For Platform & Engineering Teams
MCP is the wire. We are the policy and audit layer on top.
Plug Claude Code, Codex CLI, Hermes-agent, or Claude Desktop into our Control Plane MCP server. Every tool call passes through a policy gate (allow / deny / HITL / DLP). Audit chain on by default. Self-evolving system prompts via approved Genes — your team's prompts improve themselves, you stay in the loop on every change.
5-minute MCP integration
One block of JSON in your agent's MCP config. CP_VENDOR identifies which agent is talking; the server resolves the right scope policy automatically. Works with Claude Desktop, Claude Code, Codex Desktop, Codex CLI, Hermes-agent, and any MCP-speaking host.
MCP_DESKTOP_CONFIG.md
Per-agent scope policies
YAML-defined allowed_tools / allowed_data_sources / allowed_egress / requires_approval / dlp_redactions. Per-tool granularity, per-call decision. Block, redact, or escalate to a human — every decision is in the audit chain with a rule_id and rationale.
services/control_plane/policy_engine.py
Self-evolving system prompts
Quality drift on a vendor → proposed Gene fragment → sandbox A/B against failing samples → admin approves → live Capsule materialised → next session sees the improvement. HITL-gated, audit-trailed, reversible. Genes scoped to external_agent.<vendor>.system_prompt.
services/gene_library_service.py
The integration in one block of JSON
This is what a customer adds to their Claude Code (or Codex, or Hermes) MCP server config. Cmd-Q the host, paste the block, relaunch. Tool calls now route through the policy gate and into the audit chain. No code on your side.
// ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"ai-gov-control-plane": {
"command": "/path/to/python",
"args": ["-m", "app.services.control_plane.mcp_server"],
"cwd": "/path/to/proofpane/backend",
"env": {
"CP_PRINCIPAL": "you@your-co.com",
"CP_AGENT_ID": "code_agent.v1",
"CP_VENDOR": "claude_code",
"CP_ORG_ID": "org_yourco",
"CP_HITL_TIMEOUT_S": "600",
"PYTHONPATH": "/path/to/proofpane/backend"
}
}
}
}Full template + Codex / Hermes variants: backend/app/services/control_plane/MCP_DESKTOP_CONFIG.md
What the audit log looks like
Hash-chained. One event per tool call, decision, HITL checkpoint, redaction. org_id in the chain hash so cross-org tampering is structurally detectable. Every event has a parent_run_id so the run tree is navigable in the UI.
{
"event_type": "cp.tool.deny",
"actor": "code_agent.v1",
"payload": {
"tool": "gov_bash",
"args": { "bash_command": "kubectl delete pod payments-7" },
"decision": "deny",
"rule_id": "requires_approval::gov_bash::kubectl",
"rationale": "destructive op against shared infra; not approved",
"session_id": "cp_sess_8a4f1e",
"vendor": "claude_code",
"policy_eval_ms": 12,
"chain_prev_hash": "5d3a...",
"chain_hash": "9e72..."
}
}Why engineering teams pick us
The features above are the surface. These three are the substrate — what holds up when you scale past one team or one agent vendor.
Cross-agent broker (v1.5)
One MCP proxy in front of N downstream servers — Proofpane, GitHub, internal tools, anything. The agent host sees one server; you see one audit chain across all of them. Closes the MCP-as-transport gap that every other vendor leaves wide open.
services/control_plane/broker.py
Two runners, one contract
The code-agent loop runs via direct LLM API or the official `claude` CLI subprocess. Same audit events, same Capsule (Gene-composed) system prompt, same stop registry. Swap per session, measure which one wins for your codebase.
services/claude_code_cli_runner.py
2,072 tests, every PR
Hash-chain integrity, multi-tenant isolation, sandbox path-escape guards, cooperative cancellation, policy-gate decisions, evidence-pack signature verification — all pinned. CI green is a real signal, not a vibe.
backend/tests/ (full suite ≈4 min)
Are you on the compliance side, not the engineering side?
See the compliance-officer pitch →