Frequently Asked Questions

Click the "Register" tab on the login page, fill in your details (name, email, optional company), create a password, and click "Subscribe". You'll start with a 7-day free trial of our Starter plan - no credit card required! You'll receive a confirmation email to verify your account.

After your 7-day free trial:

• You'll be prompted to subscribe to the Starter plan ($5/month) or choose a different plan
• If you don't subscribe, you'll have a 7-day grace period to decide
• After the grace period, your account will be paused until you select a plan
• Your scan history is preserved and will be available when you subscribe

We support a wide range of file types including:

• Executables: EXE, DLL, MSI
• Documents: PDF, DOC, DOCX, XLS, XLSX
• Images: JPG, PNG, GIF, BMP (with OCR text extraction)
• Email: eml and msg message types
• Archives: ZIP, RAR, 7Z
• Scripts: JS, VBS, PS1

Maximum file size is 20MB per file.

Most scans complete within seconds. Larger files or deep scans may take up to a minute. You'll receive a notification when your scan is complete.

Clean: No threats detected. The file appears safe.
Threat Detected: Malicious content found. The report will detail the type of threat and description. You will need to review the file and remove the malicious content.

File hashes (MD5, SHA-1, SHA-256) are unique "fingerprints" for files. They allow you to:

• Verify the exact file that was scanned
• Maintain audit records for compliance

All new users start with a 7-day free trial of our Starter plan - no credit card required!

Go to Settings → Subscription in your dashboard. You can change your plan at any time. Upgrades take effect immediately; downgrades take effect at the next billing cycle.

Go to your Dashboard → Subscription panel and click "Manage Subscription". This will open our secure payment portal where you can cancel, upgrade, downgrade, or update your payment method. You'll retain access until the end of your current billing period. Your scan history will be retained for 30 days after cancellation.

Enterprise plans are available directly from your dashboard! Go to Subscription and select the Enterprise plan you want. Features include:

• 250,000/500,000 scans per month
• 5/10 team seats included
• 90 day scan history
• Team management features
• Lead user capabilities
• Email support

Need more than 5 seats? Contact Us at Strategic Prompt Architect to discuss custom team arrangements.

Yes! You can download your scan history as a CSV file from your dashboard. Go to Scan History and click the Export button. The download includes scan dates, file names, risk levels, and findings summaries.

Your API key is automatically generated when you create an account. Find it in your dashboard under API Access. Keep your key secure and never share it publicly.

Immediately regenerate your API key from the API Access section in your dashboard. The old key will be invalidated instantly. Update your integrations with the new key.

Note: You may regenerate your API key up to 5 times. If you reach this limit, please Contact Us at Strategic Prompt Architect to verify your identity and discuss your account security options.

Endpoint: POST https://mpsagenticmcp-production.up.railway.app/v1/scan

Headers:

Content-Type: multipart/form-data
Authorization: Bearer mps_xxxxxxxx_yyyyyyyyyyyyyyyyyyyy

Request Body:

Multipart file upload with field name: file
Supported types: TXT, PDF, DOC, DOCX, XLS, XLSX, EXE, DLL, JS, PS1, ZIP, and more
Maximum file size: 20MB

Successful Response (200 OK):

{
				  "success": true,
				  "scan_id": "MPS-20260207-001",
				  "file_name": "document.txt",
				  "file_size": 1024,
				  "risk_level": "GREEN",
				  "risk_score": 0,
				  "findings_count": 0,
				  "scan_duration_ms": 150
				}

Response with Threat Detected:

{
				  "success": true,
				  "scan_id": "MPS-20260207-002",
				  "file_name": "suspicious.txt",
				  "file_size": 2048,
				  "risk_level": "RED",
				  "risk_score": 85,
				  "findings_count": 2,
				  "findings": [
					{
					  "pattern_type": "PROMPT_INJECTION",
					  "description": "Prompt injection attempt detected",
					  "severity": "HIGH"
					}
				  ],
				  "scan_duration_ms": 200
				}

Risk Level	Score Range	Meaning	Recommended Action
🟢 GREEN	0-29	No threats detected	Probably safe to proceed
🟠 ORANGE	30-69	Suspicious content detected	Review findings before proceeding
🔴 RED	70-100	Malicious content detected	Block or quarantine content

Code	Meaning	Solution
400	Bad Request	Check request format and required fields
401	Unauthorized	Verify your API key is correct
403	Forbidden	Check your subscription status
429	Rate Limited	Wait before retrying; consider upgrading plan
500	Server Error	Retry request; contact support if persistent

Rate Limits by Plan:

• Starter: 10/minute, 100/day
• Builder: 50/minute, 500/day
• Professional: 100/minute, 2,000/day
• Enterprise 5: 500/minute, 10,000/day
• Enterprise 10: 500/minute, 20,000/day

cURL (Linux/macOS/WSL):

curl -X POST https://mpsagenticmcp-production.up.railway.app/v1/scan \
  -H "Authorization: Bearer mps_xxxxxxxx_yyyyyyyyyyyyyyyyyyyy" \
  -F "file=@document.txt"

Windows CMD users: If you get SSL errors (exit code 35), add --ssl-no-revoke after curl.

PowerShell (Windows native):

$response = Invoke-RestMethod -Uri "https://mpsagenticmcp-production.up.railway.app/v1/scan" `
  -Method Post `
  -Headers @{ "Authorization" = "Bearer mps_xxxxxxxx_yyyyyyyyyyyyyyyyyyyy" } `
  -Form @{ file = Get-Item "document.txt" }
$response | ConvertTo-Json

Python:

import requests

				with open("document.txt", "rb") as f:
					response = requests.post(
						"https://mpsagenticmcp-production.up.railway.app/v1/scan",
						headers={
							"Authorization": "Bearer mps_xxxxxxxx_yyyyyyyyyyyyyyyyyyyy"
						},
						files={"file": ("document.txt", f)}
					)

				result = response.json()
				if result["risk_level"] == "GREEN":
					print("Content is safe")
				else:
					print(f"Threat detected: {result['findings']}")

JavaScript (Node.js 18+):

const fs = require("fs");

const fileBuffer = fs.readFileSync("document.txt");
const form = new FormData();
form.append("file", new Blob([fileBuffer]), "document.txt");

const response = await fetch(
  "https://mpsagenticmcp-production.up.railway.app/v1/scan",
  {
    method: "POST",
    headers: {
      "Authorization": "Bearer mps_xxxxxxxx_yyyyyyyyyyyyyyyyyyyy"
    },
    body: form
  }
);

const result = await response.json();
console.log(result.risk_level, result.findings_count);

No. File content is processed in memory only and is never written to disk or stored in the database. Once the scan completes and the response is returned, the file content is discarded. A cryptographic hash (SHA-256 fingerprint) of the file is generated and saved so you can verify which file was scanned. For each detected threat, the matched text and its character offset (position within the document) are stored as part of the finding record to support the findings display in your dashboard. No other file content is retained.

Scan metadata is stored in your account's scan history. This includes:

• Scan ID and timestamp
• File name and file hash (SHA-256)
• Risk level and risk score
• Findings detail: the matched text and its character offset (position within the document)
• Scan duration
This data is visible in your dashboard under Scan History and can be exported as CSV. It is retained according to your plan's history period (30-90 days). The full file content is never stored — only the matched text and position data required to display findings.

No. MPS-Agentic uses entirely pattern-based detection. Your submitted content is scanned using regex pattern matching, zone-weighted risk scoring, and preprocessing normalization — all executed locally on our server. No content is ever sent to any third-party AI model, LLM, or external service. Your data cannot be incorporated into any model's training data because it never reaches one.

Yes. All API and web traffic to MPS-Agentic is encrypted using HTTPS with TLS 1.2 or higher. SSL certificates are automatically provisioned and renewed via Let's Encrypt (RSA 2048-bit). Plain HTTP requests are automatically redirected to HTTPS. Your file content and API key are encrypted during every transmission between your system and our server.

Only you (through your authenticated dashboard and API) and authorized system administrators have access to your scan metadata. Company accounts allow lead users to view scan history for team members within their organization. There is no shared access across unrelated accounts. API keys are stored as cryptographic hashes — the full key is shown only once at generation time and cannot be retrieved afterward.

During scheduled maintenance:

• Login: The login page shows "System under maintenance" and sign-in is temporarily disabled
• API: All API calls return a 503 error with a "System under maintenance" message
• Dashboard: If you're already logged in, you'll see a maintenance banner

Maintenance windows are typically brief (30 minutes to 2 hours) and are scheduled during low-usage periods when possible.

No. Your scan history, API keys, and account data are safely preserved during maintenance. However, if you're in the middle of an action (uploading a file, changing settings) when maintenance begins, that specific action may not complete. We recommend logging out when you see the maintenance banner.

During maintenance, API calls return HTTP status 503 Service Unavailable with a Retry-After header. Your integration should:

• Check for 503 responses and handle them gracefully
• Queue requests for retry after the maintenance window
• Use the Retry-After header value to determine when to retry

We send email alerts before scheduled maintenance so you can prepare your systems.

We send email notifications to all active users before scheduled maintenance. The email includes:

• Scheduled date and time
• Expected duration
• Reason for maintenance
• What to expect during the window

Make sure your email address is current in your account settings to receive these notifications.

The Scan Activity chart shows your scan volume over time, broken down into clean scans (green) and threat detections (red).

View periods: Use the selector above the chart to switch between Today, 7 Days, 14 Days, 30 Days, 60 Days, and 90 Days. Each bar represents one time bucket — hourly for Today, daily for all other views.

Clicking a bar filters the dashboard to that time window. The Threat Patterns panel updates to show only the attack categories detected in that period, and the Recent Activity table updates to show only scans from that window.

Clicking a pattern in the Threat Patterns list adds a second filter — the Recent Activity table narrows further to scans containing that specific attack category. The active filter is shown in the chart header. Click Clear to reset both filters.

The Threat Patterns panel shows the attack categories found across your scans, ranked by frequency. Categories include Direct Override, Role Manipulation, Privilege Escalation, and others — see the Scanning & Results section above for a full description of each category.

When no bar is selected, counts reflect your full history for the current view period. When a bar is selected, counts reflect only that time window. Click any pattern to filter the Recent Activity table to scans containing that attack type.