Diligent Policy Manager,
composed by an agent.
Hybrid-auth tool set spanning three Policy Manager API surfaces. Draft, review, publish, and archive documents. Manage components, regulations, and compliance mappings. Configure the solution — workflows, queues, templates, tag groups, reference data. Bulk-load and bulk-export. All from one agent conversation, through one protocol.
~/.local/share/diligent-policies-mcp
Node.js 20+, no sudo
Re-run to update
Three surfaces, one conversation.
The server talks to three distinct Policy Manager backends: a Policy Portal REST API (Bearer JWT) for published documents, a Compliance catalog API (Bearer JWT) for regulation data, and a Policy Manager MVC admin app (OIDC session cookie via a one-time Playwright login) for everything else — document lifecycle, workflows, queues, templates, reference data. Each tool routes itself to the correct surface; you never think about it.
Hybrid auth
Bearer JWT for Portal + Compliance. A headless Playwright OIDC login mints a session cookie only when an MVC-admin endpoint is called. Credentials live in a local .env, never committed.
Two-tier cache
In-memory Map plus persistent ~/.cache/diligent-policies-mcp/cache.json. Per-prefix TTLs, write-invalidating mutators, survives MCP restarts.
Schema detection
Sample-walk every inventory (documents, components, regulations, workflows, queues, templates, reference data), infer attribute types, compare against Brain canonical.
Bulk import / export
Ship bulk operations on day one via client-side loops. Export emits .docx blobs plus manifest JSON. Native bulk endpoints are on the roadmap.
Dedicated admin surface
Configuration tools sit behind policies_admin_*: workflows, task definitions, queues, templates, tag groups, reference data. Clear boundary.
Escape hatch
policies_api_raw calls any Portal/Compliance/MVC endpoint with full content-type control.
Capabilities overview.
Document lifecycle
Create drafts, upload Word content, assign owners, drive the review cycle, publish to internal or public URLs, archive, delete.
Components & cross-refs
Author reusable components and link them into documents. Cross-reference documents to each other, to websites, to regulation requirements.
Regulations & compliance
Create regulations, add requirements and references, link requirements to policies. Query the Compliance catalog.
Workflow configuration
Define review workflows and task definitions. Assign a workflow to a document type. Configure the queues that own each step.
Reference data
Create tag groups and reference domains + codes — drive the look-and-feel of document browsing and filtering.
Bulk operations
Bulk-create from a manifest, bulk-archive retired policies, bulk-export to a zip, bulk-link requirements to documents.
All tools.
| Tool | Description |
|---|---|
| policies_health_check | Surface-by-surface reachability (Portal/Compliance/MVC) and session metrics |
| policies_get_session_metrics | Call counts, errors, retries, average duration |
| policies_reset_session_metrics | Reset counters for a new job |
| policies_list_capabilities | Tool inventory by category with descriptions |
| policies_query_all | Auto-paginate any Portal or Compliance collection endpoint |
Document tools.
List, retrieve, create, edit, archive, and delete policy documents. Route session setup where the MVC admin app requires it. Uses POLICIES_ORG_SLUG for the subdomain and the OIDC Playwright flow for session auth.
| Tool | Description |
|---|---|
| policies_list_documents | List documents grouped by type (All / POLICIES / PROCEDURES / STANDARDS / CODES / GUIDELINES) |
| policies_list_by_type | List documents in a given group with pagination |
| policies_get_document | Full document detail with reference data for edit forms |
| policies_get_document_metadata | Lighter read — document object only, no reference lists |
| policies_create_document | Create a new document MUTATES |
| policies_save_general_info | Update document metadata (name, description, category) MUTATES |
| policies_archive_document | Archive a document MUTATES |
| policies_unarchive_document | Unarchive a document MUTATES |
| policies_search_documents | Advanced search across documents |
| policies_get_blob_content | Download the document body (Word/PDF) |
| policies_get_history | Revision history with comments |
| policies_compare_versions | Diff two versions of a document |
| policies_get_cross_references | Dependent docs, website refs, regulation links |
| policies_save_cross_references | Save cross-references MUTATES |
| policies_get_public_urls | Published As-link URLs for a document |
| policies_upload_document_section | Upload .docx content as a section MUTATES |
Reusable content blocks that get embedded into documents.
| Tool | Description |
|---|---|
| policies_list_component_groups | List component groups (top level) |
| policies_list_component_group | List components within a group |
| policies_get_component | Component content |
| policies_get_component_metadata | Component metadata and configuration |
| policies_create_component | Create a new component MUTATES |
| policies_save_component_data | Save component content/metadata MUTATES |
| policies_upload_component_content | Upload .docx content into a component MUTATES |
Workflow tools.
| Tool | Description |
|---|---|
| policies_list_task_groups | List all task groups |
| policies_list_task_group | List tasks inside a group |
| policies_get_work_item | Get the review-cycle work item for a document |
| policies_take_ownership | Take ownership of a review task MUTATES |
| policies_save_task | Save/update a review task MUTATES |
| policies_remove_task | Remove a task MUTATES |
Publishing tools.
| Tool | Description |
|---|---|
| policies_get_public_urls | Public As-link URLs for published documents |
| policies_clear_preview | Clear a document's preview cache |
| policies_unlock_document | Unlock a document held by a user session MUTATES |
Regulation tools.
| Tool | Description |
|---|---|
| policies_validate_regulation_name | Check regulation name uniqueness |
| policies_create_regulation | Create a regulation MUTATES |
| policies_get_subcategories | List subcategories |
| policies_get_regulation_requirements | List requirements for a regulation |
| policies_save_requirement | Save a requirement MUTATES |
| policies_save_reference | Save a reference MUTATES |
| policies_get_required_documents | Documents linked to a requirement |
| policies_add_documents_to_requirement | Link documents to a requirement MUTATES |
| policies_edit_regulation | Load a regulation edit form |
| policies_save_attachments | Save attachments to a regulation MUTATES |
Admin tools.
Everything behind policies_admin_* configures the solution rather than authoring content. Separate bucket, separate mental model.
| Tool | Description |
|---|---|
| policies_admin_list_workflows | List review workflows |
| policies_admin_get_workflow | Workflow definition detail |
| policies_admin_save_workflow | Create/update a workflow MUTATES |
| policies_admin_list_task_definitions | List review task definitions |
| policies_admin_save_task_definition | Create/update a task definition MUTATES |
| policies_admin_list_workflow_assignments | Workflow assignment rules by document type |
| policies_admin_save_workflow_assignment | Assign a workflow to a document type MUTATES |
| policies_admin_list_queues | Review queues |
| policies_admin_save_queue | Create/update a queue MUTATES |
| policies_admin_get_queue_users | Queue membership |
| policies_admin_save_queue_users | Save queue membership MUTATES |
| policies_admin_list_templates | Document templates |
| policies_admin_save_template_assignment | Save template assignment MUTATES |
| policies_admin_list_tag_groups | Tag groups |
| policies_admin_save_tag_group | Create/update a tag group MUTATES |
| policies_admin_list_reference_domains | Reference domain definitions |
| policies_admin_list_reference_codes | Reference code values |
| policies_admin_save_reference_domain | Create/update a reference domain MUTATES |
| policies_admin_save_reference_code | Create/update a reference code MUTATES |
| policies_admin_list_review_frequencies | Review frequencies |
| policies_admin_list_security_groups | Security groups |
| policies_admin_get_security_group | Security group detail |
User tools.
| Tool | Description |
|---|---|
| policies_list_users | List all users |
| policies_get_user | User detail |
| policies_list_subscribers | List subscribers |
| policies_get_ui_settings | UI preferences for the current user |
| policies_save_preferences | Save user preferences MUTATES |
| policies_ping | Session keepalive |
Bulk tools.
V0.1 implements bulk operations client-side by looping over single-record tools. Native bulk endpoints (the native .xlsx + .docx-in-.zip flow exposed by the Policy Manager UI) are on the roadmap — see knowledge/80-ui-automation-roadmap.md.
| Tool | Description |
|---|---|
| policies_bulk_create_documents | Create many documents from a manifest MUTATES |
| policies_bulk_export_documents | Export a batch of documents to a local directory |
| policies_bulk_archive_documents | Archive many documents MUTATES |
| policies_bulk_unarchive_documents | Unarchive many documents MUTATES |
| policies_bulk_create_regulations | Create many regulations MUTATES |
| policies_bulk_link_requirements_to_documents | Link requirements to documents in bulk MUTATES |
Schema tools.
| Tool | Description |
|---|---|
| policies_schema_detection | Fast sample (~5 instances) of a resource's attributes |
| policies_get_inventory_schema | Deep introspection (default 50) with type inference, population rates, samples |
| policies_build_data_dictionary | Composite across every resource |
| policies_list_brain_canonical_inventories | Riskapture Brain canonical inventories (read-only) |
| policies_compare_inventory_to_brain | Align observed to canonical — aligned / onlyInBrain / onlyInObserved / typeConflicts |
| policies_find_duplicate_documents | Cluster documents by normalized name + category |
Cache tools.
| Tool | Description |
|---|---|
| policies_cache_status | Keys by prefix, bytes, hit/miss/write counters, file path |
| policies_clear_cache | Targeted purge: all / reference / instances / portal / brain |
Raw API.
| Tool | Description |
|---|---|
| policies_api_raw | Call any Portal/Compliance/MVC endpoint (GET or non-destructive POST) with full content-type control. DELETE blocked. |
Environment variables.
false to disable the Playwright fallbacktrue~/.cache/diligent-policies-mcpHard rules.
.env is the only credential store. .env is git-ignored. Nothing is written to ~/.env or any global location.POLICIES_UI_FALLBACK=false to disable the Playwright fallback. MVC-only tools will then fail fast with a clear message instead of attempting OIDC.policies_api_raw does not support DELETE. Use a dedicated delete tool (e.g. policies_archive_document, bulk delete) so the cache is invalidated correctly.Getting started.
1. Install via the one-liner above, or clone from GitHub
2. Set your environment variables — bearer token from Admin Hub > API Access Tokens, plus OIDC email/password if you want MVC-admin coverage
3. Restart Claude Code: /mcp reset diligent-policies
4. Start with policies_health_check to verify connectivity
5. Run policies_list_capabilities to see all available tools
6. Run policies_build_data_dictionary for a full snapshot of the current data shape