Connect to Bastion
Overview
The Bastion MCP server exposes a set of pre-built workflows that let an AI assistant act on your Bastion tenant. Users authenticate with their existing Bastion login (OAuth via Clerk), and all actions respect the role-based permissions configured in the platform.
| Field | Value |
|---|---|
| Server URL | https://mcp.app.bastion.tech/mcp |
| Transport | HTTP (streamable) |
| Auth | OAuth via your Bastion account |
| Permissions | Inherits your platform role (bastion_user, employee, pentester, auditor) |
Available Workflows
Get Compliant
Walks through failing compliance tests and guides you step by step to remediate each one.
Fix Code Security Issues
Identifies critical vulnerabilities across connected repositories and proposes fixes.
Setup Trust Center
Configures your public trust center with company info, FAQs, and SEO metadata.
Setup Dependabot
Enables GitHub Dependabot across all repositories to surface vulnerable dependencies.
Ask Knowledge Base
Answers security and compliance questions using your organization's own policies and documentation.
Setup by Client
Claude Code (CLI)
Add the server
Run:
claude mcp add bastion --transport http https://mcp.app.bastion.tech/mcpAuthenticate
Launch Claude Code:
claudeThen run
/mcpand follow the OAuth prompt to sign in to Bastion.Invoke a workflow
Use a slash command, for example:
/bastion:get-compliant
Claude Desktop
Open the config file
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- macOS:
Add the Bastion server
{
"mcpServers": {
"bastion": {
"transport": "http",
"url": "https://mcp.app.bastion.tech/mcp"
}
}
}Restart Claude Desktop
Quit and relaunch. Bastion will appear in the MCP server list and trigger an OAuth sign-in the first time it is used.
Invoke a workflow
Ask Claude in natural language, for example: "Use bastion and get me compliant."
Claude.ai
Open Integrations
Click your profile icon, go to Settings, then Integrations.
Add the integration
Click Add Integration and paste the server URL:
https://mcp.app.bastion.tech/mcpComplete OAuth
Sign in to Bastion when prompted, then click Save.
Cursor, VS Code, and other clients
Bastion's MCP server works with any client that speaks the Model Context Protocol over HTTP. For Cursor, Roo Code, Augment, VS Code, Gemini CLI, LMStudio, and Codex CLI, add the same server URL (https://mcp.app.bastion.tech/mcp) in the client's MCP configuration and authenticate via OAuth on first use.
Inside the Bastion app, open the Solve with AI modal on any page for client-specific copy-paste configuration snippets.
Permissions
MCP actions run with the same scope as your platform user. For example, an employee can ask the knowledge base a question, but only a bastion_user can generate a trust center or edit compliance controls.
Troubleshooting
The MCP server is not detected by my client
Confirm the server URL is exactly https://mcp.app.bastion.tech/mcp and that the transport is set to http. Some clients cache configuration, so a full restart is often required.
OAuth sign-in loops or fails
Make sure you are signed in to Bastion in your browser with the same account you expect to use in the AI client. Clear cookies for app.bastion.tech and try again.
A workflow says I do not have permission
MCP inherits your Bastion role. Ask your Bastion administrator to assign the role needed for the workflow you are trying to run.