CISO Assistant API + MCP Server + A2A Agent — 100% API coverage
Project description
CISO Assistant - A2A | AG-UI | MCP
Version: 0.1.0
Overview
CISO Assistant is a production-grade Python API client, Model Context Protocol (MCP) server, and A2A agent for CISO Assistant, intuitem's open-source GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting.
It provides 100% coverage of the CISO Assistant REST API — every one of the
~1,565 operations in the drf-spectacular schema is exposed as both a typed
client method and an action-routed MCP tool. The client, MCP tools, and a
machine-readable coverage manifest are all generated from the vendored OpenAPI
spec (ciso_assistant_api/specs/ciso_assistant.json) by
scripts/generate_from_openapi.py, and a coverage test asserts the three sets
stay in lock-step.
Key Features
- 100% Action-Routed MCP Tools — one consolidated tool per domain (e.g.
ciso_assistant_compliance,ciso_assistant_risk_management,ciso_assistant_incidents) takes anactionplus aparams_jsonpayload and routes to the underlying API method. 19 domain tools (mirroring the published documentation categories) cover every endpoint without flooding the IDE tool list. - Full CISO Assistant surface — Analytics & Metrology, Assets, Authentication & Users, Compliance, EBIOS-RM, Evidence & Attachments, Frameworks & Libraries, Governance, Incidents, Integrations, Privacy, Quantitative Risk (CRQ), Resilience, Risk Management, Security Exceptions & Findings, Settings, Tasks & Timeline, and Third-Party Risk Management.
- Knox token auth — a pre-minted Knox token or a username/password pair
exchanged for a token at
POST /api/iam/login/, plus OIDC delegation (RFC 8693) viaagent-utilities. - Resilient — honours
429Retry-After, retries transient5xx, and transparently follows DRFnextpagination links.
MCP
Using as an MCP Server
The MCP Server runs in stdio (local) or streamable-http (networked) mode.
Each domain is a tool gated by a {TAG}TOOL environment variable (default True),
so you can scope the surface (e.g. set CHATTOOL=False to drop the chat domain).
Environment Variables
| Variable | Description |
|---|---|
CISO_ASSISTANT_URL |
Backend host URL, e.g. https://ciso.arpa or http://localhost:8000. |
CISO_ASSISTANT_TOKEN |
Pre-minted Knox token. |
CISO_ASSISTANT_USERNAME / CISO_ASSISTANT_PASSWORD |
Credentials exchanged for a token at POST /api/iam/login/. |
CISO_ASSISTANT_SSL_VERIFY |
Verify TLS (default True). |
<DOMAIN>TOOL |
Toggle a domain tool, e.g. INCIDENTSTOOL, COMPLIANCETOOL, RISK_MANAGEMENTTOOL (default True). |
Run in stdio mode (default):
export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "stdio"
Run in HTTP mode:
export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "streamable-http" --host "0.0.0.0" --port "8000"
Tool Domains
analytics_metrology, assets, auth_users, chat, compliance, crq,
ebios_rm, evidence, frameworks_libraries, governance, incidents,
integrations, privacy, resilience, risk_management, security_findings,
settings, tasks_timeline, third_party — plus custom_api (a raw REST
escape hatch).
A2A Agent
Run A2A Server
export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-agent --provider openai --model-id gpt-4o --api-key sk-...
Docker
Build
docker build -t ciso-assistant-api .
Run MCP Server
docker run -d \
--name ciso-assistant-api \
-p 8000:8000 \
-e TRANSPORT=http \
-e CISO_ASSISTANT_URL="https://ciso.arpa" \
-e CISO_ASSISTANT_TOKEN="your_token" \
knucklessg1/ciso-assistant-api:latest
Deploy with Docker Compose
services:
ciso-assistant-api:
image: knucklessg1/ciso-assistant-api:latest
environment:
- HOST=0.0.0.0
- PORT=8000
- TRANSPORT=http
- CISO_ASSISTANT_URL=https://ciso.arpa
- CISO_ASSISTANT_TOKEN=your_token
ports:
- 8000:8000
Configure mcp.json for AI Integration (e.g. Claude Desktop)
{
"mcpServers": {
"ciso_assistant": {
"command": "uv",
"args": [
"run",
"--with",
"ciso-assistant-api",
"ciso-assistant-mcp"
],
"env": {
"CISO_ASSISTANT_URL": "https://ciso.arpa",
"CISO_ASSISTANT_TOKEN": "your_token"
}
}
}
}
Install Python Package
python -m pip install ciso-assistant-api
uv pip install ciso-assistant-api
Documentation
The complete documentation is published as the official documentation site and is the source of truth for installation, usage, and deployment.
| Page | Covers |
|---|---|
| Overview | the action-routed tool surface and architecture |
| Installation | pip, source, extras, prebuilt Docker image |
| Usage (API / CLI / MCP) | the MCP tools, the Api client, the CLI |
| Deployment | run the MCP and agent servers, Compose, env config |
Repository Owners
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ciso_assistant_api-0.1.0.tar.gz.
File metadata
- Download URL: ciso_assistant_api-0.1.0.tar.gz
- Upload date:
- Size: 285.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5defba022cd64574ef38f107e0b2b0b5f73d8c9d610d988b7dc31970c5c1c433
|
|
| MD5 |
4e9ba20938096a91b6550efd303aa344
|
|
| BLAKE2b-256 |
7584c188f5f969d6bfb28cbb2ca31bd77a91dfd7d43fde400f048da96bbbf027
|
File details
Details for the file ciso_assistant_api-0.1.0-py3-none-any.whl.
File metadata
- Download URL: ciso_assistant_api-0.1.0-py3-none-any.whl
- Upload date:
- Size: 316.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bd9c095fac33c3e948eb4abef441160da68c7ac08367d321cb902a4704742272
|
|
| MD5 |
ae60cc09baf1ee642dc849e2755573ee
|
|
| BLAKE2b-256 |
5842632517e79b33f9e1ddf75866798f130f2e9f82e6fe87c38fcc6c93e97b65
|