Resolve identity
Bind the user, agent identity, session, role and purpose before anything is discoverable.
Kynexa governs which users and agent identities can discover, access and invoke approved MCP servers, tools, and actions: with policy, scoped permissions, approvals and audit.
Reads at source · single-tenant · every policy decision logged.
A four-stage flow. User and agent identities; an approved registry of MCP servers and tools; a policy gate applying scoped credentials, parameter limits and human approval, marking calls Allowed, Denied or Needs-approval; and a tool-call evidence record.
Model Context Protocol expands what agents can do by connecting them to tools and enterprise systems. It also expands the control surface: a discovered tool may expose sensitive data, execute a high-impact action or operate with credentials broader than the initiating user or agent should have.
Kynexa maintains an approved tool and MCP server registry, binds access to user and agent identity, evaluates policy before discovery and invocation and scopes credentials and parameters to the approved purpose. High-impact actions can require human approval. Every call records the tool, arguments, identity, policy decision, result and reason.
Bind the user, agent identity, session, role and purpose before anything is discoverable.
Expose only approved MCP servers, tools, owners, versions, scopes and risk classes.
Decide whether the identity can discover or invoke the tool for the requested purpose.
Issue scoped credentials and parameter limits for the approved resource and action.
Capture tool, arguments, identity, decision, result and reason for investigation.
Six steps: an agent requests a refund tool; identity and scope are resolved; policy flags it high-impact and Needs-approval; scoped credentials are issued for that order only; the tool executes Allowed under guardrails; the call is recorded with identity, parameters, result and reason.
Discovery and invocation are both governed.
| Control surface | Policy input | Enforcement point | Audit evidence |
|---|---|---|---|
| Tool discovery | User · agent identity | Tool registry | Discovery event |
| Tool invocation | Identity · scope · sensitivity | MCP gateway | Tool-call record |
| Credentials & parameters | Approved purpose | Scoped credential boundary | Parameter log |
| High-impact actions | Risk class | Human approval | Approval record |
| Tool | Owner | Scope | Risk | Access |
|---|---|---|---|---|
| Knowledge search | Platform | Read · governed corpus | Low | Allowed |
| CRM lookup | RevOps | Read · account-scoped | Medium | Allowed |
| Issue refund | Finance | Write · per-order | High | Approval |
| Bulk export | Data | Read · all records | High | Denied |
| Send email | Comms | Write · templated | Medium | Approval |
A permission matrix of tools with owner, scope, risk and access. Knowledge search and CRM lookup are Allowed. Issue-refund and send-email Need approval. Bulk export is Denied.
Maintain visibility into MCP servers, tools, owners, versions, scopes and risk classifications.
Control which users and agents can discover or invoke each tool.
Limit a tool call to the permissions, resources and arguments approved for its purpose.
Require human authorization before sensitive, irreversible or high-impact actions.
Capture who or what called a tool, the policy applied, parameters used, result returned and decision reason.
Apply the same controls to agents built with third-party or custom frameworks.
Bring a real use case. We'll set up governed retrieval, reasoning and audit on your stack.