Novo · mcp.brickgrc.com

Deixe o seu agente de IA
conduzir a sua auditoria.

Aceda a todas as capacidades do BrickGRC a partir do Claude Desktop, ChatGPT, Cursor ou qualquer host compatível com MCP. O seu agente orquestra o ciclo de auditoria: instala templates, carrega evidência, dispara o scoring e exporta relatórios. O motor de IA instalado no BrickGRC é quem executa o scoring no servidor, sob o seu log de auditoria.

EU-resident hosting OAuth 2.1 + PKCE Personal API keys 52 tools, every brick
Connect in 60 seconds Book a Demo
O que o seu agente pode fazer

Todas as capacidades da plataforma,
invocáveis como ferramenta.

Se algo é possível no BrickGRC, o seu agente de IA também consegue fazê-lo via MCP. 52 ferramentas cobrindo todo o ciclo de auditoria, da instalação do template ao relatório final.

Browse & build engagements

List templates, install framework bricks (single or multi-framework), spin up new engagements, update them, close them. The agent owns the lifecycle.

Trigger scoring & manage state

Queue maturity-scoring jobs (BrickGRC's installed AI engine runs them server-side under your audit log and BYO key), fetch results, apply state transitions, override risk, snapshot gap analyses. Async jobs surface with explicit status.

Upload & auto-link evidence

Upload documents over the wire (path or base64), trigger AI auto-linking against controls, rescan the document set, read or replace content in place.

Export audit-ready reports

Final audit report, evidence bundle, gap-analysis snapshot, remediation snapshot. All returned as single-use signed download URLs, scoped to your engagement.

Configure custom templates

Build your own framework brick programmatically: create templates, state flows, transitions, controls. Compose them into engagements end-to-end.

Projects, risk & employees

Manage engagement projects, override risk scores, match employees to controls, suggest control statuses. The operational layer your agent needs to actually finish the audit.

Standard aberto

Construído sobre o Model Context Protocol.

O MCP é o standard aberto para uso de ferramentas por agentes de IA, adoptado por todos os hosts relevantes. Configure uma vez. Qualquer cliente MCP liga-se ao BrickGRC da mesma forma.

Claude Desktop
ChatGPT Connectors
Cursor
Continue.dev
Any MCP client
Conecte em 60 segundos

Duas formas de autenticar.

Pick the flow that fits your team.

OAuth (recommended): sign in once through your normal BrickGRC login. Your agent gets scoped, revocable access.

Personal API key: mint a token in the app, paste it into your host's config. Static and simple.

What you get

A one-time consent flow through your normal BrickGRC login (Google, Microsoft, SAML, SSO and 2FA all work). Your agent gets a scoped, revocable token that respects your RBAC role.

Host config

// add this entry to your MCP host's config { "mcpServers": { "brickgrc": { "url": "https://mcp.brickgrc.com/mcp" } } }

Then

  1. Restart your MCP host
  2. In its connector settings, open BrickGRC and click Connect
  3. Sign in with your BrickGRC account, approve the scope, done

Mint a key

  1. Open app.brickgrc.com and go to API Keys
  2. Click Create new key, name it (for example, "Claude Desktop on MacBook")
  3. Copy the zpl_ token (shown once, save it in a password manager)

Host config

{ "mcpServers": { "brickgrc": { "url": "https://mcp.brickgrc.com/mcp", "headers": { "Authorization": "Bearer zpl_your_key_here" } } } }
Segurança

Defaults sensatos. Difícil de usar mal.

The same security model that protects your BrickGRC account protects every agent connection. Revoke a key, kill an agent.

OAuth 2.1 + PKCE

Authorisation Code with S256 PKCE. No paste-your-key flow on supported hosts. Your agent runs through your real BrickGRC login.

Hashed at rest

Personal keys SHA-256 hashed; OAuth-issued keys AES-256-GCM encrypted server-side. Plaintext never touches disk.

Scoped to your role

Every agent action runs through the same RBAC permissions your user has in the UI. An agent can't escalate beyond what you can do.

Per-key rate limits

Default 120 requests/min per key, tunable. Stops a runaway agent from burning your AI budget overnight.

One-click revocation

Revoke a key in the BrickGRC UI; every active session for that key is cut within seconds, OAuth tokens included.

EU-resident hosting

Frankfurt, like the rest of BrickGRC. No data leaves the EU. GDPR + Schrems II clean.

Catálogo completo

52 ferramentas, onze grupos.

A full inventory of what your agent can call. Each tool is a thin wrapper around the same BrickGRC API your UI uses. Same RBAC, same audit log, same data.

52
Tools available
across the full audit lifecycle
BROWSING · 5
list_engagements · get_engagement · list_milestone_controls · update_engagement · delete_engagement
TEMPLATES & BRICKS · 4
browse_template_store · install_template · list_templates · create_engagement
SCORING · 6
get_control_score · list_cached_scores · rescore_engagement · rescore_controls · score_status · rescore_controls_status
EVIDENCE · 5
list_engagement_documents · upload_evidence · auto_link_evidence_for_document · rescan_engagement_documents · get_gap_analysis_snapshot
CONTROL STATE · 3
get_control_state_flow · list_control_actions · apply_control_action
SNAPSHOTS & CLOSING · 5
take_gap_analysis_snapshot · take_remediation_snapshot · close_engagement · reopen_engagement · close_job_status
REPORTS · 2
download_final_report · download_evidence_bundle
INTELLIGENCE · 5
read_document_content · replace_document · get_executive_summary · get_remediation_tip · admin_override_score
CUSTOM TEMPLATES · 7
create_template · update_template · delete_template · create_state_flow · add_state_to_flow · add_transition_to_flow · configure_template
PROJECTS & RISK · 7
list_projects · create_project · get_risk_summary · override_risk_score · match_employees_to_controls · suggest_control_statuses · apply_control_statuses
IMPORT · 3
export_engagement_scaffold · validate_engagement_import · create_engagement_from_json

Pronto para deixar o seu agente fazer a auditoria?

Demora 60 segundos. Faça login no BrickGRC, conecte através do seu host de IA e veja o seu agente conduzir o ciclo completo, da instalação do brick ao relatório final.

Get a personal key Book a 15-min demo