# How to integrate 21risk MCP with LangChain ```json { "title": "How to integrate 21risk MCP with LangChain", "toolkit": "21risk", "toolkit_slug": "_21risk", "framework": "LangChain", "framework_slug": "langchain", "url": "https://composio.dev/toolkits/_21risk/framework/langchain", "markdown_url": "https://composio.dev/toolkits/_21risk/framework/langchain.md", "updated_at": "2026-05-12T09:59:46.287Z" } ``` ## Introduction This guide walks you through connecting 21risk to LangChain using the Composio tool router. By the end, you'll have a working 21risk agent that can download audit reports for last quarter, list all sites with open compliance issues, fetch monthly risk data for top properties through natural language commands. This guide will help you understand how to give your LangChain agent real control over a 21risk account through Composio's 21risk MCP server. Before we dive in, let's take a quick look at the key ideas and tools involved. ## Also integrate 21risk with - [OpenAI Agents SDK](https://composio.dev/toolkits/_21risk/framework/open-ai-agents-sdk) - [Claude Agent SDK](https://composio.dev/toolkits/_21risk/framework/claude-agents-sdk) - [Claude Code](https://composio.dev/toolkits/_21risk/framework/claude-code) - [Claude Cowork](https://composio.dev/toolkits/_21risk/framework/claude-cowork) - [Codex](https://composio.dev/toolkits/_21risk/framework/codex) - [OpenClaw](https://composio.dev/toolkits/_21risk/framework/openclaw) - [Hermes](https://composio.dev/toolkits/_21risk/framework/hermes-agent) - [CLI](https://composio.dev/toolkits/_21risk/framework/cli) - [Google ADK](https://composio.dev/toolkits/_21risk/framework/google-adk) - [Vercel AI SDK](https://composio.dev/toolkits/_21risk/framework/ai-sdk) - [Mastra AI](https://composio.dev/toolkits/_21risk/framework/mastra-ai) - [LlamaIndex](https://composio.dev/toolkits/_21risk/framework/llama-index) - [CrewAI](https://composio.dev/toolkits/_21risk/framework/crew-ai) ## TL;DR Here's what you'll learn: - Get and set up your OpenAI and Composio API keys - Connect your 21risk project to Composio - Create a Tool Router MCP session for 21risk - Initialize an MCP client and retrieve 21risk tools - Build a LangChain agent that can interact with 21risk - Set up an interactive chat interface for testing ## What is LangChain? LangChain is a framework for developing applications powered by language models. It provides tools and abstractions for building agents that can reason, use tools, and maintain conversation context. Key features include: - Agent Framework: Build agents that can use tools and make decisions - MCP Integration: Connect to external services through Model Context Protocol adapters - Memory Management: Maintain conversation history across interactions - Multi-Provider Support: Works with OpenAI, Anthropic, and other LLM providers ## What is the 21risk MCP server, and what's possible with it? The 21risk MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your 21risk account. It provides structured and secure access to your checklists, audits, compliance data, and risk models, so your agent can retrieve reports, analyze compliance status, and streamline audit management on your behalf. - Automated compliance insights and analytics: Instantly fetch compliance data for sites, categories, or specific questions to support analytics and reporting needs. - Audit report management: Retrieve draft, published, or scheduled audit reports, enabling your agent to monitor progress or summarize findings. - Risk model and category exploration: Let your agent list and filter available risk models and categories to assist with compliance checks and risk assessments. - Monthly item tracking and analysis: Query detailed fact tables of items per month for granular, time-based risk or compliance monitoring. - Site, organization, and property retrieval: Automatically list sites, organizations, and property details, helping you organize and cross-reference risk and compliance data efficiently. ## Supported Tools | Tool slug | Name | Description | |---|---|---| | `_21RISK_GET_COMPLIANCE` | Get Compliance | Tool to retrieve compliance data for sites, categories, or questions. Use when you need OData-based compliance data for analytics or reporting. | | `_21RISK_GET_ITEMS` | Get Items (BETA) | Tool to retrieve items (BETA) from the 21RISK OData API. Use when you need a filtered and paged list of items for analytics and reporting. Example: GET_ITEMS($filter="Item Cost gt 100", $top=50). | | `_21RISK_GET_ITEMS_PER_MONTH` | Get Items Per Month | Tool to retrieve fact table data for ItemsPerMonth, one row per question per site per month. Use when querying monthly item data with OData parameters ($filter, $top, $skip, $select, maxPageSizeInMb). | | `_21RISK_GET_ORGANIZATIONS` | Get Organizations | Tool to retrieve organizations from the 21RISK OData API. Use when you need to list, filter, or paginate organizations via OData parameters after authentication is confirmed. | | `_21RISK_GET_PROPERTIES` | Get Properties | Tool to fetch a list of properties related to sites, including COPE information and other relevant data. Use when you need property insurance details via OData API after authentication. | | `_21RISK_GET_REPORTS` | Get Reports | Tool to retrieve audit reports, including draft, published, and scheduled reports. Use when you need a paginated list of reports with optional OData filtering. | | `_21RISK_GET_RISKMODEL_CATEGORIES` | Get RiskModel Categories | Tool to retrieve risk model categories for grouping questions and compliance checks. Use when you need to filter, select, or paginate risk model categories via OData parameters ($filter, $select, $orderby, $top, $skip, $count). | | `_21RISK_GET_RISK_MODELS` | Get Risk Models | Tool to retrieve risk models used for audits and compliance. Use when you need to list available risk models with optional OData queries. | ## Supported Triggers None listed. ## Creating MCP Server - Stand-alone vs Composio SDK The 21risk MCP server is an implementation of the Model Context Protocol that connects your AI agent to 21risk. It provides structured and secure access so your agent can perform 21risk operations on your behalf through a secure, permission-based interface. With Composio's managed implementation, you don't have to create your own developer app. For production, if you're building an end product, we recommend using your own credentials. The managed server helps you prototype fast and go from 0-1 faster. ## Step-by-step Guide ### 1. Prerequisites No description provided. ### 1. Getting API Keys for OpenAI and Composio OpenAI API Key - Go to the [OpenAI dashboard](https://platform.openai.com/settings/organization/api-keys) and create an API key. You'll need credits to use the models, or you can connect to another model provider. - Keep the API key safe. Composio API Key - Log in to the [Composio dashboard](https://dashboard.composio.dev?utm_source=toolkits&utm_medium=framework_docs). - Navigate to your API settings and generate a new API key. - Store this key securely as you'll need it for authentication. ### 2. Install dependencies No description provided. ```python pip install composio-langchain langchain-mcp-adapters langchain python-dotenv ``` ```typescript npm install @composio/langchain @langchain/core @langchain/openai @langchain/mcp-adapters dotenv ``` ### 3. Set up environment variables Create a .env file in your project root. What's happening: - COMPOSIO_API_KEY authenticates your requests to Composio's API - COMPOSIO_USER_ID identifies the user for session management - OPENAI_API_KEY enables access to OpenAI's language models ```bash COMPOSIO_API_KEY=your_composio_api_key_here COMPOSIO_USER_ID=your_composio_user_id_here OPENAI_API_KEY=your_openai_api_key_here ``` ### 4. Import dependencies No description provided. ```python from langchain_mcp_adapters.client import MultiServerMCPClient from langchain.agents import create_agent from dotenv import load_dotenv from composio import Composio import asyncio import os load_dotenv() ``` ```typescript import { Composio } from '@composio/core'; import { LangchainProvider } from '@composio/langchain'; import { MultiServerMCPClient } from "@langchain/mcp-adapters"; import { createAgent } from "langchain"; import * as readline from 'readline'; import 'dotenv/config'; dotenv.config(); ``` ### 5. Initialize Composio client What's happening: - We're loading the COMPOSIO_API_KEY from environment variables and validating it exists - Creating a Composio instance that will manage our connection to 21risk tools - Validating that COMPOSIO_USER_ID is also set before proceeding ```python async def main(): composio = Composio(api_key=os.getenv("COMPOSIO_API_KEY")) if not os.getenv("COMPOSIO_API_KEY"): raise ValueError("COMPOSIO_API_KEY is not set") if not os.getenv("COMPOSIO_USER_ID"): raise ValueError("COMPOSIO_USER_ID is not set") ``` ```typescript const composioApiKey = process.env.COMPOSIO_API_KEY; const userId = process.env.COMPOSIO_USER_ID; if (!composioApiKey) throw new Error('COMPOSIO_API_KEY is not set'); if (!userId) throw new Error('COMPOSIO_USER_ID is not set'); async function main() { const composio = new Composio({ apiKey: composioApiKey as string, provider: new LangchainProvider() }); ``` ### 6. Create a Tool Router session What's happening: - We're creating a Tool Router session that gives your agent access to 21risk tools - The create method takes the user ID and specifies which toolkits should be available - The returned session.mcp.url is the MCP server URL that your agent will use - This approach allows the agent to dynamically load and use 21risk tools as needed ```python # Create Tool Router session for 21risk session = composio.create( user_id=os.getenv("COMPOSIO_USER_ID"), toolkits=['_21risk'] ) url = session.mcp.url ``` ```typescript const session = await composio.create( userId as string, { toolkits: ['_21risk'] } ); const url = session.mcp.url; ``` ### 7. Configure the agent with the MCP URL No description provided. ```python client = MultiServerMCPClient({ "_21risk-agent": { "transport": "streamable_http", "url": session.mcp.url, "headers": { "x-api-key": os.getenv("COMPOSIO_API_KEY") } } }) tools = await client.get_tools() agent = create_agent("gpt-5", tools) ``` ```typescript const client = new MultiServerMCPClient({ "_21risk-agent": { transport: "http", url: url, headers: { "x-api-key": process.env.COMPOSIO_API_KEY } } }); const tools = await client.getTools(); const agent = createAgent({ model: "gpt-5", tools }); ``` ### 8. Set up interactive chat interface No description provided. ```python conversation_history = [] print("Chat started! Type 'exit' or 'quit' to end the conversation.\n") print("Ask any 21risk related question or task to the agent.\n") while True: user_input = input("You: ").strip() if user_input.lower() in ['exit', 'quit', 'bye']: print("\nGoodbye!") break if not user_input: continue conversation_history.append({"role": "user", "content": user_input}) print("\nAgent is thinking...\n") response = await agent.ainvoke({"messages": conversation_history}) conversation_history = response['messages'] final_response = response['messages'][-1].content print(f"Agent: {final_response}\n") ``` ```typescript let conversationHistory: any[] = []; console.log("Chat started! Type 'exit' or 'quit' to end the conversation.\n"); console.log("Ask any 21risk related question or task to the agent.\n"); const rl = readline.createInterface({ input: process.stdin, output: process.stdout, prompt: 'You: ' }); rl.prompt(); rl.on('line', async (userInput: string) => { const trimmedInput = userInput.trim(); if (['exit', 'quit', 'bye'].includes(trimmedInput.toLowerCase())) { console.log("\nGoodbye!"); rl.close(); process.exit(0); } if (!trimmedInput) { rl.prompt(); return; } conversationHistory.push({ role: "user", content: trimmedInput }); console.log("\nAgent is thinking...\n"); const response = await agent.invoke({ messages: conversationHistory }); conversationHistory = response.messages; const finalResponse = response.messages[response.messages.length - 1]?.content; console.log(`Agent: ${finalResponse}\n`); rl.prompt(); }); rl.on('close', () => { console.log('\n👋 Session ended.'); process.exit(0); }); ``` ### 9. Run the application No description provided. ```python if __name__ == "__main__": asyncio.run(main()) ``` ```typescript main().catch((err) => { console.error('Fatal error:', err); process.exit(1); }); ``` ## Complete Code ```python from langchain_mcp_adapters.client import MultiServerMCPClient from langchain.agents import create_agent from dotenv import load_dotenv from composio import Composio import asyncio import os load_dotenv() async def main(): composio = Composio(api_key=os.getenv("COMPOSIO_API_KEY")) if not os.getenv("COMPOSIO_API_KEY"): raise ValueError("COMPOSIO_API_KEY is not set") if not os.getenv("COMPOSIO_USER_ID"): raise ValueError("COMPOSIO_USER_ID is not set") session = composio.create( user_id=os.getenv("COMPOSIO_USER_ID"), toolkits=['_21risk'] ) url = session.mcp.url client = MultiServerMCPClient({ "_21risk-agent": { "transport": "streamable_http", "url": url, "headers": { "x-api-key": os.getenv("COMPOSIO_API_KEY") } } }) tools = await client.get_tools() agent = create_agent("gpt-5", tools) conversation_history = [] print("Chat started! Type 'exit' or 'quit' to end the conversation.\n") print("Ask any 21risk related question or task to the agent.\n") while True: user_input = input("You: ").strip() if user_input.lower() in ['exit', 'quit', 'bye']: print("\nGoodbye!") break if not user_input: continue conversation_history.append({"role": "user", "content": user_input}) print("\nAgent is thinking...\n") response = await agent.ainvoke({"messages": conversation_history}) conversation_history = response['messages'] final_response = response['messages'][-1].content print(f"Agent: {final_response}\n") if __name__ == "__main__": asyncio.run(main()) ``` ```typescript import { Composio } from '@composio/core'; import { LangchainProvider } from '@composio/langchain'; import { MultiServerMCPClient } from "@langchain/mcp-adapters"; import { createAgent } from "langchain"; import * as readline from 'readline'; import 'dotenv/config'; const composioApiKey = process.env.COMPOSIO_API_KEY; const userId = process.env.COMPOSIO_USER_ID; if (!composioApiKey) throw new Error('COMPOSIO_API_KEY is not set'); if (!userId) throw new Error('COMPOSIO_USER_ID is not set'); async function main() { const composio = new Composio({ apiKey: composioApiKey as string, provider: new LangchainProvider() }); const session = await composio.create( userId as string, { toolkits: ['_21risk'] } ); const url = session.mcp.url; const client = new MultiServerMCPClient({ "_21risk-agent": { transport: "http", url: url, headers: { "x-api-key": process.env.COMPOSIO_API_KEY } } }); const tools = await client.getTools(); const agent = createAgent({ model: "gpt-5", tools }); let conversationHistory: any[] = []; console.log("Chat started! Type 'exit' or 'quit' to end the conversation.\n"); console.log("Ask any 21risk related question or task to the agent.\n"); const rl = readline.createInterface({ input: process.stdin, output: process.stdout, prompt: 'You: ' }); rl.prompt(); rl.on('line', async (userInput: string) => { const trimmedInput = userInput.trim(); if (['exit', 'quit', 'bye'].includes(trimmedInput.toLowerCase())) { console.log("\nGoodbye!"); rl.close(); process.exit(0); } if (!trimmedInput) { rl.prompt(); return; } conversationHistory.push({ role: "user", content: trimmedInput }); console.log("\nAgent is thinking...\n"); const response = await agent.invoke({ messages: conversationHistory }); conversationHistory = response.messages; const finalResponse = response.messages[response.messages.length - 1]?.content; console.log(`Agent: ${finalResponse}\n`); rl.prompt(); }); rl.on('close', () => { console.log('\nSession ended.'); process.exit(0); }); } main().catch((err) => { console.error('Fatal error:', err); process.exit(1); }); ``` ## Conclusion You've successfully built a LangChain agent that can interact with 21risk through Composio's Tool Router. Key features of this implementation: - Dynamic tool loading through Composio's Tool Router - Conversation history maintenance for context-aware responses - Async Python provides clean, efficient execution of agent workflows You can extend this further by adding error handling, implementing specific business logic, or integrating additional Composio toolkits to create multi-app workflows. ## How to build 21risk MCP Agent with another framework - [OpenAI Agents SDK](https://composio.dev/toolkits/_21risk/framework/open-ai-agents-sdk) - [Claude Agent SDK](https://composio.dev/toolkits/_21risk/framework/claude-agents-sdk) - [Claude Code](https://composio.dev/toolkits/_21risk/framework/claude-code) - [Claude Cowork](https://composio.dev/toolkits/_21risk/framework/claude-cowork) - [Codex](https://composio.dev/toolkits/_21risk/framework/codex) - [OpenClaw](https://composio.dev/toolkits/_21risk/framework/openclaw) - [Hermes](https://composio.dev/toolkits/_21risk/framework/hermes-agent) - [CLI](https://composio.dev/toolkits/_21risk/framework/cli) - [Google ADK](https://composio.dev/toolkits/_21risk/framework/google-adk) - [Vercel AI SDK](https://composio.dev/toolkits/_21risk/framework/ai-sdk) - [Mastra AI](https://composio.dev/toolkits/_21risk/framework/mastra-ai) - [LlamaIndex](https://composio.dev/toolkits/_21risk/framework/llama-index) - [CrewAI](https://composio.dev/toolkits/_21risk/framework/crew-ai) ## Related Toolkits - [Excel](https://composio.dev/toolkits/excel) - Microsoft Excel is a robust spreadsheet application for organizing, analyzing, and visualizing data. It's the go-to tool for calculations, reporting, and flexible data management. - [Abstract](https://composio.dev/toolkits/abstract) - Abstract provides a suite of APIs for automating data validation and enrichment tasks. It helps developers streamline workflows and ensure data quality with minimal effort. - [Addressfinder](https://composio.dev/toolkits/addressfinder) - Addressfinder is a data quality platform for verifying addresses, emails, and phone numbers. It helps you ensure accurate customer and contact data every time. - [Agentql](https://composio.dev/toolkits/agentql) - Agentql is a toolkit that connects AI agents to the web using a specialized query language. It enables structured web interaction and data extraction for smarter automations. - [Agenty](https://composio.dev/toolkits/agenty) - Agenty is a web scraping and automation platform for extracting data and automating browser tasks—no coding needed. It streamlines data collection, monitoring, and repetitive online actions. - [Ambee](https://composio.dev/toolkits/ambee) - Ambee is an environmental data platform providing real-time, hyperlocal APIs for air quality, weather, and pollen. Get precise environmental insights to power smarter decisions in your apps and workflows. - [Ambient weather](https://composio.dev/toolkits/ambient_weather) - Ambient Weather is a platform for personal weather stations with a robust API for accessing local, real-time, and historical weather data. Get detailed environmental insights directly from your own sensors for smarter apps and automations. - [Anonyflow](https://composio.dev/toolkits/anonyflow) - Anonyflow is a service for encryption-based data anonymization and secure data sharing. It helps organizations meet GDPR, CCPA, and HIPAA data privacy compliance requirements. - [Api ninjas](https://composio.dev/toolkits/api_ninjas) - Api ninjas offers 120+ public APIs spanning categories like weather, finance, sports, and more. Developers use it to supercharge apps with real-time data and actionable endpoints. - [Api sports](https://composio.dev/toolkits/api_sports) - Api sports is a comprehensive sports data platform covering 2,000+ competitions with live scores and 15+ years of stats. Instantly access up-to-date sports information for analysis, apps, or chatbots. - [Apify](https://composio.dev/toolkits/apify) - Apify is a cloud platform for building, deploying, and managing web scraping and automation tools called Actors. It lets you automate data extraction and workflow tasks at scale—no infrastructure headaches. - [Autom](https://composio.dev/toolkits/autom) - Autom is a lightning-fast search engine results data platform for Google, Bing, and Brave. Developers use it to access fresh, low-latency SERP data on demand. - [Beaconchain](https://composio.dev/toolkits/beaconchain) - Beaconchain is a real-time analytics platform for Ethereum 2.0's Beacon Chain. It provides detailed insights into validators, blocks, and overall network performance. - [Big data cloud](https://composio.dev/toolkits/big_data_cloud) - BigDataCloud provides APIs for geolocation, reverse geocoding, and address validation. Instantly access reliable location intelligence to enhance your applications and workflows. - [Bigpicture io](https://composio.dev/toolkits/bigpicture_io) - BigPicture.io offers APIs for accessing detailed company and profile data. Instantly enrich your applications with up-to-date insights on 20M+ businesses. - [Bitquery](https://composio.dev/toolkits/bitquery) - Bitquery is a blockchain data platform offering indexed, real-time, and historical data from 40+ blockchains via GraphQL APIs. Get unified, reliable access to complex on-chain data for analytics, trading, and research. - [Brightdata](https://composio.dev/toolkits/brightdata) - Brightdata is a leading web data platform offering advanced scraping, SERP APIs, and anti-bot tools. It lets you collect public web data at scale, bypassing blocks and friction. - [Builtwith](https://composio.dev/toolkits/builtwith) - BuiltWith is a web technology profiler that uncovers the technologies powering any website. Gain actionable insights into analytics, hosting, and content management stacks for smarter research and lead generation. - [Byteforms](https://composio.dev/toolkits/byteforms) - Byteforms is an all-in-one platform for creating forms, managing submissions, and integrating data. It streamlines workflows by centralizing form data collection and automation. - [Cabinpanda](https://composio.dev/toolkits/cabinpanda) - Cabinpanda is a data collection platform for building and managing online forms. It helps streamline how you gather, organize, and analyze responses. ## Frequently Asked Questions ### What are the differences in Tool Router MCP and 21risk MCP? With a standalone 21risk MCP server, the agents and LLMs can only access a fixed set of 21risk tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from 21risk and many other apps based on the task at hand, all through a single MCP endpoint. ### Can I use Tool Router MCP with LangChain? Yes, you can. LangChain fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right 21risk tools. ### Can I manage the permissions and scopes for 21risk while using Tool Router? Yes, absolutely. You can configure which 21risk scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do. ### How safe is my data with Composio Tool Router? All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your 21risk data and credentials are handled as safely as possible. --- [See all toolkits](https://composio.dev/toolkits) · [Composio docs](https://docs.composio.dev/llms.txt)