Reference

MCP Registry

The Model Context Protocol (MCP) Registry manages tools that your agent can call. Orithos scans test these tools for security vulnerabilities.

Registering tools

Each MCP tool has a name, description, input schema (JSON Schema), and risk level. Tools are registered via the API and can be assigned to agents.

Register an MCP tool
curl -X POST https://api.orithos.dev/v1/mcp/tools   -H "Authorization: Bearer {api_key}"   -H "Content-Type: application/json"   -d '{
  "name": "execute_sql",
  "description": "Run a SQL query against the database",
  "input_schema": {
    "type": "object",
    "properties": {
      "query": { "type": "string" }
    },
    "required": ["query"]
  },
  "risk_level": "critical"
}'

JSON-RPC 2.0

MCP tools communicate via JSON-RPC 2.0 protocol. Each tool call is a JSON-RPC request with method, params, and id fields. Responses include result or error with standard JSON-RPC error codes.

Rate limiting

MCP tool calls are rate-limited to 120 requests per minute per agent. Rate limit headers are included in every response. Exceeding the limit returns a 429 status with a Retry-After header.

Input validation

All tool inputs are validated against their registered JSON Schema before execution. Invalid inputs receive a detailed validation error identifying the specific field and constraint violation. This prevents injection attacks at the schema level.