Celestial Background
Back to Academy

Developer Guide

Set up the Omnitrex CLI, configure MCP servers for Claude Code, and access the platform API. Everything a developer needs to work with Omnitrex programmatically.

6 min read

API Keys

All programmatic access to Omnitrex uses API keys.
  • Log in to the dashboard at https://app.omnitrex.eu
  • Navigate to Settings > API Keys
  • Click Create API Key and copy the key immediately (it's shown only once)
    • API keys are passed as Authorization: Bearer headers. Scopes control what the key can do:
    • nodes:read / nodes:write — Read and modify nodes
    • links:read / links:write — Read and modify cross-domain links
    • status:write — Push status updates and change node statuses
    • audit:read — Read audit logs
    • users:read — Read user data

    Omnitrex CLI

    The CLI lets you push compliance updates like you push code — directly from your terminal.

    Installation

    ``bash npm install -g @omnitrex/cli `

    Authentication

    `bash

    Interactive (prompts for API key)

    omnitrex auth login

    Direct

    omnitrex auth login --key YOUR_API_KEY

    Local development (uses http://localhost:3001)

    omnitrex auth login --local     ` Verify your connection: `bash omnitrex auth status `

    Project Setup

    Link a project directory to a GRC node:     `bash cd your-project omnitrex init # Interactive node selection omnitrex link NODE_ID # Or link directly by ID ` This creates .omnitrexrc.json in your project root.

    Push Status Updates

    The core workflow — record compliance changes without leaving your terminal:     `bash omnitrex push "Deployed v2.1.0 with encryption at rest" omnitrex push "Completed quarterly access review" omnitrex push "Fixed CVE-2026-1234 in dependency X" `

    Node Management

    `bash omnitrex nodes list # List all nodes omnitrex nodes list --domain RISK # Filter by domain omnitrex nodes list --status LIVE # Filter by status omnitrex nodes get NODE_ID # Get node details omnitrex nodes create # Interactive node creation omnitrex nodes archive NODE_ID # Soft-delete `

    Search and Export

    `bash omnitrex search "payment processing" # Full-text search omnitrex export nodes --format csv # Export to CSV omnitrex export nodes -o nodes.json # Export to JSON file `

    Git Integration

    Automatically sync commit messages to your linked GRC node:     `bash omnitrex git-hook install # Install post-commit hook omnitrex sync # Sync last 10 commits omnitrex sync --since "1 week ago" # Sync recent commits `

    CI/CD Integration

    Generate pipeline configs for 10+ platforms:     `bash omnitrex github-action # GitHub Actions omnitrex gitlab-ci # GitLab CI omnitrex azure-pipeline # Azure DevOps omnitrex jenkinsfile # Jenkins `

    Notification Channels

    Route compliance events to your existing tools:     `bash omnitrex notify slack WEBHOOK_URL omnitrex notify teams WEBHOOK_URL omnitrex notify discord WEBHOOK_URL omnitrex notify test # Test all channels `

    MCP Servers

    Omnitrex provides three Model Context Protocol servers that give AI assistants like Claude direct access to your GRC data, email, and files.

    Server 1: mcp-omnitrex (61 tools)

    Direct read/write access to the Omnitrex platform — query nodes, manage links, generate reports, and run gap analysis. Setup:     `bash cd mcp-omnitrex npm install && npm run build ` Environment variables: | Variable | Required | Description | |----------|----------|-------------| | OMNITREX_API_URL | Yes | Platform API URL (e.g., https://api.omnitrex.eu) | | OMNITREX_API_KEY | Yes | API key from Settings > API Keys | Add to Claude Code: `bash claude mcp add omnitrex \ -e OMNITREX_API_URL=https://api.omnitrex.eu \ -e OMNITREX_API_KEY=YOUR_KEY \ -- node dist/index.js ` Verify: Ask Claude "Who am I on Omnitrex?"

    Server 2: mcp-ms365-mail (18 tools)

    Manage Outlook email and calendar with draft-before-send safety. Azure AD setup (one-time, ~5 minutes):
  • Go to entra.microsoft.com > App registrations > New registration
  • Name: MCP Outlook, Account types: Multitenant + personal
  • Add delegated permissions: User.Read, Mail.ReadWrite, Mail.Send
  • Enable Allow public client flows under Authentication > Advanced settings
    • Environment variables: | Variable | Required | Description | |----------|----------|-------------| |     MS365_CLIENT_ID | Yes | Azure app Application (client) ID | | MS365_TENANT_ID | Yes | Azure app Directory (tenant) ID | | MS365_INTERNAL_DOMAINS | No | Comma-separated internal domains | Add to Claude Code: `bash claude mcp add mcp-ms365-mail \ -e MS365_CLIENT_ID=YOUR_CLIENT_ID \ -e MS365_TENANT_ID=YOUR_TENANT_ID \ -- node dist/index.js ` First use: Claude will show a device code URL. Open it in a browser, paste the code, sign in, and accept permissions. Tokens are cached automatically.

    Server 3: mcp-ms365-files (13 tools)

    Manage OneDrive files and SharePoint document libraries. Azure AD setup: Same process as mcp-ms365-mail, but create a separate Azure app with these delegated permissions:     User.Read, Files.ReadWrite, Sites.ReadWrite.All. Important: Do not reuse the mail app — each server needs its own token cache and scopes. Environment variables: | Variable | Required | Description | |----------|----------|-------------| | MS365_CLIENT_ID | Yes | Azure app Application (client) ID | | MS365_TENANT_ID | Yes | Azure app Directory (tenant) ID | Add to Claude Code: `bash claude mcp add mcp-ms365-files \ -e MS365_CLIENT_ID=YOUR_CLIENT_ID \ -e MS365_TENANT_ID=YOUR_TENANT_ID \ -- node dist/index.js `

    Combined Claude Desktop Config

    `json { "mcpServers": { "omnitrex": { "command": "node", "args": ["path/to/mcp-omnitrex/dist/index.js"], "env": { "OMNITREX_API_URL": "https://api.omnitrex.eu", "OMNITREX_API_KEY": "omni_YOUR_KEY" } }, "mcp-ms365-mail": { "command": "node", "args": ["path/to/mcp-ms365-mail/dist/index.js"], "env": { "MS365_CLIENT_ID": "your-mail-client-id", "MS365_TENANT_ID": "your-tenant-id" } }, "mcp-ms365-files": { "command": "node", "args": ["path/to/mcp-ms365-files/dist/index.js"], "env": { "MS365_CLIENT_ID": "your-files-client-id", "MS365_TENANT_ID": "your-tenant-id" } } } } `

    Safety Features

    All three MCP servers include:
    • Audit logging — Every write operation logged to monthly-rotated JSONL files
    • No permanent deletes — Only archive/soft-delete operations available
    • Rate limiting — mcp-omnitrex enforces 10 writes per minute
    • Draft-before-send — mcp-ms365-mail requires explicit confirmation to send email

    REST API

    The backend exposes a full REST API at     {BACKEND_URL}/api. Key endpoints: ` GET /api/auth/me # Current user GET /api/nodes # List nodes (with domain, status, layer filters) POST /api/nodes # Create node GET /api/nodes/:id # Get node details PUT /api/nodes/:id # Update node DELETE /api/nodes/:id # Archive node POST /api/nodes/:id/status-updates # Push status update GET /api/links # List links POST /api/links # Create link GET /api/audit/:nodeId # Audit log GET /api/users # List users GET /api/health # Health check ` All endpoints require an Authorization: Bearer ` header.

    Next Steps

    • Platform Guide — Learn domains, nodes, and the Central Command Viewer
    • Integrations — Connect n8n, Microsoft 365, and AI workflows
    Contact UsBook a Demo