MCP Server

The Secberus compliance service exposes a Model Context Protocol (MCP) interface, letting AI clients such as Claude Desktop, Cursor, and custom agents call the Secberus agents directly — including expert_chat and the document-corpus tools — without writing REST code.

This page covers the agent-facing MCP tools. The same MCP server also exposes the Pipeline mapping tools; see the Pipeline MCP reference for map_document and list_frameworks and for the full protocol handshake, client setup, and error handling.

Property Value
Endpoint POST https://compliance.secberus.ai/mcp
Transport MCP Streamable HTTP (spec 2025-03-26)
Protocol JSON-RPC 2.0
Auth authorization: YOUR_API_KEY

Agent tools overview

Tool Description
expert_chat Ask the GRC expert. Multi-turn, cross-framework synthesis, and validation of uploaded documents.
upload_document Upload a document (policy, evidence, questionnaire, or custom framework) for use by expert_chat.
list_documents List documents previously uploaded by the current user.
delete_document Delete a previously uploaded document.

All tools are invoked via tools/call:

{
  "jsonrpc": "2.0",
  "id": <number>,
  "method": "tools/call",
  "params": { "name": "<tool_name>", "arguments": { ... } }
}

Results come back in the standard envelope; on failure isError is true and the text holds the error detail.


expert_chat

Ask a GRC compliance question. Supports multi-turn conversation, cross-framework synthesis, and validating uploaded documents against framework controls. This is the MCP equivalent of the Expert Chat API.

Parameters

Field Type Required Description
messages array[Message] Yes Conversation history. The last message should have role user.
frameworks array[string] No Framework IDs to include in context. Detected automatically if omitted.
document_ids array[string] No Uploaded document IDs to include in context.

Message Object

Field Type Required Description
role string Yes user or assistant
content string Yes Message text

Example

curl -X POST https://compliance.secberus.ai/mcp \
  -H "authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
      "name": "expert_chat",
      "arguments": {
        "messages": [
          { "role": "user", "content": "Does my uploaded policy meet PCI DSS password requirements?" }
        ],
        "frameworks": ["pci_dss_v4"],
        "document_ids": ["doc_01h9z…"]
      }
    }
  }'

The agent's answer is returned as text in the result envelope.

Slash-command workflows like /policy-coverage and /policy-generator work over MCP too — pass the command as the content of the last user message.


upload_document

Upload a user document for use by expert_chat. Over MCP the content is passed inline as plain text (use the REST Documents API for binary files such as PDFs or screenshots).

Parameters

Field Type Required Description
filename string Yes Name to store the document under.
type string Yes One of questionnaire, evidence, policy, custom_framework.
content string Yes Plain-text content of the document.

Example

curl -X POST https://compliance.secberus.ai/mcp \
  -H "authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 4,
    "method": "tools/call",
    "params": {
      "name": "upload_document",
      "arguments": {
        "filename": "access-control-policy.txt",
        "type": "policy",
        "content": "All user passwords must be at least 14 characters and rotated every 90 days…"
      }
    }
  }'

The result includes the new document_id.


list_documents

List documents previously uploaded by the current user.

Parameters: None

curl -X POST https://compliance.secberus.ai/mcp \
  -H "authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 5,
    "method": "tools/call",
    "params": { "name": "list_documents", "arguments": {} }
  }'

Returns the array of Document objects.


delete_document

Delete a previously uploaded document.

Parameters

Field Type Required Description
document_id string Yes ID of the document to delete.
curl -X POST https://compliance.secberus.ai/mcp \
  -H "authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 6,
    "method": "tools/call",
    "params": {
      "name": "delete_document",
      "arguments": { "document_id": "doc_01h9z…" }
    }
  }'

Connecting AI Clients

Point any MCP Streamable HTTP (2025-03-26) client at https://compliance.secberus.ai/mcp with your API key in the authorization header. For Claude Desktop and Cursor configuration snippets and the full initialize handshake, see the Pipeline MCP reference.

{
  "mcpServers": {
    "secberus-compliance": {
      "url": "https://compliance.secberus.ai/mcp",
      "headers": { "authorization": "YOUR_API_KEY" }
    }
  }
}