Billing status + self-service payment for your company: credit-wallet balance, pay-per-use flag, license tier / annual commitment, per-action prices, purchasable plans, and any approved-but-unpaid plans. Pass `checkout_request_id` to get a hosted Stripe Checkout URL to COMPLETE an approved plan, `topup_amount` (EUR) to get one to TOP UP the wallet, or `request_plan` (starter|pay_per_use|pro|max|enterprise) to REQUEST a plan (files a request for super-admin approval — never grants). Use this to view or RESOLVE a 402 without leaving the connector.
Parameters3
checkout_request_id
string
optional
Approved license_request_id to complete payment for (returns a hosted Checkout URL)
topup_amount
number
optional
Optional EUR amount to top up the credit wallet (returns a hosted Checkout URL)
request_plan
string
optional
Optional plan key to request (pro|max|…) — files a request for super-admin approval; does not grant or charge
Raw schema
{
"type": "object",
"properties": {
"checkout_request_id": {
"type": "string",
"description": "Approved license_request_id to complete payment for (returns a hosted Checkout URL)"
},
"topup_amount": {
"type": "number",
"description": "Optional EUR amount to top up the credit wallet (returns a hosted Checkout URL)"
},
"request_plan": {
"type": "string",
"description": "Optional plan key to request (pro|max|…) — files a request for super-admin approval; does not grant or charge"
}
},
"required": [],
"additionalProperties": false
}
generate_threat_model
Create a threat model from a normalized architecture (ReactFlow nodes + edges). Ingests components via the shared Stage-0 service; the pipeline then auto-generates threats. Returns the diagram id.
Verify whether threats are mitigated in a scan's uploaded code. With `threat_id`, verifies one threat synchronously and returns the verdict; without it, verifies every diagram threat in the background. Wraps code_review ThreatVerificationService.
Compliance-framework coverage for a diagram (real, ControlCodeMap-backed), optionally for one framework, plus an optional crossmap relationship graph. Wraps derive_framework_coverage + crossmap_cypher.build_graph.
Compute a remediation plan for a threat/finding WITHOUT applying it (mode=dry_run). Runs the same governed engine as apply_remediation, including the patent gates, and returns the proposed steps.
Company-level compliance posture rollup (pass rate, control compliance, mitigated counts, per-framework coverage). Suitable for a CI gate. Wraps the traceability company rollup.
Parameters2
scan_id
string
optional
Optional anchor scan; latest is used if omitted
diagram_id
string
optional
Optional diagram to add framework coverage for
Raw schema
{
"type": "object",
"properties": {
"scan_id": {
"type": "string",
"description": "Optional anchor scan; latest is used if omitted"
},
"diagram_id": {
"type": "string",
"description": "Optional diagram to add framework coverage for"
}
},
"required": [],
"additionalProperties": false
}
discover_shadow_ai
Shadow-AI posture (part of Code Security): unsanctioned / unknown AI-service usage discovered in code — totals, risk score, provider/type breakdown, hardcoded-key count, and top discoveries. Company latest, or one scan with `scan_id`. Reads code_review ShadowAIReport/ShadowAIDiscovery.
Parameters2
scan_id
string
optional
Optional CodeReviewScan id; company-wide latest if omitted
API security inventory (part of Code Security): discovered API endpoints with authentication status, risk level and risk factors, plus method/risk breakdowns. Company-wide or one scan with `scan_id`. Reads code_review ApiEndpointDiscovery.
Parameters2
scan_id
string
optional
Optional CodeReviewScan id; company-wide if omitted
Cloud security & compliance posture (Cloud Compliance): per connected cloud account, the latest CIS/NIST cloud-policy scan — compliance %, failing policies/records, status — plus a company rollup. Reads customers.Account.latest_scan -> compliances.ScanResults.
Parameters1
account_id
string
optional
Optional single cloud Account id; all company accounts if omitted
Raw schema
{
"type": "object",
"properties": {
"account_id": {
"type": "string",
"description": "Optional single cloud Account id; all company accounts if omitted"
}
},
"required": [],
"additionalProperties": false
}
code_review_scan
Start (or re-run) a code-security scan for an existing scan/repository in your scope. Returns a poll pointer; results include SAST, secrets, deps, pipeline review and the traceability matrix.
Parameters1
scan_id
string
required
Id of an existing code-review scan to (re)run
Raw schema
{
"type": "object",
"properties": {
"scan_id": {
"type": "string",
"description": "Id of an existing code-review scan to (re)run"
}
},
"required": [
"scan_id"
],
"additionalProperties": false
}
compliance_scan
Run a cloud/platform or compliance scan against an account or diagram in your scope (async). scan_type ∈ platform|compliance|pipeline|sbom. Returns a task id to poll.
Apply a remediation for real (mode=live). Routed through the full governance funnel — patent reachability/kill-chain gates, autonomy policy and the approval flow. If your policy requires approval it returns 'requires_approval' rather than acting.
Aribot is a security tool from Ayurak / Aristiun, available as a remote Model Context Protocol (MCP) server. Connect it to any MCP client — ChatGPT, Gemini, Claude, or your own — and run real security work from the assistant you already use, without switching tools.
This repository is a public manifest for the hosted server. It contains no product code — only the connection details. The server requires OAuth, so listing its address exposes nothing without an authorized login.
Unified threat modeling — one model, not five tools
Aribot builds one threat model per system and layers every discipline onto it — security (STRIDE + LINDDUN), cloud posture (AWS · Azure · GCP), compliance (NIST · ISO 27001 · SOC 2), and the economics of each risk (value at risk, cost to fix, dollars saved once healed) — all kept traceable end to end:
OAuth is discovered automatically at https://mcp.aribot.ayurak.com/.well-known/oauth-authorization-server.
Example (Claude Code):
code
claude mcp add --transport http aribot https://mcp.aribot.ayurak.com/mcp
Access controls
Each call is checked against your company's licence, the OAuth scopes you granted (read:findings, read:threatmodel, read:insights, run:scan, run:codereview, write:threatmodel, run:remediation), your team's roles, and your tenant boundary. Usage is metered, and every action is logged. So you can run security work from an assistant without losing track of who can do what, or which company's data is which.