ComplianceCow MCP Servers

Table of Contents

1. Introduction
2. Glossary
3. Architecture
4. MCP Servers
5. Getting Started
   • Prerequisites
   • Authentication
   • Installation
   • Configuration
6. MCP Host Setup
   • Claude Desktop
   • Goose Desktop/CLI
7. Running Locally
8. Tools Reference
9. FAQ

---

Introduction

MCP (Model Context Protocol) servers are designed to process structured requests from AI agents, perform domain-specific operations, and return context-aware responses. The ComplianceCow MCP servers enable seamless integration with MCP-compatible hosts like Claude Desktop and Goose Desktop/CLI for secure, modular, and intelligent compliance automation.

---

Glossary

Keyword	Description	Example
Control	A compliance or security control that needs to be implemented to ensure adherence to regulations, standards, and policies	Ensure MFA is enabled for all users
Assessment	A collection of controls organized hierarchically, representing an industry standard or cybersecurity framework	PCI DSS 4.0
Assessment Run	The verification of controls in an assessment for a given time period, including evidence collection	-
Check	A rule or verification for compliance or conformance	Check if MFA is enabled for all AWS users
Resource Type	Category or class of resources	AWS EC2, AWS S3
Resource	Instance of a resource type for which checks are performed	Specific EC2 instances, GitHub repositories
Asset	A group of resources of various types	AWS services, Kubernetes, GitHub
Evidence	Data aggregated through checks against resources for a given control	CSV file with AWS users and their MFA status
Action	Activity (automated or manual) to respond or remediate based on conditions	Create a JIRA ticket for non-compliant EC2 instance
Rule	A reusable automation unit that executes tasks and generates evidence	AWS MFA Compliance Check Rule
Workflow	An event-driven automation sequence with conditions and activities	Alert workflow on critical finding

---

Architecture

The ComplianceCow MCP servers support the STDIO transport mechanism for seamless local integration with your MCP host. At the core is the Compliance Graph, which continuously ingests data such as assessment runs, evidence, and compliance status. The server actively pulls information from:

• Vector stores for semantic search
• Relational databases for structured data
• Graph databases for relationship queries
• File storage systems for evidence artifacts

---

MCP Servers

We have organized ComplianceCow’s MCP tools into 4 distinct servers.

Why multiple MCP servers? In the MCP ecosystem, using fewer tools per server yields better results and better performance.
Each server can be enabled independently via the MCP_TOOLS_TO_BE_INCLUDED environment variable.
Important: Enable only one server at a time in the MCP Host to avoid tool name conflicts. Some tools share the same name across servers but have different implementations based on the use case.

1. ComplianceCow-Rules

The Rules server enables creating, managing, and executing compliance rules. It provides a comprehensive toolkit for rule creation with guided input collection, task orchestration, and ComplianceCow integration.

Use Cases:

• Create custom compliance rules with multiple tasks
• Execute rules against cloud infrastructure
• Publish rules to ComplianceCow and attach to controls
• Generate rule documentation (design notes, README)

---

2. ComplianceCow-Insights

The Insights server provides comprehensive access to compliance data, dashboards, assessments, and evidence through the Compliance Graph. Ideal for querying and analyzing compliance posture.

Use Cases:

• Query dashboard data for compliance overview
• Explore assessments and their runs
• Retrieve evidence and compliance status
• Execute Cypher queries on the Compliance Graph
• Perform actions on controls and evidence

---

3. ComplianceCow-Workflow

The Workflow server enables building and executing automated compliance workflows with event-driven triggers, conditions, and activities.

Use Cases:

• Create automated compliance workflows
• Define event triggers and conditions
• Execute multi-step workflow sequences
• Manage workflow states and transitions

---

4. ComplianceCow-Assistant

The Assistant server specializes in assessment configuration, control setup, and SQL-based evidence collection. It provides tools for configuring compliance assessments and managing control evidence.

Use Cases:

• Create and configure assessments
• Set up control configurations with context entities
• Create SQL-based evidence collection
• Manage control citations and documentation

---

Getting Started

Prerequisites

1. MCP Host: You need an MCP-compatible host:
   • Claude Desktop
   • Goose Desktop/CLI
2. Python: Version 3.11 or higher
   • Download Python
3. uv Package Manager: Required to run the MCP server
   • Install uv

Authentication

The ComplianceCow MCP servers use OAuth 2.0 with client_credentials grant type.

To obtain credentials:

1. Sign up at ComplianceCow (or your dedicated instance)
2. Click "Manage Client Credentials" in the top-right user profile menu
3. Fill out the form to obtain your Client ID and Client Secret

Installation

1. Clone the repository:

git clone https://github.com/ComplianceCow/cow-mcp.git  
cd cow-mcp  

2. Create virtual environment and install dependencies:

uv venv .venv  
source .venv/bin/activate  # On Windows: .venv\Scripts\activate  
uv pip install .  

3. Find your uv binary path (needed for configuration):

which uv  # On macOS/Linux  
where uv  # On Windows  

---

Configuration

Environment Variables

Variable	Description	Required
CCOW_HOST	ComplianceCow API host URL (Ex: https://partner.compliancecow.live)	Yes
CCOW_CLIENT_ID	Your Client ID (see Authentication section above)	Yes
CCOW_CLIENT_SECRET	Your Client Secret (see Authentication section above)	Yes

MCP Host Setup

Claude Desktop

Configuration file location:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

For detailed setup instructions, see Claude Desktop MCP Setup.

Configuration template for all 4 servers:

{
  "mcpServers": {
    "ComplianceCow-Rules": {
      "command": "<UV_BIN_PATH>",
      "args": [
        "--directory",
        "<PATH_TO_COW_MCP_REPO>",
        "run",
        "main.py"
      ],
      "env": {
        "CCOW_HOST": "<YOUR_CCOW_HOST>",
        "CCOW_CLIENT_ID": "<YOUR_CLIENT_ID>",
        "CCOW_CLIENT_SECRET": "<YOUR_CLIENT_SECRET>",
        "MCP_TOOLS_TO_BE_INCLUDED": "rules"
      }
    },
    "ComplianceCow-Insights": {
      "command": "<UV_BIN_PATH>",
      "args": [
        "--directory",
        "<PATH_TO_COW_MCP_REPO>",
        "run",
        "main.py"
      ],
      "env": {
        "CCOW_HOST": "<YOUR_CCOW_HOST>",
        "CCOW_CLIENT_ID": "<YOUR_CLIENT_ID>",
        "CCOW_CLIENT_SECRET": "<YOUR_CLIENT_SECRET>",
        "MCP_TOOLS_TO_BE_INCLUDED": "insights"
      }
    },
    "ComplianceCow-Workflow": {
      "command": "<UV_BIN_PATH>",
      "args": [
        "--directory",
        "<PATH_TO_COW_MCP_REPO>",
        "run",
        "main.py"
      ],
      "env": {
        "CCOW_HOST": "<YOUR_CCOW_HOST>",
        "CCOW_CLIENT_ID": "<YOUR_CLIENT_ID>",
        "CCOW_CLIENT_SECRET": "<YOUR_CLIENT_SECRET>",
        "MCP_TOOLS_TO_BE_INCLUDED": "workflow"
      }
    },
    "ComplianceCow-Assistant": {
      "command": "<UV_BIN_PATH>",
      "args": [
        "--directory",
        "<PATH_TO_COW_MCP_REPO>",
        "run",
        "main.py"
      ],
      "env": {
        "CCOW_HOST": "<YOUR_CCOW_HOST>",
        "CCOW_CLIENT_ID": "<YOUR_CLIENT_ID>",
        "CCOW_CLIENT_SECRET": "<YOUR_CLIENT_SECRET>",
        "MCP_TOOLS_TO_BE_INCLUDED": "assistant"
      }
    }
  }
}

Replace the following placeholders:

• UV_BIN_PATH: Path to your uv binary (e.g., /Users/username/.local/bin/uv). You can find this by running which uv (macOS/Linux) or where uv (Windows).
• PATH_TO_COW_MCP_REPO: The absolute path to your cloned cow-mcp repository. After cloning and running cd cow-mcp, use pwd (macOS/Linux) or cd (Windows) to get this path.
• YOUR_CCOW_HOST: https://partner.compliancecow.live (or <your_dedicated_instance_hosturl>)
• YOUR_CLIENT_ID: Your ComplianceCow Client ID (see Authentication)
• YOUR_CLIENT_SECRET: Your ComplianceCow Client Secret (see Authentication)

---

Goose Desktop/CLI

For detailed setup instructions, see Goose Extensions Documentation.

• macOS/Linux: ~/.config/goose/config.yaml
• Windows: %APPDATA%\goose\config.yaml

extensions:
  ComplianceCow-Rules:
    enabled: true
    type: stdio
    name: Compliancecow-Rules
    description: 'ComplianceCow Rules - Create and manage compliance rules'
    cmd: <UV_BIN_PATH>
    args:
      - --directory
      - <PATH_TO_COW_MCP_REPO>
      - run
      - main.py
    envs:
      CCOW_HOST: <YOUR_CCOW_HOST>
      CCOW_CLIENT_ID: <YOUR_CLIENT_ID>
      CCOW_CLIENT_SECRET: <YOUR_CLIENT_SECRET>
      MCP_TOOLS_TO_BE_INCLUDED: rules
    timeout: 300

  ComplianceCow-Insights:
    enabled: true
    type: stdio
    name: Compliancecow-Insights
    description: 'ComplianceCow Insights - Query compliance data and dashboards'
    cmd: <UV_BIN_PATH>
    args:
      - --directory
      - <PATH_TO_COW_MCP_REPO>
      - run
      - main.py
    envs:
      CCOW_HOST: <YOUR_CCOW_HOST>
      CCOW_CLIENT_ID: <YOUR_CLIENT_ID>
      CCOW_CLIENT_SECRET: <YOUR_CLIENT_SECRET>
      MCP_TOOLS_TO_BE_INCLUDED: insights
    timeout: 300

  ComplianceCow-Workflow:
    enabled: true
    type: stdio
    name: Compliancecow-Workflow
    description: 'ComplianceCow Workflow - Build and execute compliance workflows'
    cmd: <UV_BIN_PATH>
    args:
      - --directory
      - <PATH_TO_COW_MCP_REPO>
      - run
      - main.py
    envs:
      CCOW_HOST: <YOUR_CCOW_HOST>
      CCOW_CLIENT_ID: <YOUR_CLIENT_ID>
      CCOW_CLIENT_SECRET: <YOUR_CLIENT_SECRET>
      MCP_TOOLS_TO_BE_INCLUDED: workflow
    timeout: 300

  ComplianceCow-Assistant:
    enabled: true
    type: stdio
    name: Compliancecow-Assistant
    description: 'ComplianceCow Assistant - Configure assessments and controls'
    cmd: <UV_BIN_PATH>
    args:
      - --directory
      - <PATH_TO_COW_MCP_REPO>
      - run
      - main.py
    envs:
      CCOW_HOST: <YOUR_CCOW_HOST>
      CCOW_CLIENT_ID: <YOUR_CLIENT_ID>
      CCOW_CLIENT_SECRET: <YOUR_CLIENT_SECRET>
      MCP_TOOLS_TO_BE_INCLUDED: assistant
    timeout: 300

---

Running Locally

To verify the MCP server is properly set up before configuring your MCP host:

# Navigate to the cow-mcp directory
cd /path/to/cow-mcp

# Set required environment variables
export CCOW_HOST="https://partner.compliancecow.live"
export CCOW_CLIENT_ID="<your_client_id>"
export CCOW_CLIENT_SECRET="<your_client_secret>"
export MCP_TOOLS_TO_BE_INCLUDED="rules"  # or insights, workflow, assistant

# Run the server
uv run main.py

If the server starts without errors, you're ready to configure your MCP host.

---

Tools Reference

Rules Server Tools

Tool	Description
get_tasks_summary	Retrieve available tasks for rule creation
get_task_details	Get detailed task information including inputs/outputs
fetch_tasks_suggestions	Intelligent task suggestions based on requirements
get_rules_summary	List all available rules in the catalog
fetch_rules_suggestions	Suggest matching rules to avoid duplicates
create_rule	Create a new rule with tasks and I/O mapping
fetch_rule	Retrieve complete rule structure by name
check_rule_status	Check rule completion level
prepare_input_collection_overview	Overview of required inputs before collection
get_template_guidance	Guidance for template-based inputs
collect_template_input	Collect file/template inputs with validation
confirm_template_input	Confirm and process template input
collect_parameter_input	Collect primitive parameter values
confirm_parameter_input	Confirm and store parameter values
upload_file	Upload files with format validation
verify_collected_inputs	Verify all inputs before execution
execute_task	Execute a specific task with collected inputs
execute_rule	Execute complete rule with credentials
fetch_execution_progress	Monitor live execution progress
fetch_output_file	Fetch output files from execution
fetch_cc_rule_by_id	Fetch rule from ComplianceCow by ID
fetch_cc_rule_by_name	Fetch rule from ComplianceCow by name
fetch_cc_rules_list	List published ComplianceCow rules
publish_rule	Publish rule to ComplianceCow
fetch_assessments	Retrieve available assessments
fetch_leaf_controls_of_an_assessment	Fetch attachable controls from assessment
verify_control_in_assessment	Verify control is attachable
attach_rule_to_control	Attach published rule to control
get_applications_for_tag	Get applications for specific tag
get_application_info	Get application details and credential types
fetch_applications	Fetch all available applications
prepare_applications_for_execution	Prepare application configuration
check_applications_publish_status	Check application publication status
publish_application	Publish applications for rule execution
add_unique_identifier_to_task	Add unique identifier to task
configure_rule_output_schema	Configure standard/extended output schema
generate_design_notes_preview	Generate Jupyter notebook design notes
create_design_notes	Save design notes
fetch_rule_design_notes	Fetch existing design notes
generate_rule_readme_preview	Generate comprehensive README
create_rule_readme	Save README
update_rule_readme	Update existing README
list_assets	List integration plans/assets
list_checks	List checks for an asset
get_asset_control_hierarchy	Get control hierarchy for asset
create_asset_and_check	Create asset with initial check
add_check_to_asset	Add check to existing asset
schedule_asset_execution	Schedule automated asset execution
list_asset_schedules	List schedules for an asset
delete_asset_schedule	Delete asset schedule
suggest_control_config_citations	Suggest control citations
add_citation_to_asset_control	Attach citation to control
verify_control_automation	Verify control automation status
create_control_note	Create documentation note on control
list_control_notes	List control notes
update_control_config_note	Update control note
create_support_ticket	Create support tickets
check_rule_publish_status	Check rule publication status
read_file	Read local file content
read_resource	Read resource URI content
create_downloadable_file	Create downloadable file URL

---

Insights Server Tools

Tool	Description
list_all_assessment_categories	List all assessment categories
list_assessments	List assessments by category/name
fetch_recent_assessment_runs	Fetch recent assessment runs
fetch_assessment_runs	Fetch runs with pagination
fetch_assessment_run_details	Get control details from run
fetch_assessment_run_leaf_controls	Get leaf controls from run
fetch_run_controls	Get controls by name
fetch_run_control_meta_data	Get control metadata
fetch_assessment_run_leaf_control_evidence	Get evidence for controls
fetch_controls	Fetch control information
fetch_evidence_records	Get evidence records with filtering
fetch_evidence_record_schema	Get evidence schema
fetch_available_control_actions	Fetch available control actions
fetch_assessment_available_actions	Fetch assessment actions
fetch_evidence_available_actions	Fetch evidence actions
fetch_general_available_actions	Fetch general actions
fetch_automated_controls_of_an_assessment	Fetch automated controls
execute_action	Execute action on control/evidence
list_assets	List all assets
fetch_assets_summary	Get asset summary statistics
fetch_resource_types	Get resource types with pagination
fetch_checks	Get checks for resource type
fetch_resources	Get resources with pagination
fetch_resources_by_check_name	Get resources by check name
fetch_checks_summary	Get checks summary statistics
fetch_resources_summary	Get resources summary statistics
fetch_resources_by_check_name_summary	Get resources summary by check
fetch_resource_types_summary	Get resource types summary
get_dashboard_review_periods	Get available review periods
get_dashboard_data	Get comprehensive dashboard data
fetch_dashboard_framework_controls	Get framework controls
fetch_dashboard_framework_summary	Get framework summary
get_dashboard_common_controls_details	Get common control details
get_top_over_due_controls_detail	Get top overdue controls
get_top_non_compliant_controls_detail	Get top non-compliant controls
fetch_unique_node_data_and_schema	Fetch graph node data and schema
execute_cypher_query	Execute Cypher query on graph
help	Get help information
read_file	Read local file content
read_resource	Read resource URI content
create_downloadable_file	Create downloadable file URL

---

Workflow Server Tools

Tool	Description
list_workflow_event_categories	List workflow event categories
list_workflow_events	List available trigger events
list_workflow_activity_types	List available activity types
list_workflow_function_categories	List function categories
list_workflow_functions	List available functions
list_workflow_tasks	List available workflow tasks
list_workflow_condition_categories	List condition categories
list_workflow_conditions	List available conditions
list_workflow_predefined_variables	List predefined variables
list_workflow_rules	List available workflow rules
create_workflow	Create workflow from YAML
list_workflows	List all workflows
get_workflow_by_name	Get workflow by name
fetch_workflow_details	Fetch complete workflow details
modify_workflow	Update workflow implementation
update_workflow_summary	Update workflow description
update_workflow_mermaid_diagram	Update workflow diagram
fetch_workflow_resource_data	Fetch resource data for execution
create_workflow_custom_event	Create custom trigger event
trigger_workflow	Trigger workflow execution
fetch_workflow_rule	Fetch workflow rule by name
fetch_task_readme	Fetch task README
fetch_rule_readme	Fetch rule README

---

Assistant Server Tools

Tool	Description
create_assessment	Create assessment from YAML
list_assessments	List all assessments
list_assessment_control_configs	List control configurations
create_control_config	Create control configuration
update_control_config_contexts	Update control context entities
attach_citation_to_control_config	Attach citation to control
suggest_control_config_citations	Suggest relevant citations
mark_control_ready_for_execution	Mark control ready for execution
create_sql_query_evidence	Create SQL-based evidence
list_sql_query_evidence	List SQL evidence for control
update_sql_query_evidence	Update SQL evidence
validate_sql_query	Validate SQL query syntax
get_evidence_sample_data	Get sample evidence data
fetch_control_source_summary	Fetch evidence source summary
create_control_config_note	Create control config note
list_control_config_notes	List control config notes
update_control_config_note	Update control config note
get_entity_hierarchy	Get entity hierarchy
get_context_tables	Get available context tables
fetch_rule_readme	Fetch rule README

---

FAQ

1. How do I sign up for ComplianceCow?

Visit ComplianceCow Signup to create an account using various sign-up options including Google, Microsoft, and OTP.

2. What value does ComplianceCow deliver?

ComplianceCow helps with automated security compliance evidence collection, analysis, and remediation challenges. It's a security GRC controls automation studio for custom controls and workflows. Learn more at compliancecow.com.

3. Why are there 4 separate servers?

MCP works best with fewer tools per server. Splitting into 4 servers (Rules, Insights, Workflow, Assistant) ensures optimal performance and allows you to enable only the tools you need for specific use cases.

4. What if some tools have the same name across servers?

Some tools share the same name but have different implementations. Enable only one server at a time to avoid conflicts. The tool behavior is determined by the MCP_TOOLS_TO_BE_INCLUDED env.

5. How do I update the MCP server?

cd /path/to/cow-mcp
git pull origin main
uv pip install .

Then restart your MCP host (Claude Desktop or Goose).

6. Where can I get help?

• Create an issue on GitHub
• Contact ComplianceCow support through the platform