README.md
Enterprise AI governance through the Model Context Protocol.
GIA Governance Intelligence Automation
Enterprise AI governance through the Model Context Protocol.
GIA is a production governance engine that gives AI agents enforceable decision controls, compliance scoring, immutable audit chains, and human-in-the-loop gates. Built for organizations operating under NIST, FedRAMP, CMMC, EU AI Act, and SOC 2 requirements.
29 MCP tools. One integration point. Works with Claude Desktop, Claude Code, OpenAI Agent Builder, and any MCP-compatible client.
Quick Start
npx gia-mcp-server
Or install globally:
npm install -g gia-mcp-server
gia-mcp-server
The server connects to the hosted GIA engine at https://gia.aceadvising.com. Configure your API key:
GIA_API_KEY=your-key npx gia-mcp-server
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"gia-governance": {
"command": "npx",
"args": ["-y", "gia-mcp-server"],
"env": {
"GIA_API_KEY": "your-key"
}
}
}
}
Claude Code
claude mcp add gia-governance -- npx -y gia-mcp-server
OpenAI Agent Builder
Point to the Streamable HTTP endpoint:
https://gia.aceadvising.com/mcp
Smithery
npx -y @smithery/cli install @knowledgepa3/gia-mcp-server --client claude
Tools
Decision Controls (MAI Framework)
| Tool | Description |
|---|---|
classify_decision |
Classify agent decisions as Mandatory, Advisory, or Informational |
approve_gate |
Human-in-the-loop approval for Mandatory gates |
evaluate_threshold |
Compute escalation health (Storey Threshold) |
score_governance |
Weighted governance scoring (Integrity, Accuracy, Compliance) |
Compliance & Audit
| Tool | Description |
|---|---|
audit_pipeline |
Query the hash-chained forensic audit ledger |
verify_ledger |
Verify SHA-256 chain integrity from genesis |
map_compliance |
Map controls to NIST AI RMF, EU AI Act, ISO 42001, NIST 800-53 |
assess_risk_tier |
EU AI Act risk tier classification |
generate_report |
Governance status reports (summary, detailed, executive) |
Knowledge Packs
| Tool | Description |
|---|---|
seal_memory_pack |
Create immutable, TTL-bound knowledge artifacts |
load_memory_pack |
Load packs with trust level and role enforcement |
transfer_memory_pack |
Governed knowledge transfer between agents |
compose_memory_packs |
Merge packs with risk contamination rules |
distill_memory_pack |
Extract governance patterns from usage history |
promote_memory_pack |
Promote packs to higher trust levels after review |
Security & Operations
| Tool | Description |
|---|---|
monitor_agents |
Agent health, repair history, failure counts |
srt_run_watchdog |
Infrastructure health probes (API, disk, memory, TLS, DB, DNS) |
srt_diagnose |
Incident diagnosis with playbook matching |
srt_approve_repair |
Human-approved repair execution |
srt_generate_postmortem |
Structured incident postmortems with TTD/TTR metrics |
Infrastructure Remediation
| Tool | Description |
|---|---|
gia_scan_environment |
Scout swarm for environment detection |
gia_list_packs |
List remediation, patrol, hardening, and audit packs |
gia_dry_run_pack |
Preview pack execution with blast radius analysis |
gia_apply_pack |
Execute remediation with mandatory human approval |
gia_run_patrol |
Read-only posture checks and compliance audits |
Impact & Value
| Tool | Description |
|---|---|
record_value_metric |
Track time saved, risks blocked, autonomy levels |
record_governance_event |
Log gates, drift prevention, violations blocked |
generate_impact_report |
Economic + governance ROI reporting |
system_status |
Engine health, uptime, configuration |
Architecture
GIA enforces governance through three layers:
- Decision Controls — MAI classification gates side effects and high-impact actions
- Step Hooks — Workflow progression control at each pipeline stage
- Kernel Hooks — Resource control at the LLM boundary, including sub-agents
Every governance action is recorded in a SHA-256 hash-chained audit ledger that can be independently verified.
Compliance Coverage
- NIST AI RMF — Risk management framework mapping
- EU AI Act — Risk tier assessment and control mapping
- ISO 42001 — AI management system alignment
- NIST 800-53 — Federal security control mapping
- CMMC 2.0 — DoD cybersecurity maturity
- FedRAMP — Federal cloud authorization
- SOC 2 — Service organization controls
About
Built by Advanced Consulting Experts (ACE) — a Service-Disabled Veteran-Owned Small Business (SDVOSB).
GIA was designed by William J. Storey III, a 17-year Information System Security Officer with experience across DoD contracts and U.S. Army Ranger Battalion
Tools (13)
classify_decisionClassify agent decisions as Mandatory, Advisory, or Informationalapprove_gateHuman-in-the-loop approval for Mandatory gatesevaluate_thresholdCompute escalation healthscore_governanceWeighted governance scoring for integrity, accuracy, and complianceaudit_pipelineQuery the hash-chained forensic audit ledgerverify_ledgerVerify SHA-256 chain integrity from genesismap_complianceMap controls to NIST AI RMF, EU AI Act, ISO 42001, and NIST 800-53assess_risk_tierEU AI Act risk tier classificationgenerate_reportGovernance status reportsseal_memory_packCreate immutable, TTL-bound knowledge artifactsload_memory_packLoad packs with trust level and role enforcementmonitor_agentsAgent health, repair history, and failure countsgia_apply_packExecute remediation with mandatory human approvalEnvironment Variables
GIA_API_KEYrequiredAPI key for the hosted GIA governance engineConfiguration
claude_desktop_config.json
{"mcpServers": {"gia-governance": {"command": "npx", "args": ["-y", "gia-mcp-server"], "env": {"GIA_API_KEY": "your-key"}}}}Try it
→Classify my current agent task as Mandatory or Advisory and check if it requires a human-in-the-loop approval gate.
→Generate a compliance report mapping my current project activities to NIST AI RMF and SOC 2 requirements.
→Verify the integrity of the forensic audit ledger to ensure no unauthorized changes have occurred.
→Run a dry-run of the remediation pack to check for potential risks before applying changes to the environment.
→Create a sealed memory pack for this project's configuration to ensure immutable knowledge storage.