Enterprise AI governance through the Model Context Protocol.
GIA is a production governance engine that gives AI agents enforceable decision controls, compliance scoring, immutable audit chains, and human-in-the-loop gates. Built for organizations operating under NIST, FedRAMP, CMMC, EU AI Act, and SOC 2 requirements.
29 MCP tools. One integration point. Works with Claude Desktop, Claude Code, OpenAI Agent Builder, and any MCP-compatible client.
npx gia-mcp-serverOr install globally:
npm install -g gia-mcp-server
gia-mcp-serverThe server connects to the hosted GIA engine at https://gia.aceadvising.com. Configure your API key:
GIA_API_KEY=your-key npx gia-mcp-serverAdd to your claude_desktop_config.json:
{
"mcpServers": {
"gia-governance": {
"command": "npx",
"args": ["-y", "gia-mcp-server"],
"env": {
"GIA_API_KEY": "your-key"
}
}
}
}claude mcp add gia-governance -- npx -y gia-mcp-serverPoint to the Streamable HTTP endpoint:
https://gia.aceadvising.com/mcp
npx -y @smithery/cli install @knowledgepa3/gia-mcp-server --client claude
| Tool | Description |
|---|---|
classify_decision |
Classify agent decisions as Mandatory, Advisory, or Informational |
approve_gate |
Human-in-the-loop approval for Mandatory gates |
evaluate_threshold |
Compute escalation health (Storey Threshold) |
score_governance |
Weighted governance scoring (Integrity, Accuracy, Compliance) |
| Tool | Description |
|---|---|
audit_pipeline |
Query the hash-chained forensic audit ledger |
verify_ledger |
Verify SHA-256 chain integrity from genesis |
map_compliance |
Map controls to NIST AI RMF, EU AI Act, ISO 42001, NIST 800-53 |
assess_risk_tier |
EU AI Act risk tier classification |
generate_report |
Governance status reports (summary, detailed, executive) |
| Tool | Description |
|---|---|
seal_memory_pack |
Create immutable, TTL-bound knowledge artifacts |
load_memory_pack |
Load packs with trust level and role enforcement |
transfer_memory_pack |
Governed knowledge transfer between agents |
compose_memory_packs |
Merge packs with risk contamination rules |
distill_memory_pack |
Extract governance patterns from usage history |
promote_memory_pack |
Promote packs to higher trust levels after review |
| Tool | Description |
|---|---|
monitor_agents |
Agent health, repair history, failure counts |
srt_run_watchdog |
Infrastructure health probes (API, disk, memory, TLS, DB, DNS) |
srt_diagnose |
Incident diagnosis with playbook matching |
srt_approve_repair |
Human-approved repair execution |
srt_generate_postmortem |
Structured incident postmortems with TTD/TTR metrics |
| Tool | Description |
|---|---|
gia_scan_environment |
Scout swarm for environment detection |
gia_list_packs |
List remediation, patrol, hardening, and audit packs |
gia_dry_run_pack |
Preview pack execution with blast radius analysis |
gia_apply_pack |
Execute remediation with mandatory human approval |
gia_run_patrol |
Read-only posture checks and compliance audits |
| Tool | Description |
|---|---|
record_value_metric |
Track time saved, risks blocked, autonomy levels |
record_governance_event |
Log gates, drift prevention, violations blocked |
generate_impact_report |
Economic + governance ROI reporting |
system_status |
Engine health, uptime, configuration |
GIA enforces governance through three layers:
- Decision Controls — MAI classification gates side effects and high-impact actions
- Step Hooks — Workflow progression control at each pipeline stage
- Kernel Hooks — Resource control at the LLM boundary, including sub-agents
Every governance action is recorded in a SHA-256 hash-chained audit ledger that can be independently verified.
- NIST AI RMF — Risk management framework mapping
- EU AI Act — Risk tier assessment and control mapping
- ISO 42001 — AI management system alignment
- NIST 800-53 — Federal security control mapping
- CMMC 2.0 — DoD cybersecurity maturity
- FedRAMP — Federal cloud authorization
- SOC 2 — Service organization controls
Built by Advanced Consulting Experts (ACE) — a Service-Disabled Veteran-Owned Small Business (SDVOSB).
GIA was designed by William J. Storey III, a 17-year Information System Security Officer with experience across DoD contracts and U.S. Army Ranger Battalion operations. The same discipline applied to securing classified systems now governs AI agent workforces.
MIT