MCP server for Mipiti — AI-powered security posture platform
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Mipiti MCP Server
MCP (Model Context Protocol) server for Mipiti — security posture platform.
Lets AI coding agents (Claude Code, Claude Desktop, Cursor, etc.) generate and manage security models, controls, compliance mapping, and evidence programmatically.
Hosted Endpoint (Recommended)
The Mipiti backend hosts an MCP server at https://api.mipiti.io/mcp/. No installation needed — just configure your MCP client to connect.
Claude Code (quickstart)
claude mcp add --transport http Mipiti https://api.mipiti.io/mcp/
You'll be prompted to log in via your browser (OAuth). That's it.
OAuth (manual config)
MCP clients with OAuth support (Claude Code, Claude Desktop, Cursor) automatically prompt you to log in via your browser. Add to your project's .mcp.json:
{
"mcpServers": {
"mipiti": {
"type": "http",
"url": "https://api.mipiti.io/mcp/"
}
}
}
On first connection, your MCP client opens a browser window where you approve access with your Mipiti account. Tokens refresh automatically.
API Key
For clients without OAuth support, or headless/CI environments, create an API key in Settings:
{
"mcpServers": {
"mipiti": {
"type": "http",
"url": "https://api.mipiti.io/mcp/",
"headers": {
"X-API-Key": "your-api-key"
}
}
}
}
Standalone Package (Alternative)
If you prefer running the MCP server locally (e.g., for development or self-hosted instances), install the mipiti-mcp package. This is a thin HTTP client that calls the Mipiti API.
pip install mipiti-mcp
# Or run directly with uvx
uvx mipiti-mcp
Environment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
MIPITI_API_KEY |
Yes | — | Your Mipiti API key |
MIPITI_API_URL |
No | https://api.mipiti.io |
API base URL |
Claude Code (standalone)
{
"mcpServers": {
"mipiti": {
"command": "uvx",
"args": ["mipiti-mcp"],
"env": {
"MIPITI_API_KEY": "your-api-key"
}
}
}
}
Tools
generate_threat_model
Generate a complete threat model from a feature description. Runs a 5-step AI pipeline (30-60 seconds) producing trust boundaries, assets, attackers, control objectives, and assumptions. Async mode reports step-by-step progress (e.g., "Step 2/5: Refining assets").
Example prompt: "Generate a threat model for our new OAuth login feature that supports Google and GitHub providers"
refine_threat_model
Refine an existing threat model based on an instruction. Creates a new version.
Example prompt: "Add CSRF attack vectors to model tm-001"
query_threat_model
Ask a question about an existing threat model.
Example prompt: "Does model tm-001 cover SQL injection attacks?"
list_threat_models
List all saved threat models with IDs, titles, versions, and creation dates.
get_threat_model
Get the full details of a specific threat model by ID, optionally at a specific version.
get_controls
Get implementation controls for a threat model's control objectives. Auto-generates controls if none exist yet.
export_threat_model
Export a threat model as CSV (returned as text), PDF, or DOCX (download URL).
Additional tools
| Category | Tools |
|---|---|
| Entity CRUD | add_asset, edit_asset, remove_asset, add_attacker, edit_attacker, remove_attacker |
| Controls | get_control_objectives, update_control_status, refine_control, regenerate_controls, import_controls, delete_control |
| Assertions | submit_assertions, list_assertions, delete_assertion |
| Verification | get_verification_report, get_scan_prompt, check_control_gaps |
| Findings | submit_findings, list_findings, update_finding |
| Evidence | add_evidence, remove_evidence, assess_model, get_review_queue |
| Compliance | list_compliance_frameworks, select_compliance_frameworks, get_compliance_report, auto_map_controls, map_control_to_requirement, suggest_compliance_remediation, apply_compliance_remediation |
| Systems | list_systems, get_system, create_system, add_model_to_system, select_system_compliance_frameworks, get_system_compliance_report |
| Management | rename_threat_model, delete_threat_model, list_workspaces, get_operation_status |
Development
git clone https://github.com/Mipiti/mipiti-mcp.git
cd mipiti-mcp
pip install -e ".[dev]"
python -m pytest -v
Local Testing with Claude Desktop
{
"mcpServers": {
"mipiti": {
"command": "uv",
"args": ["run", "--directory", "/path/to/mipiti-mcp", "mipiti-mcp"],
"env": {
"MIPITI_API_KEY": "your-key"
}
}
}
}
License
Proprietary. Copyright (c) 2026 Mipiti, LLC. All rights reserved. See LICENSE for details.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mipiti_mcp-0.17.0.tar.gz.
File metadata
- Download URL: mipiti_mcp-0.17.0.tar.gz
- Upload date:
- Size: 34.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bb6a421e8f54dfbb4cb77f396971bdd5c0f04a69285c38bcd90611d21859ca8d
|
|
| MD5 |
ae0b8dfb3bf433b697b7914d339844b5
|
|
| BLAKE2b-256 |
45bebf156f001d308d4346f5dfecf32d620e3c791d405f8ccac59f4f7e7f912b
|
Provenance
The following attestation bundles were made for mipiti_mcp-0.17.0.tar.gz:
Publisher:
publish.yml on Mipiti/mipiti-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mipiti_mcp-0.17.0.tar.gz -
Subject digest:
bb6a421e8f54dfbb4cb77f396971bdd5c0f04a69285c38bcd90611d21859ca8d - Sigstore transparency entry: 1188760772
- Sigstore integration time:
-
Permalink:
Mipiti/mipiti-mcp@ab00d369011aa7503b045eb3c38f81993cc42039 -
Branch / Tag:
refs/tags/v0.17.0 - Owner: https://github.com/Mipiti
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ab00d369011aa7503b045eb3c38f81993cc42039 -
Trigger Event:
push
-
Statement type:
File details
Details for the file mipiti_mcp-0.17.0-py3-none-any.whl.
File metadata
- Download URL: mipiti_mcp-0.17.0-py3-none-any.whl
- Upload date:
- Size: 28.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e7cf7d10b15bd6e7c6aeb9d6e475c29fef8746a516624b47ff1d599e3a4fb3ef
|
|
| MD5 |
f07cfd813ca9d65434c07981eb453b34
|
|
| BLAKE2b-256 |
93d2d8dd2b4cb4a31d1e590dd42f7266bd25bf14c4b3c6ec59abb799c0402d3e
|
Provenance
The following attestation bundles were made for mipiti_mcp-0.17.0-py3-none-any.whl:
Publisher:
publish.yml on Mipiti/mipiti-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mipiti_mcp-0.17.0-py3-none-any.whl -
Subject digest:
e7cf7d10b15bd6e7c6aeb9d6e475c29fef8746a516624b47ff1d599e3a4fb3ef - Sigstore transparency entry: 1188760774
- Sigstore integration time:
-
Permalink:
Mipiti/mipiti-mcp@ab00d369011aa7503b045eb3c38f81993cc42039 -
Branch / Tag:
refs/tags/v0.17.0 - Owner: https://github.com/Mipiti
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ab00d369011aa7503b045eb3c38f81993cc42039 -
Trigger Event:
push
-
Statement type:
