# Scytale MCP

> Scytale MCP Server automates security compliance audits for frameworks like SOC2 and ISO 27001. Your AI agent connects directly to your Scytale account, allowing you to check framework status, list controls, retrieve specific evidence files, and review audit logs without leaving your terminal. It turns complex, manual security reviews into simple conversational commands.

## Overview
- **Category:** security-compliance
- **Price:** Free
- **Tags:** compliance-automation, soc2, iso27001, security-audit, evidence-collection

## Description

You're running security audits for SOC2 or ISO 27001? You don't wanna waste time clicking through dashboards. This server lets your AI agent connect straight to your **Scytale** account, giving you command-line access to compliance tools. It handles the heavy lifting so you can review everything—from user permissions to evidence files—without leaving your terminal.

When you need a bird's-eye view of your security posture, the agent uses `get_compliance_status` to fetch your real-time score across every defined framework. You immediately know where you stand against multiple standards.

To check if your controls are holding up, call `list_controls`. This shows you every configured security control in your system and reports its current operational status, letting you instantly see what's passed and what's failed. If you need to dig into a specific piece of evidence for an audit, the agent can get detailed info using `get_evidence` after you provide the ID.

Managing evidence is simple. You can start by running `list_evidence` to pull up every single document stored on the platform. Need to add something new? Just use `upload_evidence`; it accepts both file uploads and external links, keeping your record-keeping airtight. 

For user governance, you have two tools. First, run `list_users` to get a clean list of every account in your Scytale organization. Then, if you wanna check someone's specific access rights or full profile details, you just use `get_user`, passing the username as input.

Keeping tabs on who did what is critical for compliance. To review the entire history of activity within Scytale, the agent calls `get_audit_logs`. This retrieves a complete log detailing every action recorded on your platform over time. If you need to see how permissions changed or which record was accessed and when, this function gives it all to you.

Essentially, if you're dealing with security frameworks, your AI client runs these commands for you: `get_compliance_status` tells you the overall compliance score; `list_controls` inventories every control and its status; `list_users` gathers all accounts; `get_user` checks specific permissions; `list_evidence` shows what files you have; `upload_evidence` lets you get new files into the system; `get_evidence` pulls up details on a single file; and finally, `get_audit_logs` gives you the full historical record of activity.

## Tools

### get_audit_logs
Retrieves a full history of actions recorded on the Scytale platform.

### get_compliance_status
Gets your current compliance score across all defined security frameworks.

### get_evidence
Fetches detailed information about one specific piece of evidence by its ID.

### get_user
Gets the full details and access rights for a specified user account.

### list_controls
Lists all security controls in your system and reports their current operational state (Passed/Failed).

### list_evidence
Retrieves a list of every piece of evidence currently stored on the platform.

### list_users
Lists all user accounts belonging to your Scytale organization.

### upload_evidence
Allows you to upload a new evidence file or provide an external link for record-keeping.

## Prompt Examples

**Prompt:** 
```
Show me the current compliance status for all frameworks.
```

**Response:** 
```
I've retrieved your compliance status. You are currently 85% compliant for SOC2 and 72% for ISO 27001. Would you like to see the specific controls that need attention?
```

**Prompt:** 
```
List all security controls and their current state.
```

**Response:** 
```
Fetching security controls... I found 45 controls. 38 are 'Passed', 4 are 'Failed', and 3 are 'In Progress'. Notable failures include 'Encryption at Rest' and 'MFA Policy'.
```

**Prompt:** 
```
Get the details for evidence item ID 'ev-998877'.
```

**Response:** 
```
Inspecting evidence 'ev-998877'... This item is a 'Policy Document' titled 'Access Control Policy v2'. It was uploaded by Sarah J. on Oct 12th and is currently linked to 3 SOC2 controls.
```

## Capabilities

### Assess overall compliance health
The agent retrieves your real-time compliance score across multiple security frameworks.

### Review audit history and changes
You fetch detailed logs of every action performed within the Scytale platform over time.

### Inventory all security controls
The agent lists every configured security control and reports its current pass/fail state.

### Gather evidence files
You list existing evidence items or upload new documents to satisfy audit requirements.

### Check user permissions
The agent lists organization users and lets you check specific access rights for any individual account.

## Use Cases

### The 'Pre-Audit Panic' Scenario
A Compliance Officer gets a notice that an audit is starting next week. Instead of spending days cross-referencing documents, they ask the agent to run `get_compliance_status` and then follow up by running `list_controls`. The AI aggregates the data, showing exactly which 4 controls are 'Failed'—allowing them to focus their team immediately.

### Onboarding a New System
A Security Engineer installs a new system component. They use `list_controls` to check if the required control is active, and then use `upload_evidence` to attach the technical spec document immediately, proving compliance without manual filing.

### Investigating Suspicious Access
A CTO suspects a user account has been misused. They run `list_users` to find the ID, then use `get_user` to check access rights and review `get_audit_logs` for suspicious activity timestamps—all in one conversation.

### Completing Documentation Requirements
A team member needs proof that a policy was updated. They first use `list_evidence` to find the correct ID, then run `get_evidence` with that ID to pull up the document details and confirm who last uploaded it.

## Benefits

- **Instant Compliance Reports:** Instead of navigating complex dashboards, asking for the `get_compliance_status` immediately tells you where your scores stand across SOC2 or ISO 27001.
- **Targeted Control Checks:** Need to know if 'MFA Policy' is active? Running `list_controls` gives you a quick inventory and status report on specific security controls, pinpointing gaps instantly.
- **Evidence Lifecycle Management:** You don't need to leave your IDE. Use `list_evidence` to see what you have, then `get_evidence` to review the details of a specific item, or `upload_evidence` when you find something new.
- **Full Audit Trail Access:** The `get_audit_logs` tool gives you an immutable record of every platform action. This is critical for proving compliance history during an audit.
- **User Access Review:** Easily check who can do what. Running `list_users` and then `get_user` lets you verify permissions, satisfying crucial governance requirements without opening multiple admin panels.

## How It Works

The bottom line is, you get an immediate security posture assessment without switching dashboards or running manual reports.

1. Subscribe to the Scytale server and input your API Key.
2. Ask your AI client a compliance question (e.g., 'What is my SOC2 status?').
3. The agent executes the necessary tools (`get_compliance_status` or `list_controls`) and returns a plain-language report.

## Frequently Asked Questions

**How do I use `get_compliance_status`?**
Just ask the agent to run `get_compliance_status`. It returns a numerical score and a breakdown for all major frameworks, showing you exactly where your compliance stands right now.

**Can I use `upload_evidence` from my AI client?**
Yes. You send the file or link to the agent using `upload_evidence`. The system then catalogs it and links it to relevant controls, making it instantly available for audits.

**What is the difference between `list_users` and `get_user`?**
`list_users` gives you a roster of every account in your organization. Use `get_user` when you need deep details—like specific permissions or last login dates—for one single user.

**How often should I run `get_audit_logs`?**
You should review the logs regularly, especially after any major system change. Running `get_audit_logs` lets you prove who did what and when, which is key for governance.

**What input does the `get_user` tool require to run?**
It requires a specific, unique User ID. You must pass this identifier (like an email or internal UUID) in the request payload. This ensures your agent pulls data for only the targeted individual, preventing scope creep and unauthorized access.

**What happens if I run `get_evidence` with a non-existent ID?**
The API immediately returns a standard 404 error message. This tells your agent that the evidence item is not in Scytale's database. You can then prompt the user to verify the correct ID or use the `list_evidence` tool first.

**Does `get_compliance_status` track every possible compliance framework?**
It tracks major, recognized frameworks like SOC2 and ISO 27001. While it's comprehensive for common needs, if you need a niche or regional certification status, check the official Scytale documentation.

**Are there limitations when I use `list_controls` to retrieve security controls?**
The endpoint handles large datasets using pagination. Your agent should look for the next page token in the response and loop through results until no more data is returned, ensuring you get the full list.

**Can I check my current compliance status across all frameworks?**
Yes! Use the `get_compliance_status` tool. Your agent will retrieve the current status for all active frameworks like SOC2 and ISO 27001, highlighting your overall progress.

**How do I upload new evidence for an audit requirement?**
Simply use the `upload_evidence` action. You can provide a file reference, a link, and optional metadata to attach the evidence directly to your Scytale account.

**Can I see a history of actions performed within the platform?**
Yes, the `get_audit_logs` tool allows you to retrieve a history of actions performed within Scytale, ensuring full transparency for your security audits.