Rail Score
БесплатноНе проверенResponsible-AI guardrails for agents: scoring with policy, injection & PII detection, DPDP.
Описание
Responsible-AI guardrails for agents: scoring with policy, injection & PII detection, DPDP.
README
Add a responsible-AI safety layer to any agent in one URL.
A remote, hosted Model Context Protocol server that exposes RAIL Score's evaluation, agent-guardrail, and India DPDP compliance capabilities to any MCP client — Claude, ChatGPT, Cursor, Copilot, Replit Agent, LangGraph, CrewAI, or a custom stack — with zero SDK integration.
https://mcp.responsibleailabs.ai/mcp
The server is a thin, hardened gateway in front of the existing REST API at
api.responsibleailabs.ai/railscore/v1/. It reimplements no scoring logic: it
validates the caller, shapes requests and responses for agent ergonomics, and
forwards to the engine. Credits, tenancy, and rate limits are identical via MCP
and REST.
Quickstart
You need a RAIL API key (rail_...) from the dashboard.
Claude Code
claude mcp add --transport http rail https://mcp.responsibleailabs.ai/mcp \
--header "Authorization: Bearer ${RAIL_API_KEY}"
Cursor / Windsurf (.cursor/mcp.json)
{
"mcpServers": {
"rail": {
"url": "https://mcp.responsibleailabs.ai/mcp",
"headers": { "Authorization": "Bearer rail_YOUR_KEY" }
}
}
}
Claude.ai / Desktop — Settings → Connectors → Add custom connector → URL
https://mcp.responsibleailabs.ai/mcp, then paste your rail_ key.
More clients (OpenAI Responses API, LangGraph, Replit) are documented at docs.responsibleailabs.ai/mcp.
Tools
Nine tools, all rail_-prefixed. Descriptions state cost, latency, and when not
to use a tool, because agents select tools from descriptions alone.
| Tool | Purpose | Credits |
|---|---|---|
rail_evaluate |
Score content across the 8 RAIL dimensions (optional policy enforcement) |
1.0 basic / 3.0 deep |
rail_check_compliance |
Check against gdpr, ccpa, hipaa, eu_ai_act, india_dpdp, india_ai_gov | 5–10 |
rail_detect_injection |
Detect prompt injection in untrusted text | 0.5 |
rail_evaluate_tool_call |
Allow/warn/block a tool call before it runs | 1.5–3.0 |
rail_scan_tool_result |
Scan a tool's output for PII + injection, return redacted text | 0.5–1.0 |
rail_safe_regenerate |
Iteratively regenerate content until it passes (slow) | 1–9 |
rail_dpdp_scan |
Scan for Indian personal data under the DPDP Act 2023 | 0.5 |
rail_dpdp_gate |
Real-time DPDP processing gate (allow/block/require_action) | 0.3 |
rail_dpdp_compliance |
DPDP workflow: emit, require, evidence, session, timers | varies |
Three read-only resources (free, zero credits): rail://framework/dimensions,
rail://account/capabilities, and rail://framework/policy-schema (the JSON
Schema for the policy parameter).
Policy enforcement
rail_evaluate accepts an optional policy of per-dimension threshold rules and
returns a policy_outcome. A rule fires when a dimension scores below its
threshold; action is the most severe fired action (block > flag > warn >
allow), mirroring the rail-score-sdk Policy/Rule shape.
{ "rules": [
{ "dimension": "safety", "threshold": 7.0, "action": "block" },
{ "dimension": "fairness", "threshold": 6.0, "action": "flag" }
] }
Precedence: if the API key's application has a dashboard policy enforced, that
takes precedence (policy_outcome.source: "application"); otherwise the request
policy is applied in-gateway (source: "request"). No extra credits.
The guarded agent loop
The canonical use is to wrap an agent's reasoning end to end:
rail_detect_injectionon untrusted input before acting on itrail_evaluate_tool_callbefore executing any tool call (block = hard stop)rail_scan_tool_resulton the tool's output (prefer the redacted text)rail_evaluate(deep) on the draft answer, orrail_safe_regenerateto fix itrail_dpdp_scan(mask) on anything leaving the boundary in India deployments
Security model
A safety product that is itself unsafe is a credibility failure. The launch blockers (enforced and regression-tested):
- Verdicts are structured data, never advisory prose an agent can ignore.
- No reflection of analyzed content. Tools return verdicts, scores, spans, and masked excerpts — never the raw analyzed text (second-order injection).
- No raw PII. Detection returns masked values and offsets only.
- Tenant isolation by construction. Identity comes from the validated key in the auth middleware, never from a tool parameter.
- No token passthrough in phase 2: client tokens are validated and dropped;
downstream calls use the gateway's service credential. In phase 1 the bearer
rail_key is the customer's RAIL credential, so it is forwarded upstream to preserve per-tenant credits and isolation. - Input caps, timeouts, rate limits, and audit logging (no content bodies).
See tests/test_no_reflection.py and tests/test_pii_masking.py — these run as
a hard CI gate.
Architecture
- Transport: Streamable HTTP only, single
/mcpendpoint (SSE is sunset). - State:
stateless_http=True,json_response=True— scales horizontally behind a normal load balancer; aligns with the MCP 2026-07-28 stateless core. - Auth (phase 1):
rail_key viaAuthorization: Bearer rail_...orX-API-Key: rail_...(the latter is gateway-friendly — no Bearer prefix), validated once againstPOST /verify(cached 5 min) byauth.RailKeyMiddleware, then bound to the request context. - Discovery:
GET /.well-known/mcp/server-card.json(public) lets registries that scan behind an auth wall (e.g. Smithery) enumerate the tools without a key. - Auth (phase 2): OAuth 2.1 resource server (RFC 9728 metadata, RFC 8707
audience binding) via the SDK's
TokenVerifier.
rail_client.py thin httpx client to api.responsibleailabs.ai (forwards key, propagates X-Request-ID)
auth.py RailKeyMiddleware: validate rail_ keys, bind tenant
request_context.py per-request ContextVars (key, tenant, request id)
server.py FastMCP app: 9 tools + 3 resources + landing (/) + /health + server-card
server.json official MCP registry manifest (ai.responsibleailabs/rail-score)
Local development
python -m venv .venv && source .venv/bin/activate
pip install -r requirements-dev.txt
ruff check . && pytest # unit + safety regression tests
RAIL_API_BASE=https://api.responsibleailabs.ai python server.py # serves on :8080
Protocol smoke test against a running server (needs a real key):
npx @modelcontextprotocol/inspector --cli \
http://localhost:8080/mcp --method tools/list \
--header "Authorization: Bearer ${RAIL_API_KEY}"
Configuration
| Env var | Default | Purpose |
|---|---|---|
RAIL_API_BASE |
https://api.responsibleailabs.ai |
Upstream REST API |
MCP_PORT |
8080 |
Bind port |
RAIL_UPSTREAM_TIMEOUT |
60 |
Upstream call timeout (s) |
RAIL_KEY_CACHE_TTL |
300 |
Validated-key cache TTL (s) |
Hosting
Responsible AI Labs operates the hosted server at
https://mcp.responsibleailabs.ai/mcp — for almost everyone, just connect to
that URL; you do not need to run anything.
To self-host, build the image and run it anywhere that serves HTTP; point it at
the public REST API with RAIL_API_BASE (its default). No secrets are required:
the customer's RAIL key arrives on each request.
docker build -t rail-score-mcp .
docker run -p 8080:8080 -e RAIL_API_BASE=https://api.responsibleailabs.ai rail-score-mcp
Registry
Published to the official MCP registry as ai.responsibleailabs/rail-score via
server.json and the mcp-publisher CLI (DNS-authenticated responsibleailabs.ai
namespace); a tagged GitHub release runs the publish-registry job automatically.
Third-party directories (Smithery, Glama, PulseMCP, mcp.so) index the repository and the official registry independently. Each is claimed and refreshed separately rather than syncing automatically, so listings can lag a release.
Установка Rail Score
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Responsible-AI-Labs/rail-score-mcpFAQ
Rail Score MCP бесплатный?
Да, Rail Score MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Rail Score?
Нет, Rail Score работает без API-ключей и переменных окружения.
Rail Score — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Rail Score в Claude Desktop, Claude Code или Cursor?
Открой Rail Score на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare Rail Score with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
