npm - @ansvar/eu-regulations-mcp - Versions diffs - 0.7.1 → 1.0.0 - Mend

@ansvar/eu-regulations-mcp 0.7.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (92) hide show

package/README.md +111 -13
package/data/regulations.db +0 -0
package/data/seed/aifmd.json +2 -1
package/data/seed/applicability/chips-act.json +67 -0
package/data/seed/applicability/crma.json +85 -0
package/data/seed/cbam.json +2 -1
package/data/seed/cer.json +2 -1
package/data/seed/chips-act.json +714 -0
package/data/seed/crma.json +877 -0
package/data/seed/csddd.json +2 -1
package/data/seed/csrd.json +2 -1
package/data/seed/cyber_solidarity.json +2 -1
package/data/seed/dga.json +2 -1
package/data/seed/eecc.json +2 -1
package/data/seed/ehds.json +2 -1
package/data/seed/eidas2.json +314 -1
package/data/seed/eprivacy.json +2 -1
package/data/seed/eu_taxonomy.json +2 -1
package/data/seed/eucc.json +2 -1
package/data/seed/eudr.json +2 -1
package/data/seed/evidence/aifmd-evidence-complete.json +252 -0
package/data/seed/evidence/cbam-evidence-complete.json +178 -0
package/data/seed/evidence/cer-evidence-complete.json +230 -0
package/data/seed/evidence/cra-evidence-complete.json +252 -0
package/data/seed/evidence/csddd-evidence-complete.json +244 -0
package/data/seed/evidence/csrd-evidence-complete.json +200 -0
package/data/seed/evidence/cyber-solidarity-evidence-complete.json +202 -0
package/data/seed/evidence/cybersecurity-act-evidence-complete.json +202 -0
package/data/seed/evidence/data-act-evidence-complete.json +248 -0
package/data/seed/evidence/dga-evidence-complete.json +226 -0
package/data/seed/evidence/dma-evidence-complete.json +203 -0
package/data/seed/evidence/dora-evidence-complete.json +214 -10
package/data/seed/evidence/dora-its-incident-forms-evidence-complete.json +98 -0
package/data/seed/evidence/dora-its-register-evidence-complete.json +98 -0
package/data/seed/evidence/dora-rts-critical-provider-evidence-complete.json +98 -0
package/data/seed/evidence/dora-rts-ict-risk-evidence-complete.json +146 -0
package/data/seed/evidence/dora-rts-ict-services-evidence-complete.json +98 -0
package/data/seed/evidence/dora-rts-incident-class-evidence-complete.json +98 -0
package/data/seed/evidence/dora-rts-incident-reporting-evidence-complete.json +122 -0
package/data/seed/evidence/dora-rts-oversight-evidence-complete.json +98 -0
package/data/seed/evidence/dora-rts-oversight-fees-evidence-complete.json +98 -0
package/data/seed/evidence/dora-rts-tlpt-evidence-complete.json +122 -0
package/data/seed/evidence/dsa-evidence-complete.json +251 -0
package/data/seed/evidence/eecc-evidence-complete.json +204 -0
package/data/seed/evidence/ehds-evidence-complete.json +232 -0
package/data/seed/evidence/eidas2-evidence-complete.json +206 -0
package/data/seed/evidence/eprivacy-evidence-complete.json +210 -0
package/data/seed/evidence/eu-taxonomy-evidence-complete.json +227 -0
package/data/seed/evidence/eucc-evidence-complete.json +202 -0
package/data/seed/evidence/eudr-evidence-complete.json +178 -0
package/data/seed/evidence/gdpr-evidence-complete.json +136 -5
package/data/seed/evidence/gpsr-evidence-complete.json +227 -0
package/data/seed/evidence/ivdr-evidence-complete.json +254 -0
package/data/seed/evidence/led-evidence-complete.json +254 -0
package/data/seed/evidence/machinery-evidence-complete.json +222 -0
package/data/seed/evidence/mdr-evidence-complete.json +283 -0
package/data/seed/evidence/mica-evidence-complete.json +252 -0
package/data/seed/evidence/mifid2-evidence-complete.json +252 -0
package/data/seed/evidence/mifir-evidence-complete.json +202 -0
package/data/seed/evidence/pld-evidence-complete.json +178 -0
package/data/seed/evidence/psd2-evidence-complete.json +252 -0
package/data/seed/evidence/red-evidence-complete.json +200 -0
package/data/seed/evidence/sfdr-evidence-complete.json +227 -0
package/data/seed/evidence/un-r155-evidence-complete.json +156 -0
package/data/seed/evidence/un-r156-evidence-complete.json +134 -0
package/data/seed/gpsr.json +2 -1
package/data/seed/ivdr.json +2 -1
package/data/seed/led.json +2 -1
package/data/seed/machinery.json +2 -1
package/data/seed/mappings/iso27001-chips-act.json +50 -0
package/data/seed/mappings/iso27001-crma.json +50 -0
package/data/seed/mappings/nist-csf-chips-act.json +56 -0
package/data/seed/mappings/nist-csf-crma.json +56 -0
package/data/seed/mdr.json +2 -1
package/data/seed/mica.json +2 -1
package/data/seed/mifid2.json +2 -1
package/data/seed/mifir.json +2 -1
package/data/seed/pld.json +2 -1
package/data/seed/psd2.json +2 -1
package/data/seed/red.json +2 -1
package/data/seed/sfdr.json +2 -1
package/dist/tools/compare.d.ts.map +1 -1
package/dist/tools/compare.js +108 -7
package/dist/tools/compare.js.map +1 -1
package/dist/tools/search.d.ts.map +1 -1
package/dist/tools/search.js +3 -2
package/dist/tools/search.js.map +1 -1
package/package.json +3 -3
package/scripts/ingest-eurlex.ts +3 -0
package/src/tools/compare.ts +130 -7
package/src/tools/search.ts +3 -2
package/data/seed/evidence/dora-evidence.json +0 -335

package/README.md CHANGED Viewed

@@ -3,13 +3,14 @@
 **The EUR-Lex alternative for the AI age.**
 [![npm version](https://badge.fury.io/js/@ansvar%2Feu-regulations-mcp.svg)](https://www.npmjs.com/package/@ansvar/eu-regulations-mcp)
+[![MCP Registry](https://img.shields.io/badge/MCP-Registry-blue)](https://registry.modelcontextprotocol.io/eu.ansvar/eu-regulations-mcp)
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![GitHub stars](https://img.shields.io/github/stars/Ansvar-Systems/EU_compliance_MCP?style=social)](https://github.com/Ansvar-Systems/EU_compliance_MCP)
 [![Daily EUR-Lex Check](https://github.com/Ansvar-Systems/EU_compliance_MCP/actions/workflows/check-updates.yml/badge.svg)](https://github.com/Ansvar-Systems/EU_compliance_MCP/actions/workflows/check-updates.yml)
 [![Database](https://img.shields.io/badge/database-pre--built-green)](docs/COVERAGE_GAPS.md)
 [![Recitals](https://img.shields.io/badge/recitals-3500%2B-blue)](docs/COVERAGE_GAPS.md)
-Query **37 EU regulations** — from GDPR and AI Act to DORA, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.
+Query **49 EU regulations** — from GDPR and AI Act to DORA, Chips Act, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.
 If you're building digital products, financial services, healthcare tech, or connected devices for the European market, this is your compliance reference.
@@ -35,11 +36,7 @@ This MCP server makes EU regulations **searchable, cross-referenceable, and AI-r
 ### Installation
-```bash
-npm install @ansvar/eu-regulations-mcp
-```
-### Claude Desktop
+**Option 1: Claude Desktop (Recommended)**
 Add to your `claude_desktop_config.json`:
@@ -57,9 +54,16 @@ Add to your `claude_desktop_config.json`:
 }
 ```
-Restart Claude Desktop. Done.
+Restart Claude Desktop. Done!
+**Option 2: MCP Registry**
-### Cursor / VS Code
+Browse and install from the [official MCP registry](https://registry.modelcontextprotocol.io/):
+- Search for "EU Regulations" or view directly: [`eu.ansvar/eu-regulations-mcp`](https://registry.modelcontextprotocol.io/eu.ansvar/eu-regulations-mcp)
+- One-click install (when registry integration is live in Claude Desktop)
+- Automatic updates when new versions are released
+**Option 3: Cursor / VS Code**
 ```json
 {
@@ -72,6 +76,14 @@ Restart Claude Desktop. Done.
 }
 ```
+**Option 4: Global npm Install**
+```bash
+npm install -g @ansvar/eu-regulations-mcp
+```
+Then use `"command": "eu-regulations-mcp"` in your config (without npx).
 ---
 ## Example Queries
@@ -94,11 +106,12 @@ Once connected, just ask naturally:
 ## What's Included
-- **37 Regulations** — GDPR, DORA, NIS2, AI Act, MiCA, eIDAS 2.0, Medical Device Regulation, and 30 more
-- **2,438 Articles** + 3,712 Recitals + 1,138 Official Definitions
+- **49 Regulations** — GDPR, DORA, NIS2, AI Act, Chips Act, MiCA, eIDAS 2.0, Medical Device Regulation, and 40 more
+- **2,528 Articles** + 3,869 Recitals + 1,226 Official Definitions
 - **Full-Text Search** — Find relevant articles across all regulations instantly
-- **Control Mappings** — 686 mappings to ISO 27001:2022 & NIST CSF 2.0
-- **Sector Rules** — Check which regulations apply to your industry
+- **Control Mappings** — 709 mappings to ISO 27001:2022 & NIST CSF 2.0
+- **Evidence Requirements** — 407 audit artifacts across all 49 regulations
+- **Sector Rules** — 323 applicability rules across all sectors and industries
 - **Daily Updates** — Automatic freshness checks against EUR-Lex
 **Detailed coverage:** [docs/coverage.md](docs/coverage.md)
@@ -138,7 +151,7 @@ EUR-Lex HTML → Parse → SQLite → FTS5 snippet() → MCP response
 | Manual cross-referencing | `compare_requirements` tool does it instantly |
 | "Which regulations apply to me?" → research for days | `check_applicability` tool → answer in seconds |
 | Copy-paste article text | Article + definitions + related requirements |
-| Check 37 sites for updates | Daily automated freshness checks |
+| Check 47 sites for updates | Daily automated freshness checks |
 | No API, no integration | MCP protocol → AI-native |
 **EUR-Lex example:** Download DORA PDF → Ctrl+F "incident" → Read Article 17 → Google "What's a major incident?" → Cross-reference NIS2 → Repeat for 5 regulations
@@ -147,6 +160,15 @@ EUR-Lex HTML → Parse → SQLite → FTS5 snippet() → MCP response
 ---
+## 📚 Documentation
+- **[Database SSL/TLS Configuration](docs/DATABASE_SSL.md)** - Secure PostgreSQL connections for Cloudflare Workers deployments
+- **[Security Policy](SECURITY.md)** - Vulnerability reporting and security best practices
+- **[Coverage Gaps](docs/COVERAGE_GAPS.md)** - Known missing content from EUR-Lex
+- **[GitHub Actions Setup](docs/GITHUB_ACTIONS_SETUP.md)** - CI/CD workflow configuration
+---
 ## ⚠️ Important Disclaimers
 ### Legal Advice
@@ -177,6 +199,82 @@ EUR-Lex HTML → Parse → SQLite → FTS5 snippet() → MCP response
 ---
+## Related Projects: Complete Compliance Suite
+This server is part of **Ansvar's Compliance Suite** - three MCP servers that work together for end-to-end compliance coverage:
+### 🇪🇺 EU Regulations MCP (This Project)
+**Query 47 EU regulations directly from Claude**
+- GDPR, AI Act, DORA, NIS2, MiFID II, PSD2, eIDAS, MDR, and 39 more
+- Full regulatory text with article-level search
+- Cross-regulation reference and comparison
+- **Install:** `npx @ansvar/eu-regulations-mcp`
+### 🇺🇸 [US Regulations MCP](https://github.com/Ansvar-Systems/US_Compliance_MCP)
+**Query US federal and state compliance laws directly from Claude**
+- HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, and 8 more
+- Federal and state privacy law comparison
+- Breach notification timeline mapping
+- **Install:** `npm install @ansvar/us-regulations-mcp`
+### 🔐 [Security Controls MCP](https://github.com/Ansvar-Systems/security-controls-mcp)
+**Query 1,451 security controls across 28 frameworks**
+- ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
+- Bidirectional framework mapping and gap analysis
+- Import your purchased standards for official text
+- **Install:** `pipx install security-controls-mcp`
+### How They Work Together
+**Regulations → Controls Implementation Workflow:**
+```
+1. "What are DORA's ICT risk management requirements?"
+   → EU Regulations MCP returns Article 6 full text
+2. "What security controls satisfy DORA Article 6?"
+   → Security Controls MCP maps to ISO 27001, NIST CSF, and SCF controls
+3. "Show me ISO 27001 A.8.1 implementation details"
+   → Security Controls MCP returns control requirements and framework mappings
+```
+**Complete compliance in one chat:**
+- **EU/US Regulations MCPs** tell you WHAT compliance requirements you must meet
+- **Security Controls MCP** tells you HOW to implement controls that satisfy those requirements
+### Specialized: OT/ICS Security
+### 🏭 [OT Security MCP](https://github.com/Ansvar-Systems/ot-security-mcp)
+**Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS**
+- Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
+- Security levels, Purdue Model, zone/conduit architecture
+- MITRE ATT&CK for ICS threat intelligence
+- **Install:** `npx @ansvar/ot-security-mcp`
+- **Use case:** NIS2-compliant OT operators, industrial manufacturers, critical infrastructure
+### Specialized: Automotive Cybersecurity
+### 🚗 [Automotive Cybersecurity MCP](https://github.com/Ansvar-Systems/Automotive-MCP)
+**Query UNECE R155/R156 and ISO 21434**
+- Complete R155/R156 Revision 2 with all articles and annexes
+- ISO 21434 clause guidance and work products
+- R155 ↔ ISO 21434 cross-references
+- **Install:** `npx @ansvar/automotive-cybersecurity-mcp`
+- **Use case:** OEMs, Tier 1/2 suppliers, type approval preparation
+### Specialized: Sanctions Screening
+### 🚨 [Sanctions MCP](https://github.com/Ansvar-Systems/Sanctions-MCP)
+**Offline-capable sanctions screening for third-party risk**
+- OFAC, EU, UN sanctions lists via OpenSanctions (30+ lists)
+- Fuzzy name matching with confidence scoring
+- PEP (Politically Exposed Person) checks
+- **Install:** `pip install ansvar-sanctions-mcp`
+- **Use case:** DORA Article 28 ICT third-party risk, AML/KYC compliance
+---
 ## About Ansvar Systems
 We build AI-accelerated threat modeling and compliance tools for automotive, financial services, and healthcare. This MCP server started as our internal reference tool — turns out everyone building for EU markets has the same EUR-Lex frustrations.

package/data/regulations.db CHANGED Viewed

Binary file

package/data/seed/aifmd.json CHANGED Viewed

@@ -1,7 +1,8 @@
 {
   "id": "AIFMD",
-  "full_name": "Regulation 32011L0061",
+  "full_name": "Alternative Investment Fund Managers Directive",
   "celex_id": "32011L0061",
+  "effective_date": "2011-07-21",
   "eur_lex_url": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32011L0061",
   "articles": [
     {

package/data/seed/applicability/chips-act.json ADDED Viewed

@@ -0,0 +1,67 @@
+[
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "manufacturing",
+    "subsector": "semiconductor",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "3",
+    "notes": "Semiconductor design, manufacturing, packaging, and testing facilities are primary targets; eligible for Chips for Europe Initiative support"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "manufacturing",
+    "subsector": "electronics",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "13",
+    "notes": "Electronics manufacturers using semiconductors are part of supply chain; may benefit from Integrated Production Facilities and Open EU Foundries"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "transport",
+    "subsector": "automotive",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "22",
+    "notes": "Automotive sector heavily dependent on semiconductor supply; subject to crisis monitoring and alert mechanisms for supply disruptions"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "digital_infrastructure",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "3",
+    "notes": "Data centers, telecom infrastructure, and cloud providers are key consumers; may participate in European chips infrastructure initiatives"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "energy",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "22",
+    "notes": "Smart grid and renewable energy systems depend on semiconductors; subject to supply chain monitoring"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "healthcare",
+    "applies": true,
+    "confidence": "possible",
+    "basis_article": "22",
+    "notes": "Medical devices use semiconductors; subject to crisis response mechanisms during shortages"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "financial",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "Financial services are semiconductor users, not producers; not subject to Chips Act requirements"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "public_administration",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "Public sector is a semiconductor consumer; may participate in governance (European Semiconductor Board) but not subject to production requirements"
+  }
+]

package/data/seed/applicability/crma.json ADDED Viewed

@@ -0,0 +1,85 @@
+[
+  {
+    "regulation": "CRMA",
+    "sector": "manufacturing",
+    "subsector": "mining",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Mining and extraction of strategic raw materials (lithium, cobalt, rare earths, etc.) subject to permitting, monitoring, and supply chain due diligence"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "manufacturing",
+    "subsector": "battery",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "5",
+    "notes": "Battery manufacturers using critical raw materials must comply with supply chain transparency and strategic stockpiling provisions"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "manufacturing",
+    "subsector": "semiconductor",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Semiconductor production uses critical raw materials (silicon, gallium, germanium); subject to supply chain monitoring and risk assessment"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "transport",
+    "subsector": "automotive",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "5",
+    "notes": "EV manufacturers and automotive supply chains using batteries/magnets containing critical raw materials subject to due diligence requirements"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "energy",
+    "subsector": "renewable",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Wind turbines (permanent magnets), solar panels (silicon), and energy storage systems use critical raw materials; subject to supply chain rules"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "manufacturing",
+    "subsector": "electronics",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "5",
+    "notes": "Electronics manufacturers using critical raw materials in components must ensure supply chain transparency"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "digital_infrastructure",
+    "applies": true,
+    "confidence": "possible",
+    "basis_article": "5",
+    "notes": "Data center operators using servers/storage with critical raw materials may be subject to supply chain monitoring during crises"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "financial",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "Financial services do not directly extract or process critical raw materials; not subject to CRMA requirements"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "healthcare",
+    "applies": false,
+    "confidence": "likely",
+    "notes": "Healthcare sector uses medical devices containing critical materials but is typically end-user, not producer; indirect exposure only"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "public_administration",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "Public sector participates in governance and strategic stockpiling but is not subject to production/supply chain requirements"
+  }
+]

package/data/seed/cbam.json CHANGED Viewed

@@ -1,7 +1,8 @@
 {
   "id": "CBAM",
-  "full_name": "Regulation 32023R0956",
+  "full_name": "Carbon Border Adjustment Mechanism Regulation",
   "celex_id": "32023R0956",
+  "effective_date": "2023-10-01",
   "eur_lex_url": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R0956",
   "articles": [
     {

package/data/seed/cer.json CHANGED Viewed

@@ -1,7 +1,8 @@
 {
   "id": "CER",
-  "full_name": "Regulation 32022L2557",
+  "full_name": "Critical Entities Resilience Directive",
   "celex_id": "32022L2557",
+  "effective_date": "2023-01-16",
   "eur_lex_url": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2557",
   "articles": [
     {