Tegata

Enforceable authorization for MCP tool calls.

Status

Preview (v0.1.0-preview). Core runtime, policy engine, and MCP tool call interception are working and tested. The API is not frozen — breaking changes may ship before the v0.1.0 GA release.

The Problem

MCP tool annotations like readOnlyHint are just hints. Nothing stops a malicious server from declaring readOnlyHint: true and deleting your database. A2A explicitly marks authorization as “implementation-specific.” OWASP, NIST, and CSA all flag this gap, but define no solution.

What Tegata Does

Tegata is a runtime authorization layer for AI agent tool calls:

• Policy-based approval: Define who can do what, with what risk threshold.
• Human-in-the-loop escalation: High-risk actions trigger human review automatically.
• Immutable audit trail: Every decision is logged for compliance and review.
• SDK-first design: Integrate into existing MCP servers with minimal code changes.

Where Tegata Fits

MCP    = Agent ↔ Tool    (Connection)
A2A    = Agent ↔ Agent   (Communication)
Tegata = Approval & Auth (Governance)

Links

• GitHub
• npm

Name Origin

Tegata (手形) — Edo-period travel permits that certified a traveler’s identity and authorized passage through checkpoints. Tegata does the same for AI agents.