@ansvar/eu-regulations-mcp 0.1.0

package/scripts/check-updates.ts

@@ -0,0 +1,192 @@
+#!/usr/bin/env npx tsx
+
+/**
+ * Check for updates to EU regulations from EUR-Lex.
+ * Compares current database versions against EUR-Lex metadata.
+ *
+ * Usage: npx tsx scripts/check-updates.ts
+ */
+
+import Database from 'better-sqlite3';
+import { existsSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+const DB_PATH = join(__dirname, '..', 'data', 'regulations.db');
+
+interface SourceRecord {
+  regulation: string;
+  celex_id: string;
+  eur_lex_version: string | null;
+  last_fetched: string | null;
+  articles_expected: number | null;
+  articles_parsed: number | null;
+  quality_status: string;
+}
+
+interface EurLexMetadata {
+  celexId: string;
+  lastModified: string;
+  title: string;
+  dateDocument: string;
+  consolidatedVersions?: string[];
+}
+
+// Known regulations to monitor
+const MONITORED_REGULATIONS = [
+  { celex_id: '32016R0679', id: 'GDPR', name: 'General Data Protection Regulation' },
+  { celex_id: '32022L2555', id: 'NIS2', name: 'NIS2 Directive' },
+  { celex_id: '32022R2554', id: 'DORA', name: 'Digital Operational Resilience Act' },
+  { celex_id: '32024R1689', id: 'AI_ACT', name: 'Artificial Intelligence Act' },
+  { celex_id: '32024R2847', id: 'CRA', name: 'Cyber Resilience Act' },
+  { celex_id: '32019R0881', id: 'CYBERSECURITY_ACT', name: 'EU Cybersecurity Act' },
+];
+
+async function fetchEurLexMetadata(celexId: string): Promise<EurLexMetadata | null> {
+  // Use EUR-Lex REST API to get document metadata
+  const metadataUrl = `https://eur-lex.europa.eu/search.html?SUBDOM_INIT=LEGISLATION&DB_TYPE_OF_ACT=regulation&DTS_SUBDOM=LEGISLATION&typeOfActStatus=REGULATION&qid=1&FM_CODED=REG&type=advanced&DTS_DOM=ALL&page=1&lang=en&CELEX=${celexId}`;
+
+  // Alternative: use the document info endpoint
+  const infoUrl = `https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:${celexId}`;
+
+  try {
+    const response = await fetch(infoUrl, {
+      headers: {
+        'User-Agent': 'Mozilla/5.0 (compatible; EU-Compliance-MCP/1.0)',
+        'Accept': 'text/html',
+      },
+    });
+
+    if (!response.ok) {
+      console.error(`Failed to fetch metadata for ${celexId}: ${response.status}`);
+      return null;
+    }
+
+    const html = await response.text();
+
+    // Extract last modified from HTML meta tags or content
+    const dateMatch = html.match(/Date of document:\s*(\d{2}\/\d{2}\/\d{4})/i);
+    const lastModMatch = html.match(/ELI.*?(\d{4}-\d{2}-\d{2})/i);
+    const titleMatch = html.match(/<title>([^<]+)<\/title>/i);
+
+    // Check for consolidated versions indicator
+    const hasConsolidated = html.includes('Consolidated text') || html.includes('consolidated version');
+
+    return {
+      celexId,
+      lastModified: lastModMatch?.[1] || dateMatch?.[1] || 'unknown',
+      title: titleMatch?.[1]?.trim() || 'Unknown',
+      dateDocument: dateMatch?.[1] || 'unknown',
+    };
+  } catch (error) {
+    console.error(`Error fetching metadata for ${celexId}:`, error);
+    return null;
+  }
+}
+
+async function checkForUpdates(): Promise<void> {
+  console.log('Checking EUR-Lex for regulation updates...\n');
+
+  // Check if database exists
+  if (!existsSync(DB_PATH)) {
+    console.log('Database not found. Run `npm run build:db` first.');
+    process.exit(1);
+  }
+
+  const db = new Database(DB_PATH, { readonly: true });
+
+  // Get current source registry
+  const sources = db.prepare(`
+    SELECT regulation, celex_id, eur_lex_version, last_fetched, quality_status
+    FROM source_registry
+  `).all() as SourceRecord[];
+
+  const sourceMap = new Map(sources.map(s => [s.celex_id, s]));
+
+  console.log('Status Report');
+  console.log('='.repeat(80));
+
+  const updates: Array<{ id: string; celex_id: string; reason: string }> = [];
+
+  for (const reg of MONITORED_REGULATIONS) {
+    const source = sourceMap.get(reg.celex_id);
+
+    process.stdout.write(`\n${reg.id.padEnd(20)} (${reg.celex_id}): `);
+
+    if (!source) {
+      console.log('NOT INGESTED');
+      updates.push({ id: reg.id, celex_id: reg.celex_id, reason: 'Not yet ingested' });
+      continue;
+    }
+
+    // Fetch current EUR-Lex metadata
+    const metadata = await fetchEurLexMetadata(reg.celex_id);
+
+    if (!metadata) {
+      console.log('FETCH FAILED');
+      continue;
+    }
+
+    const lastFetched = source.last_fetched || 'never';
+    const eurLexVersion = metadata.lastModified;
+
+    if (source.eur_lex_version !== eurLexVersion && source.eur_lex_version) {
+      console.log('UPDATE AVAILABLE');
+      console.log(`  Local version:  ${source.eur_lex_version}`);
+      console.log(`  EUR-Lex version: ${eurLexVersion}`);
+      updates.push({ id: reg.id, celex_id: reg.celex_id, reason: `Version changed: ${source.eur_lex_version} -> ${eurLexVersion}` });
+    } else if (source.quality_status !== 'complete') {
+      console.log(`INCOMPLETE (${source.quality_status})`);
+      updates.push({ id: reg.id, celex_id: reg.celex_id, reason: `Quality status: ${source.quality_status}` });
+    } else {
+      console.log('UP TO DATE');
+      console.log(`  Last fetched: ${lastFetched}`);
+    }
+  }
+
+  db.close();
+
+  // Summary
+  console.log('\n' + '='.repeat(80));
+  console.log('Summary');
+  console.log('='.repeat(80));
+
+  if (updates.length === 0) {
+    console.log('\n✓ All monitored regulations are up to date.');
+  } else {
+    console.log(`\n⚠ ${updates.length} regulation(s) need attention:\n`);
+    for (const u of updates) {
+      console.log(`  - ${u.id}: ${u.reason}`);
+    }
+
+    console.log('\nTo update, run:');
+    for (const u of updates) {
+      console.log(`  npx tsx scripts/ingest-eurlex.ts ${u.celex_id} data/seed/${u.id.toLowerCase()}.json`);
+    }
+    console.log('\nThen: npm run build:db');
+  }
+}
+
+// Also provide a function to update the source registry after ingestion
+export async function updateSourceRegistry(
+  db: Database.Database,
+  regulation: string,
+  celexId: string,
+  articleCount: number
+): Promise<void> {
+  const now = new Date().toISOString();
+
+  db.prepare(`
+    INSERT OR REPLACE INTO source_registry
+    (regulation, celex_id, eur_lex_version, last_fetched, articles_expected, articles_parsed, quality_status)
+    VALUES (?, ?, ?, ?, ?, ?, 'complete')
+  `).run(regulation, celexId, now.split('T')[0], now, articleCount, articleCount);
+}
+
+checkForUpdates().catch(err => {
+  console.error('Error:', err);
+  process.exit(1);
+});

package/scripts/ingest-eurlex.ts

@@ -0,0 +1,219 @@
+#!/usr/bin/env npx tsx
+
+/**
+ * Ingest EU regulations from EUR-Lex.
+ *
+ * Usage: npx tsx scripts/ingest-eurlex.ts <celex_id> <output_file>
+ * Example: npx tsx scripts/ingest-eurlex.ts 32016R0679 data/seed/gdpr.json
+ */
+
+import { writeFileSync } from 'fs';
+import { JSDOM } from 'jsdom';
+
+interface Article {
+  number: string;
+  title?: string;
+  text: string;
+  chapter?: string;
+}
+
+interface Definition {
+  term: string;
+  definition: string;
+  article: string;
+}
+
+interface RegulationData {
+  id: string;
+  full_name: string;
+  celex_id: string;
+  effective_date?: string;
+  eur_lex_url: string;
+  articles: Article[];
+  definitions: Definition[];
+}
+
+const REGULATION_METADATA: Record<string, { id: string; full_name: string; effective_date?: string }> = {
+  '32016R0679': { id: 'GDPR', full_name: 'General Data Protection Regulation', effective_date: '2018-05-25' },
+  '32022L2555': { id: 'NIS2', full_name: 'Directive on measures for a high common level of cybersecurity across the Union', effective_date: '2024-10-17' },
+  '32022R2554': { id: 'DORA', full_name: 'Digital Operational Resilience Act', effective_date: '2025-01-17' },
+  '32024R1689': { id: 'AI_ACT', full_name: 'Artificial Intelligence Act', effective_date: '2024-08-01' },
+  '32024R2847': { id: 'CRA', full_name: 'Cyber Resilience Act', effective_date: '2024-12-10' },
+  '32019R0881': { id: 'CYBERSECURITY_ACT', full_name: 'EU Cybersecurity Act', effective_date: '2019-06-27' },
+};
+
+async function fetchEurLexHtml(celexId: string): Promise<string> {
+  const url = `https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:${celexId}`;
+  console.log(`Fetching: ${url}`);
+
+  const response = await fetch(url, {
+    headers: {
+      'User-Agent': 'Mozilla/5.0 (compatible; EU-Compliance-MCP/1.0; +https://github.com/Ansvar-Systems/EU_compliance_MCP)',
+      'Accept': 'text/html',
+    },
+  });
+
+  if (!response.ok) {
+    throw new Error(`Failed to fetch: ${response.status} ${response.statusText}`);
+  }
+
+  return response.text();
+}
+
+function parseArticles(html: string, celexId: string): { articles: Article[]; definitions: Definition[] } {
+  const dom = new JSDOM(html);
+  const doc = dom.window.document;
+
+  const articles: Article[] = [];
+  const definitions: Definition[] = [];
+  let currentChapter = '';
+
+  // Get all text content and split by article markers
+  const allText = doc.body?.textContent || '';
+  const lines = allText.split('\n').map(l => l.trim()).filter(l => l);
+
+  let currentArticle: { number: string; title?: string; lines: string[] } | null = null;
+
+  for (const line of lines) {
+    const articleStart = line.match(/^Article\s+(\d+)$/i);
+    if (articleStart) {
+      if (currentArticle && currentArticle.lines.length > 0) {
+        articles.push({
+          number: currentArticle.number,
+          title: currentArticle.title,
+          text: currentArticle.lines.join('\n\n'),
+          chapter: currentChapter || undefined,
+        });
+      }
+      currentArticle = { number: articleStart[1], lines: [] };
+      continue;
+    }
+
+    const chapterStart = line.match(/^CHAPTER\s+([IVXLC]+)/i);
+    if (chapterStart) {
+      currentChapter = chapterStart[1];
+      continue;
+    }
+
+    if (currentArticle) {
+      // Check if this is a title line (short, no period at end)
+      if (!currentArticle.title && currentArticle.lines.length === 0 && line.length < 100 && !line.endsWith('.')) {
+        currentArticle.title = line;
+      } else if (line.length > 0) {
+        currentArticle.lines.push(line);
+      }
+    }
+  }
+
+  // Don't forget the last article
+  if (currentArticle && currentArticle.lines.length > 0) {
+    articles.push({
+      number: currentArticle.number,
+      title: currentArticle.title,
+      text: currentArticle.lines.join('\n\n'),
+      chapter: currentChapter || undefined,
+    });
+  }
+
+  // Deduplicate articles - keep the one with the most content for each number
+  const articleMap = new Map<string, Article>();
+  for (const article of articles) {
+    const existing = articleMap.get(article.number);
+    if (!existing || article.text.length > existing.text.length) {
+      articleMap.set(article.number, article);
+    }
+  }
+  const deduplicatedArticles = Array.from(articleMap.values())
+    .sort((a, b) => parseInt(a.number) - parseInt(b.number));
+
+  // Extract definitions from Article 4 (or similar definitions article)
+  // Find definitions article from deduplicated list
+  const defsArticle = deduplicatedArticles.find(a =>
+    a.title?.toLowerCase().includes('definition')
+  );
+
+  if (defsArticle && defsArticle.text.includes('means')) {
+    // Normalize text: collapse whitespace and normalize quotes
+    const normalizedText = defsArticle.text
+      .replace(/\s+/g, ' ')
+      .replace(/[\u2018\u2019]/g, "'"); // Curly quotes to straight
+
+    // Parse definitions by extracting content between consecutive numbered entries
+    // This handles:
+    // - Complex definitions with internal periods/semicolons
+    // - 'term' or 'alternate' means... patterns (NIS2 Art 6)
+    // - 'term1', 'term2' and 'term3' mean... patterns (CRA Art 3)
+    // - 'term' of the something means... patterns (GDPR Art 4)
+    // - mean, respectively... patterns (CRA Art 3)
+    // - means: (a) ... patterns (complex definitions with sub-parts)
+    const defRegex = /\((\d+)\)\s*'([^']+)'(?:[^(]*?)means?[,:;]?\s+(.+?)(?=\(\d+\)\s*'|$)/g;
+    let defMatch;
+    while ((defMatch = defRegex.exec(normalizedText)) !== null) {
+      const term = defMatch[2].trim().toLowerCase();
+      const definition = defMatch[3].trim();
+      // Only add if we got meaningful content
+      if (term.length > 0 && definition.length > 10) {
+        definitions.push({
+          term,
+          definition,
+          article: defsArticle.number,
+        });
+      }
+    }
+  }
+
+  return { articles: deduplicatedArticles, definitions };
+}
+
+async function ingestRegulation(celexId: string, outputPath: string): Promise<void> {
+  const metadata = REGULATION_METADATA[celexId];
+  if (!metadata) {
+    console.warn(`Unknown CELEX ID: ${celexId}. Using generic metadata.`);
+  }
+
+  const html = await fetchEurLexHtml(celexId);
+  console.log(`Fetched ${html.length} bytes`);
+
+  const { articles, definitions } = parseArticles(html, celexId);
+  console.log(`Parsed ${articles.length} articles, ${definitions.length} definitions`);
+
+  if (articles.length === 0) {
+    console.error('No articles found! The HTML structure may have changed.');
+    console.log('Saving raw HTML for debugging...');
+    writeFileSync(outputPath.replace('.json', '.html'), html);
+    return;
+  }
+
+  const regulation: RegulationData = {
+    id: metadata?.id || celexId,
+    full_name: metadata?.full_name || `Regulation ${celexId}`,
+    celex_id: celexId,
+    effective_date: metadata?.effective_date,
+    eur_lex_url: `https://eur-lex.europa.eu/eli/reg/2016/679/oj`,
+    articles,
+    definitions,
+  };
+
+  writeFileSync(outputPath, JSON.stringify(regulation, null, 2));
+  console.log(`\nSaved to: ${outputPath}`);
+  console.log(`Articles: ${articles.length}`);
+  console.log(`Definitions: ${definitions.length}`);
+}
+
+// Main
+const [,, celexId, outputPath] = process.argv;
+
+if (!celexId || !outputPath) {
+  console.log('Usage: npx tsx scripts/ingest-eurlex.ts <celex_id> <output_file>');
+  console.log('Example: npx tsx scripts/ingest-eurlex.ts 32016R0679 data/seed/gdpr.json');
+  console.log('\nKnown CELEX IDs:');
+  Object.entries(REGULATION_METADATA).forEach(([id, meta]) => {
+    console.log(`  ${id} - ${meta.id} (${meta.full_name})`);
+  });
+  process.exit(1);
+}
+
+ingestRegulation(celexId, outputPath).catch(err => {
+  console.error('Error:', err);
+  process.exit(1);
+});

package/src/index.ts

@@ -0,0 +1,294 @@
+#!/usr/bin/env node
+
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema,
+} from '@modelcontextprotocol/sdk/types.js';
+import Database from 'better-sqlite3';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+import { searchRegulations, type SearchInput } from './tools/search.js';
+import { getArticle, type GetArticleInput } from './tools/article.js';
+import { listRegulations, type ListInput } from './tools/list.js';
+import { compareRequirements, type CompareInput } from './tools/compare.js';
+import { mapControls, type MapControlsInput } from './tools/map.js';
+import { checkApplicability, type ApplicabilityInput } from './tools/applicability.js';
+import { getDefinitions, type DefinitionsInput } from './tools/definitions.js';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+// Database path - look for regulations.db in data folder
+const DB_PATH = process.env.EU_COMPLIANCE_DB_PATH || join(__dirname, '..', 'data', 'regulations.db');
+
+let db: Database.Database;
+
+function getDatabase(): Database.Database {
+  if (!db) {
+    try {
+      db = new Database(DB_PATH, { readonly: true });
+    } catch (error) {
+      throw new Error(`Failed to open database at ${DB_PATH}: ${error}`);
+    }
+  }
+  return db;
+}
+
+const server = new Server(
+  {
+    name: 'eu-regulations-mcp',
+    version: '0.1.0',
+  },
+  {
+    capabilities: {
+      tools: {},
+    },
+  }
+);
+
+// Define available tools
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+  tools: [
+    {
+      name: 'search_regulations',
+      description: 'Search across all EU regulations for articles matching a query. Returns relevant articles with snippets highlighting matches.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          query: {
+            type: 'string',
+            description: 'Search query (e.g., "incident reporting", "personal data breach")',
+          },
+          regulations: {
+            type: 'array',
+            items: { type: 'string' },
+            description: 'Optional: filter to specific regulations (e.g., ["GDPR", "NIS2"])',
+          },
+          limit: {
+            type: 'number',
+            description: 'Maximum results to return (default: 10)',
+          },
+        },
+        required: ['query'],
+      },
+    },
+    {
+      name: 'get_article',
+      description: 'Retrieve the full text of a specific article from a regulation.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          regulation: {
+            type: 'string',
+            description: 'Regulation ID (e.g., "GDPR", "NIS2", "DORA")',
+          },
+          article: {
+            type: 'string',
+            description: 'Article number (e.g., "17", "23")',
+          },
+        },
+        required: ['regulation', 'article'],
+      },
+    },
+    {
+      name: 'list_regulations',
+      description: 'List available regulations and their structure. Without parameters, lists all regulations. With a regulation specified, shows chapters and articles.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          regulation: {
+            type: 'string',
+            description: 'Optional: specific regulation to get detailed structure for',
+          },
+        },
+      },
+    },
+    {
+      name: 'compare_requirements',
+      description: 'Compare requirements across multiple regulations on a specific topic. Useful for understanding differences in how regulations address similar concerns.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          topic: {
+            type: 'string',
+            description: 'Topic to compare (e.g., "incident reporting", "risk assessment")',
+          },
+          regulations: {
+            type: 'array',
+            items: { type: 'string' },
+            description: 'Regulations to compare (e.g., ["DORA", "NIS2"])',
+          },
+        },
+        required: ['topic', 'regulations'],
+      },
+    },
+    {
+      name: 'map_controls',
+      description: 'Map ISO 27001:2022 controls to EU regulation requirements. Shows which articles satisfy specific security controls.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          framework: {
+            type: 'string',
+            enum: ['ISO27001'],
+            description: 'Control framework (currently only ISO27001 supported)',
+          },
+          control: {
+            type: 'string',
+            description: 'Optional: specific control ID (e.g., "A.5.1", "A.6.8")',
+          },
+          regulation: {
+            type: 'string',
+            description: 'Optional: filter mappings to specific regulation',
+          },
+        },
+        required: ['framework'],
+      },
+    },
+    {
+      name: 'check_applicability',
+      description: 'Determine which EU regulations apply to an organization based on sector and characteristics.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          sector: {
+            type: 'string',
+            enum: ['financial', 'healthcare', 'energy', 'transport', 'digital_infrastructure', 'public_administration', 'manufacturing', 'other'],
+            description: 'Organization sector',
+          },
+          subsector: {
+            type: 'string',
+            description: 'Optional: more specific subsector (e.g., "bank", "insurance" for financial)',
+          },
+          member_state: {
+            type: 'string',
+            description: 'Optional: EU member state (ISO country code)',
+          },
+          size: {
+            type: 'string',
+            enum: ['sme', 'large'],
+            description: 'Optional: organization size',
+          },
+        },
+        required: ['sector'],
+      },
+    },
+    {
+      name: 'get_definitions',
+      description: 'Look up official definitions of terms from EU regulations. Terms are defined in each regulation\'s definitions article.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          term: {
+            type: 'string',
+            description: 'Term to look up (e.g., "personal data", "incident", "processing")',
+          },
+          regulation: {
+            type: 'string',
+            description: 'Optional: filter to specific regulation',
+          },
+        },
+        required: ['term'],
+      },
+    },
+  ],
+}));
+
+// Handle tool calls
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+  const { name, arguments: args } = request.params;
+
+  try {
+    const database = getDatabase();
+
+    switch (name) {
+      case 'search_regulations': {
+        const input = args as unknown as SearchInput;
+        const results = await searchRegulations(database, input);
+        return {
+          content: [{ type: 'text', text: JSON.stringify(results, null, 2) }],
+        };
+      }
+
+      case 'get_article': {
+        const input = args as unknown as GetArticleInput;
+        const article = await getArticle(database, input);
+        if (!article) {
+          return {
+            content: [{ type: 'text', text: `Article ${input.article} not found in ${input.regulation}` }],
+            isError: true,
+          };
+        }
+        return {
+          content: [{ type: 'text', text: JSON.stringify(article, null, 2) }],
+        };
+      }
+
+      case 'list_regulations': {
+        const input = (args ?? {}) as unknown as ListInput;
+        const result = await listRegulations(database, input);
+        return {
+          content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+        };
+      }
+
+      case 'compare_requirements': {
+        const input = args as unknown as CompareInput;
+        const result = await compareRequirements(database, input);
+        return {
+          content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+        };
+      }
+
+      case 'map_controls': {
+        const input = args as unknown as MapControlsInput;
+        const result = await mapControls(database, input);
+        return {
+          content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+        };
+      }
+
+      case 'check_applicability': {
+        const input = args as unknown as ApplicabilityInput;
+        const result = await checkApplicability(database, input);
+        return {
+          content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+        };
+      }
+
+      case 'get_definitions': {
+        const input = args as unknown as DefinitionsInput;
+        const result = await getDefinitions(database, input);
+        return {
+          content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+        };
+      }
+
+      default:
+        return {
+          content: [{ type: 'text', text: `Unknown tool: ${name}` }],
+          isError: true,
+        };
+    }
+  } catch (error) {
+    return {
+      content: [{ type: 'text', text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
+      isError: true,
+    };
+  }
+});
+
+// Start the server
+async function main() {
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error('EU Regulations MCP server started');
+}
+
+main().catch((error) => {
+  console.error('Fatal error:', error);
+  process.exit(1);
+});