## Why It Matters

Setting up a vulnerability disclosure program means working through seven configuration sections, generating a security.txt, and publishing a public reporting portal. An AI agent can drive that entire flow for you through Kit's MCP tools — you describe what you want, the agent reads the schema, writes the config, and asks for your sign-off before anything goes live.

This is the **build** side of the CSIRT tooling. The [AI Integration](/docs/ai-integration-vdp) page covers the day-to-day *triage* tools (severity, duplicates, researcher responses). This page covers the four tools that stand a program up from nothing.

The agent is a copilot, not an autopilot. It can read your program state, draft a full configuration, and write it back — but going live, starting a trial, setting bounty amounts, and editing legal text all wait for an explicit human "yes." Capturing a payment card is never something the agent does.

## The Zero-to-Live Flow

Four tools, in order. The agent walks the chain and `csirt_get_setup_guide` always tells it the next one to call.

| Step | Tool | What Happens |
|------|------|-------------|
| 1. Orient | `csirt_get_setup_guide` | Reports current state, the config schema, recommended defaults, and the exact `next_tool` to call. Works even on a brand-new account with no program. |
| 2. Create | `csirt_create_program` | Creates the VDP in **Draft** with sensible defaults. Free tier. Idempotent — running it twice returns the same program. |
| 3. Configure | `csirt_configure_program` | Sets any subset of the seven config sections in one call. Repeat as needed. |
| 4. Activate | `csirt_activate_program` | Publishes the public portal and starts accepting real reports. Requires human confirmation and a configured scope + security.txt contact. |

A typical conversation:

```
"Set up a vulnerability disclosure program for us. Scope is app.acme.com
 and api.acme.com, intake email security@acme.com. No bounties yet."
```

The agent calls `csirt_get_setup_guide`, sees no program exists, creates one, configures scope and the security.txt contact, then stops and asks you to confirm before going live.

## Step 1 — Orient with the Setup Guide

`csirt_get_setup_guide` is the entry point and the tool the agent returns to between steps. It never dead-ends:

- **No program yet** — returns `program_exists: false`, a value proposition, the full `config_schema`, `recommended_defaults`, and `next_tool: "csirt_create_program"`.
- **Program exists** — returns status, report counts, SLA compliance, a `config_checklist` (each item annotated with the tool that fixes it), and the next tool to call.

Because the schema and defaults travel with the response, the agent can build a complete, valid configuration without guessing field names. The keys mirror `csirt_get_program` exactly, so the same shapes work for read, edit, and write-back.

## Step 2 — Create the Program

`csirt_create_program` creates the VDP in **Draft** status on the free tier. No subscription required.

| Parameter | Required | Description |
|-----------|----------|-------------|
| `name` | No | Program name. Defaults to `<Account> VDP`. |
| `disclosure_policy` | No | Coordinated-disclosure policy text (markdown). Pre-populated with safe-harbor language if omitted. |

It is **idempotent**: if a program already exists, the tool returns that one instead of creating a duplicate. The response includes the `config_checklist` and `next_tool: "csirt_configure_program"`.

> [!NOTE]
> Creating a program does **not** make it public. A draft program accepts no reports and is invisible to the public until you activate it — but you can preview it yourself at any time (see below).

## Step 3 — Configure the Program

`csirt_configure_program` sets any subset of the seven configuration sections in a single call. Keys and field shapes mirror `csirt_get_program` and `csirt_get_setup_guide`, so a read → edit → write-back round-trip is lossless.

> [!IMPORTANT]
> **All monetary amounts are in cents.** A $500 bounty is `50000`. This applies to the bounty matrix and the minimum payout.

| Section | Key | What It Sets |
|---------|-----|-------------|
| Scope | `scope_config` | `in_scope_targets[]`, `out_of_scope_categories[]`, `excluded_vuln_types[]`. **Required before activation.** |
| Bounty Matrix | `bounty_matrix_config` | `tiers: [{severity, min_cents, max_cents}]` for informational/low/medium/high/critical/super_critical. |
| SLAs | `sla_config` | `acknowledgment_hours`, `resolution_targets {severity => hours}`. |
| Triage | `triage_config` | `default_assignee_id`, `escalation_severities[]`, `dedup_enabled`, `require_retest`, `max_appeals`, `auto_assign_on_call`. |
| Payouts | `disbursement_config` | `supported_payment_methods[]`, `require_tax_docs`, `require_agreement`, `min_payout_cents`, `currency`. |
| Spam | `spam_config` | `max_reports_per_window`, `window_seconds`, `block_duration_seconds`, `cleanup_interval_seconds`. |
| security.txt | `security_txt_config` | `contact_email` (the public intake address — **required before activation**), `expires_days`, `policy_url`, `acknowledgments_url`, `hiring_url`, `encryption_url`. |

You can call this tool as many times as you like while in Draft. The response reports which sections changed, whether the program is now `activatable`, any remaining `activation_blockers`, and the next tool.

For the full meaning of each field, see [Configuring Your Program](/docs/configuring-your-program), which documents the same seven sections in the web UI.

### Previewing the Draft Portal

You don't have to activate to see the portal. Every setup tool returns a `portal_preview_url` — the portal rendered exactly as researchers will see it, with a preview banner. It works while the program is still in Draft:

- **Account members only.** Open the link while signed in to Kit. If you're signed out, the link sends you to the sign-in page and back; visitors who aren't members of your account get a 404, so the draft stays invisible to the public.
- **Always on the Kit domain.** A custom security domain (for example `vdp.yourcompany.com`) starts serving the portal only after activation — your Kit sign-in doesn't carry over to your own domain, so the preview link always uses the `kit` URL.

Ask the agent "show me a preview of my VDP page" and it will hand you this link.

## Step 4 — Activate (Go Live)

`csirt_activate_program` takes the VDP live: it publishes the public reporting portal and starts accepting real researcher reports and SLA clocks.

This tool is **human-gated**. The agent will describe exactly what going live means and wait for your explicit confirmation before calling it.

It also **refuses to activate** until two things are set:

- **Scope** — at least one in-scope target (`scope_config.in_scope_targets`).
- **security.txt contact** — an intake email (`security_txt_config.contact_email`).

If either is missing, the tool returns the specific blockers (plus the draft `preview_url`) and points the agent back to `csirt_configure_program` with the section to fix. Once live, the response includes the public `portal_url` — your custom security domain when one is configured, otherwise the Kit URL. You can later pause the program, but the act of going public is what activation guarantees a human approved.

## Starting a Free Trial

Bounty payouts, the full triage pipeline, and disbursements live in the **VDP Add-on** ($49/mo). To evaluate them, the agent can start a free trial:

`csirt_start_trial` begins a **free 30-day VDP trial**. It is **cardless and self-cancelling** — no payment details are captured and it ends on its own — so it is safe to run after a single human "yes."

> [!CAUTION]
> The agent will **never** capture a payment card. Paid checkout stays in the web UI. For a real subscription, the agent sends you to the [pricing page](/account/billing) — it does not (and cannot) take card details.

If VDP is already active, the trial tool reports that no trial is needed. After a trial starts, the agent typically returns to `csirt_configure_program` to set the bounty matrix.

## Automatic vs. Human-Confirmed

| The agent does automatically | Waits for a human "yes" | Never agent-actionable |
|------------------------------|-------------------------|------------------------|
| Read program state and the config schema | **Activation** (going live / publishing the portal) | Capturing a payment card |
| Draft a full configuration from your intent | **Starting a trial** | Real paid checkout |
| Write config sections (scope, SLAs, triage, spam, security.txt) | Setting **bounty $ amounts** | — |
| Create the draft program (idempotent, free) | Editing **safe-harbor / disclosure legal text** | — |

The agent gathers context and prepares changes freely, but the decisions with real-world consequences — publishing to the world, spending money, and legal language — always route through you.

## Quick Checklist

- [ ] If using an external MCP client, make sure the connection was granted **CSiRT — Read & write** on the consent screen — the setup tools are write tools
- [ ] Ask the agent to "set up a VDP" — it starts with `csirt_get_setup_guide`
- [ ] Confirm the program was created in Draft (free tier, no charge)
- [ ] Provide scope (in-scope targets) and an intake email for security.txt
- [ ] Review the bounty matrix amounts before approving (amounts are in cents)
- [ ] Give an explicit "yes" before the agent calls `csirt_activate_program`
- [ ] Verify the public `portal_url` returned after activation
- [ ] If evaluating paid features, approve `csirt_start_trial` (cardless, 30 days)

## Next Steps

- [Configuring Your Program](/docs/configuring-your-program) — field-by-field reference for the seven config sections
- [AI Integration](/docs/ai-integration-vdp) — the triage-side AI tools (severity, duplicates, researcher responses)
- [security.txt Setup](/docs/security-txt-setup) — RFC 9116 compliance and verification
- [Connecting AI Assistants](/docs/connecting-ai-assistants) — connect an external MCP client and manage scopes