Connect AI to Sysero.
Keep your documents secure in Sysero.
SyseroMCP is a stateless cloud relay that lets MCP-compatible AI clients work with your Sysero platform — document search, conflict checking, document assembly, reports, and workflow creation — without any document content ever leaving your Sysero environment.
Zero document storage
The relay is stateless. No document content, no search indexes, no bearer tokens, and no end-user data is ever persisted on the cloud.
Your identity, your permissions
Users sign in with your own identity provider via OAuth 2.1 and PKCE. Every tool call runs inside Sysero under that user’s own permissions.
No inbound firewall changes
The on-premises agent dials out to the relay on an outbound connection. Nothing needs to be opened up to the public internet at the firm.
How the connection works
A single, standards-based request path from your AI client to your own Sysero installation.
User signs in
The AI client walks the user through an OAuth 2.1 + PKCE flow against your enterprise identity provider.
Relay authenticates
Bearer tokens are validated on every request and the user is resolved to a tenant by their verified email domain.
Request forwarded
The relay forwards the operation over the persistent outbound channel the on-premises agent has already established.
Sysero executes locally
Your on-premises Sysero installation runs the operation under the user’s own permissions and streams the result back.
Everything your AI needs to be useful
Fifteen MCP tools covering search, conflicts, document assembly, reporting, workflow creation, and project management. Every tool is self-describing and scoped to the user’s own Sysero permissions.
sysero_ping
Health check across all connected on-premises installations.
sysero_search_documents
Full-text and semantic search of the document store.
sysero_get_document
Retrieve the full content and metadata for a document.
sysero_conflict_check
Run a Sysero conflict check against a party or company.
sysero_list_templates
List the document assembly templates available to the user.
sysero_get_template_fields
Return a template’s full field schema and a worked example.
sysero_fill_template
Assemble a Word or PDF document from a template and a payload.
sysero_list_reports
List Sysero reports the user is permitted to run.
sysero_run_report
Execute a report and return the Excel result via a one-time URL.
sysero_list_applications
List applications in which the user can start a workflow.
sysero_get_application_fields
Return an application’s field schema for item creation.
sysero_start_workflow
Create a new item in a Sysero application and start its workflow.
sysero_who_am_i
Identify the current user across all connected Sysero tenants.
sysero_list_projects
List Sysero projects (curated matter or item groups) the user can see.
sysero_get_project_content
Return the items inside a Sysero project, including attached file summaries.
Built for security review
SyseroMCP implements the MCP Authorization Specification (2025-11-25) in full, with data-handling guarantees designed for law firms and their security teams.
Standards implemented
- OAuth 2.1 with mandatory PKCE (S256) — implicit and hybrid flows are not supported
- RFC 8414 Authorization Server Metadata published at the standard well-known path
- RFC 9728 Protected Resource Metadata with zero-configuration discovery
- RFC 7591 Dynamic Client Registration for MCP clients that support it
- HTTPS-only endpoints with HSTS asserted in production
Data handling guarantees
- No document content, search results, or tokens are ever written to disk on the relay
- Transient document and report outputs expire after five minutes and never survive a restart
- Tenant shared secrets are encrypted at rest and compared in constant time
- Fail-closed authorisation — without identity provider config, every request is denied
- Rate limiting, brute-force protection, and log sanitisation applied on every public endpoint