Skip to main content
Glama
Knuckles-Team

CISO Assistant MCP Server

by Knuckles-Team
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

CISO Assistant - A2A | AG-UI | MCP

PyPI - Version MCP Server PyPI - Downloads GitHub Repo stars GitHub forks GitHub contributors PyPI - License GitHub

GitHub last commit (by committer) GitHub pull requests GitHub closed pull requests GitHub issues

GitHub top language GitHub language count GitHub repo size GitHub repo file count (file type) PyPI - Wheel PyPI - Implementation

Version: 0.1.0

Overview

CISO Assistant is a production-grade Python API client, Model Context Protocol (MCP) server, and A2A agent for CISO Assistant, intuitem's open-source GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting.

It provides 100% coverage of the CISO Assistant REST API — every one of the ~1,565 operations in the drf-spectacular schema is exposed as both a typed client method and an action-routed MCP tool. The client, MCP tools, and a machine-readable coverage manifest are all generated from the vendored OpenAPI spec (ciso_assistant_api/specs/ciso_assistant.json) by scripts/generate_from_openapi.py, and a coverage test asserts the three sets stay in lock-step.

Key Features

  • 100% Action-Routed MCP Tools — one consolidated tool per domain (e.g. ciso_assistant_compliance, ciso_assistant_risk_management, ciso_assistant_incidents) takes an action plus a params_json payload and routes to the underlying API method. 19 domain tools (mirroring the published documentation categories) cover every endpoint without flooding the IDE tool list.

  • Full CISO Assistant surface — Analytics & Metrology, Assets, Authentication & Users, Compliance, EBIOS-RM, Evidence & Attachments, Frameworks & Libraries, Governance, Incidents, Integrations, Privacy, Quantitative Risk (CRQ), Resilience, Risk Management, Security Exceptions & Findings, Settings, Tasks & Timeline, and Third-Party Risk Management.

  • Knox token auth — a pre-minted Knox token or a username/password pair exchanged for a token at POST /api/iam/login/, plus OIDC delegation (RFC 8693) via agent-utilities.

  • Resilient — honours 429 Retry-After, retries transient 5xx, and transparently follows DRF next pagination links.

Related MCP server: compliance-mcp

MCP

Using as an MCP Server

The MCP Server runs in stdio (local) or streamable-http (networked) mode. Each domain is a tool gated by a {TAG}TOOL environment variable (default True), so you can scope the surface (e.g. set CHATTOOL=False to drop the chat domain).

Environment Variables

Variable

Description

CISO_ASSISTANT_URL

Backend host URL, e.g. https://ciso.arpa or http://localhost:8000.

CISO_ASSISTANT_TOKEN

Pre-minted Knox token.

CISO_ASSISTANT_USERNAME / CISO_ASSISTANT_PASSWORD

Credentials exchanged for a token at POST /api/iam/login/.

CISO_ASSISTANT_SSL_VERIFY

Verify TLS (default True).

<DOMAIN>TOOL

Toggle a domain tool, e.g. INCIDENTSTOOL, COMPLIANCETOOL, RISK_MANAGEMENTTOOL (default True).

Run in stdio mode (default):

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "stdio"

Run in HTTP mode:

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "streamable-http" --host "0.0.0.0" --port "8000"

Tool Domains

analytics_metrology, assets, auth_users, chat, compliance, crq, ebios_rm, evidence, frameworks_libraries, governance, incidents, integrations, privacy, resilience, risk_management, security_findings, settings, tasks_timeline, third_party — plus custom_api (a raw REST escape hatch).

A2A Agent

Run A2A Server

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-agent --provider openai --model-id gpt-4o --api-key sk-...

Docker

Build

docker build -t ciso-assistant-api .

Run MCP Server

docker run -d \
  --name ciso-assistant-api \
  -p 8000:8000 \
  -e TRANSPORT=http \
  -e CISO_ASSISTANT_URL="https://ciso.arpa" \
  -e CISO_ASSISTANT_TOKEN="your_token" \
  knucklessg1/ciso-assistant-api:latest

Deploy with Docker Compose

services:
  ciso-assistant-api:
    image: knucklessg1/ciso-assistant-api:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8000
      - TRANSPORT=http
      - CISO_ASSISTANT_URL=https://ciso.arpa
      - CISO_ASSISTANT_TOKEN=your_token
    ports:
      - 8000:8000

Configure mcp.json for AI Integration (e.g. Claude Desktop)

{
  "mcpServers": {
    "ciso_assistant": {
      "command": "uv",
      "args": [
        "run",
        "--with",
        "ciso-assistant-api",
        "ciso-assistant-mcp"
      ],
      "env": {
        "CISO_ASSISTANT_URL": "https://ciso.arpa",
        "CISO_ASSISTANT_TOKEN": "your_token"
      }
    }
  }
}

Install Python Package

python -m pip install ciso-assistant-api
uv pip install ciso-assistant-api

Documentation

The complete documentation is published as the official documentation site and is the source of truth for installation, usage, and deployment.

Page

Covers

Overview

the action-routed tool surface and architecture

Installation

pip, source, extras, prebuilt Docker image

Usage (API / CLI / MCP)

the MCP tools, the Api client, the CLI

Deployment

run the MCP and agent servers, Compose, env config

Repository Owners

GitHub followers GitHub User's stars

This server cannot be installed

A
license - permissive license
-
quality - not tested
B
maintenance

How are these scores calculated?

Maintenance

Maintainers
Response time
Release cycle
1Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Knuckles-Team/ciso-assistant-api'

If you have feedback or need assistance with the MCP directory API, please join our Discord server