Skip to content

MCP for AI Agents — Overview

The Moveris MCP server lets AI agents verify that a live human authorized a high-stakes action before executing it. When an agent is about to run a consequential operation—wire transfer, contract signing, access control change—it calls Moveris to confirm a real person is present and approved the action.

In plain terms

AI agents (e.g., Claude, Cowork) can act on your behalf. For risky actions like transferring money, you want proof that you authorized it. The Moveris MCP server adds that proof: the agent asks you to complete a quick liveness check in your browser, then it only proceeds if you pass.

Why MCP for Liveness?

Traditional auth—passwords, 2FA, session tokens—was built for humans clicking buttons. In the agent era, the agent has access to your phone, email, and cookies. It can read one-time codes and tokens. What it cannot replicate is your face, heartbeat, and involuntary biological signals.

Problem Moveris MCP Solution
2FA codes Agent could read your codes
Session hijacking Stolen token = full access
Deepfake / spoofing AI-generated faces
One-time KYC Onboarding check isn't enough

Moveris MCP is step-up authentication for the agent era: called only when the agent needs proof that a live human authorized this action.

Architecture

The MCP server does not process video. It acts as an orchestrator. The flow is similar to OAuth for agents:

┌──────────────────┐     ┌──────────────────┐     ┌───────────────────┐
│  AI Agent /      │     │  Moveris MCP     │     │  Moveris Fast     │
│  Cowork Host     │────▶│  Server          │────▶│  Liveness API     │
│                  │◀────│  (orchestrator)  │◀────│  (existing infra) │
└──────────────────┘     └──────────────────┘     └───────────────────┘
                                │                           ▲
                                │  Returns session URL      │ Camera capture,
                                ▼                           │ MediaPipe, PPG
                         ┌──────────────────┐               │
                         │  User's Browser  │───────────────┘
                         └──────────────────┘
  1. AI agent is about to run a consequential action.
  2. Agent calls an MCP tool (e.g., verify_human_presence).
  3. MCP server creates a verification session via the Moveris API and returns a session URL.
  4. Agent shows the URL to the user: "Please verify your identity to authorize this action."
  5. User opens the link in a browser → runs the existing liveness flow (camera, capture, analysis).
  6. MCP server polls or receives a webhook when verification completes.
  7. Agent receives a signed attestation and proceeds or blocks based on the result.

What the MCP Server Provides

  • Tools — Callable functions for agents (verify human presence, check status, get result, revoke session).
  • Session management — Create and track verification sessions.
  • Signed attestationsJWT-based proof that a live human passed verification at a given time.

The underlying liveness detection uses the same Fast Liveness API that powers the REST API: MediaPipe, PPG, and CNN models.

Required API key scopes

MCP features require an API key with these scopes: - session:write — Create verification sessions - session:read — View session status and context - session:audit — Record audit events on active sessions

Keys with no scopes have full access. See Authentication.

Use Cases

Use Case Risk Level Example
Wire transfers High Agent initiates transfer; user verifies in browser before execution
Contract signing High Agent prepares contract; user verifies before signing
Access control changes High Agent modifies permissions; user verifies
Routine approvals Standard Low-value actions with quick re-verification
Regulatory compliance High EU AI Act Article 14 — human oversight for high-risk AI

Transport Options

Transport Use Case Typical Host
stdio Local development, Cursor, Claude Desktop Cursor, Claude Desktop
httpStream Remote deployment (Fly.io), Cowork, multi-tenant Fly.io, Cowork

See Quick Start for setup instructions.