@dawnguard/mcp
v1.0.7
Published
Dawnguard MCP Server - Cloud security insights and guardrail guidance for Azure and AWS architectures
Downloads
920
Maintainers
Readme
Dawnguard MCP Server
Cloud security insights, guardrail guidance, and compliance checking for Azure and AWS architectures via Model Context Protocol (MCP).
Overview
Dawnguard MCP connects your AI assistant (Claude, ChatGPT, Cursor, VS Code) directly to your cloud security insights. Query security findings, retrieve company guardrails, design secure architectures, and get remediation guidance — all through natural language.
Features
- ✅ Query Security Findings — Access 39+ security insights from architecture scans
- ✅ Retrieve Guardrails — Get active company policies and compliance rules
- ✅ Design Secure Architectures — Get architecture recommendations aligned to your guardrails
- ✅ Remediation Guidance — Step-by-step CLI and portal instructions for fixes
- ✅ Multi-Cloud Support — Azure and AWS resources
- ✅ OAuth 2.0 Authentication — Secure token-based access
- ✅ Real-Time Insights — Latest security findings from your scans
Installation
Via npm
npm install @dawnguard/mcpVia npx (Recommended)
npx -y @dawnguard/mcpConfiguration
For Cursor IDE
Add to .cursor/mcp.json:
{
"mcpServers": {
"dawnguard": {
"url": "https://api.dev.dawnguard.app/mcp/${env:DAWNGUARD_CUSTOMER_ID}",
"type": "http"
}
}
}For Claude Desktop
Add to ~/.claude/claude_desktop_config.json:
{
"mcpServers": {
"dawnguard": {
"command": "npx",
"args": ["-y", "@dawnguard/mcp"],
"env": {
"DAWNGUARD_CUSTOMER_ID": "your-customer-id"
}
}
}
}For VS Code
Add to ~/.vscode/mcp.json:
{
"servers": {
"dawnguard-mcp": {
"url": "https://api.dev.dawnguard.app/mcp/${env:DAWNGUARD_CUSTOMER_ID}",
"type": "http"
}
}
}Setup
1. Get Your Customer ID
- Log in to Dawnguard
- Go to profile and click preferences → Configure
- Copy your MCP URL including Customer ID
2. Set Environment Variable
export DAWNGUARD_CUSTOMER_ID="your-customer-id"Add to ~/.zshrc or ~/.bashrc to persist:
echo 'export DAWNGUARD_CUSTOMER_ID="your-customer-id"' >> ~/.zshrc
source ~/.zshrcTools
validate
Verify MCP connection and authentication status.
Claude: "Is the Dawnguard connection working?"
→ Returns connection status and authenticated user infolist_architectures
List all stored cloud architecture snapshots with metadata.
Claude: "Show me all my cloud environments"
→ Returns list of scanned architectures with scan datesquery_insights
Query security findings from architecture scans with advanced filtering.
Claude: "Show me all critical security findings in my Azure subscription"
→ Returns filtered security insights with severity scoresguardrail_guidance
Retrieve active company guardrails, policies, and compliance frameworks.
Claude: "What are our active security guardrails?"
→ Returns your org's policies, naming conventions, tagging rulesdesign_architecture
Get policy-led secure architecture design guidance.
Claude: "Design a secure API architecture aligned to our guardrails"
→ Returns architecture diagram and best practices recommendationsExamples
Query Security Findings
You: "What are my top 5 open security findings?"
Claude uses query_insights to find:
1. Enable Purge Protection on Key Vault (severity: high)
2. Enable DDoS Protection on VNets (severity: high)
3. Enable Private Endpoints (severity: medium)
...Design Secure Architecture
You: "Design a secure Azure API Service aligned to our guardrails"
Claude uses design_architecture to recommend:
- Private endpoints for all PaaS services
- VNet integration with NSGs
- Managed identity for authentication
- Application Insights monitoringGet Remediation Guidance
You: "How do I fix the DDoS protection issue?"
Claude uses query_insights + guardrail_guidance to provide:
1. Create DDoS Protection plan: az network ddos-protection create ...
2. Enable on VNet: az network vnet update ...
3. Verify: az network vnet show ...Troubleshooting
Authentication Failed
If you receive authentication errors, verify that your app registration redirect URI is configured correctly:
- Go to Dawnguard App Registrations
- Find your app and check the Redirect URIs section
- Ensure the callback URL matches your configured OAuth endpoint
- If missing, add the callback URL and save
Common redirect URI formats:
- Local:
http://localhost:3000/callback - Web:
https://yourdomain.com/callback - Claude:
http://localhost:8080/callback(Claude Desktop default)
License
Source Available License — Source code is publicly available but may not be modified or redistributed without permission. The Dawnguard backend services remain proprietary. See LICENSE for details.
This Software is designed for exclusive use with Dawnguard's proprietary backend services.
Contributing
Contributions welcome! See CONTRIBUTING.md for guidelines.
Changelog
See CHANGELOG.md for version history.
Made with ❤️ by Dawnguard
