Hybrid · HighBond REST + AC subdomain JSON + QuickSight iframe

Activity Center,
composed by an agent.

96 tools across 16 categories. List preset and custom dashboards, drill into Issues and Actions, take snapshots, schedule reports, manage Boards-site connections, audit sharing, introspect the canonical inventory. Activity Center is Diligent's dashboards-and-reports product — an embedded Amazon QuickSight experience over Projects + Results data.

96
MCP Tools
50 live · 46 documented stubs
5
Backend Endpoints
Reverse-engineered & verified
21
Knowledge Files
From a fresh help-doc crawl
89/89
Smoke Tests
Live against Pied Piper
$
curl -fsSL https://mcp-activity-center.riskapture.ai/install.sh | bash
Installs to ~/.local/share/diligent-activity-center-mcp Node.js 20+, no sudo Re-run to update
Architecture

Three surfaces, one cookie.

There is no public Activity Center API (verified against developer.diligent.com). This MCP discovered five reverse-engineered endpoints on the per-tenant subdomain backend and confirmed by 404-probing that ~40 operations are QuickSight-iframe-native. The agent reads through one cookie session; mutations split across three layers depending on what's actually exposed.

HighBond REST (Bearer PAT)

For data the dashboards render — Projects, Results, Issues, Actions. Same JSON:API v1.0 + token bucket as the Projects MCP. Used by drill-through and the in-page Issue/Action editor.

AC backend JSON (cookie session)

5 confirmed endpoints on activity-centers-api.<region>.com: /session, /dashboards, /dashboards/{slug}/embed, /authoring/embed_url, /orgs/board_sites. OIDC login via headless Playwright; cookies cached 25 min.

QuickSight iframe (deferred)

Snapshot/schedule/share/visual-export/dashboard CRUD all live inside QS. Verified 404 on every probed Diligent path. Tools in this bucket return FEATURE_LIVES_IN_QUICKSIGHT_IFRAME with workaround pointer; drive via Playwright frameLocator on ac_open_preset.

Two-tier response cache

In-memory + persistent JSON at ~/.cache/diligent-activity-center-mcp/cache.json. Per-key TTL (5 min for AC dashboards, 15 min for templates, 2 min for instances). Survives MCP restarts so each Claude Code turn benefits. ac_clear_cache for targeted purge.

Dry-run by default

Every mutating tool defaults dry_run=true. Bulk mutations additionally require confirm_token matching the affected count. The live writeback smoke scenario round-trips an unpublished issue and reverts in a finally block.

Honest stubs

46 tools that can't be implemented through Diligent's API surface return either FEATURE_LIVES_IN_QUICKSIGHT_IFRAME (40, with workaround) or FEATURE_NOT_AVAILABLE (5, with capture-needed reason) or BRAIN_NOT_SEEDED (1). Smoke contract-tests every stub.

What you can do

Capabilities overview.

Browse dashboards

List all preset (Diligent-shipped) dashboards, custom user-created dashboards, and templates. Open a preset and get the live QuickSight embed URL with full options payload (locale, parameters, timezone).

Drill into Issues & Actions

The Issues & Actions preset has bi-directional sync to HighBond. List, filter, edit issues and actions inline. Updates proxy through the Projects API. Supports dry-run and live writeback with cache-bypassing readback.

Manage Boards-site connections

List, get, fuzzy-match the org's Diligent 360 / Boards sites. Validate snapshot-attach targets before driving the QuickSight iframe.

Authoring entry

Mint a short-lived QuickSight authoring URL for Reports Admins. Drive the iframe via Playwright if you need to programmatically create or edit a dashboard.

Schema & data dictionary

Canonical inventories: dashboard, preset, template, dataset, snapshot, schedule, share, role. Build a per-attribute population/distinct-values dictionary across every live inventory.

Bulk export & governance

Flatten dashboards + templates + board sites + session into a single CSV-ready payload. Pre-flight schedule/share payload validators check documented limits before driving the QS UI.

Tool Reference

All tools.

96 tools split across 16 categories. live = call the AC backend or HighBond today. qs-iframe = QuickSight-iframe-native (no Diligent endpoint exists). stub = capture pending.

Meta & Control Plane (8)
ToolDescription
ac_health_checklivePings HighBond + AC backend + Playwright readiness; returns combined session metrics
ac_list_capabilitiesliveTool inventory grouped by category, with optional substring filter
ac_get_session_metricslivePer-surface call counts, errors, retries, average duration
ac_reset_session_metricsliveReset counters across HighBond + AC clients
ac_warmup_reference_cachelivePre-fetch users + presets + templates + board sites
ac_query_allliveAuto-paginate any HighBond JSON:API resource collection
ac_cache_statusliveTwo-tier cache state: keys, bytes, hits/misses/writes, file path
ac_clear_cacheliveTargeted purge: all/reference/instances/ac/ac-instances/ui-schema/brain
Presets (4)
ToolDescription
ac_list_presetsliveList Diligent-shipped managed dashboards (Pied Piper: my_activities_internal, issues, sox)
ac_get_presetliveGet one preset by slug; reports availableSlugs on miss
ac_open_presetliveMint a QuickSight embed URL + render options for a preset
ac_get_dashboard_last_refreshliveSurface refresh metadata embedded in the QS options.parameters payload
Dashboards (7)
ToolDescription
ac_list_dashboardsliveList managed + template dashboards, filterable by type
ac_get_dashboardliveGet one dashboard by slug across all categories
ac_create_dashboardqs-iframeQuickSight-native authoring; use ac_get_authoring_embed_url + frameLocator
ac_update_dashboardqs-iframeQuickSight-native authoring
ac_delete_dashboardqs-iframeQuickSight-native authoring
ac_clone_dashboard_from_templateqs-iframeQuickSight-native authoring
ac_publish_analysis_to_dashboardqs-iframeQuickSight-native authoring
Datasets (7)
ToolDescription
ac_list_datasetslive14 built-in Projects datasets (Actions, Controls, Issues, Risks, …)
ac_get_datasetliveGet one dataset record by id
ac_replace_datasetqs-iframeQuickSight-native dataset binding
ac_field_map_datasetqs-iframeQuickSight-native field mapping wizard
ac_get_dataset_refresh_statusqs-iframeQuickSight-native refresh state
ac_trigger_dataset_refreshqs-iframeQuickSight-native refresh button
ac_list_results_table_publicationsqs-iframeResults-publication discovery surface unknown
Templates (7)
ToolDescription
ac_list_templatesliveProvisioned + documented-only templates with knowledge file pointers
ac_get_template_moodysliveERM Reporting (Moody's) — 3 tabs
ac_get_template_cyber_riskliveCyber Risk Report — 6 tabs
ac_get_template_market_insightsliveMarket Insights (S&P) — 4 tabs
ac_get_template_financial_netsuiteliveFinancial Reporting (NetSuite) integration
ac_get_template_soxliveSOX Program Management — 6 tabs
ac_get_template_diligent_360liveDiligent 360 / Boards integration
Board sites (6) — new in Phase 5b
ToolDescription
ac_list_board_sitesliveList Diligent 360 / Boards sites configured for the org (24 in Pied Piper)
ac_get_board_siteliveGet one Boards site by boardSiteId
ac_smart_match_board_siteliveFuzzy-match against displayName + boardSiteName
ac_get_authoring_embed_urlliveMint QuickSight authoring URL for Reports Admins
ac_create_board_sitestubPOST endpoint capture pending (Save click had client-side validation gate)
ac_delete_board_sitestubDELETE endpoint capture pending
Issues & Actions Bridge (5)
ToolDescription
ac_list_issues_in_dashboardliveList issues with status/severity/owner/project filters
ac_update_issue_inlinelivePATCH issue via HighBond Projects API; dry_run default
ac_list_actions_in_dashboardliveAggregate actions across issues (nested resource)
ac_update_action_inlinelivePATCH action via HighBond; dry_run default
ac_get_issues_actions_dashboardliveComposite: preset metadata + open/closed counts + severity breakdown
Snapshots (5)
ToolDescription
ac_list_snapshotsqs-iframeQuickSight-native snapshot history
ac_take_snapshotqs-iframeQuickSight-native snapshot button
ac_get_snapshotqs-iframeQuickSight-native snapshot detail
ac_delete_snapshotqs-iframeQuickSight-native delete
ac_connect_snapshot_to_boards_sitelive*Validates target board_site_id against /orgs/board_sites; connect is qs-iframe
Scheduled Reports (8)
ToolDescription
ac_list_scheduled_reportsqs-iframeQuickSight-native
ac_get_scheduled_reportqs-iframeQuickSight-native
ac_create_scheduled_reportqs-iframeQuickSight-native; pre-flight with ac_validate_schedule_payload
ac_update_scheduled_reportqs-iframeQuickSight-native
ac_pause_scheduled_reportqs-iframeQuickSight-native
ac_resume_scheduled_reportqs-iframeQuickSight-native
ac_delete_scheduled_reportqs-iframeQuickSight-native
ac_get_schedule_failuresqs-iframeQuickSight-native
Sharing (5)
ToolDescription
ac_list_sharesqs-iframeQuickSight-native
ac_share_dashboard_with_usersqs-iframeQuickSight-native; pre-flight with ac_validate_share_payload
ac_share_dashboard_with_orgqs-iframeQuickSight-native
ac_revoke_shareqs-iframeQuickSight-native
ac_set_share_access_levelqs-iframeQuickSight-native
Visuals + Filters + Exports (8)
ToolDescription
ac_list_sheetsqs-iframeQuickSight-native
ac_list_visualsqs-iframeQuickSight-native
ac_get_visual_stateqs-iframeQuickSight-native
ac_export_visual_csvqs-iframeQuickSight-native
ac_export_table_excelqs-iframeQuickSight-native
ac_get_drillthroughqs-iframeQuickSight-native
ac_apply_filterqs-iframeQuickSight-native
ac_clear_filterqs-iframeQuickSight-native
Admin & Permissions (9)
ToolDescription
ac_get_sessionliveorgId, uid, locale, subscriptionState, hasAuthoring, timezone, features
ac_get_subscription_tierliveSubscription state + feature-flag breakdown
ac_get_region_infoliveConfigured + live region/locale/timezone
ac_get_author_countliveHard cap (64) + sourceOfCap; live count needs admin-UI scrape
ac_list_app_rolesliveReports Admin / Writer / Reader from static catalogue
ac_get_app_rolelivePer-role capabilities matrix
ac_list_users_with_rolestubAdmin UI capture pending
ac_assign_role_to_userstubAdmin UI capture pending
ac_revoke_role_from_userstubAdmin UI capture pending
Bulk Operations (6)
ToolDescription
ac_export_inventory_flatliveFlat dump of dashboards + templates + board sites + session
ac_bulk_export_visualsqs-iframeQuickSight-native
ac_bulk_create_scheduled_reportsqs-iframeQuickSight-native
ac_bulk_share_dashboardsqs-iframeQuickSight-native
ac_bulk_take_snapshotsqs-iframeQuickSight-native
ac_bulk_pause_schedulesqs-iframeQuickSight-native
Schema & Data Dictionary (5)
ToolDescription
ac_list_canonical_inventorieslive8 canonical types: dashboard, preset, template, dataset, snapshot, schedule, share, role
ac_list_inventory_recordsliveWalk a live inventory; FNA for non-live types
ac_get_inventory_schemalivePer-attribute population rate, observed types, distinct values
ac_build_data_dictionaryliveComposite: schema across every live inventory
ac_compare_inventory_to_brainstubReturns BRAIN_NOT_SEEDED until Riskapture-Knowledge has an AC seed
Smart-match & Validators (6)
ToolDescription
ac_smart_match_dashboardliveFuzzy match free-text against the live dashboard list
ac_smart_match_templateliveFuzzy match against templates
ac_smart_match_userliveFuzzy match against HighBond user list (for share recipients)
ac_smart_match_datasetliveFuzzy match against the 14 built-in Projects datasets
ac_validate_schedule_payloadlivePre-flight check: 5/dashboard cap, 35 MB, 2-yr horizon, format, recipients
ac_validate_share_payloadlivePre-flight: dashboard slug, scope, accessLevel, userIds
Configuration

Environment variables.

VariableRequiredDescription
AC_BASE_URLYesHighBond API base URL (e.g. https://apis-us.diligentoneplatform.com)
AC_API_TOKENYesBearer PAT from Diligent One > Profile > Application tokens
AC_ORG_IDYesOrganisation ID (numeric)
AC_TENANT_URLYesPer-tenant AC subdomain (e.g. https://piedpiper.activity-centers.diligentoneplatform.com)
AC_UI_EMAILYesOIDC login email — needed for the AC backend cookie session
AC_UI_PASSWORDYesOIDC password
AC_UI_ORGYesOrg slug (e.g. piedpiper) — must match the slug in AC_TENANT_URL
AC_UI_REGIONNoRegion code: us/ca/eu/ap/au/af/jp (default us)
AC_LOG_FILENoPath for JSONL request log
AC_CACHE_ENABLEDNoSet to false to disable the response cache
AC_CACHE_DIRNoCache location (default ~/.cache/diligent-activity-center-mcp)
AC_PLAYWRIGHT_HEADLESSNoSet to false to debug the OIDC flow with a visible browser

Regional base URLs: US, Canada, Europe, Asia, Australia, Africa, Japan, South America. The PAT can be reused from sibling MCPs (Issues, Projects, ERM) — same token, different application surface.

Constraints

Hard rules.

No Public AC API
The Diligent Developer Portal does not document an Activity Center API (verified 2026-04-27). The 5 backend endpoints used here are reverse-engineered and could change with any Diligent release.
Dry-Run Default
Every mutating tool defaults dry_run=true. Bulk mutations additionally require confirm_token matching the affected count.
No DELETE on HighBond
DELETE is hard-blocked in the HighBond client (soft-delete is destructive and irreversible via API).
QuickSight-Iframe Boundary
Snapshot, schedule, share, dashboard CRUD, visual export, and filters live entirely inside the QuickSight iframe. Tools in this bucket return FEATURE_LIVES_IN_QUICKSIGHT_IFRAME with a workaround pointer.
Browser-Style Headers
The AC backend rejects requests without Origin, Referer, and Sec-Fetch-* headers. The client sends them automatically; if you call directly via curl, mirror them.
Author Limit
Hard cap of 64 (Reports Admin + Writer combined) per org. ac_get_author_count surfaces this.
Schedule Limits
5 schedules per dashboard, 1 sheet per schedule, 5 tables max for CSV, 35 MB attachment cap, 2-yr horizon (3-yr yearly). ac_validate_schedule_payload pre-flight-checks all of these.
Quick start

Getting started.

1. Install via the one-liner above, or clone from GitHub

2. Set your environment variables — AC_BASE_URL, AC_API_TOKEN, AC_ORG_ID, AC_TENANT_URL, AC_UI_EMAIL, AC_UI_PASSWORD, AC_UI_ORG

3. Restart Claude Code: /mcp reset diligent-activity-center

4. Start with ac_health_check to verify both surfaces (HighBond + AC backend) are reachable

5. Run ac_list_capabilities to discover all 96 tools and their categories

6. ac_warmup_reference_cache before bulk operations

7. ac_open_preset({slug: "my_activities_internal"}) to get a QuickSight embed URL for the default landing dashboard