Overview

Omnitrex GRC integrates with external systems through three channels:

1. n8n Workflows — Visual workflow automation for scheduled tasks and event-driven processes
2. Microsoft 365 — Email, calendar, and file management via MCP servers
3. AI Workflows — Natural language GRC operations powered by Claude and MCP

n8n Workflow Automation

n8n is a self-hosted workflow automation platform. Omnitrex provides pre-built workflows that connect to the platform via MCP servers over HTTP.

Architecture

n8n (Docker)
  └── Code Node (JavaScript)
       └── HTTP request to MCP server (:9090)
            └── mcp-omnitrex → Omnitrex API

The MCP servers run as Streamable HTTP endpoints alongside n8n. Code nodes call MCP tools using standard HTTP with SSE response parsing.

Pre-Built Workflows

Omnitrex ships with 5 production-ready n8n workflows:

1. Daily Compliance Digest Runs every morning at 07:00. Fetches all GRC data (risks, controls, tasks, proposals, orphan nodes), categorises items by deadline, and emails a formatted HTML digest. Sends an "all clear" email if nothing needs attention.

2. Escalation Workflow Monitors overdue items and escalates to managers. Triggered when deadlines pass without resolution.

3. Control Reminder Sends reminders for upcoming control tests. Configurable lead time (default: 7 days before due date).

4. GDPR 72-Hour Incident Alert Monitors new incidents and alerts the DPO if a personal data breach is detected, ensuring the 72-hour GDPR notification window is met.

5. Monthly GRC Report Generates a comprehensive PPTX report on the first of each month and emails it to stakeholders.

MCP-over-HTTP Pattern

n8n Code nodes communicate with MCP servers using this pattern:

const http = require('http');
function mcpFetch(port, tool, args) {
  return new Promise((resolve, reject) => {
    const body = JSON.stringify({
      jsonrpc: '2.0',
      id: 1,
      method: 'tools/call',
      params: { name: tool, arguments: args }
    });
const req = http.request({
      hostname: 'host.docker.internal',
      port: port,
      path: '/mcp',
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Accept': 'application/json, text/event-stream',
        'Content-Length': Buffer.byteLength(body)
      }
    }, (res) => {
      let data = '';
      res.on('data', chunk => data += chunk);
      res.on('end', () => {
        // Parse SSE response
        const lines = data.split('\n');
        for (const line of lines) {
          if (line.startsWith('data:')) {
            const json = JSON.parse(line.slice(5).trim());
            if (json.result) resolve(json.result);
          }
        }
      });
    });
req.on('error', reject);
    req.write(body);
    req.end();
  });
}
// Example: fetch all LIVE risks
const result = await mcpFetch(9090, 'list_nodes', {
  domainCode: 'RISK',
  status: 'LIVE'
});

Server Ports

Docker Setup

The MCP servers run alongside n8n in Docker. Add them to your docker-compose.yml:

services:
  n8n:
    image: n8nio/n8n:2.10.3
    ports:
      - "5678:5678"
    environment:
      - NODE_FUNCTION_ALLOW_BUILTIN=*
    extra_hosts:
      - "host.docker.internal:host-gateway"

NODE_FUNCTION_ALLOW_BUILTIN=* is required because the n8n Task Runner sandbox blocks fetch and URL. Code nodes must use require('http') instead.

Microsoft 365 Integration

Email Automation

With mcp-ms365-mail connected, workflows can:

• Send compliance digests — Automated morning emails with GRC status
• Forward incident alerts — Route critical incidents to the DPO
• Schedule reviews — Create calendar events for control testing
• Attach reports — Generate PPTX/PDF reports and email them to stakeholders

File Management

With mcp-ms365-files connected, workflows can:

• Upload reports to OneDrive — Auto-store generated reports in organised folders
• Share via SharePoint — Upload compliance evidence to document libraries
• Create sharing links — Generate view-only links for external auditors

End-to-End Example

A complete automated workflow:

1. n8n trigger fires on the 1st of each month
2. mcp-omnitrex generates a compliance PPTX report
3. mcp-ms365-files uploads the report to OneDrive (Reports/GRC/monthly-2026-03.pptx)
4. mcp-ms365-files creates a sharing link
5. mcp-ms365-mail emails the link to the compliance team

AI Workflows

GRC Prompts

Omnitrex includes pre-built AI workflow prompts accessible via the MCP server. These guide Claude through complex GRC tasks step by step.

Available prompts:

Using Prompts

From Claude Code with mcp-omnitrex connected:

Claude, run the risk-assessment prompt for our payment processing risks.

Claude will:

1. Read the prompt template from the platform
2. Fetch relevant risk and control nodes
3. Analyse coverage gaps
4. Generate a structured assessment with recommendations

Batch Proposals

For changes that need human approval, AI workflows create Proposals — batches of changes that are reviewed before execution.

Example flow:

1. Claude analyses gap analysis results
2. Creates a Proposal with 5 new TASK nodes
3. You review the Proposal in the dashboard
4. Click Approve to execute all changes atomically

API Webhooks

For custom integrations, use the Omnitrex CLI to set up outbound notifications:

# Slack
omnitrex notify slack https://hooks.slack.com/services/YOUR/WEBHOOK
Microsoft Teams
omnitrex notify teams https://outlook.office.com/webhook/YOUR/WEBHOOK
Generic webhook
omnitrex notify webhook add my-system https://api.example.com/webhook
Test all channels
omnitrex notify test

Notifications fire on status updates pushed via the CLI or API.

Next Steps

• Getting Started — Deploy the platform with Docker Compose
• Platform Guide — Learn domains, nodes, and the Central Command Viewer
• Developer Guide — Set up CLI, MCP servers, and API access