ai-bom-mcp 1.2.7

AI Bill of Materials (AI-BOM) generator + auditor MCP — CycloneDX ML-BOM, SPDX 3.0 AI profile, EU AI Act Annex IV mapping, NIST AI RMF alignment, US EO 14028 federal procurement. By MEOK AI Labs.

Ai Bom MCP

Buy Starter — £29/mo

Signed attestations + unlimited audits + email support. 👉 Subscribe at meok.ai — instant HMAC signing key + Stripe-managed billing.

Free tier remains MIT-licensed and zero-config. Upgrade only when you need signed compliance artefacts for audit.

MCP server for ai bom mcp operations

Quick Install

Client	Install
Claude Desktop
Cursor
VS Code
Windsurf
Docker	docker run -p 8000:8000 ai-bom-mcp
pip	pip install ai-bom-mcp

Overview

Ai Bom MCP provides AI-powered tools via the Model Context Protocol (MCP).

Tools

Tool	Description
generate_ai_bom	Generate an AI-BOM in CycloneDX ML-BOM format (or SPDX 3.0) with all 10 required
audit_ai_bom_completeness	Audit an existing AI-BOM for completeness against the 10 required field categori
map_to_regulation	Map an AI-BOM against a specific regulatory framework's technical documentation
required_fields	List the 10 required AI-BOM field categories and their fields.
sign_ai_bom_attestation	Generate a cryptographically signed AI-BOM completeness attestation (Pro/Enterpr

Installation

pip install meok-ai-bom-mcp

Usage with Claude Desktop

Add to your Claude Desktop MCP config (claude_desktop_config.json):

{
  "mcpServers": {
    "ai-bom-mcp": {
      "command": "python",
      "args": ["-m", "meok_ai_bom_mcp.server"]
    }
  }
}

Usage with FastMCP

from mcp.server.fastmcp import FastMCP

# This server exposes 5 tool(s) via MCP
# See server.py for full implementation

License

MIT © MEOK AI Labs

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "Is this MCP server free to use?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. The free tier gives you 10 calls per day with no API key required. Pro tier is £79/mo for unlimited calls plus cryptographically signed attestations your auditor can verify independently." } }, { "@type": "Question", "name": "How does the signed attestation work?", "acceptedAnswer": { "@type": "Answer", "text": "Every Pro tier audit produces a HMAC-SHA256 signed certificate with a unique ID and a public verify URL. Your auditor pastes the cert into https://meok-attestation-api.vercel.app/verify and gets an independent valid/invalid response. No contact with MEOK required." } }, { "@type": "Question", "name": "Which MCP clients does this work with?", "acceptedAnswer": { "@type": "Answer", "text": "All standard MCP clients: Claude Desktop, Claude Code, Cursor, VS Code with MCP extension, Windsurf, Cline, and any custom MCP-compatible agent. Install via npx meok-setup or pip install for the underlying Python package." } }, { "@type": "Question", "name": "Can I install all MEOK governance MCPs at once?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. Run npx meok-setup --pack governance to install all 10 governance MCPs and write the configs for Claude Desktop, Cursor, or Windsurf in one command." } }, { "@type": "Question", "name": "Is the regulation text authoritative?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. MEOK syncs daily from the EUR-Lex Cellar SPARQL endpoint, the canonical EU regulation publication system. The text is verbatim with no LLM summarization. Every quote is auditor-defensible and includes the exact article number plus relevance score." } } ] } </script>