Metadata-Version: 2.4
Name: axiome-mcp
Version: 0.1.0
Summary: Axiome Compliance MCP Server — 138 SOC 2/ISO 27001/HIPAA tools for AI coding assistants
Project-URL: Homepage, https://withaxiome.com
Project-URL: Documentation, https://withaxiome.com/docs
Project-URL: Repository, https://github.com/axiome-compliance/axiome-mcp
Author: Axiome Compliance
License: MIT
Keywords: audit,compliance,hipaa,iso27001,mcp,security,soc2
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.11
Requires-Dist: fastmcp>=3.0
Requires-Dist: httpx>=0.27
Requires-Dist: pydantic>=2.0
Requires-Dist: structlog>=24.0
Description-Content-Type: text/markdown

# Axiome MCP Server

SOC 2 compliance companion for Claude Code, Codex, and AI coding assistants.

## What it does

Three tool categories:

**Compliance Tools (12)** — Read your compliance posture from the Axiome platform
- `get_compliance_status` / `get_next_action` — readiness score, what to fix next
- `list_security_findings` / `get_finding_detail` — findings with remediation
- `list_compliance_controls` / `list_policies` / `list_evidence`
- `list_vendors` / `list_risks` / `list_alerts`
- `list_cloud_resources` / `get_integrations`

**Action Tools (6)** — Take action from your IDE
- `ask_compliance_question` — AI compliance advisor
- `trigger_scan` / `fix_finding` — scan or auto-fix infrastructure
- `complete_action_card` — mark remediation done
- `generate_policy` — AI-generate security policies
- `add_vendor` — add vendors with auto cert lookup

**Knowledge Tools (4)** — SOC 2 expertise, no backend needed
- `explain_soc2_criteria` — "What does CC6.1 require?"
- `lookup_check` — full check detail with remediation CLI + Terraform
- `search_checks` — find checks by service, severity, criteria, keyword
- `get_remediation` — step-by-step fix instructions

## Quick Setup

```bash
cd mcp_server && pip install -e .
```

Add to `.claude/settings.json`:

```json
{
  "mcpServers": {
    "axiome": {
      "command": "axiome-mcp",
      "env": {
        "AXIOME_API_URL": "https://api.yourdomain.com",
        "AXIOME_API_KEY": "your-service-token",
        "AXIOME_ORG_ID": "your-org-id",
        "AXIOME_PROGRAM_ID": "your-program-id"
      }
    }
  }
}
```

## Example usage in Claude Code

```
> What security issues do I have?
→ calls list_security_findings(status="FAIL")

> How do I fix the S3 public access finding?
→ calls get_remediation("s3_bucket_public_access")

> What SOC 2 control does MFA map to?
→ calls explain_soc2_criteria("CC6.1")

> What checks apply to IAM?
→ calls search_checks("iam")

> Fix the CloudTrail log validation issue
→ calls fix_finding("finding-id-here")

> Am I ready for audit?
→ calls get_compliance_status() + ask_compliance_question("Am I ready?")
```

## Architecture

```
Claude Code / Codex / Cursor
        │
        │ MCP (stdio)
        ▼
  ┌──────────────┐
  │  axiome-mcp   │  ← 22 tools (12 read + 6 action + 4 knowledge)
  │  (FastMCP v3) │
  └──┬────────┬───┘
     │        │
     │        └── Knowledge tools: embedded, no API call
     │
     │ HTTP + API key
     ▼
  ┌──────────────┐
  │ Axiome Backend │  ← FastAPI + Prowler + Claude
  │  (Railway)    │
  └──────────────┘
```
