FINOS AI Governance MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@FINOS AI Governance MCP Serversearch for bias risks in AI governance frameworks"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
FINOS AI Governance MCP Server
AI governance framework document access through the Model Context Protocol.
This project provides direct access to AI governance framework documents from FINOS repositories through MCP, making them available in Claude, VS Code, Cursor, and other supported tools.
Quick Start
# Clone the repository
git clone https://github.com/finos/aigf-mcp-server.git
cd aigf-mcp-server
# Create and activate a virtual environment
python -m venv venv
# On Windows:
venv\Scripts\activate
# On macOS/Linux:
source venv/bin/activate
# Install dependencies
pip install -e .
# Required security setting (generate your own value; choose one)
export FINOS_MCP_CACHE_SECRET=$(python -c "import secrets; print(secrets.token_hex(32))")
# OR
export FINOS_MCP_CACHE_SECRET=$(openssl rand -hex 32)
# Test
finos-mcp --help
mcp list toolsNote: Using a virtual environment isolates project dependencies from your system Python, preventing conflicts and keeping your environment clean. This is the recommended approach for Python development.
→ Full Setup Guide - Connect to Claude, VS Code, Cursor, etc.
Related MCP server: MCP Enhanced Data Retrieval System
Docker Deployment (Local + Cloud)
This repository now includes:
Dockerfilefor a production-style container imagedocker-compose.ymlfor local deployment
Run locally with Docker Compose
# 1) Create Docker env file
cp .env.docker.example .env.docker
# 2) Put a real 32+ char value in .env.docker
# FINOS_MCP_CACHE_SECRET=...
# 3) Start
docker compose up --build -d
# 4) Follow logs
docker compose logs -f finos-mcp-serverServer endpoint:
http://localhost:8000/mcp
Build and run image directly
docker build -t finos-mcp-server:latest .
docker run --rm -p 8000:8000 \
-e FINOS_MCP_CACHE_SECRET="$(openssl rand -hex 32)" \
-e FINOS_MCP_MCP_TRANSPORT=http \
-e FINOS_MCP_MCP_HOST=0.0.0.0 \
-e FINOS_MCP_MCP_PORT=8000 \
finos-mcp-server:latestUse in AWS/GCP/Azure/Kubernetes
Use the same container image and pass environment variables at deploy time:
FINOS_MCP_CACHE_SECRET(required, minimum 32 chars)FINOS_MCP_MCP_TRANSPORT=httpFINOS_MCP_MCP_HOST=0.0.0.0FINOS_MCP_MCP_PORT(for example8000)FINOS_MCP_GITHUB_TOKEN(recommended)If
FINOS_MCP_MCP_AUTH_ENABLED=true, thenFINOS_MCP_MCP_AUTH_ISSUER,FINOS_MCP_MCP_AUTH_AUDIENCE, and one ofFINOS_MCP_MCP_AUTH_JWKS_URIorFINOS_MCP_MCP_AUTH_PUBLIC_KEYare also required.
Cloud mapping examples:
AWS ECS/Fargate: task definition env vars + secret manager for
FINOS_MCP_CACHE_SECRETGCP Cloud Run: container env vars + Secret Manager mount/reference
Kubernetes:
Deploymentenv vars +Secretfor sensitive values
Available MCP Tools
Framework Access Tools (5)
Tool Name | Description | Use Case |
| List all available AI governance frameworks | Get overview of the runtime-discovered framework catalog |
| Get complete content of a specific framework | Retrieve complete framework document content |
| Search for text within framework documents | Find specific content within framework documents |
| List all available risk documents | Get overview of AI governance risks |
| Get complete content of specific risk documents | Retrieve detailed risk documentation |
Risk & Mitigation Tools (4)
Tool Name | Description | Use Case |
| Search within risk documentation | Find specific risks by keyword |
| List all available mitigation documents | Get overview of available mitigations |
| Get complete content of specific mitigation documents | Retrieve detailed mitigation strategies |
| Search within mitigation documentation | Find specific mitigations by keyword |
System Monitoring Tools (2)
Tool Name | Description | Use Case |
| Get basic service health status | Monitor system availability and status |
| Get cache performance statistics | Monitor cache performance and efficiency |
Supported Content
AI Governance Frameworks
Framework definitions are discovered from the configured upstream repository at runtime.
Use
list_frameworksto see the current catalog available to your deployment.
Risk and Mitigation Categories
Risk Categories
Risk Type | Description | Example Risks |
Security | Information security and cybersecurity risks | Data leakage, prompt injection, adversarial attacks |
Operational | Business and operational risks | AI bias, model drift, hallucination |
Privacy | Data privacy and protection risks | Data exposure, unauthorized access |
Transparency | Explainability and accountability risks | Model opacity, decision traceability |
Mitigation Categories
Mitigation Type | Description | Example Controls |
Prevention | Proactive controls to prevent risks | Access controls, bias testing, data validation |
Detection | Controls to detect and monitor risks | Performance monitoring, anomaly detection |
Response | Controls to respond to identified risks | Incident response, model rollback procedures |
Common Use Cases
Framework Research
List Available Frameworks: Use
list_frameworksto see all supported governance frameworksGet Framework Content: Use
get_frameworkto retrieve complete framework documentsSearch Framework Content: Use
search_frameworksto find specific text within frameworks
Risk Management
Browse Available Risks: Use
list_risksto see all documented AI governance risksGet Risk Details: Use
get_riskto retrieve complete risk documentationSearch Risks: Use
search_risksto find specific risks by keyword
Mitigation Planning
Browse Available Mitigations: Use
list_mitigationsto see all documented mitigation strategiesGet Mitigation Details: Use
get_mitigationto retrieve complete mitigation documentationSearch Mitigations: Use
search_mitigationsto find specific mitigations by keyword
System Monitoring
Health Status: Use
get_service_healthto monitor system availabilityPerformance Metrics: Use
get_cache_statsto monitor cache performance
Architecture
Components
FastMCP Runtime Bootstrap (
src/finos_mcp/fastmcp_server.py): FastMCP server construction, model definitions, and tool registration wiringAPI Registration Modules (
src/finos_mcp/api/): Dedicated tool/resource/prompt registration and MCP payload mappingMCP Tools: 11 tools organized in 3 categories (Framework Access, Risk & Mitigation, System Monitoring)
MCP Prompts: 3 prompt templates for framework analysis and risk assessment
MCP Resources: 3 resource types with finos:// URI scheme for structured access
Application Services and Use-Cases (
src/finos_mcp/application/): Search text parsing, prompt composition, observability projection, and domain flowsContent Management (
src/finos_mcp/content/): Dynamic content loading and cachingSecurity Layer (
src/finos_mcp/security/): Request validation and protectionRuntime Guardrails (
src/finos_mcp/fastmcp_server.py): Middleware-based rate limiting, safe error responses, and payload size enforcement
Design Principles
Document Access Only: Direct access to governance framework documents
Framework Agnostic: Works with any governance framework document structure
Modular Tool System: Easy addition and removal of tools
Security First: All requests validated and protected
Performance Optimized: Intelligent caching and async operations
Runtime Security Controls
Middleware Order: Error handling -> timing -> logging -> rate limiting
Input Limits: Tool, prompt, and resource parameters enforce max lengths and request-size checks
Output Limits: Resource/document payloads are size-validated before returning to clients
Error Disclosure Control: External errors are sanitized and correlation-tagged
Failure Signaling Strategy: Dynamic GitHub discovery with explicit
unavailableresponses when upstream content cannot be reachedBoundary Authentication (Optional): JWT validation at MCP boundary with issuer/audience/scope enforcement
Development
Setup
# Install development dependencies
pip install -e ".[dev,security,test]"
# Run CI-equivalent checks locally
./scripts/ci-local.sh
# Run tests
pytestTesting
# Run all tests
pytest
# Run with coverage
pytest --cov=src --cov-report=html
# Run fast tests
pytest -c pytest.fast.ini
# Test MCP server
mcp list toolsAdding New Tools
Tool additions follow the layered runtime pattern:
Add payload builder or registration wiring in
src/finos_mcp/api/tools/Add or extend use-case logic in
src/finos_mcp/application/use_cases/Register the MCP surface from
src/finos_mcp/fastmcp_server.pyAdd or update tests in
tests/unit/and integration coverage where neededUpdate tool documentation
Configuration
Environment variables and configuration:
Content loaded from GitHub repositories dynamically
Cache configuration in
src/finos_mcp/content/cache.pySecurity settings in
src/finos_mcp/security/
Required Security Configuration
FINOS_MCP_CACHE_SECRET is required at startup.
# Option 1 (Python)
export FINOS_MCP_CACHE_SECRET=$(python -c "import secrets; print(secrets.token_hex(32))")
# Option 2 (OpenSSL)
export FINOS_MCP_CACHE_SECRET=$(openssl rand -hex 32)Notes:
Use a unique secret per environment.
Do not commit real secrets to git.
MCP Auth Configuration
Use JWT validation (FastMCP JWTVerifier) to protect the MCP boundary in production.
export FINOS_MCP_MCP_AUTH_ENABLED=true
export FINOS_MCP_MCP_AUTH_ISSUER=https://auth.example.com
export FINOS_MCP_MCP_AUTH_AUDIENCE=finos-mcp-server
export FINOS_MCP_MCP_AUTH_JWKS_URI=https://auth.example.com/.well-known/jwks.json
export FINOS_MCP_MCP_AUTH_REQUIRED_SCOPES=governance:read,governance:writeNotes:
Set exactly one of
FINOS_MCP_MCP_AUTH_JWKS_URIorFINOS_MCP_MCP_AUTH_PUBLIC_KEY.When auth is enabled, missing issuer/audience/verifier settings fail startup.
Clients must send
Authorization: Bearer <JWT>.
MCP Transport Configuration
Transport and network binding are config-driven (no hardcoded host/port in runtime code):
# Local MCP client default
export FINOS_MCP_MCP_TRANSPORT=stdio
# HTTP exposure example
export FINOS_MCP_MCP_TRANSPORT=http
export FINOS_MCP_MCP_HOST=127.0.0.1
export FINOS_MCP_MCP_PORT=8000Live Transport Tests
# End-to-end stdio MCP test
FINOS_RUN_LIVE_MCP_TEST=1 ./venv/bin/pytest -q tests/integration/test_live_mcp_server.py
# End-to-end HTTP MCP test (starts server + probes /mcp)
./scripts/test-http-transport.sh
# End-to-end HTTP auth boundary test (unauthorized/forbidden/authorized)
./scripts/test-auth-http-transport.shAdvanced Configuration Reference
Use .env.example as the canonical source and override by environment in production.
Variable | Default | Required | Purpose / Guidance |
|
| No | Runtime transport. Use |
|
| For non-stdio | Bind host for network transports. Keep loopback unless behind controlled ingress. |
|
| For non-stdio | Bind port for network transports. |
|
| No | Enables JWT boundary authentication. Set |
| (none) | If auth enabled | Expected JWT |
| (none) | If auth enabled | Expected JWT |
| (none) | One of verifier pair | Recommended verifier source (supports key rotation). |
| (none) | One of verifier pair | Static PEM verifier source. Do not set with |
| (none) | No | Comma-separated required scopes for all requests. |
|
| No | Outbound request timeout in seconds. |
|
| No | In-memory content cache toggle. |
|
| No | Max entries in cache. Increase carefully with memory limits. |
|
| No | Cache TTL in seconds. |
| (none) | Recommended | Raises GitHub API limits and stability for dynamic content sync. |
|
| No | Runtime log verbosity. |
|
| No | Enables verbose diagnostics; avoid in production unless troubleshooting. |
Production baseline:
FINOS_MCP_MCP_AUTH_ENABLED=trueFINOS_MCP_MCP_TRANSPORT=http(orstreamable-http) behind TLS ingressFINOS_MCP_MCP_HOST=127.0.0.1when fronted by reverse proxyConfigure
FINOS_MCP_MCP_AUTH_JWKS_URI,FINOS_MCP_MCP_AUTH_ISSUER,FINOS_MCP_MCP_AUTH_AUDIENCE
Go-Live Approval Gate
Run full automated release gates:
./scripts/go-live-gate.shIncludes:
tracked-folder hygiene checks
clean working tree enforcement
linting and type checks
regression tests
live stdio/HTTP/auth transport checks
dependency vulnerability scan
Content Sources
Content Coverage
Framework Data: Direct access to governance framework documents
Dynamic Loading: Automatic content fetching from official sources
FINOS Content: AI governance risks and mitigations from FINOS AI Governance Framework, used under CC BY 4.0 license
Performance Characteristics
Response Times: Fast cached response times with intelligent caching
Reliability: Circuit breaker protection and error boundary management
Scalability: Memory-efficient design with configurable cache limits
Security: Comprehensive DoS protection and request validation
Documentation
Getting Started
Setup Guide - Connect to your editor (5 minutes)
User Guide - Comprehensive usage guide for all tools
API & Integration
API Documentation - Complete API reference for all 11 MCP tools
Framework Architecture - System design and patterns
MCP Conformance Matrix - Implemented/partial/out-of-scope capability map
Support & Troubleshooting
Troubleshooting - Common issues and solutions
Tools Reference - Complete guide to all 11 MCP tools
Architecture Decision Records - Key architecture rationale and policy decisions
GitHub Repository - Source code and issues
Contributing
Fork the repository
Create a feature branch
Make changes and add tests
Run CI-equivalent checks:
./scripts/ci-local.shTest with MCP CLI:
mcp list toolsSubmit a pull request
Need Help
License
Software: Apache 2.0 License
FINOS Content: CC BY 4.0 License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/finos/aigf-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server