Ideabug

New: MCP server — connect AI assistants directly to your compliance data

Humadroid now speaks MCP — plug Claude, Cursor, or ChatGPT into your compliance data read-only with a Bearer token.

We've shipped a built-in MCP (Model Context Protocol) server. AI assistants like Claude Code, Claude Desktop, Cursor, and ChatGPT can now read your Humadroid data in real time — no copy-pasting, no exports, no stale snapshots.

What it does

  • 11 read-only tools exposed over SSE:
    • list_projects / get_project
    • list_controls / get_control — filter by project, section, implementation status
    • list_documents / get_document — including document content
    • list_sections / get_section — navigate the section hierarchy
    • list_evidences / get_evidence
    • search — full-text across all compliance data (gated on Global Search)
  • Same permissions as the UI — account-scoped, role-aware. A user over MCP sees exactly what they'd see logged in
  • Read-only by design — no create/update/delete. AI can inspect and summarize, not mutate
  • Cursor-based pagination on list endpoints
  • Rate limited — 100 req/min per token, 429 on excess; brute-force throttling on auth
  • Endpoint: https://.humadroid.io/mcp/sse (SSE transport)

Setup (admin, one-time)

  1. Enable "API & MCP access" in Account Settings (renamed from "API access")
  2. Optional: enable Global Search under Compliance to turn on the search tool

Setup (per user)

  1. Profile → API Tokens → create a token (max 30-day expiry, shown once)
  2. Add the endpoint + Authorization: Bearerto your client

Supported clients with copy-paste configs in the guide:

  • Claude Code — claude mcp add humadroid --transport sse ...
  • Claude Desktop — either the Connectors UI (paste URL, use token as OAuth secret) or mcp-remote bridge
  • Cursor — .cursor/mcp.json with ${env:HUMADROID_API_TOKEN}
  • ChatGPT — via Settings → Connectors (Pro/Plus/Business/Enterprise/Edu)
  • Any MCP-compatible client — SSE + Bearer token

Try it
Ask your assistant things like:

  • "Show me ISO 27001 controls that aren't implemented yet"
  • "Find the access control policy and summarize it"
  • "What evidence do we have for A.8.1?"
  • "Give me a progress report on our SOC 2 project"

Full setup guide in our help center — covers all clients, troubleshooting, and security notes.