Diligent ERM,
composed by an agent.
118 tools across three API surfaces plus a harmonization layer. Model the risk-and-control universe, configure workflows, populate instance data, run Risk Manager CRUD on risks / controls / assessments / mitigation plans / workshops, and surface one canonical inventory view across ERM Service + HighBond — all from one agent conversation, through one protocol.
~/.local/share/diligent-erm-mcp
Node.js 20+, no sudo
Re-run to update
Three surfaces, one conversation.
The server is designed so an LLM can navigate it without memorizing tool names. A configuration layer models the schema; a data layer fills in instances; a dedicated Risk Manager service layer handles risks, controls, assessments, mitigation plans, and workshops with proper PATCH support. All three share the same bearer token as the Diligent Projects MCP — one credential, three API surfaces.
Meta & control plane
Health check, session metrics, capability discovery, auto-pagination. The agent learns what it has before it guesses.
Configuration layer
CRUD for asset types, record types, attribute types, workflows, statuses, events, handlers, and status-event mappings. The full schema surface.
Data layer
Create, read, update, delete asset and record instances. Stitch relationships between risks, controls, objectives, assessments, and mitigations.
Rate-limited client
Token-bucket rate limiter (600 req/hr, 6 req/sec), exponential backoff retry, structured error classification, and per-call observability metrics.
Atomic section tools
Add, remove, rename sections and place attributes in them via single tool calls. The client handles GET-modify-PATCH cycles transparently.
Bulk import
Load thousands of assets and records via /import/data with automatic session polling — the tool waits for completion and returns a structured result.
Capabilities overview.
Schema Design
Model your risk taxonomy: create asset types (Risk, Control, Objective, Process), attribute types (9 data types), and record types (Assessments, Mitigations).
Workflow Modelling
Define state machines: workflows, statuses, transitions (events), side-effects (handlers), and status-event mappings. Full CRUD.
UI Layout
Organise attributes into named sections on asset and record types — the configuration drives how the ERM UI renders the record.
Instance Data
Create individual risks, controls, objectives, assessments, and mitigations — or bulk-import thousands at once via /import/data.
Relationships
Link risks to the controls that mitigate them, objectives to the risks they track, and records to their parent assets.
Bulk Operations
Stream large loads through the bulk import endpoint; the tool waits for the import session to complete and returns per-reference success/error detail.
All tools.
| Tool | Description |
|---|---|
| erm_health_check | API connectivity, response time, session metrics |
| erm_get_session_metrics | Call counts, errors, retries, average duration |
| erm_reset_session_metrics | Reset counters for a new job |
| erm_list_capabilities | Tool inventory by category with descriptions |
| erm_query_all | Auto-paginate any JSON:API resource collection |
ERM Config tools.
54 tools for managing the Diligent ERM data model: asset types, record types, attribute types, sections, connections, workflows, events, handlers. Uses ERM_API_TOKEN (same bearer token as the Projects MCP).
| Tool | Description |
|---|---|
| erm_config_get_schema | Full schema: all asset types with sections and resolved attributes |
| Tool | Description |
|---|---|
| erm_config_list_asset_types | List all asset types (entity types) with category and workflow |
| erm_config_get_asset_type | Full detail with sections and attribute items |
| erm_config_create_asset_type | Create new asset type MUTATES |
| erm_config_update_asset_type | Rename or update description MUTATES |
| erm_config_delete_asset_type | Delete asset type DESTRUCTIVE |
| Tool | Description |
|---|---|
| erm_config_list_record_types | List all record types (assessment, mitigation types) |
| erm_config_get_record_type | Full detail with sections and attribute items |
| erm_config_create_record_type | Create a new record type MUTATES |
| erm_config_update_record_type | Rename or update description / admin notes MUTATES |
| erm_config_link_record_type | Link record type to parent asset or record type MUTATES |
| Tool | Description |
|---|---|
| erm_config_list_attribute_types | List all field definitions, filter by data_type |
| erm_config_create_attribute_type | Create field (text, paragraph, boolean, number, dateTime, select, userLookup, attachment, adHocRelationship) MUTATES |
| erm_config_update_attribute_type | Rename, update tooltip, required flag, or select values MUTATES |
| erm_config_delete_attribute_type | Delete field definition DESTRUCTIVE |
| Tool | Description |
|---|---|
| erm_config_connect_attribute | Connect attribute to asset type MUTATES |
| erm_config_disconnect_attribute | Disconnect attribute from asset type MUTATES |
| erm_config_connect_record_attribute | Connect attribute to record type MUTATES |
| erm_config_disconnect_record_attribute | Disconnect attribute from record type MUTATES |
| erm_config_add_section | Add a new section to an asset type MUTATES |
| erm_config_remove_section | Remove a section from an asset type MUTATES |
| erm_config_rename_section | Rename a section on an asset type MUTATES |
| erm_config_add_attribute_to_section | Place attribute in an asset type section MUTATES |
| erm_config_remove_attribute_from_section | Remove attribute from asset type section MUTATES |
| erm_config_add_record_type_section | Add a new section to a record type MUTATES |
| erm_config_remove_record_type_section | Remove a section from a record type MUTATES |
| erm_config_rename_record_type_section | Rename a section on a record type MUTATES |
| erm_config_add_attribute_to_record_type_section | Place attribute in a record type section MUTATES |
| erm_config_remove_attribute_from_record_type_section | Remove attribute from record type section MUTATES |
| Tool | Description |
|---|---|
| erm_config_list_workflows | List all configured workflows |
| erm_config_get_workflow | Get a workflow with its statuses and events |
| erm_config_create_workflow | Create a new workflow MUTATES |
| erm_config_update_workflow | Rename or update a workflow MUTATES |
| erm_config_delete_workflow | Delete a workflow DESTRUCTIVE |
| erm_config_create_workflow_status | Add a status to a workflow MUTATES |
| erm_config_get_status | Get a status with its linked events |
| erm_config_list_events | List event definitions |
| erm_config_get_event | Get an event with its handlers |
| erm_config_create_event | Create a new event MUTATES |
| erm_config_update_event | Update event fields MUTATES |
| erm_config_delete_event | Delete an event DESTRUCTIVE |
| erm_config_list_handlers | List handler definitions |
| erm_config_get_handler | Get a handler with its events |
| erm_config_create_handler | Create a new handler MUTATES |
| erm_config_update_handler | Update handler fields MUTATES |
| erm_config_delete_handler | Delete a handler DESTRUCTIVE |
| erm_config_create_status_event_mapping | Link an event to a status MUTATES |
| erm_config_get_status_event_mapping | Get a status-event mapping |
| erm_config_update_status_event_mapping | Update a status-event mapping MUTATES |
| erm_config_delete_status_event_mapping | Delete a status-event mapping DESTRUCTIVE |
ERM Data tools.
18 tools for creating, updating, and deleting asset / record instances and linking them. Resolve type IDs with the erm_config_* tools first.
| Tool | Description |
|---|---|
| erm_data_create_asset | Create a risk, control, objective, or process instance MUTATES |
| erm_data_get_asset | Get a single asset instance with all attributes |
| erm_data_update_asset | Update fields on an existing asset instance MUTATES |
| erm_data_delete_asset | Delete an asset instance DESTRUCTIVE |
| erm_data_list_assets | List asset instances of a type — for verification / ID lookup |
| Tool | Description |
|---|---|
| erm_data_create_record | Create an assessment or mitigation (pass parent field to link) MUTATES |
| erm_data_get_record | Get a single record instance with all attributes |
| erm_data_update_record | Update fields on an existing record instance MUTATES |
| erm_data_delete_record | Delete a record instance DESTRUCTIVE |
| erm_data_list_records | List record instances of a type — for verification / ID lookup |
| Tool | Description |
|---|---|
| erm_data_list_all_asset_relationships | List all relationships across all assets of a type |
| erm_data_get_asset_relationships | List relationships on a single asset instance |
| erm_data_create_relationship | Link two assets (Risk↔Control, Objective↔Risk, etc.) MUTATES |
| erm_data_delete_asset_relationship | Remove a link between two assets DESTRUCTIVE |
| erm_data_get_record_relationships | List relationships on a single record instance |
| erm_data_create_record_relationship | Create a relationship link on a record instance MUTATES |
| erm_data_delete_record_relationship | Remove a relationship link from a record instance DESTRUCTIVE |
| Tool | Description |
|---|---|
| erm_data_bulk_import | Bulk-import assets and records via /import/data; polls until complete MUTATES |
ERM Service tools.
29 tools hitting erm-service-api.highbond.com/api/v1 — a dedicated Risk Manager API with full PATCH support. Same ERM_API_TOKEN, x-org-id sent as a header instead of path segment. Override the host with ERM_SERVICE_URL.
| Tool | Description |
|---|---|
| ermapi_get_schema | Full ERM schema for all entity types |
| ermapi_get_entity_schema | Schema for a specific entity type (risk / control / assessment / mitigation / objective / process) |
| Tool | Description |
|---|---|
| ermapi_list_risks | List risks from the ERM Risk Register (pagination) |
| ermapi_get_risk | Full risk detail |
| ermapi_create_risk | Create a new risk MUTATES |
| ermapi_update_risk | Update risk — PATCH works here MUTATES |
| ermapi_list_risk_assessments | Risk event assessments for a given risk |
| ermapi_create_risk_assessment | Create a risk event assessment MUTATES |
| ermapi_get_assessment | Assessment detail |
| ermapi_update_assessment | Update a risk event assessment MUTATES |
| Tool | Description |
|---|---|
| ermapi_list_mitigation_plans | Mitigation plans for a risk |
| ermapi_create_mitigation_plan | Create mitigation plan MUTATES |
| ermapi_get_mitigation_plan | Mitigation plan detail |
| ermapi_update_mitigation_plan | Update mitigation plan MUTATES |
| Tool | Description |
|---|---|
| ermapi_list_workshops | Workshops for a risk (collaborative assessment sessions) |
| ermapi_create_workshop | Create a risk workshop MUTATES |
| ermapi_get_workshop | Workshop detail |
| ermapi_update_workshop | Update workshop MUTATES |
| ermapi_list_workshop_assessors | Assessors assigned to a workshop |
| ermapi_add_workshop_assessor | Add an assessor to a workshop MUTATES |
| Tool | Description |
|---|---|
| ermapi_list_controls | List controls from the ERM Control Register |
| ermapi_get_control | Full control detail |
| ermapi_create_control | Create a new control MUTATES |
| ermapi_update_control | Update control — PATCH works here MUTATES |
| ermapi_list_control_assessments | Assessments for a control |
| ermapi_create_control_assessment | Create a control assessment MUTATES |
| ermapi_get_control_assessment | Control assessment detail |
| ermapi_update_control_assessment | Update a control assessment MUTATES |
| Tool | Description |
|---|---|
| ermapi_get_relationships | List relationships for an entity (risks ↔ controls ↔ objectives ↔ processes) |
Environment variables.
https://erm-service-api.highbond.com/api/v1)Regional base URLs: US, Canada, Europe, Asia, Australia, Africa, Japan.
Hard rules.
erm_config_list_asset_types / erm_config_list_record_types before creating instance data.erm_config_get_asset_type + erm_config_get_attribute_type before populating attributes — never guess field names or dropdown values.Content-Type: application/vnd.api+json with body {}. Auto-filled by the client.select values, preserve existing UUIDs for unchanged options. New values get auto-assigned UUIDs.dateTime requires is24Hour, attachment requires allowMultipleFiles. Auto-filled by the tool if omitted.application/vnd.api+json. Cursor-based pagination via links.next.{field_name: "parent", value: {id, object_type_id}} entry in attributes.erm_data_bulk_import records, the parent attribute uses {field_name: "parent", id: "<asset_id>", object_type_id: "<asset_type_id>"} (no value key).ermapi_* tools hit erm-service-api.highbond.com/api/v1, send x-org-id as a header, use application/json (not vnd.api+json), and paginate with pageSize/pageNumber.ermapi_get_entity_schema before creating or updating an entity — the ERM Service schema is distinct from the HighBond asset/record schema.Getting started.
1. Install via the one-liner above, or clone from GitHub
2. Set your environment variables (API token from Admin Hub > API Access Tokens)
3. Restart Claude Code: /mcp reset diligent-erm
4. Start with erm_health_check to verify connectivity
5. Run erm_list_capabilities to see all available tools
6. Run erm_config_get_schema to get a full snapshot of the current data model