JSON:API v1.0 · HighBond · PRD Harmonization

The Diligent Projects API,
composed by an agent.

42+ tools across 10 categories. Introspect project schemas, sync subjects across project types, build risk-control matrices, detect cross-project duplicates, and orchestrate the full audit lifecycle — all from one agent conversation, through one protocol.

42+

MCP Tools

Every API endpoint wrapped

Three layers, one conversation.

The server is designed so an LLM can navigate it without memorizing tool names. A meta layer describes itself; a harmonization layer handles the complex PRD workflows; a primitive layer exposes every API endpoint.

Meta & control plane

Health check, session metrics, capability discovery, schema introspection, auto-pagination, reference cache warmup. The agent learns what it has before it guesses.

Harmonization layer

PRD-defined tools: schema detection, config discovery, subject sync, procedure sync, cross-project deduplication. The intelligence that makes Projects data canonical.

Primitive layer

Raw CRUD for projects, objectives, risks, controls, issues, frameworks, walkthroughs, tests, planning files, sign-offs, users, and platform config.

Rate-limited client

Token-bucket rate limiter (600 req/hr, 6 req/sec), exponential backoff retry, structured error classification, and per-call observability metrics.

Composite tools

Risk-control matrix, issue dashboard, project summary, control assessment status — multi-call composites that build complete views in one tool invocation.

Name resolution

Every tool accepts human-readable names or numeric IDs. Cached resolution with 5-minute TTL. Ambiguous matches return a disambiguation table.

What you can do

Capabilities overview.

Project Lifecycle

Create projects (Workplan or Internal Control workflow), set up planning, manage statuses, conclude with ratings, archive. 20,000 project limit per org.

Frameworks

Inspect and build Risk-Control Matrix templates. Frameworks are "abstract projects" — same schema, no instantiation data. Import sections into projects with linked sync.

Fieldwork

List and inspect objectives, risks, controls. View walkthroughs (design effectiveness) and tests (operating effectiveness). Track control performance schedules.

Issue Management

List issues by severity and project, view remediation details, get overdue dashboards. Severity breakdown and aging analysis in one composite call.

Schema Harmonization

PRD-defined: introspect all project type schemas, detect template vs ad hoc usage, sync all subjects, find duplicates with Levenshtein scoring.

Platform Admin

Users, groups, roles, workflows, organizational entities. Generic API escape hatch for uncovered endpoints (DELETE blocked).

Tool Reference

All tools.

Meta & Control Plane (6)

Tool	Description
projects_health_check	API connectivity, response time, session metrics
projects_get_session_metrics	Call counts, errors, retries, average duration
projects_reset_session_metrics	Reset counters for a new job
projects_list_capabilities	Tool inventory by category with descriptions
projects_warmup_reference_cache	Pre-fetch project types & workflows
projects_query_all	Auto-paginate any JSON:API resource collection

Projects (6)

Tool	Description
projects_list_projects	List all projects with status filter
projects_get_project	Full project details — accepts name or ID
projects_create_project	Create a new project MUTATES
projects_update_project	Update project fields (name, status, opinion, dates, tags) MUTATES
projects_list_project_types	Available project types with workflow info
projects_get_project_type	Project type detail with terminology config

Objectives (3)

Tool	Description
projects_list_objectives	Objectives (sections) within a project
projects_get_objective	Full objective detail with related entity IDs
projects_get_objective_detail	Objective + all nested risks, controls, narratives

Risks (3)

Tool	Description
projects_list_risks	All risks, optionally filtered by objective
projects_get_risk	Full risk detail with custom attributes & factors
projects_get_risk_heat_map	Impact x Likelihood matrix across project or all

Controls & Testing (8)

Tool	Description
projects_list_controls	All controls/procedures, optionally by objective
projects_get_control	Full control detail with UI link
projects_list_walkthroughs	Design effectiveness assessments
projects_get_walkthrough	Walkthrough detail
projects_list_control_tests	Operating effectiveness tests (filter by round)
projects_get_control_test	Control test detail
projects_list_questionnaire_responses	Control performance questionnaire responses
projects_get_control_assessment_status	Composite: control assessment status across a project

Frameworks & RCM (5)

Tool	Description
projects_list_frameworks	All framework templates
projects_get_framework	Framework detail — accepts name or ID
projects_list_framework_objectives	Objectives within a framework
projects_list_framework_planning_files	Planning files in a framework
projects_get_risk_control_matrix	Composite: full Objective-Risk-Control denormalized matrix

Issues (3)

Tool	Description
projects_list_issues	All issues with severity/project/type filter
projects_get_issue	Full issue with description, recommendation, remediation
projects_get_issue_dashboard	Composite: severity breakdown + overdue + status pipeline

Planning & Sign-offs (4)

Tool	Description
projects_get_planning	Project planning info (background, purpose, scope)
projects_list_planning_files	Planning files for a project
projects_get_planning_file	Planning file detail
projects_list_signoffs	Workpaper sign-off records

Platform (7)

Tool	Description
projects_list_users	All platform users
projects_list_groups	User groups
projects_list_roles	Platform roles
projects_list_workflows	Configured workflows
projects_list_entities	Organizational entities
projects_list_entity_categories	Entity categories
projects_api_raw	Generic JSON:API call — DELETE blocked ESCAPE HATCH

Harmonization — PRD (6)

Tool	Description
projects_schema_detection	Introspect all project type schemas, attribute defs, framework templates
projects_config_discovery	Template vs ad hoc analysis, schema consistency scoring
projects_subject_sync	Full/delta sync of all subjects across project types
projects_procedure_sync	Sync procedures + assessment results (walkthroughs, tests)
projects_find_duplicate_subjects	Cross-project deduplication with Levenshtein scoring
projects_get_project_summary	Composite: full project dashboard with counts and issue breakdown

Configuration

Environment variables.

VariableRequiredDescription

PROJECTS_BASE_URLYesAPI base URL (e.g. https://apis-us.diligentoneplatform.com)

PROJECTS_API_TOKENYesBearer token from Admin Hub > API Access Tokens

PROJECTS_ORG_IDYesOrganisation ID (numeric)

PROJECTS_LOG_FILENoPath for JSONL request log

Regional base URLs: US, Canada, Europe, Asia, Australia, Africa, Japan, South America

Constraints

Hard rules.

No DELETE

Soft-delete is destructive and irreversible via API. DELETE is hard-blocked in the client.

Rate Limits

600 req/hour, 6 req/sec. Token-bucket rate limiter enforced client-side with exponential backoff.

No Server Filter

Server-side filtering is NOT supported. All filtering is done client-side after fetching.

JSON:API v1.0

All requests use application/vnd.api+json content type. Cursor-based pagination via links.next.

Include Works

JSON:API sideloading is supported via ?include=resource_type. Returns data in included[].

RCM is 2D

The risk-control matrix is a many-to-many between exactly 2 domain objects. The relationship type is immutable per project type.

Quick start

Getting started.

1. Install via the one-liner above, or clone from GitHub

2. Set your environment variables (API token from Admin Hub > API Access Tokens)

3. Restart Claude Code: /mcp reset diligent-projects

4. Start with projects_health_check to verify connectivity

5. Run projects_list_capabilities to see all available tools

6. Use projects_warmup_reference_cache before bulk operations

The Diligent Projects API,composed by an agent.