Back to MCP Servers

DocSentinel

MCP server for AI agent for cybersecurity: automate assessment of documents, questionnaires & reports. Multi-format parsing, RAG knowledge base,Risks, compliance gaps, remediations.

securityairagagent
By arthurpanhku
8911Updated 4 days agoPythonMIT

Installation

npx -y DocSentinel

Configuration

{
  "mcpServers": {
    "DocSentinel": {
      "command": "npx",
      "args": ["-y", "DocSentinel"]
    }
  }
}

How to use

  1. Run the installation command above (if needed)
  2. Open your Claude Code settings file (~/.claude/settings.json)
  3. Add the configuration to the mcpServers section
  4. Restart Claude Code to apply changes
<div align="center">

English | 简体中文 | 日本語 | 한국어 | Français | Deutsch | Русский

</div> <p align="center"> <img src="docs/images/docsentinel-mascot.png" width="200" alt="DocSentinel mascot"/> </p> <p align="center"> <strong>DocSentinel</strong><br/> <em>AI-powered SSDLC platform — Secure your software from requirements to operations</em> </p> <p align="center"> <a href="https://github.com/arthurpanhku/DocSentinel/releases"><img src="https://img.shields.io/github/v/release/arthurpanhku/DocSentinel?include_prereleases" alt="Latest release"/></a> <a href="https://github.com/arthurpanhku/DocSentinel/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"/></a> <a href="https://www.python.org/downloads/"><img src="https://img.shields.io/badge/python-3.10+-blue.svg" alt="Python 3.10+"/></a> <a href="https://github.com/arthurpanhku/DocSentinel"><img src="https://img.shields.io/badge/GitHub-arthurpanhku%2FDocSentinel--Agent-24292e?logo=github" alt="GitHub repo"/></a> <a href="docs/06-agent-integration.md"><img src="https://img.shields.io/badge/MCP-Ready-green?logo=anthropic" alt="MCP Ready"/></a> <a href="docs/06-agent-integration.md"><img src="https://img.shields.io/badge/A2A-1.0-blueviolet" alt="A2A 1.0"/></a> <a href="SECURITY.md"><img src="https://img.shields.io/badge/Human_Review-Required-0f766e" alt="Human review required"/></a> <a href="https://python.langchain.com/"><img src="https://img.shields.io/badge/LangChain-Powered-orange" alt="LangChain"/></a> <a href="https://langchain-ai.github.io/langgraph/"><img src="https://img.shields.io/badge/LangGraph-Orchestrated-blue" alt="LangGraph"/></a> </p> <p align="center"> <a href="https://glama.ai/mcp/servers/arthurpanhku/DocSentinel"> <img width="380" height="200" src="https://glama.ai/mcp/servers/arthurpanhku/DocSentinel/badge" /> </a> </p>

What is DocSentinel?

DocSentinel is an AI-powered SSDLC (Secure Software Development Lifecycle) platform for security teams. It automates security activities across all six phases of the software development lifecycle using intelligent AI agents orchestrated by LangGraph and powered by LangChain. It automates the review of security-related documents, forms, and reports — from requirements and design through development, testing, deployment, and operations — comparing inputs against your policy and knowledge base to produce structured assessment reports with risks, compliance gaps, and remediation suggestions.

Instead of only reviewing documents at the pre-release stage, DocSentinel embeds security from day one:

SSDLC PhaseWhat DocSentinel Does
RequirementsExtract security requirements, identify compliance obligations (GDPR, PCI DSS, SOC2)
DesignAutomated threat modeling (STRIDE/DREAD), security architecture review, SDR reports
DevelopmentSecure coding assessment, SAST findings triage, coding guidance
TestingSAST/DAST report analysis, penetration test review, vulnerability prioritization
DeploymentConfiguration security review, hardening assessment, release sign-off
OperationsVulnerability monitoring, incident response assistance, log audit

Built as a React console + FastAPI service + MCP/A2A agent gateway, DocSentinel integrates into local security review workflows, CI/CD pipelines, AI agents, and multi-agent platforms without giving external agents approval authority.

  • LangGraph orchestration: Stateful, graph-based agent workflows with conditional branching per SSDLC stage.
  • Multi-format input: PDF, Word, Excel, PPT, text — parsed into a unified format for the LLM.
  • Knowledge base (RAG): Upload policy and compliance documents; the agent uses them as reference when assessing.
  • Multiple LLMs: Use OpenAI, Claude, Qwen, or Ollama (local) via a single interface.
  • Structured output: JSON/Markdown reports with risk items, compliance gaps, and actionable remediations.

Ideal for enterprises that need to scale security assessments across many projects and SSDLC stages without proportionally scaling headcount.


Why DocSentinel?

Pain PointDocSentinel Solution
Fragmented SSDLC coverage<br>Most tools only address testing/deployment.Full lifecycle agents cover all 6 SSDLC phases with dedicated AI personas.
Fragmented criteria<br>Policies, standards, and precedents are scattered.Single knowledge base ensures consistent findings and traceability.
No automated threat modeling<br>Threat models are created ad-hoc.Design Agent generates STRIDE/DREAD threat models from architecture docs.
Heavy questionnaire workflow<br>Endless review cycles.Automated first-pass and gap analysis reduces manual back-and-forth rounds.
SAST/DAST report overload<br>Too many findings, too little context.Testing Agent triages, prioritizes, and maps findings to threat models.
Pre-release review pressure<br>Everything lands on security at the end.Shift-left approach catches issues early in requirements and design. Structured reports help reviewers focus on decision-making.
Scale vs. consistency<br>Manual reviews vary by reviewer.LangGraph workflows and unified pipeline ensure consistent, auditable assessment across projects.
SSDLC coverage gaps<br>Security involvement is uneven across lifecycle stages; early stages get less scrutiny.Stage-aware assessment covers all 6 SSDLC stages with dedicated skills and checklists.

See the full problem statement and SSDLC phase details in SPEC.md.


Architecture

DocSentinel is built on a React Console plus FastAPI, MCP, and A2A access layer, with LangGraph for stateful agent orchestration and LangChain for unified LLM access. REST and agent protocols share one task lifecycle; MCP and A2A submissions always enter the human-review workflow.

DocSentinel Architecture

flowchart TB
    subgraph User["User / Security Staff"]
    end
    subgraph Access["Access Layer"]
        Console["React Console<br/>(Vite + Tailwind)"]
        API["REST API<br/>(FastAPI)"]
        Gateway["Agent Gateway"]
        MCP["MCP<br/>(stdio + HTTP)"]
        A2A["A2A 1.0<br/>(JSON-RPC)"]
        Tasks["Shared Assessment Service"]
    end
    subgraph Orchestration["SSDLC Orchestration (LangGraph)"]
        Router["Phase Router"]
        A1["Requirements Agent"]
        A2["Design Agent"]
        A3["Development Agent"]
        A4["Testing Agent"]
        A5["Deployment Agent"]
        A6["Operations Agent"]
    end
    subgraph Core["Core Services"]
        KB["Knowledge Base (RAG)"]
        Parser["Parser"]
        Skill["Skills"]
        Mem["Memory"]
    end
    subgraph LLM["LLM Layer (LangChain)"]
        Abst["LLM Abstraction"]
    end
    subgraph Backends["LLM Backends"]
        Cloud["OpenAI / Claude / Qwen"]
        Local["Ollama / vLLM"]
    end

    User --> Console
    User --> API
    Console --> API
    User --> MCP & A2A
    MCP & A2A --> Gateway
    API & Gateway --> Tasks
    Tasks --> Router
    Router --> A1 & A2 & A3 & A4 & A5 & A6
    A1 & A2 & A3 & A4 & A5 & A6 --> KB & Parser & Skill
    A1 & A2 & A3 & A4 & A5 & A6 --> Abst
    Abst --> Cloud & Local

Data flow (simplified):

  1. User selects SSDLC phase(s) and uploads documents (or optionally lets the SSDLC Router auto-detect the stage).
  2. Parser converts files (PDF, Word, Excel, PPT, SAST/DAST reports, etc.) to text/Markdown.
  3. LangGraph Router dispatches to the appropriate Phase Agent(s), loading stage-specific skill + checklist.
  4. Phase Agent queries KB (phase-specific collections) and applies Skills; Policy+Evidence run in parallel, then Drafter+Reviewer.
  5. LLM (via LangChain) produces structured findings with cross-phase traceability.
  6. Returns assessment report (risks, threats, gaps, remediations, confidence, SSDLC stage).

Detailed architecture: ARCHITECTURE.md and docs/01-architecture-and-tech-stack.md.


Core Capabilities

SSDLC Full Lifecycle Coverage

Six dedicated AI agents, each with phase-specific skills, prompts, and knowledge base collections. Run individual phases or a full end-to-end SSDLC assessment:

  • Requirements: Security requirements, compliance mapping, initial risk analysis.
  • Design: Architecture review, STRIDE/DREAD threat modeling, SDR.
  • Development: Secure coding standards, code review findings.
  • Testing: SAST/DAST report triage, pen-test evaluation.
  • Deployment: Release readiness, config security, hardening.
  • Operations: Incident response, vulnerability monitoring, log audit.

Automated Security Assessment

Submit security questionnaires, design documents, or audit reports. DocSentinel analyzes them using configured LLMs and identifies:

  • Security Risks: Classified by severity (Critical, High, Medium, Low).
  • Compliance Gaps: Missing controls against frameworks like ISO 27001, PCI DSS.
  • Remediation Steps: Actionable advice to fix identified issues.

Intelligent Agent Orchestration (LangGraph)

  • Stateful workflows: LangGraph state machine maintains context across phases
  • Cross-phase traceability: Threats from Design link to test cases in Testing and monitoring rules in Operations
  • Conditional routing: Agents activate based on project risk level, compliance requirements, or user selection
  • Human-in-the-loop: Interrupt points for human review at phase boundaries
  • Checkpointing: Long-running assessments persist state and resume

RAG-Powered Knowledge Base

Upload your organization's security policies, standards, and past audits. Phase-specific collections ensure each agent retrieves the most relevant context:

  • Requirements: compliance frameworks, security policies
  • Design: threat catalogs, security patterns
  • Development: secure coding standards (OWASP)
  • Testing: vulnerability databases, remediation guides
  • Deployment: CIS benchmarks, hardening guides
  • Operations: CVE databases, incident playbooks

LangGraph Agent Orchestration

Powered by LangChain + LangGraph — stateful, graph-based agent workflows with conditional routing per SSDLC stage. Parallel execution of Policy and Evidence agents, followed by Drafter and Reviewer agents.

API-First, MCP & A2A Ready

Use the local React console for human review, integrate CI/CD pipelines through the REST API, or expose the same assessment capabilities to AI agents (Claude Desktop, Cursor, OpenClaw) through MCP. A2A-compatible platforms can delegate assessment tasks to DocSentinel as a specialist security agent.


Agent Integration (MCP + A2A)

Use MCP to expose bounded tools to Claude Desktop, Cursor, coding agents, and workflow platforms. Use A2A to expose DocSentinel as a remote specialist agent. REST, MCP, and A2A submissions share the same task lifecycle and activity log. Agent-created assessments always remain drafts until a human reviewer approves them in the console.

InterfaceEndpointPurpose
MCP stdiopython app/mcp_server.pyLocal desktop and coding-agent integration
MCP Streamable HTTPPOST /mcp/Remote tool discovery and invocation
A2A Agent CardGET /.well-known/agent-card.jsonStandards-based agent discovery
A2A JSON-RPCPOST /a2aRemote task delegation
Integration statusGET /api/v1/integrations/agents/statusNon-secret protocol and capability status
Console/console/integrationsHuman-readable integration state

MCP exposes five governed tools:

  • `submit

View source on GitHub