@csgaglobal/deployment-governance 1.0.0

package/LICENSE

@@ -0,0 +1,8 @@
+Creative Commons Legal Code
+
+CC0 1.0 Universal
+
+CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
+LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
+ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
+INFORMATION ON AN "AS-IS" BASIS.

package/README.md

@@ -0,0 +1,48 @@
+# @csgaglobal/deployment-governance
+
+AI deployment governance and release management. Controls AI model deployment through approval gates, canary releases, rollback capabilities, and production readiness checks.
+
+## Installation
+
+```bash
+npx @csgaglobal/deployment-governance
+```
+
+## MCP Configuration
+
+```json
+{
+  "mcpServers": {
+    "deployment-governance": {
+      "command": "npx",
+      "args": ["-y", "@csgaglobal/deployment-governance"]
+    }
+  }
+}
+```
+
+## Tool: deployment_governance_manage
+
+Manage AI deployment governance
+
+### Parameters
+
+- **system_name**: AI system to deploy
+- **operation**: Operation (pre-deploy-check, approve, deploy, monitor, rollback)
+- **deployment_type**: Type (canary, blue-green, rolling, shadow, full)
+- **environment**: Environment (development, staging, production, edge)
+- **jurisdiction**: Operating jurisdiction or region
+
+## Category
+
+- **Category:** DevOps
+- **CA3O Level:** DevOps
+
+## License
+
+CC0-1.0 — Creative Commons Zero v1.0 Universal
+
+## Author
+
+CSGA Global — Cyber Security Global Alliance
+https://csga-global.vercel.app/

package/dist/index.js

@@ -0,0 +1,44 @@
+#!/usr/bin/env node
+/**
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * @csgaglobal/deployment-governance
+ * ═══════════════════════════════════════════════════════════════════════════════
+ *
+ * Copyright (c) 2026 CSGA Global. All rights reserved.
+ * Part of the CSGA Global MCP Ecosystem.
+ *
+ * LEGAL NOTICE: This software is provided for informational and advisory
+ * purposes only. It does not constitute legal, regulatory, or professional
+ * compliance advice. Users should consult qualified legal counsel for
+ * jurisdiction-specific compliance requirements.
+ *
+ * License: CC0-1.0 (Creative Commons Zero v1.0 Universal)
+ * SPDX-License-Identifier: CC0-1.0
+ *
+ * Build Timestamp: 2026-03-02T10:00:00Z
+ * ═══════════════════════════════════════════════════════════════════════════════
+ */
+import { z } from "zod";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { handleDeploymentGovernanceCompliance } from "./tools/deployment-governance-compliance.js";
+const server = new McpServer({
+    name: "csoai-deployment-governance-mcp",
+    version: "1.0.0"
+});
+const ComplianceShape = {
+    system_name: z.string().describe("AI system to deploy"),
+    operation: z.string().describe("Operation (pre-deploy-check, approve, deploy, monitor, rollback)"),
+    deployment_type: z.string().describe("Type (canary, blue-green, rolling, shadow, full)"),
+    environment: z.string().describe("Environment (development, staging, production, edge)"),
+    jurisdiction: z.string().describe("Operating jurisdiction or region")
+};
+server.tool("deployment_governance_manage", "Manage AI deployment governance", ComplianceShape, async (args) => {
+    const result = handleDeploymentGovernanceCompliance(args.system_name, args.operation, args.deployment_type, args.environment, args.jurisdiction);
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+});
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch(console.error);

package/dist/tools/deployment-governance-compliance.js

@@ -0,0 +1,86 @@
+/**
+ * deployment-governance-compliance.js — Part of @csgaglobal MCP Ecosystem
+ * Copyright (c) 2026 CSGA Global. All rights reserved.
+ * License: CC0-1.0 | Build: 2026-03-02T10:00:00Z
+ * LEGAL NOTICE: Advisory only. Not legal or compliance advice.
+ */
+export function handleDeploymentGovernanceCompliance(system_name, operation, deployment_type, environment, jurisdiction) {
+    const jurLower = jurisdiction.toLowerCase();
+    const fnLower = operation.toLowerCase();
+    let riskClassification = "Standard deployment governance AI use";
+    let riskLevel = "MEDIUM";
+    if (fnLower.includes("autonomous") || fnLower.includes("automated") || fnLower.includes("decision")) {
+        riskClassification = "HIGH RISK — Autonomous/automated decision-making requires enhanced oversight";
+        riskLevel = "HIGH";
+    }
+    if (fnLower.includes("surveillance") || fnLower.includes("biometric") || fnLower.includes("facial")) {
+        riskClassification = "CRITICAL RISK — Biometric/surveillance AI triggers strictest regulatory requirements";
+        riskLevel = "CRITICAL";
+    }
+    const regulations = [];
+    if (jurLower.includes("eu") || jurLower.includes("europe")) {
+        regulations.push("EU AI Act Art. 9 — Deployment risk management");
+        regulations.push("EU AI Act Art. 61 — Post-market monitoring plan");
+        regulations.push("EU AI Act Art. 72 — Market surveillance");
+    }
+    if (jurLower.includes("us") || jurLower.includes("united states")) {
+        regulations.push("NIST AI RMF — Deploy function");
+        regulations.push("Federal AI deployment requirements");
+        regulations.push("FDA — AI/ML deployment change protocol");
+    }
+    if (jurLower.includes("uk")) {
+        regulations.push("ICO — AI deployment guidance");
+        regulations.push("FCA — AI deployment risk management");
+        regulations.push("NHS — AI deployment safety framework");
+    }
+    if (regulations.length === 0) {
+        regulations.push("General consumer protection and data privacy laws apply");
+        regulations.push("Industry-specific regulations for deployment governance");
+    }
+    const compliance = [
+        "Implement pre-deployment readiness checklist",
+        "Establish approval gate workflow for AI releases",
+        "Deploy canary release monitoring and automatic rollback",
+        "Create post-deployment monitoring and alerting",
+        "Generate deployment audit trail and compliance evidence",
+    ];
+    if (riskLevel === "CRITICAL" || riskLevel === "HIGH") {
+        compliance.push("EU AI Act conformity assessment required for high-risk classification");
+        compliance.push("Data Protection Impact Assessment (DPIA) mandatory");
+        compliance.push("Appoint AI governance officer or responsible person");
+    }
+    const technical = [
+        "Pre-deployment readiness checker",
+        "Approval gate workflow engine",
+        "Canary release monitoring",
+        "Automatic rollback system",
+        "Deployment audit trail",
+    ];
+    const remediation = [];
+    if (riskLevel === "CRITICAL") {
+        remediation.push("URGENT: Conduct comprehensive regulatory review before deployment");
+        remediation.push("Commission independent third-party AI safety audit");
+        remediation.push("Implement mandatory human-in-the-loop for all critical decisions");
+    } else if (riskLevel === "HIGH") {
+        remediation.push("Conduct DPIA and update data processing agreements");
+        remediation.push("Implement enhanced monitoring and alerting for AI decisions");
+        remediation.push("Establish regular (quarterly) compliance review cycle");
+    }
+    remediation.push("Maintain comprehensive AI system documentation per EU AI Act Art. 11");
+    remediation.push("Establish stakeholder engagement process for affected communities");
+    remediation.push("Monitor evolving regulatory requirements in operating jurisdictions");
+    let casaTier = "CASA Tier 1 — Startup ($5K-$25K/yr)";
+    if (riskLevel === "CRITICAL") casaTier = "CASA Tier 3 — Enterprise ($75K-$200K/yr)";
+    else if (riskLevel === "HIGH") casaTier = "CASA Tier 2 — Professional ($25K-$75K/yr)";
+    else if (riskLevel === "MEDIUM") casaTier = "CASA Tier 2 — Professional ($25K-$75K/yr)";
+    return {
+        system_name: system_name,
+        risk_classification: riskClassification,
+        risk_level: riskLevel,
+        applicable_regulations: regulations,
+        compliance_requirements: compliance,
+        technical_requirements: technical,
+        remediation,
+        casa_tier: casaTier
+    };
+}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@csgaglobal/deployment-governance",
+  "version": "1.0.0",
+  "description": "AI deployment governance and release management. Controls AI model deployment through approval gates, canary releases, rollback capabilities, and production readiness checks.",
+  "type": "module",
+  "main": "dist/index.js",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "bin": {
+    "deployment-governance-mcp": "dist/index.js"
+  },
+  "scripts": {
+    "start": "node dist/index.js",
+    "build": "tsc"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.6.1",
+    "zod": "^3.24.1"
+  },
+  "devDependencies": {
+    "typescript": "^5.7.3",
+    "@types/node": "^22.12.0"
+  },
+  "license": "CC0-1.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/csga-global/mcp-servers.git",
+    "directory": "packages/deployment-governance"
+  },
+  "author": "CSGA Global \u2014 Cyber Security Global Alliance",
+  "keywords": [
+    "mcp",
+    "ai-governance",
+    "compliance",
+    "csoai",
+    "deployment",
+    "release-management",
+    "canary",
+    "rollback",
+    "production-readiness"
+  ]
+}