Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.trycomp.ai/docs/llms.txt

Use this file to discover all available pages before exploring further.

The Comp AI MCP server lets you and your team operate your entire compliance program from inside any modern AI assistant. Ask in plain language; the AI uses real Comp AI tools to read evidence, manage tasks, generate questionnaire answers, connect cloud accounts, and more — all under your existing API key and permissions.
Built on the Model Context Protocol — an open standard that lets AI clients talk to external tools. The Comp AI MCP server publishes hundreds of tools spanning evidence, policies, integrations, frameworks, cloud security, vendors, risks, people, and tasks.

Why use it

Compliance work is full of repetitive, multi-step actions: gathering evidence, answering questionnaires, reviewing tasks, connecting cloud accounts. The MCP server collapses those into one-line natural-language requests. Examples your team can run today:
  • “Show me my open SOC 2 controls and tell me which ones are missing evidence.”
  • “Upload this vendor security questionnaire and generate the answers from our policies.”
  • “Connect our production AWS account for monitoring.”
  • “List employees who haven’t completed offboarding yet.”
  • “Mark the AWS audit task on Sarah’s account as done.”
  • “Export our SOC 2 evidence bundle for the upcoming audit.”
The AI assistant figures out which tools to call. Your team types the request and reviews the result.

Get an API key

  1. Sign in to Comp AI.
  2. Open Settings → API Keys.
  3. Click Create new key. Scope it to the actions the AI assistant should be allowed to take.
  4. Copy the key (it starts with comp_…) — you will paste it into your AI client’s config once.
The API key carries your existing RBAC and permissions. The AI assistant can only do what your role can do in the dashboard.

Install per AI client

You don’t manually download anything. The Comp AI MCP server is distributed as a public npm package — @trycompai/mcp-server — and every install path below uses npx -y (or a one-click button / drag-and-drop bundle) to fetch it on demand the first time your AI client starts a session. New versions are picked up automatically on the next session. Pick the tab for your client. Each tab shows the easiest install path first, with a manual JSON option below for advanced setups.
The npx -y @trycompai/mcp-server command you’ll see throughout is what handles the download. Your AI client runs it in the background when you start a chat; npm fetches the latest published version from npmjs.com and caches it locally. Nothing for you to install manually.
Easiest path — drag-and-drop install:
  1. Download the latest mcp-server.mcpb bundle from our GitHub Releases page.
  2. Drag the .mcpb file directly onto the Claude Desktop window.
  3. Claude Desktop shows an install prompt — confirm, then paste your Comp AI API key in the extension settings.
  4. Restart any open chats. Comp AI tools are now available.
No JSON editing required.
If you prefer to manage claude_desktop_config.json yourself, open Settings → Developer → Edit Config and merge:
{
  "mcpServers": {
    "comp-ai": {
      "command": "npx",
      "args": [
        "-y",
        "@trycompai/mcp-server",
        "start",
        "--apikey",
        "comp_…your_key_here…"
      ]
    }
  }
}
Fully quit and reopen Claude Desktop.
That’s it. The first time you start a chat in your AI client after install, the assistant will discover the Comp AI tools and start using them.

Verify it worked

Open a fresh chat in your AI client and ask:
“List my open compliance tasks.”
If the install succeeded, the AI will call Comp AI’s list-tasks tool and return tasks from your organization. If you see no tool calls or an authentication error, jump to Troubleshooting below.

Troubleshooting

Most common causes:
  • You didn’t fully quit and reopen your AI client after the install. Closing the window isn’t enough — quit it from the menu / dock and reopen.
  • The JSON config has a syntax error. Mintlify can validate this if you paste it into any JSON linter.
  • For Claude Desktop: confirm claude_desktop_config.json was saved to the right path: ~/Library/Application Support/Claude/ on macOS, %APPDATA%\Claude\ on Windows.
  • Confirm your API key starts with comp_… and you copied the full string (these keys are long).
  • Confirm the key hasn’t been revoked in Comp AI → Settings → API Keys.
  • Confirm the key’s role has permission for the action you’re asking the AI to take.
The MCP server runs via npm + Node.js. If your machine doesn’t have Node 18+ installed, install it from nodejs.org and restart your AI client.
Open Chrome / Safari DevTools (or your client’s debug log) and inspect the network response. Common causes:
  • Your role lacks the permission for that endpoint (RBAC enforced server-side).
  • You’re on a custom plan that doesn’t include the feature being called.
  • The Comp AI API is briefly unavailable — try again in a moment or check status.

What your AI assistant can do

The MCP server publishes tools across the Comp AI surface:
AreaExamples
Evidence and tasksList tasks, upload evidence, complete checklist items, export audit bundles
PoliciesList policies, generate drafts, publish versions, attach PDFs
Security questionnairesUpload, parse questions, generate answers, export reviewer-ready files
Frameworks and controlsInspect SOC 2 / ISO 27001 / HIPAA / GDPR coverage and missing evidence
Integrations and cloud securityConnect AWS, Azure, GCP and other providers; run checks; review findings
Vendors and risksList vendors, manage assessments, track risk and remediation
People and devicesInvite members, manage offboarding, inspect device compliance
Trust CenterReview and approve Trust Access requests, manage shared documents
Some endpoints are intentionally not exposed to AI clients for security or compatibility reasons — for example, anything that rotates raw credentials, and a small number of long-lived streaming endpoints that don’t fit the request/response shape AI clients expect. The web UI continues to support those flows directly.

Common workflows

Generate questionnaire answers

Ask your AI to upload a vendor questionnaire and produce answers grounded in your policies.

Connect a cloud account

Ask the AI to connect AWS, Azure, or GCP — you provide the auditor role ARN; the AI handles the rest.

Run integration checks

Trigger and inspect compliance checks across your connected providers in plain language.

Manage tasks and evidence

Pull open tasks, attach evidence, and mark items complete from inside your AI assistant.

Security

  • Your API key, your scope. The MCP server runs locally on your machine and authenticates to the Comp AI API using the key you paste. It carries the same permissions you configured for that key — no escalation.
  • Multi-tenant safety. Every request is scoped to the organization the API key belongs to. The AI cannot read or modify data belonging to other Comp AI organizations.
  • Secrets stay on your machine. Your API key lives in your AI client’s local config file. It is never sent to Comp AI, npm, or any third party except your own AI client’s vendor.
  • Sensitive endpoints are hidden. Endpoints that handle raw secrets (credential rotation, vault material) are deliberately excluded from the MCP tool surface. They remain available in the Comp AI web UI for human operators only.
  • All actions are logged. Mutations performed through the MCP server appear in your Comp AI audit log marked with API-key authentication, so you can review who did what.

When to use the MCP server vs the API

If you want to…Use
Operate your compliance program day-to-day with help from an AI assistantMCP server
Build a custom internal tool, dashboard, or one-off automationComp AI API directly
Pipe Comp AI data into your data warehouse on a scheduleAPI directly
Onboard a new auditor or external reviewer to your Trust CenterComp AI web UI
The MCP server and the public API hit the same endpoints with the same RBAC — the only difference is the consumer (an AI assistant vs your own code).

FAQ

No. The server runs locally on each user’s machine via npx. Comp AI hosts nothing on your behalf, and you do not need to deploy or maintain any infrastructure.
No. The server is a thin translator between your AI client and the Comp AI API at https://api.trycomp.ai. An internet connection is required.
Yes. Each teammate installs the MCP server on their own machine with their own Comp AI API key. Their actions are independently authenticated and audit-logged.
You can still use the Comp AI API directly. The MCP server is an additional way to interact with the same endpoints — it doesn’t replace anything.
New tools and improvements ship with each Comp AI release. Because npx -y always pulls the latest published version, your AI client picks up new tools automatically the next time it starts the MCP server.

Resources