cra-compliance-mcp 1.2.7

EU Cyber Resilience Act (Regulation 2024/2847) compliance for AI agents. Product classification, Annex I audit, SBOM generation, conformity assessment roadmap, vulnerability reporting readiness. For manufacturers of products with digital elements. By MEOK AI Labs.

Cra Compliance MCP

Buy Starter — £29/mo

Signed attestations + unlimited audits + email support. 👉 Subscribe at meok.ai — instant HMAC signing key + Stripe-managed billing.

Free tier remains MIT-licensed and zero-config. Upgrade only when you need signed compliance artefacts for audit.

MCP server for cra compliance mcp operations

Quick Install

Client	Install
Claude Desktop
Cursor
VS Code
Windsurf
Docker	docker run -p 8000:8000 cra-compliance-mcp
pip	pip install cra-compliance-mcp

Overview

Cra Compliance MCP provides AI-powered tools via the Model Context Protocol (MCP).

🆕 Quote verbatim Cyber Resilience Act text in any audit

Install our sister MCP and pipe it through your agent for auditor-defensible quotes:

pip install eu-ai-act-compliance-mcp  # 1.5.1+

# In your Claude / OpenAI tool-use agent:
search_regulation(query="incident reporting", regulation="cra", limit=3)
get_article_text(regulation="cra", article_number=17)

Returns verbatim Cyber Resilience Act text from publications.europa.eu Cellar (SPARQL-synced daily) with a canonical EUR-Lex deep link on every snippet — drop straight into audit evidence packs.

---

Tools

Tool	Description
classify_product	Classify a product with digital elements (PDE) into its CRA class (default/I/II/
audit_annex_i	Audit Annex I essential cybersecurity requirements (both Part 1 product properti
sbom_skeleton	Generate a minimal CycloneDX-style SBOM skeleton required for CRA Article 13.
vulnerability_reporting_readiness	Check readiness for the Sep 2026 mandatory reporting of exploited vulnerabilitie
conformity_assessment_roadmap	Produce a conformity assessment roadmap for CE marking your product under CRA.
enforcement_status	Current CRA enforcement timeline + key deadlines.
sign_cra_attestation	Generate a cryptographically signed CRA (Cyber Resilience Act) compliance attest

Installation

pip install meok-cra-compliance-mcp

Usage with Claude Desktop

Add to your Claude Desktop MCP config (claude_desktop_config.json):

{
  "mcpServers": {
    "cra-compliance-mcp": {
      "command": "python",
      "args": ["-m", "meok_cra_compliance_mcp.server"]
    }
  }
}

Usage with FastMCP

from mcp.server.fastmcp import FastMCP

# This server exposes 7 tool(s) via MCP
# See server.py for full implementation

Wire it up — full stack

Pair this with the MEOK chain that turns one agent action into ONE signed compliance event:

1. bft-progress-council-mcp — anti-loop guardrail
2. agent-token-budget-mcp — hard spend cap
3. agent-prompt-injection-firewall-mcp — OWASP LLM01 scan
4. agent-audit-logger-mcp — hash-chained evidence
5. a2a-governance-bridge-mcp — fold N attestations → 1 signed event
6. agent-incident-relay-mcp — broadcast incidents to 5 regimes simultaneously

See meok.ai/mcp-stack for the full architecture and meok.ai/mcp-stack/demo for the live in-browser demo.

License

MIT © MEOK AI Labs

<<<<<<< Updated upstream

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "Is this MCP server free to use?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. The free tier gives you 10 calls per day with no API key required. Pro tier is £79/mo for unlimited calls plus cryptographically signed attestations your auditor can verify independently." } }, { "@type": "Question", "name": "How does the signed attestation work?", "acceptedAnswer": { "@type": "Answer", "text": "Every Pro tier audit produces a HMAC-SHA256 signed certificate with a unique ID and a public verify URL. Your auditor pastes the cert into https://meok-attestation-api.vercel.app/verify and gets an independent valid/invalid response. No contact with MEOK required." } }, { "@type": "Question", "name": "Which MCP clients does this work with?", "acceptedAnswer": { "@type": "Answer", "text": "All standard MCP clients: Claude Desktop, Claude Code, Cursor, VS Code with MCP extension, Windsurf, Cline, and any custom MCP-compatible agent. Install via npx meok-setup or pip install for the underlying Python package." } }, { "@type": "Question", "name": "Can I install all MEOK governance MCPs at once?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. Run npx meok-setup --pack governance to install all 10 governance MCPs and write the configs for Claude Desktop, Cursor, or Windsurf in one command." } }, { "@type": "Question", "name": "Is the regulation text authoritative?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. MEOK syncs daily from the EUR-Lex Cellar SPARQL endpoint, the canonical EU regulation publication system. The text is verbatim with no LLM summarization. Every quote is auditor-defensible and includes the exact article number plus relevance score." } } ] } </script>

Stashed changes

Sister MCPs

Part of the MEOK Governance pack — designed to work together as a fleet. Install the whole pack with npx meok-setup --pack governance, or pick the ones you need:

• EU AI Act → uvx eu-ai-act-compliance-mcp · PyPI · GitHub
• DORA → uvx dora-compliance-mcp · PyPI · GitHub
• NIS2 → uvx nis2-compliance-mcp · PyPI · GitHub
• AI Bill of Materials → uvx ai-bom-mcp · PyPI · GitHub
• AI Incident Reporting → uvx ai-incident-reporting-mcp · PyPI · GitHub
• DORA × NIS2 Crosswalk → uvx dora-nis2-crosswalk-mcp · PyPI · GitHub

Full catalogue + Anthropic Registry verify links: meok.ai/anthropic-registry

Protocol coverage + Universal PAYG

This MCP is part of MEOK's 47-MCP fleet that bridges every active agent-interop protocol and 30+ regulatory frameworks. See the full coverage matrix at meok.ai/protocols.

Agent interop protocols supported (8 live):

• ✅ MCP (Anthropic) — native
• ✅ A2A (Google + Linux Foundation, absorbed IBM ACP Sept 2025)
• ✅ IBM ACP — covered via A2A merge
• ◐ Stripe ACP (Agentic Commerce Protocol) — Q3 bridge via agent-commerce-protocol-mcp
• ◐ AP2 (Google Agent Payments) — partial via agent-commerce-payments-mcp
• ◐ x402 (Coinbase HTTP 402) — partial via api.meok.ai gateway
• → OASF / AGNTCY (Cisco Outshift + Linux Foundation) — Q3 bridge
• 👁 ANP (Cisco Agent Network) — watch-list

Pricing options:

Option	Price	Best for
Self-host (this MCP)	£0 — MIT	Devs
This MCP Starter	£29/mo	One-MCP teams
This MCP Pro	£79/mo	Production + 24h SLA
Universal PAYG	£29/mo + £0.0002/call	Spiky usage across many MCPs
Substrate bundle (this category)	£99-£499/mo	A whole pack
MEOK Universe	£1,499/mo	All 47 MCPs, 500K calls

Each tier above the free self-host adds HMAC-signed attestations verifiable at verify.meok.ai. Linux Foundation governance on the A2A spine means EU regulated buyers can deploy without vendor-lock-in objections.