Integrations

Overview

Omnitrex GRC integrates with external systems through three channels:

n8n Workflows — Visual workflow automation for scheduled tasks and event-driven processes

Microsoft 365 — Email, calendar, and file management via MCP servers

AI Workflows — Natural language GRC operations powered by Claude and MCP

n8n Workflow Automation

n8n is a self-hosted workflow automation platform. Omnitrex provides pre-built workflows that connect to the platform via MCP servers over HTTP.

Architecture


n8n (Docker)
  └── Code Node (JavaScript)
       └── HTTP request to MCP server (:9090)
            └── mcp-omnitrex → Omnitrex API



The MCP servers run as Streamable HTTP endpoints alongside n8n. Code nodes call MCP tools using standard HTTP with SSE response parsing.

Pre-Built Workflows

Omnitrex ships with 5 production-ready n8n workflows:

1. Daily Compliance Digest
Runs every morning at 07:00. Fetches all GRC data (risks, controls, tasks, proposals, orphan nodes), categorises items by deadline, and emails a formatted HTML digest. Sends an "all clear" email if nothing needs attention.

2. Escalation Workflow
Monitors overdue items and escalates to managers. Triggered when deadlines pass without resolution.

3. Control Reminder
Sends reminders for upcoming control tests. Configurable lead time (default: 7 days before due date).

4. GDPR 72-Hour Incident Alert
Monitors new incidents and alerts the DPO if a personal data breach is detected, ensuring the 72-hour GDPR notification window is met.

5. Monthly GRC Report
Generates a comprehensive PPTX report on the first of each month and emails it to stakeholders.

MCP-over-HTTP Pattern

n8n Code nodes communicate with MCP servers using this pattern:

javascript
const http = require('http');

function mcpFetch(port, tool, args) {
  return new Promise((resolve, reject) => {
    const body = JSON.stringify({
      jsonrpc: '2.0',
      id: 1,
      method: 'tools/call',
      params: { name: tool, arguments: args }
    });

    const req = http.request({
      hostname: 'host.docker.internal',
      port: port,
      path: '/mcp',
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Accept': 'application/json, text/event-stream',
        'Content-Length': Buffer.byteLength(body)
      }
    }, (res) => {
      let data = '';
      res.on('data', chunk => data += chunk);
      res.on('end', () => {
        // Parse SSE response
        const lines = data.split('\n');
        for (const line of lines) {
          if (line.startsWith('data:')) {
            const json = JSON.parse(line.slice(5).trim());
            if (json.result) resolve(json.result);
          }
        }
      });
    });

    req.on('error', reject);
    req.write(body);
    req.end();
  });
}

// Example: fetch all LIVE risks
const result = await mcpFetch(9090, 'list_nodes', {
  domainCode: 'RISK',
  status: 'LIVE'
});



Server Ports

| Port | Server | Purpose |
|------|--------|---------|
| 9090 | mcp-omnitrex | GRC platform data |
| 9091 | mcp-ms365-mail | Email and calendar |
| 9092 | mcp-ms365-files | OneDrive and SharePoint |

Docker Setup

The MCP servers run alongside n8n in Docker. Add them to your

docker-compose.yml

yaml
services:
  n8n:
    image: n8nio/n8n:2.10.3
    ports:
      - "5678:5678"
    environment:
      - NODE_FUNCTION_ALLOW_BUILTIN=*
    extra_hosts:
      - "host.docker.internal:host-gateway"

NODE_FUNCTION_ALLOW_BUILTIN=* is required because the n8n Task Runner sandbox blocks fetch and URL. Code nodes must use require('http')

 instead.



Microsoft 365 Integration

Email Automation

With mcp-ms365-mail connected, workflows can:

Send compliance digests — Automated morning emails with GRC status
Forward incident alerts — Route critical incidents to the DPO
Schedule reviews — Create calendar events for control testing
Attach reports — Generate PPTX/PDF reports and email them to stakeholders

File Management

With mcp-ms365-files connected, workflows can:

Upload reports to OneDrive — Auto-store generated reports in organised folders
Share via SharePoint — Upload compliance evidence to document libraries
Create sharing links — Generate view-only links for external auditors

End-to-End Example

A complete automated workflow:

n8n trigger fires on the 1st of each month
mcp-omnitrex generates a compliance PPTX report

mcp-ms365-files uploads the report to OneDrive (Reports/GRC/monthly-2026-03.pptx)


mcp-ms365-files creates a sharing link
mcp-ms365-mail emails the link to the compliance team



AI Workflows

GRC Prompts

Omnitrex includes pre-built AI workflow prompts accessible via the MCP server. These guide Claude through complex GRC tasks step by step.

Available prompts:

| Prompt | Category | Description |
|--------|----------|-------------|
|

portfolio-status-update

 | Portfolio | Generate status reports from task data |
|

risk-assessment

 | Risk | Assess and score risks with controls |
|

vendor-due-diligence

 | Vendor | Evaluate vendor risk and tier classification |
|

gap-to-tasks

 | Compliance | Convert gap analysis findings into actionable tasks |
|

incident-response

 | Incident | Guide through incident triage and response |
|

control-effectiveness

 | Control | Evaluate control testing results |
|

compliance-readiness

 | Compliance | Assess framework readiness (GDPR, DORA, NIS2) |
|

policy-review

 | Policy | Review and update policy documents |
|

audit-preparation

 | Audit | Prepare evidence packages for audits |
|

data-classification

 | Data | Classify data assets by sensitivity |

Using Prompts

From Claude Code with mcp-omnitrex connected:


Claude, run the risk-assessment prompt for our payment processing risks.



Claude will:

Read the prompt template from the platform
Fetch relevant risk and control nodes
Analyse coverage gaps
Generate a structured assessment with recommendations

Batch Proposals

For changes that need human approval, AI workflows create Proposals — batches of changes that are reviewed before execution.

Example flow:

Claude analyses gap analysis results
Creates a Proposal with 5 new TASK nodes
You review the Proposal in the dashboard
Click Approve to execute all changes atomically

This ensures AI suggestions always go through human review before modifying platform data.



API Webhooks

For custom integrations, use the Omnitrex CLI to set up outbound notifications:

bash
Slack
omnitrex notify slack https://hooks.slack.com/services/YOUR/WEBHOOK

Microsoft Teams
omnitrex notify teams https://outlook.office.com/webhook/YOUR/WEBHOOK

Generic webhook
omnitrex notify webhook add my-system https://api.example.com/webhook

Test all channels
omnitrex notify test

`` Notifications fire on status updates pushed via the CLI or API.

Next Steps

Getting Started — Deploy the platform with Docker Compose

Platform Guide — Learn domains, nodes, and the Central Command Viewer

Developer Guide — Set up CLI, MCP servers, and API access