gia-mcp-server

v0.4.0

Published

6 days ago

Runtime governance layer for generative AI agents. Works with any MCP-compatible client — Claude, GPT, Gemini, Cursor, or custom frameworks. MAI classification, forensic audit trails, human-in-the-loop gates, EU AI Act compliance, NIST/SOC 2/CMMC mapping.

GIA MCP Server

Governance enforcement layer for generative AI agents. Classify every decision, enforce human approval gates, control what agents can access, score compliance posture, and maintain a cryptographic audit trail. Works with any MCP-compatible AI client or agent framework — model-agnostic and vendor-neutral.

Any AI Agent ──> GIA MCP Server ──> Governed Decision
                      │
                      ├── MAI Classification (Mandatory/Advisory/Informational)
                      ├── Human-in-the-Loop Gates (blocks until approved)
                      ├── Context Authority (bounded, hash-verified knowledge access)
                      ├── Governance Scoring (Integrity/Accuracy/Compliance)
                      ├── Forensic Ledger (SHA-256 hash-chained audit)
                      ├── Knowledge Packs (sealed, TTL-bound institutional knowledge)
                      ├── Phoenix Recovery (governed disaster recovery)
                      └── Compliance Mapping (NIST, EU AI Act, ISO 42001, CMMC)

Production status: Live at gia.aceadvising.com/mcp. 890+ hash-chained audit entries. Sub-100ms governance overhead. Enterprise readiness score: 96.5/100.

Get a Free API Key

→ Get your starter key at gia.aceadvising.com/get-api-key — email in, key out, under 2 minutes. No credit card. Starter tier includes 30 req/min and 1,000 tool calls/day across all 33+ GIA tools.

Why

Every enterprise deploying AI agents needs to answer three questions:

What did the agent decide? (Classification)
Was a human involved? (Gates)
Can you prove it? (Audit trail)

GIA answers all three at runtime, not after the fact.

A fourth question most governance frameworks miss:

What was the agent allowed to know? (Context Authority)

GIA controls what context an agent can access before it reasons. Not RAG. Governed cognition.

Install

Option 1: Any MCP-Compatible Client (Local / stdio)

Add to your MCP client config using the standard mcpServers block:

{
  "mcpServers": {
    "gia": {
      "command": "npx",
      "args": ["gia-mcp-server"]
    }
  }
}

This works with any client that supports the Model Context Protocol over stdio:

| Client | Config file | |--------|-------------| | Claude Desktop | ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) / %APPDATA%\Claude\claude_desktop_config.json (Windows) | | Claude Code | .claude/settings.local.json (project) or ~/.claude/settings.json (global) | | Cursor | .cursor/mcp.json | | Continue | .continue/config.json | | Windsurf | ~/.codeium/windsurf/mcp_config.json | | Any stdio MCP client | Per-client config; same mcpServers JSON block |

Option 2: Remote (Streamable HTTP)

Connect any MCP client to the hosted endpoint:

Endpoint: https://gia.aceadvising.com/mcp
Transport: Streamable HTTP
Auth: Bearer <your-api-key>

Option 4: From source

git clone https://github.com/knowledgepa3/gia-mcp-server.git
cd gia-mcp-server
npm install
npm start

Tools

GIA exposes 33 MCP tools across six governance layers. Tool visibility is tiered: public tools are available to all clients, tenant tools require authentication, and operator tools are reserved for infrastructure management.

Core Governance (Public)

| Tool | Description | |------|-------------| | classify_decision | MAI classification with dynamic elevation | | score_governance | Weighted integrity/accuracy/compliance scoring | | evaluate_threshold | Storey Threshold escalation health metric | | assess_risk_tier | EU AI Act risk classification (Unacceptable/High/Limited/Minimal) | | map_compliance | Map controls to NIST AI RMF, EU AI Act, ISO 42001, NIST 800-53, MITRE ATLAS | | verify_ledger | Recompute every SHA-256 hash from genesis, report chain integrity | | request_context | Governed Context Authority with hash-verified envelopes |

classify_decision

Classify any AI agent decision using the MAI Framework.

"Classify this decision: Generate client-facing deployment recommendations"

> MANDATORY | Confidence: 0.95 | Gate Required: Yes
  Elevated from: INFORMATIONAL
  Reason: Client-facing output requires MANDATORY gate
  Audit ID: fd68c9a6-d981-45cd-a008-69032d11b6e6

MAI Framework:

| Level | Behavior | Example | |-------|----------|---------| | MANDATORY | Blocks until human approves | Delete records, financial transactions, client-facing output | | ADVISORY | Logs with recommendation, continues | Search queries, draft documents, analysis | | INFORMATIONAL | Audit trail only | Status checks, read operations |

Context always elevates, never reduces. PII detected? Elevated to MANDATORY. Financial impact? MANDATORY. Client-facing? MANDATORY.

request_context

Governed Context Authority. Agents declare what context they need. GIA decides what to serve based on role, scope, and contract.

"Request compliance context for high-risk AI operations"

> Envelope: GIA-CTX-mn0uanx1-upi2f7
  MAI: ADVISORY
  Hash: c83184d9caa88e76...
  Sources: memory_packs, governed_retrieval, compliance_mappings
  Compliance Maps: 18 returned
  Denials: 0

Five context classes: policies_and_sops, architecture_and_systems, contract_and_compliance, playbooks_and_knowledge, operational_history.

Every retrieval is role-bound, tenant-scoped, hash-verified, and ledgered. Agents don't know internals by default. They request context under contract.

score_governance

Score any agent output on three dimensions:

"Score this operation: integrity=0.92, accuracy=0.88, compliance=0.95"

> Composite: 0.912 | Grade: A | Pass: Yes
  Weights: Integrity 40% | Accuracy 35% | Compliance 25%

| Score | Action | |-------|--------| | 0.70+ | Release (pass) | | 0.50-0.70 | Repair required | | Below 0.50 | Halt operations |

evaluate_threshold

The Storey Threshold measures governance health by tracking MANDATORY escalation rate.

"Evaluate the governance threshold"

> Escalation Rate: 14.2% | Status: HEALTHY
  Recommendation: Within optimal band (10-18%). System is calibrated.

| Rate | Status | Meaning | |------|--------|---------| | Below 10% | DEGRADED | Under-classifying risks | | 10-18% | HEALTHY | Appropriately calibrated | | 18-25% | DEGRADED | Over-classifying, unnecessary friction | | Above 25% | CRITICAL | System bottlenecked |

Knowledge & Recovery (Tenant)

| Tool | Description | |------|-------------| | seal_memory_pack | Create hash-sealed, TTL-bound institutional knowledge artifacts | | load_memory_pack | Load a knowledge pack with trust level and role validation | | transfer_memory_pack | Transfer packs between agents via governed knowledge corridors | | compose_memory_packs | Compose multiple packs into unified execution context | | distill_memory_pack | Distill governance patterns from usage history | | promote_memory_pack | Promote packs to higher trust levels (requires MANDATORY gate) | | phoenix_snapshot | Create governed state snapshot (hash-chained to previous) | | phoenix_verify_integrity | Verify full governance state integrity | | phoenix_recovery_health | Assess disaster recovery readiness (NIST CP-2/CP-9/CP-10) |

Audit & Reporting (Tenant)

| Tool | Description | |------|-------------| | audit_pipeline | Query the hash-chained forensic ledger | | monitor_agents | Health status for all governed agents | | system_status | Full system snapshot with module status | | generate_report | Governance status report (summary, detailed, or executive) | | record_value_metric | Track time saved, risk blocked, success rate for ROI | | record_governance_event | Track gates triggered, drift prevented, violations blocked | | generate_impact_report | Full economic and governance impact report |

Infrastructure (Operator)

| Tool | Description | |------|-------------| | approve_gate | Human-in-the-loop approval for MANDATORY decisions | | srt_run_watchdog | Health check probes (API, frontend, disk, memory, TLS, DB, DNS) | | srt_diagnose | Match findings to playbooks, propose repair plans | | srt_approve_repair | MANDATORY gate for repair execution | | srt_generate_postmortem | Structured postmortem with timeline and metrics | | gia_scan_environment | Scout target environment for compatibility | | gia_list_packs | List available remediation/patrol/hardening/audit packs | | gia_dry_run_pack | Preview remediation with blast radius analysis | | gia_apply_pack | Execute remediation with MANDATORY human approval | | gia_run_patrol | Read-only posture checks and compliance audits | | gia_retrieve | Governed semantic search with permission checking | | gia_ingest_document | Governed document ingestion with hash verification |

Architecture

┌─────────────────────────────────────────────────────────────┐
│  MCP Clients (any vendor)                                    │
│  Claude | Cursor | Windsurf | OpenAI Agents | Gemini | HTTP  │
└────────────────────────┬────────────────────────────────────┘
                         │ stdio / Streamable HTTP
┌────────────────────────▼────────────────────────────────────┐
│  GIA MCP Server                                              │
│                                                              │
│  ┌────────────────────────────────────────────────────────┐ │
│  │  Transport Layer (MCP Protocol)                         │ │
│  │  33 tools | 5 resources | 4 prompts | validate | route  │ │
│  └────────────────────┬───────────────────────────────────┘ │
│                        │                                     │
│  ┌────────────────────▼───────────────────────────────────┐ │
│  │  Governance Engine                                      │ │
│  │                                                         │ │
│  │  MAI Classifier ── Gate Enforcer ── Context Authority   │ │
│  │  Scoring Engine ── Storey Threshold ── Compliance Map   │ │
│  │  Knowledge Packs ── Phoenix Recovery ── SRT Watchdog    │ │
│  │  Forensic Ledger (SHA-256 hash-chained, persistent)     │ │
│  └─────────────────────────────────────────────────────────┘ │
│                        │                                     │
│  ┌─────────────────────▼───────────────────────────────────┐ │
│  │  Persistence Layer (PostgreSQL)                          │ │
│  │  Ledger | Gates | Memory Packs | Intelligence | SRT     │ │
│  └─────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘

Design principles:

Transport layer does zero business logic
Every operation writes to the forensic ledger
Classification is deterministic (pattern matching + rules, not LLM-based)
Audit entries are hash-chained (SHA-256), persistent across restarts
Context is bounded by contract, not by model training data
Human principal traceability on every governed action

Concepts

MAI Framework

Every AI agent decision is classified as Mandatory, Advisory, or Informational:

MANDATORY -- Blocks execution until a human approves through the gate. Deletions, submissions, deployments, financial transactions, PII operations, client-facing output.
ADVISORY -- Logs a recommendation, continues execution. Searches, drafts, rankings, analysis.
INFORMATIONAL -- Audit trail entry only. Status checks, read operations, internal routing.

Context elevates, never reduces. A search (ADVISORY) that touches PII becomes MANDATORY.

Storey Threshold

A quantitative health metric. Measures what percentage of decisions require MANDATORY classification.

Too low (<10%): Rubber-stamping. Critical decisions aren't being caught.
Healthy (10-18%): Appropriate friction. Most decisions flow; critical ones stop.
Too high (>18%): Bottleneck. Trust calibration needed.

Context Authority

Agents don't know internals by default. They request context under contract. GIA checks role, scope, trust level, and content classification before serving a hash-verified context envelope. Five context classes cover policies, architecture, compliance, playbooks, and operational history. Every retrieval is audited. Every denial is logged with a reason code.

Forensic Ledger

Append-only, hash-chained audit trail with PostgreSQL persistence. Every entry contains:

Operation name, timestamp, and actor identity
MAI classification level
Input/output hashes (SHA-256)
Chain link to previous entry
Human principal traceability (delegatedBy field)

Verify chain integrity at any time. If any entry is modified, the chain breaks. 890+ entries in production, chain verified INTACT.

Knowledge Packs

Sealed, TTL-bound institutional knowledge artifacts with trust level enforcement (SYSTEM > ORG > CASE > EPHEMERAL). Hash-verified at load time. Role-gated access. Transfer between agents requires MANDATORY gate approval.

Phoenix Recovery

Governed disaster recovery. Hash-chained snapshots of governance engine state. Verifies audit chain integrity, gate states, knowledge pack inventory, and compliance posture on recovery. NIST 800-53 CP-2/CP-9/CP-10 aligned. Grade A in production.

Performance

Measured on the live production system (gia.aceadvising.com):

| Operation | Median Latency | Grade | |-----------|---------------|-------| | Decision Classification | 9ms | A+ | | Compliance Scoring | 11ms | A+ | | Context Authority | 7ms | A+ | | Audit Chain Verification (890+ hashes) | 98ms | B+ | | 5 Concurrent Operations | 757ms total | Grade A |

Enterprise readiness score: 96.5/100 (7-phase validation including chaos engineering and Phoenix recovery).

Compliance Mapping

| Framework | Coverage | |-----------|----------| | NIST AI RMF 1.0 | MAP, MEASURE, MANAGE, GOVERN functions | | NIST SP 800-53 Rev 5 | AU-2, AU-3, AC-2, AC-6, CP-2, CP-9, CP-10 | | EU AI Act (2024/1689) | Articles 9-15, Annex III/IV, conformity assessment | | ISO/IEC 42001 | AI Management System alignment | | CMMC 2.0 | Cybersecurity maturity controls | | MITRE ATLAS | Adversarial threat landscape mapping |

Transports

| Transport | Use Case | |-----------|----------| | stdio | Any local MCP client (Claude Desktop, Cursor, Windsurf, Continue, Claude Code, etc.) | | Streamable HTTP | Remote clients, OpenAI Agents SDK, LangChain, custom agent frameworks, web integrations |

Both transports share the same governance engine. Same classification, same audit trail, same enforcement.

Current Limitations

| Area | Status | |------|--------| | Distributed multi-region deployment | Single-region (planned) | | FedRAMP authorization | In progress | | SOC 2 Type II audit | Planned Q2 2026 | | IL4/IL5 deployment | Planned Q4 2026 |

The governance engine, persistence, authentication, rate limiting, multi-vendor support, and compliance mapping are all production-grade and operational.

License

The MAI Framework, Storey Threshold, Context Authority, Forensic Ledger architecture, and GIA governance patterns are intellectual property of the author. See LICENSE for terms.

Built by ACE (SDVOSB) | Live Platform | Smithery