Model Context Protocol

Give your agent the context, not a login

Q: How many MCP tools does Ambiscribe expose?

Fifteen. They cover inventory and state (list machines, read full state, fleet summary, find machines by criteria, search software), change and history (change feed, field time-series, point-in-time snapshot, correlated changes), and posture and lifecycle (compliance status, identity conflicts, network topology, expiring certificates, outdated software, end-of-life operating systems).

Q: Is the agent's access scoped per client?

Yes. MCP access is authenticated with a scoped token and the tools honor the same per-client boundary engineers see in the dashboard. An agent pointed at one client queries that client's current and historical state and nothing else, which is what keeps it safe to run in a multi-tenant environment.

Ambiscribe ships an MCP server with fifteen tools that expose your documented fleet to any compatible AI agent. The agent queries live endpoint state and change history directly, scoped to one client, and reasons over what is true right now.

Request early access See change detection

In short

MCP (the Model Context Protocol) is an open standard for letting an AI agent call tools and read data from an external system. Ambiscribe uses it to hand an agent the live, structured record of your fleet, so it reasons over real configuration and change history instead of scraping a dashboard or working from a stale export. Ambiscribe is read-only and is not an RMM: it documents and answers, it does not act on endpoints.

mcp.ambiscribe.io

# agent investigates a slow-laptop ticket get_machine_state("MBP-DESIGN-7") disk_used_pct: 96 ram_gb: 16 get_changes(host="MBP-DESIGN-7", since_hours=120) disk_used_pct 78 → 96 (4d ago) startup_items +2 (4d ago) find_correlated_changes(since_hours=120) same startup item on 4 hosts

Watch the 13-second walkthrough →

The problem

An agent is only as good as the context it can reach

Point an AI agent at your IT environment and the first question is where it gets its facts. The usual answers are bad ones: scrape a dashboard built for human eyes, or paste an export into the prompt that was already stale by the time someone copied it.

Both leave the agent reasoning over a picture of the fleet, not the fleet. It misses what changed since the export, it can't pull a machine's exact state at a past moment, and it has no clean way to stay inside one client's data.

MCP closes that gap. The agent calls a tool, the tool reads the live record, and the answer is grounded in what the agent actually collected minutes ago.

The toolset

Fifteen tools, grouped by the question they answer

Every tool is read-only and honors the same per-client scope as the dashboard. Names below match the live MCP server.

Inventory & state

list_machines

List machines with OS, security posture, and health indicators. Filter by client, platform, or staleness.

get_machine_state

The full current configuration snapshot for one machine, field by field.

get_fleet_summary

An aggregate health and posture summary for the whole fleet or a single client.

find_machines_with

Find machines matching configuration criteria. All filters AND together.

search_software

Find every machine where a given application is installed, across a client or the fleet.

Change & time

get_changes

The configuration change feed, fleet-wide or per machine, filterable by field and time window.

get_machine_history

The time-series of one configuration field on one machine, newest first.

get_machine_snapshot

A machine's state as it was at a specific past timestamp, reconstructed from stored reports.

find_correlated_changes

Changes that landed on several machines inside one window, clustered instead of listed fifty times.

Posture & lifecycle

get_compliance_status

Evaluate machines against defined baseline rules and return pass, fail, or unknown per rule.

find_identity_conflicts

Hardware IDs or MAC addresses reported by more than one host, a sign of cloning or spoofing.

get_fleet_topology

Network topology: agents and discovered devices grouped by subnet.

find_expiring

The lifecycle rollup: expiring TLS certificates, stale accounts, and aging keys.

find_outdated_software

Software where at least one machine runs a version behind the known-current release.

find_eol_os

Machines on an end-of-life operating system or within 90 days of one.

In practice

What the agent can actually answer

The same questions an engineer would open five tabs to answer, the agent resolves in a few tool calls.

"Why is this laptop slow?"

Read current state, pull the last five days of changes, and correlate the new startup item against other hosts.

"Which machines run that app?"

Search software across a client and return the hosts and installed versions in one call.

"What changed before the outage?"

Snapshot the machine at the timestamp the incident started and diff it against now.

"Are we compliant for this client?"

Evaluate the client's baselines on demand and list every machine that fails a rule.

"What's expiring soon?"

Surface certificates near expiry, end-of-life operating systems, and stale accounts in one rollup.

"Did this change hit everyone?"

Cluster a change across the fleet to tell a one-off from a rollout gone wrong.

Why a tool layer beats scraping

The agent reads the record, not the screen

A dashboard is built for human eyes. An MCP tool returns structured data the agent can reason over directly, scoped and read-only.

	Scrape a dashboard / paste exports	Ambiscribe MCP
Freshness	As stale as the last copy	Live, on the five-minute loop
Structure	Parsed from HTML or text	Typed fields, built for tools
History	Whatever is on screen now	Full change feed + point-in-time
Tenant scope	Whatever the login can see	Token scoped per client
Can it act?	Depends on the login	No. Read-only by design

Connecting

Mint a token, point the client, done

The server speaks MCP over HTTP with token auth, so any MCP-compatible client connects with a standard config.

Mint a scoped token

In the dashboard, create an MCP access token. It carries the client scope, so the agent only ever sees that tenant's data.

Point your agent at the endpoint

Add the MCP endpoint to a client like Claude Code or Claude Desktop with the token. It's a few lines of standard MCP configuration.

Ask in plain language

The agent picks the right tools and reads the live record. You get answers grounded in real state, not a guess from a screenshot.

Questions

Common questions

What is MCP and why does IT documentation need it?

MCP, the Model Context Protocol, is an open standard that lets an AI agent call tools and read data from an external system. IT documentation needs it because the alternative is screen-scraping a dashboard or pasting stale exports into a prompt. With MCP the agent queries the live record directly, so it reasons over what is actually true on the fleet right now.

How many MCP tools does Ambiscribe expose?

Fifteen, in three groups: inventory and state, change and history, and posture and lifecycle. They range from listing and filtering machines to reading a machine's exact state at a past moment, evaluating compliance baselines, and surfacing expiring certificates and end-of-life operating systems.

Is the agent's access scoped per client?

Yes. MCP access is authenticated with a scoped token, and the tools honor the same per-client boundary engineers see in the dashboard. An agent pointed at one client queries that client's state and nothing else, which is what keeps it safe in a multi-tenant environment.

Can the agent change anything on my machines?

No. Every MCP tool is read-only. Ambiscribe documents and answers; it does not run commands, push patches, or take action on endpoints. That line is exactly what makes it safe to connect an autonomous agent.

Which AI agents can connect?

Any MCP-compatible agent. The server speaks MCP over HTTP with token auth, so clients like Claude Code and Claude Desktop connect with a standard MCP configuration once you mint a token in the dashboard.

Related: automated documentation is what fills the record the agent reads.

Running many fleets? See Ambiscribe for MSPs.

Hand your agent the live record

Put an agent on your fleet, mint a scoped MCP token, and let any compatible AI agent reason over real state.

Request early access