arx-mcp-server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@arx-mcp-serverrun a SAST scan on the main branch"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
arx-mcp-server
ARX MCP Server - Execute 100+ security operations with policy enforcement, audit logging, and human approvals
Overview
The Arx MCP Server is a Model Context Protocol (MCP) implementation that provides comprehensive security operations management. It integrates with the ARXsec.io API to execute security scans, manage compliance, handle secrets, and more—all with built-in policy enforcement, detailed audit logging, and human approval workflows.
Related MCP server: security-framework-mcp
Features
Security Scanning: SAST, DAST, SCA, Container, IaC, SBOM, and AppSec scanning
Compliance Management: Support for SOC2, ISO27001, HIPAA, PCI-DSS, and GDPR frameworks
Secrets Management: Encrypted secret storage with rotation and revocation
Policy Enforcement: Define and enforce security policies across operations
Audit Logging: Comprehensive audit trails for compliance and investigation
Human Approvals: Approval workflows for sensitive operations
Connector Management: Integration with 20+ security tools and platforms
Remediation: Execute automated remediation actions for security findings
Tools Provided
1. run_security_scan
Execute security scans with policy enforcement
Parameters:
scan_type(enum): sast, dast, sca, container, iac, sbom, appsectarget(string): Target to scan (repository, URL, image, etc.)policy_id(string, optional): Policy ID to enforcerequire_approval(boolean, default: false): Require human approval
2. execute_remediation
Execute remediation actions for security findings
Parameters:
finding_id(string): ID of the security findingaction(string): Remediation action to executerequire_approval(boolean, default: true): Require human approval
3. check_compliance
Check compliance status against regulations
Parameters:
framework(enum): SOC2, ISO27001, HIPAA, PCI-DSS, GDPRscope(string, optional): Scope of compliance check
4. manage_secrets
Manage secrets with encryption, rotation, and audit
Parameters:
operation(enum): create, retrieve, rotate, revokesecret_name(string): Name of the secretsecret_value(string, optional): Secret value (for create operation)
5. request_approval
Request human approval for operations
Parameters:
operation(string): Operation requiring approvalreason(string, optional): Reason for the operationpriority(enum): low, medium, high, critical
6. get_audit_log
Retrieve audit logs for compliance and investigation
Parameters:
filters(object, optional): Filters for audit loglimit(integer, default: 100): Maximum records to return
7. list_connectors
List available security connectors and integrations
Parameters:
connector_type(string, optional): Filter by connector type
8. manage_policies
Create, update, or retrieve security policies
Parameters:
operation(enum): create, retrieve, update, delete, listpolicy_id(string, optional): Policy IDpolicy_definition(object, optional): Policy rules and configuration
Installation
Prerequisites
Python 3.9+
ARXsec.io API (running or accessible)
From PyPI (Recommended)
pip install arx-mcp-serverFrom Source
Clone the repository:
git clone https://github.com/GetHammerpath/arx-mcp-server.git
cd arx-mcp-serverCreate virtual environment:
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activateInstall in development mode:
pip install -e .(Optional) Install development dependencies:
pip install -e ".[dev]"Configuration
Create .env file with your settings:
cp .env.example .env
# Edit .env with your settingsExample .env:
ARXSEC_API_URL=https://api.arxsec.io
ARXSEC_API_KEY=your-api-key-here
LOG_LEVEL=INFOUsage
Standalone Mode
python main.pyDocker
docker build -t arx-mcp-server .
docker run -e ARXSEC_API_URL=http://arxsec-api:8000 arx-mcp-serverDocker Compose
docker-compose upConfiguration
Environment Variables
ARXSEC_API_URL: Base URL for ARXsec.io API (default: http://localhost:8000)ARXSEC_API_KEY: API key for authentication (optional)LOG_LEVEL: Logging level (default: INFO)
Testing
Run tests with pytest:
pip install pytest pytest-asyncio
pytestWith coverage:
pip install pytest-cov
pytest --cov=. tests/Architecture
The server consists of:
ArxMCPServer: Main server class implementing MCP protocol
Tool Registry: Tool definitions and handlers
Audit Logger: Tracks all operations for compliance
Approval Manager: Manages human approval workflows
API Client: Communicates with ARXsec.io API
Data Flow
Claude/Client
↓
MCP Server
├─ Tool List
├─ Tool Execution
└─ Error Handling
↓
Policy Enforcement & Approval Logic
↓
ARXsec.io API
├─ Security Operations
├─ Compliance Management
├─ Secrets Management
└─ Audit Logging
↓
Database & Backend ServicesAPI Integration
The server communicates with the ARXsec.io API at /v1/* endpoints:
POST /v1/compliance/scan- Execute security scanPOST /v1/audit/remediate- Execute remediationGET /v1/compliance/status- Check compliancePOST/GET/DELETE /v1/secrets/*- Manage secretsGET /v1/audit/logs- Retrieve audit logsGET /v1/connectors- List connectorsGET/POST/PUT/DELETE /v1/policies/*- Manage policies
Security Considerations
API Key: Store API keys securely in environment variables
HTTPS: Always use HTTPS in production
Approval Workflows: Enable approval for sensitive operations
Audit Logging: All operations are logged for compliance
Policy Enforcement: Define strict policies for security operations
Secret Rotation: Rotate secrets regularly
Development
Code Structure
arx-mcp-server/
├── main.py # Main server implementation
├── requirements.txt # Python dependencies
├── setup.py # Package configuration
├── Dockerfile # Container configuration
├── docker-compose.yml # Multi-container setup
├── pytest.ini # Test configuration
├── tests/ # Test suite
│ └── test_server.py
└── README.mdAdding New Tools
To add a new tool:
Add tool definition to
_setup_tools()inArxMCPServerImplement handler method (e.g.,
async def _new_tool(self, arguments))Register handler in
call_tool()functionAdd tests in
tests/test_server.py
Logging
The server uses structured logging with structlog:
log.info("event_name", key="value")Logs include:
Timestamp (ISO 8601)
Event type
Request/Response details
Error information
Audit trail
Error Handling
All tool execution errors are caught and returned as ToolResult with isError=True. Detailed error messages are logged for debugging.
Approval Workflow
Sensitive operations can require human approval:
Operation is initiated with
require_approval=TrueApproval request is created with unique ID
Operation is queued pending approval
Human reviews and approves/rejects
Operation executes (if approved) or fails
Support
For issues or questions:
GitHub Issues: https://github.com/GetHammerpath/arx-mcp-server/issues
Documentation: https://docs.arxsec.io
Email: support@hammerpath.io
License
MIT License - See LICENSE file for details
Contributing
Contributions are welcome! Please:
Fork the repository
Create a feature branch
Make your changes
Add tests
Submit a pull request
Acknowledgments
Built with Model Context Protocol
Integrates with ARXsec.io
Security best practices from OWASP and NIST
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/GetHammerpath/arx-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server