ComplianceCow MCP Server

$npx -y @compliancecow/cow-mcp
README.md

Retrieve compliance insights, dashboard data, and auditable evidence.

ComplianceCow MCP Servers

Introduction

MCP (Model Context Protocol) servers are designed to process structured requests from AI agents, perform domain-specific operations, and return context-aware responses. The ComplianceCow MCP servers enable seamless integration with MCP-compatible hosts like Claude Desktop and Goose Desktop/CLI for secure, modular, and intelligent compliance automation.

Glossary

Keyword Description Example
Control A compliance or security control that needs to be implemented to ensure adherence to regulations, standards, and policies Ensure MFA is enabled for all users
Assessment A collection of controls organized hierarchically, representing an industry standard or cybersecurity framework PCI DSS 4.0
Assessment Run The verification of controls in an assessment for a given time period, including evidence collection -
Check A rule or verification for compliance or conformance Check if MFA is enabled for all AWS users
Resource Type Category or class of resources AWS EC2, AWS S3
Resource Instance of a resource type for which checks are performed Specific EC2 instances, GitHub repositories
Asset A group of resources of various types AWS services, Kubernetes, GitHub
Evidence Data aggregated through checks against resources for a given control CSV file with AWS users and their MFA status
Action Activity (automated or manual) to respond or remediate based on conditions Create a JIRA ticket for non-compliant EC2 instance
Rule A reusable automation unit that executes tasks and generates evidence AWS MFA Compliance Check Rule
Workflow An event-driven automation sequence with conditions and activities Alert workflow on critical finding

Architecture

The ComplianceCow MCP servers support the STDIO transport mechanism for seamless local integration with your MCP host. At the core is the Compliance Graph, which continuously ingests data such as assessment runs, evidence, and compliance status. The server actively pulls information from:

  • Vector stores for semantic search
  • Relational databases for structured data
  • Graph databases for relationship queries
  • File storage systems for evidence artifacts

MCP Servers

We have organized ComplianceCow’s MCP tools into 4 distinct servers.

Why multiple MCP servers? In the MCP ecosystem, using fewer tools per server yields better results and better performance. Each server can be enabled independently via the MCP_TOOLS_TO_BE_INCLUDED environment variable. Important: Enable only one server at a time in the MCP Host to avoid tool name conflicts. Some tools share the same name across servers but have different implementations based on the use case.

1. ComplianceCow-Rules

The Rules server enables creating, managing, and executing compliance rules. It provides a comprehensive toolkit for rule creation with guided input collection, task orchestration, and ComplianceCow integration.

Use Cases:

  • Create custom compliance rules with multiple tasks
  • Execute rules against cloud infrastructure
  • Publish rules to ComplianceCow and attach to controls
  • Generate rule documentation (design notes, README)

2. ComplianceCow-Insights

The Insights server provides comprehensive access to compliance data, dashboards, assessments, and evidence through the Compliance Graph. Ideal for querying and analyzing compliance posture.

Use Cases:

  • Query dashboard data for compliance overview
  • Explore assessments and their runs
  • Retrieve evidence and compliance status
  • Execute Cypher queries on the Compliance Graph
  • Perform actions on controls and evidence

3. ComplianceCow-Workflow

The Workflow server enables building and executing automated compliance workflows with event-driven triggers, conditions, and activities.

Use Cases:

  • Create automated compliance workflows
  • Define event triggers and conditions
  • Execute multi-step workflow sequences
  • Manage workflow states and transitions

4. ComplianceCow-Assistant

The Assistant server specializes in assessment configuration, control setup, and SQL-based evidence collection. It provides tools for configuring compliance assessments and managing control evidence.

Use Cases:

  • Create and configure assessme

Tools (5)

query_dashboardQuery dashboard data for compliance overview and posture analysis.
explore_assessmentsExplore assessments and their runs to understand compliance status.
retrieve_evidenceRetrieve evidence and compliance status for specific controls.
execute_cypher_queryExecute Cypher queries on the Compliance Graph for relationship analysis.
create_compliance_ruleCreate custom compliance rules with multiple tasks and guided input.

Environment Variables

MCP_TOOLS_TO_BE_INCLUDEDrequiredSpecifies which of the 4 servers to enable (Rules, Insights, Workflow, or Assistant).
COW_API_KEYrequiredAPI key for ComplianceCow platform authentication.
COW_BASE_URLrequiredThe base URL for the ComplianceCow API.

Configuration

claude_desktop_config.json
{
  "mcpServers": {
    "compliancecow-insights": {
      "command": "npx",
      "args": ["-y", "@compliancecow/cow-mcp"],
      "env": {
        "MCP_TOOLS_TO_BE_INCLUDED": "ComplianceCow-Insights",
        "COW_API_KEY": "your_api_key_here",
        "COW_BASE_URL": "https://api.compliancecow.com"
      }
    }
  }
}

Try it

Show me a summary of our current compliance posture from the dashboard.
Find all non-compliant EC2 instances and retrieve the evidence for the MFA control.
Run a Cypher query on the Compliance Graph to find relationships between AWS S3 buckets and PCI DSS controls.
Create a new compliance rule that checks if MFA is enabled for all AWS users.
List the latest assessment runs for the PCI DSS 4.0 framework.

Frequently Asked Questions

What are the key features of ComplianceCow?

Compliance Graph integration for querying relationships between assets and controls.. Automated remediation actions including policy fixing and ticket creation.. Support for multiple specialized servers: Rules, Insights, Workflow, and Assistant.. Evidence collection from vector stores, relational databases, and graph databases.. STDIO transport mechanism for local integration with MCP hosts..

What can I use ComplianceCow for?

Security teams querying dashboard data for a real-time compliance overview.. Auditors retrieving evidence artifacts and compliance status for specific assessment runs.. DevOps engineers creating automated compliance rules to execute against cloud infrastructure.. Compliance officers building event-driven workflows for automated remediation of findings..

How do I install ComplianceCow?

Install ComplianceCow by running: npx -y @compliancecow/cow-mcp

What MCP clients work with ComplianceCow?

ComplianceCow works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Use ComplianceCow with Conare

Manage MCP servers visually, upload persistent context, and never start from zero with Claude Code & Codex.

Try Free

Related MCP Servers

SSH MCP Server
Securely execute shell commands on remote Linux and Windows systems via SSH
cloud310 stars
Google Photos MCP Server
Search, browse, and retrieve metadata and images from your Google Photos library.
cloud13 stars
AWS SSO MCP Server
Connect AI assistants to AWS infrastructure through AWS IAM Identity Center
cloud11 stars
Terry-Form MCP
Production-ready Terraform automation with comprehensive LSP integration
cloud6 stars
HashiCorp Vault MCP Server
Securely manage HashiCorp Vault secrets and ACL policies through MCP.
cloud6 stars
AWS MCP Server
Interact with core AWS services like S3, EC2, RDS, and CloudWatch through Claude.
cloud3 stars