npm - @ansvar/eu-regulations-mcp - Versions diffs - 0.8.0 → 1.1.0 - Mend

@ansvar/eu-regulations-mcp 0.8.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/README.md +76 -29
package/data/regulations.db +0 -0
package/data/seed/applicability/chips-act.json +67 -0
package/data/seed/applicability/crma.json +85 -0
package/data/seed/chips-act.json +714 -0
package/data/seed/crma.json +877 -0
package/data/seed/mappings/iso27001-chips-act.json +50 -0
package/data/seed/mappings/iso27001-crma.json +50 -0
package/data/seed/mappings/nist-csf-chips-act.json +56 -0
package/data/seed/mappings/nist-csf-crma.json +56 -0
package/dist/database/sqlite-adapter.d.ts +2 -2
package/dist/database/sqlite-adapter.d.ts.map +1 -1
package/dist/database/sqlite-adapter.js.map +1 -1
package/dist/http-server.js +27 -5
package/dist/http-server.js.map +1 -1
package/dist/index.js +27 -4
package/dist/index.js.map +1 -1
package/dist/tools/about.d.ts +40 -0
package/dist/tools/about.d.ts.map +1 -0
package/dist/tools/about.js +61 -0
package/dist/tools/about.js.map +1 -0
package/dist/tools/list.d.ts +7 -0
package/dist/tools/list.d.ts.map +1 -1
package/dist/tools/list.js +73 -8
package/dist/tools/list.js.map +1 -1
package/dist/tools/registry.d.ts +11 -1
package/dist/tools/registry.d.ts.map +1 -1
package/dist/tools/registry.js +56 -4
package/dist/tools/registry.js.map +1 -1
package/dist/worker.d.ts.map +1 -1
package/dist/worker.js +17 -5
package/dist/worker.js.map +1 -1
package/package.json +8 -7
package/scripts/add-cross-references.sql +0 -200
package/scripts/analyze-survey-responses.ts +0 -285
package/scripts/build-db.ts +0 -421
package/scripts/bulk-reingest-all.ts +0 -331
package/scripts/check-updates.ts +0 -294
package/scripts/extract-eprivacy-recitals.ts +0 -98
package/scripts/ingest-eurlex-browser.ts +0 -113
package/scripts/ingest-eurlex.ts +0 -346
package/scripts/ingest-unece.ts +0 -382
package/scripts/migrate-postgres.ts +0 -445
package/scripts/migrate-to-postgres.ts +0 -353
package/scripts/reingest-all-with-recitals.sh +0 -81
package/scripts/sync-versions.ts +0 -206
package/scripts/test-cross-refs.js +0 -26
package/scripts/test-postgres-adapter.ts +0 -146
package/scripts/update-dora-rts-metadata.ts +0 -112
package/src/database/postgres-adapter.ts +0 -84
package/src/database/sqlite-adapter.ts +0 -44
package/src/database/types.ts +0 -10
package/src/http-server.ts +0 -149
package/src/index.ts +0 -61
package/src/middleware/rate-limit.ts +0 -104
package/src/tools/applicability.ts +0 -167
package/src/tools/article.ts +0 -81
package/src/tools/compare.ts +0 -217
package/src/tools/definitions.ts +0 -49
package/src/tools/evidence.ts +0 -84
package/src/tools/list.ts +0 -124
package/src/tools/map.ts +0 -86
package/src/tools/recital.ts +0 -60
package/src/tools/registry.ts +0 -311
package/src/tools/search.ts +0 -297
package/src/worker.ts +0 -708

package/README.md CHANGED Viewed

@@ -3,14 +3,14 @@
 **The EUR-Lex alternative for the AI age.**
 [![npm version](https://badge.fury.io/js/@ansvar%2Feu-regulations-mcp.svg)](https://www.npmjs.com/package/@ansvar/eu-regulations-mcp)
-[![MCP Registry](https://img.shields.io/badge/MCP-Registry-blue)](https://registry.modelcontextprotocol.io/io.github.Ansvar-Systems/eu-regulations-mcp)
+[![MCP Registry](https://img.shields.io/badge/MCP-Registry-blue)](https://registry.modelcontextprotocol.io/eu.ansvar/eu-regulations-mcp)
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![GitHub stars](https://img.shields.io/github/stars/Ansvar-Systems/EU_compliance_MCP?style=social)](https://github.com/Ansvar-Systems/EU_compliance_MCP)
 [![Daily EUR-Lex Check](https://github.com/Ansvar-Systems/EU_compliance_MCP/actions/workflows/check-updates.yml/badge.svg)](https://github.com/Ansvar-Systems/EU_compliance_MCP/actions/workflows/check-updates.yml)
 [![Database](https://img.shields.io/badge/database-pre--built-green)](docs/COVERAGE_GAPS.md)
 [![Recitals](https://img.shields.io/badge/recitals-3500%2B-blue)](docs/COVERAGE_GAPS.md)
-Query **47 EU regulations** — from GDPR and AI Act to DORA, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.
+Query **49 EU regulations** — from GDPR and AI Act to DORA, Chips Act, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.
 If you're building digital products, financial services, healthcare tech, or connected devices for the European market, this is your compliance reference.
@@ -34,40 +34,59 @@ This MCP server makes EU regulations **searchable, cross-referenceable, and AI-r
 ## Quick Start
-### Installation
+### Use Remotely (No Install Needed)
-**Option 1: Claude Desktop (Recommended)**
+> Connect directly to the hosted version — zero dependencies, nothing to install.
-Add to your `claude_desktop_config.json`:
+**Endpoint:** `https://eu-regulations-mcp.vercel.app/mcp`
-**macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
-**Windows:** `%APPDATA%\Claude\claude_desktop_config.json`
+| Client | How to Connect |
+|--------|---------------|
+| **Claude.ai** | Settings > Connectors > Add Integration > paste URL |
+| **Claude Code** | `claude mcp add eu-regulations --transport http https://eu-regulations-mcp.vercel.app/mcp` |
+| **Claude Desktop** | Add to config (see below) |
+| **GitHub Copilot** | Add to VS Code settings (see below) |
+**Claude Desktop** — add to `claude_desktop_config.json`:
 ```json
 {
   "mcpServers": {
     "eu-regulations": {
-      "command": "npx",
-      "args": ["-y", "@ansvar/eu-regulations-mcp"]
+      "type": "url",
+      "url": "https://eu-regulations-mcp.vercel.app/mcp"
     }
   }
 }
 ```
-Restart Claude Desktop. Done!
+**GitHub Copilot** — add to VS Code `settings.json`:
-**Option 2: MCP Registry**
+```json
+{
+  "github.copilot.chat.mcp.servers": {
+    "eu-regulations": {
+      "type": "http",
+      "url": "https://eu-regulations-mcp.vercel.app/mcp"
+    }
+  }
+}
+```
+### Use Locally (npm)
+```bash
+npx @ansvar/eu-regulations-mcp
+```
-Browse and install from the [official MCP registry](https://registry.modelcontextprotocol.io/):
-- Search for "EU Regulations" or view directly: [`io.github.Ansvar-Systems/eu-regulations-mcp`](https://registry.modelcontextprotocol.io/io.github.Ansvar-Systems/eu-regulations-mcp)
-- One-click install (when registry integration is live in Claude Desktop)
-- Automatic updates when new versions are released
+**Claude Desktop** — add to `claude_desktop_config.json`:
-**Option 3: Cursor / VS Code**
+**macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
+**Windows:** `%APPDATA%\Claude\claude_desktop_config.json`
 ```json
 {
-  "mcp.servers": {
+  "mcpServers": {
     "eu-regulations": {
       "command": "npx",
       "args": ["-y", "@ansvar/eu-regulations-mcp"]
@@ -76,16 +95,19 @@ Browse and install from the [official MCP registry](https://registry.modelcontex
 }
 ```
-**Option 4: Global npm Install**
+**Cursor / VS Code:**
-```bash
-npm install -g @ansvar/eu-regulations-mcp
+```json
+{
+  "mcp.servers": {
+    "eu-regulations": {
+      "command": "npx",
+      "args": ["-y", "@ansvar/eu-regulations-mcp"]
+    }
+  }
+}
 ```
-Then use `"command": "eu-regulations-mcp"` in your config (without npx).
----
 ## Example Queries
 Once connected, just ask naturally:
@@ -106,12 +128,12 @@ Once connected, just ask naturally:
 ## What's Included
-- **47 Regulations** — GDPR, DORA, NIS2, AI Act, MiCA, eIDAS 2.0, Medical Device Regulation, and 30 more
-- **2,438 Articles** + 3,789 Recitals + 1,138 Official Definitions
+- **49 Regulations** — GDPR, DORA, NIS2, AI Act, Chips Act, MiCA, eIDAS 2.0, Medical Device Regulation, and 40 more
+- **2,528 Articles** + 3,869 Recitals + 1,226 Official Definitions
 - **Full-Text Search** — Find relevant articles across all regulations instantly
-- **Control Mappings** — 685 mappings to ISO 27001:2022 & NIST CSF 2.0
-- **Evidence Requirements** — 407 audit artifacts across all 47 regulations
-- **Sector Rules** — Check which regulations apply to your industry
+- **Control Mappings** — 709 mappings to ISO 27001:2022 & NIST CSF 2.0
+- **Evidence Requirements** — 407 audit artifacts across all 49 regulations
+- **Sector Rules** — 323 applicability rules across all sectors and industries
 - **Daily Updates** — Automatic freshness checks against EUR-Lex
 **Detailed coverage:** [docs/coverage.md](docs/coverage.md)
@@ -160,6 +182,31 @@ EUR-Lex HTML → Parse → SQLite → FTS5 snippet() → MCP response
 ---
+## 📚 Documentation
+- **[Database SSL/TLS Configuration](docs/DATABASE_SSL.md)** - Secure PostgreSQL connections for Cloudflare Workers deployments
+- **[Security Policy](SECURITY.md)** - Vulnerability reporting and security best practices
+- **[Coverage Gaps](docs/COVERAGE_GAPS.md)** - Known missing content from EUR-Lex
+- **[GitHub Actions Setup](docs/GITHUB_ACTIONS_SETUP.md)** - CI/CD workflow configuration
+- **[Privacy Policy](PRIVACY.md)** - Data handling and retention notes
+---
+## Directory Review Notes
+### Testing Account and Sample Data
+This server is read-only and does not require a login account for functional review.
+For directory review, use the bundled dataset and these sample prompts:
+- *"What does NIS2 Article 21 require?"*
+- *"Compare DORA and NIS2 incident reporting obligations."*
+- *"Map ISO 27001 controls to DORA requirements."*
+### Remote Authentication (OAuth 2.0)
+The default server runtime is read-only and can be deployed without authentication.
+If you deploy a remote authenticated endpoint, use OAuth 2.0 over TLS with certificates from recognized authorities.
 ## ⚠️ Important Disclaimers
 ### Legal Advice

package/data/regulations.db CHANGED Viewed

Binary file

package/data/seed/applicability/chips-act.json ADDED Viewed

@@ -0,0 +1,67 @@
+[
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "manufacturing",
+    "subsector": "semiconductor",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "3",
+    "notes": "Semiconductor design, manufacturing, packaging, and testing facilities are primary targets; eligible for Chips for Europe Initiative support"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "manufacturing",
+    "subsector": "electronics",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "13",
+    "notes": "Electronics manufacturers using semiconductors are part of supply chain; may benefit from Integrated Production Facilities and Open EU Foundries"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "transport",
+    "subsector": "automotive",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "22",
+    "notes": "Automotive sector heavily dependent on semiconductor supply; subject to crisis monitoring and alert mechanisms for supply disruptions"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "digital_infrastructure",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "3",
+    "notes": "Data centers, telecom infrastructure, and cloud providers are key consumers; may participate in European chips infrastructure initiatives"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "energy",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "22",
+    "notes": "Smart grid and renewable energy systems depend on semiconductors; subject to supply chain monitoring"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "healthcare",
+    "applies": true,
+    "confidence": "possible",
+    "basis_article": "22",
+    "notes": "Medical devices use semiconductors; subject to crisis response mechanisms during shortages"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "financial",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "Financial services are semiconductor users, not producers; not subject to Chips Act requirements"
+  },
+  {
+    "regulation": "CHIPS_ACT",
+    "sector": "public_administration",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "Public sector is a semiconductor consumer; may participate in governance (European Semiconductor Board) but not subject to production requirements"
+  }
+]

package/data/seed/applicability/crma.json ADDED Viewed

@@ -0,0 +1,85 @@
+[
+  {
+    "regulation": "CRMA",
+    "sector": "manufacturing",
+    "subsector": "mining",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Mining and extraction of strategic raw materials (lithium, cobalt, rare earths, etc.) subject to permitting, monitoring, and supply chain due diligence"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "manufacturing",
+    "subsector": "battery",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "5",
+    "notes": "Battery manufacturers using critical raw materials must comply with supply chain transparency and strategic stockpiling provisions"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "manufacturing",
+    "subsector": "semiconductor",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Semiconductor production uses critical raw materials (silicon, gallium, germanium); subject to supply chain monitoring and risk assessment"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "transport",
+    "subsector": "automotive",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "5",
+    "notes": "EV manufacturers and automotive supply chains using batteries/magnets containing critical raw materials subject to due diligence requirements"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "energy",
+    "subsector": "renewable",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Wind turbines (permanent magnets), solar panels (silicon), and energy storage systems use critical raw materials; subject to supply chain rules"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "manufacturing",
+    "subsector": "electronics",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "5",
+    "notes": "Electronics manufacturers using critical raw materials in components must ensure supply chain transparency"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "digital_infrastructure",
+    "applies": true,
+    "confidence": "possible",
+    "basis_article": "5",
+    "notes": "Data center operators using servers/storage with critical raw materials may be subject to supply chain monitoring during crises"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "financial",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "Financial services do not directly extract or process critical raw materials; not subject to CRMA requirements"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "healthcare",
+    "applies": false,
+    "confidence": "likely",
+    "notes": "Healthcare sector uses medical devices containing critical materials but is typically end-user, not producer; indirect exposure only"
+  },
+  {
+    "regulation": "CRMA",
+    "sector": "public_administration",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "Public sector participates in governance and strategic stockpiling but is not subject to production/supply chain requirements"
+  }
+]