Documentation

MCP tools

External tool servers behind the same compliance gate, with per-key deny-by-default grants.

Register external MCP tool servers (HTTP, SSE, or stdio) in the Console with residency tags; auth secrets are sealed in the credential vault and never echoed back.

Every tool call clears the same gate as a chat completion: Inspect (data protection on the arguments), Route (residency on the server), Seal (audit chain), Meter (rate and budget). Tool grants are per-key and deny-by-default. Sluis also answers POST /v1/mcp as an MCP server itself, exposing exactly the tools the calling key is granted.

# list the tools this key is granted (deny-by-default)
curl https://api.sluis.ai/v1/mcp \
  -H "Authorization: Bearer $SLUIS_KEY" \
  -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/list" }'

# every tools/call clears Inspect → Route → Seal → Meter