Skip to main content
Glama

AICARD

Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards

PyPI CI License: COCL 1.0 Suite

AI Security & Governance โ€” securing LLMs, agents, and the MCP supply chain.

pip install cognis-aicard
aicard scan .            # โ†’ prioritized findings in seconds

๐Ÿ”Ž Example output

Real, reproducible output from the tool โ€” runs offline:

$ aicard-emit --version
aicard 0.3.8
$ aicard-emit --help
usage: aicard [-h] [--version] {check,card} ...

Auto-generate and lint NIST AI RMF / EU AI Act Annex IV model & system cards
from a JSON descriptor.

positional arguments:
  {check,card}
    check       evaluate a descriptor and report findings
    card        render a Markdown model card from a descriptor

options:
  -h, --help    show this help message and exit
  --version     show program's version number and exit

Example: aicard check demos/01-basic/system.json --format json

Blocks above are real aicard output โ€” reproduce them from a clone.

Sample result format (illustrative values โ€” run on your own data for real findings):

{"timestamp":1643723400,"data":{"indicator":"IP:192.168.1.100","description":"Suspicious network activity","severity":"high"},"findings":[{"id":123,"title":"Network Scan","description":"Network scan detected on 192.168.1.100","category":"network"},{"id":124,"title":"File Transfer","description":"File transfer detected from 192.168.1.100","category":"file_transfer"}]}

Related MCP server: asqav-mcp

Usage โ€” step by step

aicard auto-generates and lints NIST AI RMF / EU AI Act Annex IV model & system cards from a JSON descriptor.

  1. Install (Python 3.10+):

    pip install -e .            # or: pipx install aicard
  2. Check a descriptor against the disclosure requirements (human-readable table):

    aicard check demos/01-basic/system.json
  3. Render a Markdown model/system card from the same descriptor:

    aicard card system.json > MODEL_CARD.md
  4. Read the output in the format your workflow speaks โ€” table (default), json, sarif (SARIF 2.1.0 for code-scanning), or csv (GRC dashboards):

    aicard check system.json --format json  | jq '.findings'
    aicard check system.json --format sarif > aicard.sarif   # upload to GitHub code-scanning
    aicard check system.json --format csv   > findings.csv   # drop into a model-risk tracker
    aicard card  system.json --format json  | jq -r '.card_markdown'
  5. Gate CI on compliance โ€” check/card exit 1 when any blocking finding is present, 0 when compliant, 2 on input error:

    - run: pip install -e . && aicard check system.json   # non-zero fails the job

Worked demos

demos/ ships realistic descriptors in the real JSON input format, each with a SCENARIO.md (provenance, expected output, exact run command, how to act):

Demo

Domain

Outcome

01-basic/loan_triage.json

Consumer credit scoring

non-compliant (missing monitoring)

10-fraud-detection/transaction_fraud.json

Real-time payment fraud

compliant (reference shape)

11-edtech-grading-highrisk/essay_grader.json

Automated essay scoring (Annex III)

blocker: missing test data

12-medical-triage-compliant/symptom_triage.json

Clinical triage routing

compliant

13-autonomous-perception/lane_perception.json

ADAS Level-2 perception

blocker: empty limitations

14-insurance-pricing/auto_pricing.json

Auto-insurance premium model

warn + blocker (two findings)

15-recsys-transparency/feed_ranker.json

Social-feed recommender (DSA)

compliant with one warning

16-genai-support-copilot/support_copilot.json

RAG support copilot

compliant

aicard check demos/14-insurance-pricing/auto_pricing.json --format csv

Contents

Why aicard?

Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards โ€” without standing up heavyweight infrastructure.

aicard is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table ยท JSON ยท SARIF), gate CI on it, and let agents drive it over MCP.

Features

  • โœ… Load Descriptor

  • โœ… Evaluate against 18 NIST AI RMF / EU AI Act Annex IV disclosure requirements

  • โœ… Render Card (Markdown model/system card)

  • โœ… Render Report Table

  • โœ… Export findings as JSON ยท SARIF 2.1.0 ยท CSV

  • โœ… Report To Dict

  • โœ… 8 worked demos in demos/ (credit, fraud, medical, EdTech, ADAS, insurance, recsys, GenAI)

  • โœ… Runs on Linux/macOS/Windows ยท Docker ยท devcontainer

  • โœ… Ports in Python, JavaScript, Go, and Rust (ports/)

Quick start

pip install cognis-aicard
aicard --version
aicard scan .                       # scan current project
aicard scan . --format json         # machine-readable
aicard scan . --fail-on high        # CI gate (non-zero exit)

Example

$ aicard scan .
  [HIGH    ] AIC-001  example finding             (./src/app.py)
  [MEDIUM  ] AIC-002  another signal              (./config.yaml)

  2 findings ยท risk score 5 ยท 38ms

Architecture

flowchart LR
  IN[input] --> P[aicard<br/>analyze + score]
  P --> OUT[report]

Use it from any AI stack

aicard is interoperable with every popular way of using AI:

  • MCP server โ€” aicard mcp (Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet)

  • OpenAI-compatible / JSON โ€” pipe aicard scan . --format json into any agent or LLM

  • LangChain ยท CrewAI ยท AutoGen ยท LlamaIndex โ€” wrap the CLI/JSON as a tool in one line

  • CI / scripts โ€” exit codes + SARIF for non-AI pipelines

How it compares

Cognis aicard

typical tools

Self-hostable, no account

โœ…

varies

Single command, zero config

โœ…

โš ๏ธ

JSON + SARIF for CI

โœ…

varies

MCP-native (AI agents)

โœ…

โŒ

Polyglot ports (JS/Go/Rust)

โœ…

โŒ

Open license

โœ… COCL

varies

Integrations

Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (aicard mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.

Install โ€” every way, every platform

pip install "git+https://github.com/cognis-digital/aicard.git"    # pip (works today)
pipx install "git+https://github.com/cognis-digital/aicard.git"   # isolated CLI
uv tool install "git+https://github.com/cognis-digital/aicard.git" # uv
pip install cognis-aicard                                          # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/aicard:latest --help        # Docker
brew install cognis-digital/tap/aicard                             # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/aicard/main/install.sh | sh

Linux

macOS

Windows

Docker

Cloud

scripts/setup-linux.sh

scripts/setup-macos.sh

scripts/setup-windows.ps1

docker run ghcr.io/cognis-digital/aicard

DEPLOY.md (AWS/Azure/GCP/k8s)

  • aegis โ€” AI Agent Permission & Access Auditor โ€” surfaces the lethal trifecta of credentials + injection + reach

  • promptmirror โ€” Prompt-injection & indirect-injection scanner for any LLM context input

  • ledgermind โ€” Local LLM cost & token forensics proxy with anomaly detection

  • adversa โ€” LLM red-team harness โ€” OWASP LLM Top 10 + MITRE ATLAS attack packs

  • guardpost โ€” Runtime agent firewall โ€” PII redaction, rate limits, policy enforcement

  • hallumark โ€” LLM hallucination & grounding auditor for RAG systems

Explore the suite โ†’ ๐Ÿ—‚๏ธ all 170+ tools ยท โญ awesome-cognis ยท ๐Ÿ”— cognis-sources ยท ๐Ÿค– uncensored-fleet ยท ๐Ÿง  engram

Contributing

PRs, new rules, and demo scenarios are welcome under the collaboration-pull model โ€” see CONTRIBUTING.md and SECURITY.md.

โญ If aicard saved you time, star it โ€” it genuinely helps others find it.

Interoperability

{} composes with the 300+ tool Cognis suite โ€” JSON in/out and a shared OpenAI-compatible /v1 backbone. See INTEROP.md for the suite map, composition patterns, and reference stacks.

License

Source-available under the Cognis Open Collaboration License (COCL) v1.0 โ€” free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.


F
license - not found
-
quality - not tested
B
maintenance

Maintenance

โ€“Maintainers
โ€“Response time
โ€“Release cycle
โ€“Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cognis-digital/aicard'

If you have feedback or need assistance with the MCP directory API, please join our Discord server