Skip to content
TIA MCP Industrial automation MCP

Local-first TIA automation, cloud-governed access

TIA MCP

A Windows desktop and MCP server product for engineers who need local TIA Portal automation with account-backed subscription, device, and GitHub-aware policy controls.

Download for Windows Create free account
Local runtime
TIA Portal stays on the workstation.
Cloud policy
Entitlements are server-authoritative.
GitHub optional
Connected only by separate grant.
TIA MCP desktop entitlement and MCP policy preview
Simulated desktop preview: entitlement sync, MCP policy status, GitHub connection state, and audit posture.

Mode: local-first desktop runtime

API: v1 health/meta ready

MVP billing: free during beta

Security: revocable and auditable

Product shape

Automation tools with policy controls before execution

TIA MCP keeps the engineering workflow local while the cloud app owns identity, subscription, device, and GitHub connection state.

Local-first TIA automation

Desktop and MCP server workflows stay on the Windows machine where TIA Portal is installed.

MCP tools with policy controls

Tool execution can be checked against entitlement and GitHub connection state before handlers run.

Account and entitlement sync

The cloud API is the source of truth for beta subscription and device access state.

GitHub integration when connected

GitHub product access remains separate from GitHub login and is only used after explicit connection.

Security posture

Crack-resistant, not unhackable

The security model is explicit about attacker capabilities. A determined local administrator can patch local checks, so authority, revocation, signing, and audit state stay server-side.

Server-authoritative access

Subscription, device, and GitHub-connected capabilities are represented by cloud state rather than local claims.

Signed entitlement documents

The desktop and MCP server can verify signed claims without receiving the signing private key.

Revocation-aware design

Offline access is bounded by an explicit window, trading usability for a known revocation delay.

Renderer token boundary

Raw provider tokens do not belong in desktop renderer code, localStorage, logs, or MCP process arguments.

Separate GitHub grants

GitHub login identifies a user; GitHub product connection authorizes repository/product features.

Evidence-first operations

Smoke, security smoke, packaging, and deployment verification scripts write explicit evidence and skips.