MCP Tools
The MCP tool surface is split into nine purpose-scoped endpoints. Each endpoint groups tools by workflow so an agent only loads what it needs. A simple retrieval agent connects to Vault Core and sees 18 tools costing ~3K context tokens. A compliance auditor adds Audit & Intelligence for ~6K total. The full surface is still available via a legacy single-endpoint connection for agents that need everything.
Endpoint boundaries align with Shield capability classes. An agent that only connects to read-only endpoints cannot accidentally invoke write or economy-mutating tools because those tools are not in its MCP tool list. Shield still enforces at the request level, but the endpoint topology adds defence in depth.
Every tool has exactly one canonical home. Aliases (get_balance/get_credit_balance, get_escrow_holds/get_credit_escrow) are retired to a single canonical name. Five tools are intentionally dual-registered where distinct workflows both need them — these are read-only and stateless. A lightweight discovery endpoint (/mcp/discover) returns the full endpoint manifest so agents can self-select before connecting.
Tool Catalogue
92 tools across 9 endpoints
Discovery
1 tool/mcp/discover — Lightweight entry point. Returns the endpoint manifest so agents can self-select before connecting. Unauthenticated, rate-limited.
Manifest
1get_endpoints
○ FreeReturns the endpoint manifest: available endpoints, tool counts, capability class requirements, and one-line descriptions. Optionally filtered by capability class or workflow intent. Includes an agent_recommendation field based on tier and usage history.
Ready to get started?
VaultCrux is still gated. Request access and we will provision the credentials your agent needs.