cra-compliance-mcp 1.2.5

EU Cyber Resilience Act (Regulation 2024/2847) compliance for AI agents. Product classification, Annex I audit, SBOM generation, conformity assessment roadmap, vulnerability reporting readiness. For manufacturers of products with digital elements. By MEOK AI Labs.

Cra Compliance MCP

MCP server for cra compliance mcp operations

Quick Install

Client	Install
Claude Desktop
Cursor
VS Code
Windsurf
Docker	docker run -p 8000:8000 cra-compliance-mcp
pip	pip install cra-compliance-mcp

Overview

Cra Compliance MCP provides AI-powered tools via the Model Context Protocol (MCP).

Tools

Tool	Description
classify_product	Classify a product with digital elements (PDE) into its CRA class (default/I/II/
audit_annex_i	Audit Annex I essential cybersecurity requirements (both Part 1 product properti
sbom_skeleton	Generate a minimal CycloneDX-style SBOM skeleton required for CRA Article 13.
vulnerability_reporting_readiness	Check readiness for the Sep 2026 mandatory reporting of exploited vulnerabilitie
conformity_assessment_roadmap	Produce a conformity assessment roadmap for CE marking your product under CRA.
enforcement_status	Current CRA enforcement timeline + key deadlines.
sign_cra_attestation	Generate a cryptographically signed CRA (Cyber Resilience Act) compliance attest

Installation

pip install meok-cra-compliance-mcp

Usage with Claude Desktop

Add to your Claude Desktop MCP config (claude_desktop_config.json):

{
  "mcpServers": {
    "cra-compliance-mcp": {
      "command": "python",
      "args": ["-m", "meok_cra_compliance_mcp.server"]
    }
  }
}

Usage with FastMCP

from mcp.server.fastmcp import FastMCP

# This server exposes 7 tool(s) via MCP
# See server.py for full implementation

License

MIT © MEOK AI Labs

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "Is this MCP server free to use?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. The free tier gives you 10 calls per day with no API key required. Pro tier is £79/mo for unlimited calls plus cryptographically signed attestations your auditor can verify independently." } }, { "@type": "Question", "name": "How does the signed attestation work?", "acceptedAnswer": { "@type": "Answer", "text": "Every Pro tier audit produces a HMAC-SHA256 signed certificate with a unique ID and a public verify URL. Your auditor pastes the cert into https://meok-attestation-api.vercel.app/verify and gets an independent valid/invalid response. No contact with MEOK required." } }, { "@type": "Question", "name": "Which MCP clients does this work with?", "acceptedAnswer": { "@type": "Answer", "text": "All standard MCP clients: Claude Desktop, Claude Code, Cursor, VS Code with MCP extension, Windsurf, Cline, and any custom MCP-compatible agent. Install via npx meok-setup or pip install for the underlying Python package." } }, { "@type": "Question", "name": "Can I install all MEOK governance MCPs at once?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. Run npx meok-setup --pack governance to install all 10 governance MCPs and write the configs for Claude Desktop, Cursor, or Windsurf in one command." } }, { "@type": "Question", "name": "Is the regulation text authoritative?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. MEOK syncs daily from the EUR-Lex Cellar SPARQL endpoint, the canonical EU regulation publication system. The text is verbatim with no LLM summarization. Every quote is auditor-defensible and includes the exact article number plus relevance score." } } ] } </script>