Use Case · Anthropic SDK

Your Claude agent can read everything the API key allows. That's the problem.

The Anthropic SDK gives agents tool-use superpowers. Civic scopes which tools they can call and what data they can see.

use case / anthropic sdk

The retrieval tool indexed customer support tickets. Including the ones marked internal.

Just imagine, one day…

You build a Claude-powered support agent using the Anthropic SDK with tool use. It connects to your help desk API to search resolved tickets and suggest answers. You give it read access so it can learn from past resolutions.

The agent indexes everything: customer-facing tickets, internal escalation notes, and tickets tagged “internal: legal review.” A customer asks about a billing dispute and the agent cites an internal note about a pending lawsuit. The customer screenshots it and posts it on X.

Read access without scope means the agent sees your internal notes the same way it sees public tickets.

Without scoped access, your agent reads every ticket the same way.

It does things you did not intend

You asked it to learn from resolved tickets. It ingested internal legal notes, escalation records, and tickets flagged for compliance review.

You cannot prove what happened

Which tickets were indexed? Which internal notes were cited in customer responses? Without audit logs, you're searching chat histories manually.

You cannot stop it fast enough

The data is already in the agent's context. Revoking API access doesn't erase what it already learned. Internal notes are in customer-facing answers.

It gets confused and you never know

An internal escalation note and a resolved ticket look identical to the API. The agent can't tell which is customer-safe and which is privileged.

Your Claude agent calls Civic. Civic scopes every tool call.

Connectivity

One MCP endpoint for your help desk, knowledge base, and CRM. Your Anthropic SDK agent connects to all data sources through Civic.

Guardrails

Read resolved, customer-facing tickets. Nothing internal. The agent physically can't see escalation notes or legal review tags.

Auditability

Every ticket read, every search query, every citation logged with the tool call that triggered it. Compliance reviews take minutes.

Revocation

Revoke the agent's access and every data source disconnects. No stale API keys. No cached credentials in the runtime.

Connect the Anthropic SDK through Civic in three steps

Anthropic SDK Agent

Add help desk and knowledge base.

Scope to resolved, customer-facing tickets.

Make internal and legal-flagged tickets invisible.

Done. 2 tools connected:

✓ Help desk — resolved tickets only

✓ Knowledge base — public articles

Your MCP URL and token are ready to copy.

Read the docs

The same scenario. Different outcomes.

Without Civic, the agent indexes everything the API returns. With Civic, internal tickets are invisible.

$ python support_agent.py --index

[claude] connecting to help desk API...

[helpdesk:read] indexing resolved — 2,340 tickets

[helpdesk:read] indexing internal — 187 tickets

[helpdesk:read] ✘ legal_review_notes.md indexed

$ # internal notes in the knowledge base. customers can ask.

$ python support_agent.py --index

[claude] connecting to help desk via Civic...

[helpdesk:read] indexing resolved — 2,340 tickets

[nexus] helpdesk:read:internal requested

[nexus] ✘ BLOCKED — internal tickets not in scope

$ # only customer-facing tickets indexed.

Ship safer with Civic

We'll help you implement authenticated, scoped, and auditable access without slowing down your build.

Start building Read the docs