@ansvar/us-law-mcp

v0.1.1

Published

a month ago

US federal and state cybersecurity/privacy law MCP server with cross-state comparison

Downloads

192

0High
0Medium
0Low

ansvar

mcp model-context-protocol ai claude us-law united-states legal cybersecurity privacy breach-notification compliance federal state-law ansvar

US Law MCP Server

The US Code alternative for the AI age.

Query 93 US federal and state statutes across all 50 states + DC + key US territories -- from CFAA and HIPAA to California's CCPA/CPRA, New York's SHIELD Act, and Texas TDPSA -- directly from Claude, Cursor, or any MCP-compatible client.

If you're building legal tech, compliance tools, or doing US cybersecurity/privacy research, this is your verified reference database.

Built by Ansvar Systems -- Stockholm, Sweden

Why This Exists

US cybersecurity and privacy law is fragmented across 50+ jurisdictions. Whether you're:

A compliance officer comparing breach notification timelines across states
A privacy engineer checking which states require encryption of personal data
A legal tech developer building multi-state compliance tools
A CISO mapping state requirements to your incident response plan

...you shouldn't need to navigate dozens of state legislature websites and manually cross-reference PDFs. Ask Claude. Get the exact provision. Compare across states.

This MCP server makes US cybersecurity, privacy, and breach notification law searchable, comparable, and AI-readable.

Quick Start

Use Remotely (No Install Needed)

Connect directly to the hosted version -- zero dependencies, nothing to install.

Endpoint: https://us-law-mcp.vercel.app/mcp

| Client | How to Connect | |--------|---------------| | Claude.ai | Settings > Connectors > Add Integration > paste URL | | Claude Code | claude mcp add us-law --transport http https://us-law-mcp.vercel.app/mcp | | Claude Desktop | Add to config (see below) | | GitHub Copilot | Add to VS Code settings (see below) |

Claude Desktop -- add to claude_desktop_config.json:

{
  "mcpServers": {
    "us-law": {
      "type": "url",
      "url": "https://us-law-mcp.vercel.app/mcp"
    }
  }
}

GitHub Copilot -- add to VS Code settings.json:

{
  "github.copilot.chat.mcp.servers": {
    "us-law": {
      "type": "http",
      "url": "https://us-law-mcp.vercel.app/mcp"
    }
  }
}

Use Locally (npm)

npx @ansvar/us-law-mcp

Claude Desktop -- add to claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "us-law": {
      "command": "npx",
      "args": ["-y", "@ansvar/us-law-mcp"]
    }
  }
}

Cursor / VS Code:

{
  "mcp.servers": {
    "us-law": {
      "command": "npx",
      "args": ["-y", "@ansvar/us-law-mcp"]
    }
  }
}

Example Queries

Once connected, just ask naturally:

"What does 18 U.S.C. § 1030 say about protected computers?"
"Compare breach notification timelines across California, New York, and Texas"
"What are Florida's breach notification requirements?"
"Is HIPAA currently in force?"
"Find provisions about encryption of personal information"
"What privacy rights does California's CCPA/CPRA grant?"
"Validate the citation CFAA"
"Which states require notification within 30 days of a breach?"

What's Included

| Category | Count | Details | |----------|-------|---------| | Federal Statutes | 15 laws | CFAA, HIPAA, ECPA, GLBA, COPPA, FISMA, CISA, FTC Act, and more | | State Statutes | 78 laws | All 50 states + DC + Guam/Puerto Rico/US Virgin Islands: breach notification, privacy, cybersecurity | | Provisions | 484 sections | Full-text searchable with FTS5 | | State Requirements | 145 classified | Breach notification, privacy rights, cybersecurity obligations | | Requirement Categories | 20 types | Timeline, scope, penalties, rights, obligations | | Jurisdictions | 55 | Federal + 50 states + DC + Guam/Puerto Rico/US Virgin Islands | | Database Size | ~3 MB | Optimized SQLite, portable | | Weekly Updates | Automated | Freshness checks against uscode.house.gov |

No LLM-generated statute text -- provisions are fetched from published legal sources and stored verbatim for retrieval/search.

Available Tools (8)

| Tool | Description | |------|-------------| | search_legislation | FTS5 search across all federal and state provisions with BM25 ranking | | get_provision | Retrieve specific provision by jurisdiction, law identifier, or section number | | list_sources | List all available jurisdictions with document and provision counts | | compare_requirements | Compare requirements across states by category and subcategory | | get_state_requirements | Get classified requirements for a specific state (breach notification, privacy rights, etc.) | | validate_citation | Validate a legal citation against the database (zero-hallucination check) | | check_currency | Check if a statute is currently in force, amended, repealed, or superseded | | build_legal_stance | Aggregate statute search + state requirements for comprehensive legal research |

Cross-State Comparison

The killer feature. compare_requirements lets you instantly compare how different states handle the same legal requirement:

compare_requirements(category: "breach_notification", subcategory: "timeline", jurisdictions: ["US-CA", "US-NY", "US-TX"])

Returns structured data with notification deadlines, scope, and penalties for each state -- the kind of research that normally takes hours of manual cross-referencing.

Jurisdictions

55 jurisdictions: US Federal + all 50 states + DC + Guam/Puerto Rico/US Virgin Islands

US-FED US-AL US-AK US-AZ US-AR US-CA US-CO US-CT US-DE US-DC US-FL US-GA US-GU US-HI US-ID US-IL US-IN US-IA US-KS US-KY US-LA US-ME US-MD US-MA US-MI US-MN US-MS US-MO US-MT US-NE US-NV US-NH US-NJ US-NM US-NY US-NC US-ND US-OH US-OK US-OR US-PA US-PR US-RI US-SC US-SD US-TN US-TX US-UT US-VT US-VA US-VI US-WA US-WV US-WI US-WY

Data Sources & Freshness

All content is sourced from authoritative legal publications:

US Code (USLM) -- Office of the Law Revision Counsel, official XML
State Legislative Portals -- individual state legislature publications and state-source captures

Automated Freshness Checks (Weekly)

A weekly GitHub Actions workflow monitors US Code release points, refreshes federal data, rebuilds the database, runs tests, and opens a PR when changes are detected.

| Source | Check | Method | |--------|-------|--------| | US Code releases | uscode.house.gov release points | Release-link digest change detection | | Public laws | congress.gov/public-laws | Manual review triggered | | State amendments | State legislature portals | Periodic manual review |

Security

This project uses multiple layers of automated security scanning:

| Scanner | What It Does | Schedule | |---------|-------------|----------| | CodeQL | Static analysis for security vulnerabilities | Weekly + PRs | | Semgrep | SAST scanning (OWASP top 10, secrets, TypeScript) | Every push | | Gitleaks | Secret detection across git history | Every push | | Trivy | CVE scanning on filesystem and npm dependencies | Weekly | | OSSF Scorecard | OpenSSF best practices scoring | Weekly |

See SECURITY.md for the full policy and vulnerability reporting.

Important Disclaimers

Legal Advice

THIS TOOL IS NOT LEGAL ADVICE
Statute text is sourced from official/legal publications. However:
This is a research tool, not a substitute for professional legal counsel
State law coverage focuses on cybersecurity, privacy, and breach notification -- it does not cover all areas of law
Verify critical citations against primary sources for court filings
State laws change frequently -- always confirm currency against official state sources

Development

Setup

git clone https://github.com/Ansvar-Systems/US-law-mcp
cd US-law-mcp
npm install
npm run build:db && npm run ingest:all
npm run build
npm test

Running Locally

npm run dev                                       # Start MCP server (stdio)
npx @anthropic/mcp-inspector node dist/index.js   # Test with MCP Inspector

Environment Variables

| Variable | Default | Description | |----------|---------|-------------| | US_LAW_DB_PATH | data/database.db (relative to dist) | Custom path to the SQLite database file |

Data Management

npm run fetch:federal          # Fetch federal statutes from uscode.house.gov
npm run fetch:states           # Fetch state statutes
npm run build:db               # Rebuild SQLite database
npm run ingest:all             # Ingest all seed data (federal + states + classify)
npm run build:db:free          # Build free-tier database (no case law/regulatory guidance)
npm test                       # Run unit tests
npm run test:contract          # Run golden contract tests
npm run validate               # Lint + test + contract tests

Related Projects: Complete Compliance Suite

This server is part of Ansvar's Compliance Suite -- MCP servers that work together for end-to-end compliance coverage:

Contributing

Contributions welcome! Priority areas:

Expanding state law coverage beyond cybersecurity/privacy
Adding case law references
Historical statute versions and amendment tracking
Regulatory guidance cross-references

License

Apache License 2.0. See LICENSE for details.

Data Licenses

US Code: Public domain (Office of the Law Revision Counsel)
State Statutes: Public domain (individual state legislatures)

About Ansvar Systems

We build AI-accelerated compliance and legal research tools. This MCP server started because comparing breach notification requirements across 50 states shouldn't require a week of manual research.

So we're open-sourcing it. Multi-state compliance shouldn't be this hard.

ansvar.eu -- Stockholm, Sweden