@ansvar/ch-environmental-compliance-mcp 0.1.0

package/.github/workflows/check-freshness.yml

@@ -0,0 +1,49 @@
+name: Check Data Freshness
+
+on:
+  schedule:
+    - cron: "0 8 * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  freshness:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+      - run: npm ci
+      - name: Check freshness
+        id: check
+        run: |
+          if npm run freshness:check 2>&1; then
+            echo "stale=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "stale=true" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Create issue if stale
+        if: steps.check.outputs.stale == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const existing = await github.rest.issues.listForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: 'data-stale',
+              state: 'open'
+            });
+            if (existing.data.length === 0) {
+              await github.rest.issues.create({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                title: 'Data is stale — re-ingestion needed',
+                body: 'The daily freshness check detected stale data. Run the ingestion workflow to update.\n\n`gh workflow run ingest.yml`',
+                labels: ['data-stale']
+              });
+            }

package/.github/workflows/ci.yml

@@ -0,0 +1,21 @@
+name: CI
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+      - run: npm ci
+      - run: npm run typecheck
+      - run: npm run lint
+      - run: npm test

package/.github/workflows/codeql.yml

@@ -0,0 +1,25 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "0 6 * * 1"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript-typescript
+      - uses: github/codeql-action/autobuild@v3
+      - uses: github/codeql-action/analyze@v3

package/.github/workflows/ghcr-build.yml

@@ -0,0 +1,45 @@
+name: Build and Push to GHCR
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+concurrency:
+  group: build-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ch-environmental-compliance-mcp
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ${{ env.REGISTRY }}/ansvar-systems/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=sha,prefix=sha-,format=short
+      - uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

package/.github/workflows/gitleaks.yml

@@ -0,0 +1,18 @@
+name: Gitleaks
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

package/.github/workflows/ingest.yml

@@ -0,0 +1,59 @@
+name: Re-ingest Data
+
+on:
+  schedule:
+    - cron: "0 4 1 * *"
+  workflow_dispatch:
+    inputs:
+      force:
+        description: "Force full rebuild even if no changes detected"
+        type: boolean
+        default: false
+
+permissions:
+  contents: write
+
+jobs:
+  ingest:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+      - run: npm ci
+
+      - name: Fetch upstream data
+        run: npm run ingest:fetch
+
+      - name: Check for changes
+        id: diff
+        run: |
+          if [ "${{ inputs.force }}" = "true" ] || npm run ingest:diff 2>&1 | grep -q "changes detected"; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+            echo "No upstream changes detected. Skipping rebuild."
+          fi
+
+      - name: Rebuild database
+        if: steps.diff.outputs.changed == 'true'
+        run: npm run ingest:full
+
+      - name: Run tests
+        if: steps.diff.outputs.changed == 'true'
+        run: npm test
+
+      - name: Update coverage
+        if: steps.diff.outputs.changed == 'true'
+        run: npm run coverage:update
+
+      - name: Commit updated database
+        if: steps.diff.outputs.changed == 'true'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add data/database.db data/coverage.json data/.source-hashes.json
+          git diff --staged --quiet || git commit -m "chore: re-ingest data $(date +%Y-%m-%d)"
+          git push

package/.github/workflows/publish.yml

@@ -0,0 +1,24 @@
+name: Publish to npm
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          registry-url: "https://registry.npmjs.org"
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/CHANGELOG.md

@@ -0,0 +1,15 @@
+# Changelog
+
+## [0.1.0] - 2026-04-05
+
+### Added
+
+- Initial release with 11 MCP tools (3 meta + 8 domain)
+- SQLite + FTS5 database with schema for water protection zones, buffer zones, ammonia rules, BFF types, nutrient loss limits, environmental rules (UVP + VBBo)
+- Compliance checker that evaluates applicable rules for a given agricultural operation
+- Dual transport: stdio (npm) and Streamable HTTP (Docker)
+- Jurisdiction validation (CH supported)
+- Data freshness monitoring with 90-day staleness threshold
+- Docker image with non-root user, health check
+- CI/CD: TypeScript build, lint, test, CodeQL, Gitleaks, GHCR image build, npm publish
+- Bilingual DE/EN disclaimer covering GSchG, LRV, DZV, VBBo, UVPV

package/CODEOWNERS

@@ -0,0 +1 @@
+* @ansvar-systems/engineering

package/COVERAGE.md

@@ -0,0 +1,50 @@
+# Coverage
+
+## What Is Included
+
+- **Water protection zones** (Grundwasserschutzzonen): S1, S2, S3, Sm, Zu with restrictions and legal basis from GSchG/GSchV
+- **Buffer zones** (Pufferstreifen): distances and requirements along water bodies, hedges, field boundaries from OELN/ChemRRV
+- **Ammonia emission rules**: emission factors by application technique, Schleppschlauch-Pflicht, Agrammon parameters from LRV
+- **Biodiversity areas** (BFF): types, QI/QII payment rates, minimum area requirements, botanical criteria from DZV
+- **Nutrient loss limits**: Pa.Iv. 19.475 Absenkpfad for N and P through 2030, yearly milestones, Suisse-Bilanz tolerances
+- **Environmental impact assessment** (UVP): thresholds for agricultural buildings from UVPV
+- **Soil contamination** (VBBo): Richtwerte for heavy metals (Cd, Cu, Zn, Pb) and remediation triggers
+
+## Data Counts
+
+| Table | Records |
+|-------|---------|
+| Water protection zones | 5 |
+| Buffer zones | 9 |
+| Ammonia rules | 10 |
+| BFF types | 18 |
+| Nutrient loss limits | 8 |
+| Environmental rules (UVP + VBBo) | 16 |
+| FTS5 search entries | 66 |
+
+## Jurisdictions
+
+| Code | Country | Status |
+|------|---------|--------|
+| CH | Switzerland | Supported |
+
+## What Is NOT Included
+
+- **Cantonal implementation details** -- federal rules only; cantonal ordinances and derogations vary by canton
+- **Real-time cantonal zone maps** -- Grundwasserschutzzonen are mapped by cantons; this server lists the zone types and restrictions, not spatial data
+- **Pesticide product approvals** -- covered by the Swiss Plant Protection Products Register (BLW), not this server
+- **Animal welfare regulations** (TSchG/TSchV) -- separate legal domain
+- **Agricultural direct payment calculations** -- DZV BFF payment rates are included, but full Suisse-Bilanz calculations require farm-specific inputs
+- **Cross-compliance details** (OELN full checklist) -- only environmental compliance topics are covered
+- **EU regulation cross-references** -- Swiss environmental law is federal, not EU-harmonised for agriculture
+
+## Known Gaps
+
+1. BFF botanical quality criteria are summarised; full species lists per BFF type are not included
+2. Agrammon emission factor detail depends on model version at time of ingestion
+3. VBBo Richtwerte cover the most common heavy metals; trace organics are not included
+4. Pa.Iv. 19.475 targets may be revised by Parliament before 2030 -- check BLW publications
+
+## Data Freshness
+
+Run `check_data_freshness` to see when data was last updated. The ingestion pipeline runs monthly; manual triggers available via `gh workflow run ingest.yml`.

package/DISCLAIMER.md

@@ -0,0 +1,48 @@
+# Haftungsausschluss / Disclaimer
+
+## Keine Rechtsberatung / Not Legal Advice
+
+### Deutsch
+
+Diese Daten dienen ausschliesslich der Information und stellen keine rechtliche oder umweltfachliche Beratung dar. Vor Massnahmen im Gewaesserschutz, bei Ammoniakemissionen, Biodiversitaetsfoerderflaechen oder Naehrstoffverlusten ist stets die zustaendige kantonale Fachstelle oder das BAFU zu konsultieren.
+
+### English
+
+This data is provided for informational purposes only and does not constitute legal or environmental compliance advice. Always consult the relevant cantonal authority or BAFU before taking action.
+
+## Datenquellen / Data Sources
+
+Die Daten stammen aus folgenden Quellen / Data is sourced from:
+
+- **GSchG (SR 814.20)** -- Gewaesserschutzgesetz / Federal Act on the Protection of Waters
+- **GSchV (SR 814.201)** -- Gewaesserschutzverordnung / Waters Protection Ordinance
+- **LRV (SR 814.318.142.1)** -- Luftreinhalte-Verordnung / Air Pollution Control Ordinance
+- **DZV (SR 910.13)** -- Direktzahlungsverordnung / Direct Payments Ordinance
+- **VBBo (SR 814.12)** -- Verordnung ueber Belastungen des Bodens / Ordinance on Soil Contamination
+- **UVPV (SR 814.011)** -- Verordnung ueber die Umweltvertraeglichkeitspruefung
+- **BAFU** -- Bundesamt fuer Umwelt (Federal Office for the Environment)
+- **BLW** -- Bundesamt fuer Landwirtschaft (Federal Office for Agriculture)
+- **Agroscope** -- Agrammon-Modell (Ammoniakemissionsfaktoren)
+- **Pa.Iv. 19.475** -- Parlamentarische Initiative Absenkpfad Naehrstoffverluste
+
+Alle Daten werden unter den Grundsaetzen der Weiterverwendung von oeffentlichen Informationen der Schweizerischen Eidgenossenschaft genutzt.
+
+All data is used under Swiss Federal Administration free-reuse principles.
+
+## Kantonale Abweichungen / Cantonal Variations
+
+Die Schweiz ist foederalistisch organisiert. Kantone koennen strengere Auflagen als der Bund erlassen. Insbesondere bei Grundwasserschutzzonen, UVP-Schwellenwerten und BFF-Anforderungen koennen kantonale Regelungen abweichen.
+
+Switzerland is a federal state. Cantons may impose stricter requirements than federal law. Water protection zones, EIA thresholds, and BFF requirements may differ by canton.
+
+## Aktualitaet / Currency
+
+Umweltvorschriften aendern sich. Insbesondere die Pa.Iv. 19.475 Absenkpfade werden jaehrlich aktualisiert. Pruefen Sie `check_data_freshness` fuer das Alter der Daten.
+
+Environmental regulations change. Pa.Iv. 19.475 targets are updated annually. Use `check_data_freshness` to verify data age.
+
+## Keine Gewaehrleistung / No Warranty
+
+Diese Software wird ohne jegliche Gewaehrleistung bereitgestellt. Siehe Apache-2.0-Lizenz.
+
+This software is provided "as is" without warranty of any kind. See the Apache-2.0 license for details.

package/Dockerfile

@@ -0,0 +1,26 @@
+FROM node:20-slim AS builder
+RUN apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/*
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY tsconfig.json ./
+COPY src/ src/
+RUN npm run build
+
+FROM node:20-slim
+RUN apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/*
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nodejs
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --omit=dev && npm cache clean --force && apt-get purge -y python3 make g++ && apt-get autoremove -y
+COPY --from=builder /app/dist dist/
+COPY data/ data/
+RUN chown -R nodejs:nodejs /app/data
+USER nodejs
+ENV NODE_ENV=production
+ENV PORT=3000
+EXPOSE 3000
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+  CMD node -e "require('http').get('http://localhost:' + process.env.PORT + '/health', (r) => { process.exit(r.statusCode === 200 ? 0 : 1) })"
+CMD ["node", "dist/http-server.js"]

package/LICENSE

@@ -0,0 +1,17 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+   Copyright 2026 Ansvar Systems

package/PRIVACY.md

@@ -0,0 +1,23 @@
+# Privacy Statement
+
+## No Data Collection
+
+This MCP server:
+
+- Does **not** collect, store, or transmit any user data
+- Does **not** use cookies, analytics, or telemetry
+- Does **not** require user accounts or authentication
+- Does **not** log queries or usage patterns
+- Does **not** store any client-side state
+
+## Data Served
+
+All data returned by this server is sourced from publicly available Swiss federal publications (BAFU, BLW, Agroscope). No personal data, proprietary data, or confidential information is included.
+
+## Self-Hosting
+
+This server can be self-hosted. When you run it locally via npm or Docker, all processing happens on your machine. No external network calls are made at query time -- all data is embedded in the SQLite database.
+
+## Contact
+
+For privacy questions: privacy@ansvar.eu

package/README.md

@@ -0,0 +1,116 @@
+# Switzerland Environmental Compliance MCP
+
+[![CI](https://github.com/ansvar-systems/ch-environmental-compliance-mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/ansvar-systems/ch-environmental-compliance-mcp/actions/workflows/ci.yml)
+[![GHCR](https://github.com/ansvar-systems/ch-environmental-compliance-mcp/actions/workflows/ghcr-build.yml/badge.svg)](https://github.com/ansvar-systems/ch-environmental-compliance-mcp/actions/workflows/ghcr-build.yml)
+[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+
+Swiss environmental compliance data for agriculture via the [Model Context Protocol](https://modelcontextprotocol.io). Water protection zones, buffer strips, ammonia emissions, biodiversity areas, nutrient loss targets, EIA thresholds, and soil contamination limits -- all from your AI assistant.
+
+Part of [Ansvar Open Agriculture](https://ansvar.eu/open-agriculture).
+
+## Why This Exists
+
+Swiss farms must comply with federal environmental regulations across several domains: Gewaesserschutz (GSchG/GSchV), ammonia emissions (LRV), Biodiversitaetsfoerderflaechen (DZV), the Pa.Iv. 19.475 nutrient loss reduction pathway, and UVP/VBBo for building permits and soil protection. These rules are published by BAFU, BLW, and Agroscope but scattered across ordinances, fact sheets, and cantonal guidance. This MCP server brings them together in a structured, searchable format.
+
+## Quick Start
+
+### Claude Desktop
+
+Add to `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "ch-environmental-compliance": {
+      "command": "npx",
+      "args": ["-y", "@ansvar/ch-environmental-compliance-mcp"]
+    }
+  }
+}
+```
+
+### Claude Code
+
+```bash
+claude mcp add ch-environmental-compliance npx @ansvar/ch-environmental-compliance-mcp
+```
+
+### Streamable HTTP (remote)
+
+```
+https://mcp.ansvar.eu/ch-environmental-compliance/mcp
+```
+
+### Docker (self-hosted)
+
+```bash
+docker run -p 3000:3000 ghcr.io/ansvar-systems/ch-environmental-compliance-mcp:latest
+```
+
+### npm (stdio)
+
+```bash
+npx @ansvar/ch-environmental-compliance-mcp
+```
+
+## Example Queries
+
+Ask your AI assistant:
+
+- "Welche Grundwasserschutzzonen gibt es und was ist dort verboten?"
+- "Wie breit muessen Pufferstreifen an Gewaessern sein?"
+- "Ab wann gilt die Schleppschlauch-Pflicht fuer Guellausbringung?"
+- "Welche BFF-Typen erhalten QII-Beitraege?"
+- "Was sind die Naehrstoffverlust-Reduktionsziele fuer 2027?"
+- "Check compliance for a 60-head dairy farm on 35 hectares"
+
+## Stats
+
+| Metric | Value |
+|--------|-------|
+| Tools | 11 (3 meta + 8 domain) |
+| Jurisdiction | CH |
+| Data sources | BAFU (GSchG/GSchV, LRV, VBBo), BLW (DZV, OELN), Agroscope (Agrammon), Parlament (Pa.Iv. 19.475) |
+| License (data) | Swiss Federal Administration -- free reuse |
+| License (code) | Apache-2.0 |
+| Transport | stdio + Streamable HTTP |
+
+## Tools
+
+| Tool | Description |
+|------|-------------|
+| `about` | Server metadata and links |
+| `list_sources` | Data sources with freshness info |
+| `check_data_freshness` | Staleness status and refresh command |
+| `search_environmental_rules` | FTS5 search across all environmental compliance topics |
+| `get_water_protection_zones` | Grundwasserschutzzonen S1-S3/Sm/Zu with restrictions |
+| `get_buffer_zone_rules` | Pufferstreifen distances and requirements |
+| `get_ammonia_rules` | Ammoniakemissionen by technique (LRV) |
+| `get_bff_requirements` | BFF types, QI/QII payment rates, botanical criteria |
+| `get_nutrient_loss_limits` | Pa.Iv. 19.475 N/P reduction targets through 2030 |
+| `get_eip_requirements` | UVP thresholds and VBBo soil contamination limits |
+| `check_environmental_compliance` | Applicable rules for a given agricultural operation |
+
+See [TOOLS.md](TOOLS.md) for full parameter documentation.
+
+## Security Scanning
+
+This repository runs security checks on every push:
+
+- **CodeQL** -- static analysis for JavaScript/TypeScript
+- **Gitleaks** -- secret detection across full history
+- **Dependency review** -- via Dependabot
+
+See [SECURITY.md](SECURITY.md) for reporting policy.
+
+## Disclaimer
+
+This data is for reference only. **Always consult the relevant cantonal authority or BAFU before taking action.** This tool is not legal or environmental compliance advice. See [DISCLAIMER.md](DISCLAIMER.md).
+
+## Contributing
+
+Issues and pull requests welcome. For security vulnerabilities, email security@ansvar.eu (do not open a public issue).
+
+## License
+
+Apache-2.0. Data sourced from Swiss Federal Administration publications under free-reuse principles.

package/SECURITY.md

@@ -0,0 +1,25 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do NOT open a public issue**
+2. Email security@ansvar.eu with:
+   - Description of the vulnerability
+   - Steps to reproduce
+   - Potential impact
+3. We will acknowledge within 48 hours and provide a timeline for fix
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| Latest  | Yes       |
+
+## Security Measures
+
+- All dependencies scanned via CodeQL, Gitleaks, and Dependabot
+- No secrets stored in code -- all data is public domain
+- SQLite database is read-only at runtime
+- Container runs as non-root with no-new-privileges and cap_drop ALL