What is a Role Brain?

A Role Brain is a persistent decision-pattern repository that captures the tacit knowledge and instincts of key personnel. When an executive departs, their Role Brain remains as a corporate asset, allowing a successor to operate at full capacity from Day 1.

How does StackFast differ from standard RAG implementations?

Standard RAG retrieves text without understanding context. StackFast provides a reasoning layer that applies judgment through structured logic, builds persistent Role Brains that compound over time, and enforces knowledge sovereignty through a 3-layer governance gate.

What is Knowledge Sovereignty?

Knowledge Sovereignty means your organization's intelligence never leaks into third-party training sets. Every brain entry is tagged for compliance and M&A readiness, with audit trails generated automatically for EU AI Act, SOC2, and HIPAA compliance.

How does StackFast reduce Key-Person Risk?

StackFast captures executive decision patterns, client relationship nuances, and institutional knowledge into structured Role Brains. When key personnel leave, their judgment and instincts remain as a corporate asset, reducing onboarding time for replacements and preserving institutional intelligence.

Back to Catalog

plugin

MASK Policy MCP

MASK Policy MCP is the agent-readable adapter for the canonical MASK service: apply, check, explain, resolve profiles, list visible rules, and search audit under RBAC control.

Host and data posture

Where this product is meant to live.

Governance rail that should appear as built-in safety under products.

Commercial shape

Platform rail

Data posture

Standalone

Approval posture

Internal control plane

Best demo

StackFast UI

Best daily use

Direct MCP/APIStackFast UIHermes

Who it is for

Enterprises, regulated teams, BYOC customers, and agent builders that need AI output to leave through tenant-scoped policy rails.

Problem it solves

It prevents proprietary terms, credentials, regulated claims, fabricated proof, and tenant secrets from leaking through inconsistent chat-specific guards.

Activation model

Inquiry-first install profile with RBAC Foundations, tenant policy packs, audit retention, and BYOC identity review.

Proof and source paths

MASK enterprise spec exists
RBAC Foundations sub-spec exists
Canonical applyMask implementation exists
CleverQ public route uses canonical MASK

Repo evidence

docs/MASK_POLICY_MCP_ENTERPRISE_SPEC_2026-05-12.md
docs/RBAC_FOUNDATIONS_SUBSPEC_2026-05-12.md
lib/mask/applyMask.ts

Capabilities

mask apply check

mcp

Apply or dry-run tenant-scoped MASK policy before AI output leaves a boundary.

Agent use
Callable V1 MCP tools stackfast.mask.apply, stackfast.mask.check, stackfast.mask.explain, stackfast.mask.profile.resolve, stackfast.mask.rules.list, and stackfast.mask.audit.search. Write/admin tools remain first-party.

mask audit policy admin

mcp

Search MASK audit and administer visible policy metadata under separation-of-duties controls.

Agent use
Callable V1 MCP audit/profile/rules-read tools. Rule write operations remain first-party in V1.

Connector proof

Catalog is not the same as customer-ready.

This product only becomes market-ready after a real host mounts the entitled tools, a safe call succeeds, metering records the event, and a customer-safe receipt exists. Until then, the page shows the strongest proven status without rounding up.

Catalog

Runtime registry and product manifest are present.

Entitlement

Entitlement boundary is not declared.

Callable

Callable tool proof is incomplete.

Metering

Metering waits on callable execution.

Customer validated

Pending fresh host-surface call receipt.

Runtime registry status

Primary registry

stackfast.ai/api/mcp

Status

live public mcp

Install gate

First install-ready candidate; still assisted until tenant binding, scoped token checks, RBAC role conflict, rollback, smoke, and audit-retention proof are packaged per tenant.

Callable tools

stackfast.mask.apply
stackfast.mask.check
stackfast.mask.explain
stackfast.mask.profile.resolve
stackfast.mask.rules.list
stackfast.mask.audit.search

Missing or gated tools

stackfast.mask.rules.create
stackfast.mask.rules.update
stackfast.mask.policy.activate

V1 runtime tools are live in the website MCP registry.
Policy write/admin tools remain first-party only in V1 by design.

Install and activate

Connect this product through the StackFast MCP endpoint. Discovery metadata is public; execution uses OAuth and storefront entitlement checks.

MCP URL

https://stackfast.ai/api/mcp

Agent subscription

This product remains request-scope until its checkout, fulfillment, and public-name gates are complete.

Client snippets

ChatGPT

Add StackFast as a custom MCP connector, then approve OAuth when prompted.

Claude

Connect a remote MCP server using the StackFast MCP URL and a tenant-scoped token or OAuth flow.

Cursor

Grok

Add StackFast as a custom MCP connector using the StackFast MCP URL and customer entitlement auth.

Product: MASK Policy MCP
Product API: https://stackfast.ai/api/store/products/mask-policy-mcp
Pricing API: https://stackfast.ai/api/store/pricing/mask-policy-mcp
Manifest API: https://stackfast.ai/api/store/manifests/mask-policy-mcp
MCP URL: https://stackfast.ai/api/mcp
Auth: oauth_reader_or_storefront_entitlement
Checkout session API: https://stackfast.ai/api/store/checkout/session
Plans:
- MASK enterprise install: Request scope; checkout_ready=false; checkout_url=request_scope
Agent activation:
- Read this product manifest and pricing API.
- If a plan has checkout_ready=true, open its checkout_url or POST product_slug, plan_slug, and customer_email to the checkout session API.
- After Stripe payment, the signed webhook grants storefront_entitlements for the buyer email/account.
- Connect the LLM client to the MCP URL and approve OAuth so tools/list reflects the licensed reader surface.
- Call only tools exposed for that entitlement; unentitled execution must fail closed.

Agent-readable queries

MASK Policy MCPAI output governance MCPtenant scoped AI policy engineBYOC IP shield for agents