mipiti-mcp 0.12.0

MCP server for Mipiti — AI-powered security posture platform

Mipiti MCP Server

MCP (Model Context Protocol) server for Mipiti — security posture platform.

Lets AI coding agents (Claude Code, Claude Desktop, Cursor, etc.) generate and manage security models, controls, compliance mapping, and evidence programmatically.

Hosted Endpoint (Recommended)

The Mipiti backend hosts an MCP server at https://api.mipiti.io/mcp/. No installation needed — just configure your MCP client to connect.

Claude Code (quickstart)

claude mcp add --transport http Mipiti https://api.mipiti.io/mcp/

You'll be prompted to log in via your browser (OAuth). That's it.

OAuth (manual config)

MCP clients with OAuth support (Claude Code, Claude Desktop, Cursor) automatically prompt you to log in via your browser. Add to your project's .mcp.json:

{
  "mcpServers": {
    "mipiti": {
      "type": "http",
      "url": "https://api.mipiti.io/mcp/"
    }
  }
}

On first connection, your MCP client opens a browser window where you approve access with your Mipiti account. Tokens refresh automatically.

API Key

For clients without OAuth support, or headless/CI environments, create an API key in Settings:

{
  "mcpServers": {
    "mipiti": {
      "type": "http",
      "url": "https://api.mipiti.io/mcp/",
      "headers": {
        "X-API-Key": "your-api-key"
      }
    }
  }
}

Standalone Package (Alternative)

If you prefer running the MCP server locally (e.g., for development or self-hosted instances), install the mipiti-mcp package. This is a thin HTTP client that calls the Mipiti API.

pip install mipiti-mcp
# Or run directly with uvx
uvx mipiti-mcp

Environment Variables

Variable	Required	Default	Description
MIPITI_API_KEY	Yes	—	Your Mipiti API key
MIPITI_API_URL	No	https://api.mipiti.io	API base URL

Claude Code (standalone)

{
  "mcpServers": {
    "mipiti": {
      "command": "uvx",
      "args": ["mipiti-mcp"],
      "env": {
        "MIPITI_API_KEY": "your-api-key"
      }
    }
  }
}

Tools

generate_threat_model

Generate a complete threat model from a feature description. Runs a 5-step AI pipeline (30-60 seconds) producing trust boundaries, assets, attackers, control objectives, and assumptions. Async mode reports step-by-step progress (e.g., "Step 2/5: Refining assets").

Example prompt: "Generate a threat model for our new OAuth login feature that supports Google and GitHub providers"

refine_threat_model

Refine an existing threat model based on an instruction. Creates a new version.

Example prompt: "Add CSRF attack vectors to model tm-001"

query_threat_model

Ask a question about an existing threat model.

Example prompt: "Does model tm-001 cover SQL injection attacks?"

list_threat_models

List all saved threat models with IDs, titles, versions, and creation dates.

get_threat_model

Get the full details of a specific threat model by ID, optionally at a specific version.

get_controls

Get implementation controls for a threat model's control objectives. Auto-generates controls if none exist yet.

export_threat_model

Export a threat model as CSV (returned as text), PDF, or DOCX (download URL).

Additional tools

Category	Tools
Entity CRUD	add_asset, edit_asset, remove_asset, add_attacker, edit_attacker, remove_attacker
Controls	get_control_objectives, update_control_status, refine_control, regenerate_controls, import_controls, delete_control
Assertions	submit_assertions, list_assertions, delete_assertion
Verification	get_verification_report, get_scan_prompt, check_control_gaps
Findings	submit_findings, list_findings, update_finding
Evidence	add_evidence, remove_evidence, assess_model, get_review_queue
Compliance	list_compliance_frameworks, select_compliance_frameworks, get_compliance_report, auto_map_controls, map_control_to_requirement, suggest_compliance_remediation, apply_compliance_remediation
Systems	list_systems, get_system, create_system, add_model_to_system, select_system_compliance_frameworks, get_system_compliance_report
Management	rename_threat_model, delete_threat_model, list_workspaces, get_operation_status

Development

git clone https://github.com/Mipiti/mipiti-mcp.git
cd mipiti-mcp
pip install -e ".[dev]"
python -m pytest -v

Local Testing with Claude Desktop

{
  "mcpServers": {
    "mipiti": {
      "command": "uv",
      "args": ["run", "--directory", "/path/to/mipiti-mcp", "mipiti-mcp"],
      "env": {
        "MIPITI_API_KEY": "your-key"
      }
    }
  }
}

License

Proprietary. Copyright (c) 2026 Mipiti, LLC. All rights reserved. See LICENSE for details.