CISO Assistant MCP Server

CISO Assistant MCP Server

MCP server providing 100% coverage of the CISO Assistant GRC REST API through action-routed tools for compliance, risk management, and other security domains.

Category
Visit Server

README

CISO Assistant - A2A | AG-UI | MCP

PyPI - Version MCP Server PyPI - Downloads GitHub Repo stars GitHub forks GitHub contributors PyPI - License GitHub

GitHub last commit (by committer) GitHub pull requests GitHub closed pull requests GitHub issues

GitHub top language GitHub language count GitHub repo size GitHub repo file count (file type) PyPI - Wheel PyPI - Implementation

Version: 0.1.0

Overview

CISO Assistant is a production-grade Python API client, Model Context Protocol (MCP) server, and A2A agent for CISO Assistant, intuitem's open-source GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting.

It provides 100% coverage of the CISO Assistant REST API — every one of the ~1,565 operations in the drf-spectacular schema is exposed as both a typed client method and an action-routed MCP tool. The client, MCP tools, and a machine-readable coverage manifest are all generated from the vendored OpenAPI spec (ciso_assistant_api/specs/ciso_assistant.json) by scripts/generate_from_openapi.py, and a coverage test asserts the three sets stay in lock-step.

Key Features

  • 100% Action-Routed MCP Tools — one consolidated tool per domain (e.g. ciso_assistant_compliance, ciso_assistant_risk_management, ciso_assistant_incidents) takes an action plus a params_json payload and routes to the underlying API method. 19 domain tools (mirroring the published documentation categories) cover every endpoint without flooding the IDE tool list.
  • Full CISO Assistant surface — Analytics & Metrology, Assets, Authentication & Users, Compliance, EBIOS-RM, Evidence & Attachments, Frameworks & Libraries, Governance, Incidents, Integrations, Privacy, Quantitative Risk (CRQ), Resilience, Risk Management, Security Exceptions & Findings, Settings, Tasks & Timeline, and Third-Party Risk Management.
  • Knox token auth — a pre-minted Knox token or a username/password pair exchanged for a token at POST /api/iam/login/, plus OIDC delegation (RFC 8693) via agent-utilities.
  • Resilient — honours 429 Retry-After, retries transient 5xx, and transparently follows DRF next pagination links.

MCP

Using as an MCP Server

The MCP Server runs in stdio (local) or streamable-http (networked) mode. Each domain is a tool gated by a {TAG}TOOL environment variable (default True), so you can scope the surface (e.g. set CHATTOOL=False to drop the chat domain).

Environment Variables

Variable Description
CISO_ASSISTANT_URL Backend host URL, e.g. https://ciso.arpa or http://localhost:8000.
CISO_ASSISTANT_TOKEN Pre-minted Knox token.
CISO_ASSISTANT_USERNAME / CISO_ASSISTANT_PASSWORD Credentials exchanged for a token at POST /api/iam/login/.
CISO_ASSISTANT_SSL_VERIFY Verify TLS (default True).
<DOMAIN>TOOL Toggle a domain tool, e.g. INCIDENTSTOOL, COMPLIANCETOOL, RISK_MANAGEMENTTOOL (default True).

Run in stdio mode (default):

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "stdio"

Run in HTTP mode:

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "streamable-http" --host "0.0.0.0" --port "8000"

Tool Domains

analytics_metrology, assets, auth_users, chat, compliance, crq, ebios_rm, evidence, frameworks_libraries, governance, incidents, integrations, privacy, resilience, risk_management, security_findings, settings, tasks_timeline, third_party — plus custom_api (a raw REST escape hatch).

A2A Agent

Run A2A Server

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-agent --provider openai --model-id gpt-4o --api-key sk-...

Docker

Build

docker build -t ciso-assistant-api .

Run MCP Server

docker run -d \
  --name ciso-assistant-api \
  -p 8000:8000 \
  -e TRANSPORT=http \
  -e CISO_ASSISTANT_URL="https://ciso.arpa" \
  -e CISO_ASSISTANT_TOKEN="your_token" \
  knucklessg1/ciso-assistant-api:latest

Deploy with Docker Compose

services:
  ciso-assistant-api:
    image: knucklessg1/ciso-assistant-api:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8000
      - TRANSPORT=http
      - CISO_ASSISTANT_URL=https://ciso.arpa
      - CISO_ASSISTANT_TOKEN=your_token
    ports:
      - 8000:8000

Configure mcp.json for AI Integration (e.g. Claude Desktop)

{
  "mcpServers": {
    "ciso_assistant": {
      "command": "uv",
      "args": [
        "run",
        "--with",
        "ciso-assistant-api",
        "ciso-assistant-mcp"
      ],
      "env": {
        "CISO_ASSISTANT_URL": "https://ciso.arpa",
        "CISO_ASSISTANT_TOKEN": "your_token"
      }
    }
  }
}

Install Python Package

python -m pip install ciso-assistant-api

uv pip install ciso-assistant-api

Documentation

The complete documentation is published as the official documentation site and is the source of truth for installation, usage, and deployment.

Page Covers
Overview the action-routed tool surface and architecture
Installation pip, source, extras, prebuilt Docker image
Usage (API / CLI / MCP) the MCP tools, the Api client, the CLI
Deployment run the MCP and agent servers, Compose, env config

Repository Owners

<img width="100%" height="180em" src="https://github-readme-stats.vercel.app/api?username=Knucklessg1&show_icons=true&hide_border=true&&count_private=true&include_all_commits=true" />

GitHub followers GitHub User's stars

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured