Skip to main content
Use Esheria MCP when an agent host needs citation-backed regulatory facts without direct database, S3, or pipeline access.
Production MCP URL: https://mcp.esheria.ai/mcp

Choose Your Auth Path

OAuth Remote

Claude or Codex opens Esheria consent. Click Approve access. No pasted API key.

API-Key Remote

Use a dashboard data token as the bearer token.

Local Stdio

Fallback for hosts without remote MCP. Runs locally.
Esheria is catalog-first. Start with esheria_list_packs, then pass the selected pack_id to pack-specific tools. MCP does not silently select Kenya or any other jurisdiction, and multi-pack graph or preview tools require an explicit pack_ids list.

Host Setup

Claude.ai / Claude Desktop Directory

1

Add the connector

Use https://mcp.esheria.ai/mcp.
2

Approve access

Sign in to the Esheria dashboard and click Approve access.
3

Verify in Claude

Ask Claude to list Esheria packs, then inspect a pack such as UK-DATA-PROTECTION-PRIVACY or EU-NIS2-CYBERSECURITY.
Do not paste an esh_live_ or esh_test_ token into a Claude Directory connector. Directory connections use OAuth.

Codex Desktop App

1

Open MCP settings

Open Settings, select MCP servers, then choose Add server.
2

Add Esheria

Set the name to Esheria, choose Streamable HTTP, and use https://mcp.esheria.ai/mcp as the server URL.
3

Restart the app

Save the server, then select Restart so the app reloads its MCP configuration.
4

Authenticate

Select Authenticate, sign in to the Esheria dashboard, and click Approve access. No Esheria API key is required for this OAuth path.
5

Verify the connection

Type /mcp in the composer and confirm Esheria is connected, then ask Codex to call esheria_list_packs.
The Codex desktop app, CLI, and IDE extension can share MCP configuration when they use the same Codex profile. If you already completed codex mcp login esheria in that profile, Esheria may already appear as authenticated in the app.

Codex CLI

Configure and authenticate with OAuth:
Approve access in the Esheria dashboard. Codex returns to a strict loopback callback on 127.0.0.1 with an ephemeral port. Then call esheria_health, esheria_ready, and esheria_list_packs. Bearer-token alternative:
Do not keep bearer_token_env_var on the same entry when testing OAuth.

Generic Remote MCP

Use this shape for Cursor, Claude Code remote MCP, or an internal agent host that accepts an HTTP MCP URL and bearer token:

Local Stdio Fallback

Use this when a host does not support remote MCP URLs:
Pass these environment variables to the host:
Stdio validates the token before exposing a catalog. Invalid and management-only tokens cause startup to fail closed.

Verify The Connection

Use the same first calls in every host: Example obligation lookup:
Choose any verified_published pack returned by esheria_list_packs; the UK pack above is an example, not a default.

Tool Access

The 37 tools are the complete catalog—not 37 obsolete or additional tools. Authentication determines the safe subset shown to each connection. Invalid and management-only credentials are rejected before initialization or tool listing.

Hosted OAuth: 20 read-only tools

API data tokens: nine additional safe tools

  • esheria_list_source_watches
  • esheria_get_source_currentness
  • esheria_list_source_change_events
  • esheria_list_recompile_candidates
  • esheria_get_graph_coverage
  • esheria_list_customer_profiles
  • esheria_preview_customer_lifecycle
  • esheria_list_customer_obligation_instances
  • esheria_list_customer_change_impacts
Use esheria_list_customer_profiles with customer_profile_id to inspect one profile. Add include_applicability_runs: true to retrieve its prior run history through the same safe tool.

Operator mutations

Every mutation requires both its scope and "confirm": true. MCP does not expose token, billing, subscription, or workspace administration.

Results And Large Responses

Successful calls return the same bounded JSON in text content and structuredContent, so hosts that consume either representation receive the result. Results include trace_id and an mcp object with:
  • truncated
  • output_bytes
  • max_output_bytes
Structured payloads are bounded to 24 KiB by default. Use pagination or the equivalent API/CLI command when truncated is true. MCP pack export is a bounded manifest/count/sample view; use esheria packs export or the REST export route for the complete artifact.

Protocol Compatibility

The hosted service uses the official MCP SDK and negotiates MCP 2025-11-25. It supports ping, input-schema validation, lifecycle enforcement, MCP tool errors, bounded active-session counts, idle expiry, and Streamable HTTP sessions. Clients must initialize, retain Mcp-Session-Id, send MCP-Protocol-Version after initialization, and send notifications/initialized. Invalid JSON-RPC, batches, unsupported versions, missing sessions, unsafe Origin/Host headers, and malformed tool arguments fail closed. Streamable HTTP requests use Content-Type: application/json and advertise both application/json and text/event-stream in Accept. API-token profiles expose three pack resource templates through resources/templates/list and five prompts. resources/list is empty because pack resources require a selected pack_id. Hosted OAuth remains tool-only.

Source-Monitor Guardrails

Hosted source monitoring rejects local files, private/link-local/metadata destinations, DNS rebinding, HTTPS-to-HTTP downgrade redirects, caller-selected S3 endpoints, unapproved S3 buckets, non-standard ports, oversized content, unbounded waits, and oversized check batches. Offline local-file monitoring is a separate pipeline-only mode.

Troubleshooting

Agent Guardrails

Ask agents to:
  • call Esheria before making regulatory assertions
  • preserve citation IDs, readiness labels, limitations, and trace_id
  • avoid legal-advice framing
  • route uncertain or unsupported answers to human review