The iTechSmart UAIO MCP server at https://mcp.itechsmart.dev exposes the autonomous operations platform to AI agents over the Model Context Protocol — 66 tools, Bearer authentication, per-key scopes, rate limiting, and a ProofLink receipt sealed for governed actions. It also speaks the Linux Foundation A2A (Agent-to-Agent) protocol on the same surface.
Live server status (from GET /health, 2026-07-01):
{
"status": "ok",
"service": "itechsmart-uaio-mcp",
"version": "2.2.0",
"transport": "http+sse",
"tools": 66,
"auth_required": true,
"rate_limit_per_min": 60,
"rate_limit_simulate_per_min": 10
}
Endpoints
| Method | Path | Auth | Purpose |
|---|
| GET | /health | No | Server status, tool count, session count |
| GET | /mcp/tools | No | Machine-readable tool registry (JSON) |
| GET | /sse | Yes | MCP SSE transport — connect here |
| POST | /messages | Yes | MCP message channel for SSE sessions |
| GET | /.well-known/agent.json | No | A2A agent card |
| POST | /a2a | Yes | A2A JSON-RPC (message/send) |
Authentication is a Bearer API key (or ?api_key= query parameter), validated at connect time and fail-closed. Keys carry scopes — full keys reach all 66 tools; read-only audit keys are limited to the prooflink.*, mission.* and compliance.* tools. Rate limits: 60 req/min (10/min for simulate_infrastructure_attack). To get a key: [email protected]. Details on the Authentication page.
Connect: Claude Code
claude mcp add --transport sse itechsmart https://mcp.itechsmart.dev/sse --header "Authorization: Bearer YOUR_MCP_KEY"
Then run claude and the itechsmart tools appear automatically (e.g. query_uaio_status, verify_prooflink_receipt). Remove with claude mcp remove itechsmart.
Connect: Cursor
Add to .cursor/mcp.json (project) or ~/.cursor/mcp.json (global):
{
"mcpServers": {
"itechsmart": {
"url": "https://mcp.itechsmart.dev/sse",
"headers": { "Authorization": "Bearer YOUR_MCP_KEY" }
}
}
}
Connect: any SSE / HTTP client
The server implements the standard MCP SSE transport. Open the event stream, read the endpoint event to learn your session’s message URL, then POST JSON-RPC MCP messages to it:
# 1) open the SSE stream (keep it open)
curl -N -H "Authorization: Bearer YOUR_MCP_KEY" https://mcp.itechsmart.dev/sse
# → event: endpoint
# data: /messages?sessionId=<id>
# 2) in another shell, list tools over the session channel
curl -X POST "https://mcp.itechsmart.dev/messages?sessionId=<id>" \
-H "Authorization: Bearer YOUR_MCP_KEY" -H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
# 3) call a tool
curl -X POST "https://mcp.itechsmart.dev/messages?sessionId=<id>" \
-H "Authorization: Bearer YOUR_MCP_KEY" -H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"query_uaio_status","arguments":{}}}'
# tool results arrive as events on the SSE stream from step 1
The full tool registry with input schemas is machine-readable at mcp.itechsmart.dev/mcp/tools (no auth).
A2A protocol (agent-to-agent)
The same governed surface is exposed over A2A. The public agent card describes the interface:
curl https://mcp.itechsmart.dev/.well-known/agent.json
{
"protocolVersion": "0.3.0",
"name": "iTechSmart UAIO Agent",
"url": "https://mcp.itechsmart.dev/a2a",
"preferredTransport": "JSONRPC",
"version": "2.2.0",
"provider": {"organization": "iTechSmart", "url": "https://itechsmart.dev"},
"documentationUrl": "https://mcp.itechsmart.dev/mcp/tools",
"securitySchemes": {"bearer": {"type": "http", "scheme": "bearer",
"description": "iTechSmart MCP API key as Bearer token"}}
}
Send messages with JSON-RPC message/send (same Bearer key). Plain-text parts route to the OctoAI reasoning pipeline; a structured DataPart invokes a named skill (the same skills as the MCP tools):
curl -X POST https://mcp.itechsmart.dev/a2a \
-H "Authorization: Bearer YOUR_MCP_KEY" -H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0", "id": 1, "method": "message/send",
"params": {"message": {"role": "user", "kind": "message", "messageId": "m1",
"parts": [{"kind": "text", "text": "What is the current UAIO platform status?"}]}}
}'
Grouped by capability. Names and descriptions come from the server’s live tool registry (v2.2.0); input schemas for each are at /mcp/tools.
| Tool | Description |
|---|
verify_prooflink_receipt | Verify the cryptographic integrity of a ProofLink receipt from iTechSmart's autonomous IT operations platform. |
get_receipt_chain | Fetch and verify the complete ProofLink receipt chain from iTechSmart's production ledger. |
prooflink.verify_chain | Read-only audit scope: verify the ProofLink receipt chain for EU AI Act Article 12, CISO, and auditor workflows. |
prooflink.verify_receipt | Read-only audit scope: verify one ProofLink receipt by ID without granting mutation rights. |
prooflink.search_receipts | Read-only audit scope: search recent ProofLink receipts for ledger-backed post-hoc reconstruction. |
| Tool | Description |
|---|
mission.list_incidents | Read-only mission scope: list recent autonomous IT incidents for audit and operations review. |
mission.cluster_health | Read-only mission scope: return live cluster health without granting execution or remediation rights. |
compliance.audit_summary | Read-only compliance scope: return the live compliance audit summary for CISO/auditor review. |
| Tool | Description |
|---|
query_uaio_status | Get the current operational status of the iTechSmart UAIO (Unified Autonomous IT Operations) platform. |
get_platform_briefing | Get a full real-time platform health briefing for the iTechSmart UAIO platform. |
list_recent_incidents | List recent autonomous IT remediation incidents from the iTechSmart UAIO platform. |
get_incident_details | Fetch details of a specific autonomous remediation incident including the ProofLink receipt, remediation actions taken, before/after system state, time to detect, time to remediate, and NIST contro... |
simulate_infrastructure_attack | Trigger a simulated infrastructure attack on the iTechSmart break-it sandbox to demonstrate the UAIO autonomous loop. |
dispatch_ag2_incident | Dispatch an IT incident to the iTechSmart AG2 6-agent GroupChat for autonomous diagnosis. |
invoke_octoai_pipeline | Invoke the OctoAI 7-node cognitive pipeline with a free-form prompt. |
search_platform_logs | Search live systemd journal logs for any iTechSmart service. |
| Tool | Description |
|---|
get_sie_queue | Retrieve the current SIE (Self-Improving Engine) security finding queue. |
approve_sie_finding | Approve a specific SIE (Self-Improving Engine) security finding by queue index. |
trigger_sie_scan | Kick off a fresh SIE (Self-Improving Engine) scan of the iTechSmart platform. |
get_iself_journal | Retrieve the iSELF (Self-Healing Loop Framework) healing history. |
| Tool | Description |
|---|
get_compliance_status | Get live compliance scores for the iTechSmart platform. |
probo_health | Check Probo compliance platform health. |
probo_controls | List all Probo compliance controls with status, category, and description (SOC2/EU AI Act). |
probo_risks | List all Probo compliance risks with severity level and status. |
probo_summary | Get Probo compliance aggregate summary: control pass/fail, risk high/medium/low, and task open/done counts. |
| Tool | Description |
|---|
integration_status | Parallel health check across all wired integrations: Langfuse, RAGflow, Shuffle, Tactical RMM, MeshCentral, and Probo compliance. |
langfuse_health | Check Langfuse LLM observability platform health. |
langfuse_trace | Create a Langfuse trace to log an LLM interaction (input, output, model, metadata). |
ragflow_health | Check RAGflow RAG platform health. |
ragflow_query | Query the RAGflow knowledge base with a natural-language question. |
shuffle_health | Check Shuffle SOAR platform health. |
shuffle_trigger | Trigger a Shuffle SOAR workflow by workflow ID with an optional request body. |
| Tool | Description |
|---|
trmm_health | Check Tactical RMM health. |
trmm_agents | List all Tactical RMM managed agents with status, OS, site, and last-seen info. |
trmm_summary | Get Tactical RMM agent summary: total, online, offline, overdue counts, and site list. |
trmm_run_script | Run a saved script on a Tactical RMM agent by agent ID and script ID. |
mesh_health | Check MeshCentral remote device management health. |
mesh_devices | List all devices enrolled in MeshCentral with hostname, OS, connectivity, and group info. |
| Tool | Description |
|---|
get_learning_queue | Get patterns pending human approval from Learning Arbiter (Tier 2 items, score 50-85). |
approve_learning_item | Approve a Tier 2 learning pattern for promotion to Agent Brain. |
get_learning_metrics | Get Learning Arbiter cycle metrics: processed, promoted, rejected, known patterns. |
| Tool | Description |
|---|
ghl_create_contact | Create a contact in GoHighLevel CRM. |
ghl_update_contact | Update GHL contact fields. |
ghl_send_email | Send email to GHL contact via Judge gate (held if flagged). |
ghl_trigger_workflow | Trigger a GHL workflow for a contact. |
ghl_book_appointment | Book a calendar appointment for a GHL contact. |
ghl_move_pipeline | Move a GHL opportunity to a new pipeline stage. |
| Tool | Description |
|---|
deepgram_tts | Convert text to speech via Deepgram Aura (aura-asteria-en). |
deepgram_transcribe | Transcribe audio from URL or file path using Deepgram Nova-2. |
deepgram_blog_audio | Generate MP3 audio version of a blog post via Deepgram TTS. |
| Tool | Description |
|---|
itsm_create_ticket | Create an ITSM ticket for an incident. |
itsm_get_ticket | Retrieve a single ITSM ticket by ID, including embedded ProofLink receipt if sealed. |
itsm_list_tickets | List ITSM tickets. |
itsm_close_ticket | Close and resolve an ITSM ticket with a resolution note. |
itsm_run_loop | Trigger the full 6-step ITSM ProofLink loop: DETECT -> TICKET -> DIAGNOSE -> REMEDIATE -> VERIFY -> CLOSE+SEAL. |
itsm_run_test | Inject a synthetic test incident through the full ITSM ProofLink loop. |
itsm_get_mttr_stats | Get Mean Time To Remediate (MTTR) statistics from resolved ITSM tickets. |
itsm_embed_receipt | Embed a ProofLink SHA-256 receipt directly inside an existing ITSM ticket body. |
itsm_verify_receipt | Verify the ProofLink receipt embedded in an ITSM ticket. |
itsm_list_open_incidents | List all currently open incidents (ITSM tickets with status=open), sorted by severity. |
itsm_get_incident_timeline | Get the full lifecycle timeline of an incident: detected, ticketed, diagnosed, remediated, verified, sealed. |
itsm_trigger_detection | Run all 5 incident detectors (iSELF, Prometheus, Wazuh, NetworkScanner, OctoAI) and return raw findings without creating tickets. |
itsm_get_detection_sources | Return status and last-scan results for all 5 ITSM incident detection sources. |
itsm_get_remediation_history | Get the history of all auto-remediation actions, with MTTR and success rate. |
itsm_register_webhook | Register a webhook URL to receive real-time ITSM ticket state changes (OPENED, UPDATED, RESOLVED). |
itsm_dashboard_summary | Get the ITSM dashboard summary: open count, resolved today, avg MTTR, top failing services, and ProofLink sealing rate. |
Governance and receipts
Mutating tools are mediated by the Arbiter constitutional governance engine, and governed actions seal SHA-256 ProofLink receipts to the public ledger — verify any of them at verify.itechsmart.dev or programmatically via the ProofLink API. Audit-scope keys let a CISO or external auditor use the prooflink.* / mission.* / compliance.* tools without any mutation rights.