Full-Deploy Developer Guide
Full-Deploy is a secure AI-to-AI communication platform. Your AI agent (C-AI) connects through a cryptographically authenticated data tunnel — screened by PI-AI for injection attacks — and receives structured, quality-scored data in return.
This guide covers everything from initial setup to advanced integration patterns.
Quick start
From zero to your first verified query in 10 minutes.
Agent architecture
Understand C-AI, H-AI, I-AI, S-AI and PI-AI.
API reference
REST endpoints, request/response schemas, error codes.
MCP integration
Connect via the Model Context Protocol for native agent support.
Quick start
Setting up your first Full-Deploy connection takes four steps. All you need is your AIKC token from your account dashboard.
Create your account
Register at Full-Deploy/register. Choose your tier (Level 1 is free for 14 days) and complete the 3FA onboarding to receive your AIKC token.
Retrieve your credentials
In your account dashboard, navigate to Credentials. Copy your Tunnel ID, API key, and AIKC token (40 characters). Store them securely — the AIKC token is shown once.
Open a session
Use the Sessions API or MCP tool to authenticate. A valid session returns a session_id you include in subsequent requests.
Send your first query
POST a query to the Queries endpoint. Full-Deploy routes it through C-AI → WWA → PI-AI screening and returns a quality-scored, tamper-evident response.
Authentication
Full-Deploy uses three independent authentication factors:
- API key — a 64-character key passed in the
Authorizationheader. - Tunnel ID — identifies your registered tunnel (included in the request body).
- AIKC token — your 40-character AI Key Code, derived from our 14-bit colour-key system. Rotated on each session.
POST /v1/sessions HTTP/1.1
Host: api.full-deploy.io
Authorization: Bearer fd_api_<your-64-char-key>
Content-Type: application/json
{
"tunnel_id": "tun_<your-tunnel-id>",
"aikc_token": "<your-40-char-aikc-token>"
}HTTPA successful response returns:
{
"session_id": "ses_abc123...",
"expires_at": "2026-03-06T15:30:00Z",
"tunnel_status": "active",
"pi_ai_status": "screening_active"
}JSONYour first query
Once you have a session_id, submit a query through the C-AI tunnel:
POST /v1/queries HTTP/1.1
Host: api.full-deploy.io
Authorization: Bearer fd_api_<key>
X-Session-ID: ses_abc123...
Content-Type: application/json
{
"query": "What is the current OWASP Top 10?",
"agent": "c-ai",
"response_format": "structured"
}HTTPThe response includes the web data, a quality score from I-AI (Level 2+), and the PI-AI screening result:
{
"query_id": "qry_def456...",
"status": "complete",
"response": { ... },
"quality": {
"i_ai_score": 94,
"threshold": 85,
"s_ai_invoked": false
},
"security": {
"pi_ai_status": "clean",
"injection_risk": "none"
},
"audit_hash": "sha256:a3f2..."
}JSONAgent overview
Full-Deploy uses a pipeline of specialised AI agents. Each has a defined role and interacts with others in a structured order.
Your primary agent. Sends web queries through the WWA tunnel and receives structured responses. Customer-owned and customer-operated.
An optional second-channel web search agent. Provides parallel query paths for redundancy and cross-verification. Level 2+ only.
Scores the quality of every response on a 0–100 scale. If the score falls below 85, S-AI is automatically invoked. Level 2+ only.
Fetches authoritative, domain-specific data when I-AI deems a response insufficient. Configurable specialist domains. Level 2+ only.
Always active. Screens every payload at both tunnel entry and exit for injection attacks, viruses, and bad-actor patterns. References the Bad Actor Injection Index, OWASP, MITRE ATLAS, and NIST NVD feeds in real time. Cannot be disabled.
API reference
All API requests are made to https://api.full-deploy.io. Responses are JSON. All timestamps are ISO 8601 UTC.
Sessions — POST /v1/sessions
Open an authenticated session. Returns a session_id valid for 60 minutes (auto-extended on activity for Level 2+ accounts).
Queries — POST /v1/queries
Submit a query through the specified agent. Supported agents: c-ai, h-ai (L2+). The response includes the result, quality score (L2+), and PI-AI screening status.
Audit log — GET /v1/audit
Retrieve Merkle-chained, Ed25519-signed audit records for your account. Supports date-range filtering and cryptographic proof export.
Gateway API
The Full-Deploy Gateway API provides AI-to-AI security screening. Before any agent payload is forwarded to a receiving agent, pass it through the Gateway to screen for prompt injection, secrets, blocked instructions, and anomalous patterns.
All gateway endpoints are served at https://api.full-deploy.io and require an x-api-key header containing your Full Deploy API key. Two tiers are available:
64 KB payload limit · 120 req/min · 1,000 req/day · quarantine at risk ≥ 85
256 KB payload limit · 600 req/min · 10,000 req/day · review at risk ≥ 60, quarantine at risk ≥ 80
Security profiles (relaxed, balanced, strict) adjust thresholds by ±10–15 points. Use simulate to test a profile before applying it.
Screen a payload before it is consumed by a receiving agent. Returns a decision (allow, review, quarantine, or block), a risk score (0–100), and a list of reason codes.
Rate-limit state is included in response headers on every call:
| Response header | Description |
|---|---|
| X-RateLimit-Daily-Limit | Your daily cap (1,000 or 10,000) |
| X-RateLimit-Daily-Remaining | Requests left today |
| X-RateLimit-Daily-Reset | Reset date (YYYY-MM-DD UTC) |
| X-RateLimit-Per-Minute-Limit | Per-minute quota |
POST /v1/gateway/evaluate
x-api-key: fd_pub_<your-key>
Content-Type: application/json
{
"senderAgentId": "c-ai",
"receiverAgentId": "h-ai",
"payload": "What is the current OWASP Top 10?",
"metadata": { "sessionId": "ses_abc" }
}Request{
"id": "9a3c8f12-...",
"decision": "allow",
"riskScore": 5,
"reasons": [],
"anomaly": false,
"createdAt": "2026-03-21T10:15:00.000Z",
"tenantId": "public-default",
"tier": "public",
"senderAgentId": "c-ai",
"receiverAgentId": "h-ai"
}Response 200Dry-run a payload against a chosen security profile without writing to the audit log. Useful for testing threshold settings before going live.
| Field | Type | Notes |
|---|---|---|
| senderAgentIdrequired | string | Sender agent identifier |
| receiverAgentIdrequired | string | Receiver agent identifier |
| payloadrequired | string | Content to screen |
| profileoptional | relaxed | balanced | strict | Defaults to balanced |
Retrieve recent screening decisions. Results are ordered newest-first. Use the filter params to narrow results without fetching the full history.
| Query param | Type | Description |
|---|---|---|
| limitoptional | integer | Max records to return (default 100, max 1,000) |
| decisionoptional | allow | block | quarantine | review | Filter by outcome |
| fromoptional | YYYY-MM-DD | Earliest date (UTC, inclusive) |
| tooptional | YYYY-MM-DD | Latest date (UTC, inclusive) |
| senderoptional | string | Substring match on senderAgentId |
| receiveroptional | string | Substring match on receiverAgentId |
The same filter params are supported on GET /v1/gateway/audit/export which streams results as NDJSON (limit up to 50,000).
GET /v1/gateway/audit?decision=block&from=2026-03-01&sender=c-ai
x-api-key: fd_pub_<your-key>RequestList records in the quarantine/review queue — decisions that require human review before the payload is actioned. Supports ?limit (max 1,000).
Mark a quarantined or review-decision record as reviewed (acknowledged) or dismissed (false positive). Adds reviewedAt, reviewAction, and an optional note to the record.
| Field | Type | Notes |
|---|---|---|
| actionrequired | reviewed | dismissed | reviewed = acknowledged; dismissed = false positive |
| noteoptional | string | Operator note, max 500 characters |
Returns 404 if the record does not exist, 409 if the decision is not quarantine or review.
Return risk profiles for all sender→receiver agent pairs, sorted by average risk score descending. Useful for identifying which agent pairs are generating the most hostile traffic. Supports ?top=N (default 50).
Daily cap usage, decision counts (all-time), and the top 5 reason codes from the last 24 hours. Useful for building usage dashboards.
{
"dayKey": "2026-03-21",
"dailyUsed": 243,
"dailyLimit": 1000,
"dailyRemaining": 757,
"totalAuditRecords": 1891,
"decisionCounts": { "allow": 1640, "review": 120, "quarantine": 89, "block": 42 },
"topReasonCodes": [
{ "code": "PROMPT_INJECTION_HINT", "count": 187 },
{ "code": "BLOCKED_INSTRUCTION", "count": 54 }
]
}Response 200Returns the resolved security policy for your API key — tier, active security profile, payload limits, risk thresholds, and rate limits.
Reason codes
Every screening decision includes a list of reason codes. Use GET /v1/gateway/explain?code=<CODE> (no auth required) for a human-readable explanation and remediation guidance.
| Code | Severity | Description |
|---|---|---|
| PROMPT_INJECTION_HINT | high | Instruction-override or jailbreak pattern detected |
| BLOCKED_INSTRUCTION | critical | Payload contains a prohibited instruction (DROP, DELETE, etc.) |
| SECRETS_DETECTED | critical | API key, token, or credential detected in payload |
| PAYLOAD_TOO_LARGE | medium | Payload exceeds tier size limit |
| RATE_LIMIT_EXCEEDED | medium | Per-minute quota exceeded |
| DAILY_CAP_EXCEEDED | medium | Daily request cap reached; resets at 00:00 UTC |
| ANOMALY_RISK_SPIKE | critical | Risk score deviates from your recent baseline |
| PROMPT_REPLAY_DETECTED | critical | Same hostile payload submitted multiple times |
| SENDER_REPEAT_BLOCK | critical | Sender accumulated ≥5 hostile decisions in one clock-hour |
| IP_NOT_ALLOWLISTED | high | Source IP not in tenant allowlist |
| SOURCE_IP_REQUIRED | high | IP allowlist configured but no source IP provided |
decision field before forwarding a payload. A decision of allow means the payload passed all active screening rules. For review and quarantine decisions, use PATCH /v1/gateway/quarantine/:id to record your remediation action.
MCP integration
Full-Deploy is natively compatible with the Model Context Protocol (MCP). Add it as an MCP server to give your AI assistant direct, authenticated tunnel access.
{
"mcpServers": {
"full-deploy": {
"url": "https://mcp.full-deploy.io/v1",
"headers": {
"Authorization": "Bearer fd_api_<your-key>",
"X-Tunnel-ID": "tun_<your-tunnel-id>",
"X-AIKC-Token": "<your-aikc-token>"
}
}
}
}JSONOnce connected, the following MCP tools are available: fd_query, fd_session_open, fd_session_close, fd_audit_export.
Webhooks
Register a webhook endpoint in your account dashboard to receive real-time events. Events are signed with your webhook secret using HMAC-SHA256.
Available events: query.complete, query.pi_ai_blocked, session.expired, i_ai.score_low, s_ai.invoked.
PI-AI screening
PI-AI operates at both gates of every tunnel — on the way in (your query) and on the way out (the response). It cannot be bypassed or disabled.
Blocked payloads return HTTP 403 with a pi_ai_blocked reason code. All blocks are logged in the audit trail with the injection category, confidence score, and threat source attribution.
Colour-key (AIKC) authentication
The AI Key Code is derived from a 14-bit colour-key space, giving 4.4 trillion unique combinations. AIKC tokens are generated in-memory, never stored server-side, and are rotated on each session close.
Rotate your AIKC token at any time from the account dashboard → Credentials → Rotate AIKC.
Audit & compliance
Every query, session event, and PI-AI decision is written to a tamper-evident Merkle-chained log, signed with Ed25519. Records are retained for 7 years (all tiers) and can be exported as a cryptographic proof bundle for compliance evidence.