ComplianceCow MCP Server
Provides AI agents with compliance insights, auditable responses, and actions like ticket creation and policy fixes.
Table of Contents
- ComplianceCow MCP Server
1.1. Introduction
1.2. Glossary
1.3. Architecture
1.4. Getting Started
1.4.1. Dependencies
1.4.2. Authentication
1.4.3. Server setup
1.4.4. Server configuration
1.4.5. Examples
1.4.6. Running Locally
1.5. API Endpoints
1.6. FAQ
Introduction
MCP servers are designed to process structured requests from AI agents, perform domain-specific operations (such as querying databases, applying business rules, or generating summaries), and return context-aware responses. Our implementation allows seamless integration with MCP-compatible hosts like Claude Desktop and Goose Desktop, enabling secure, modular, and intelligent interactions tailored to the needs of modern enterprises.
The tools and resources within the ComplianceCow MCP server are specifically designed to accomplish the following:
- Get Dashboard and Insights data
- Get Auditable responses through Compliance Graph
- Perform actions such as creating tickets, fixing policies, pushing data to external tools, etc
Glossary
| Keyword | Description | Example(s) |
|---|---|---|
| Control | Refers to compliance or security control that needs to be implemented by an organization to ensure adherence to relevant laws, regulations, industry standards, and internal policies. | Ensure that MFA is enabled for all users |
| Assessment | Assessment is a collection of controls, organized hierarchically. This can be an industry standard or a cybersecurity framework. | PCI DSS 4.0 |
| Assessment Run | An assessment run is the verification of the controls in an assessment for a given time period and for a set of inputs. This verification may include evidence either by manually collecting from users or by automatically fetching data from resources such as applications and servers. | |
| Check | A rule or a verification for compliance or conformance. | Check if MFA is enabled for all AWS users in a given AWS account |
| Resource Type | Category or class of resources. | AWS EC2, AWS S3 |
| Resource | Instance of resource type for which we have checks performed. | Specific EC2 instances, Github repositories |
| Asset | A group of resources, of various types. | AWS services (spanning multiple accounts), Kubernetes, Github |
| Evidence | Data aggregated through checks against one or more resources, for a given control. | A CSV file containing the list of AWS users, their details including their MFA status and compliance details (such as score). |
| Action | Any activity (automated or manual) that can be run to respond or to remediate based on conditions. These actions are bound to some specific resources such as assessment, control, evidence or resource in ComplianceCow. | Create a JIRA ticket for a non compliant EC2 instance with SLA not met for remediating a critical vulnerability. |
Architecture
We support the STDIO transport mechanism to allow seamless local integration of our server with your MCP host. At the core of our backend is the Compliance Graph, which continuously ingests data such as assessment runs, evidence, and more. Additionally, our server actively pulls information from diverse sources including vector stores, relational databases, and file storage systems.
Getting Started
Dependencies
1. You’ll need an MCP host like Claude Desktop, Goose Desktop/CLI, or similar. Below are the installation links for Claude Desktop and Goose.
- Claude Desktop
- Goose Desktop/CLI
2. Python and uv (package manager) are required to run the MCP server.
- Visit this page to download and install python for your operating system. Recommended version: 3.11 or higher.
- Visit this page to download and install uv.
Authentication
The MCP tools and resources of ComplianceCow can be accessed through the OAuth 2.0 mechanism with client_credentials grant type. Follow the instructions below to get yourself a client ID and a secret.
1. Sign up for an account (if you don’t have one) by visiting this URL: https://partner.compliancecow.live/ui/signup. Replace the hostname with your own if you have a dedicated ComplianceCow instance deployed.
2. Click on the ‘Manage Client Credentials’ option in the top-right user profile menu.
3. Fill out the form to obtain a client ID and a secret.
Server setup
1. In your terminal/console, go to a folder of your choice and clone the git repo.
git clone https://github.com/ComplianceCow/cow-mcp.git
2. Switch to the repository’s main folder.
cd cow-mcp
This directory will be referred to as PATH_TO_THE_MCP_SERVER_REPO_CLONE in the subsequent sections.
3. Run the following commands to install the dependencies. Only then, the MCP Host will be able to start the MCP server successfully.
uv venv .venv
source .venv/bin/activate
uv pip install .
Server configuration
Below are the key details required to configure our MCP server on your host.
command
We use uv as the package manager. You can specify the uv command along with its path, which will be referred to as UV_BIN_PATH in the following sections. For example, on macOS: /Users/UserXYZ/.local/bin/uv.
args
−−directory <PATH_TO_THE_MCP_SERVER_REPO_CLONE> run main.py
PATH_TO_THE_MCP_SERVER_REPO_CLONE: The folder/path in which you have cloned the ComplianceCow MCP Github repo (in a step above). Example: /Users/UserXYZ/Documents/code/cow-mcp
env
Our MCP server needs the following environment variables set:
- CCOW_CLIENT_ID: Please refer to the “Authentication” section above.
- CCOW_CLIENT_SECRET: Please refer to the “Authentication” section above.
- CCOW_HOST: The hostname of the ComplianceCow instance, which could be a dedicated one for you or a default one such as ‘https://partner.compliancecow.live’.
The next section provides examples of how to use the above configuration values with Claude Desktop and Goose Desktop. For other hosts, you may refer to these examples as a guide for configuring accordingly.[/et_pb_text][et_pb_text _builder_version=”4.22.1″ _module_preset=”default” header_4_font=”|700|||||||” header_4_font_size=”22px” header_5_font=”|700|||||||” header_5_font_size=”20px” global_colors_info=”{}”]
Examples
The steps to configure MCP servers may vary across different hosts. You can use the configuration data provided above by following the host-specific instructions. Instructions for two such hosts—Claude and Goose desktops—are provided below.
Claude Desktop
Update the following json in the Claude desktop config file ( <Claude desktop installation path>/claude_desktop_config.json). Before saving the configuration, make sure to update these placeholders (as described in the section above) in the json: PATH_TO_THE_MCP_SERVER_REPO_CLONE, UV_BIN_PATH, YOUR_CCOW_HOST, YOUR_CCOW_CLIENT_ID and **YOUR_** CCOW_CLIENT_SECRET .
{
"mcpServers": {
"ComplianceCow": {
"args": [
"--directory",
"PATH_TO_THE_MCP_SERVER_REPO_CLONE",
"run",
"main.py"
],
"command": "UV_BIN_PATH",
"env": {
"CCOW_HOST": "YOUR_CCOW_HOST",
"CCOW_CLIENT_ID": "YOUR_CCOW_CLIENT_ID",
"CCOW_CLIENT_SECRET": "YOUR_CCOW_CLIENT_SECRET"
}
}
}
}
Goose Desktop
Follow the steps given in this link to add our MCP server as a Goose extension.
Running Locally
To verify that the MCP server is properly set up with all dependencies and can be started by the MCP host without issues, you can run the command to check if the server runs correctly in a local environment.
uv run main.py
API Endpoints
| Name | Purpose | Input(s) | Output(s) |
|---|---|---|---|
| list_all_assessment_categories | Get all assessment categories | categories (List[Category]): A list of category objects, where each category includes: • id (str): Unique identifier of the assessment category. • name (str): Name of the category.error (Optional[str]): An error message if any issues occurred during retrieval. | |
| list_assessments | Get all assessments categoryName: assessment category name (Optional) | Categoryid (string)-assessment category id (Optional)Categoryname (string) | assessments (List[Assessments]): A list of assessments objects, where each assessment includes: • id (str): Unique identifier of the assessment. • name (str): Name of the assessment. • category_name (str): Name of the category.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_unique_node_data_and_schema | Fetch unique node data and corresponding schema for a given question. | Question* (string) | node_names (List[str]): List of unique node names involved.unique_property_values (list[any]): Unique property values per node.neo4j_schema (str): The Neo4j schema associated with the nodes.error (Optional[str]): Error message if any issues occurred during processing. |
| execute_cypher_query | Given a question and query, execute a cypher query and transform result to human readable format. | Query* (string) | result (Any): The formatted, human-readable result of the Cypher query.error (Optional[str]): An error message if the query execution fails or encounters issues. |
| fetch_recent_assessment_runs | Get recent assessment run for given assessment id | Id* (string) | assessmentRuns (List[AssessmentRuns]): A list of assessment runs. • id (str): Assessement run id. • name (str): Name of the assessement run. • description (str): Description of the assessment run. • assessmentId (str): Assessement id. • applicationType (str): Application type. • configId (str): Configuration id. • fromDate (str): From date of the assessement run. • toDate (str): To date of the assessment run. • status (str): Status of the assessment run. • computedScore (str): Computed score. • computedWeight (str): Computed weight. • complianceStatus (str): Compliance status. • createdAt (str): Time and date when the assessement run was created.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_assessment_runs | Get all assessment run for given assessment id Function accepts page number (page) and page size (pageSize) for pagination. If MCP client host unable to handle large response use page and pageSize, default page is 1 If the request times out retry with pagination, increasing pageSize from 5 to 10. use this tool when expected run is got in fetch recent assessment runs tool | Id* (string)Page (integer)Pagesize (integer) | assessmentRuns (List[AssessmentRuns]): A list of assessment runs. • id (str): Assessement run id. • name (str): Name of the assessement run. • description (str): Description of the assessment run. • assessmentId (str): Assessement id. • applicationType (str): Application type. • configId (str): Configuration id. • fromDate (str): From date of the assessement run. • toDate (str): To date of the assessment run. • status (str): Status of the assessment run. • computedScore (str): Computed score. • computedWeight (str): Computed weight. • complianceStatus (str): Compliance status. • createdAt (str): Time and date when the assessement run was created.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_assessment_run_details | Get assessment run details for given assessment run id. This api will return many contorls, use page to get details pagewise. If output is large store it in a file. | Id* (string) | controls (List[Control]): A list of controls. • id (str): Control run id. • name (str): Control name. • controlNumber (str): Control number. • alias (str): Control alias. • priority (str): Priority. • stage (str): Control stage. • status (str): Control status. • type (str): Control type. • executionStatus (str): Rule execution status. • dueDate (str): Due date. • assignedTo (List[str]): Assigned user ids • assignedBy (str): Assigner's user id. • assignedDate (str): Assigned date. • checkedOut (bool): Control checked-out status. • compliancePCT__ (str): Compliance percentage. • complianceWeight__ (str): Compliance weight. • complianceStatus (str): Compliance status. • createdAt (str): Time and date when the control run was created. • updatedAt (str): Time and date when the control run was updated.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_assessment_run_leaf_controls | Get leaf controls for given assessment run id. If output is large store it in a file. | Id* (string) | controls (List[Control]): A list of controls. • id (str): Control run id. • name (str): Control name. • controlNumber (str): Control number. • alias (str): Control alias. • priority (str): Priority. • stage (str): Control stage. • status (str): Control status. • type (str): Control type. • executionStatus (str): Rule execution status. • dueDate (str): Due date. • assignedTo (List[str]): Assigned user ids • assignedBy (str): Assigner's user id. • assignedDate (str): Assigned date. • checkedOut (bool): Control checked-out status. • compliancePCT__ (str): Compliance percentage. • complianceWeight__ (str): Compliance weight. • complianceStatus (str): Compliance status. • createdAt (str): Time and date when the control run was created. • updatedAt (str): Time and date when the control run was updated.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_run_controls | use this tool when you there is no result from the tool "execute_cypher_query". use this tool to get all controls that matches the given name. Next use fetch control meta data tool if need assessment name, assessment Id, assessment run name, assessment run Id | Name* (string) | controls (List[Control]): A list of controls. • id (str): Control run id. • name (str): Control name. • controlNumber (str): Control number. • alias (str): Control alias. • priority (str): Priority. • stage (str): Control stage. • status (str): Control status. • type (str): Control type. • executionStatus (str): Rule execution status. • dueDate (str): Due date. • assignedTo (List[str]): Assigned user ids • assignedBy (str): Assigner's user id. • assignedDate (str): Assigned date. • checkedOut (bool): Control checked-out status. • compliancePCT__ (str): Compliance percentage. • complianceWeight__ (str): Compliance weight. • complianceStatus (str): Compliance status. • createdAt (str): Time and date when the control run was created. • updatedAt (str): Time and date when the control run was updated.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_run_control_meta_data | Use this tool to retrieve control metadata for a given control_id, including: - Control details: control name - Assessment details: assessment name and ID - Assessment run details: assessment run name and ID | Id* (string) | assessmentId (str): Assessment id.assessmentName (str): Assessment name.assessmentRunId (str): Assessment run id.assessmentRunName (str): Assessment run name.controlId (str): Control id.controlName (str): Control name.controlNumber (str): Control number.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_assessment_run_leaf_control_evidence | Get leaf control evidence for given assessment run control id. | Id* (string) | evidences (List[ControlEvidenceVO]): List of control evidences • id (str): Evidence id. • name (str): Evidence name. • description (str): Evidence description. • fileName (str): File name.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_controls | To fetch controls. | Control Name (string) | prompt (str): The input prompt used to generate the Cypher query for fetching the control. |
| fetch_evidence_records | Get evidence records for a given evidence ID with optional compliance status filtering. Returns max 50 records but counts all records for the summary. | Id* (string)Compliantstatus (string) | totalRecords (int): Total records.compliantRecords (int): Number of complian records.nonCompliantRecords (int): Number of non compliant records.notDeterminedRecords (int): Number of not determined records.records (List[RecordListVO]): List of evidence records. • id (str): Record id. • name (str): System name. • source (str): Record source. • resourceId (str): Resource id. • resourceName (str): Resource name. • resourceType (str): Resource type. • complianceStatus (str): Compliance status. • complianceReason (str): Compliance reason. • createdAt (str): The date and time the record was initially created. • otherInfo (Any): Additional information.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_available_control_actions | This tool should be used for handling control-related actions such as create, update, or to retrieve available actions for a given control. If no control details are given use the tool "fetch_controls" to get the control details. 1. Fetch the available actions. 2. Prompt the user to confirm the intended action. 3. Once confirmed, use the execute_action tool with the appropriate parameters to carry out the operation. ### Args: - assessmentName (str): Name of the assessment (required) - controlNumber (str): Identifier for the control (required) - controlAlias (str): Alias of the control (required) If the above arguments are not available: - Use the fetch_controls tool to retrieve control details. - Then generate and execute a query to fetch the related assessment information before proceeding. | Assessmentname* (string)Controlnumber (string)Controlalias (string)Evidencename (string) | actions (List[ActionsVO]): List of actions • actionName (str): Action name. • actionDescription (str): Action description. • actionSpecID (str): Action specific id. • actionBindingID (str): Action binding id. • target (str): Target.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_assessment_available_actions | Get actions available on assessment for given assessment name. Once fetched, ask user to confirm to execute the action, then use 'execute_action' tool with appropriate parameters to execute the action. | Name (string) | actions (List[ActionsVO]): List of actions • actionName (str): Action name. • actionDescription (str): Action description. • actionSpecID (str): Action specific id. • actionBindingID (str): Action binding id. • target (str): Target.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_evidence_available_actions | Get actions available on evidence for given evidence name. If the required parameters are not provided, use the existing tools to retrieve them. Once fetched, ask user to confirm to execute the action, then use 'execute_action' tool with appropriate parameters to execute the action. | Assessment Name (string)Control Number (string)Control Alias (string)Evidence Name (string) | actions (List[ActionsVO]): List of actions • actionName (str): Action name. • actionDescription (str): Action description. • actionSpecID (str): Action specific id. • actionBindingID (str): Action binding id. • target (str): Target.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_automated_controls_of_an_assessment | To fetch the only the automated controls for a given assessment. If assessment_id is not provided use other tools to get the assessment and its id. | Assessment Id (string) | controls (List[AutomatedControlVO]): List of controls • id (str): Control ID. • displayable (str): Displayable name or label. • alias (str): Alias of the control. • activationStatus (str): Activation status. • ruleName (str): Associated rule name. • assessmentId (str): Assessment identifier.error (Optional[str]): An error message if any issues occurred during retrieval. |
| execute_action | Use this tool when the user asks about actions such as create, update or other action-related queries. IMPORTANT: This tool MUST ONLY be executed after explicit user confirmation. Always describe the intended action and its effects to the user, then wait for their explicit approval before proceeding. Do not execute this tool without clear user consent, as it performs actual operations that modify system state. Execute or trigger a specific action on an assessment run. use assessment id, assessment run id and action binding id. Execute or trigger a specific action on an control run. use assessment id, assessment run id, action binding id and assessment run control id . Execute or trigger a specific action on an evidence level. use assessment id, assessment run id, action binding id, assessment run control evidence id and evidence record ids. Use fetch assessment available actions to get action binding id. Only once action can be triggered at a time, assessment level or control level or evidence level based on user preference. Use this to trigger action for assessment level or control level or evidence level. Please also provide the intended effect when executing actions. WORKFLOW: 1. First fetch the available actions based on user preference assessment level or control level or evidence level 2. Present the available actions to the user 3. Ask user to confirm which specific action they want to execute 4. Explain what the action will do and its expected effects 5. Wait for explicit user confirmation before calling this tool 6. Only then execute the action with this tool | Assessmentid* (string)Assessmentrunid* (string)Actionbindingid* (string)Assessmentruncontrolid (string)Assessmentruncontrolevidenceid (string)Evidencerecordids (array) | id (str): id of triggered action. |
| get_dashboard_data | Function accepts compliance period as 'period'. Period denotes for which quarter of year dashboard data is needed. Format: Q1 2024. Dashboard contains summary data of Common Control Framework (CCF). For any related to contorl category, framework, assignment status use this function. This contains details of control status such as 'Completed', 'In Progress', 'Overdue', 'Pending'. The summarization levels are 'overall control status', 'control category wise', 'control framework wise', 'overall control status' can be fetched from 'controlStatus' 'control category wise' can be fetched from 'controlSummary' 'control framework wise' can be fetched from 'frameworks' | Period (string) | totalControls (int): Total number of controls in the dashboard.controlStatus (List[ComplianceStatusSummaryVO]): Summary of control statuses. • status (str): Compliance status of the control. • count (int): Number of controls with the given status.controlAssignmentStatus (List[ControlAssignmentStatusVO]): Assignment status categorized by control. • categoryName (str): Name of the control category. • controlStatus (List[ComplianceStatusSummaryVO]): Status summary within the category. • status (str): Compliance status. • count (int): Number of controls with this status.compliancePCT (float): Overall compliance percentage across all controls.controlSummary (List[ControlSummaryVO]): Detailed summary of each control. • category (str): Category name of the control. • status (str): Compliance status of the control. • dueDate (str): Due date for the control, if applicable. • compliancePCT (float): Compliance percentage for the control. • leafControls (int): Number of leaf-level controls in the category.complianceStatusSummary (List[ComplianceStatusSummaryVO]): Summary of control statuses. • status (str): Compliance status. • count (int): Number of controls with the given status.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_dashboard_framework_controls | Function Overview: Retrieve Control Details for a Given CCF and Review Period This function retrieves detailed control-level data for a specified Common Control Framework (CCF) during a specific review period. Format: "Q1 2024" - framework_name: The name of the Common Control Framework to fetch data for. Purpose This function is used to fetch a list of controls and their associated data for a specific CCF and review period. It does not return an aggregated overview — instead, it retrieves detailed, item-level data for each control via an API call. The results are displayed in the MCP host with client-side pagination, allowing users to navigate through the control list efficiently without making repeated API calls. | Period* (string)Framework Name* (string) | controls (List[FramworkControlVO]): A list of framework controls. • name (str): Name of the control. • assignedTo (str): Email ID of the user the control is assigned to. • assignmentStatus (str): Status of the control assignment. • complianceStatus (str): Compliance status of the control. • dueDate (str): Due date for completing the control. • score (float): Score assigned to the control. • priority (str): Priority level of the control.page (int): Current page number in the overall result set.totalPage (int): Total number of pages.totalItems (int): Total number of items.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_dashboard_framework_summary | Function Overview: CCF Dashboard Summary Retrieval This function returns a summary dashboard for a specified compliance period and Common Control Framework (CCF). It is designed to provide a high-level view of control statuses within a given framework and period, making it useful for compliance tracking, reporting, and audits. The compliance quarter for which the dashboard data is requested. Format: "Q1 2024" - framework_name: The name of the Common Control Framework whose data is to be retrieved. Dashboard Overview The dashboard provides a consolidated view of all controls under the specified framework and period. It includes key information such as assignment status, compliance progress, due dates, and risk scoring to help stakeholders monitor and manage compliance posture. | Period* (string)Framework Name* (string) | controls (List[FramworkControlVO]): A list of framework controls. • name (str): Name of the control. • assignedTo (str): Email ID of the user the control is assigned to. • assignmentStatus (str): Status of the control assignment. • complianceStatus (str): Compliance status of the control. • dueDate (str): Due date for completing the control. • score (float): Score assigned to the control. • priority (str): Priority level of the control.page (int): Current page number in the overall result set.totalPage (int): Total number of pages.totalItems (int): Total number of items.error (Optional[str]): An error message if any issues occurred during retrieval. |
| get_dashboard_common_controls_details | Function accepts compliance period as 'period'. Period donates for which quarter of year dashboard data is needed. Format: Q1 2024. Use this tool to get Common Control Framework (CCF) dashboard data for a specific compliance period with filters. This function provides detailed information about common controls, including their compliance status, control status, and priority. Use pagination if controls count is more than 50 then use page and pageSize to get control data pagewise, Once 1st page is fetched,then more pages available suggest to get next page data then increase page number. | Period* (string)Compliancestatus (string)Controlstatus (string)Priority (string)Controlcategoryname (string)Page (integer)Pagesize (integer) | controls (List[CommonControlVO]): A list of common controls. • id (str): Unique identifier of the control. • planInstanceID (str): ID of the associated plan instance. • alias (str): Alias or alternate name for the control. • displayable (str): Flag or content that indicates display eligibility. • controlName (str): Name of the control. • dueDate (str): Due date assigned to the control. • score (float): Score assigned to the control. • priority (str): Priority level of the control. • status (str): Current status of the control. • complianceStatus (str): Compliance status of the control. • updatedAt (str): Timestamp when the control was last updated.page (int): Current page number in the paginated result.totalPage (int): Total number of pages available.totalItems (int): Total number of control items.error (Optional[str]): An error message if any issues occurred during retrieval. |
| get_top_over_due_controls_detail | Fetch controls with top over due (over-due) Function accepts count as 'count' Function accepts compliance period as 'period'. Period donates for which quarter of year dashboard data is needed. Format: Q1 2024. | Period (string)Count (integer) | controls (List[OverdueControlVO]): A list of overdue controls. • name (str): Name of the control. • assignedTo (List[UserVO]): List of users assigned to the control. • emailid (str): Email ID of the assigned user. • assignmentStatus (str): Assignment status of the control. • complianceStatus (str): Compliance status of the control. • dueDate (str): Due date for the control. • score (float): Score assigned to the control. • priority (str): Priority level of the control.error (Optional[str]): An error message if any issues occurred during retrieval. |
| get_top_non_compliant_controls_detail | Function overview: Fetch control with low compliant score or non compliant controls. Arguments: 1. period: Compliance period which denotes quarter of the year whose dashboard data is needed. By default: Q1 2024. 2. count: 3. page: If the user asks of next page use smartly decide the page. - error (Optional[str]): An error message if any issues occurred during retrieval. | Period* (string)count (string)page (string) | controls (List[NonCompliantControlVO]): A list of non-compliant controls.name (str): Name of the control.lastAssignedTo (List[UserVO]): List of users to whom the control was last assigned. • emailid (str): Email ID of the assigned user.score (float): Score assigned to the control.priority (str): Priority level of the control. |
| list_assets | Get all assets | assets (List[AssetsVo]): A list of assets. • id (str): Asset id. • name (str): Name of the asset.error (Optional[str]): An error message if any issues occurred during retrieval. | |
| fetch_assets_summary | Get assets summary for given assessment id | Id* (string) | integrationRunId (str): Asset id.assessmentName (str): Name of the asset.status (str): Name of the asset.numberOfResources (str): Name of the asset.numberOfChecks (str): Name of the asset.dataStatus (str): Name of the asset.createdAt (str): Name of the asset.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_resource_types | Get resource types for given asset run id. Use 'fetch_assets_summary' tool to get assets run id Function accepts page number (page) and page size (pageSize) for pagination. If MCP client host unable to handle large response use page and pageSize. If the request times out retry with pagination, increasing pageSize from 50 to 100. 1. Call fetch_resource_types with page=1, pageSize=50 2. Note the totalPages from the response 3. Continue calling each page until complete 4. Summarize all results together | Id* (string)Page (integer)Pagesize (integer) | resourceTypes (List[AssetsVo]): A list of resource types. • resourceType (str): Resource type. • totalResources (int): Total number of resources.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_checks | Get checks for given assets run id and resource type. Use this function to get all checks for given assets run id and resource type Use 'fetch_assets_summary' tool to get asset run id Use 'fetch_resource_types' tool to get all resource types Function accepts page number (page) and page size (pageSize) for pagination. If MCP client host unable to handle large response use page and pageSize. If the request times out retry with pagination, increasing pageSize from 5 to 10. If the check data set is large to fetch efficiently or results in timeouts, it is recommended to use the 'summary tool' instead to get a summarized view of the checks. 1. Call fetch_checks with page=1, pageSize=10 2. Note the totalPages from the response 3. Continue calling each page until complete 4. Summarize all results together | Id* (string)Resourcetype* (string)Page (integer)Pagesize (integer)Compliancestatus (string) | checks (List[CheckVO]): A list of checks. • name (str): Name of the check. • description (str): Description of the check. • rule (RuleVO): Rule associated with the check. • type (str): Type of the rule. • name (str): Name of the rule. • activationStatus (str): Activation status of the check. • priority (str): Priority level of the check. • complianceStatus (str): Compliance status of the check. • compliancePCT (float): Compliance percentage.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_resources | Get resources for given asset run id and resource type Function accepts page number (page) and page size (pageSize) for pagination. If MCP client host unable to handle large response use page and pageSize, default page is 1 If the request times out retry with pagination, increasing pageSize from 5 to 10. If the resource data set is large to fetch efficiently or results in timeouts, it is recommended to use the 'summary tool' instead to get a summarized view of the resource. 1. Call fetch_resources with page=1, pageSize=10 2. Note the totalPages from the response 3. Continue calling each page until complete 4. Summarize all results together | Id* (string)Resourcetype* (string)Page (integer)Pagesize (integer)Compliancestatus (string) | resources (List[ResourceVO]): A list of resources. • name (str): Name of the resource. • resourceType (str): Type of the resource. • complianceStatus (str): Compliance status of the resource. • checks (List[ResourceCheckVO]): List of checks associated with the resource. • name (str): Name of the check. • description (str): Description of the check. • rule (RuleVO): Rule applied in the check. • type (str): Type of the rule. • name (str): Name of the rule. • activationStatus (str): Activation status of the check. • priority (str): Priority level of the check. • controlName (str): Name of the control. • complianceStatus (str): Compliance status specific to the resource.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_resources_by_check_name | Get resources for given asset run id, and check name. Function accepts page number (page) and page size (pageSize) for pagination. If MCP client host unable to handle large response use page and pageSize. If the request times out retry with pagination, increasing pageSize from 10 to 50. If the resource data set is large to fetch efficiently or results in timeouts, it is recommended to use the 'summary tool' instead to get a summarized view of the resource. 1. Call fetch_resources_for_check with page=1, pageSize=10 2. Note the totalPages from the response 3. Continue calling each page until complete 4. Summarize all results together | Id* (string)Checkname* (string)Page (integer)Pagesize (integer) | resources (List[ResourceVO]): A list of resources. • name (str): Name of the resource. • resourceType (str): Type of the resource. • complianceStatus (str): Compliance status of the resource.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_checks_summary | Use this to get the summary on checks Use this when total items in 'fetch_checks' is high Get checks summary for given asset run id and resource type. Get a summarized view of resources based on - Compliance breakdown for checks - Total Checks available - Total compliant checks - Total non-compliant checks | Id* (string)Resourcetype* (string) | complianceSummary (dict): Summary of compliance status across checks.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_resources_summary | Use this to get the summary on resource Use this when total items in 'fetch_resources' is high Fetch a summary of resources for a given asset run id and resource type. Get a summarized view of resources include - Compliance breakdown for resource - Total Resources available - Total compliant resources - Total non-compliant resources | Id* (string)Resourcetype* (string) | complianceSummary (dict): Summary of compliance status across checks.error (Optional[str]): An error message if any issues occurred during retrieval. |
| fetch_resources_by_check_name_summary | Use this to get the summary on check resources Use this when total items in 'fetch_resources_for_check' is high Get check resources summary for given asset run id, resource type and check Paginated data is enough for summary Get a summarized view of check resources based on - Compliance breakdown for resources - Total Resources available - Total compliant resources - Total non-compliant resources | Id* (string)Resourcetype* (string)Check* (string) | complianceSummary (dict): Summary of compliance status across checks.error (Optional[str]): An error message if any issues occurred during retrieval. |
FAQ
1. How do I signup for ComplianceCow?
Visit our product site to create an account using various sign-up options, including Google, Microsoft, OTP, and more.
2. What value does ComplianceCow deliver?
ComplianceCow is designed to help with automated security compliance evidence collection, analysis and remediation challenges faced by large enterprises and compliance, GRC and security teams. We are a security GRC controls automation studio for your custom controls and workflows. For more information, please visit our corporate site.
Related Servers
Obsidian Nexus
Connects directly to your local Obsidian vault for seamless note management and data organization.
Rednote MCP
An automated tool for searching and commenting on the social media platform Xiaohongshu (Rednote) using Playwright.
MCP Redmine
A server integration for the Redmine project management tool.
macOS Automator
Run AppleScript and JXA scripts to automate tasks on macOS.
Hyperspell
A spellchecker and grammar checker for developers, requiring a Hyperspell token for authentication.
MCP Easy Copy
Discover and copy available MCP services in Claude Desktop.
Microsoft 365
MCP server that connects to the whole Microsoft 365 suite (Microsoft Office, Outlook, Excel) using Graph API (including mail, files, calendar)
Procesio MCP Server
Interact with the Procesio automation platform API.
Obsidian
Interact with your Obsidian vault using the Local REST API plugin, enabling LLMs to access and manage your notes.
Calculator MCP Server
Performs basic arithmetic calculations. A TypeScript-based server demonstrating core MCP concepts.