MCP Server
Use AI assistants like Claude to interact with your Trailbase platform via the Model Context Protocol (MCP). Send audit events, search logs, manage RBAC, configure alerts, and run compliance checks — all through natural language.
What is MCP?
The Model Context Protocol is an open standard that lets AI assistants connect to external tools and data sources. The Trailbase MCP server gives Claude (and other MCP-compatible clients) direct access to all Trailbase APIs.
Installation
npm install -g @trailbase/mcp-server
Or run directly with npx (no install required):
npx @trailbase/mcp-server
Configuration
The MCP server only requires your Trailbase API key. The tenant ID is automatically discovered from your API key.
Environment Variables
| Variable | Required | Description |
|---|---|---|
TRAILBASE_API_KEY | Yes | Your Trailbase API key (starts with tb_) |
TRAILBASE_BASE_URL | No | API base URL (default: https://api.trailbase.frozo.ai) |
The tenant ID is auto-discovered from your API key on first use — no need to configure it manually.
Client Setup
Claude Desktop
Add to your Claude Desktop config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%AppData%\Claude\claude_desktop_config.json
{
"mcpServers": {
"trailbase": {
"command": "npx",
"args": ["@trailbase/mcp-server"],
"env": {
"TRAILBASE_API_KEY": "tb_your_api_key_here",
"TRAILBASE_BASE_URL": "https://your-instance.trailbase.frozo.ai"
}
}
}
}Claude Code (VS Code Extension)
Add a .mcp.json file to your project root:
{
"mcpServers": {
"trailbase": {
"command": "npx",
"args": ["@trailbase/mcp-server"],
"env": {
"TRAILBASE_API_KEY": "tb_your_api_key_here",
"TRAILBASE_BASE_URL": "https://your-instance.trailbase.frozo.ai"
}
}
}
}Cursor
Use the same configuration format as Claude Desktop in Cursor's MCP settings.
Available Tools
The MCP server exposes 19 tools covering all Trailbase capabilities:
Audit Logging
| Tool | Description |
|---|---|
trailbase_send_event | Send a single audit event |
trailbase_send_batch_events | Send up to 100 events at once |
trailbase_search_events | Search events with filters (action, actor, date range, full-text) |
trailbase_get_event_schema | Get the event schema reference |
RBAC (Access Control)
| Tool | Description |
|---|---|
trailbase_rbac_decide | Check if a user has permission on a resource |
trailbase_list_grants | List all RBAC grants |
trailbase_create_grant | Grant a permission to a user or group |
Alerting
| Tool | Description |
|---|---|
trailbase_list_alert_rules | List alert rules |
trailbase_create_alert_rule | Create a threshold/anomaly/pattern alert rule |
trailbase_list_alerts | List fired alerts with status/severity filters |
trailbase_update_alert | Acknowledge or resolve an alert |
Webhooks
| Tool | Description |
|---|---|
trailbase_list_webhooks | List configured webhooks |
trailbase_create_webhook | Create a webhook for real-time notifications |
Compliance
| Tool | Description |
|---|---|
trailbase_run_compliance_check | Run SOC2, HIPAA, ISO27001, or GDPR checks |
trailbase_get_compliance_results | Get previous compliance results |
Operations & Analytics
| Tool | Description |
|---|---|
trailbase_health_check | Check API health |
trailbase_get_stats | Get analytics and usage stats |
trailbase_get_operations | Get operational health dashboard |
trailbase_list_exports | List audit log export runs |
Example Prompts
Once configured, ask your AI assistant:
"Send an audit event for user john@example.com logging into the dashboard" "Search for all failed login events in the last 24 hours" "Check if user_123 has read permission on document doc_456" "Create an alert rule that fires when there are more than 10 failed logins in 5 minutes" "Run a SOC2 compliance check and show me any failing controls" "Show me the operational health dashboard" "What's the schema for sending audit events to Trailbase?"
Security
- API Key Required: The server will not start without a valid
TRAILBASE_API_KEY. All requests are authenticated via Bearer token. - Tenant Isolation: The tenant is auto-discovered from your API key. The server only accesses data for that tenant.
- No Credential Storage: Credentials are read from environment variables only — never stored on disk.
- Stdio Transport: Communication happens over stdio (stdin/stdout), not over the network. The MCP client manages the server process lifecycle.
Need Help?
Having trouble setting up the MCP server? Check the Quick Start guide for API key setup, or contact us at trailbase@frozo.ai.