@aigrc/mcp 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/bin/aigrc-mcp.js +21177 -0
  2. package/dist/bin/aigrc-mcp.js.map +1 -0
  3. package/dist/index.js +21171 -0
  4. package/dist/index.js.map +1 -0
  5. package/package.json +71 -0
  6. package/profiles/eu-ai-act.yaml +166 -0
  7. package/profiles/iso-42001.yaml +162 -0
  8. package/profiles/nist-ai-rmf.yaml +136 -0
  9. package/profiles/us-omb-m24.yaml +131 -0
package/package.json ADDED
@@ -0,0 +1,71 @@
1
+ {
2
+ "name": "@aigrc/mcp",
3
+ "version": "2.0.0",
4
+ "description": "AIGRC MCP Server - AI Governance via Model Context Protocol",
5
+ "license": "Apache-2.0",
6
+ "author": "AIGRC <contact@aigrc.dev>",
7
+ "homepage": "https://github.com/aigrc/aigrc#readme",
8
+ "repository": {
9
+ "type": "git",
10
+ "url": "git+https://github.com/aigrc/aigrc.git",
11
+ "directory": "packages/mcp"
12
+ },
13
+ "bugs": {
14
+ "url": "https://github.com/aigrc/aigrc/issues"
15
+ },
16
+ "keywords": [
17
+ "aigrc",
18
+ "mcp",
19
+ "model-context-protocol",
20
+ "ai-governance",
21
+ "compliance",
22
+ "eu-ai-act",
23
+ "nist-ai-rmf",
24
+ "iso-42001",
25
+ "claude",
26
+ "anthropic"
27
+ ],
28
+ "engines": {
29
+ "node": ">=18.0.0"
30
+ },
31
+ "publishConfig": {
32
+ "access": "public"
33
+ },
34
+ "type": "module",
35
+ "main": "dist/index.js",
36
+ "types": "dist/index.d.ts",
37
+ "bin": {
38
+ "aigrc-mcp": "./dist/bin/aigrc-mcp.js"
39
+ },
40
+ "exports": {
41
+ ".": {
42
+ "types": "./dist/index.d.ts",
43
+ "import": "./dist/index.js",
44
+ "default": "./dist/index.js"
45
+ }
46
+ },
47
+ "files": [
48
+ "dist",
49
+ "profiles"
50
+ ],
51
+ "scripts": {
52
+ "build": "tsup",
53
+ "dev": "tsup --watch",
54
+ "typecheck": "tsc --noEmit",
55
+ "clean": "rimraf dist",
56
+ "start": "node dist/bin/aigrc-mcp.js"
57
+ },
58
+ "dependencies": {
59
+ "@aigrc/core": "^0.1.0",
60
+ "@modelcontextprotocol/sdk": "^1.0.0",
61
+ "glob": "^10.3.10",
62
+ "yaml": "^2.3.4",
63
+ "zod": "^3.22.4"
64
+ },
65
+ "devDependencies": {
66
+ "@types/node": "^20.10.0",
67
+ "rimraf": "^5.0.5",
68
+ "tsup": "^8.0.1",
69
+ "typescript": "^5.3.2"
70
+ }
71
+ }
package/profiles/eu-ai-act.yaml ADDED
@@ -0,0 +1,166 @@
1
+ # EU AI Act Compliance Profile
2
+ # European Union Artificial Intelligence Act
3
+
4
+ id: eu-ai-act
5
+ name: EU AI Act
6
+ version: "2024.1"
7
+ jurisdiction: EU
8
+ description: European Union Artificial Intelligence Act
9
+ effectiveDate: "2024-08-01"
10
+ sourceDocument: Regulation (EU) 2024/1689
11
+ sourceUrl: https://eur-lex.europa.eu/eli/reg/2024/1689/oj
12
+
13
+ riskLevels:
14
+ - minimal
15
+ - limited
16
+ - high
17
+ - unacceptable
18
+
19
+ riskLevelMapping:
20
+ minimal: minimal
21
+ limited: limited
22
+ high: high
23
+ unacceptable: unacceptable
24
+
25
+ trustworthinessCharacteristics:
26
+ - transparency
27
+ - safety
28
+ - security
29
+ - fairness
30
+ - accountability
31
+ - human_oversight
32
+
33
+ controls:
34
+ - id: eu-art-9
35
+ name: Risk Management System
36
+ description: Establish and maintain a risk management system
37
+ applicableRiskLevels:
38
+ - high
39
+ required: true
40
+ category: Risk Management
41
+ crosswalkIds:
42
+ us-omb-m24:
43
+ - us-aia
44
+ nist-ai-rmf:
45
+ - nist-govern
46
+ - nist-manage
47
+ iso-42001:
48
+ - iso-a6
49
+
50
+ - id: eu-art-10
51
+ name: Data Governance
52
+ description: Training, validation and testing data governance
53
+ applicableRiskLevels:
54
+ - high
55
+ required: true
56
+ category: Data Governance
57
+ crosswalkIds:
58
+ nist-ai-rmf:
59
+ - nist-map
60
+ iso-42001:
61
+ - iso-a8
62
+
63
+ - id: eu-art-11
64
+ name: Technical Documentation
65
+ description: Comprehensive technical documentation
66
+ applicableRiskLevels:
67
+ - high
68
+ required: true
69
+ category: Documentation
70
+ crosswalkIds:
71
+ nist-ai-rmf:
72
+ - nist-map
73
+ iso-42001:
74
+ - iso-a7
75
+
76
+ - id: eu-art-12
77
+ name: Record Keeping
78
+ description: Automatic logging and record keeping
79
+ applicableRiskLevels:
80
+ - high
81
+ required: true
82
+ category: Logging
83
+ crosswalkIds:
84
+ nist-ai-rmf:
85
+ - nist-measure
86
+ iso-42001:
87
+ - iso-a9
88
+
89
+ - id: eu-art-13
90
+ name: Transparency
91
+ description: Transparency and provision of information to deployers
92
+ applicableRiskLevels:
93
+ - high
94
+ - limited
95
+ required: true
96
+ category: Transparency
97
+ crosswalkIds:
98
+ us-omb-m24:
99
+ - us-notice
100
+ nist-ai-rmf:
101
+ - nist-govern
102
+ iso-42001:
103
+ - iso-a7
104
+
105
+ - id: eu-art-14
106
+ name: Human Oversight
107
+ description: Human oversight measures
108
+ applicableRiskLevels:
109
+ - high
110
+ required: true
111
+ category: Oversight
112
+ crosswalkIds:
113
+ us-omb-m24:
114
+ - us-human-oversight
115
+ nist-ai-rmf:
116
+ - nist-govern
117
+ iso-42001:
118
+ - iso-a8
119
+
120
+ - id: eu-art-15
121
+ name: Accuracy and Robustness
122
+ description: Accuracy, robustness and cybersecurity
123
+ applicableRiskLevels:
124
+ - high
125
+ required: true
126
+ category: Technical
127
+ crosswalkIds:
128
+ us-omb-m24:
129
+ - us-safety-testing
130
+ nist-ai-rmf:
131
+ - nist-measure
132
+ iso-42001:
133
+ - iso-a9
134
+
135
+ - id: eu-art-50
136
+ name: Transparency Obligations
137
+ description: Inform users of AI interaction
138
+ applicableRiskLevels:
139
+ - limited
140
+ required: true
141
+ category: Transparency
142
+
143
+ artifactTemplates:
144
+ - id: risk-management-plan
145
+ name: Risk Management Plan
146
+ description: Article 9 compliant risk management documentation
147
+ format: markdown
148
+ requiredFor:
149
+ - high
150
+ templatePath: templates/eu/risk-management-plan.md
151
+
152
+ - id: technical-documentation
153
+ name: Technical Documentation
154
+ description: Article 11 compliant technical documentation
155
+ format: markdown
156
+ requiredFor:
157
+ - high
158
+ templatePath: templates/eu/technical-documentation.md
159
+
160
+ - id: conformity-declaration
161
+ name: EU Declaration of Conformity
162
+ description: Self-declaration of conformity
163
+ format: pdf
164
+ requiredFor:
165
+ - high
166
+ templatePath: templates/eu/conformity-declaration.md
package/profiles/iso-42001.yaml ADDED
@@ -0,0 +1,162 @@
1
+ # ISO/IEC 42001 Compliance Profile
2
+ # AI Management System Standard
3
+
4
+ id: iso-42001
5
+ name: ISO/IEC 42001
6
+ version: "2023"
7
+ jurisdiction: International
8
+ description: AI Management System Standard
9
+ sourceDocument: ISO/IEC 42001:2023
10
+ sourceUrl: https://www.iso.org/standard/81230.html
11
+
12
+ riskLevels:
13
+ - low
14
+ - medium
15
+ - high
16
+ - critical
17
+
18
+ riskLevelMapping:
19
+ minimal: low
20
+ limited: medium
21
+ high: high
22
+ unacceptable: critical
23
+
24
+ trustworthinessCharacteristics:
25
+ - reliability
26
+ - safety
27
+ - security
28
+ - transparency
29
+ - accountability
30
+ - fairness
31
+ - privacy
32
+
33
+ controls:
34
+ - id: iso-a5
35
+ name: Leadership and Commitment
36
+ description: Top management commitment to AIMS
37
+ applicableRiskLevels:
38
+ - low
39
+ - medium
40
+ - high
41
+ - critical
42
+ required: true
43
+ category: Leadership
44
+ crosswalkIds:
45
+ nist-ai-rmf:
46
+ - nist-govern
47
+
48
+ - id: iso-a6
49
+ name: Planning
50
+ description: AI risk and opportunity planning
51
+ applicableRiskLevels:
52
+ - low
53
+ - medium
54
+ - high
55
+ - critical
56
+ required: true
57
+ category: Planning
58
+ crosswalkIds:
59
+ eu-ai-act:
60
+ - eu-art-9
61
+ us-omb-m24:
62
+ - us-aia
63
+ nist-ai-rmf:
64
+ - nist-govern
65
+ - nist-map
66
+
67
+ - id: iso-a7
68
+ name: Support
69
+ description: Resources, competence, awareness
70
+ applicableRiskLevels:
71
+ - medium
72
+ - high
73
+ - critical
74
+ required: true
75
+ category: Support
76
+ crosswalkIds:
77
+ eu-ai-act:
78
+ - eu-art-11
79
+ - eu-art-13
80
+ us-omb-m24:
81
+ - us-notice
82
+ nist-ai-rmf:
83
+ - nist-map
84
+
85
+ - id: iso-a8
86
+ name: Operation
87
+ description: Operational planning and control
88
+ applicableRiskLevels:
89
+ - medium
90
+ - high
91
+ - critical
92
+ required: true
93
+ category: Operations
94
+ crosswalkIds:
95
+ eu-ai-act:
96
+ - eu-art-10
97
+ - eu-art-14
98
+ us-omb-m24:
99
+ - us-human-oversight
100
+ nist-ai-rmf:
101
+ - nist-manage
102
+
103
+ - id: iso-a9
104
+ name: Performance Evaluation
105
+ description: Monitoring, measurement, analysis
106
+ applicableRiskLevels:
107
+ - medium
108
+ - high
109
+ - critical
110
+ required: true
111
+ category: Performance
112
+ crosswalkIds:
113
+ eu-ai-act:
114
+ - eu-art-12
115
+ - eu-art-15
116
+ us-omb-m24:
117
+ - us-safety-testing
118
+ nist-ai-rmf:
119
+ - nist-measure
120
+
121
+ - id: iso-a10
122
+ name: Improvement
123
+ description: Continual improvement
124
+ applicableRiskLevels:
125
+ - high
126
+ - critical
127
+ required: true
128
+ category: Improvement
129
+ crosswalkIds:
130
+ nist-ai-rmf:
131
+ - nist-manage
132
+
133
+ artifactTemplates:
134
+ - id: aims-policy
135
+ name: AIMS Policy
136
+ description: AI Management System Policy
137
+ format: markdown
138
+ requiredFor:
139
+ - low
140
+ - medium
141
+ - high
142
+ - critical
143
+ templatePath: templates/iso/aims-policy.md
144
+
145
+ - id: aims-manual
146
+ name: AIMS Manual
147
+ description: AI Management System Manual
148
+ format: markdown
149
+ requiredFor:
150
+ - high
151
+ - critical
152
+ templatePath: templates/iso/aims-manual.md
153
+
154
+ - id: risk-treatment-plan
155
+ name: Risk Treatment Plan
156
+ description: AI risk treatment plan
157
+ format: markdown
158
+ requiredFor:
159
+ - medium
160
+ - high
161
+ - critical
162
+ templatePath: templates/iso/risk-treatment-plan.md
package/profiles/nist-ai-rmf.yaml ADDED
@@ -0,0 +1,136 @@
1
+ # NIST AI Risk Management Framework Profile
2
+ # NIST AI RMF 1.0
3
+
4
+ id: nist-ai-rmf
5
+ name: NIST AI RMF
6
+ version: "1.0"
7
+ jurisdiction: US
8
+ description: NIST AI Risk Management Framework
9
+ sourceDocument: NIST AI RMF 1.0
10
+ sourceUrl: https://www.nist.gov/itl/ai-risk-management-framework
11
+
12
+ riskLevels:
13
+ - minimal
14
+ - low
15
+ - moderate
16
+ - high
17
+ - critical
18
+
19
+ riskLevelMapping:
20
+ minimal: minimal
21
+ limited: low
22
+ high: high
23
+ unacceptable: critical
24
+
25
+ trustworthinessCharacteristics:
26
+ - valid
27
+ - reliable
28
+ - safe
29
+ - secure
30
+ - accountable
31
+ - transparent
32
+ - explainable
33
+ - privacy_enhanced
34
+ - fair
35
+
36
+ controls:
37
+ - id: nist-govern
38
+ name: GOVERN Function
39
+ description: AI governance policies and procedures
40
+ applicableRiskLevels:
41
+ - minimal
42
+ - low
43
+ - moderate
44
+ - high
45
+ - critical
46
+ required: true
47
+ category: Governance
48
+ crosswalkIds:
49
+ eu-ai-act:
50
+ - eu-art-9
51
+ - eu-art-13
52
+ - eu-art-14
53
+ us-omb-m24:
54
+ - us-aia
55
+ - us-human-oversight
56
+ - us-notice
57
+ iso-42001:
58
+ - iso-a5
59
+ - iso-a6
60
+
61
+ - id: nist-map
62
+ name: MAP Function
63
+ description: Context and risk mapping
64
+ applicableRiskLevels:
65
+ - low
66
+ - moderate
67
+ - high
68
+ - critical
69
+ required: true
70
+ category: Risk Mapping
71
+ crosswalkIds:
72
+ eu-ai-act:
73
+ - eu-art-10
74
+ - eu-art-11
75
+ iso-42001:
76
+ - iso-a6
77
+ - iso-a7
78
+
79
+ - id: nist-measure
80
+ name: MEASURE Function
81
+ description: Risk measurement and monitoring
82
+ applicableRiskLevels:
83
+ - low
84
+ - moderate
85
+ - high
86
+ - critical
87
+ required: true
88
+ category: Measurement
89
+ crosswalkIds:
90
+ eu-ai-act:
91
+ - eu-art-12
92
+ - eu-art-15
93
+ us-omb-m24:
94
+ - us-safety-testing
95
+ iso-42001:
96
+ - iso-a9
97
+
98
+ - id: nist-manage
99
+ name: MANAGE Function
100
+ description: Risk treatment and response
101
+ applicableRiskLevels:
102
+ - low
103
+ - moderate
104
+ - high
105
+ - critical
106
+ required: true
107
+ category: Management
108
+ crosswalkIds:
109
+ eu-ai-act:
110
+ - eu-art-9
111
+ us-omb-m24:
112
+ - us-aia
113
+ - us-equity
114
+ iso-42001:
115
+ - iso-a8
116
+ - iso-a10
117
+
118
+ artifactTemplates:
119
+ - id: nist-profile
120
+ name: NIST AI RMF Profile
121
+ description: Organization-specific AI RMF profile
122
+ format: yaml
123
+ requiredFor:
124
+ - moderate
125
+ - high
126
+ - critical
127
+ templatePath: templates/nist/ai-rmf-profile.yaml
128
+
129
+ - id: nist-playbook
130
+ name: NIST AI RMF Playbook
131
+ description: Implementation playbook for AI RMF
132
+ format: markdown
133
+ requiredFor:
134
+ - high
135
+ - critical
136
+ templatePath: templates/nist/ai-rmf-playbook.md
package/profiles/us-omb-m24.yaml ADDED
@@ -0,0 +1,131 @@
1
+ # US OMB M-24-10/M-24-18 Compliance Profile
2
+ # US Federal AI Governance Memoranda
3
+
4
+ id: us-omb-m24
5
+ name: US OMB M-24-10/M-24-18
6
+ version: "2024.1"
7
+ jurisdiction: US
8
+ description: US Federal AI governance memoranda for rights-impacting and safety-impacting AI
9
+ effectiveDate: "2024-12-01"
10
+ sourceDocument: OMB Memorandum M-24-10, M-24-18
11
+ sourceUrl: https://www.whitehouse.gov/omb/briefing-room/2024/03/28/omb-releases-implementation-guidance-following-president-bidens-executive-order-on-artificial-intelligence/
12
+
13
+ riskLevels:
14
+ - neither
15
+ - rights-impacting
16
+ - safety-impacting
17
+
18
+ riskLevelMapping:
19
+ minimal: neither
20
+ limited: neither
21
+ high: rights-impacting
22
+ unacceptable: safety-impacting
23
+
24
+ trustworthinessCharacteristics:
25
+ - safety
26
+ - equity
27
+ - transparency
28
+ - accountability
29
+ - human_oversight
30
+
31
+ controls:
32
+ - id: us-aia
33
+ name: AI Impact Assessment
34
+ description: Documented AI Impact Assessment
35
+ applicableRiskLevels:
36
+ - rights-impacting
37
+ - safety-impacting
38
+ required: true
39
+ category: Assessment
40
+ crosswalkIds:
41
+ eu-ai-act:
42
+ - eu-art-9
43
+ nist-ai-rmf:
44
+ - nist-govern
45
+ - nist-manage
46
+ iso-42001:
47
+ - iso-a6
48
+
49
+ - id: us-human-oversight
50
+ name: Human Oversight
51
+ description: Meaningful human oversight mechanisms
52
+ applicableRiskLevels:
53
+ - rights-impacting
54
+ - safety-impacting
55
+ required: true
56
+ category: Oversight
57
+ crosswalkIds:
58
+ eu-ai-act:
59
+ - eu-art-14
60
+ nist-ai-rmf:
61
+ - nist-govern
62
+ iso-42001:
63
+ - iso-a8
64
+
65
+ - id: us-equity
66
+ name: Equity Assessment
67
+ description: Assessment of disparate impacts
68
+ applicableRiskLevels:
69
+ - rights-impacting
70
+ required: true
71
+ category: Equity
72
+ crosswalkIds:
73
+ nist-ai-rmf:
74
+ - nist-manage
75
+
76
+ - id: us-notice
77
+ name: Affected Individual Notice
78
+ description: Notice to individuals affected by AI decisions
79
+ applicableRiskLevels:
80
+ - rights-impacting
81
+ required: true
82
+ category: Transparency
83
+ crosswalkIds:
84
+ eu-ai-act:
85
+ - eu-art-13
86
+ - eu-art-50
87
+ nist-ai-rmf:
88
+ - nist-govern
89
+ iso-42001:
90
+ - iso-a7
91
+
92
+ - id: us-appeal
93
+ name: Appeal Process
94
+ description: Process for affected individuals to appeal
95
+ applicableRiskLevels:
96
+ - rights-impacting
97
+ required: true
98
+ category: Remediation
99
+
100
+ - id: us-safety-testing
101
+ name: Safety Testing
102
+ description: Comprehensive safety testing documentation
103
+ applicableRiskLevels:
104
+ - safety-impacting
105
+ required: true
106
+ category: Testing
107
+ crosswalkIds:
108
+ eu-ai-act:
109
+ - eu-art-15
110
+ nist-ai-rmf:
111
+ - nist-measure
112
+ iso-42001:
113
+ - iso-a9
114
+
115
+ artifactTemplates:
116
+ - id: ai-impact-assessment
117
+ name: AI Impact Assessment
118
+ description: OMB required impact assessment
119
+ format: markdown
120
+ requiredFor:
121
+ - rights-impacting
122
+ - safety-impacting
123
+ templatePath: templates/us/ai-impact-assessment.md
124
+
125
+ - id: equity-assessment
126
+ name: Equity Assessment
127
+ description: Disparate impact analysis
128
+ format: markdown
129
+ requiredFor:
130
+ - rights-impacting
131
+ templatePath: templates/us/equity-assessment.md