Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.coverbase.com/llms.txt

Use this file to discover all available pages before exploring further.

The Coverbase MCP server lets AI assistants and agentic tools query and manage your third-party risk and procurement program through natural conversation. Ask about vendors, assessments, findings, contracts, obligations, and subprocessor exposure, and the assistant pulls answers directly from your Coverbase account, scoped to your permissions. The server implements the Model Context Protocol, an open standard for connecting AI assistants to external systems. It works with any MCP-compatible client.

Supported clients

Claude

claude.ai web, Claude Desktop, Claude for Chrome

Claude Code

Anthropic’s command-line agentic coding tool

Cursor

The AI-native IDE

Cline

The VS Code coding agent

Goose

Block’s open-source AI agent

MCP Inspector

The official Anthropic debugging client
If your tool speaks MCP over OAuth 2.0 with Streamable HTTP transport, it will work with our server. Email support@coverbase.ai if you’d like us to add yours to the test matrix.

What you can do

The server exposes 65 tools across read and write capabilities.
Search vendors by name, status, tier, owner, or tags. Pull a full vendor profile in one call: people, assessments, findings, contracts, engagements, obligations, radar alerts, security cases, and SOC 2 documents. Surface portfolio-wide views including highest-risk vendors, evidence health, and assessment metrics.
Search assessments by vendor, status, or assignee. Get full assessment detail in one call: control evaluations, findings with titles, people, supporting documents. List control sets, controls within a set, and per-control evaluation results. Start new assessments, update fields, and manage assessment plans.
Search findings scoped to a vendor or assessment, or org-wide, with full titles, categories, assignees, due dates, and status. List follow-ups attached to assessments. Search and update obligations extracted from vendor documents. Create new findings or obligations with explicit confirmation.
Search contracts by vendor or status, and get full contract detail. List vendor engagements and vendor documents (evidence files) for a vendor or org-wide. Get evidence health summaries.
Search across all vendors’ SOC 2 reports and custom relationships to find which vendors depend on a specific nth-party. The question that takes hours in most TPRM tools and seconds here: “which of our vendors use AWS as a subprocessor?”
List radar alert events for a single vendor or across the org. List and update radar detectors configured for the org.
Get a comprehensive org activity digest in one call: recent assessments, open findings, radar alerts, audit trail entries, and notifications. List the audit trail for any supported object.
List and add notes on any platform object. List and update tags, custom field configurations, custom field values, workflow automations, and assessment plans.
Every tool that creates, updates, or deletes data requires a confirm parameter set to true. The assistant is expected to surface the proposed change in chat and wait for your approval before executing. This human-in-the-loop pattern applies uniformly across all write tools.

Server endpoint

https://mcp.coverbase.app/mcp

Connecting

Claude Desktop

Add as a connector in Settings → Connectors

Claude Code

claude mcp add coverbase https://mcp.coverbase.app/mcp

Cursor

Add as a remote MCP server in Cursor settings

Other clients

Any MCP client with OAuth 2.0 and Streamable HTTP transport

Requirements

  • An active Coverbase account on a plan that includes API access.
  • An MCP-compatible AI assistant or client.
  • The MCP server uses OAuth 2.0. Your permissions in Coverbase determine what the connected assistant can see and do.

Privacy and security

How we handle credentials, what we log, what we don’t retain, and how to revoke access.