haver-governance-mcp
OfficialClick on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@haver-governance-mcpCheck permission for intake assistant to read labs"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Haver Governance MCP
Identity, permission, audit, and recall for healthcare AI agents, delivered over the Model Context Protocol (MCP).
As organizations deploy more AI agents into clinical and operational workflows, the missing layer is governance: knowing which agent is acting, whether it is allowed to, having a tamper-evident record of what it did, and being able to revoke it. Haver Governance MCP gives any MCP-compatible client (such as Claude) a small set of tools to enforce and record that governance at runtime.
This is an open-source reference implementation from Haver AI, the governance layer for healthcare AI.
What it does
Tool | Pillar | What it does |
| Identity | Registers an agent with a stable id, owner, role, and permission scopes. |
| Permission | Decides whether an agent may take an action on a resource. Denies unknown or recalled agents. Logs the decision. |
| Audit | Appends a tamper-evident, hash-chained record of an agent action. |
| Audit | Returns recent audit entries, filterable by agent or resource. |
| Audit | Recomputes the hash chain and reports whether the log was tampered with. |
| Recall | Revokes an agent so every future permission check denies it. |
| Safety | Heuristically flags and redacts common PHI (SSN, MRN, email, phone, dates). |
Scopes use a simple action:resource form, for example read:labs or write:notes, and support * wildcards (read:*, *:*).
Related MCP server: PiQrypt MCP Server
Install
Run it directly with npx (no global install needed):
npx -y haver-governance-mcpUse it in Claude Desktop
Add this to your claude_desktop_config.json:
{
"mcpServers": {
"haver-governance": {
"command": "npx",
"args": ["-y", "haver-governance-mcp"]
}
}
}Restart Claude, and the seven governance tools appear.
Example flow
register_agentan intake assistant withscopes: ["read:labs"].check_permissionforreadonlabsreturnsallow;writeonnotesreturnsdeny.record_actionlogs each real action it takes, flaggingcontains_phiwhen relevant.If the agent misbehaves,
recall_agentrevokes it; future checks deny.verify_audit_integrityproves the log has not been altered.
Data and privacy
All state is stored locally as plain files: agent records in agents.json and the audit log in audit.log, under ~/.haver-governance by default (override with the HAVER_GOV_DIR environment variable). Nothing is transmitted anywhere. The audit log is append-only and hash-chained for tamper evidence. See PRIVACY.md.
The scan_phi tool is a heuristic guardrail to catch obvious leaks. It is not a certified de-identification tool and should not be relied on as one.
Development
npm install
npm run build
node dist/index.js # runs on stdioRequires Node.js 18 or later. Built with the official @modelcontextprotocol/sdk and Zod.
Publishing
This package is published to npm and listed in the official MCP Registry. See PUBLISHING.md for the exact steps.
About Haver AI
Haver AI is the governance layer for healthcare AI: identity, permission, audit, and recall for every agent your organization deploys. Learn more at haver.ai.
License
MIT. See LICENSE.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/haverAI/haver-governance-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server