ArvoDocs ships a native Model Context Protocol server. Connect Claude, ChatGPT, Gemini, Cursor, or any MCP-aware client and your team can use AI to draft documents, manage CAPAs, run internal audits, and answer auditor questions — without ever losing the regulated audit trail.
ArvoDocs speaks the Model Context Protocol — an open standard backed by Anthropic and adopted across the AI ecosystem. If your assistant supports MCP, it works.
Native MCP support in Claude Desktop, claude.ai web connectors, and Claude Code.
Remote MCP server support via custom connectors on Team, Enterprise, and Pro plans.
MCP support across the Gemini API, Gemini CLI, and Gemini Code Assist for IDE-based workflows.
Wire ArvoDocs into your IDE so engineering can read the QMS as easily as the codebase.
Continue, Zed, and any client supporting MCP 2025-03-26 can connect with no code on our side.
Every action below runs through MCP, lands in your tenant’s audit trail, and never bypasses an e-signature.
Give the AI a problem statement; it picks the right document template, drafts each section with proper TipTap structure, and fills in the required change-description, reason-for-change, and impact-assessment fields. You review the draft and approve in the UI.
Describe an incident; the AI opens a CAPA from your template, starts the first stage, and fills out problem statement, containment actions, root-cause hypotheses, and effectiveness criteria. The human approves each stage transition with a re-authenticated signature.
Walk through ISO 13485 or 9001 clause by clause. The AI pulls the relevant SOPs, surfaces the controlled-document evidence per clause, checks for gaps against your tenant's actual records, and drafts findings as quality events for your auditor to review.
"Show me every CAPA from the last 18 months and the root-cause method used." The AI queries the tenant directly via list + filter tools, summarizes findings, and links back to each record so your team can review the source.
Ask "are all SOPs referenced by our quality manual currently effective?" or "which event templates don't have a stage owner assigned?" The AI walks the data and surfaces inconsistencies in seconds — work that used to take a quality manager half a day.
Surface every supplier overdue for re-evaluation, draft the re-evaluation questionnaire, and link recent NCRs/CAPAs back to the suppliers involved. Useful before management review or a recertification audit.
Documents due for periodic review get an auto-drafted summary: what changed in the last cycle, what referenced events occurred, and a recommendation to keep, revise, or retire. Quality manager approves with one click.
"Pull last quarter's CAPAs, NCRs, supplier non-conformances, and overdue trainings into a slide-ready brief." The AI uses the same tools your auditor would — pulling from the same controlled audit trail.
The AI assistant connects once and gets a full toolbelt — scoped to a single tenant, controlled by per-integration permissions.
Admins generate API tokens in Settings → MCP integration, choosing Read-only (browse + search) or Read & edit drafts (also create documents, events, suppliers). For Claude.ai web connectors, the user picks the level on a consent screen each time.
On first connect, the assistant calls tools/list and gets twenty tools: list_documents, get_document, search_documents, create_document, update_document_section, the same set for events and suppliers, plus a consolidated list_document_templates and list_event_templates.
Reads run under the tenant’s row-level security. Writes land as drafts only — the AI can author a document or open a CAPA, but it cannot sign, approve, reject, or make a document effective. Those still require a human in the ArvoDocs UI with password re-authentication.
Each MCP request creates an entry in the tenant’s tamper-evident audit trail with the user, the tool, the auth mode (static token or OAuth JWT), and the IP. Your QA group can answer “which changes were AI-authored last quarter?” in seconds.
21 CFR Part 11 doesn’t ban AI authoring — it requires that signing, approving, rejecting, and making documents effective be performed by a uniquely-identified human with password re-authentication, and that every change be captured in a tamper-evident audit trail. ArvoDocs preserves that line by design.
You get the speed of AI-assisted authoring without losing the audit defensibility your auditor expects.
Claude.ai web connectors use Dynamic Client Registration (RFC 7591), authorization-code grant with PKCE-S256, and short-lived JWTs (15 minute access tokens, 90-day rotating refresh tokens).
API tokens are never stored as plaintext. Only HMAC-SHA256 hex digests live in the database. Lose a token, revoke it, generate a new one.
Issue read-only tokens for analysis or audit-prep use cases. Issue read & edit tokens only when the integration needs to draft. Revoke and rotate at any time.
Every MCP request runs under the tenant’s row-level-security context. A token can never see, search, or write data outside its tenant.
Every MCP call logs to audit_trail with row-hashing for tamper detection. Per call: tool name, auth mode, user, IP, timestamp.
Sign, approve, reject, submit-for-review, make-effective, close-event, and activate-supplier are deliberately not exposed via MCP — they require human re-auth in the UI.
We wrote a deep-dive on what AI in a regulated eQMS actually looks like — with worked examples for medical-device, ISO 9001, and dental teams.
Read the deep dive →Sign up free, upgrade to Growth when you’re ready, generate a token in Settings, paste it into Claude Desktop or wire up the claude.ai connector. That’s it.
Start free