ever auto-restricted by our systems. If our scoring layer flags unusual behavior, the event becomes an advisory entry that an operator reviews. Decisions are logged with reason hashes for audit reproducibility.