Aira
Integrations

MCP

Model Context Protocol server that exposes Aira's authorize/notarize/verify as tools any MCP-aware agent can call.

Kind: adapter · Pre-execution gate: no (inverted role — Aira IS the server here) · Peer dep: mcp (Python) or @modelcontextprotocol/sdk (TypeScript)

What this integration actually does

Model Context Protocol (MCP) is a bidirectional protocol: a host (typically an AI agent) connects to an MCP server and explicitly calls tools the server exposes. There's no hidden hook point — the agent chooses to call authorize_action before its own side effect.

The Aira MCP integration is an adapter, not a wrapper. It runs an MCP server that exposes Aira's two-step flow (and a handful of related operations) as tools any MCP-aware agent can call. It's the inverse of the other integrations: the agent calls Aira through MCP, not the other way around.

That means this is audit-only in the sense that we don't own the execution boundary — we can only do what the MCP host asks us to do. But if the agent follows the documented two-step contract, you get the full authorization flow plus signed receipts.

Exposed tools

Tool nameWhat it doesBackend route
authorize_actionStep 1 — ask Aira for permissionPOST /api/v1/actions
notarize_actionStep 2 — seal the outcomePOST /api/v1/actions/{id}/notarize
verify_actionPublic verification of a receiptGET /api/v1/verify/action/{id}
get_receiptFetch a receipt by idGET /api/v1/receipts/{id}
resolve_didResolve a W3C DID to its documentPOST /api/v1/dids/resolve
verify_credentialVerify a W3C Verifiable CredentialPOST /api/v1/credentials/verify
get_reputationGet an agent's reputation scoreGET /api/v1/agents/{slug}/reputation

The tool schemas are published via list_tools() so any MCP-aware agent can discover them at connection time.

Install

pip install aira-sdk[mcp]

The package installs an aira-mcp console script that runs the server over stdio — the standard MCP transport for local agents.

npm install aira-sdk
# peer dep
npm install @modelcontextprotocol/sdk

Run the server (Python)

export AIRA_API_KEY=aira_live_...
aira-mcp

The server speaks MCP over stdio. Configure your MCP host (Claude Desktop, custom host, etc.) to launch this command.

Claude Desktop config

{
  "mcpServers": {
    "aira": {
      "command": "aira-mcp",
      "env": {
        "AIRA_API_KEY": "aira_live_..."
      }
    }
  }
}

Restart Claude Desktop and the Aira tools will appear in the tool picker.

Example: an MCP-aware agent calling Aira

Once the server is running, an MCP host can call the tools the same way it would call any other MCP tool:

MCP tool call
{
  "name": "authorize_action",
  "arguments": {
    "action_type": "wire_transfer",
    "details": "Send €75,000 to vendor-x",
    "agent_id": "payments-agent"
  }
}

The server returns the JSON-serialized Authorization object. The host is responsible for checking status, performing the side effect if authorized, and then calling notarize_action with the returned action_uuid.

What happens when a policy denies

  • The MCP host calls authorize_action with the action details.
  • The server calls the real aira.authorize().
  • If the policy engine denies, the server returns {"error": "<message>", "code": "POLICY_DENIED"} as the tool result.
  • The host sees the error and reacts — typically by not performing the side effect.

The server cannot enforce the gate on the host side. If a misbehaving host performs the side effect regardless of the tool result, the server has no way to stop it. That's why this is classified as adapter — the gate depends on the host honoring the contract.

When to use this vs the other integrations

Use the MCP server when...Use a native integration when...
Your agent speaks MCP natively (Claude Desktop, custom MCP host)You're writing Python/TypeScript code directly against LangChain/Vercel AI/OpenAI Agents
You want Aira available as a tool the model can call explicitlyYou want an implicit pre-execution gate the agent code doesn't have to know about
You want a quick way to expose Aira to ANY MCP-aware toolYou can modify the agent code to import from aira.extras

Known limits

  • Not a gate from the server side. See above.
  • stdio transport only. The default server runs over stdio (standard input/output), which is what MCP hosts like Claude Desktop use. For network transport you'll need to roll your own Server host — not hard, 5 lines of FastAPI or similar.
  • API key lives in the server environment. The server process has the Aira API key; MCP hosts don't see it. This is usually what you want — keep the key out of the agent's context — but it means one server process per Aira org.

Proof it works

CrewAI

CrewAI integration is audit-only because CrewAI has no pre-execution hook. For real gating, call aira.authorize() inline inside your tool bodies.

Content Scan Policies

Regex pattern libraries that catch PII, leaked credentials, and prompt injection attempts before the action executes. No LLM call, no extra latency.

On this page

What this integration actually doesExposed toolsInstallRun the server (Python)Claude Desktop configExample: an MCP-aware agent calling AiraWhat happens when a policy deniesWhen to use this vs the other integrationsKnown limitsProof it worksRelated