# How to integrate 21risk MCP with Vercel AI SDK v6 ```json { "title": "How to integrate 21risk MCP with Vercel AI SDK v6", "toolkit": "21risk", "toolkit_slug": "_21risk", "framework": "Vercel AI SDK", "framework_slug": "ai-sdk", "url": "https://composio.dev/toolkits/_21risk/framework/ai-sdk", "markdown_url": "https://composio.dev/toolkits/_21risk/framework/ai-sdk.md", "updated_at": "2026-05-12T09:59:46.287Z" } ``` ## Introduction This guide walks you through connecting 21risk to Vercel AI SDK v6 using the Composio tool router. By the end, you'll have a working 21risk agent that can download audit reports for last quarter, list all sites with open compliance issues, fetch monthly risk data for top properties through natural language commands. This guide will help you understand how to give your Vercel AI SDK agent real control over a 21risk account through Composio's 21risk MCP server. Before we dive in, let's take a quick look at the key ideas and tools involved. ## Also integrate 21risk with - [OpenAI Agents SDK](https://composio.dev/toolkits/_21risk/framework/open-ai-agents-sdk) - [Claude Agent SDK](https://composio.dev/toolkits/_21risk/framework/claude-agents-sdk) - [Claude Code](https://composio.dev/toolkits/_21risk/framework/claude-code) - [Claude Cowork](https://composio.dev/toolkits/_21risk/framework/claude-cowork) - [Codex](https://composio.dev/toolkits/_21risk/framework/codex) - [OpenClaw](https://composio.dev/toolkits/_21risk/framework/openclaw) - [Hermes](https://composio.dev/toolkits/_21risk/framework/hermes-agent) - [CLI](https://composio.dev/toolkits/_21risk/framework/cli) - [Google ADK](https://composio.dev/toolkits/_21risk/framework/google-adk) - [LangChain](https://composio.dev/toolkits/_21risk/framework/langchain) - [Mastra AI](https://composio.dev/toolkits/_21risk/framework/mastra-ai) - [LlamaIndex](https://composio.dev/toolkits/_21risk/framework/llama-index) - [CrewAI](https://composio.dev/toolkits/_21risk/framework/crew-ai) ## TL;DR Here's what you'll learn: - How to set up and configure a Vercel AI SDK agent with 21risk integration - Using Composio's Tool Router to dynamically load and access 21risk tools - Creating an MCP client connection using HTTP transport - Building an interactive CLI chat interface with conversation history management - Handling tool calls and results within the Vercel AI SDK framework ## What is Vercel AI SDK? The Vercel AI SDK is a TypeScript library for building AI-powered applications. It provides tools for creating agents that can use external services and maintain conversation state. Key features include: - streamText: Core function for streaming responses with real-time tool support - MCP Client: Built-in support for Model Context Protocol via @ai-sdk/mcp - Step Counting: Control multi-step tool execution with stopWhen: stepCountIs() - OpenAI Provider: Native integration with OpenAI models ## What is the 21risk MCP server, and what's possible with it? The 21risk MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your 21risk account. It provides structured and secure access to your checklists, audits, compliance data, and risk models, so your agent can retrieve reports, analyze compliance status, and streamline audit management on your behalf. - Automated compliance insights and analytics: Instantly fetch compliance data for sites, categories, or specific questions to support analytics and reporting needs. - Audit report management: Retrieve draft, published, or scheduled audit reports, enabling your agent to monitor progress or summarize findings. - Risk model and category exploration: Let your agent list and filter available risk models and categories to assist with compliance checks and risk assessments. - Monthly item tracking and analysis: Query detailed fact tables of items per month for granular, time-based risk or compliance monitoring. - Site, organization, and property retrieval: Automatically list sites, organizations, and property details, helping you organize and cross-reference risk and compliance data efficiently. ## Supported Tools | Tool slug | Name | Description | |---|---|---| | `_21RISK_GET_COMPLIANCE` | Get Compliance | Tool to retrieve compliance data for sites, categories, or questions. Use when you need OData-based compliance data for analytics or reporting. | | `_21RISK_GET_ITEMS` | Get Items (BETA) | Tool to retrieve items (BETA) from the 21RISK OData API. Use when you need a filtered and paged list of items for analytics and reporting. Example: GET_ITEMS($filter="Item Cost gt 100", $top=50). | | `_21RISK_GET_ITEMS_PER_MONTH` | Get Items Per Month | Tool to retrieve fact table data for ItemsPerMonth, one row per question per site per month. Use when querying monthly item data with OData parameters ($filter, $top, $skip, $select, maxPageSizeInMb). | | `_21RISK_GET_ORGANIZATIONS` | Get Organizations | Tool to retrieve organizations from the 21RISK OData API. Use when you need to list, filter, or paginate organizations via OData parameters after authentication is confirmed. | | `_21RISK_GET_PROPERTIES` | Get Properties | Tool to fetch a list of properties related to sites, including COPE information and other relevant data. Use when you need property insurance details via OData API after authentication. | | `_21RISK_GET_REPORTS` | Get Reports | Tool to retrieve audit reports, including draft, published, and scheduled reports. Use when you need a paginated list of reports with optional OData filtering. | | `_21RISK_GET_RISKMODEL_CATEGORIES` | Get RiskModel Categories | Tool to retrieve risk model categories for grouping questions and compliance checks. Use when you need to filter, select, or paginate risk model categories via OData parameters ($filter, $select, $orderby, $top, $skip, $count). | | `_21RISK_GET_RISK_MODELS` | Get Risk Models | Tool to retrieve risk models used for audits and compliance. Use when you need to list available risk models with optional OData queries. | ## Supported Triggers None listed. ## Creating MCP Server - Stand-alone vs Composio SDK The 21risk MCP server is an implementation of the Model Context Protocol that connects your AI agent to 21risk. It provides structured and secure access so your agent can perform 21risk operations on your behalf through a secure, permission-based interface. With Composio's managed implementation, you don't have to create your own developer app. For production, if you're building an end product, we recommend using your own credentials. The managed server helps you prototype fast and go from 0-1 faster. ## Step-by-step Guide ### 1. Prerequisites Before you begin, make sure you have: - Node.js and npm installed - A Composio account with API key - An OpenAI API key ### 1. Getting API Keys for OpenAI and Composio OpenAI API Key - Go to the [OpenAI dashboard](https://platform.openai.com/settings/organization/api-keys) and create an API key. You'll need credits to use the models, or you can connect to another model provider. - Keep the API key safe. Composio API Key - Log in to the [Composio dashboard](https://dashboard.composio.dev?utm_source=toolkits&utm_medium=framework_docs). - Navigate to your API settings and generate a new API key. - Store this key securely as you'll need it for authentication. ### 2. Install required dependencies First, install the necessary packages for your project. What you're installing: - @ai-sdk/openai: Vercel AI SDK's OpenAI provider - @ai-sdk/mcp: MCP client for Vercel AI SDK - @composio/core: Composio SDK for tool integration - ai: Core Vercel AI SDK - dotenv: Environment variable management ```bash npm install @ai-sdk/openai @ai-sdk/mcp @composio/core ai dotenv ``` ### 3. Set up environment variables Create a .env file in your project root. What's needed: - OPENAI_API_KEY: Your OpenAI API key for GPT model access - COMPOSIO_API_KEY: Your Composio API key for tool access - COMPOSIO_USER_ID: A unique identifier for the user session ```bash OPENAI_API_KEY=your_openai_api_key_here COMPOSIO_API_KEY=your_composio_api_key_here COMPOSIO_USER_ID=your_user_id_here ``` ### 4. Import required modules and validate environment What's happening: - We're importing all necessary libraries including Vercel AI SDK's OpenAI provider and Composio - The dotenv/config import automatically loads environment variables - The MCP client import enables connection to Composio's tool server ```typescript import "dotenv/config"; import { openai } from "@ai-sdk/openai"; import { Composio } from "@composio/core"; import * as readline from "readline"; import { streamText, type ModelMessage, stepCountIs } from "ai"; import { createMCPClient } from "@ai-sdk/mcp"; const composioAPIKey = process.env.COMPOSIO_API_KEY; const composioUserID = process.env.COMPOSIO_USER_ID; if (!process.env.OPENAI_API_KEY) throw new Error("OPENAI_API_KEY is not set"); if (!composioAPIKey) throw new Error("COMPOSIO_API_KEY is not set"); if (!composioUserID) throw new Error("COMPOSIO_USER_ID is not set"); const composio = new Composio({ apiKey: composioAPIKey, }); ``` ### 5. Create Tool Router session and initialize MCP client What's happening: - We're creating a Tool Router session that gives your agent access to 21risk tools - The create method takes the user ID and specifies which toolkits should be available - The returned mcp object contains the URL and authentication headers needed to connect to the MCP server - This session provides access to all 21risk-related tools through the MCP protocol ```typescript async function main() { // Create a tool router session for the user const session = await composio.create(composioUserID!, { toolkits: ["_21risk"], }); const mcpUrl = session.mcp.url; ``` ### 6. Connect to MCP server and retrieve tools What's happening: - We're creating an MCP client that connects to our Composio Tool Router session via HTTP - The mcp.url provides the endpoint, and mcp.headers contains authentication credentials - The type: "http" is important - Composio requires HTTP transport - tools() retrieves all available 21risk tools that the agent can use ```typescript const mcpClient = await createMCPClient({ transport: { type: "http", url: mcpUrl, headers: session.mcp.headers, // Authentication headers for the Composio MCP server }, }); const tools = await mcpClient.tools(); ``` ### 7. Initialize conversation and CLI interface What's happening: - We initialize an empty messages array to maintain conversation history - A readline interface is created to accept user input from the command line - Instructions are displayed to guide the user on how to interact with the agent ```typescript let messages: ModelMessage[] = []; console.log("Chat started! Type 'exit' or 'quit' to end the conversation.\n"); console.log( "Ask any questions related to _21risk, like summarize my last 5 emails, send an email, etc... :)))\n", ); const rl = readline.createInterface({ input: process.stdin, output: process.stdout, prompt: "> ", }); rl.prompt(); ``` ### 8. Handle user input and stream responses with real-time tool feedback What's happening: - We use streamText instead of generateText to stream responses in real-time - toolChoice: "auto" allows the model to decide when to use 21risk tools - stopWhen: stepCountIs(10) allows up to 10 steps for complex multi-tool operations - onStepFinish callback displays which tools are being used in real-time - We iterate through the text stream to create a typewriter effect as the agent responds - The complete response is added to conversation history to maintain context - Errors are caught and displayed with helpful retry suggestions ```typescript rl.on("line", async (userInput: string) => { const trimmedInput = userInput.trim(); if (["exit", "quit", "bye"].includes(trimmedInput.toLowerCase())) { console.log("\nGoodbye!"); rl.close(); process.exit(0); } if (!trimmedInput) { rl.prompt(); return; } messages.push({ role: "user", content: trimmedInput }); console.log("\nAgent is thinking...\n"); try { const stream = streamText({ model: openai("gpt-5"), messages, tools, toolChoice: "auto", stopWhen: stepCountIs(10), onStepFinish: (step) => { for (const toolCall of step.toolCalls) { console.log(`[Using tool: ${toolCall.toolName}]`); } if (step.toolCalls.length > 0) { console.log(""); // Add space after tool calls } }, }); for await (const chunk of stream.textStream) { process.stdout.write(chunk); } console.log("\n\n---\n"); // Get final result for message history const response = await stream.response; if (response?.messages?.length) { messages.push(...response.messages); } } catch (error) { console.error("\nAn error occurred while talking to the agent:"); console.error(error); console.log( "\nYou can try again or restart the app if it keeps happening.\n", ); } finally { rl.prompt(); } }); rl.on("close", async () => { await mcpClient.close(); console.log("\n👋 Session ended."); process.exit(0); }); } main().catch((err) => { console.error("Fatal error:", err); process.exit(1); }); ``` ## Complete Code ```typescript import "dotenv/config"; import { openai } from "@ai-sdk/openai"; import { Composio } from "@composio/core"; import * as readline from "readline"; import { streamText, type ModelMessage, stepCountIs } from "ai"; import { createMCPClient } from "@ai-sdk/mcp"; const composioAPIKey = process.env.COMPOSIO_API_KEY; const composioUserID = process.env.COMPOSIO_USER_ID; if (!process.env.OPENAI_API_KEY) throw new Error("OPENAI_API_KEY is not set"); if (!composioAPIKey) throw new Error("COMPOSIO_API_KEY is not set"); if (!composioUserID) throw new Error("COMPOSIO_USER_ID is not set"); const composio = new Composio({ apiKey: composioAPIKey, }); async function main() { // Create a tool router session for the user const session = await composio.create(composioUserID!, { toolkits: ["_21risk"], }); const mcpUrl = session.mcp.url; const mcpClient = await createMCPClient({ transport: { type: "http", url: mcpUrl, headers: session.mcp.headers, // Authentication headers for the Composio MCP server }, }); const tools = await mcpClient.tools(); let messages: ModelMessage[] = []; console.log("Chat started! Type 'exit' or 'quit' to end the conversation.\n"); console.log( "Ask any questions related to _21risk, like summarize my last 5 emails, send an email, etc... :)))\n", ); const rl = readline.createInterface({ input: process.stdin, output: process.stdout, prompt: "> ", }); rl.prompt(); rl.on("line", async (userInput: string) => { const trimmedInput = userInput.trim(); if (["exit", "quit", "bye"].includes(trimmedInput.toLowerCase())) { console.log("\nGoodbye!"); rl.close(); process.exit(0); } if (!trimmedInput) { rl.prompt(); return; } messages.push({ role: "user", content: trimmedInput }); console.log("\nAgent is thinking...\n"); try { const stream = streamText({ model: openai("gpt-5"), messages, tools, toolChoice: "auto", stopWhen: stepCountIs(10), onStepFinish: (step) => { for (const toolCall of step.toolCalls) { console.log(`[Using tool: ${toolCall.toolName}]`); } if (step.toolCalls.length > 0) { console.log(""); // Add space after tool calls } }, }); for await (const chunk of stream.textStream) { process.stdout.write(chunk); } console.log("\n\n---\n"); // Get final result for message history const response = await stream.response; if (response?.messages?.length) { messages.push(...response.messages); } } catch (error) { console.error("\nAn error occurred while talking to the agent:"); console.error(error); console.log( "\nYou can try again or restart the app if it keeps happening.\n", ); } finally { rl.prompt(); } }); rl.on("close", async () => { await mcpClient.close(); console.log("\n👋 Session ended."); process.exit(0); }); } main().catch((err) => { console.error("Fatal error:", err); process.exit(1); }); ``` ## Conclusion You've successfully built a 21risk agent using the Vercel AI SDK with streaming capabilities! This implementation provides a powerful foundation for building AI applications with natural language interfaces and real-time feedback. Key features of this implementation: - Real-time streaming responses for a better user experience with typewriter effect - Live tool execution feedback showing which tools are being used as the agent works - Dynamic tool loading through Composio's Tool Router with secure authentication - Multi-step tool execution with configurable step limits (up to 10 steps) - Comprehensive error handling for robust agent execution - Conversation history maintenance for context-aware responses You can extend this further by adding custom error handling, implementing specific business logic, or integrating additional Composio toolkits to create multi-app workflows. ## How to build 21risk MCP Agent with another framework - [OpenAI Agents SDK](https://composio.dev/toolkits/_21risk/framework/open-ai-agents-sdk) - [Claude Agent SDK](https://composio.dev/toolkits/_21risk/framework/claude-agents-sdk) - [Claude Code](https://composio.dev/toolkits/_21risk/framework/claude-code) - [Claude Cowork](https://composio.dev/toolkits/_21risk/framework/claude-cowork) - [Codex](https://composio.dev/toolkits/_21risk/framework/codex) - [OpenClaw](https://composio.dev/toolkits/_21risk/framework/openclaw) - [Hermes](https://composio.dev/toolkits/_21risk/framework/hermes-agent) - [CLI](https://composio.dev/toolkits/_21risk/framework/cli) - [Google ADK](https://composio.dev/toolkits/_21risk/framework/google-adk) - [LangChain](https://composio.dev/toolkits/_21risk/framework/langchain) - [Mastra AI](https://composio.dev/toolkits/_21risk/framework/mastra-ai) - [LlamaIndex](https://composio.dev/toolkits/_21risk/framework/llama-index) - [CrewAI](https://composio.dev/toolkits/_21risk/framework/crew-ai) ## Related Toolkits - [Excel](https://composio.dev/toolkits/excel) - Microsoft Excel is a robust spreadsheet application for organizing, analyzing, and visualizing data. It's the go-to tool for calculations, reporting, and flexible data management. - [Abstract](https://composio.dev/toolkits/abstract) - Abstract provides a suite of APIs for automating data validation and enrichment tasks. It helps developers streamline workflows and ensure data quality with minimal effort. - [Addressfinder](https://composio.dev/toolkits/addressfinder) - Addressfinder is a data quality platform for verifying addresses, emails, and phone numbers. It helps you ensure accurate customer and contact data every time. - [Agentql](https://composio.dev/toolkits/agentql) - Agentql is a toolkit that connects AI agents to the web using a specialized query language. It enables structured web interaction and data extraction for smarter automations. - [Agenty](https://composio.dev/toolkits/agenty) - Agenty is a web scraping and automation platform for extracting data and automating browser tasks—no coding needed. It streamlines data collection, monitoring, and repetitive online actions. - [Ambee](https://composio.dev/toolkits/ambee) - Ambee is an environmental data platform providing real-time, hyperlocal APIs for air quality, weather, and pollen. Get precise environmental insights to power smarter decisions in your apps and workflows. - [Ambient weather](https://composio.dev/toolkits/ambient_weather) - Ambient Weather is a platform for personal weather stations with a robust API for accessing local, real-time, and historical weather data. Get detailed environmental insights directly from your own sensors for smarter apps and automations. - [Anonyflow](https://composio.dev/toolkits/anonyflow) - Anonyflow is a service for encryption-based data anonymization and secure data sharing. It helps organizations meet GDPR, CCPA, and HIPAA data privacy compliance requirements. - [Api ninjas](https://composio.dev/toolkits/api_ninjas) - Api ninjas offers 120+ public APIs spanning categories like weather, finance, sports, and more. Developers use it to supercharge apps with real-time data and actionable endpoints. - [Api sports](https://composio.dev/toolkits/api_sports) - Api sports is a comprehensive sports data platform covering 2,000+ competitions with live scores and 15+ years of stats. Instantly access up-to-date sports information for analysis, apps, or chatbots. - [Apify](https://composio.dev/toolkits/apify) - Apify is a cloud platform for building, deploying, and managing web scraping and automation tools called Actors. It lets you automate data extraction and workflow tasks at scale—no infrastructure headaches. - [Autom](https://composio.dev/toolkits/autom) - Autom is a lightning-fast search engine results data platform for Google, Bing, and Brave. Developers use it to access fresh, low-latency SERP data on demand. - [Beaconchain](https://composio.dev/toolkits/beaconchain) - Beaconchain is a real-time analytics platform for Ethereum 2.0's Beacon Chain. It provides detailed insights into validators, blocks, and overall network performance. - [Big data cloud](https://composio.dev/toolkits/big_data_cloud) - BigDataCloud provides APIs for geolocation, reverse geocoding, and address validation. Instantly access reliable location intelligence to enhance your applications and workflows. - [Bigpicture io](https://composio.dev/toolkits/bigpicture_io) - BigPicture.io offers APIs for accessing detailed company and profile data. Instantly enrich your applications with up-to-date insights on 20M+ businesses. - [Bitquery](https://composio.dev/toolkits/bitquery) - Bitquery is a blockchain data platform offering indexed, real-time, and historical data from 40+ blockchains via GraphQL APIs. Get unified, reliable access to complex on-chain data for analytics, trading, and research. - [Brightdata](https://composio.dev/toolkits/brightdata) - Brightdata is a leading web data platform offering advanced scraping, SERP APIs, and anti-bot tools. It lets you collect public web data at scale, bypassing blocks and friction. - [Builtwith](https://composio.dev/toolkits/builtwith) - BuiltWith is a web technology profiler that uncovers the technologies powering any website. Gain actionable insights into analytics, hosting, and content management stacks for smarter research and lead generation. - [Byteforms](https://composio.dev/toolkits/byteforms) - Byteforms is an all-in-one platform for creating forms, managing submissions, and integrating data. It streamlines workflows by centralizing form data collection and automation. - [Cabinpanda](https://composio.dev/toolkits/cabinpanda) - Cabinpanda is a data collection platform for building and managing online forms. It helps streamline how you gather, organize, and analyze responses. ## Frequently Asked Questions ### What are the differences in Tool Router MCP and 21risk MCP? With a standalone 21risk MCP server, the agents and LLMs can only access a fixed set of 21risk tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from 21risk and many other apps based on the task at hand, all through a single MCP endpoint. ### Can I use Tool Router MCP with Vercel AI SDK v6? Yes, you can. Vercel AI SDK v6 fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right 21risk tools. ### Can I manage the permissions and scopes for 21risk while using Tool Router? Yes, absolutely. You can configure which 21risk scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do. ### How safe is my data with Composio Tool Router? All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your 21risk data and credentials are handled as safely as possible. --- [See all toolkits](https://composio.dev/toolkits) · [Composio docs](https://docs.composio.dev/llms.txt)