Claude MCP Integration

Connect Claude Desktop or claude.ai directly to your TATER compliance data using the Model Context Protocol (MCP). Query scan results, explore failing controls, create risk acceptances, log change requests, write framework narratives, and assign work - all through a natural conversation.

What Is the MCP Integration?

The TATER MCP server exposes your compliance data as 277 tools that Claude can call in real time. Instead of copying scan results into a chat window, Claude reads them directly from your TATER API. You can ask questions like:

"Which controls are failing for Exchange Online right now?"
"Create a risk acceptance for the SMTP AUTH control with a 90-day expiry."
"Show me all Critical findings from last week's scan."
"Assign the DMARC control to Sarah and set a due date of May 1st."
"Summarize our CIS Section 1 posture and write the framework narrative."
"Log that I just disabled legacy auth - impact is High."
"What's our compliance score across all frameworks?"

The MCP server supports two connection modes: a local stdio transport for Claude Desktop, and an HTTP transport for claude.ai or remote connections.

In-app AI Analyst

TATER also has a built-in AI Analyst accessible from the application directly under AI Assistant in the sidebar. The MCP integration described here extends that capability to Claude Desktop and claude.ai, allowing you to work from those interfaces instead of the TATER web app.

Prerequisites

Requirement	Details
TATER Account	You must have an active TATER account with at least Auditor role in an organization.
TATER API Key	Generate one in Manage → Connections → API Keys. Copy the full key - it is only shown once.
Organization ID	Found in Settings → Endpoint Agent, in the Agent Configuration Reference section at the bottom of the page. Format: `org-xxxxxxxx`.
Claude Desktop (stdio mode)	Claude Desktop app for macOS or Windows. Download from claude.ai/download.
Node.js 20+ (stdio mode)	Required to run the local MCP server process. Install from nodejs.org.

Step 1: Generate a TATER API Key

Open Manage → Connections → API Keys

Open TATER Manage → Connections → API Keys (manage.tatersecurity.com) - the single home for API key management.

Create a new key

Click Create API Key. Give it a descriptive name like claude-mcp and select your organization.

Copy the key immediately

The full API key is displayed only once. Copy it to a secure location (password manager or secrets vault) before closing the dialog. TATER stores only a hashed prefix.

Keep your API key secret

API keys grant full access to your organization's compliance data. Do not commit the key to source control or share it in chat. If a key is compromised, delete it immediately from Manage → Connections → API Keys and generate a new one.

Setup: Claude Desktop

Claude Desktop supports two ways to add MCP servers: a built-in UI and manual config file editing. Both work - use whichever you prefer.

Option A: Connectors UI (recommended)

Open Customize → Connectors

In Claude Desktop, click Customize (or the profile/settings icon) and select Connectors. This is the same flow as claude.ai.

Add a custom integration

Click Add custom integration and enter:

Field	Value
Integration name	`TATER`
Integration URL	`https://api.tatersecurity.com/api/mcp?api_key=YOUR_KEY&org_id=org-xxxxxxxx`

Test the connection

Start a new conversation and ask: "What is my current compliance score?"

Option B: Config file (advanced)

For local stdio mode (runs a Node.js process on your machine, no inbound ports required), edit the config file directly:

Locate the config file

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

Add the TATER server entry

{
  "mcpServers": {
    "tater": {
      "command": "npx",
      "args": ["-y", "@tater-security/mcp-server"],
      "env": {
        "TATER_API_BASE": "https://api.tatersecurity.com",
        "TATER_API_KEY": "your-api-key-here",
        "TATER_ORG_ID": "org-xxxxxxxx"
      }
    }
  }
}

Restart Claude Desktop

Fully quit and relaunch. On first use, npx downloads the package automatically.

Local development

TATER Security developers running the API locally should set TATER_API_BASE to http://localhost:7071. Customers always use https://api.tatersecurity.com - TATER is a managed SaaS service; self-hosted deployment is not currently offered.

Setup: claude.ai (Remote HTTP)

The HTTP transport lets claude.ai connect to the TATER MCP server over HTTPS without installing anything locally. Authentication credentials are embedded directly in the connection URL.

Plan requirement

The Integrations section in claude.ai is available on Pro and Team plans. If you do not see it, check your subscription level at claude.ai/settings.

Open claude.ai Settings → Integrations

In claude.ai, click your avatar (bottom-left) and choose Settings. Select the Integrations tab.

Add a custom integration

Click Add custom integration. You will see two fields: Integration name and Integration URL. Enter:

Field	Value
Integration name	`TATER`
Integration URL	`https://api.tatersecurity.com/api/mcp?api_key=YOUR_KEY&org_id=org-xxxxxxxx`

Replace YOUR_KEY with the API key you generated in Step 1, and org-xxxxxxxx with your Organization ID (from Settings → Endpoint Agent → Agent Configuration Reference).

Click Add → then toggle the integration on in your conversation

Click Add to save. In any claude.ai conversation, open the tool/integration panel and enable TATER. Once enabled, TATER tools are available for that conversation.

Test the connection

Ask: "What is my current compliance score in TATER?" Claude should call the TATER tools and return a summary of your organization's posture.

API key in the URL

Embedding the API key in the URL is the standard approach for remote MCP integrations. The URL is stored only in your claude.ai account settings and is never logged by TATER. Treat the full URL as a secret - anyone with it can access your org's compliance data.

How Claude Works: Default Behavior

When you connect to the TATER MCP server, Claude receives mandatory working instructions automatically at session start. These instructions define a consistent, audit-quality workflow - you do not need to prompt Claude to follow it once you've opted in.

Session Opt-In Gate

Not every conversation needs TATER

If your first message references a TATER concept (compliance, controls, scans, risks, audits, policies, POAM, RMF, vendors, etc.) Claude proceeds with the full workflow without asking. If your first message is generic (general coding, writing help, debugging unrelated code), Claude asks once:

“I have TATER connected for this session - should I bring it in (compliance posture, risks, controls, policies, network docs) or are you good without it?”

If you say no or change the subject, Claude enters TATER-quiet mode - no proactive tool calls, the 8-step workflow below does not apply, and the documentation patterns (Three-Doc Rule, Help-Desk Pattern, Questionnaire Auto-Fill, etc.) are paused. You can opt in any time by mentioning a TATER topic or asking Claude to use a specific tool.

Autonomous task runners and explicit compliance-persona agents (Copilot's TATER Compliance Analyst, scheduled MCP jobs) skip the opt-in question and go straight to the workflow.

The 8-Step Mandatory Workflow (in TATER mode)

Automatic - no prompting required once you're in TATER mode

These behaviors are built into every TATER MCP session once the user has opted in (or the first message clearly references TATER). Claude follows them without being asked.

#	Step	What Claude does
1	Risk Analysis First	Before any action, Claude states the security risk clearly - what the finding represents, the risk of not remediating vs. accepting it, and cascading effects. Critical and High findings are flagged first.
2	Load Context	Calls `get_control_context` before advising on any specific control. This loads existing internal comments, team threads, related framework narratives, and change history - so Claude builds on documented work rather than duplicating it.
3	Record Changes	Calls `create_change_request` whenever a risk acceptance, remediation, or configuration change is made. High and Critical impact changes are automatically queued for OrgAdmin approval.
4	Share Findings	After analysis, documents key findings: `add_thread_post` for team-wide decisions and updates (visible to everyone); `add_evidence_comment` for internal audit notes (admins/auditors only).
5	Collaboration Awareness	Reviews existing comments and threads before adding new ones. References prior findings and builds on them rather than restating documented work.
6	Evidence Collection	For Manual Review or unclear failing controls, collects and records evidence. If evidence cannot be derived automatically, asks you explicitly - specifying what is needed (e.g., a screenshot, a PowerShell output). Records results as an evidence comment or thread post.
7	Configuration Documentation	Before advising on any configuration change, searches existing config docs via `search_config_docs` for prior decisions, known-good baselines, or approved deviations. After completing analysis or changes, creates or updates a config doc via `upsert_config_doc` - capturing current state, rationale, and links to controls, frameworks, and change requests for future reference.
8	Framework Narratives	When working through a framework section, reads existing narratives via `get_framework_narratives` first. After completing section analysis, writes or updates the narrative via `set_framework_narrative` - professional, audit-ready statements that appear on the Standards detail page in TATER.

Available Tools (277)

The TATER MCP server exposes 277 tools to Claude across the categories below. The tables here highlight representative samples; the live, complete list is in api/src/functions/mcp.ts (HTTP MCP) and mirrored in tater-mcp/src/index.ts (stdio MCP).

The Three-Doc Rule (mandatory pattern)

Every diagnostic / troubleshooting / remediation session your AI assistant runs MUST produce three durable artifacts before completion:

Ops task via create_tasker_task or update_tasker_task - the lifecycle record (who reported, status, root cause, resolution)
ConfigDoc via upsert_config_doc - this org's specific configuration state at conclusion
TATERpedia wiki page via create_wiki_page or update_wiki_page - the generic playbook for the next session

All three cross-link. The same root cause never bites twice. Enforced via the MCP server's INSTRUCTIONS - agents that skip these get reminded by the next message.

Help-Desk Session Pattern

When triaging user-reported symptoms ("user can't…", "OneDrive is acting weird", "MFA prompt won't go away"), the agent follows a strict 4-step workflow:

Search Ops first via list_tasker_tasks with requester email + symptom keywords - load existing task and continue, don't duplicate
If no match, create_tasker_task immediately with the user's reported symptom verbatim
Append findings throughout the session - don't overwrite the original description
At resolution, populate root cause + bulk-link all touched entities (controls, ConfigDocs, wiki pages, change requests, risks, vendors, applications)

Questionnaire Auto-Fill Pattern

When asked to "fill out this vendor questionnaire" / "draft answers for the SIG" / "respond to this RFP security section", the agent follows this MCP-first workflow (TATER runs no internal LLM - your AI does all synthesis):

list_questionnaires (filter: in-progress, not-started) - find the one to work on
get_questionnaire - pull the question list and current drafts
For each question:
- search_questionnaire_kb FIRST - prior answers to similar questions are highest-signal. Inspect verificationStatus + lastVerifiedAt on each hit.
- If verification is missing or >90 days old, call verify_kb_entry BEFORE reusing.
- Fall back to search_config_docs, search_wiki, get_control_info, list_policies, get_compliance_summary for fresh context.
- draft_questionnaire_answer - writes the draft, always sets status to in-progress (humans approve complete). Cite ConfigDoc ids, wiki slugs, control IDs verbatim.
update_questionnaire_status when all drafted (submitted is rejected - requires explicit human sign-off via full upsert).

Ingestion sub-pattern: when a user uploads historical questionnaires (PDF / DOCX / XLSX), the agent reads the file using its own file-read capability and bulk-imports Q&A pairs via import_questionnaire_kb. TATER does no server-side file parsing.

KB answer verification

Prior answers go stale. The agent calls verify_kb_entry to cross-check each KB hit against current state: re-fetches the latest scan and verifies each mappedControl is still passing, checks whether cited ConfigDocs have been updated since the answer was written, flags entries over 1 year old with no verifiable evidence. Writes verificationStatus back to the entry so subsequent searches surface staleness at a glance.

Verification statuses: current (safe to reuse) · stale-evidence (mapped controls now failing - do NOT reuse as-is) · stale-doc (cited config docs updated since answer) · stale-age (>1 year old) · unverifiable (no evidence to check against).

Tool categories (with sample tool names)

Category	Sample tools	Approximate count
Compliance reads	list_scans, get_failing_controls, get_control_info, get_all_controls_with_status, search_catalog, get_compliance_summary, list_overrides, get_control_context, get_control_grc_context	~15
Service Catalog	list_service_catalog, get_catalog_item, submit_catalog_request	3
CMDB	list_cis, get_ci, create_ci, relate_cis, get_ci_impact, discover_cis	6
Major Incident	list_active_major_incidents, declare_major_incident, post_major_incident_update, subscribe_major_incident, resolve_major_incident	5
Service Portfolio	list_service_portfolio, get_service_health, add_service_members	3
CAB workflow	list_cab_boards, create_cab_board, submit_change_to_cab, cab_vote, get_cab_queue, get_change_calendar	6
Release Management	list_releases, get_release, create_release, transition_release_status, append_release_log	5
Help Documentation	list_help_docs, get_help_doc, search_help_docs - browse and search the 60+ articles at www.tatersecurity.com/Docs/Help/ (same content humans see)	3
Knowledge Base	get_wiki_page, search_wiki, create_wiki_page, update_wiki_page, rate_wiki_page, suggest_wiki_pages, validate_wiki_content	7
Questionnaire pipeline	list_questionnaires, get_questionnaire, draft_questionnaire_answer, update_questionnaire_status, import_questionnaire_kb, search_questionnaire_kb, verify_kb_entry	7
Federal pipeline	list_poams, create_poam, auto_populate_poam (RMF + SSP via dedicated endpoints)	3+
Ops tasks + workflows	list_tasker_tasks, create_tasker_task, update_tasker_task, plus profiles + workflows + schedules	~10
Risk + GRC writes	create_risk_acceptance, create_risk, update_risk, create_change_request, verify_manual_control, add_evidence_comment, assign_control, trigger_remediation	~11
Fleet / Help-Desk Triage	find_device_by_user, list_onedrive_issues, list_agent_diagnostics, get_device_diagnostics, execute_script - map a user complaint to their hostname, surface OneDrive sync problems, then run targeted ops scripts	5
Application Monitoring	list_monitoring_findings, get_monitoring_summary, acknowledge_monitoring_finding, list_monitors, create_monitor, toggle_monitor - OneDrive / CISA KEV / templated agent-monitor findings as a continuously-updated state; create monitors and toggle them on/off	6
Intune deployment	list_intune_remediations, list_intune_platform_scripts, list_intune_groups, get_intune_assignments, create_intune_remediation, assign_intune_remediation, create_intune_platform_script, assign_intune_platform_script - create + assign Microsoft Intune Proactive Remediations and Platform Scripts via Graph, with What-If preview, Entra group targeting, change-control gating, and audit logging	8
Meeting documentation	create_meeting_record, attach_meeting_transcript, append_meeting_decision, list_meeting_templates, list_business_docs, create_business_doc, etc.	~14
Other	identity_start/confirm/verify, list_community_stats, get_org_branding, list_recent_audit_log, list_bcpdr_plans, list_training_campaigns, list_vendors, list_audits, create_issue, get_subscription_status, get_calendar_events, opportunities (sales pipeline), config docs, framework narratives, implementation guides, playbooks, opps script library, opportunities, identity-confirm, etc.	~60

For the canonical list, run grep -c "^\s*name: '" api/src/functions/mcp.ts against the live source.

Original tool tables follow for reference:

Reading Data

Tool	What It Does
`list_scans`	Retrieves recent compliance scans with summary statistics (pass rate, fail count, scan date).
`get_failing_controls`	Returns control-by-control results for a scan, filterable by status (Fail, Pass, Manual, Skip, Override).
`get_control_info`	Full catalog details for a control: what it checks, how to audit it, and exactly how to remediate it.
`search_catalog`	Searches the compliance catalog by keyword to find relevant controls before diving into scan results.
`get_compliance_summary`	High-level compliance posture from the most recent scan, optionally filtered by application.

Context & Collaboration

Tool	What It Does
`get_control_context`	Loads all existing context for a control: internal comments, team threads (with replies), related framework section narratives, and change history. Called automatically before any control-specific action.
`get_framework_narratives`	Reads the organization's existing compliance narrative statements for a standard or framework section.
`search_config_docs`	Searches configuration documentation by keyword, category, application, or linked control ID. Returns matching docs with content previews so Claude can find prior decisions and baselines before advising on changes.
`list_overrides`	Lists existing risk acceptances so Claude can check for duplicates before creating new ones.
`list_people`	Lists team members available for control assignment (name, email, role).
`list_pending_changes`	Lists change control requests - pending approvals or recent change history for any control.

Writing & Acting

Tool	Who Can See It	What It Does
`create_risk_acceptance`	Admin required	Creates a new override record with business justification, expiry date, and approval metadata. Tagged `source: mcp` in the audit log.
`add_evidence_comment`	Internal only (admins & auditors)	Adds an auditable evidence note to a specific control - technical observations, configuration state, audit artifacts.
`add_thread_post`	All collaborators	Posts a finding or update to a control's team-wide conversation thread. Use for decisions, status updates, and action items the whole team should see.
`assign_control`	All users	Assigns a control to a team member with a due date and optional notes.
`create_change_request`	All users	Logs a planned or completed configuration change. Low/Medium impact changes auto-approve; High/Critical are queued for OrgAdmin approval.
`set_framework_narrative`	All users - Standards page	Writes or updates the organization's compliance narrative for a specific framework section. Appears directly on the Standards detail page in TATER.
`upsert_config_doc`	All users - Config Documentation page	Creates or updates a configuration documentation record. Supports links to controls, frameworks, and change requests. Automatically versions content on update so prior states are preserved.

Full Tool List

The table above covers the core tools. The TATER MCP server exposes 277 tools in total. The complete current list is always available in the TATER platform under AI Assistant or via the MCP server's tool manifest. Additional tools include verify_manual_control, get_all_controls_with_status, get_control_grc_context, list_exceptions, list_risks, list_remediations, get_policy_detail, get_policy_sign_status, list_policies, list_community_stats, get_evidence_job_status, approve_policy, update_policy_draft, create_issue, create_policy, trigger_remediation, verify_identity, get_policy_context, update_policy_metadata, get_config_doc, list_tasker_tasks, create_tasker_task, update_tasker_task, plus the federal/DoD pipeline tools list_poams, create_poam, auto_populate_poam, and the Ops Script Library tools list_scripts, get_script, create_script, update_script, execute_script, get_script_job_status, list_script_jobs.

Example Conversations

Reviewing failing controls

You: What are the top failing controls from my most recent scan?

Claude: I'll check your latest scan results now.
[calls list_scans, then get_failing_controls with status=Fail]

⚠ Risk Summary: Your most recent scan from April 3rd shows 24 failing controls.
The top 5 by severity are:

1. EXO - DMARC Policy Enforced (High) - No DMARC record found for your domain
2. DEF - Safe Links Policy (High) - URL rewriting is disabled
3. ENT - Idle Session Timeout (Medium) - No timeout configured
4. SPO - External Sharing Restricted (Medium) - Sharing set to Anyone
5. EXO - External Forwarding Blocked (Medium) - Auto-forward rules permitted

The two High severity findings represent active phishing risk - DMARC absence
means attackers can spoof your domain, and disabled Safe Links means malicious
URLs are not inspected in email.

Would you like me to work through these? I'll load context on each control
before taking any action.

Working a specific control end-to-end

You: Let's handle the DMARC control.

Claude: [calls get_control_context for EXO_DMARC_Control]

Context loaded. I can see:
- No prior team notes or threads for this control
- No existing risk acceptance
- No change history

This is a first-time review. Here's the risk:
DMARC absence means anyone can send email that appears to be from your domain.
This enables phishing, brand spoofing, and BEC (Business Email Compromise) attacks.
The risk of not fixing this is High - I'd recommend remediation over acceptance.

How would you like to proceed?

You: We have a marketing tool that blocks DMARC enforcement. Accept the risk,
90-day expiry, and note the compensating control is SPF + DKIM alignment.

Claude: [calls create_risk_acceptance with audit-quality justification]
[calls create_change_request with impact=Medium]
[calls add_thread_post to notify the team]

Done:
- Risk acceptance created (expires July 5, 2026)
- Change logged in change control (auto-approved, Medium impact)
- Thread post added so the team can see the decision rationale

Creating a risk acceptance

You: Create a risk acceptance for the SMTP AUTH control. Legacy application
dependency. Expiry in 90 days.

Claude: [calls get_control_context - checks for existing overrides and team notes]

No prior risk acceptance found. Here is the security risk:
SMTP AUTH allows clients to authenticate with username/password instead of
modern OAuth flows, bypassing MFA. This is a known credential-stuffing vector.

Risk acceptance details:
- Control: EXO - SMTP AUTH
- Justification: Legacy application dependency requiring basic auth; MFA bypass
  mitigated by conditional access IP restriction to application server range
- Expiry: 90 days from today (July 5, 2026)
- Impact: Medium

Shall I proceed?

You: Yes

Claude: [calls create_risk_acceptance]
[calls create_change_request]
[calls add_thread_post]

Done. Risk acceptance, change log, and team thread all created.

Writing framework narratives

You: Review our CIS Section 1 (identity/authentication) posture and write
the framework narrative for it.

Claude: [calls get_framework_narratives for CIS_M365_v3 section 1]
[calls get_compliance_summary filtered to Entra ID]
[calls get_failing_controls filtered to ENT controls]

I found an existing narrative for section 1.1 from March. Here's what's
documented and what's changed since then...

[Reviews failing controls, existing risk acceptances, and team notes]

Ready to write narratives for sections 1.1–1.8. Here's a draft for 1.1:

"The organization enforces MFA for all users via Conditional Access policy
CA-001 (All Users – Require MFA). Legacy authentication protocols are blocked
at the tenant level (ENT_001 - Pass). One risk acceptance is active for SMTP
AUTH due to a legacy application dependency, expiring July 5, 2026, with
compensating controls in place (IP restriction via CA-014)."

[calls set_framework_narrative for CIS_M365_v3 section 1.1]

Section 1.1 narrative saved. Continue with 1.2 through 1.8?

Using configuration documentation

You: I just disabled SMTP AUTH on the tenant and restricted legacy auth
via Conditional Access. Document this for the team.

Claude: [calls search_config_docs for "SMTP AUTH" and "legacy auth"]

Found 1 existing doc: "Exchange Online Authentication Baseline" from 6 months
ago - notes that SMTP AUTH was enabled for a legacy application.

That application is no longer referenced in recent change requests or comments.
Here's the updated configuration state I'll document:

- SMTP AUTH: Disabled tenant-wide (EXO_028 now passing)
- Legacy auth: Blocked via CA-009 (Entra ID Conditional Access)
- Previous exception: Retired - legacy app dependency resolved

[calls upsert_config_doc, updating the existing Exchange Online auth doc]
[calls create_change_request with impact=High - queued for OrgAdmin approval]
[calls add_thread_post on EXO_028 for team visibility]

Done. The config doc is updated with the current state and links to the
change request. OrgAdmin approval needed for the change log (High impact).

Assigning controls to team members

You: Assign the top 5 failing Entra ID controls to Sarah and set a
due date of two weeks from today.

Claude: [calls get_failing_controls filtered to ENT prefix]
[calls list_people]

Found Sarah Chen in your team contacts - notes indicate she handles
Entra ID and identity policies.

Assigning 5 controls to Sarah with due date April 22, 2026:
[calls assign_control × 5]
[calls add_thread_post on each control so the team sees the assignment]

Done. Assignments visible in Assignments and on Sarah's "My Assignments" view.

Permissions and Safety

The MCP integration follows TATER's role-based access control:

Action	Minimum Role Required
Read scan results, overrides, people, change requests	Auditor
Create risk acceptances	Admin (OrgAdmin)
Create evidence comments, thread posts	Auditor
Assign controls, log change requests, write framework narratives	Auditor
Search and create/update configuration documentation	Auditor
Approve High/Critical change requests	Admin (OrgAdmin)
Delete records	Not available via MCP - use the TATER web application

Claude's built-in safety rules apply at all times. The MCP server does not expose destructive operations (delete, bulk overwrite). All actions taken via MCP are recorded in the TATER audit log with source: mcp for traceability.

Claude confirms before significant actions

For actions like creating risk acceptances for High/Critical controls or logging High/Critical impact change requests, Claude's built-in workflow instructs it to state the risk and confirm details before proceeding. You are always in control.

Change control approval

Change requests created by Claude for High or Critical user-impact changes are automatically placed in Pending status and require OrgAdmin approval in TATER before they are considered accepted. Low and Medium impact changes are auto-approved and appear in the change log immediately.

Troubleshooting

Claude Desktop shows no TATER tools

Ensure Claude Desktop was fully restarted after editing claude_desktop_config.json. Check that npx is in your PATH by running npx --version in a terminal. Verify your API key and org ID are correct in the config. Check Claude Desktop's MCP logs (Settings → Developer → MCP Logs) for error details.

"Unauthorized" error when calling tools

Your API key may be invalid or expired. Go to Manage → Connections → API Keys in TATER, delete the old key, and generate a new one. Update your MCP config with the new key and restart Claude Desktop.

"Organization not found" error

Verify the TATER_ORG_ID value in your config matches your organization ID exactly (format: org-xxxxxxxx). You can find your org ID in Settings → Endpoint Agent, in the Agent Configuration Reference section at the bottom of that page.

npx fails to download the package

Check your network connection and proxy settings. If you are behind a corporate proxy, set the HTTP_PROXY and HTTPS_PROXY environment variables in the MCP server's env block. You can also install the package globally first: npm install -g @tater-security/mcp-server and then change the command to tater-mcp-server.

Next Steps

Review the Settings Reference to learn about API key scopes and permissions
Explore the Dashboard Guide to understand the data Claude is reading
Set up Azure Runbooks so Claude always has fresh scan data to work with
Learn about Running Scans to keep your compliance data current
Open the Standards page in TATER to review framework narratives Claude has written
Check Change Control in the GRC section for any High/Critical changes awaiting OrgAdmin approval