LLM Client · Cursor

Cursor

Add Draxis to Cursor’s MCP config so the in-IDE Composer / Chat can pull your risk register, KRIs, and AI proposal queue alongside your code.

type: MCP server auth: PAT (recommended) or OAuth 2.1 scopes: read, read + write

Recommended path: Personal Access Token

Cursor accepts arbitrary Bearer tokens in its mcp.json config, which makes the PAT path the simplest setup. Skip OAuth unless your organization mandates it.

  1. In Draxis, open Settings → API Tokens and click New token. Name it “Cursor”, pick a 90-day expiry, pick a scope (read for query-only, read + write if you want Composer to push evidence to the AI Drop Zone or trigger integration runs), and copy the token plaintext, you’ll see it once.
  2. In Cursor, open Settings → MCP (Cmd/Ctrl+Shift+J → search “MCP”) and click Add MCP server.
  3. Pick HTTP transport and paste: 
    {
  "draxis": {
    "url": "https://app.draxis.ai/api/mcp",
    "headers": {
      "Authorization": "Bearer drx_pat_."
    }
  }
}
  4. Enable the server. Cursor will negotiate the MCP handshake and list Draxis tools in the Composer tools picker.
  5. Open Composer / Chat and ask “What are my Draxis risks?”

Alternate path: OAuth

For organizations that require OAuth (so revocation goes through Draxis’s Connected Apps screen instead of the API Tokens screen):

  1. In Cursor MCP settings, choose OAuth as the auth method when adding the server.
  2. Cursor will open Draxis’s consent page in your browser. Sign in, pick the tenant, and approve the requested scopes (mcp:read for query-only; add mcp:write to enable AI Drop Zone submission and integration runs).
  3. Cursor stores the access + refresh tokens securely; you don’t paste anything.

Available tools

Same tool surface as every other MCP client. Nine read tools: list_kris, get_kri, list_controls, list_risks, list_outcomes, list_vendors, get_asset_inventory, list_simulations, list_integrations. Two write tools (require read write on a PAT or mcp:write on an OAuth token): submit_dropzone_artifact, run_integration. See the full reference table for what each returns.

Managing access

If you used a PAT, revoke it from Settings → API Tokens in Draxis. If you used OAuth, revoke from Settings → Connected Apps.

Troubleshooting

  • “MCP server didn’t respond”, verify the URL ends in /api/mcp, and that the bearer token has the right tenant prefix (drx_pat_<tenant-slug>.).
  • “Invalid token”, the PAT was revoked or expired. Mint a new one.
  • Tools don’t show up in Composer, restart Cursor after editing mcp.json; Cursor reads the config on launch.
  • Still stuck? Open a ticket.

Other LLM clients

See Claude Desktop, Claude Code, ChatGPT Connectors, VSCode + Copilot.