Connecting AI tools to Saidot
This page explains how to connect AI assistants and agents to Saidot's MCP servers so they can read documentation, browse the governance Library, and take actions in your Governance space. It covers Claude Desktop, VS Code with GitHub Copilot, and Claude Code, and includes the canonical system prompt template.
Prerequisites
Before connecting any tool, you will need:
The URLs of the relevant MCP servers — see the table below
MCP enabled for your organisation. The first connection from any application must be approved by an administrator; after that, any user can connect.
A decision on which MCP servers to connect (see below)
For administrators: Connected apps and active user grants are managed under Admin → Connected apps. You can block an application entirely or revoke individual user grants at any time — use this to monitor which tools have access and to remove access when needed.
MCP server URLs
Server | URL |
|---|---|
Saidot Docs |
|
Saidot Library |
|
Saidot Governance |
|
Choosing which MCP servers to connect
MCP Server | What it provides | Access level | When to connect |
|---|---|---|---|
Docs MCP | This help site — documentation, how-to guides, methodology | Read-only | Always — it grounds the agent in Saidot concepts |
Library MCP | Curated risks, controls, policies, models | Read-only | When the agent needs to recommend or look up governance content |
Governance MCP | Your organisation's systems, risks, controls, policies | Read/write | When the agent needs to view or modify your governance data |
Start with Docs MCP + Library MCP (read-only) while testing. Add Governance MCP once you are confident in what the agent will do with write access.
Connecting Claude Desktop
Open Claude Desktop and click Customize in the bottom-left corner
Go to Connectors and click Add, then Add custom connector
Enter a name and the URL for the MCP server. Add each server separately using the URLs in the table above. Tip: use consistent names across your organisation for each connector.
For Saidot Library and Saidot Governance, a browser window will open to complete authentication. Approve the connection, wait a moment for it to complete, then close the browser window.
Verify the connection by asking Claude: "What MCP tools do you have access to?"
Connecting VS Code (GitHub Copilot)
MCP tools in VS Code are available in Copilot's Agent mode only. For full configuration reference, see the VS Code MCP documentation.
Create an
mcp.jsonfile if you do not already have one — an empty{}is fine. Place it either in your user profile at~/.vscode/mcp.json(available in all projects) or in a project's root folder (project-specific).Click the Add Server button at the bottom of the editor, select HTTP, enter the server URL and a name. Repeat for each server using the URLs in the table above.
For Saidot Library and Saidot Governance, a browser window will open to complete OAuth authentication. Approve the connection and wait a moment for it to complete.
Open a Copilot Chat session and verify Saidot tools are listed.
Note: VS Code uses "servers" as the root key in mcp.json — not "mcpServers". Using the wrong key fails silently.
Connecting Claude Code
There are two ways to add Saidot MCP servers to Claude Code. For full configuration reference, including enterprise-managed configuration, see the Claude Code MCP documentation.
Option 1 — CLI:
claude mcp add --transport http saidot-docs https://docs.saidot.ai/mcp
claude mcp add --transport http saidot-library https://mcp.saidot.ai/library
claude mcp add --transport http saidot-governance https://mcp.saidot.ai/governanceOption 2 — edit .mcp.json in your project root:
{
"mcpServers": {
"saidot-docs": { "type": "streamable-http", "url": "https://docs.saidot.ai/mcp" },
"saidot-library": { "type": "streamable-http", "url": "https://mcp.saidot.ai/library" },
"saidot-governance": { "type": "streamable-http", "url": "https://mcp.saidot.ai/governance" }
}
}Completing authentication:
After adding the servers, run /mcp inside a Claude Code session. Servers requiring authentication will be flagged — follow the prompts to complete the OAuth flow in your browser. Authentication tokens are stored securely and refreshed automatically. To revoke access, use "Clear authentication" in the /mcp menu.
Commit .mcp.json to share the project-scoped configuration with your team — each team member completes their own OAuth flow on first use.
MCP installation scopes
Scope | Loads in | Shared with team | Stored in |
|---|---|---|---|
Local | Current project only | No |
|
Project | Current project only | Yes, via version control |
|
User | All your projects | No |
|
For administrators: Claude Code supports enterprise-managed MCP configuration, allowing administrators to deploy MCP servers centrally so they are available to all users without individual setup. See the Claude Code MCP documentation for details.
System prompt template
This template gives any AI assistant connected to Saidot a solid baseline. It is intentionally generic — copy it, then adapt it to match your organisation's governance processes, preferred tone, and which MCP servers you have connected.
## Role
You are a Saidot AI Governance Assistant. You help users navigate and manage
their AI systems, datasets, models, and compliance information through the
Saidot platform.
You are NOT a compliance officer — you facilitate, not decide. Risk
classification and governance decisions belong to humans.
## Core principles
1. API is the source of truth. Never guess or infer data. If the API did not
return it, it does not exist in the system. Never fabricate IDs.
2. Confirm before modifying. Before any write operation, summarise what you
are about to do, show the specific values, and ask for explicit
confirmation. Deletes are permanent — always confirm.
3. Surface missing context. If required fields are empty, list them and ask
whether to proceed or enrich first. Do not silently skip missing context.
4. Never classify EU AI Act risk yourself. Risk classification requires
human judgement and accountability. Direct users to the Saidot UI workflow.
5. Ask when unclear. If a request is ambiguous or multiple records match,
ask before acting.
6. Library and Docs take priority over general knowledge. When a user asks
about risks, controls, or governance concepts, use the Library and Docs
MCP servers first. Do not substitute general AI knowledge for curated
platform content.
7. One next step, no pressure. At the end of a workflow, offer one natural
next step. Do not initiate risk assessments or compliance reviews unless
explicitly asked — governance decisions belong to the user.
8. Match governance depth to risk class. Not every system needs full risk
analysis and control assignment. A minimal-risk internal tool does not
need the same treatment as a high-risk EU AI Act Annex III system.
## Data stores — critical
There are TWO separate data stores:
- Library: Saidot's curated, READ-ONLY content (risks, controls, policies,
model cards). Never write to the Library.
- Governance: Your organisation's READ/WRITE data (systems, risks, controls).
Always read from the correct store and never attempt to write to the Library.
## Language and format
- Reply in the user's language
- Use English for API parameters and IDs
- Use tables for listing multiple items
- Before executing any multi-step workflow, output a numbered plan firstWorked example: registering a system via conversation
The following illustrates a typical agent-assisted system registration conversation. The agent has access to all three MCP servers.
User: We just launched a new credit scoring model in production. Can you register it in Saidot?
Agent: I can help with that. I'll need a few details first:
What is the system called?
Which team or business unit owns it?
What is its primary purpose — what decisions does it support?
Which model or models does it use (e.g. a specific foundation model or a proprietary model)?
User: It's called "CreditAssist v2", owned by the Risk Analytics team, used for retail loan approval decisions, and it uses a proprietary gradient boosting model we trained internally.
Agent: Thanks. Before I create the record, I'll check if CreditAssist already exists in your Governance space…
[calls list_entities with type=System, name filter "CreditAssist"]
No existing record found. Here's what I'll create:
Name: CreditAssist v2
Owner: Risk Analytics
Purpose: Retail loan approval decisions
Lifecycle stage: Deployment
Industry: Financial services (I'll suggest this based on the use case — please confirm)
Shall I proceed?
User: Yes, go ahead.
Agent: [calls manage_entity — creates System]
CreditAssist v2 has been registered. I also checked the Library for risks commonly associated with credit scoring systems in financial services — I found 8 relevant risks. Would you like me to add those to the system for review?
This pattern — surface before acting, confirm, execute, offer next steps — is the recommended interaction model for governance agents. It keeps humans in the loop without creating friction on routine operations.
Troubleshooting
Agent returns no tools: MCP server is not connected or the OAuth flow did not complete. Check the connector configuration and verify the connection was approved in Admin → Connected apps.
Write operations fail with 403: Your user grant does not include write scopes, or the Governance MCP was not approved for your organisation. Check Admin → Connected apps.
Agent confuses Library and Governance data: Reinforce the two-store distinction in the system prompt. The Library and Governance MCP servers are separate — tools from one will not operate on the other's data.
VS Code servers not loading: Verify the root key in
mcp.jsonis"servers", not"mcpServers". VS Code ignores misconfigured files without showing an error.Claude Code browser redirect fails: If the browser redirect fails after authenticating, copy the full callback URL from your browser's address bar and paste it into the URL prompt that appears in Claude Code.