Human-in-the-loop use of the MCP server covers read access and ad-hoc writes. For continuous evidence collection — pulling artifacts from AWS, GitHub, Okta, or any system your team operates — EquanimGRC supports dedicated machine agents that run on a schedule and push evidence automatically.
Machine agents and client credentials
Machine agents authenticate using OAuth 2.1 client credentials — no browser flow, no interactive consent. Each agent runs as a registered service account (an evidence_agent client type) in your Authentik instance. Service accounts are scoped at registration time to exactly the permissions they need and nothing more. A secrets-collection agent gets mcp:write:evidence; it cannot create tasks or answer questionnaires.
Per-tenant isolation applies to service accounts the same way it applies to human tokens. An agent registered to your organization cannot read or write to another tenant's data.
The evidence submission flow
- Collect near your systems. The agent runs inside your infrastructure or CI/CD pipeline and collects the artifact directly — an IAM policy export, a log snapshot, a configuration dump. No intermediate storage in EquanimGRC's infrastructure before submission.
- Push with a content hash. The agent calls
submit_evidencewith the control ID, source system label, file name, and the file content encoded as base64. EquanimGRC computes a content-addressed hash on arrival. - Idempotent deduplication. If the same artifact has already been submitted (identical content hash, same control), the server returns the existing record rather than creating a duplicate. Agents can re-run safely on a schedule without bloating evidence queues.
- Lands pending review. New evidence enters a
pendingstate. It is visible in the workspace evidence queue immediately, but it does not yet count toward control effectiveness. - Human approves. A reviewer with the appropriate role inspects the artifact, confirms it supports the control, and approves. Only then does the evidence affect posture. No agent action — however many times it submits — bypasses this step.
Mapping across controls
Once an evidence item is approved, map_evidence_to_control can link it to additional controls across frameworks. A single IAM policy export can satisfy SOC 2 CC6.1, ISO 27001 A.8.1, and NIST AC-2 without re-submitting the file. Mapping is idempotent — calling it twice for the same evidence-control pair has no effect.
Illustrative snippet
// illustrative — exact shape may differ
submit_evidence({
control_id: "CC6.1",
source_system: "aws",
file_name: "iam-policy.json",
content_base64: "…"
})
→ { status: "pending", deduplicated: false }When the same content is submitted again: { status: "pending", deduplicated: true } — the existing record is returned and no duplicate is created.
Security guarantees
- No destructive operations. Agents can submit and map evidence; they cannot delete, overwrite approved items, or directly modify posture.
- Pending-by-default. All agent-submitted evidence lands in a review queue. Posture is never affected by agent action alone.
- Attribution. Every submitted item records the service account that submitted it, the submission timestamp, and the source system label. The audit trail distinguishes agent submissions from human uploads.
- Rate limits. Per-agent rate limits apply to all write operations. High-frequency agents that exceed the limit receive a structured error response and can back off gracefully.
- Tenant isolation. Service account tokens are scoped to a single tenant at the authorization server. Cross-tenant access is not possible regardless of what the agent requests.
Going further
Evidence submission can be expressed declaratively — see Evidence-as-codefor version-controlled collectors that run on a schedule and submit through the same primitive. Questionnaire answering follows the same model — see Your agent, your answersfor how your agent drafts answers from your own document collection.
Early access
Machine agent registration is available to early-access customers. Request access to get started.