Skip to main content

Hosted quickstart

Use this page to get one real Compass Guard verdict from the hosted API.
The public docs live at https://docs.compassguard.xyz. The hosted API examples below use the current API base URL: https://compassguard.xyz.

1. Check health

curl -s https://compassguard.xyz/health
Expected: {"ok":true,"service":"compass-hosted-guard",...}.

2. Mint an API key

curl -sX POST https://compassguard.xyz/signup \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com"}'
# → {"email":"you@example.com","apiKey":"compass_…"}

export COMPASS_HOSTED_API_KEY='compass_…'

3. Ask for a verdict

curl -sX POST https://compassguard.xyz/v1/verify \
  -H "Authorization: Bearer $COMPASS_HOSTED_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "toolName": "transfer",
    "intent": { "kind": "transfer" },
    "arguments": {
      "recipient": "9WzDXwBbmkg8ZTbNMqUxvQRAyrZzDsGYdLVL9zYtAWWM",
      "amountUsd": 5,
      "recipientKnown": false
    }
  }'
Unknown recipients return review:
{
  "correlationId": "…",
  "decision": "review",
  "riskLevel": "medium",
  "reasons": ["TRANSFER_UNKNOWN_RECIPIENT"],
  "humanExplanation": "Recipient is not on the allowlist."
}
Set recipientKnown to true and keep amountUsd <= 10 to demo an allow verdict.

4. Optional: add the MCP proxy

claude mcp add compass \
  --env COMPASS_HYBRID_GUARD_ENABLED=true \
  --env COMPASS_HOSTED_API_URL=https://compassguard.xyz \
  --env COMPASS_HOSTED_API_KEY=$COMPASS_HOSTED_API_KEY \
  -- npx -y @ramadan04/compass-mcp-guard \
     --downstream-name solana-tools \
     --downstream-command npx \
     --downstream-args-json '["@your-downstream/mcp-server"]'
Replace @your-downstream/mcp-server with the Solana MCP server you want protected.

Reference

EndpointAuthPurpose
GET /healthnoneLiveness
POST /signupnoneMint an email-scoped API key
POST /v1/verifybearerDecision on an intended tool call
POST /v1/verify/confirmbearerOptional post-execution confirmation