Your AI agents can't mark their own homework. Tempered provides independent, multi-dimensional risk assessment for actions that autonomous agents or human teams are about to take.
{
"mcpServers": {
"tempered": {
"type": "url",
"url": "https://mcp.temperedrisk.ai/mcp",
"headers": {
"Authorization": "Bearer prx_your_api_key"
}
}
}
}
Every assessment returns:
Example response:
{
"schema_version": "1.0",
"assessment_id": "550e8400-e29b-41d4-a716-446655440000",
"timestamp": "2026-04-10T12:00:00Z",
"verdict": {
"level": "HIGH",
"confidence": 0.85,
"summary": "This deployment changes authentication for all users with no rollback plan documented. The blast radius is the entire user base."
},
"risks": [
{
"id": "risk-001",
"severity": "HIGH",
"title": "No rollback plan for auth change",
"description": "Modifying the authentication service without a documented rollback plan risks locking out all users if the change fails.",
"affected_systems": ["auth-service", "api-gateway"]
}
],
"preflight_checks": [
{
"id": "check-001",
"priority": "REQUIRED",
"action": "Document and test a rollback procedure before deploying",
"rationale": "Auth changes affect every authenticated user — recovery must be instant"
},
{
"id": "check-002",
"priority": "RECOMMENDED",
"action": "Deploy to staging first and run the full auth test suite",
"rationale": "Validates the change against real SSO flows before production exposure"
}
],
"outstanding_questions": [
{
"id": "q-001",
"question": "Is there a maintenance window scheduled for this deployment?",
"impact": "A maintenance window reduces blast radius by limiting concurrent users during the change"
}
],
"metadata": {
"assessment_depth": "screening",
"profile": "infrastructure_risk"
}
}
Tempered runs your action description through a purpose-trained risk assessment model. The model evaluates across multiple risk dimensions and produces a structured assessment with rationale.
The assessment is independent — it's not the same model that decided to take the action. That's the point.
Add Tempered to your Claude Code MCP configuration. You have two options depending on whether you want Tempered available globally or per-project.
Option 1 — Global (recommended for individual developers)
Edit ~/.claude/settings.json (create it if it doesn't exist):
{
"mcpServers": {
"tempered": {
"type": "url",
"url": "https://mcp.temperedrisk.ai/mcp",
"headers": {
"Authorization": "Bearer prx_your_api_key"
}
}
}
}
Claude Code will pick it up on the next session start. No restart needed — just open a new terminal or prompt.
Option 2 — Per-project (recommended for teams)
Create or edit .claude/settings.json in your project root:
{
"mcpServers": {
"tempered": {
"type": "url",
"url": "https://mcp.temperedrisk.ai/mcp",
"headers": {
"Authorization": "Bearer prx_your_api_key"
}
}
}
}
Commit this to your repo (but NOT your API key — see below) so every developer on the team gets Tempered without individual setup.
Keeping your API key out of git
Don't commit your actual key. Use .claude/settings.local.json (which is
gitignored by default in Claude Code projects) for the real key:
{
"mcpServers": {
"tempered": {
"headers": {
"Authorization": "Bearer prx_real_api_key_here"
}
}
}
}
Claude Code merges settings.json and settings.local.json automatically
at load time, so the committed file can contain the URL and transport while
the local file holds the secret.
Verifying it works
Open a new Claude Code session and ask it to list available tools, or
just type /mcp. You should see tempered listed, with assess_risk
as its one tool. If Tempered isn't there, check the Claude Code debug
log (usually ~/.claude/logs/ or accessible via /doctor) for MCP
connection errors — the most common issue is a typo in the URL or
an invalid API key.
That's it. Claude Code will now have access to assess_risk — an independent
risk assessment for any action it's about to take.
The tool accepts three parameters:
action (required) — describe what you're planning to docontext (optional) — structured context: environment, service, change_type, rollback_planprofile (optional) — assessment profile (default: infrastructure_risk)Try it: ask Claude to "deploy a config change to production" and watch Tempered flag the risks before execution.
For developers who want to integrate Tempered into their own pipelines without MCP.
import requests
import time
TEMPERED_URL = "https://api.temperedrisk.ai/v1"
API_KEY = "prx_your_api_key"
HEADERS = {"Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json"}
# Submit an assessment
response = requests.post(f"{TEMPERED_URL}/evaluations/", headers=HEADERS, json={
"description": "Deploy SSO configuration change to production auth service",
"context": {
"environment": "production",
"service": "auth-service",
"change_type": "configuration",
"rollback_plan": "Revert config via Ansible playbook, 2-minute rollback"
}
})
response.raise_for_status()
eval_id = response.json()["id"]
# Poll for result (typically ~10 seconds)
while True:
result = requests.get(
f"{TEMPERED_URL}/evaluations/{eval_id}/",
headers=HEADERS,
).json()
if result["status"] == "completed":
break
time.sleep(2)
# Act on the assessment
verdict = result["verdict"]
print(f"Verdict: {verdict['level']} (confidence: {verdict['confidence']})")
print(f"Summary: {verdict['summary']}")
if verdict["level"] in ("HIGH", "CRITICAL"):
print("\nBLOCKED — risks identified:")
for risk in result["risks"]:
print(f" [{risk['severity']}] {risk['title']}: {risk['description']}")
print("\nPreflight checks:")
for check in result["preflight_checks"]:
print(f" [{check['priority']}] {check['action']}")
exit(1)
print("PROCEEDING — low/medium risk")
name: Tempered Risk Assessment
on: [pull_request]
jobs:
assess-risk:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Assess deployment risk
env:
TEMPERED_API_KEY: ${{ secrets.TEMPERED_API_KEY }}
run: |
EVAL=$(curl -s -X POST https://api.temperedrisk.ai/v1/evaluations/ \
-H "Authorization: Bearer $TEMPERED_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"description\": \"${{ github.event.pull_request.title }}\", \
\"context\": {\"environment\": \"production\", \
\"change_type\": \"deployment\"}}")
EVAL_ID=$(echo $EVAL | jq -r '.id')
for i in $(seq 1 30); do
RESULT=$(curl -s https://api.temperedrisk.ai/v1/evaluations/$EVAL_ID/ \
-H "Authorization: Bearer $TEMPERED_API_KEY")
STATUS=$(echo $RESULT | jq -r '.status')
if [ "$STATUS" = "completed" ]; then break; fi
sleep 2
done
LEVEL=$(echo $RESULT | jq -r '.verdict.level')
echo "Risk level: $LEVEL"
if [ "$LEVEL" = "HIGH" ] || [ "$LEVEL" = "CRITICAL" ]; then
echo "::error::Tempered flagged HIGH/CRITICAL risk"
echo $RESULT | jq '.risks'
exit 1
fi
Add Tempered to Cursor's MCP configuration in your project's .cursor/mcp.json:
{
"mcpServers": {
"tempered": {
"url": "https://mcp.temperedrisk.ai/mcp",
"headers": {
"Authorization": "Bearer prx_your_api_key"
}
}
}
}
The assess_risk tool will appear in Cursor's tool list. Cursor will
call it automatically when you ask it to evaluate risky actions.
How fast is it? ~10 seconds per assessment.
What data do you store? Free tier: assessments retained for 30 days, then deleted. We never use your data to train AI models.
Is this a replacement for human review? No. Tempered is advisory — it flags risks and suggests checks. The decision to proceed is yours.
What profiles are available?
infrastructure_risk (default), plan_review, architecture_review,
and market_strategy. Each evaluates against different risk dimensions
relevant to the domain.
Does this satisfy EU AI Act requirements? Tempered supports Article 9 risk management by providing documented, continuous risk assessment with audit trail. It does not guarantee compliance. See our compliance documentation.
Can I self-host? Not yet. Contact us if you need on-premises deployment.