npm - @eucomplyhub/mcp-eu-ai-act - Versions diffs - 0.1.0 - Mend

@eucomplyhub/mcp-eu-ai-act 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,27 @@
+MIT License
+Copyright (c) 2026 Piotr Reder / eucomplyhub.com
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+Risk classification logic in src/index.ts is adapted from
+@clustral/risk-compass (MIT) by Clustral AI Labs. Attribution preserved.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+This software is an educational tool for orientation, not legal advice.
+For binding compliance mapping, consult a qualified expert.

package/README.md ADDED Viewed

@@ -0,0 +1,213 @@
+# @eucomplyhub/mcp-eu-ai-act
+MCP (Model Context Protocol) server exposing free EU AI Act compliance classifiers to AI assistants. Built for **Claude Desktop**, **Cursor**, **Windsurf**, and any MCP-compatible client.
+> Powers AI assistants to evaluate mid-market SaaS systems against EU AI Act, NIST AI RMF, ISO/IEC 42001, OECD, GDPR, and sector-specific overlays.
+[![npm](https://img.shields.io/npm/v/@eucomplyhub/mcp-eu-ai-act.svg)](https://www.npmjs.com/package/@eucomplyhub/mcp-eu-ai-act)
+[![license](https://img.shields.io/npm/l/@eucomplyhub/mcp-eu-ai-act.svg)](LICENSE)
+---
+## Tools exposed
+### 1. `quick_risk_class` — 30-second multi-jurisdiction risk classifier
+Deterministic, rule-based AI risk classification. **No LLM call** — same inputs always produce the same outputs.
+**Frameworks covered:**
+- 🇪🇺 EU AI Act (Articles 5, 9–15, 26, 27, 50, 53)
+- 🇺🇸 NIST AI RMF (Govern · Map · Measure · Manage)
+- 🌐 ISO/IEC 42001 (Clauses 4–10 + Annex B)
+- 🌍 OECD AI Principles
+- 🇸🇬 Singapore Model AI Governance
+- 🇨🇳 PRC GenAI Interim Measures (for generation archetype)
+- 🔐 GDPR + UK GDPR + DPDP + CCPA + LGPD + PIPEDA (privacy stack)
+- 🏥 HIPAA / FDA SaMD / EU MDR-AI (healthcare overlay)
+- ⚖️ EEOC + NYC AEDT + Colorado SB 24-205 (US employment overlay)
+- 🏛️ OMB M-24-10 + CoE AI Convention (public sector overlay)
+**Inputs:**
+- `industry`: healthcare, publicSector, education, hr, retail, industrial, media, other
+- `archetype`: decisioning, generation, classification, recommendation, automation, forecasting
+- `impact`: internal, b2b, consumer, regulated
+**Returns:** Risk class (Critical / High / Limited / Minimal), 5-axis risk profile, per-framework verdicts.
+---
+### 2. `classify_annex3` — Deep Annex III classification (Claude-powered)
+Full EU AI Act mapping using Claude (Anthropic) with complete regulatory context — Articles 6, 9–15, 26, 27, 50, 53 plus the postponement nuance (Annex III standalone enforcement postponed to Dec 2 2027; Article 50 + GPAI Article 53 lock in Aug 2 2026).
+**Inputs:**
+- `company`: Company name
+- `industry`: Industry/vertical
+- `features`: Array of AI features
+- `useCase`: Plain-English description (min 20 chars)
+- `euExposure`: eu-customers-output, eu-employees-only, no-eu, considering-eu
+**Returns:**
+- Overall risk classification (high-risk / limited-risk / gpai / minimal-risk)
+- 8 Annex III categories with applies status + reasoning
+- Article 50 transparency obligations + reasoning
+- GPAI Article 53 applicability (provider / deployer) + reasoning
+- 5 priority remediation actions tailored to your stack
+> Calls https://eucomplyhub.com/api/annex3-classify — free, no signup, ~60s response time.
+---
+## Install
+### For Claude Desktop
+1. Install the package globally:
+   ```bash
+   npm install -g @eucomplyhub/mcp-eu-ai-act
+   ```
+2. Edit your Claude Desktop config file:
+   - macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
+   - Windows: `%APPDATA%\Claude\claude_desktop_config.json`
+3. Add the server:
+   ```json
+   {
+     "mcpServers": {
+       "eucomplyhub": {
+         "command": "npx",
+         "args": ["-y", "@eucomplyhub/mcp-eu-ai-act"]
+       }
+     }
+   }
+   ```
+4. Restart Claude Desktop.
+5. In a new chat, ask:
+   > Use the eucomplyhub tools to classify Acme Inc — an HR-tech SaaS with CV screening features for European enterprise customers.
+   Claude will call `classify_annex3` and return a structured Annex III mapping + priority remediation actions.
+### For Cursor
+Add to `.cursor/mcp.json` (workspace) or `~/.cursor/mcp.json` (global):
+```json
+{
+  "mcpServers": {
+    "eucomplyhub": {
+      "command": "npx",
+      "args": ["-y", "@eucomplyhub/mcp-eu-ai-act"]
+    }
+  }
+}
+```
+### For Windsurf
+Add to `~/.codeium/windsurf/mcp_config.json`:
+```json
+{
+  "mcpServers": {
+    "eucomplyhub": {
+      "command": "npx",
+      "args": ["-y", "@eucomplyhub/mcp-eu-ai-act"]
+    }
+  }
+}
+```
+### Generic stdio client
+```bash
+npx -y @eucomplyhub/mcp-eu-ai-act
+```
+The server runs over stdio (standard MCP transport).
+---
+## Example prompts
+Once installed, ask your AI assistant questions like:
+- *"What's the EU AI Act risk class for an HR-tech SaaS using AI to score job candidates?"*
+- *"Run the quick risk classifier for a healthcare diagnostic AI used by EU regulated medical providers."*
+- *"Deep-classify Acme Inc — they're a B2B fintech using AI to score loan applicants in the EU."*
+- *"For Notion AI features, what Annex III categories apply and what's the Article 50 obligation?"*
+The assistant will call the appropriate tool and return structured results you can act on.
+---
+## What does this cost?
+**Free.** Both tools call free public endpoints at `eucomplyhub.com`:
+- `quick_risk_class` runs entirely locally (deterministic JavaScript, no network call)
+- `classify_annex3` calls `https://eucomplyhub.com/api/annex3-classify` (rate-limited free public API)
+Rate limits apply for abuse prevention. Heavy usage should consider commissioning a full audit via [eucomplyhub.com/audit](https://eucomplyhub.com/audit).
+---
+## Disclaimer
+This MCP server is an **educational tool for orientation**, not legal advice. Each framework has specific clauses, exceptions, and edge cases. For binding compliance mapping (audit deliverables, certification prep, regulatory submission), consult an expert.
+For a paid expert audit:
+- 📋 **Tier 1 Quick Audit (€799):** Free /risk-class + /annex3 + 60-min consultation
+- 🔬 **Tier 2 Full Audit (€1,999):** Triple-framework methodology + audit-ready deliverable
+- 🛡️ **Tier 3 Continuous Monitoring (€299/mo):** Post-audit ongoing review
+Book at [eucomplyhub.com/audit](https://eucomplyhub.com/audit).
+---
+## Methodology
+Built and maintained by [Piotr Reder](https://www.linkedin.com/in/piotrreder/) ([eucomplyhub.com](https://eucomplyhub.com)). Triple-framework specialist for mid-market SaaS preparing for EU AI Act enforcement.
+**Risk class logic** adapted from [@clustral/risk-compass](https://github.com/king-star-12/risk-compass) (MIT).
+**Annex III deep classifier** powered by [Anthropic Claude](https://www.anthropic.com/) (claude-sonnet-4-6).
+---
+## Web versions
+Prefer a browser?
+- 🌐 [eucomplyhub.com/risk-class](https://eucomplyhub.com/risk-class) — interactive Tier 0 classifier (same logic as `quick_risk_class`)
+- 🔬 [eucomplyhub.com/annex3](https://eucomplyhub.com/annex3) — Tier 1 deep classifier (same as `classify_annex3`)
+- 🗺️ [eucomplyhub.com/crosswalk](https://eucomplyhub.com/crosswalk) — interactive EU AI Act ↔ ISO 42001 ↔ NIST mapping
+---
+## License
+MIT — see [LICENSE](LICENSE).
+## Contributing
+Issues + PRs welcome at https://github.com/eucomplyhub/mcp-eu-ai-act
+For questions about the audit methodology behind the tools, reach out: [piotr@eucomplyhub.com](mailto:piotr@eucomplyhub.com)
+---
+## Changelog
+### 0.1.0 — 2026-05-14
+- Initial release
+- Two tools: `quick_risk_class` + `classify_annex3`
+- 10+ frameworks covered
+- Claude Desktop / Cursor / Windsurf install instructions

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+#!/usr/bin/env node
+/**
+ * @eucomplyhub/mcp-eu-ai-act
+ *
+ * MCP (Model Context Protocol) server exposing eucomplyhub.com's free EU AI Act
+ * compliance classifiers to AI assistants (Claude Desktop, Cursor, Windsurf, etc.)
+ *
+ * Two tools exposed:
+ *   1. classify_annex3 — Deep Annex III classification (Claude-powered)
+ *      Maps to: https://eucomplyhub.com/api/annex3-classify
+ *   2. quick_risk_class — 30-second multi-jurisdiction risk classifier
+ *      (deterministic, no LLM call — same logic as eucomplyhub.com/risk-class)
+ *
+ * @license MIT
+ * @see https://eucomplyhub.com
+ */
+export {};

package/dist/index.js ADDED Viewed

@@ -0,0 +1,331 @@
+#!/usr/bin/env node
+/**
+ * @eucomplyhub/mcp-eu-ai-act
+ *
+ * MCP (Model Context Protocol) server exposing eucomplyhub.com's free EU AI Act
+ * compliance classifiers to AI assistants (Claude Desktop, Cursor, Windsurf, etc.)
+ *
+ * Two tools exposed:
+ *   1. classify_annex3 — Deep Annex III classification (Claude-powered)
+ *      Maps to: https://eucomplyhub.com/api/annex3-classify
+ *   2. quick_risk_class — 30-second multi-jurisdiction risk classifier
+ *      (deterministic, no LLM call — same logic as eucomplyhub.com/risk-class)
+ *
+ * @license MIT
+ * @see https://eucomplyhub.com
+ */
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+const SERVER_NAME = "@eucomplyhub/mcp-eu-ai-act";
+const SERVER_VERSION = "0.1.0";
+const API_BASE = "https://eucomplyhub.com";
+// ─── Deterministic risk-class logic (mirror of /risk-class page) ─────────────
+const INDUSTRY_W = {
+    healthcare: [8, 10, 7, 9, 9],
+    publicSector: [9, 8, 9, 8, 9],
+    education: [7, 7, 8, 6, 6],
+    hr: [8, 8, 9, 6, 7],
+    retail: [3, 5, 4, 4, 4],
+    industrial: [4, 4, 3, 7, 4],
+    media: [4, 4, 6, 7, 4],
+    other: [5, 5, 5, 5, 5],
+};
+const ARCHETYPE_W = {
+    decisioning: [9, 5, 9, 8, 8],
+    generation: [4, 5, 5, 8, 4],
+    classification: [6, 5, 7, 6, 5],
+    recommendation: [5, 5, 7, 4, 5],
+    automation: [7, 5, 5, 9, 7],
+    forecasting: [4, 5, 6, 7, 4],
+};
+const IMPACT_W = {
+    internal: [2, 3, 3, 4, 2],
+    b2b: [4, 5, 5, 6, 5],
+    consumer: [6, 7, 7, 7, 7],
+    regulated: [10, 9, 10, 9, 10],
+};
+const AXES = ["decisionalImpact", "dataSensitivity", "biasRisk", "hallucinationCost", "regulatoryLoad"];
+function r1(x) {
+    return Math.round(x * 10) / 10;
+}
+function classifyRisk(industry, archetype, impact) {
+    const i = INDUSTRY_W[industry];
+    const a = ARCHETYPE_W[archetype];
+    const p = IMPACT_W[impact];
+    if (!i || !a || !p) {
+        throw new Error(`Invalid input. industry must be one of: ${Object.keys(INDUSTRY_W).join(", ")}. archetype: ${Object.keys(ARCHETYPE_W).join(", ")}. impact: ${Object.keys(IMPACT_W).join(", ")}.`);
+    }
+    const scores = {};
+    for (let k = 0; k < 5; k++) {
+        scores[AXES[k]] = r1((i[k] + a[k] + p[k]) / 3);
+    }
+    const m = Math.max(scores.decisionalImpact, scores.biasRisk, scores.regulatoryLoad);
+    let cls, summary;
+    if (m >= 9) {
+        cls = "Critical";
+        summary = "Re-scope before any build. Conformity assessment, fundamental-rights review and sector-specific approvals are mandatory before deployment.";
+    }
+    else if (m >= 7) {
+        cls = "High";
+        summary = "Engineer for conformity assessment, fairness evaluation and tamper-evident audit trail from day one. Annex III obligations apply.";
+    }
+    else if (m >= 5) {
+        cls = "Limited";
+        summary = "Ship with transparency disclosures, output grounding and a documented incident-response plan. Article 50 transparency applies.";
+    }
+    else {
+        cls = "Minimal";
+        summary = "Move fast — but maintain an audit trail and basic ISO/IEC 42001 hygiene. Re-classify when scope changes.";
+    }
+    const di = scores.decisionalImpact, br = scores.biasRisk, rl = scores.regulatoryLoad, hc = scores.hallucinationCost, ds = scores.dataSensitivity;
+    const frameworks = [
+        {
+            id: "eu_ai_act",
+            label: "EU AI Act",
+            region: "EU",
+            verdict: di >= 9
+                ? "Review for Art. 5 prohibited practices before any deployment."
+                : (di >= 7 || impact === "regulated")
+                    ? "High-risk system — full Annex III obligations apply (Articles 9–15, 26, 27)."
+                    : di >= 5
+                        ? "Limited risk — Article 50 transparency duties apply (user notification + content labelling)."
+                        : "Minimal risk — voluntary best-practice + ISO/IEC 42001 alignment.",
+        },
+        {
+            id: "nist_ai_rmf",
+            label: "NIST AI RMF",
+            region: "US / global",
+            verdict: br >= 8
+                ? "Govern + Measure priority — fairness, validity and reliability controls."
+                : hc >= 7
+                    ? "Measure + Manage — robustness and reliability emphasis."
+                    : "Map + Govern — full functional alignment across all four functions.",
+        },
+        {
+            id: "iso_42001",
+            label: "ISO/IEC 42001",
+            region: "Global",
+            verdict: rl >= 8
+                ? "Full AIMS implementation with sector annex controls (Clauses 4–10)."
+                : rl >= 6
+                    ? "Core AIMS implementation with documented risk treatment plan."
+                    : "Lightweight AIMS aligned with existing ISO 27001 program.",
+        },
+        {
+            id: "oecd",
+            label: "OECD AI Principles",
+            region: "50+ countries",
+            verdict: (br >= 7 || di >= 7)
+                ? "Human-centred values, transparency and accountability obligations."
+                : "Standard accountability + transparency posture sufficient.",
+        },
+        {
+            id: "singapore",
+            label: "Singapore Model AI Governance",
+            region: "Singapore",
+            verdict: (impact === "consumer" || impact === "regulated")
+                ? "Apply AI Verify testing toolkit before deployment."
+                : "Internal governance committee + risk impact assessment.",
+        },
+        {
+            id: "gdpr",
+            label: "GDPR · UK GDPR · DPDP · CCPA · LGPD · PIPEDA",
+            region: "Global privacy",
+            verdict: ds >= 7
+                ? "Strong: DPA(s), DPIA, DPO consultation, Article 22 / DPDP §11 automated-decision review."
+                : "Standard: lawful basis, transparency notices, data subject rights operationalised.",
+        },
+    ];
+    // PRC GenAI overlay
+    if (archetype === "generation") {
+        frameworks.push({
+            id: "prc_genai",
+            label: "PRC GenAI Interim Measures",
+            region: "China",
+            verdict: "Pre-launch security assessment + watermarking obligations apply for PRC users.",
+        });
+    }
+    // Sector overlays
+    if (industry === "healthcare") {
+        frameworks.push({
+            id: "hipaa_fda_samd",
+            label: "HIPAA / FDA SaMD / EU MDR-AI",
+            region: "Health",
+            verdict: "PHI minimisation, BAAs, and software-as-medical-device classification check required.",
+        });
+    }
+    else if (industry === "hr") {
+        frameworks.push({
+            id: "us_employment",
+            label: "EEOC + NYC AEDT + Colorado SB 24-205",
+            region: "US employment",
+            verdict: "Pre-deployment bias audit + candidate notice + annual disparate-impact testing.",
+        });
+    }
+    else if (industry === "publicSector") {
+        frameworks.push({
+            id: "us_public_sector",
+            label: "OMB M-24-10 + CoE AI Convention",
+            region: "Public sector",
+            verdict: "Rights-impact assessment + public AI use case inventory + human rights safeguards.",
+        });
+    }
+    return {
+        class: cls,
+        summary,
+        scores,
+        frameworks,
+        methodology: "Deterministic, rule-based classification. Same inputs always produce the same outputs. Logic adapted from @clustral/risk-compass (MIT). Triple-framework methodology by eucomplyhub.com.",
+        disclaimer: "This is a high-level orientation tool, not legal advice. For binding compliance mapping, consult an expert. See https://eucomplyhub.com/risk-class for the interactive web version.",
+    };
+}
+// ─── MCP Server setup ────────────────────────────────────────────────────────
+const server = new Server({
+    name: SERVER_NAME,
+    version: SERVER_VERSION,
+}, {
+    capabilities: {
+        tools: {},
+    },
+});
+// List available tools
+server.setRequestHandler(ListToolsRequestSchema, async () => {
+    return {
+        tools: [
+            {
+                name: "quick_risk_class",
+                description: "30-second deterministic multi-jurisdiction AI risk classification across EU AI Act, NIST AI RMF, ISO/IEC 42001, OECD, Singapore Model AI Governance, GDPR, and sector-specific overlays (HIPAA, NYC AEDT, Colorado SB 24-205). No LLM call. Same inputs always produce same outputs. Use this for quick orientation before deeper analysis.",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        industry: {
+                            type: "string",
+                            enum: ["healthcare", "publicSector", "education", "hr", "retail", "industrial", "media", "other"],
+                            description: "Industry vertical. Use 'other' for fintech/banking/insurance.",
+                        },
+                        archetype: {
+                            type: "string",
+                            enum: ["decisioning", "generation", "classification", "recommendation", "automation", "forecasting"],
+                            description: "What the AI primarily does: decisioning (approve/deny, score, allocate), generation (draft, summarise), classification (label, route, triage), recommendation (rank, suggest), automation (multi-step actions), forecasting (predict outcomes).",
+                        },
+                        impact: {
+                            type: "string",
+                            enum: ["internal", "b2b", "consumer", "regulated"],
+                            description: "Who is affected: internal (employee-only), b2b (business customers), consumer (end users), regulated (healthcare, finance, public sector).",
+                        },
+                    },
+                    required: ["industry", "archetype", "impact"],
+                },
+            },
+            {
+                name: "classify_annex3",
+                description: "Deep Annex III classification using Claude (Anthropic) with full EU AI Act regulatory context. Maps your product against all 8 Annex III high-risk categories + Article 50 transparency + GPAI Article 53 + GPAI provider/deployer reasoning. Returns 5 priority remediation actions tailored to your stack. ~60 seconds (LLM-powered).",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        company: {
+                            type: "string",
+                            description: "Company name being classified.",
+                        },
+                        industry: {
+                            type: "string",
+                            description: "Industry/vertical (e.g., 'HR-tech', 'fintech', 'healthtech', 'productivity', 'voice-AI').",
+                        },
+                        features: {
+                            type: "array",
+                            items: { type: "string" },
+                            description: "AI features in the product. Examples: 'content-generation', 'scoring', 'decision-making', 'api-consumer', 'own-model', 'recommendation', 'classification'.",
+                        },
+                        useCase: {
+                            type: "string",
+                            description: "Plain-English description of what the AI does and who it serves. Min 20 chars.",
+                        },
+                        euExposure: {
+                            type: "string",
+                            enum: ["eu-customers-output", "eu-employees-only", "no-eu", "considering-eu"],
+                            description: "EU exposure level. 'eu-customers-output' = serves EU customers with AI-influenced outputs. 'eu-employees-only' = internal tools used by EU employees only. 'no-eu' = no EU footprint. 'considering-eu' = planning EU expansion.",
+                        },
+                    },
+                    required: ["company", "industry", "features", "useCase", "euExposure"],
+                },
+            },
+        ],
+    };
+});
+// Handle tool calls
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: args } = request.params;
+    if (!args) {
+        throw new Error("Missing arguments");
+    }
+    if (name === "quick_risk_class") {
+        const { industry, archetype, impact } = args;
+        try {
+            const result = classifyRisk(industry, archetype, impact);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify(result, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Error: ${err.message}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    }
+    if (name === "classify_annex3") {
+        try {
+            const response = await fetch(`${API_BASE}/api/annex3-classify`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify(args),
+            });
+            if (!response.ok) {
+                const errText = await response.text();
+                throw new Error(`Classifier API returned ${response.status}: ${errText.slice(0, 200)}`);
+            }
+            const result = await response.json();
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify(result, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Error calling classifier: ${err.message}. Try the web version: https://eucomplyhub.com/annex3`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    }
+    throw new Error(`Unknown tool: ${name}`);
+});
+// Start server
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error(`[${SERVER_NAME}] v${SERVER_VERSION} listening on stdio.`);
+}
+main().catch((err) => {
+    console.error("Fatal error:", err);
+    process.exit(1);
+});

package/package.json ADDED Viewed

@@ -0,0 +1,63 @@
+{
+  "name": "@eucomplyhub/mcp-eu-ai-act",
+  "version": "0.1.0",
+  "description": "MCP server for EU AI Act compliance — Annex III deep classifier + multi-jurisdiction risk classifier. Powers AI assistants (Claude Desktop, Cursor, Windsurf) to evaluate mid-market SaaS systems against EU AI Act, NIST AI RMF, ISO/IEC 42001, OECD, and more frameworks.",
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "eu-ai-act",
+    "annex-iii",
+    "ai-governance",
+    "compliance",
+    "audit",
+    "iso-42001",
+    "nist-ai-rmf",
+    "gdpr",
+    "ai-act-classifier"
+  ],
+  "author": {
+    "name": "Piotr Reder",
+    "email": "piotr@eucomplyhub.com",
+    "url": "https://eucomplyhub.com"
+  },
+  "license": "MIT",
+  "homepage": "https://eucomplyhub.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/eucomplyhub/mcp-eu-ai-act.git"
+  },
+  "bugs": {
+    "url": "https://github.com/eucomplyhub/mcp-eu-ai-act/issues"
+  },
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "mcp-eu-ai-act": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "tsx src/index.ts",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.6.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  }
+}