Skip to content

MCP Client

Salient is not only an MCP server — it is also an MCP client. It can connect to external MCP servers, discover their tools and resources, and pull data into the digital twin.

Two Ingestion Paths

Path 1: AI-Mediated (Sibling MCPs)

When Claude has access to both Salient and other MCP servers (Gmail, Notion, Calendar, Slack), Claude acts as the orchestrator. It reads data from external MCPs and writes it into Salient using the ingestion tools.

Claude ──reads──► Gmail MCP ──► security-relevant emails
   └──writes──► Salient MCP (ingest_from_mcp) ──► Digital Twin

This path works today. It requires no additional infrastructure — just configure multiple MCP servers in the same Claude session.

Sibling MCP Orchestration

Path 2: Direct Client

Salient's backend connects to external MCP servers directly via the standard MCP protocol. The backend discovers available tools and resources, pulls data on a schedule or on-demand, and feeds it through the ingestion pipeline.

Salient Backend ──stdio──► External MCP Server
       └──► Classify ──► Extract Facts ──► Index ──► Twin

Status

The direct client path is under active development. Path 1 (AI-mediated) is fully functional today.

Data Flow Into the Twin

Regardless of which path is used, all ingested data passes through the same pipeline:

  1. Classification — data is categorized (security event, policy document, org info, communication, etc.)
  2. Fact extraction — AI mines organizational facts from the content
  3. Contradiction detection — new facts are checked against existing twin knowledge
  4. Event creation — security-relevant data generates SecurityEvent records
  5. Indexing — content is chunked and embedded for semantic search
  6. Intelligence loop — the twin reindexes and recompiles

Supported External MCPs

Any MCP server that follows the standard protocol can feed data into Salient. Particularly useful sources:

MCP Server What It Provides
Gmail Security alert emails, vendor communications, incident threads
Google Calendar Scheduled drills, security reviews, vendor meetings
Notion IR plans, security policies, runbooks, meeting notes
Slack Security channel discussions, incident response threads
Postman API security configs, collection exports

Tracking Sources

Use list_mcp_sources to see what external MCPs have contributed to the twin:

{
  "sources": [
    {"mcp": "gmail", "facts": 12, "events": 3, "last_sync": "2025-04-08T14:30:00Z"},
    {"mcp": "notion", "facts": 28, "events": 0, "last_sync": "2025-04-07T09:15:00Z"}
  ]
}

MCP Tools Reference · Sibling Orchestration