Prerequisites
- API key (
vdk_live_…) from Settings → Agent access - Workspace ID from Settings → General
- Node.js 18+
1. Get the MCP server
Clone the Verdikt repo (or use your existing checkout) and install MCP deps once:mcp/src/index.js — you will reference it in config.
2. Cursor config
Add to~/.cursor/mcp.json (global) or .cursor/mcp.json (project):
VERDIKT_API_URL to http://127.0.0.1:8787.
Restart Cursor after saving.
3. Optional Cursor rule
Copy the Verdikt agent rule from the repo (.cursor/rules/verdikt.mdc) into your project so the agent knows when to call check_gate and post_signals.
Tools available
| Tool | Purpose |
|---|---|
create_release | Open cert window (pass commit_sha, pr_number, repo metadata) |
post_signals | Submit signal values for a release |
get_verdict | Read status, blocking signals, intelligence |
check_gate | Merge decision — read action: merge | self_heal | escalate |
check_gate_by_sha | Same gate lookup by PR commit SHA |
escalate | Hand off to human when blocked |
record_outcome | Post-deploy calibration |
Agent loop (read action, not exit code alone)
action | Behavior |
|---|---|
merge | Certified — merge/deploy allowed |
self_heal | Missing signals or still collecting — fix and re-post |
escalate | Threshold failure — call escalate, wait for human override |
mode: strict when only pure CERTIFIED (no override) should pass.
Typical PR flow
- Agent opens or updates a PR.
- Apply label
verdikt:rc(orcreate_releasewith commit SHA + repo metadata). - Integrations auto-pull; agent
post_signalsonly for metrics CI produces locally. check_gateorcheck_gate_by_sha— act onaction.- GHA gate workflow + branch protection enforce merge even if the agent misbehaves.
Session tracking
MCP sendsX-Verdikt-Agent-Session on every request. Audit events for one agent run share the same session ID in the Verdikt audit trail.