An MCP (Model Context Protocol) server that exposes Check Point Workforce AI capabilities as LLM tools — enabling AI assistants to query, analyze, and manage AI & Browse security policies, assets, and applications through natural language.
- Go to the Infinity Portal API Keys page.
- Click New > New Account API Key.
- In the Service dropdown select Workforce AI Security (and for Browse, Browse Security) and create the key.
- Copy the Client ID, Secret Key, and Authentication URL (gateway).
For more information, see Infinity Portal Administration Guide.
| Region | Gateway URL |
|---|---|
| Europe | https://cloudinfra-gw.portal.checkpoint.com |
| United States | https://cloudinfra-gw-us.portal.checkpoint.com |
| Variable | Required | Description |
|---|---|---|
CP_CI_CLIENT_ID |
Yes | CloudInfra API key client ID |
CP_CI_ACCESS_KEY |
Yes | CloudInfra API key secret |
CP_CI_GATEWAY |
Yes | CloudInfra gateway URL |
MCP_MODE |
Yes | Transport mode: stdio or http |
PORT |
When http |
HTTP server port |
WRITE_MODE |
No | Set to true to enable write tools (default: false). Warning: enabling write mode allows the LLM to create, modify, and delete security policy rules. Use with caution. |
Use stdio mode when connecting directly from an MCP client such as Claude Desktop, VS Code, or Cursor:
CP_CI_CLIENT_ID="your-client-id" \
CP_CI_ACCESS_KEY="your-access-key" \
CP_CI_GATEWAY="https://cloudinfra-gw-us.portal.checkpoint.com" \
MCP_MODE=stdio \
npx @chkp/workforce-ai-mcpAdd to your claude_desktop_config.json:
{
"mcpServers": {
"workforce-ai": {
"command": "npx",
"args": ["--yes", "@chkp/workforce-ai-mcp"],
"env": {
"CP_CI_CLIENT_ID": "your-client-id",
"CP_CI_ACCESS_KEY": "your-access-key",
"CP_CI_GATEWAY": "https://cloudinfra-gw-us.portal.checkpoint.com",
"MCP_MODE": "stdio"
}
}
}
}Use HTTP mode when running the server as a standalone service:
CP_CI_CLIENT_ID="your-client-id" \
CP_CI_ACCESS_KEY="your-access-key" \
CP_CI_GATEWAY="https://cloudinfra-gw-us.portal.checkpoint.com" \
MCP_MODE=http \
PORT=3000 \
npx @chkp/workforce-ai-mcpThe server exposes:
POST /mcp— MCP StreamableHTTP endpointGET /health— Health check
By default, the server starts in read-only mode, exposing tools for querying and analyzing policies without making any changes. This is safe for exploration and auditing.
- List rulebases — View all rules for Chats (GenAI DLP), AI Access, Web Access, Agents, Secure Browsing, and DLP policies
- Analyze shadow rules — Detect rules that are shadowed (never matched) by higher-priority rules
- Simulate policy matching — Given a user and target, resolve which rule in the rulebase would apply
- Search assets — Find managed assets by name or attributes
- Count assets — Get asset counts with optional filters
- Search users — Look up users and groups in the organization
- Search apps — Search the GenAI application catalog by name, description, or URL
- Get apps by ID — Retrieve application details by their IDs
- List DLP data types — Browse predefined and custom DLP data types
- Get tenant DLP data types — View data types configured for the tenant
- List domain objects — View domain-based policy objects
- List file protection objects — View file protection configurations
To enable write operations, set WRITE_MODE=true. This unlocks tools that modify the policy configuration:
- Create rules — Create new Chats, AI Access, Agents, DLP, and Secure Browsing rules with full policy configuration including actions, services, data types, and user/group assignments
- Edit rules — Update rule name, description, and other properties
- Activate / deactivate rules — Toggle rules on or off
- Reorder rules — Change rule priority in the rulebase
- Delete rules — Permanently remove rules from the rulebase
| Tool | Description | Mode |
|---|---|---|
list_chats_rules |
List all Chats (GenAI DLP) rules. | read |
list_ai_access_rules |
List all AI Access rules that control which AI services and applications users are allowed to interact with. | read |
list_web_access_rules |
List all Web Access rules for Browse Security. | read |
list_agents_rules |
List all Agents (MCP Server) rules that govern agent interactions. | read |
list_secure_browsing_rules |
List all Secure Browsing threat-prevention rules. | read |
list_dlp_rules |
List all Browse DLP (Data Loss Prevention) rules for browser security. | read |
set_rule_info |
Update the display name and description of a rule identified by its UUID. | write |
set_rule_active |
Enable or disable a rule without deleting it. | write |
reorder_rule |
Move a rule to a new position in the rulebase. | write |
delete_rule |
Permanently delete a rule from the rulebase by its UUID. | write |
create_chats_rule |
Create a new Chats (GenAI DLP) rule. | write |
create_ai_access_rule |
Create a new AI Access rule that controls which AI services and applications users can interact with. | write |
create_agents_rule |
Create a new Agents (MCP Server) rule that governs agent interactions. | write |
create_dlp_rule |
Create a new Browse DLP rule for data loss prevention during web browsing. | write |
create_secure_browsing_rule |
Create a new Secure Browsing threat-prevention rule. | write |
set_chats_policy |
Replace the entire policy configuration of a Chats rule (also known as 'Chats' in AI Security UI — POLICY_TYPE_DLP). | write |
patch_chats_policy |
Deep-merge partial changes into a Chats rule's policy. | write |
set_access_policy |
Replace the entire policy configuration of an AI Access rule (POLICY_TYPE_ACCESS). | write |
patch_access_policy |
Deep-merge partial changes into an AI Access rule's policy. | write |
set_agents_policy |
Replace the entire policy configuration of an Agents rule (also known as 'Agents' — POLICY_TYPE_MCP_SERVER). | write |
patch_agents_policy |
Deep-merge partial changes into an Agents rule's policy. | write |
set_secure_browsing_policy |
Replace the entire policy configuration of a Secure Browsing rule (POLICY_TYPE_THREAT_PREVENTION). | write |
patch_secure_browsing_policy |
Deep-merge partial changes into a Secure Browsing rule's policy. | write |
set_rule_source |
Replace the full source (user/group assignments) list of a rule. | write |
set_rule_objects |
Replace all objects attached to a rule for a specific feature. | write |
list_file_protection_objects |
List all file-protection policy objects. | read |
update_file_protection_object |
Update an existing file-protection object. | write |
create_file_protection_object |
Create a new file-protection object. | write |
list_domains_objects |
List all domains policy objects. | read |
update_domains_object |
Update an existing domains object. | write |
create_domains_object |
Create a new domains object containing a list of domain entries for domain-based filtering (allow/block lists). | write |
delete_object |
Permanently delete a policy object (file-protection or domains) by its UUID. | write |
get_tenant_dlp_datatypes |
Get the tenant-specific DLP datatype configuration showing which data types are currently enabled for detection in this tenant's policies.. | read |
search_dlp_datatypes |
Search DLP data types by name or description with pagination. | read |
analyze_shadow_rules |
Find unreachable (shadowed) rules in a rulebase. | read |
resolve_matching_rule |
Given a user and target, determine which rule in the rulebase would apply. | read |
search_assets |
Search deployed assets (endpoints/devices) with optional filtering, sorting, text search, and pagination. | read |
count_assets |
Get the total count of deployed assets, optionally filtered. | read |
search_users |
Search users in the organization with optional text search and pagination. | read |
search_apps |
Search the GenAI apps catalog by name, description, or URL. | read |
get_apps_by_ids |
Get specific GenAI apps from the catalog by their numeric IDs. | read |
In case of an issue or a bug found in the MCP server, please open an issue.
- Haim Kastner - haimk@checkpoint.com