Skip to main content

CISO Assistant API + MCP Server + A2A Agent — 100% API coverage

Project description

CISO Assistant - A2A | AG-UI | MCP

PyPI - Version MCP Server PyPI - Downloads GitHub Repo stars GitHub forks GitHub contributors PyPI - License GitHub

GitHub last commit (by committer) GitHub pull requests GitHub closed pull requests GitHub issues

GitHub top language GitHub language count GitHub repo size GitHub repo file count (file type) PyPI - Wheel PyPI - Implementation

Version: 0.1.0

Overview

CISO Assistant is a production-grade Python API client, Model Context Protocol (MCP) server, and A2A agent for CISO Assistant, intuitem's open-source GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting.

It provides 100% coverage of the CISO Assistant REST API — every one of the ~1,565 operations in the drf-spectacular schema is exposed as both a typed client method and an action-routed MCP tool. The client, MCP tools, and a machine-readable coverage manifest are all generated from the vendored OpenAPI spec (ciso_assistant_api/specs/ciso_assistant.json) by scripts/generate_from_openapi.py, and a coverage test asserts the three sets stay in lock-step.

Key Features

  • 100% Action-Routed MCP Tools — one consolidated tool per domain (e.g. ciso_assistant_compliance, ciso_assistant_risk_management, ciso_assistant_incidents) takes an action plus a params_json payload and routes to the underlying API method. 19 domain tools (mirroring the published documentation categories) cover every endpoint without flooding the IDE tool list.
  • Full CISO Assistant surface — Analytics & Metrology, Assets, Authentication & Users, Compliance, EBIOS-RM, Evidence & Attachments, Frameworks & Libraries, Governance, Incidents, Integrations, Privacy, Quantitative Risk (CRQ), Resilience, Risk Management, Security Exceptions & Findings, Settings, Tasks & Timeline, and Third-Party Risk Management.
  • Knox token auth — a pre-minted Knox token or a username/password pair exchanged for a token at POST /api/iam/login/, plus OIDC delegation (RFC 8693) via agent-utilities.
  • Resilient — honours 429 Retry-After, retries transient 5xx, and transparently follows DRF next pagination links.

MCP

Using as an MCP Server

The MCP Server runs in stdio (local) or streamable-http (networked) mode. Each domain is a tool gated by a {TAG}TOOL environment variable (default True), so you can scope the surface (e.g. set CHATTOOL=False to drop the chat domain).

Environment Variables

Variable Description
CISO_ASSISTANT_URL Backend host URL, e.g. https://ciso.arpa or http://localhost:8000.
CISO_ASSISTANT_TOKEN Pre-minted Knox token.
CISO_ASSISTANT_USERNAME / CISO_ASSISTANT_PASSWORD Credentials exchanged for a token at POST /api/iam/login/.
CISO_ASSISTANT_SSL_VERIFY Verify TLS (default True).
<DOMAIN>TOOL Toggle a domain tool, e.g. INCIDENTSTOOL, COMPLIANCETOOL, RISK_MANAGEMENTTOOL (default True).

Run in stdio mode (default):

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "stdio"

Run in HTTP mode:

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "streamable-http" --host "0.0.0.0" --port "8000"

Tool Domains

analytics_metrology, assets, auth_users, chat, compliance, crq, ebios_rm, evidence, frameworks_libraries, governance, incidents, integrations, privacy, resilience, risk_management, security_findings, settings, tasks_timeline, third_party — plus custom_api (a raw REST escape hatch).

A2A Agent

Run A2A Server

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-agent --provider openai --model-id gpt-4o --api-key sk-...

Docker

Build

docker build -t ciso-assistant-api .

Run MCP Server

docker run -d \
  --name ciso-assistant-api \
  -p 8000:8000 \
  -e TRANSPORT=http \
  -e CISO_ASSISTANT_URL="https://ciso.arpa" \
  -e CISO_ASSISTANT_TOKEN="your_token" \
  knucklessg1/ciso-assistant-api:latest

Deploy with Docker Compose

services:
  ciso-assistant-api:
    image: knucklessg1/ciso-assistant-api:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8000
      - TRANSPORT=http
      - CISO_ASSISTANT_URL=https://ciso.arpa
      - CISO_ASSISTANT_TOKEN=your_token
    ports:
      - 8000:8000

Configure mcp.json for AI Integration (e.g. Claude Desktop)

{
  "mcpServers": {
    "ciso_assistant": {
      "command": "uv",
      "args": [
        "run",
        "--with",
        "ciso-assistant-api",
        "ciso-assistant-mcp"
      ],
      "env": {
        "CISO_ASSISTANT_URL": "https://ciso.arpa",
        "CISO_ASSISTANT_TOKEN": "your_token"
      }
    }
  }
}

Install Python Package

python -m pip install ciso-assistant-api
uv pip install ciso-assistant-api

Documentation

The complete documentation is published as the official documentation site and is the source of truth for installation, usage, and deployment.

Page Covers
Overview the action-routed tool surface and architecture
Installation pip, source, extras, prebuilt Docker image
Usage (API / CLI / MCP) the MCP tools, the Api client, the CLI
Deployment run the MCP and agent servers, Compose, env config

Repository Owners

GitHub followers GitHub User's stars

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ciso_assistant_api-0.1.0.tar.gz (285.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ciso_assistant_api-0.1.0-py3-none-any.whl (316.6 kB view details)

Uploaded Python 3

File details

Details for the file ciso_assistant_api-0.1.0.tar.gz.

File metadata

  • Download URL: ciso_assistant_api-0.1.0.tar.gz
  • Upload date:
  • Size: 285.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for ciso_assistant_api-0.1.0.tar.gz
Algorithm Hash digest
SHA256 5defba022cd64574ef38f107e0b2b0b5f73d8c9d610d988b7dc31970c5c1c433
MD5 4e9ba20938096a91b6550efd303aa344
BLAKE2b-256 7584c188f5f969d6bfb28cbb2ca31bd77a91dfd7d43fde400f048da96bbbf027

See more details on using hashes here.

File details

Details for the file ciso_assistant_api-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for ciso_assistant_api-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 bd9c095fac33c3e948eb4abef441160da68c7ac08367d321cb902a4704742272
MD5 ae60cc09baf1ee642dc849e2755573ee
BLAKE2b-256 5842632517e79b33f9e1ddf75866798f130f2e9f82e6fe87c38fcc6c93e97b65

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page