All MCP tools require a valid OAuth 2.1 token with the appropriate scope. Scopes are requested at authorization time; the MCP edge rejects requests that carry insufficient permissions before they reach the API. Rails re-enforces authorization server-side — scope grants at the edge are never the sole enforcement point.
Scopes
| Scope | Grants |
|---|---|
mcp:read:posture | Read access to frameworks, controls, policies, evidence, vendors, reports, tasks, and compliance posture summaries. No write operations. |
mcp:write:evidence | Submit new evidence items and map evidence to controls. Evidence lands in a pending state and requires human approval before affecting posture. |
mcp:write:tasks | Create tasks, update task status, and add comments. Task changes are visible immediately to the team. |
mcp:write:answers | Submit answers to questionnaire questions. Answers land as drafts and require human review before publication. |
Read tools
All read tools require mcp:read:posture.
| Tool | Scope | What it does |
|---|---|---|
list_frameworks | mcp:read:posture | Returns all frameworks active in your workspace (SOC 2, ISO 27001, HIPAA, etc.). |
get_framework | mcp:read:posture | Returns a single framework with its control summary and coverage metrics. |
list_controls | mcp:read:posture | Returns controls for a given framework, with status (effective, gap, pending review). |
get_control | mcp:read:posture | Returns a single control with its linked policies and evidence items. |
list_policies | mcp:read:posture | Returns policies in your workspace, with approval status and version history. |
get_policy | mcp:read:posture | Returns the full text of a policy version, including inline source citations. |
list_evidence | mcp:read:posture | Returns evidence items, filterable by control, status, or source system. |
get_evidence_status | mcp:read:posture | Returns the review status and metadata for a specific evidence item. |
list_vendors | mcp:read:posture | Returns sub-processors and vendors tracked in your workspace. |
get_vendor_risk | mcp:read:posture | Returns the risk profile and review status for a specific vendor. |
get_compliance_posture | mcp:read:posture | Returns a top-level summary of your posture across all active frameworks. |
list_gaps | mcp:read:posture | Returns controls with open gaps — missing evidence, expired artifacts, or unresolved divergences. |
get_audit_readiness | mcp:read:posture | Returns an audit-readiness score and a prioritized list of items to resolve before an audit. |
list_tasks | mcp:read:posture | Returns open tasks in your workspace, filterable by assignee, status, or framework. |
Resource
equanimgrc://framework/{slug}/controls — read the full control list for a framework as a structured resource rather than via a tool call. Requires mcp:read:posture.
Write tools
| Tool | Scope | What it does |
|---|---|---|
submit_evidence | mcp:write:evidence | Submits a new evidence item. Accepts a control ID, source system label, file name, and base64-encoded content. Content is hashed on arrival for deduplication. Evidence lands in a pending state and requires human approval. |
map_evidence_to_control | mcp:write:evidence | Maps an existing approved evidence item to an additional control. Useful when one artifact satisfies multiple controls across frameworks. |
create_task | mcp:write:tasks | Creates a new task in the workspace, optionally linked to a control or gap. |
update_task | mcp:write:tasks | Updates the status or details of an existing task. |
comment_task | mcp:write:tasks | Adds a comment to a task. Comments are attributed to the agent or user that submitted them. |
answer_question | mcp:write:answers | Submits an answer to a questionnaire question. Answers land as drafts; a human must review and approve before the answer is published. |
Security model
Scopes are enforced at the MCP edge and re-enforced server-side by the Rails API. A token with onlymcp:read:posture cannot call any write tool regardless of how the request is constructed — the API layer rejects it independently of the edge check.
No destructive operations (delete, overwrite, publish) are exposed via MCP. Write tools create or update records in ways that always land in a human-review queue first. Per-agent rate limits apply to all write operations.