Meridian
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Meridianscan my repo for EU AI Act violations"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Meridian
Local-first AI compliance scanner via Model Context Protocol.
Scan your codebase for violations of DPDPA 2023, RBI FREE-AI, SEBI AI/ML, and the EU AI Act — directly inside Cursor, Claude Desktop, Windsurf, or Antigravity.
What it does
Meridian exposes six MCP tools that any AI coding assistant can call:
Tool | Description |
| Scan a local repo for compliance violations — returns a Markdown report with line numbers, regulatory citations, and fixes |
| Check a privacy policy, DPA, or model card for compliance gaps |
| Get a plain-English explanation of any regulatory clause with exact penalties |
| List all supported LLM providers and configuration instructions |
| Show or clear the local SQLite scan cache |
| Verify server config, detected API keys, and licence status |
How scanning works
Your code → AST slicer → Stage 1 (Evaluator LLM) → candidate violations
→ Stage 2 (Critic LLM) → confirmed violations
→ SHA-256 SQLite cache → zero cost on re-scanStage 1 finds candidate violations across all file × framework pairs concurrently
Stage 2 runs a second LLM to disprove HIGH/CRITICAL findings, eliminating false positives
Cache skips re-evaluation of unchanged files — only new or modified code is sent to the API
Supported frameworks
Framework | Tier | Key penalties |
| Free | ₹250 Cr security failure · ₹200 Cr breach notification · ₹200 Cr children's data |
| Pro | 7 Sutras — fairness, explainability, security, accountability |
| Pro | €30M / 6% global turnover for high-risk system failures |
| Pro | SEBI §5.1–§5.5 pillars |
Related MCP server: inkog
Supported LLM providers
Meridian uses litellm — you bring your own API key, Meridian never touches your credentials.
Provider | Key env var | Example models |
Anthropic |
|
|
OpenAI |
|
|
Gemini |
|
|
Groq |
|
|
OpenRouter |
|
|
AWS Bedrock |
|
|
Ollama (local) | (none) |
|
You can mix providers — e.g. Anthropic for Stage 1 and Groq for Stage 2 (cheapest critic):
MERIDIAN_EVALUATOR_MODEL=claude-opus-4-8
MERIDIAN_CRITIC_MODEL=groq/llama-3.1-8b-instantInstallation & Setup
Meridian can be run as a local CLI compliance scanner, or connected directly to an MCP-capable client like Cursor, Claude Desktop, Windsurf, or Antigravity.
Option A: The quick way (no install, using uvx)
If you have uv installed, you don't even need to pre-install Meridian! You can run it instantly or register it as an MCP server using uvx:
"meridian-compliance": {
"command": "uvx",
"args": ["meridian-mcp"],
"env": {
"GROQ_API_KEY": "gsk_...",
"MERIDIAN_EVALUATOR_MODEL": "groq/llama3-8b-8192",
"MERIDIAN_CRITIC_MODEL": "groq/llama3-8b-8192"
}
}Option B: Installing via pip (PyPI)
Install the packages and binaries globally or to your active python environment:
pip install meridian-mcpThis installs two executables on your system path:
meridian-mcp: The MCP Server command.meridian-ci: The CI/CD CLI command-line scanner.
MCP Server Setup
Connect Meridian to your AI editor so your assistant can scan your repository and answer compliance questions.
1. Cursor (~/.cursor/mcp.json or GUI settings)
Add a new MCP server in Cursor Settings -> Features -> MCP:
Name:
meridian-complianceType:
commandCommand:
meridian-mcp(use the absolute path to your Python env'smeridian-mcpexecutable if it's not globally on your PATH)Environment Variables:
GROQ_API_KEY:your-key-here(orANTHROPIC_API_KEY,OPENAI_API_KEY, etc.)
Or paste the following configuration directly into your mcp.json file:
{
"mcpServers": {
"meridian-compliance": {
"command": "meridian-mcp",
"env": {
"GROQ_API_KEY": "YOUR_GROQ_API_KEY"
}
}
}
}2. Claude Desktop (%APPDATA%\Claude\claude_desktop_config.json)
Add the following to your configuration:
{
"mcpServers": {
"meridian-compliance": {
"command": "meridian-mcp",
"env": {
"GROQ_API_KEY": "YOUR_GROQ_API_KEY"
}
}
}
}3. Antigravity (~/.antigravity/mcp.json or GUI settings)
Add a new MCP server in Antigravity Settings -> Features -> MCP:
Name:
meridian-complianceType:
commandCommand:
meridian-mcp(use the absolute path to your Python env'smeridian-mcpexecutable if it's not globally on your PATH)Environment Variables:
GROQ_API_KEY:your-key-here(orANTHROPIC_API_KEY,OPENAI_API_KEY, etc.)
Or paste the following configuration directly into your mcp.json file:
{
"mcpServers": {
"meridian-compliance": {
"command": "meridian-mcp",
"env": {
"GROQ_API_KEY": "YOUR_GROQ_API_KEY"
}
}
}
}Meridian Architecture
Below is a diagram illustrating the architecture of Meridian and its integration with various AI coding assistants:
flowchart TD
subgraph Clients["AI Coding Assistants (MCP Clients)"]
direction LR
A1[Meridian CI/CD]
A2[Cursor]
A3[Windsurf]
A4[Claude Desktop]
A5[Antigravity]
end
subgraph Server["Meridian (MCP Server)"]
B1[FastMCP Server]
B2[Async Orchestrator]
B3[AST Parser]
B4[Security Redactor]
subgraph Scanning["Scanning Logic"]
C1[Stage 1: Evaluator LLM]
C2[Stage 2: Critic LLM]
end
B5[(SQLite Cache)]
B6[Licensing Gate]
end
subgraph External["External Services"]
direction LR
D1[Anthropic/OpenAI/Groq/Gemini]
D2[Regulatory Databases]
end
A1 -- Local CLI --> B2
A2 -- MCP Protocol --> B1
A3 -- MCP Protocol --> B1
A4 -- MCP Protocol --> B1
A5 -- MCP Protocol --> B1
B1 --> B2
B2 --> B3
B2 <--> B5
B3 --> B4
B4 --> C1
C1 --> C2
C1 -- LiteLLM --> D1
C2 -- LiteLLM --> D1
C2 --> B6
B6 -. Pro License .-> D2Local CLI Usage (meridian-ci)
Once installed via pip, you can scan any local project directory for compliance rules:
# 1. Set your LLM API Key (using Groq, Anthropic, or OpenAI)
export GROQ_API_KEY="gsk_..."
# 2. Run the scanner
meridian-ci --dir . --frameworks dpdpaCI/CD Pipeline Gate
Block PR merges on critical compliance violations by integrating meridian-ci as a step in your pipeline:
# .github/workflows/compliance.yml
- name: Run Meridian compliance gate
run: meridian-ci --dir . --frameworks dpdpa --fail-on critical
env:
GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}Options:
--dir: Directory to scan (defaults to.)--frameworks: Frameworks to scan (dpdpa,rbi,eu,sebi)--fail-on: Block PRs/builds on violations at or above this severity (low,medium,high,critical)--output: Output format (text,markdown,json)--max-files: Maximum number of files to process
Environment Variables
Configure these optional variables to adjust model defaults:
Variable | Default | Description |
|
| Stage 1 model — finds candidate violations |
|
| Stage 2 model — filters out false positives |
|
| Max concurrent LLM requests |
| (none) | Pro license key — unlocks RBI, EU, and SEBI rulesets |
Quick start (inside your AI assistant)
Once the MCP server is connected:
check_health() # verify setup and detected keys
show_models() # see all providers and config options
scan_repository(path=".", frameworks="dpdpa") # scan current repo
evaluate_policy(policy_text="...") # check a privacy policy
explain_violation(statutory_clause="DPDPA §6(1)") # plain-English explanation
cache_status() # view cache stats
cache_status(clear=True) # wipe cacheProject structure
src/meridian/
├── server.py # MCP server — 6 tools exposed via FastMCP
├── scanner.py # Async orchestrator — file × framework concurrency
├── evaluator.py # Dual-stage litellm evaluator with cache and retry
├── config.py # Multi-provider LLM config (load_config, validate_config)
├── ast_parser.py # Language-aware code slicer (Python, JS/TS, SQL, YAML)
├── prompts.py # Regulatory prompts for all four frameworks
├── models.py # Pydantic models — Violation, FileScanResult, ScanReport
├── cache.py # SQLite SHA-256 scan cache (~/.meridian/cache.db)
├── security.py # Secret redactor — strips API keys/JWTs before LLM calls
├── licensing.py # Licence gate — free (DPDPA) vs Pro (RBI, EU, SEBI)
└── cli.py # meridian-ci — CI/CD gate binaryContributing & Running Tests
If you want to contribute to Meridian or run the test suite locally:
# 1. Clone the repository
git clone https://github.com/KNambiarDJsc/Meridian.git
cd Meridian
# 2. Create and activate a virtual environment
python -m venv .venv
.venv\Scripts\activate # Windows
source .venv/bin/activate # macOS / Linux
# 3. Install in editable mode with development dependencies
pip install -e ".[dev]"
# 4. Run the test suite
pytest tests/ -vAll 47 tests covering AST parsing, cache, prompts, and CLI logic pass locally without making any external API calls.
Privacy
Zero telemetry. Meridian sends no usage data anywhere.
Keys never leave your machine. API keys are read from your environment and passed directly to the provider SDK — Meridian has no server, no proxy, no logging of credentials.
Code stays local until you call a tool. The secret redactor (
security.py) strips API keys, JWTs, and high-entropy strings from code slices before they are sent to any LLM.Cache is local. Scan results are stored in
~/.meridian/cache.dbon your machine only.
Pricing / licence
Tier | Frameworks | How to get |
Free (Apache 2.0) | DPDPA 2023 | Use immediately, no key needed |
Pro | DPDPA + RBI FREE-AI + EU AI Act + SEBI AI/ML | Set |
License
Apache 2.0 — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/KNambiarDJsc/Meridian'
If you have feedback or need assistance with the MCP directory API, please join our Discord server