LLM Client · Anthropic CLI

Claude Code

Add Draxis to Claude Code (the Anthropic CLI / IDE-extension agent) so coding sessions can pull risk and control context alongside the codebase.

type: MCP server auth: PAT or OAuth 2.1 scopes: read, read + write

Recommended path: Personal Access Token

Claude Code accepts bearer tokens for HTTP MCP servers via the claude mcp add command, the simplest setup.

  1. In Draxis, Settings → API Tokens → New token. Name it “Claude Code”, pick a scope (read for query-only sessions, read + write if you want Claude to submit evidence to the AI Drop Zone or trigger integration runs), copy the plaintext.
  2. In your terminal, register the MCP server: 
    claude mcp add --transport http draxis https://app.draxis.ai/api/mcp \
  --header "Authorization: Bearer drx_pat_<tenant>.<token>"
  3. Verify with claude mcp list, you should see draxis with status connected.
  4. In any Claude Code session, the Draxis tools are available automatically. Try: “Use the draxis MCP server to list our top risks.”

Alternate path: OAuth

For org-wide deployments where you want OAuth-based revocation:

  1. Run claude mcp add --transport http draxis https://app.draxis.ai/api/mcp (no header).
  2. Claude Code detects the OAuth challenge, opens a browser for the consent flow, you sign in, pick a tenant, and approve.
  3. Claude Code stores the tokens in its local credential store; refresh happens automatically.

Scoping per project

Claude Code supports per-project MCP servers via .claude/mcp.json. Useful if different repos relate to different Draxis tenants:

{
  "mcpServers": {
    "draxis": {
      "url": "https://app.draxis.ai/api/mcp",
      "headers": {
        "Authorization": "Bearer drx_pat_acme.<token>"
      }
    }
  }
}

Available tools

Same tool surface as every other MCP client. Nine read tools:

list_kris, get_kri, list_controls, list_risks, list_outcomes, list_vendors, get_asset_inventory, list_simulations, list_integrations

Two write tools (require a read write-scoped PAT, or mcp:write on an OAuth token):

submit_dropzone_artifact, run_integration

See the full reference table on the Claude Desktop page for what each tool returns. The set is identical across MCP clients.

Pattern: scheduled pull into the AI Drop Zone

One of the high-value uses of the write scope is running Claude Code on a cron (or via Claude Cowork) to pull data from a tool that doesn’t have a Draxis connector yet, summarize or normalize it, and push it into the AI Drop Zone for KRI extraction.

The shape of such a session:

  1. Call list_integrations to find the Drop Zone integration id (rows where isDropZone is true).
  2. Pull the source data (run a CLI, fetch an export, query an API, scrape a regional console).
  3. Call submit_dropzone_artifact with the integration id and the pulled text. Filename and mimeType are optional but help the audit trail.
  4. Call run_integration on the same integration id to materialize accepted extractions into KRIs immediately.

The extractor pipeline handles the rest: high-confidence proposals auto-accept under your tenant’s autonomy band, lower-confidence ones land in the Pending Extraction Review queue for human review. Every artifact is SHA-256 deduped per integration, so a re-run that pulls the same data twice is a no-op.

Troubleshooting

  • claude mcp list shows status error, run claude mcp test draxis to see the underlying HTTP error.
  • “401 Unauthorized”, the bearer token format is drx_pat_<tenant-slug>.<hex>. Make sure both halves are present.
  • Still stuck? Open a ticket.

Other LLM clients

See Claude Desktop, ChatGPT Connectors, Cursor, VSCode + Copilot.