@ansvar/ch-organic-regen-mcp 0.1.0

package/.github/workflows/check-freshness.yml

@@ -0,0 +1,49 @@
+name: Check Data Freshness
+
+on:
+  schedule:
+    - cron: "0 8 * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  freshness:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+      - run: npm ci
+      - name: Check freshness
+        id: check
+        run: |
+          if npm run freshness:check 2>&1; then
+            echo "stale=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "stale=true" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Create issue if stale
+        if: steps.check.outputs.stale == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const existing = await github.rest.issues.listForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: 'data-stale',
+              state: 'open'
+            });
+            if (existing.data.length === 0) {
+              await github.rest.issues.create({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                title: 'Data is stale — re-ingestion needed',
+                body: 'The daily freshness check detected stale data. Run the ingestion workflow to update.\n\n`gh workflow run ingest.yml`',
+                labels: ['data-stale']
+              });
+            }

package/.github/workflows/ci.yml

@@ -0,0 +1,21 @@
+name: CI
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+      - run: npm ci
+      - run: npm run typecheck
+      - run: npm run lint
+      - run: npm test

package/.github/workflows/codeql.yml

@@ -0,0 +1,25 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "0 6 * * 1"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript-typescript
+      - uses: github/codeql-action/autobuild@v3
+      - uses: github/codeql-action/analyze@v3

package/.github/workflows/ghcr-build.yml

@@ -0,0 +1,45 @@
+name: Build and Push to GHCR
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+concurrency:
+  group: build-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ch-organic-regen-mcp
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ${{ env.REGISTRY }}/ansvar-systems/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=sha,prefix=sha-,format=short
+      - uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

package/.github/workflows/gitleaks.yml

@@ -0,0 +1,18 @@
+name: Gitleaks
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

package/.github/workflows/ingest.yml

@@ -0,0 +1,59 @@
+name: Re-ingest Data
+
+on:
+  schedule:
+    - cron: "0 4 1 * *"
+  workflow_dispatch:
+    inputs:
+      force:
+        description: "Force full rebuild even if no changes detected"
+        type: boolean
+        default: false
+
+permissions:
+  contents: write
+
+jobs:
+  ingest:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+      - run: npm ci
+
+      - name: Fetch upstream data
+        run: npm run ingest:fetch
+
+      - name: Check for changes
+        id: diff
+        run: |
+          if [ "${{ inputs.force }}" = "true" ] || npm run ingest:diff 2>&1 | grep -q "changes detected"; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+            echo "No upstream changes detected. Skipping rebuild."
+          fi
+
+      - name: Rebuild database
+        if: steps.diff.outputs.changed == 'true'
+        run: npm run ingest:full
+
+      - name: Run tests
+        if: steps.diff.outputs.changed == 'true'
+        run: npm test
+
+      - name: Update coverage
+        if: steps.diff.outputs.changed == 'true'
+        run: npm run coverage:update
+
+      - name: Commit updated database
+        if: steps.diff.outputs.changed == 'true'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add data/database.db data/coverage.json data/.source-hashes.json
+          git diff --staged --quiet || git commit -m "chore: re-ingest data $(date +%Y-%m-%d)"
+          git push

package/.github/workflows/publish.yml

@@ -0,0 +1,24 @@
+name: Publish to npm
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          registry-url: "https://registry.npmjs.org"
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/CHANGELOG.md

@@ -0,0 +1,15 @@
+# Changelog
+
+## [0.1.0] - 2026-04-05
+
+### Added
+
+- Initial release with 10 MCP tools (3 meta + 7 domain)
+- SQLite + FTS5 database with schema for organic standards, conversion requirements, approved inputs, subsidies, soil health, certification guidance
+- Dual transport: stdio (npm) and Streamable HTTP (Docker)
+- Jurisdiction validation (CH supported)
+- Data freshness monitoring with 90-day staleness threshold
+- Docker image with non-root user, health check
+- CI/CD: TypeScript build, lint, test, CodeQL, Gitleaks, GHCR image build, npm publish
+- Bilingual disclaimer (DE/EN) and privacy statement
+- Ingestion pipeline for Bio Suisse, Bio-Verordnung, FiBL, Demeter, DZV data

package/CODEOWNERS

@@ -0,0 +1 @@
+* @ansvar-systems/engineering

package/COVERAGE.md

@@ -0,0 +1,47 @@
+# Coverage
+
+## What Is Included
+
+- **Organic standards comparison** -- Bio Suisse Knospe, federal Bio-Verordnung (SR 910.18), and Demeter biodynamic rules across production types (18 rules)
+- **Conversion requirements** -- Timelines, prerequisites, and support measures for switching to organic by farm type (7 farm types)
+- **Approved inputs** -- FiBL Betriebsmittelliste entries for fertilisers, plant protection, and feed (15 products)
+- **Organic subsidies** -- Bio-Beitrag and Direktzahlungen rates per land use type and altitude zone (14 entries)
+- **Soil health guidance** -- Regenerative agriculture methods: composting, cover crops, crop rotation, agroforestry, direct seeding (10 topics)
+- **Certification guidance** -- Knospe certification process via bio.inspecta and Bio Test Agro (8 steps)
+
+## Jurisdictions
+
+| Code | Country | Status |
+|------|---------|--------|
+| CH | Switzerland | Supported |
+
+## Data Sources
+
+| Source | Authority | Type |
+|--------|-----------|------|
+| Bio Suisse Richtlinien (Knospe) | Bio Suisse | Private-label standard |
+| Bio-Verordnung SR 910.18 | Bundesamt fuer Landwirtschaft (BLW) | Federal regulation |
+| FiBL Betriebsmittelliste | Forschungsinstitut fuer biologischen Landbau (FiBL) | Approved input register |
+| Demeter Schweiz Richtlinien | Demeter Schweiz | Private-label standard |
+| DZV Bio-Beitrag | Bundesamt fuer Landwirtschaft (BLW) | Subsidy regulation |
+
+## What Is NOT Included
+
+- **Cantonal-specific organic rules** -- Cantons may have additional requirements not yet ingested
+- **Detailed FiBL product database** -- Only representative entries from the Betriebsmittelliste, not the full product catalogue
+- **Real-time subsidy calculations** -- Rates are from the last DZV update; individual farm calculations require a cantonal advisor
+- **Biodynamic preparations in detail** -- Demeter preparations 500-508 are referenced but not individually documented
+- **Market price data** -- No commodity or organic premium pricing is included
+- **Liechtenstein** -- Uses Swiss organic framework but has separate administrative processes
+- **Import/export certification** -- Bio Suisse import rules are not yet covered
+
+## Known Gaps
+
+1. FiBL Betriebsmittelliste is updated annually; entries may lag behind the published list
+2. Subsidy rates change with each DZV revision (typically annual)
+3. FTS5 search works best with German terms; English queries fall back through tiered matching
+4. Cantonal advisory bodies (LBB, Strickhof, Inforama, etc.) publish supplementary guidance not yet ingested
+
+## Data Freshness
+
+Run `check_data_freshness` to see when data was last updated. The ingestion pipeline runs on a monthly schedule; manual triggers available via `gh workflow run ingest.yml`.

package/DISCLAIMER.md

@@ -0,0 +1,67 @@
+# Haftungsausschluss / Disclaimer
+
+## Deutsch
+
+Dieser MCP-Server stellt landwirtschaftliche Daten ausschliesslich zu Informationszwecken bereit.
+
+### Keine Fachberatung
+
+Die bereitgestellten Daten stellen keine professionelle landwirtschaftliche, agronomische oder finanzielle Beratung dar. Vor der Umstellung auf biologische Landwirtschaft, der Anwendung regenerativer Methoden oder der Beantragung von Zertifizierungen ist stets eine qualifizierte Fachberatung hinzuzuziehen:
+
+- **FiBL** (Forschungsinstitut fuer biologischen Landbau)
+- **Bio Suisse** Beratungsdienst
+- **Kantonale Fachstellen** fuer Biolandbau
+- **AGRIDEA** Beratungszentrale
+- **Akkreditierter Bio-Berater**
+
+### Datenquellen
+
+- **Bio Suisse Richtlinien (Knospe)** -- Bio Suisse, oeffentliches Richtliniendokument
+- **Bio-Verordnung (SR 910.18)** -- Bundesamt fuer Landwirtschaft (BLW), frei verwendbar
+- **FiBL Betriebsmittelliste** -- Forschungsinstitut fuer biologischen Landbau, oeffentliche Referenzliste
+- **Demeter Schweiz Richtlinien** -- Demeter Schweiz, oeffentliches Richtliniendokument
+- **Direktzahlungsverordnung (DZV)** -- Bundesamt fuer Landwirtschaft (BLW), frei verwendbar
+
+### Aktualitaet
+
+Landwirtschaftliche Daten aendern sich. Bio Suisse Richtlinien werden jaehrlich an der Delegiertenversammlung angepasst. Die DZV wird periodisch revidiert. Dieser Server zeigt die Daten zum Zeitpunkt der letzten Datenaktualisierung. Verwenden Sie `check_data_freshness` fuer das Alter der Daten.
+
+### Kantonale Abweichungen
+
+Kantonale Vorschriften und betriebsspezifische Anpassungen sind eigenstaendig zu pruefen. Dieser Server deckt die Bundesgesetzgebung und private Label-Standards (Knospe, Demeter) ab, nicht kantonale Sonderregelungen.
+
+---
+
+## English
+
+This MCP server provides agricultural data for informational purposes only.
+
+### Not Professional Advice
+
+The data served by this tool does not constitute professional agricultural, agronomic, or financial advice. Before converting to organic farming, applying regenerative methods, or applying for certifications, always consult a qualified advisor:
+
+- **FiBL** (Research Institute of Organic Agriculture)
+- **Bio Suisse** advisory services
+- **Cantonal organic farming authorities**
+- **AGRIDEA** advisory centre
+- **Accredited organic farming consultant**
+
+### Data Sources
+
+- **Bio Suisse Richtlinien (Knospe)** -- Bio Suisse, public standards document
+- **Bio-Verordnung (SR 910.18)** -- Federal Office for Agriculture (BLW), free reuse
+- **FiBL Betriebsmittelliste** -- Research Institute of Organic Agriculture, public reference list
+- **Demeter Schweiz Richtlinien** -- Demeter Switzerland, public standards document
+- **Direktzahlungsverordnung (DZV)** -- Federal Office for Agriculture (BLW), free reuse
+
+### Currency
+
+Agricultural data changes. Bio Suisse standards are updated annually at the delegate assembly. The DZV is revised periodically. This tool shows data available at the time of its last ingestion run. Check `check_data_freshness` for data age.
+
+### Cantonal Variations
+
+Cantonal regulations and farm-specific adjustments must be verified independently. This server covers federal legislation and private label standards (Knospe, Demeter), not cantonal special provisions.
+
+### No Warranty
+
+This software is provided "as is" without warranty of any kind. See the Apache-2.0 license for details.

package/Dockerfile

@@ -0,0 +1,26 @@
+FROM node:20-slim AS builder
+RUN apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/*
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY tsconfig.json ./
+COPY src/ src/
+RUN npm run build
+
+FROM node:20-slim
+RUN apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/*
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nodejs
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --omit=dev && npm cache clean --force && apt-get purge -y python3 make g++ && apt-get autoremove -y
+COPY --from=builder /app/dist dist/
+COPY data/ data/
+RUN chown -R nodejs:nodejs /app/data
+USER nodejs
+ENV NODE_ENV=production
+ENV PORT=3000
+EXPOSE 3000
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+  CMD node -e "require('http').get('http://localhost:' + process.env.PORT + '/health', (r) => { process.exit(r.statusCode === 200 ? 0 : 1) })"
+CMD ["node", "dist/http-server.js"]

package/LICENSE

@@ -0,0 +1,17 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+   Copyright 2026 Ansvar Systems

package/PRIVACY.md

@@ -0,0 +1,23 @@
+# Privacy Statement
+
+## No Data Collection
+
+This MCP server:
+
+- Does **not** collect, store, or transmit any user data
+- Does **not** use cookies, analytics, or telemetry
+- Does **not** require user accounts or authentication
+- Does **not** log queries or usage patterns
+- Does **not** store any client-side state
+
+## Data Served
+
+All data returned by this server is sourced from publicly available Swiss organic farming standards, federal regulations, and research institute publications. No personal data, proprietary data, or confidential information is included.
+
+## Self-Hosting
+
+This server can be self-hosted. When you run it locally via npm or Docker, all processing happens on your machine. No external network calls are made at query time -- all data is embedded in the SQLite database.
+
+## Contact
+
+For privacy questions: privacy@ansvar.eu

package/README.md

@@ -0,0 +1,117 @@
+# Switzerland Organic & Regenerative Farming MCP
+
+[![CI](https://github.com/ansvar-systems/ch-organic-regen-mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/ansvar-systems/ch-organic-regen-mcp/actions/workflows/ci.yml)
+[![GHCR](https://github.com/ansvar-systems/ch-organic-regen-mcp/actions/workflows/ghcr-build.yml/badge.svg)](https://github.com/ansvar-systems/ch-organic-regen-mcp/actions/workflows/ghcr-build.yml)
+[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+
+Swiss organic and regenerative agriculture data via the [Model Context Protocol](https://modelcontextprotocol.io). Query Bio Suisse Knospe standards, Bio-Verordnung, FiBL Betriebsmittelliste, Demeter rules, conversion requirements, organic subsidies, soil health guidance, and certification processes -- all from your AI assistant.
+
+Part of [Ansvar Open Agriculture](https://ansvar.eu/open-agriculture).
+
+## Why This Exists
+
+Swiss organic farmers, advisors, and certification bodies need fast access to Bio Suisse Knospe rules, federal Bio-Verordnung requirements, FiBL approved input lists, Demeter biodynamic standards, conversion timelines, and subsidy rates. This information is published across multiple organisations (Bio Suisse, BLW, FiBL, Demeter Schweiz, AGRIDEA) in PDFs and web portals that AI assistants cannot query directly. This MCP server makes it all searchable.
+
+## Quick Start
+
+### Claude Desktop
+
+Add to `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "ch-organic-regen": {
+      "command": "npx",
+      "args": ["-y", "@ansvar/ch-organic-regen-mcp"]
+    }
+  }
+}
+```
+
+### Claude Code
+
+```bash
+claude mcp add ch-organic-regen npx @ansvar/ch-organic-regen-mcp
+```
+
+### Streamable HTTP (remote)
+
+```
+https://mcp.ansvar.eu/ch-organic-regen/mcp
+```
+
+### Docker (self-hosted)
+
+```bash
+docker run -p 3000:3000 ghcr.io/ansvar-systems/ch-organic-regen-mcp:latest
+```
+
+### npm (stdio)
+
+```bash
+npx @ansvar/ch-organic-regen-mcp
+```
+
+## Example Queries
+
+Ask your AI assistant:
+
+- "Was sind die Knospe-Anforderungen fuer Futtermittel?"
+- "What are the conversion requirements for a dairy farm switching to organic?"
+- "Welche Pflanzenschutzmittel sind auf der FiBL-Betriebsmittelliste zugelassen?"
+- "What Bio-Beitrag subsidies are available in Bergzone II?"
+- "How does Demeter differ from Knospe for animal husbandry?"
+- "What composting methods are recommended for soil health?"
+- "How do I apply for Knospe certification through bio.inspecta?"
+
+## Stats
+
+| Metric | Value |
+|--------|-------|
+| Tools | 10 (3 meta + 7 domain) |
+| Jurisdiction | CH (Switzerland) |
+| Data sources | Bio Suisse Knospe, Bio-Verordnung SR 910.18, FiBL Betriebsmittelliste, Demeter Schweiz, DZV Bio-Beitrag |
+| License (data) | Public standards / Swiss federal free reuse |
+| License (code) | Apache-2.0 |
+| Transport | stdio + Streamable HTTP |
+
+## Tools
+
+| Tool | Description |
+|------|-------------|
+| `about` | Server metadata and links |
+| `list_sources` | Data sources with freshness info |
+| `check_data_freshness` | Staleness status and refresh command |
+| `search_organic_rules` | FTS5 search across organic rules, conversion, and soil health data |
+| `get_conversion_requirements` | Conversion timeline and requirements by farm type |
+| `get_organic_standards` | Production rules comparing Knospe, Bio-Verordnung, and Demeter |
+| `get_approved_inputs` | FiBL Betriebsmittelliste: approved fertilisers, plant protection, feed |
+| `get_organic_subsidies` | Bio-Beitrag and Direktzahlungen rates by zone |
+| `get_soil_health_guidance` | Regenerative methods: composting, cover crops, agroforestry |
+| `search_certification_guidance` | Knospe certification process: bio.inspecta, Bio Test Agro |
+
+See [TOOLS.md](TOOLS.md) for full parameter documentation.
+
+## Security Scanning
+
+This repository runs security checks on every push:
+
+- **CodeQL** -- static analysis for JavaScript/TypeScript
+- **Gitleaks** -- secret detection across full history
+- **Dependency review** -- via Dependabot
+- **Container scanning** -- via GHCR build pipeline
+
+See [SECURITY.md](SECURITY.md) for reporting policy.
+
+## Disclaimer
+
+This tool provides reference data for informational purposes only. It is not professional agricultural advice. Always consult a qualified organic farming advisor (FiBL, Bio Suisse, cantonal authority, AGRIDEA) before making conversion or management decisions. See [DISCLAIMER.md](DISCLAIMER.md).
+
+## Contributing
+
+Issues and pull requests welcome. For security vulnerabilities, email security@ansvar.eu (do not open a public issue).
+
+## License
+
+Apache-2.0. Data sourced from Bio Suisse, FiBL, BLW, and Demeter Schweiz under public standards and Swiss federal free-reuse terms.

package/SECURITY.md

@@ -0,0 +1,25 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do NOT open a public issue**
+2. Email security@ansvar.eu with:
+   - Description of the vulnerability
+   - Steps to reproduce
+   - Potential impact
+3. We will acknowledge within 48 hours and provide a timeline for fix
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| Latest  | Yes       |
+
+## Security Measures
+
+- All dependencies scanned via CodeQL, Semgrep, Trivy, Gitleaks, Socket, and OpenSSF Scorecard
+- No secrets stored in code -- all data is public domain
+- SQLite database is read-only at runtime
+- Container runs as non-root with no-new-privileges and cap_drop ALL