{"service":"burgus-security-mcp","status":"ok","access_model":"cloudflare_zero_trust","product":"Burgus Security","tagline":"Managed AI security platform with built-in audit, policy enforcement, and compliance reporting.","site":"https://burgus.ai","surfaces":{"public":{"description":"No Cloudflare Access login required","urls":{"landing":"https://mcp.burgus.ai/","health":"https://mcp.burgus.ai/health","docs":"https://mcp.burgus.ai/docs","burgus_website":"https://burgus.ai"},"includes":["Product overview and capability preview","Integration patterns for the Burgus Security data plane","Public MCP tools: commercial_product_catalog, session_capabilities","Public guides (prompts/resources listed in discovery)"],"excludes":["Tenant profile, keys, audit exports, vendor launch","Operator or cross-tenant operations"]},"secure":{"description":"Cloudflare Access required on /mcp and /register","urls":{"mcp":"https://mcp.burgus.ai/mcp","register":"https://mcp.burgus.ai/register"},"authentication":{"mcp_secure":"Cloudflare Access on https://mcp.burgus.ai/mcp (email PIN, SSO, or Service Token)","register":"https://mcp.burgus.ai/register after Access login","service_token_headers":{"CF-Access-Client-Id":"<from Zero Trust>","CF-Access-Client-Secret":"<from Zero Trust>"},"llm_proxy":"Your upstream provider API key (provider-native auth on Burgus Security data-plane hostnames)","scope":"Secure MCP tools are scoped to your tenant via Access identity","legacy_note":"llpx_* API tokens are for data-plane and legacy Bearer tools; MCP uses Cloudflare Access"},"includes":["Full customer MCP toolset (vendor launch, keys, audit, policy, alerts)","Organisation registration and profile after Access login"],"cursor_service_token_example":{"mcpServers":{"burgus-security":{"url":"https://mcp.burgus.ai/mcp","type":"http","headers":{"CF-Access-Client-Id":"<service-token-client-id>","CF-Access-Client-Secret":"<service-token-secret>"}}}}},"operator":{"description":"Not on MCP — internal ops dashboard only","note":"Platform evolution, deploy, and cross-tenant ops use the Burgus ops dashboard."}},"data_plane":{"summary":"Point your existing provider SDK at the proxy hostname. Wire format and auth style stay identical to the upstream provider.","example_base_url_pattern":"https://{provider}.securellm.burgus.ai","integration_steps":["Sign in via Cloudflare Access and register at /register","Connect MCP client to /mcp with Access or Service Token","Add upstream provider API keys (customer_add_key)","List proxy hostnames (customer_list_endpoints)","Set SDK base_url to the returned hostname"],"optional_headers":{"note":"Not required for basic audit. Recommended for multi-agent workflows you control.","headers":[{"name":"X-Llmproxy-Session-Id","purpose":"Shared conversation id across agents"},{"name":"X-Llmproxy-Workflow-Id","purpose":"Groups related steps in a job"},{"name":"X-Llmproxy-Agent-Id","purpose":"Identifies which agent made the call"},{"name":"X-Llmproxy-Agent-Role","purpose":"Role label, e.g. orchestrator, worker, critic"},{"name":"X-Llmproxy-Parent-Request-Id","purpose":"Links a child call to a prior request id from X-Llmproxy-Request-Id"}]},"response_headers":[{"name":"X-Llmproxy-Request-Id","purpose":"Unique request id for audit and parent linking"}]},"capabilities_preview":[{"category":"Tenant onboarding & keys","status":"available","features":["Self-service tenant registration","Add and revoke upstream API keys per vendor","List proxy hostnames assigned to your tenant","View tenant profile and traffic activity summary"],"mcp_tools":["customer_register","customer_me","customer_add_key","customer_list_keys","customer_revoke_key","customer_list_endpoints","customer_get_activity"]},{"category":"Custom vendor registration","status":"available","features":["Register tenant-owned vendor definitions","List and inspect tenant vendor configuration"],"mcp_tools":["customer_add_vendor","customer_list_vendors","customer_get_vendor"]},{"category":"Usage & audit visibility","status":"available","features":["Per-request audit metadata (vendor, model, status, timing)","Token usage rollups by vendor and workflow","Session and workflow timelines (explicit or inferred)","Multi-agent interaction graphs when correlation headers are used","Combined multi-agent security report: header coverage, graphs, bursts, policy alerts"],"mcp_tools":["audit_list_events","audit_get_event","audit_get_session","audit_get_workflow","audit_token_summary","audit_who_talked_to_whom","audit_connection_stats","audit_get_inferred_session","audit_traceability_help","audit_multi_agent_security_report"]},{"category":"Performance & reliability reporting","status":"available","features":["Average response time by model","Estimated proxy overhead when provider timing is available","HTTP and authentication error rollups","Burst and anomaly timeline for workflows"],"mcp_tools":["audit_latency_summary","audit_error_summary","audit_burst_timeline","audit_full_report"]},{"category":"Platform default alerts","status":"available","features":["Always-on web-standard baseline (simple tier): credentials, PII, injection, exfil patterns","Smart agent cybersecurity tier: OWASP LLM Top 10, MITRE ATLAS, multi-agent abuse","Automatically applied on tenant onboarding — layered ON TOP of customer policy rules","Dedicated reporting: coverage, standards matrix, platform vs customer split, agent security","Priority 10–79 (platform) evaluates before customer rules (100+)"],"workflow":["audit_platform_alert_catalog","audit_platform_alert_summary","audit_platform_alert_coverage","audit_platform_alert_layered_split","audit_platform_alert_standards_matrix","audit_platform_alert_agent_security","audit_platform_alert_full_report"],"mcp_tools":["audit_platform_alert_catalog","audit_platform_alert_summary","audit_platform_alert_coverage","audit_platform_alert_layered_split","audit_platform_alert_standards_matrix","audit_platform_alert_agent_security","audit_platform_alert_full_report"]},{"category":"Content policy alerts","status":"available","features":["Upload tenant policy documents (plain text) via MCP","Claude analyzes each document and proposes concrete alert rules","Review proposed rules; approve or reject before anything is applied","Applied rules scan live prompt/completion text for matches (alert only — never blocks traffic)","Alert rollups by severity and rule; timeline and per-agent views for multi-agent workflows","Combine with audit_burst_timeline, audit_multi_agent_security_report, and audit_full_report"],"workflow":["policy_upload_document","policy_propose_rules","policy_list_rules","policy_validate_rules (approved=true)","policy_apply_rules","alert_get_delivery","alert_set_delivery (mode=pull|webhook)","audit_content_alert_summary","audit_content_alert_by_rule","audit_content_alert_timeline","audit_content_alert_by_agent","audit_content_alert_rollups","audit_content_alert_rule_health"],"mcp_tools":["policy_upload_document","policy_list_documents","policy_propose_rules","policy_list_rules","policy_validate_rules","policy_apply_rules","alert_get_delivery","alert_set_delivery","alert_test_webhook","audit_content_alert_summary","audit_content_alert_by_rule","audit_content_alert_timeline","audit_content_alert_by_agent","audit_content_alert_rollups","audit_content_alert_rule_health","audit_content_alert_export"],"mcp_prompts":["content_policy_guide"]},{"category":"Behavioral analysis","status":"available","features":["Automatic baseline anomaly detection on audit traffic (volume, errors, graph loops)","Hash-embedding similarity detectors for near-duplicate and cross-agent template abuse","Clustering/graph ML for coordinated bursts, hub emergence, and agent outliers","14 catalog rules across phases 1–3; alert-only (never blocks traffic)","Realtime queue ingest plus hourly batch re-analysis after audit sync","Combined with audit_multi_agent_security_report for full agent observability"],"workflow":["Enabled automatically at customer registration","Traffic flows: Worker → store ingest → behavior-analysis queue","Audit sync triggers batch analysis on vmbehavioranalysis (.230)","audit_behavior_alert_summary / timeline / by-agent / full-report"],"mcp_tools":["audit_behavior_alert_catalog","audit_behavior_alert_summary","audit_behavior_alert_timeline","audit_behavior_alert_by_agent","audit_behavior_full_report"]},{"category":"Compliance & export","status":"available","features":["Single-customer compliance snapshot (tokens, latency, errors, traceability)","JSON or CSV export bundle for auditors","Hybrid traceability guide (default vs enhanced header mode)"],"mcp_tools":["audit_customer_report","audit_export_bundle"],"mcp_resources":["llmproxy-audit://traceability/guide"],"mcp_prompts":["commercial_getting_started","audit_traceability_guide","content_policy_guide"]}],"discovery":{"public_tool":"commercial_product_catalog","secure_tool":"session_capabilities","resource":"llmproxy://commercial/features","prompts":["commercial_getting_started","access_setup_guide","content_policy_guide"]},"recent":["Cloudflare Access — secure MCP (no long-lived llpx tokens on MCP)","Self-service vendor launch via customer_add_vendor after Access login","Platform default alerts — 56-rule baseline per tenant"]}