# Check Point - Workforce AI MCP Server [![License](https://img.shields.io/github/license/CheckPointSW/workforce-ai-mcp.svg?style=plastic)](https://github.com/CheckPointSW/workforce-ai-mcp/blob/release/LICENSE) [![Latest Release](https://img.shields.io/github/v/release/CheckPointSW/workforce-ai-mcp?style=plastic)](https://github.com/CheckPointSW/workforce-ai-mcp/releases) [![npm version](https://img.shields.io/npm/v/@chkp/workforce-ai-mcp.svg?style=plastic)](https://www.npmjs.com/package/@chkp/workforce-ai-mcp) [![Build & Test](https://github.com/CheckPointSW/workforce-ai-mcp/actions/workflows/build.yml/badge.svg)](https://github.com/CheckPointSW/workforce-ai-mcp/actions/workflows/build.yml) [![Publish Package to npmjs](https://github.com/CheckPointSW/workforce-ai-mcp/actions/workflows/release.yml/badge.svg)](https://github.com/CheckPointSW/workforce-ai-mcp/actions/workflows/release.yml) An [MCP (Model Context Protocol)](https://modelcontextprotocol.io/) server that exposes Check Point Workforce AI capabilities as LLM tools — enabling AI assistants to query, analyze, and manage AI & Browse security policies, assets, and applications through natural language. ## Getting started ### Obtaining API credentials 1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys). 2. Click **New** > **New Account API Key**. 3. In the **Service** dropdown select **Workforce AI Security** (and for Browse, **Browse Security**) and create the key. 4. Copy the **Client ID**, **Secret Key**, and **Authentication URL** (gateway). For more information, see [Infinity Portal Administration Guide](https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Infinity-Portal-Admin-Guide/Content/Topics-Infinity-Portal/API-Keys.htm?tocpath=Global%20Settings%7C_____7#API_Keys). ### Available gateways | Region | Gateway URL | |---|---| | Europe | `https://cloudinfra-gw.portal.checkpoint.com` | | United States | `https://cloudinfra-gw-us.portal.checkpoint.com` | ### Environment variables | Variable | Required | Description | |---|---|---| | `CP_CI_CLIENT_ID` | Yes | CloudInfra API key client ID | | `CP_CI_ACCESS_KEY` | Yes | CloudInfra API key secret | | `CP_CI_GATEWAY` | Yes | CloudInfra gateway URL | | `MCP_MODE` | Yes | Transport mode: `stdio` or `http` | | `PORT` | When `http` | HTTP server port | | `WRITE_MODE` | No | Set to `true` to enable write tools (default: `false`).
**Warning:** enabling write mode allows the LLM to create, modify, and delete security policy rules. Use with caution. | ### Running with stdio transport Use stdio mode when connecting directly from an MCP client such as Claude Desktop, VS Code, or Cursor: ```bash CP_CI_CLIENT_ID="your-client-id" \ CP_CI_ACCESS_KEY="your-access-key" \ CP_CI_GATEWAY="https://cloudinfra-gw-us.portal.checkpoint.com" \ MCP_MODE=stdio \ npx @chkp/workforce-ai-mcp ``` #### Claude Desktop configuration Add to your `claude_desktop_config.json`: ```json { "mcpServers": { "workforce-ai": { "command": "npx", "args": ["--yes", "@chkp/workforce-ai-mcp"], "env": { "CP_CI_CLIENT_ID": "your-client-id", "CP_CI_ACCESS_KEY": "your-access-key", "CP_CI_GATEWAY": "https://cloudinfra-gw-us.portal.checkpoint.com", "MCP_MODE": "stdio" } } } } ``` ### Running with HTTP transport Use HTTP mode when running the server as a standalone service: ```bash CP_CI_CLIENT_ID="your-client-id" \ CP_CI_ACCESS_KEY="your-access-key" \ CP_CI_GATEWAY="https://cloudinfra-gw-us.portal.checkpoint.com" \ MCP_MODE=http \ PORT=3000 \ npx @chkp/workforce-ai-mcp ``` The server exposes: - `POST /mcp` — MCP StreamableHTTP endpoint - `GET /health` — Health check ## Capabilities ### Read mode (default) By default, the server starts in **read-only mode**, exposing tools for querying and analyzing policies without making any changes. This is safe for exploration and auditing. #### Policy inspection - **List rulebases** — View all rules for Chats (GenAI DLP), AI Access, Web Access, Agents, Secure Browsing, and DLP policies - **Analyze shadow rules** — Detect rules that are shadowed (never matched) by higher-priority rules - **Simulate policy matching** — Given a user and target, resolve which rule in the rulebase would apply #### Assets and users - **Search assets** — Find managed assets by name or attributes - **Count assets** — Get asset counts with optional filters - **Search users** — Look up users and groups in the organization #### Applications and data types - **Search apps** — Search the GenAI application catalog by name, description, or URL - **Get apps by ID** — Retrieve application details by their IDs - **List DLP data types** — Browse predefined and custom DLP data types - **Get tenant DLP data types** — View data types configured for the tenant #### Policy objects - **List domain objects** — View domain-based policy objects - **List file protection objects** — View file protection configurations ### Write mode To enable write operations, set `WRITE_MODE=true`. This unlocks tools that modify the policy configuration: #### Rule management - **Create rules** — Create new Chats, AI Access, Agents, DLP, and Secure Browsing rules with full policy configuration including actions, services, data types, and user/group assignments - **Edit rules** — Update rule name, description, and other properties - **Activate / deactivate rules** — Toggle rules on or off - **Reorder rules** — Change rule priority in the rulebase - **Delete rules** — Permanently remove rules from the rulebase ## Available tools | Tool | Description | Mode | |---|---|---| | `list_chats_rules` | List all Chats (GenAI DLP) rules. | read | | `list_ai_access_rules` | List all AI Access rules that control which AI services and applications users are allowed to interact with. | read | | `list_web_access_rules` | List all Web Access rules for Browse Security. | read | | `list_agents_rules` | List all Agents (MCP Server) rules that govern agent interactions. | read | | `list_secure_browsing_rules` | List all Secure Browsing threat-prevention rules. | read | | `list_dlp_rules` | List all Browse DLP (Data Loss Prevention) rules for browser security. | read | | `set_rule_info` | Update the display name and description of a rule identified by its UUID. | write | | `set_rule_active` | Enable or disable a rule without deleting it. | write | | `reorder_rule` | Move a rule to a new position in the rulebase. | write | | `delete_rule` | Permanently delete a rule from the rulebase by its UUID. | write | | `create_chats_rule` | Create a new Chats (GenAI DLP) rule. | write | | `create_ai_access_rule` | Create a new AI Access rule that controls which AI services and applications users can interact with. | write | | `create_agents_rule` | Create a new Agents (MCP Server) rule that governs agent interactions. | write | | `create_dlp_rule` | Create a new Browse DLP rule for data loss prevention during web browsing. | write | | `create_secure_browsing_rule` | Create a new Secure Browsing threat-prevention rule. | write | | `set_chats_policy` | Replace the entire policy configuration of a Chats rule (also known as 'Chats' in AI Security UI — POLICY_TYPE_DLP). | write | | `patch_chats_policy` | Deep-merge partial changes into a Chats rule's policy. | write | | `set_access_policy` | Replace the entire policy configuration of an AI Access rule (POLICY_TYPE_ACCESS). | write | | `patch_access_policy` | Deep-merge partial changes into an AI Access rule's policy. | write | | `set_agents_policy` | Replace the entire policy configuration of an Agents rule (also known as 'Agents' — POLICY_TYPE_MCP_SERVER). | write | | `patch_agents_policy` | Deep-merge partial changes into an Agents rule's policy. | write | | `set_secure_browsing_policy` | Replace the entire policy configuration of a Secure Browsing rule (POLICY_TYPE_THREAT_PREVENTION). | write | | `patch_secure_browsing_policy` | Deep-merge partial changes into a Secure Browsing rule's policy. | write | | `set_rule_source` | Replace the full source (user/group assignments) list of a rule. | write | | `set_rule_objects` | Replace all objects attached to a rule for a specific feature. | write | | `list_file_protection_objects` | List all file-protection policy objects. | read | | `update_file_protection_object` | Update an existing file-protection object. | write | | `create_file_protection_object` | Create a new file-protection object. | write | | `list_domains_objects` | List all domains policy objects. | read | | `update_domains_object` | Update an existing domains object. | write | | `create_domains_object` | Create a new domains object containing a list of domain entries for domain-based filtering (allow/block lists). | write | | `delete_object` | Permanently delete a policy object (file-protection or domains) by its UUID. | write | | `get_tenant_dlp_datatypes` | Get the tenant-specific DLP datatype configuration showing which data types are currently enabled for detection in this tenant's policies.. | read | | `search_dlp_datatypes` | Search DLP data types by name or description with pagination. | read | | `analyze_shadow_rules` | Find unreachable (shadowed) rules in a rulebase. | read | | `resolve_matching_rule` | Given a user and target, determine which rule in the rulebase would apply. | read | | `search_assets` | Search deployed assets (endpoints/devices) with optional filtering, sorting, text search, and pagination. | read | | `count_assets` | Get the total count of deployed assets, optionally filtered. | read | | `search_users` | Search users in the organization with optional text search and pagination. | read | | `search_apps` | Search the GenAI apps catalog by name, description, or URL. | read | | `get_apps_by_ids` | Get specific GenAI apps from the catalog by their numeric IDs. | read | | `get_discovered_applications` | List the GenAI applications (e.g. | read | | `get_top_discovered_applications` | Return the top_n GenAI applications by session count between from_date and to_date. | read | | `get_agents_overview` | High-level summary of agentic (MCP) activity for the tenant between from_date and to_date: the number of active AI agents and the number of discovered MCP servers, each with the absolute and percentage change vs the previous period. | read | | `get_agents_top_platforms` | Return the top_n agent platforms (MCP hosts such as Claude Code or Cursor) by tool-invocation count between from_date and to_date. | read | | `get_active_mcp_servers` | List MCP servers that were active (invoked at least once) between from_date and to_date. | read | | `get_inactive_mcp_servers` | List MCP servers that are known to the tenant but had no activity between from_date and to_date. | read | | `get_agents_tool_usage` | Break down MCP tool usage by operation type (Create/Read/Update/Delete/Unknown) between from_date and to_date. | read | | `get_agents_invocations_overtime` | Return a time series of total MCP tool invocations between from_date and to_date — one point per time bucket ({time, invocations}). | read | ## Report Bug In case of an issue or a bug found in the MCP server, please open an [issue](https://github.com/CheckPointSW/workforce-ai-mcp/issues). ## Contributors - Haim Kastner - [haimk@checkpoint.com](mailto:haimk@checkpoint.com)