Skip to content

Knuckles-Team/ciso-assistant-api

BranchesTags

Repository files navigation

CISO Assistant - A2A | AG-UI | MCP

PyPI - Version MCP Server PyPI - Downloads GitHub Repo stars GitHub forks GitHub contributors PyPI - License GitHub

GitHub last commit (by committer) GitHub pull requests GitHub closed pull requests GitHub issues

GitHub top language GitHub language count GitHub repo size GitHub repo file count (file type) PyPI - Wheel PyPI - Implementation

Version: 0.1.0

Overview

CISO Assistant is a production-grade Python API client, Model Context Protocol (MCP) server, and A2A agent for CISO Assistant, intuitem's open-source GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting.

It provides 100% coverage of the CISO Assistant REST API — every one of the ~1,565 operations in the drf-spectacular schema is exposed as both a typed client method and an action-routed MCP tool. The client, MCP tools, and a machine-readable coverage manifest are all generated from the vendored OpenAPI spec (ciso_assistant_api/specs/ciso_assistant.json) by scripts/generate_from_openapi.py, and a coverage test asserts the three sets stay in lock-step.

Key Features

  • 100% Action-Routed MCP Tools — one consolidated tool per domain (e.g. ciso_assistant_compliance, ciso_assistant_risk_management, ciso_assistant_incidents) takes an action plus a params_json payload and routes to the underlying API method. 19 domain tools (mirroring the published documentation categories) cover every endpoint without flooding the IDE tool list.
  • Full CISO Assistant surface — Analytics & Metrology, Assets, Authentication & Users, Compliance, EBIOS-RM, Evidence & Attachments, Frameworks & Libraries, Governance, Incidents, Integrations, Privacy, Quantitative Risk (CRQ), Resilience, Risk Management, Security Exceptions & Findings, Settings, Tasks & Timeline, and Third-Party Risk Management.
  • Knox token auth — a pre-minted Knox token or a username/password pair exchanged for a token at POST /api/iam/login/, plus OIDC delegation (RFC 8693) via agent-utilities.
  • Resilient — honours 429 Retry-After, retries transient 5xx, and transparently follows DRF next pagination links.

MCP

Using as an MCP Server

The MCP Server runs in stdio (local) or streamable-http (networked) mode. Each domain is a tool gated by a {TAG}TOOL environment variable (default True), so you can scope the surface (e.g. set CHATTOOL=False to drop the chat domain).

Environment Variables

Variable Description
CISO_ASSISTANT_URL Backend host URL, e.g. https://ciso.arpa or http://localhost:8000.
CISO_ASSISTANT_TOKEN Pre-minted Knox token.
CISO_ASSISTANT_USERNAME / CISO_ASSISTANT_PASSWORD Credentials exchanged for a token at POST /api/iam/login/.
CISO_ASSISTANT_SSL_VERIFY Verify TLS (default True).
<DOMAIN>TOOL Toggle a domain tool, e.g. INCIDENTSTOOL, COMPLIANCETOOL, RISK_MANAGEMENTTOOL (default True).

Run in stdio mode (default):

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "stdio"

Run in HTTP mode:

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-mcp --transport "streamable-http" --host "0.0.0.0" --port "8000"

Tool Domains

analytics_metrology, assets, auth_users, chat, compliance, crq, ebios_rm, evidence, frameworks_libraries, governance, incidents, integrations, privacy, resilience, risk_management, security_findings, settings, tasks_timeline, third_party — plus custom_api (a raw REST escape hatch).

A2A Agent

Run A2A Server

export CISO_ASSISTANT_URL="https://ciso.arpa"
export CISO_ASSISTANT_TOKEN="your_token"
ciso-assistant-agent --provider openai --model-id gpt-4o --api-key sk-...

Docker

Build

docker build -t ciso-assistant-api .

Run MCP Server

docker run -d \
  --name ciso-assistant-api \
  -p 8000:8000 \
  -e TRANSPORT=http \
  -e CISO_ASSISTANT_URL="https://ciso.arpa" \
  -e CISO_ASSISTANT_TOKEN="your_token" \
  knucklessg1/ciso-assistant-api:latest

Deploy with Docker Compose

services:
  ciso-assistant-api:
    image: knucklessg1/ciso-assistant-api:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8000
      - TRANSPORT=http
      - CISO_ASSISTANT_URL=https://ciso.arpa
      - CISO_ASSISTANT_TOKEN=your_token
    ports:
      - 8000:8000

Configure mcp.json for AI Integration (e.g. Claude Desktop)

{
  "mcpServers": {
    "ciso_assistant": {
      "command": "uv",
      "args": [
        "run",
        "--with",
        "ciso-assistant-api",
        "ciso-assistant-mcp"
      ],
      "env": {
        "CISO_ASSISTANT_URL": "https://ciso.arpa",
        "CISO_ASSISTANT_TOKEN": "your_token"
      }
    }
  }
}

Install Python Package

python -m pip install ciso-assistant-api
uv pip install ciso-assistant-api

Documentation

The complete documentation is published as the official documentation site and is the source of truth for installation, usage, and deployment.

Page Covers
Overview the action-routed tool surface and architecture
Installation pip, source, extras, prebuilt Docker image
Usage (API / CLI / MCP) the MCP tools, the Api client, the CLI
Deployment run the MCP and agent servers, Compose, env config

Repository Owners

GitHub followers GitHub User's stars

About

CISO Assistant GRC API + MCP Server + A2A Agent — 100% API coverage by codegen

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

Release v0.1.0 Latest
Jun 17, 2026

Packages

 
 
 

Contributors

Languages