Agentic AI Workflow
This guide explains how to configure an IDE or Agentic Workflow client to communicate with a deployed Model Context Protocol (MCP) server for use with SD Elements.
Once configured, your client (IDE plugin, local script, or agent) can securely interact with SD Elements to enable agentic security workflows over HTTP.
Quick Overview: Agentic AI Workflow & MCP
- Agentic Workflow
-
Enables AI agents to perform context-aware, multi-step actions across SD Elements projects and security workflows for automation and assistance.
- Model Context Protocol (MCP)
-
A standardized, secure, and auditable way for AI agents to interact with SD Elements while respecting existing permissions and governance controls.
- Key Benefit
-
More reliable, governed, and scalable AI-assisted security workflows compared to one-off prompts or custom integrations.
Why Deploy Agentic AI Workflow?
Agentic Workflow allows teams to bring SD Elements directly into their AI-assisted development workflow.
Once deployed, developers and security teams can:
-
Interact with SD Elements from their IDE or AI client
-
Plan and configure projects using real repository context
-
Update requirements as code evolves
-
Validate policy alignment without leaving their workspace
-
Generate summaries or cross-project insights on demand
Instead of manually navigating SD Elements, users can leverage AI agents to perform structured, permission-aware actions through MCP.
How Teams are Using Agentic AI
Once deployed and connected to an AI client, Agentic Workflow becomes part of the team’s daily development process.
Developers can:
-
Plan new projects directly from repository context
-
Update security requirements as code evolves
-
Run surveys without leaving their IDE
-
Validate policy alignment during development
Security Teams can:
-
Review and adjust project configurations at scale
-
Maintain alignment to evolving policies
-
Analyze security posture across multiple projects
-
Generate executive-ready summaries
Suggested Workflow
The following example demonstrates how a developer might use Agentic Workflow with a repository through a supported AI client.
Plan a New Project from a Repository
-
Start a new agent session in your AI client.
-
Select Agent Mode (or equivalent) and choose your preferred model.
-
Ensure your terminal or workspace is pointed at the target code repository.
-
Copy and paste the "Model in SDE" prompt into the agent.
-
Allow the agent to complete the workflow.
Validate the Project in SD Elements
After execution, confirm:
-
A new SD Elements project was created (or updated) successfully.
-
Survey responses include expected comments.
-
Publishing the survey generated the corresponding countermeasures.
-
The correct project profile appears in the Overview tab.
Implement Countermeasures
-
(Optional) Start a new agent session for clarity.
-
Copy and paste the "Implement Countermeasures" prompt.
-
Allow the agent to complete the updates.
Validate the Updates
Confirm that:
-
Countermeasure statuses were updated as expected.
-
Each countermeasure includes a contextual note.
Recommended Best Practices on Workflow
-
Review agent-generated changes before committing updates.
-
Use separate agent sessions for major workflow steps when possible.
-
Larger, more capable models typically perform better for complex repositories.
Supported AI Clients and Agents
Agentic Workflow is model-agnostic and works with MCP-capable AI clients.
Fully Validated Clients:
-
Cursor [Gemini 3.1, Opus 4.6, Codex 5.3, GPT 5.2]
-
Claude Code [Opus 4.6]
-
Github Co-Pilot via VS Code [GPT 5.2]
| Larger, more capable models generally produce better results for multi-step agentic workflows. |
Other MCP-capable clients may work but are not yet fully validated.
-
Claude Desktop (Requires Proxy Configurations)