aicard
Allows CrewAI agents to use aicard as a tool for AI governance compliance.
Enables uploading SARIF findings to GitHub code-scanning for CI integration.
Supports forwarding findings to Jira via webhook for issue tracking.
Allows LangChain agents to use aicard as a tool for AI governance compliance.
Provides OpenAI-compatible JSON output for integration with any LLM or agent framework.
Supports forwarding findings to Slack via webhook for notifications.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@aicardgenerate a model card for this project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
AICARD
Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards
AI Security & Governance โ securing LLMs, agents, and the MCP supply chain.
pip install cognis-aicard
aicard scan . # โ prioritized findings in seconds๐ Example output
Real, reproducible output from the tool โ runs offline:
$ aicard-emit --version
aicard 0.3.8$ aicard-emit --help
usage: aicard [-h] [--version] {check,card} ...
Auto-generate and lint NIST AI RMF / EU AI Act Annex IV model & system cards
from a JSON descriptor.
positional arguments:
{check,card}
check evaluate a descriptor and report findings
card render a Markdown model card from a descriptor
options:
-h, --help show this help message and exit
--version show program's version number and exit
Example: aicard check demos/01-basic/system.json --format jsonBlocks above are real
aicardoutput โ reproduce them from a clone.
Sample result format (illustrative values โ run on your own data for real findings):
{"timestamp":1643723400,"data":{"indicator":"IP:192.168.1.100","description":"Suspicious network activity","severity":"high"},"findings":[{"id":123,"title":"Network Scan","description":"Network scan detected on 192.168.1.100","category":"network"},{"id":124,"title":"File Transfer","description":"File transfer detected from 192.168.1.100","category":"file_transfer"}]}Related MCP server: asqav-mcp
Usage โ step by step
aicard auto-generates and lints NIST AI RMF / EU AI Act Annex IV model & system cards from a JSON descriptor.
Install (Python 3.10+):
pip install -e . # or: pipx install aicardCheck a descriptor against the disclosure requirements (human-readable table):
aicard check demos/01-basic/system.jsonRender a Markdown model/system card from the same descriptor:
aicard card system.json > MODEL_CARD.mdRead the output in the format your workflow speaks โ
table(default),json,sarif(SARIF 2.1.0 for code-scanning), orcsv(GRC dashboards):aicard check system.json --format json | jq '.findings' aicard check system.json --format sarif > aicard.sarif # upload to GitHub code-scanning aicard check system.json --format csv > findings.csv # drop into a model-risk tracker aicard card system.json --format json | jq -r '.card_markdown'Gate CI on compliance โ
check/cardexit1when any blocking finding is present,0when compliant,2on input error:- run: pip install -e . && aicard check system.json # non-zero fails the job
Worked demos
demos/ ships realistic descriptors in the real JSON input format, each with a
SCENARIO.md (provenance, expected output, exact run command, how to act):
Demo | Domain | Outcome |
| Consumer credit scoring | non-compliant (missing monitoring) |
| Real-time payment fraud | compliant (reference shape) |
| Automated essay scoring (Annex III) | blocker: missing test data |
| Clinical triage routing | compliant |
| ADAS Level-2 perception | blocker: empty limitations |
| Auto-insurance premium model | warn + blocker (two findings) |
| Social-feed recommender (DSA) | compliant with one warning |
| RAG support copilot | compliant |
aicard check demos/14-insurance-pricing/auto_pricing.json --format csvContents
Why aicard? ยท Features ยท Quick start ยท Example ยท Architecture ยท AI stack ยท How it compares ยท Integrations ยท Install anywhere ยท Related ยท Contributing
Why aicard?
Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards โ without standing up heavyweight infrastructure.
aicard is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table ยท JSON ยท SARIF), gate CI on it, and let agents drive it over MCP.
Features
โ Load Descriptor
โ Evaluate against 18 NIST AI RMF / EU AI Act Annex IV disclosure requirements
โ Render Card (Markdown model/system card)
โ Render Report Table
โ Export findings as JSON ยท SARIF 2.1.0 ยท CSV
โ Report To Dict
โ 8 worked demos in
demos/(credit, fraud, medical, EdTech, ADAS, insurance, recsys, GenAI)โ Runs on Linux/macOS/Windows ยท Docker ยท devcontainer
โ Ports in Python, JavaScript, Go, and Rust (
ports/)
Quick start
pip install cognis-aicard
aicard --version
aicard scan . # scan current project
aicard scan . --format json # machine-readable
aicard scan . --fail-on high # CI gate (non-zero exit)Example
$ aicard scan .
[HIGH ] AIC-001 example finding (./src/app.py)
[MEDIUM ] AIC-002 another signal (./config.yaml)
2 findings ยท risk score 5 ยท 38msArchitecture
flowchart LR
IN[input] --> P[aicard<br/>analyze + score]
P --> OUT[report]Use it from any AI stack
aicard is interoperable with every popular way of using AI:
MCP server โ
aicard mcp(Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet)OpenAI-compatible / JSON โ pipe
aicard scan . --format jsoninto any agent or LLMLangChain ยท CrewAI ยท AutoGen ยท LlamaIndex โ wrap the CLI/JSON as a tool in one line
CI / scripts โ exit codes + SARIF for non-AI pipelines
How it compares
Cognis aicard | typical tools | |
Self-hostable, no account | โ | varies |
Single command, zero config | โ | โ ๏ธ |
JSON + SARIF for CI | โ | varies |
MCP-native (AI agents) | โ | โ |
Polyglot ports (JS/Go/Rust) | โ | โ |
Open license | โ COCL | varies |
Integrations
Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (aicard mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.
Install โ every way, every platform
pip install "git+https://github.com/cognis-digital/aicard.git" # pip (works today)
pipx install "git+https://github.com/cognis-digital/aicard.git" # isolated CLI
uv tool install "git+https://github.com/cognis-digital/aicard.git" # uv
pip install cognis-aicard # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/aicard:latest --help # Docker
brew install cognis-digital/tap/aicard # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/aicard/main/install.sh | shLinux | macOS | Windows | Docker | Cloud |
|
|
|
| DEPLOY.md (AWS/Azure/GCP/k8s) |
Related Cognis tools
aegisโ AI Agent Permission & Access Auditor โ surfaces the lethal trifecta of credentials + injection + reachpromptmirrorโ Prompt-injection & indirect-injection scanner for any LLM context inputledgermindโ Local LLM cost & token forensics proxy with anomaly detectionadversaโ LLM red-team harness โ OWASP LLM Top 10 + MITRE ATLAS attack packsguardpostโ Runtime agent firewall โ PII redaction, rate limits, policy enforcementhallumarkโ LLM hallucination & grounding auditor for RAG systems
Explore the suite โ ๐๏ธ all 170+ tools ยท โญ awesome-cognis ยท ๐ cognis-sources ยท ๐ค uncensored-fleet ยท ๐ง engram
Contributing
PRs, new rules, and demo scenarios are welcome under the collaboration-pull model โ see CONTRIBUTING.md and SECURITY.md.
โญ If
aicardsaved you time, star it โ it genuinely helps others find it.
Interoperability
{} composes with the 300+ tool Cognis suite โ JSON in/out and a shared
OpenAI-compatible /v1 backbone. See INTEROP.md for the
suite map, composition patterns, and reference stacks.
License
Source-available under the Cognis Open Collaboration License (COCL) v1.0 โ free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/cognis-digital/aicard'
If you have feedback or need assistance with the MCP directory API, please join our Discord server