MCP Server

The Recoger MCP Server enables AI assistants like Claude and ChatGPT to query your compliance data directly. Ask "Are all our laptops encrypted?" and get a real answer from your actual data.

What is MCP?

The Model Context Protocol (MCP) is an open standard that allows AI assistants to securely access external data sources. Recoger's MCP server exposes your compliance data through this protocol.

This is what "AI-first" means for Recoger: not AI features bolted onto a human interface, but AI agents as first-class users of the platform.

Use Cases

  • Natural language queries — "Which devices are non-compliant?"
  • Audit preparation — "Generate evidence for ISO 27001 A.8.24"
  • Remediation guidance — "How do I enable BitLocker on dev_abc123?"
  • Status checks — "What's our current compliance score?"
  • Notifications — "Send a reminder to users with non-compliant devices"

Quick Start

1. Generate an API Key

In the Recoger dashboard, go to Settings → API Keys and create a new key with MCP scope.

2. Configure Your AI Assistant

Add Recoger to your AI assistant's MCP configuration.

Claude Desktop:

{
  "mcpServers": {
    "recoger": {
      "transport": "sse",
      "url": "https://mcp.recoger.app/sse",
      "headers": {
        "Authorization": "Bearer rk_mcp_..."
      }
    }
  }
}

3. Start Asking Questions

Once connected, you can ask your AI assistant questions about your Recoger data:

  • "Show me all non-compliant devices"
  • "What's the compliance status of alice@example.com's laptop?"
  • "Which services are overdue for review?"
  • "Generate an ISO 27001 compliance summary"

Resources

MCP Resources are read-only data that AI assistants can access.

recoger://devices

Summary of all devices with compliance status.

{
  "total": 47,
  "compliant": 43,
  "non_compliant": 3,
  "unknown": 1,
  "by_platform": {
    "macos": 28,
    "windows": 15,
    "linux": 4
  },
  "devices": [...]
}

recoger://devices/{device_id}

Detailed information for a specific device including all compliance checks.

recoger://compliance/summary

Overall compliance posture summary.

{
  "overall_status": "mostly_compliant",
  "score": 91,
  "devices": {
    "total": 47,
    "compliant": 43,
    "compliance_rate": 91.5
  },
  "frameworks": {
    "iso27001": { "coverage": 87, "gaps": 3 },
    "soc2": { "coverage": 92, "gaps": 1 }
  }
}

Tools

MCP Tools allow AI assistants to perform actions and complex queries.

query_compliance

Query compliance status with natural language or structured filters.

// Natural language
{
  "query": "Which engineering laptops are missing disk encryption?"
}

// Structured filters
{
  "filters": {
    "compliance_status": "non_compliant",
    "platform": "windows"
  },
  "include_details": true
}

generate_evidence

Generate audit-ready evidence for a specific compliance control.

{
  "framework": "iso27001",
  "control": "A.8.24",
  "format": "narrative"
}

Returns a narrative summary suitable for audit documentation:

{
  "control": {
    "id": "A.8.24",
    "name": "Use of cryptography",
    "framework": "ISO 27001:2022"
  },
  "status": "substantially_compliant",
  "coverage": {
    "total_devices": 47,
    "compliant_devices": 45,
    "percentage": 95.7
  },
  "narrative": "As of January 4, 2026, 95.7% of endpoint devices..."
}

send_reminder

Send compliance reminders to device owners.

{
  "target": "non_compliant",
  "message": "Please enable disk encryption by Friday.",
  "urgency": "important",
  "dry_run": true
}

get_remediation

Get detailed remediation instructions for a device's compliance issues.

{
  "device_id": "dev_abc123",
  "format": "step_by_step"
}

Authentication

MCP connections authenticate using API keys with MCP scope. Generate keys in Settings → API Keys.

Scope Access
mcp:read Read devices, services, compliance data
mcp:write Send reminders, trigger actions

Security

  • Tenant isolation — All queries are scoped to your tenant. No cross-tenant access is possible.
  • Permission model — MCP respects the same RBAC as the REST API.
  • Audit logging — All MCP operations are logged with agent metadata.
  • Rate limiting — Same limits as the REST API apply.

Self-Hosted Option

For airgapped or high-security environments, you can run the MCP server locally: 

# Clone the MCP server
git clone https://github.com/komplyone/recoger-mcp-server

# Configure
export RECOGER_API_KEY=rk_live_...

# Run
uv run src/main.py

Then configure your AI assistant to connect via stdio transport instead of SSE.

Example Conversations

Compliance Check

You: Are all our devices compliant?

Claude: Based on your Recoger data, 43 of 47 devices (91.5%) are compliant. 3 devices have issues: two Windows laptops missing BitLocker encryption and one Linux workstation with an outdated OS. Would you like details on remediation?

Audit Preparation

You: We have an ISO 27001 audit next week. What should I focus on?

Claude: Looking at your compliance data, I'd prioritize these gaps:
1. A.8.24 (Cryptography): 2 devices missing disk encryption — critical
2. A.8.8 (Updates): 1 device running outdated OS — high
All other Annex A controls related to endpoint security show full coverage. Want me to generate the evidence documentation?

Remediation Help

You: How do I fix the encryption issue on dev_def456?

Claude: That's a Windows 11 laptop. Here's how to enable BitLocker:
1. Open Settings → Privacy & security → Device encryption
2. Click "Turn on" next to BitLocker
3. Choose Microsoft account for recovery key backup
4. Select "Encrypt entire drive" and "New encryption mode"
5. Click "Start encrypting" and restart when prompted
Recoger will verify the change within 15 minutes of the next check-in.

Support

Having trouble with the MCP integration? Contact us at support@recoger.app.