Welcome to Civic

Your agent can read every email. Can you prove it only read what it was supposed to?

Civic is the security layer for AI agents — a control plane that makes tool-using agents safe, auditable, and compliant. Connect your agent to 95+ MCP servers and stay in control of every tool call.

Start in Civic Chat

Zero setup. Configure, audit, and revoke from your control plane.

Integrate your agent

Connect via HTTP — LangChain, Vercel AI SDK, Anthropic SDK, and more.

Four Pillars

Civic is built on four pillars: Connectivity to 95+ MCP servers, Auditability of every tool call, Guardrails through 1,000 guardrail rules, and Revocability via instant revocation at any granularity. Together they form a security layer that sits between your agent and the tools it uses — so you stay in control without slowing anything down.

Your AI Agent→Civic Hub→95+ MCP Servers

🔌

Connectivity

95+ MCP servers

📊

Auditability

Every call logged

🛡️

Guardrails

1,000 guardrail rules

⚡

Revocability

Instant revocation

Connectivity

Connect to 95+ MCP servers — Google Workspace, Slack, GitHub, databases, CRMs, and more. Civic handles OAuth, secrets, and authentication so your agent never touches raw credentials.

Browse all 95+ MCP servers

Google Calendar, Gmail, Sheets, Drive, Docs, Slack, GitHub, PostgreSQL, HubSpot, and 76 more

Auditability

Every tool call is logged: tool name, parameters, response, timestamp, and agent identity. Query your audit log in plain English via Civic Chat.

Aggregated summary: "Show me what my agent did this week"
Line-by-line detail: "Show every tool call from yesterday with timestamps"
CSV export: Up to 5,000 lines per export

Guardrails

With 1,000 guardrail rules, set precise controls per tool, per server, or per toolkit. OAuth scope enforcement ensures agents get least-privilege access. Secrets — OAuth tokens, API keys, Bearer tokens — are stored in Civic and never exposed to the agent layer.

Guardrails

Block specific tools, enforce read-only scopes, set parameter presets the agent cannot override

Revocability

Revoke access instantly at any granularity — a single tool, a server connection, or an entire toolkit. Revocation is available via Civic Chat and the UI, not the API. An agent cannot revoke its own constraints.

Revocation

Kill switch at any level — from one tool to the entire toolkit

What Civic Protects

Secret Management

OAuth tokens, API keys, and Bearer tokens stored in Civic. The agent never sees them — only the Hub can use them to make tool calls.

Audit Trail

Complete log of every tool call. Queryable via Civic Chat. CSV export up to 5,000 lines. Retained ~30 days.

Guardrails

Block tools, enforce read-only access, preset parameters. Works at the tool, server, and toolkit level.

Prompt Injection Defense

Toolkit locking prevents a compromised agent from switching contexts or removing its own guardrails.

Your Control Plane: Civic Chat

Civic Chat at app.civic.com is not a demo interface — it's your control plane. Three agent modes:

Configurator Agent: Set up toolkits, guardrails, and secrets via natural language
Audit Agent: Query logs, get summaries, export CSV
Revocation Agent: Instantly revoke access at any granularity

The endpoint is separated from the AI agent layer by design. Your production agents cannot call it.

Civic Chat — Your Control Plane

Configure, audit, and revoke without writing code