Plug Claude Desktop, Claude Code or any MCP client into your workspace and ask GRC questions in plain language. The MCP server holds no database credentials; every tool call runs as you, under the same row-level security as the app.
csfaas mcp · connection
endpoint https://mcp.csfaas.com/mcp transport Streamable HTTP auth Authorization: Bearer csfaas_sk_<key_id>_<secret> access read-only · runs as you, under RLS
Your AI calls read-only tools against your live workspace and answers from real data, not from a stale export. Ask what you would ask a colleague.
your ai client
Your highest exposure is RSK_000008, "Unpatched edge VPN", scored 20 of 25. Four more follow, and three of them still have no remediation plan.
Global GRC queries
Ask across the whole program: risks, controls, frameworks, vendors, systems and reviews.
Risk Assessment Assistant
Pull a risk or a demand with its full assessment and let your AI critique scoring, wording and treatment.
Remediation review
Check documents and evidence against remediation plans, their owners and their due dates.
Audit evidence
Walk audit questions, read their threads and verify that evidence answers what the auditor asked.
Security policies
Read policy trees and check what a policy actually commits you to.
Create a key, paste one block into your client, done. Pick your client below.
Create your API key in Settings â–¸ API & MCP. It is shown once; keys look like csfaas_sk_<key_id>_<secret>.
Run this once in your terminal, then start a session and ask away.
terminal
claude mcp add --transport http csfaas https://mcp.csfaas.com/mcp --header "Authorization: Bearer csfaas_sk_YOUR_KEY"
Replace csfaas_sk_YOUR_KEY with the key you created in step 0, then ask your first question.
Everything the server exposes to your AI. Expand a suite to see its tools. Each returns the same rows, and only the rows, you can see in the product.
whoami
Who the key belongs to, their workspace and role
search_risks
Search the risk register by text, score or status
search_controls
Search the control library, including evidence gaps
list_frameworks
Deployed frameworks with their versions
framework_statistics
Implementation statistics for a framework
list_third_parties
Vendors with tiering and risk posture
list_systems
Systems and assets with their classification
list_reviews
Periodicity reviews, owners and due dates
search_catalog_controls
Search the control and threat catalogs
get_risk
One risk with its full assessment and treatment
get_demand
One risk demand with status and assessments
read_evidence
Read an evidence record or linked document
list_audit_questions
Questions of an audit campaign
get_audit_question_thread
One audit question with its full thread
list_policies
Policies with their current version and state
Empty means out of scope
An empty result means nothing in your authorized scope. Row-level security filters invisible records out; it does not raise an error, and your AI should not treat it as one.
The server is a thin, credential-less gate in front of the same authorization layer the app uses. Here is what that means in practice.
Read-only, version 1
Your AI can read, reason and propose. It cannot change anything: the server exposes no write tools.
Your permissions, exactly
Every tool call is authorized by the same PostgreSQL row-level security as your session in the app. Different role, different answers.
Instant revocation
Revoke the key in Settings â–¸ API & MCP and the connection dies immediately. No cache, no grace window.
Any MCP client
Streamable HTTP with one Bearer header. Claude Desktop, Claude Code, or any client that speaks MCP.
Invalid or revoked key
The Bearer token is missing, malformed or was revoked. Create a fresh key in Settings â–¸ API & MCP and reconnect.
No access
The key owner lacks permission for this resource, or a workspace admin disabled API and MCP access.
Rate limited
Too many tool calls in a short window. Your client should back off and retry; steady conversations never hit it.
No. Version 1 is read-only. Your AI can read, reason and propose; applying a change is always done by a person, in the app.
No. It holds no database credentials and keeps no copy of your data. Your key resolves to a short-lived, workspace-pinned token, and the database authorizes every read.
An empty result means nothing in your authorized scope. Row-level security filters invisible records out; it does not raise an error.
Any MCP client that supports Streamable HTTP with custom headers: Claude Desktop, Claude Code, and most agent frameworks. The generic mcp.json block covers the rest.
Ask your program anything
Create a key in Settings â–¸ API & MCP, paste one block into your client, and ask your first question in under two minutes. Included in every plan, at no extra cost.