The Product Surface

Technical reference. April 2026.

Idora’s product surface is the integration boundary teams and agents interact with. It is a small, stable MCP envelope of seven tools and two resources, plus a v1 set of five Skills that translate natural-language questions into envelope calls. Same envelope, two consumption styles. Agents and humans go through Skills. CI and direct integrations call tools with structured arguments. Every interaction returns a determination, not data. The conclusion the caller can act on, not the payload the caller has to interpret. Every response is grounded in content-addressed receipts the caller can independently verify.

What shapes the surface

Five commitments explain every choice in the surface that follows.

Decisions, not data

Every tool returns a structured determination (conforms, does_not_conform, indeterminate) with the evidence that grounds it. A traditional MCP server returns the rows; Idora returns the conclusion the rows lead to. The caller never has to reconstruct the answer from a payload.

Read-only by design

No tool writes to the graph. Writes flow exclusively through the push-triggered receipt pipeline. The envelope projects from the graph; it never mutates it. A read-only surface eliminates entire vulnerability classes (exfiltration, evidence-layer poisoning, write-path tampering) at the protocol level, not as configurable policy.

Receipts are the integrity primitive

Every determination traces to one or more receipts. Receipts are content-addressed via SHA-256; identity is the hash. A determination grounded in a specific receipt chain is verifiable without trusting the model that produced the answer.

Vendor-neutral by protocol

The surface is Model Context Protocol (Streamable HTTP, OAuth 2.1 + PKCE, the 2025-11-25 spec revision). Any compliant MCP client calls the same surface with the same shapes. The wire is open standard. The receipts and the graph are protocol-agnostic.

Constraint is the product

Seven tools. Two resources. Five Skills. The surface is small on purpose. Adding capability means adding a new tool with a new contract, not exposing more flexibility through fewer entry points.

The surface at a glance

Surface element	Type	Purpose
Tools (model-invoked, parameterized)
`idora.release_trust`	Tool	Release-time gate
`idora.file_context`	Tool	Edit-time governance lookup
`idora.proof`	Tool	Audit-time receipt chain
`idora.gap_detection`	Tool	Coverage analysis
`idora.drift`	Tool	Delta between two refs
`idora.browse`	Tool	Bounded navigational query
`idora.bulk_proof`	Tool	Batch receipt chains for compliance
Resources (URI-addressable, read-only)
`idora.pipeline_status`	Resource	Ingestion state
`idora.schema`	Resource	Receipt and graph schema
Skills (consumption-layer, natural-language)
`idora-release-trust`	Skill	Natural-language release questions
`idora-context`	Skill	Natural-language file and requirement context
`idora-drift`	Skill	Natural-language change tracking
`idora-proof`	Skill	Natural-language audit
`idora-coverage`	Skill	Natural-language coverage analysis

The seven tools

Tools are model-invoked. Each call is parameterized, executes a versioned Cypher pattern against the context graph, and returns a determination response.

`release_trust(ref)`

Answers whether a release ref conforms to its governing requirements. Returns conforms, does_not_conform, or indeterminate, with blockers and proof-chain references when applicable. The release-time gate, callable from CI directly. Composed by the idora-release-trust Skill.

`file_context(file_path)`

Returns the governing requirements, current verification status, and verification history for a file. Edit-time agents call this before modifying code. Reviewers call this when assessing a change. The response is a single projection: file metadata, governing requirements, applicable verifications, and proof-chain references. Composed by the idora-context Skill.

`proof(receipt_id_or_claim)`

Returns the full receipt chain for a determination. Given a receipt or a claim, returns the chronologically ordered chain of receipts, files, artifacts, evaluator identity, prompt versions, and code provenance where applicable. The audit primitive. Composed by the idora-proof Skill, and called as drill-down from release_trust blockers and file_context verifications.

`gap_detection(scope)`

Returns coverage gaps in a defined scope: requirements without conforming verification, files without governing requirements, unresolved contradictions in requirement relationships. Categorized output with entity references. Composed by the idora-coverage Skill.

`drift(ref_a, ref_b)`

Returns what changed between two refs: files whose content changed, verifications whose determination changed, requirements that gained or lost coverage, violations that emerged or resolved. The temporal-comparison primitive. Composed by the idora-drift Skill.

`browse(query_shape)`

The bounded exploration entry point. Returns paginated lists shaped per the query (requirements by source, files by repo, recent receipts by type). Each entity follows the canonical projection. Used directly. Not Skill-mediated in v1.

`bulk_proof(refs[])`

Assembles receipt chains for multiple subjects in a single call. Optimized for batch attestation: quarterly audit packages, regulatory framework conformance, periodic reporting. Composed by the idora-proof Skill for batch use cases. Called directly by compliance systems generating documentation.

The two resources

Resources are URI-addressable, read-only, and stable across calls within a version. They complement tools rather than compete with them.

`pipeline_status`

Exposes ingestion state: ingestion_lag_seconds, queue_depth, last_push_timestamp, push_count, days_active. Updated on every receipt write. Consumed by tools’ metadata blocks for graph-maturity context and by Skills for cold-start narration.

`schema`

Exposes the receipt and graph schemas at the envelope’s current version. Returns receipt schemas per receipt type, entity projection definitions, the canonical decision-shape vocabulary, and the current schema_version. Consumed by third-party Skill builders, by Skills declaring envelope-compatibility ranges, and by tooling generating client SDKs.

The metadata block

Every tool response carries a metadata block describing graph state at the moment of the call. Callers gate confidence on this metadata. Cold-start sparseness shows in the metadata, not by failing the call.

The block contains five named fields:

ingestion_lag_seconds. How stale the graph is relative to the most recent push.
graph_maturity. The substrate density signal: push_count and days_active.
envelope_version. The API contract version.
schema_version. The receipt and graph schema version.
evaluator_model. The model identity for verifications surfaced in the response, where applicable.

A representative metadata block from a release_trust response:

{
  "ingestion_lag_seconds": 4,
  "graph_maturity": {
    "push_count": 847,
    "days_active": 142
  },
  "envelope_version": "1.0",
  "schema_version": "1.0",
  "evaluator_model": "claude-sonnet-4-20250514"
}

A release_trust response on a 7-day-old graph reads differently from one six months in. The determination is the same shape. The confidence the caller places in it is gated by the metadata.

The Skills layer

Skills are the consumption-layer surface, the path humans take to reach Idora through coding agents. Five Skills ship in v1, calibrated to platform engineer and compliance/audit early-adopter workflows.

idora-release-trust

Translates release-readiness questions into release_trust and follow-up proof calls. Fires on every release decision.

idora-context

Translates file-first and requirement-first context questions into file_context and proof compositions. Fires during code review and impact analysis.

idora-drift

Translates change-tracking questions into drift and gap_detection compositions. Fires on every deploy review and incident response.

idora-proof

Translates audit and proof-chain questions into proof and bulk_proof calls. Surfaces receipt chains, evaluator identity, prompt versions, and code provenance.

idora-coverage

Translates gap-detection questions into gap_detection and browse compositions. Fires during onboarding and pre-audit preparation.

Skills are SKILL.md packages following Anthropic’s open Agent Skills standard. They run in consumption-layer agents (Claude Code, Cursor, GitHub Copilot, Codex, Gemini CLI, Claude Desktop), not in Idora’s infrastructure. They are distributed via Anthropic’s Skills Directory and Vercel’s skills.sh.

Skills compose tool calls. They do not bypass the integrity boundary. A Skill cannot fabricate a determination, generate a receipt, or invent evidence. It recognizes the natural-language pattern, constructs the appropriate envelope call, and narrates the response. Cold-start framing and substrate sparseness are surfaced honestly through the metadata block.

The five Skills cover six of the seven tools. browse is intentionally outside v1 Skill scope; exploration is better served by ecosystem-level Skill discovery than by an Idora-authored navigation Skill.

CI pipelines bypass Skills and call tools directly with structured arguments. Same envelope, two consumption styles.

How teams and agents interact with the surface

Three patterns. Each shows the surface in motion.

Agent pre-flight (developer, Skill-mediated)

A developer opens auth.service.ts in Claude Code and asks:

What governs this file and what should I be aware of before editing?

The idora-context Skill recognizes the pattern and constructs file_context(file_path: "auth.service.ts"). The envelope returns three governing requirements (AUTH-001 conforming, verified 12 times; AUTH-003 conforming, verified 4 times; AUTH-007 violation since April 10), the proof-chain references for each, and a metadata block showing a mature graph.

The Skill narrates: edits must satisfy AUTH-001 and AUTH-003. AUTH-007 has been in violation since April 10 and any edit that addresses it should be flagged for re-verification. The agent now operates within constraints derived from the graph, not from instruction. The developer never wrote a query. The receipts behind every claim are addressable.

Compliance audit (compliance officer, mixed Skill and direct)

A compliance officer preparing a quarterly attestation needs proof chains for every release shipped in Q1. They ask the idora-proof Skill:

Give me audit packages for all production releases between January 1 and March 31.

The Skill constructs bulk_proof(refs: [...]) over the matching ref list. The envelope returns proof chains for each release: receipts, file content hashes, artifact hashes, evaluator identities, prompt versions, code provenance where applicable, plus aggregate metadata across the batch.

The customer’s compliance pipeline calls bulk_proof directly with structured arguments and pipes the response into audit-export tooling. Same call, no Skill intermediation. The output is identical and independently verifiable. Every claim in the audit package is a receipt the auditor can validate against the content-addressed graph.

Incident response (engineer, mixed Skill and direct)

An alert fires. A v2.1 deploy has caused a production issue. The on-call engineer asks the idora-drift Skill:

What drifted between v2.0 and v2.1?

Two files degraded. One violation emerged: AUTH-007 on auth.service.ts.

The engineer follows up directly via proof(claim: "AUTH-007 on auth.service.ts at v2.1"). Last conforming verification April 3. Violation April 10. Build #412 consumed auth.service.ts at hash a3bf...c8. That artifact deployed to production in v2.1 on April 19 despite the violation. The CI gate was overridden or the governance check was stale. The graph carries the answer either way.

Cold-start behavior

The surface is honest about substrate density. The graph compounds with every push. Early in a deployment it is sparse, and the surface reflects that.

A release_trust call against a 7-day-old graph with 12 pushes returns the same response shape as one against a 6-month-old graph: determination, confidence, blockers, metadata. The difference is in the metadata. Skills surface this explicitly to the caller: “Your graph has 12 pushes recorded; trust scores will become more reliable as more verifications accumulate.”

The surface does not fail on sparse substrate. It returns indeterminate where evidence is insufficient and surfaces the substrate state in metadata so callers act on it knowingly. Cold-start is a first-class condition, not an error.

What’s stable in v1

Integration is against stable contracts. The following are stable v1 commitments:

The seven tools and two resources

No additions, removals, or renames in v1. New capability ships as a new tool with a new contract.

The five Skills

v1 inventory is fixed. Additional Skills (vertical-specific, onboarding, deeper audit) are post-v1 and will not break v1 Skill behavior.

The canonical decision-shape vocabulary

conforms, does_not_conform, indeterminate. Stable across every tool that returns a determination.

The metadata block field names and semantics

ingestion_lag_seconds, graph_maturity (push_count, days_active), envelope_version, schema_version, evaluator_model.

The MCP wire surface

Streamable HTTP, OAuth 2.1 + PKCE, RFC 9728 protected resource metadata, the 2025-11-25 spec revision. Protocol-version increments follow Linux Foundation cadence with N-1 support.

Not fixed at contract level

What is not fixed at the contract level: the specific Cypher patterns each tool executes against the graph, response-shape extensions per tool (additive, never breaking), and the receipt schema (versioned via schema_version and surfaced through the schema resource).

v1 is contract. Underneath, implementation evolves.

Closing

Seven tools. Two resources. Five Skills. A surface this size can be learned in an afternoon, called correctly the first time, and relied on permanently.

Readers wanting to understand the graph structure these tools traverse should read The Context Graph. Readers wanting to see how the surface evolves as integrity becomes cross-service should read Architecture Overview. Readers evaluating whether to pilot Idora should contact engineering@idora.dev directly. The TypeScript contracts, authentication details, and integration guides are shared during design-partner onboarding.