The GIA (Governance Intelligence Architecture) MCP Server provides enterprise-grade AI governance for Claude agents. It requires a valid GIA_API_KEY connected to https://gia.aceadvising.com/mcp to enable its full toolset.
Governance Core
Classify AI decisions using the MAI Framework (Mandatory, Advisory, Informational)
Compute governance scores and evaluate health via the Storey Threshold metric
Assess AI risk tiers and map to compliance frameworks (NIST AI RMF, EU AI Act, ISO 42001, NIST 800-53)
Approve or reject human-in-the-loop gate decisions
Audit & Monitoring
Query and verify hash-chained, tamper-evident forensic audit ledgers
Generate governance status reports and monitor AI agent health/configuration
Governed Memory Packs
Create, load, transfer, compose, distill, and promote hash-sealed memory packs with trust levels, TTL, and role-based access control
Site Reliability
Submit watchdog health checks, diagnose incidents, approve/reject repair plans, and generate postmortem reports
Infrastructure Operations
Scan environments, list/preview/execute remediation and hardening packs, and run read-only patrol/audit checks
Value & Impact
Record workflow value metrics and governance events; generate ROI and governance impact reports
⚠️ The server is currently disconnected. Only the
gia_system_statustool is available until a validGIA_API_KEYis configured.
GIA Governance Intelligence Automation
Enterprise AI governance through the Model Context Protocol.
GIA is a production governance engine that gives AI agents enforceable decision controls, compliance scoring, immutable audit chains, and human-in-the-loop gates. Built for organizations operating under NIST, FedRAMP, CMMC, EU AI Act, and SOC 2 requirements.
29 MCP tools. One integration point. Works with Claude Desktop, Claude Code, OpenAI Agent Builder, and any MCP-compatible client.
Quick Start
npx gia-mcp-serverOr install globally:
npm install -g gia-mcp-server
gia-mcp-serverThe server connects to the hosted GIA engine at https://gia.aceadvising.com. Configure your API key:
GIA_API_KEY=your-key npx gia-mcp-serverClaude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"gia-governance": {
"command": "npx",
"args": ["-y", "gia-mcp-server"],
"env": {
"GIA_API_KEY": "your-key"
}
}
}
}Claude Code
claude mcp add gia-governance -- npx -y gia-mcp-serverOpenAI Agent Builder
Point to the Streamable HTTP endpoint:
https://gia.aceadvising.com/mcpSmithery
npx -y @smithery/cli install @knowledgepa3/gia-mcp-server --client claudeTools
Decision Controls (MAI Framework)
Tool | Description |
| Classify agent decisions as Mandatory, Advisory, or Informational |
| Human-in-the-loop approval for Mandatory gates |
| Compute escalation health (Storey Threshold) |
| Weighted governance scoring (Integrity, Accuracy, Compliance) |
Compliance & Audit
Tool | Description |
| Query the hash-chained forensic audit ledger |
| Verify SHA-256 chain integrity from genesis |
| Map controls to NIST AI RMF, EU AI Act, ISO 42001, NIST 800-53 |
| EU AI Act risk tier classification |
| Governance status reports (summary, detailed, executive) |
Knowledge Packs
Tool | Description |
| Create immutable, TTL-bound knowledge artifacts |
| Load packs with trust level and role enforcement |
| Governed knowledge transfer between agents |
| Merge packs with risk contamination rules |
| Extract governance patterns from usage history |
| Promote packs to higher trust levels after review |
Security & Operations
Tool | Description |
| Agent health, repair history, failure counts |
| Infrastructure health probes (API, disk, memory, TLS, DB, DNS) |
| Incident diagnosis with playbook matching |
| Human-approved repair execution |
| Structured incident postmortems with TTD/TTR metrics |
Infrastructure Remediation
Tool | Description |
| Scout swarm for environment detection |
| List remediation, patrol, hardening, and audit packs |
| Preview pack execution with blast radius analysis |
| Execute remediation with mandatory human approval |
| Read-only posture checks and compliance audits |
Impact & Value
Tool | Description |
| Track time saved, risks blocked, autonomy levels |
| Log gates, drift prevention, violations blocked |
| Economic + governance ROI reporting |
| Engine health, uptime, configuration |
Architecture
GIA enforces governance through three layers:
Decision Controls — MAI classification gates side effects and high-impact actions
Step Hooks — Workflow progression control at each pipeline stage
Kernel Hooks — Resource control at the LLM boundary, including sub-agents
Every governance action is recorded in a SHA-256 hash-chained audit ledger that can be independently verified.
Compliance Coverage
NIST AI RMF — Risk management framework mapping
EU AI Act — Risk tier assessment and control mapping
ISO 42001 — AI management system alignment
NIST 800-53 — Federal security control mapping
CMMC 2.0 — DoD cybersecurity maturity
FedRAMP — Federal cloud authorization
SOC 2 — Service organization controls
About
Built by Advanced Consulting Experts (ACE) — a Service-Disabled Veteran-Owned Small Business (SDVOSB).
GIA was designed by William J. Storey III, a 17-year Information System Security Officer with experience across DoD contracts and U.S. Army Ranger Battalion operations. The same discipline applied to securing classified systems now governs AI agent workforces.
License
MIT