> ## Documentation Index
> Fetch the complete documentation index at: https://docs.artu.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> The Artu MCP server — a remote, scoped Model Context Protocol gateway to the compliance platform for LLM agents

The **Artu MCP server** is a remote [Model Context Protocol](https://modelcontextprotocol.io) server that exposes the Artu compliance platform to LLM agents (Claude, Claude Code, ChatGPT, and any MCP-compatible client).

The MCP server exposes the same data and operations as the Artu API — nothing more. Your organization's permissions, `test`/`live` separation, and data isolation apply identically; connecting over MCP never grants access you don't already have through the API.

## How it works

```
Your agent ──MCP (Streamable HTTP) + OAuth 2.1──▶ Artu MCP server ──▶ Artu compliance platform
                          │
            OAuth 2.1 sign-in issues and verifies your access token
```

* **Auth:** OAuth 2.1, handled automatically by your client on first connect — you sign in to Artu in your browser; there's no API key to paste. See [Connecting](/mcp/connecting).
* **Scope by URL:** the compliance scope is bound to the connection URL path. See [Connecting](/mcp/connecting).
* **Your permissions apply:** every call is governed by your organization's existing permissions and the selected environment — listing clients needs `clients:read`, saving needs `clients:edit`, and so on. Your data stays isolated to your organization.

## Read tools and action tools

The server exposes two kinds of tools:

* **Read tools** — an unrestricted surface for listing and fetching clients, transactions, alerts, workflows, reports, documents, and evidence. Available on every connection.
* **Action tools** — a small, task-oriented set of mutations (create/update records, transition alert status, run/cancel workflows, attach files). Action tools exist **only on scoped connections**; unscoped connections are read-only.

See the [Tools reference](/mcp/tools) for the full list.

## Safety model

* **No deletes, no batch.** The mutating surface is deliberately narrow.
* **Explicit annotations.** Every tool advertises MCP annotations (`readOnlyHint`, `destructiveHint`, `idempotentHint`) so MCP clients can reason about side effects and prompt for confirmation before mutating calls.
* **Your permissions, in every environment.** `live` and `test` are both gated by your organization's permissions — a call you're not allowed to make fails with a clear "you don't have edit access" message.