prisma-airs-ops-mcp-server

v0.1.0

Published

a month ago

Operations-focused MCP server for Prisma AIRS configuration, governance, red teaming, and model security

0High
0Medium
0Low

ethanzhi

mcp model-context-protocol prisma-airs palo-alto-networks security operations

Prisma AIRS Operations MCP Server

Operations-focused Model Context Protocol server for Palo Alto Networks Prisma AIRS.

This package is intentionally broader than a runtime scanning MCP server. It exposes the Prisma AIRS control plane to MCP clients: profile and topic inventory, guardrail operations, scan-log investigation, AI Red Team operations, and Model Security workflows.

Status

Initial TypeScript scaffold and MVP tool surface.

Install

npm install -g prisma-airs-ops-mcp-server
prisma-airs-ops-mcp

Or run directly:

npx prisma-airs-ops-mcp-server

Configuration

Use environment variables. Start from .env.example.

# Runtime scan API
PANW_AI_SEC_API_KEY=

# Operations / management APIs
PANW_MGMT_CLIENT_ID=
PANW_MGMT_CLIENT_SECRET=
PANW_MGMT_TSG_ID=

Optional safety switches:

PRISMA_AIRS_MCP_ENABLE_DESTRUCTIVE_TOOLS=false
PRISMA_AIRS_MCP_ENABLE_SECRET_TOOLS=false

Destructive tools include operations such as aborting scans, deleting labels, and reverting topics. Secret tools include operations that may return tokens or private package URLs.

Claude Desktop Example

{
  "mcpServers": {
    "prisma-airs-ops": {
      "command": "npx",
      "args": ["prisma-airs-ops-mcp-server"],
      "env": {
        "PANW_AI_SEC_API_KEY": "your-scan-api-key",
        "PANW_MGMT_CLIENT_ID": "your-client-id",
        "PANW_MGMT_CLIENT_SECRET": "your-client-secret",
        "PANW_MGMT_TSG_ID": "your-tsg-id"
      }
    }
  }
}

Tool Groups

Utility

airs_ops_capabilities
airs_ops_tooling_notes

Runtime

airs_runtime_scan
airs_runtime_bulk_scan_submit
airs_runtime_bulk_scan_poll

Profiles, Topics, And Management

airs_profiles_list
airs_profiles_get
airs_profile_topics_get
airs_topics_list
airs_topics_get
airs_topics_upsert
airs_topics_apply_to_profile
airs_topics_evaluate_prompts
airs_topics_revert_from_profile
airs_deployment_profiles_list
airs_dlp_profiles_list
airs_customer_apps_list
airs_customer_apps_get
airs_scan_logs_query
airs_api_keys_list

AI Red Team

airs_redteam_targets_list
airs_redteam_target_get
airs_redteam_target_create
airs_redteam_target_probe
airs_redteam_scans_list
airs_redteam_scan_status
airs_redteam_scan_create
airs_redteam_scan_report
airs_redteam_scan_abort
airs_redteam_categories_list
airs_redteam_eula_status
airs_redteam_registry_credentials

Model Security

airs_model_security_groups_list
airs_model_security_group_get
airs_model_security_rules_list
airs_model_security_rule_get
airs_model_security_rule_instances_list
airs_model_security_scans_list
airs_model_security_scan_get
airs_model_security_scan_create
airs_model_security_evaluations_list
airs_model_security_violations_list
airs_model_security_files_list
airs_model_security_labels_add
airs_model_security_labels_delete
airs_model_security_pypi_auth

Design Notes

This server calls the Prisma AIRS CLI TypeScript service layer directly. It does not shell out to the airs binary for normal operations. That keeps outputs structured, makes errors easier for agents to interpret, and avoids parsing terminal-oriented text.

The server uses stdio transport by default because it is the most portable way to run from npx inside MCP clients.