# AgentOS MCP Server
> [!IMPORTANT]
> **Public Preview** โ This npm package is a Microsoft-signed public preview release.
> APIs may change before GA.
> **Build safe AI agents with natural language and 0% policy violations**
[](https://www.npmjs.com/package/agentos-mcp-server)
[](https://registry.modelcontextprotocol.io/)
[](https://opensource.org/licenses/MIT)
**Part of [Agent OS](https://github.com/microsoft/agent-governance-toolkit)** - Kernel-level governance for AI agents
## ๐ Quick Install
```bash
npx agentos-mcp-server
```
**npm:** [`agentos-mcp-server`](https://www.npmjs.com/package/agentos-mcp-server)
**MCP Registry:** `io.github.microsoft/agentos`
## Overview
AgentOS MCP Server brings the complete Agent OS safety framework to any MCP-compatible AI assistant including **Claude Desktop**, **GitHub Copilot**, **Cursor**, and more. Create, deploy, and manage policy-compliant autonomous agents through natural conversation.
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Claude Desktop / Copilot / Cursor โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ "Create an agent that..." โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ MCP Protocol
โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโ
โ ๐ก๏ธ AgentOS MCP Server โ
โ โ
โ โข 10 Tools โ
โ โข Policy Engine โ
โ โข Approval Workflows โ
โ โข Audit Logging โ
โ โข Template Library โ
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโ
โ โ โ
โโโโโโโผโโโโโโ โโโโโโโโผโโโโโโโ โโโโโโโผโโโโโโ
โ Agents โ โ Policies โ โ Audit โ
โ (Local) โ โ (Enforced) โ โ (Logged) โ
โโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโ
```
## โจ Features
### ๐ค Natural Language Agent Creation
```
User: Create an agent that processes customer feedback from support emails daily
Claude: โ
Agent Created Successfully!
Agent: customer-feedback-processor
โ
Data Source: Email inbox via IMAP
โ
Processing: Sentiment analysis + categorization
โ
Output: Daily summary to Slack
โ
Schedule: Every day at 9 AM
Safety Policies Applied:
๐ก๏ธ PII Protection: Customer emails/names anonymized
๐ก๏ธ Rate Limiting: Max 1000 emails per run
๐ก๏ธ Human Review: Negative sentiment cases flagged
```
### ๐ก๏ธ Policy Enforcement with 0% Violations
- 6 built-in policies (PII, rate-limiting, cost-control, data-deletion, secrets, human-review)
- Real-time policy evaluation
- Automatic blocking of violations
- Clear explanations and alternatives
### โ
Human-in-the-Loop Approval Workflows
- Risk-based approval requirements
- Multi-party approval for critical actions
- Email/Slack notifications
- Expiration handling
### ๐ Complete Audit Trail
- Every action logged immutably
- Policy evaluations recorded
- Compliance report generation
- Export for auditors
### ๐ Template Library
- 10+ agent templates (data processor, email assistant, backup, scraper, etc.)
- 6+ policy templates (GDPR, SOC 2, HIPAA, PCI DSS, etc.)
- Industry-specific compliance frameworks
### ๐๏ธ Compliance Ready
- **SOC 2** - Security & availability controls
- **GDPR** - EU data protection
- **HIPAA** - Healthcare data privacy
- **PCI DSS** - Payment card security
- **CCPA** - California privacy
- **NIST** - Cybersecurity framework
- **ISO 27001** - Information security
- **FedRAMP** - Federal authorization
## ๐ Quick Start
### Step 1: Configure Claude Desktop
Add to your `claude_desktop_config.json`:
**Windows:** `%APPDATA%\Claude\claude_desktop_config.json`
**macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
**Linux:** `~/.config/Claude/claude_desktop_config.json`
```json
{
"mcpServers": {
"agentos": {
"command": "npx",
"args": ["-y", "agentos-mcp-server"],
"env": {
"AGENTOS_POLICY_MODE": "strict"
}
}
}
}
```
### Step 2: Restart Claude Desktop
Close and reopen Claude Desktop to load the MCP server.
### Step 3: Start Building Agents!
Just ask Claude naturally:
```
"Create an agent that backs up my Documents folder to Google Drive every night"
```
Claude will:
1. Create the agent with appropriate configuration
2. Suggest safety policies based on the task
3. Let you test before deployment
4. Deploy with monitoring enabled
## ๐ฌ Example Conversations
### Creating a Data Processing Agent
```
User: I need an agent that processes customer feedback from support emails daily
Claude: โ
Agent Created Successfully!
Agent: customer-feedback-processor
ID: a1b2c3d4-e5f6-7890-abcd-ef1234567890
Status: draft
Language: python
Task:
Process customer feedback from support emails daily
Workflow Steps:
1. connect_email: email.connect
2. process_data: execute
3. output_results: output
Safety Policies Applied:
๐ก๏ธ PII Protection: Customer emails/names anonymized
๐ก๏ธ Rate Limiting: Max 1000 emails per run
๐ก๏ธ Human Review: Negative sentiment cases flagged
Next Steps:
1. Use `test_agent` to run a dry-run test
2. Use `attach_policy` to add more safety policies
3. Use `deploy_agent` when ready to run
```
### Testing Before Deployment
```
User: Test this agent with a scenario of processing 100 emails
Claude: โ
Test PASSED
Agent: customer-feedback-processor
Scenario: Process 100 customer emails
Mode: Dry Run (no changes)
Configuration Check: โ
Valid
Workflow Check: โ
Valid (3 steps)
Policy Evaluation: โ
No violations detected
Warnings:
โ ๏ธ PII access logged
Resource Estimates:
- Duration: ~30 seconds
- Cost: $0.05
Next Step: Use `deploy_agent` to deploy this agent.
```
### Checking Compliance
```
User: Check if this agent is SOC 2 compliant
Claude: # Compliance Report: SOC2
Agent: customer-feedback-processor
Framework: SOC2
Date: 2026-01-30
## Summary
โ
COMPLIANT
Score: 100% (4/4 controls passed)
## Control Assessment
โ
CC6.1: Logical Access Controls
Restrict logical access to information assets
Evidence: Policy enforcement enabled, Access logging active
โ
CC6.6: Security Event Monitoring
Detect and respond to security events
Evidence: Audit logging enabled, Event timestamps recorded
โ
CC7.2: Incident Response
Respond to security incidents
Evidence: Human review enabled, Escalation procedures in place
โ
CC8.1: Change Management
Manage changes to system components
Evidence: Deployment approval required, Version control enabled
```
### Creating Custom Policies
```
User: Create a policy that blocks access to customer credit card data
Claude: โ
Custom Policy Created
Policy: Block Access To Customer
ID: custom-a1b2c3d4
Category: security
Description:
Block access to customer credit card data
Rules Generated (1):
๐ custom_block_rule [high]
Block actions based on: block access to customer credit card data
Action: deny
Usage:
1. Attach to agent: `attach_policy` with policyId "custom-a1b2c3d4"
2. Test enforcement: `test_agent` with policy scenarios
3. View active policies: `get_agent_status`
```
## ๐ง Available Tools
| Tool | Description |
|------|-------------|
| `create_agent` | Create agent from natural language description |
| `attach_policy` | Attach safety policies to agents |
| `test_agent` | Dry-run test before deployment |
| `deploy_agent` | Deploy agent locally or to cloud |
| `get_agent_status` | Get agent status and metrics |
| `list_templates` | Browse agent and policy templates |
| `request_approval` | Create approval request for sensitive actions |
| `audit_log` | Query audit trail |
| `create_policy` | Create custom policy from description |
| `check_compliance` | Check against compliance frameworks |
### Tool Details
#### `create_agent`
Create a new AI agent from a natural language description with automatic policy recommendations.
**Parameters:**
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| `description` | string | โ
| Natural language description of agent task |
| `policies` | string[] | | Policy templates to apply |
| `approvalRequired` | boolean | | Require human approval before execution |
| `language` | string | | `python`, `typescript`, `javascript`, `go` |
| `schedule` | string | | Cron schedule for recurring execution |
#### `attach_policy`
Attach safety policies to an agent with conflict detection.
**Parameters:**
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| `agentId` | string | โ
| Agent ID to attach policy to |
| `policyId` | string | โ
| Policy template ID |
| `customRules` | object[] | | Additional custom rules |
#### `test_agent`
Run a dry-run test with simulated scenarios.
**Parameters:**
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| `agentId` | string | โ
| Agent ID to test |
| `scenario` | string | โ
| Test scenario description |
| `mockData` | object | | Mock data for testing |
| `dryRun` | boolean | | Run without side effects (default: true) |
#### `deploy_agent`
Deploy an agent to local or cloud environment.
**Parameters:**
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| `agentId` | string | โ
| Agent ID to deploy |
| `environment` | string | | `local` or `cloud` |
| `autoStart` | boolean | | Start immediately after deployment |
#### `check_compliance`
Check an agent against regulatory frameworks.
**Parameters:**
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| `agentId` | string | โ
| Agent ID to check |
| `framework` | string | โ
| `SOC2`, `GDPR`, `HIPAA`, `PCI_DSS`, `CCPA`, `NIST`, `ISO27001`, `FEDRAMP` |
| `generateReport` | boolean | | Generate detailed report |
## ๐ Policy Templates
### Built-in Security Policies
| Policy ID | Name | Description |
|-----------|------|-------------|
| `pii-protection` | PII Protection | Protects personally identifiable information (GDPR) |
| `rate-limiting` | Rate Limiting | Prevents resource abuse through rate limits |
| `cost-control` | Cost Control | Prevents runaway costs from automation |
| `data-deletion` | Data Deletion Safety | Prevents accidental data loss |
| `secrets-protection` | Secrets Protection | Prevents exposure of credentials |
| `human-review` | Human Review Required | Requires approval for sensitive actions |
### Compliance Templates
| Template ID | Framework | Description |
|-------------|-----------|-------------|
| `gdpr-compliance` | GDPR | EU General Data Protection Regulation |
| `soc2-security` | SOC 2 | SOC 2 Type II security controls |
| `hipaa-healthcare` | HIPAA | Healthcare data privacy (PHI protection) |
| `pci-dss-payments` | PCI DSS | Payment card data security |
| `read-only-access` | Security | Restricts database to read-only |
| `production-safety` | Operations | Extra safeguards for production |
## ๐ค Agent Templates
### Data Processing
| Template | Description | Default Policies |
|----------|-------------|------------------|
| `data-processor` | Processes and transforms data files | rate-limiting, cost-control |
| `web-scraper` | Scrapes websites for data collection | rate-limiting, cost-control |
| `report-generator` | Generates periodic reports | pii-protection, rate-limiting |
### Communication
| Template | Description | Default Policies |
|----------|-------------|------------------|
| `email-assistant` | Monitors and processes emails | pii-protection, human-review |
| `slack-bot` | Automated Slack notifications | human-review, rate-limiting |
### Infrastructure
| Template | Description | Default Policies |
|----------|-------------|------------------|
| `backup-agent` | Backs up files to cloud storage | cost-control |
| `api-monitor` | Monitors API health and performance | rate-limiting |
| `file-organizer` | Organizes files based on rules | data-deletion |
### Analytics
| Template | Description | Default Policies |
|----------|-------------|------------------|
| `database-analyst` | Queries databases and generates reports | data-deletion, pii-protection |
| `content-moderator` | Moderates user-generated content | human-review, pii-protection |
## โ๏ธ Configuration
### Environment Variables
| Variable | Description | Default |
|----------|-------------|---------|
| `AGENTOS_API_KEY` | API key for cloud features | (none) |
| `AGENTOS_POLICY_MODE` | `strict` or `permissive` | `strict` |
| `AGENTOS_DATA_DIR` | Local data directory | `.agentos` |
| `AGENTOS_LOG_LEVEL` | `debug`, `info`, `warn`, `error` | `info` |
### Policy Modes
| Mode | Behavior |
|------|----------|
| **strict** | Any policy violation blocks the action |
| **permissive** | Only critical violations block (warnings logged) |
### Data Storage
All data is stored locally in the `AGENTOS_DATA_DIR`:
```
.agentos/
โโโ agents/ # Agent configurations
โ โโโ {id}.json
โโโ approvals/ # Approval requests
โ โโโ {id}.json
โโโ audit/ # Audit logs (JSONL format)
โโโ {date}.jsonl
```
## ๐๏ธ Architecture
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Claude Desktop โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Claude AI Model โ โ
โ โ Natural language understanding & orchestration โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ MCP Protocol โ
โ โโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ MCP Client โ โ
โ โ Tool discovery & request handling โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ stdio
โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ @agentos/mcp-server (Node.js) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ MCP Server โ โ
โ โ Tool/Resource/Prompt handlers โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โ
โ โ Agent โ โ Policy โ โ Approval โ โ Audit โ โ
โ โ Manager โ โ Engine โ โ Workflow โ โ Logger โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Template Library (50+ templates) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HTTPS (optional)
โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AgentOS Cloud Platform (Future) โ
โ โข Persistent storage โข Multi-tenant โข Enterprise โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
## ๐ Security
| Feature | Description |
|---------|-------------|
| **Policy Enforcement** | All actions validated against policies before execution |
| **Data Redaction** | Sensitive data automatically redacted from logs |
| **Secret Protection** | Secrets never stored in plain text |
| **Audit Trail** | Complete immutable log for compliance |
| **Human Approval** | Required for high-risk operations |
| **Local-First** | All data stored locally by default |
## ๐ป Development
### Local Development
```bash
# Clone the repository
git clone https://github.com/microsoft/agent-governance-toolkit
cd agent-governance-python/agent-os/extensions/mcp-server
# Install dependencies
npm install
# Build
npm run build
# Run in stdio mode (for Claude Desktop)
npm start -- --stdio
# Run in HTTP mode (for development)
npm start -- --http --port 3000
```
### Project Structure
```
agent-governance-python/agent-os/extensions/mcp-server/
โโโ src/
โ โโโ index.ts # Main entry point
โ โโโ cli.ts # CLI with --stdio/--http modes
โ โโโ server.ts # MCP server implementation
โ โโโ tools/ # 10 MCP tools
โ โ โโโ create-agent.ts
โ โ โโโ attach-policy.ts
โ โ โโโ test-agent.ts
โ โ โโโ deploy-agent.ts
โ โ โโโ get-agent-status.ts
โ โ โโโ list-templates.ts
โ โ โโโ request-approval.ts
โ โ โโโ audit-log.ts
โ โ โโโ create-policy.ts
โ โ โโโ check-compliance.ts
โ โโโ services/ # Core business logic
โ โ โโโ agent-manager.ts
โ โ โโโ policy-engine.ts
โ โ โโโ approval-workflow.ts
โ โ โโโ audit-logger.ts
โ โ โโโ template-library.ts
โ โโโ prompts/ # MCP prompts
โ โโโ types/ # TypeScript definitions
โโโ package.json
โโโ tsconfig.json
โโโ README.md
```
### Running Tests
```bash
npm test
npm run test:coverage
```
## ๐ Performance
| Metric | Target |
|--------|--------|
| MCP server startup | <2 seconds |
| Tool response time | <500ms (p95) |
| Memory footprint | <100MB |
| Policy evaluation | <50ms |
## ๐ License
MIT License - see [LICENSE](../../LICENSE).
---
**Build safe AI agents with AgentOS**
[GitHub](https://github.com/microsoft/agent-governance-toolkit) ยท [Documentation](../../docs/) ยท [Report Issue](https://github.com/microsoft/agent-governance-toolkit/issues)
**Made with ๐ก๏ธ by the Agent OS team**