GIA MCP Server

AI Governance-as-a-Service for Claude-powered workflows. Connect via MCP to classify decisions, enforce gates, audit actions, and generate compliance evidence.

Tools

Resources

Prompts

Frameworks

Quick Start

1. Get an API Key

Request an Explorer trial key or subscribe to Professional at /pricing. Your key will look like:

gia_a1b2c3d4e5f6... # 68 characters, one-time reveal

2. Connect via Claude Code

Add the GIA MCP server to your project's .mcp.json in the project root:

      .mcp.json
{
  "mcpServers": {
    "gia": {
      "type": "http",
      "url": "https://gia.aceadvising.com/mcp",
      "headers": {
        "Authorization": "Bearer ${GIA_API_KEY}"
      }
    }
  }
}
    

3. Connect via Claude Desktop

Edit your Claude Desktop config (Settings > Developer > Edit Config):

      claude_desktop_config.json
{
  "mcpServers": {
    "gia": {
      "command": "npx",
      "args": ["-y", "gia-mcp-server"],
      "env": {
        "GIA_API_KEY": "your-api-key-here"
      }
    }
  }
}
    

4. Connect via API (Direct HTTP)

Any MCP-compatible client can connect to the Streamable HTTP endpoint:

# Endpoint
POST https://gia.aceadvising.com/mcp

# Headers
Authorization: Bearer <your-api-key>
Content-Type: application/json

# Health check (no auth required)
GET https://gia.aceadvising.com/health
    

Your First Governance Call

Once connected, try classifying a decision. In Claude Code, just ask Claude:

      Claude Code prompt
# Ask Claude to classify any AI agent decision
"Classify this decision: Generate a report summarizing Q4 financial results for the board"

# GIA will return:
Classification: ADVISORY
Confidence: 0.82
Rationale: Internal report generation — logged, no gate required
Mapped to: NIST AI RMF (GOVERN, MAP) | ISO 42001 (A.7.1)
    

Try these follow-up prompts to explore the platform's capabilities:

"Check the governance health of my system" — runs evaluate_threshold + system_status
"Score the governance of my last operation" — runs score_governance (Integrity, Accuracy, Compliance)
"Show me what NIST 800-53 controls GIA covers" — runs map_compliance
"Generate a full governance report" — runs generate_report
"Seal a memory pack for our VA claims SOPs" — runs seal_memory_pack

Authentication

The platform uses Bearer API key authentication. Include your key in every request:

Authorization: Bearer gia_your_api_key_here

Keys are SHA-256 hashed at rest — the platform never stores plaintext keys
One-time reveal — full key shown once at creation, masked forever after
Key fingerprint — 8-character hash prefix for audit logs and identification
Rate limited — Explorer: 10 req/min, Professional: 120 req/min, Enterprise: 600 req/min
Revocation — keys can be instantly revoked via admin API

Transport

Protocol: Streamable HTTP (MCP recommended transport)
Sessions: Server-generated UUID via Mcp-Session-Id header
Session timeout: 30 minutes of inactivity
TLS: All connections encrypted via HTTPS (TLS 1.2+)
SSE: Not used — Streamable HTTP only

Tools (33)

Governance Core

classify_decision

MAI classification (Mandatory / Advisory / Informational)

evaluate_threshold

Storey Threshold™ — governance escalation rate

score_governance

Weighted IAC scoring (Integrity, Accuracy, Compliance)

assess_risk_tier

EU AI Act risk tier assessment

map_compliance

Map to NIST 800-53, AI RMF, EU AI Act, ISO 42001

approve_gate

MANDATORY Human-in-the-loop gate

generate_report

Governance status report

system_status

Engine health, uptime, telemetry

Audit & Monitoring

audit_pipeline

Query the forensic audit ledger

monitor_agents

Agent health, failures, repair history

verify_ledger

Verify hash-chain integrity of audit trail

record_governance_event

Log gate triggers, drift, violations

record_value_metric

Track time saved, risk blocked, ROI

generate_impact_report

Economic + governance impact report

Governed Memory Packs

seal_memory_pack

Create immutable, TTL-bound knowledge artifact

load_memory_pack

Load pack with trust/role/TTL validation

transfer_memory_pack

MANDATORY Governed inter-agent transfer

compose_memory_packs

Merge packs (trust contaminates downward)

distill_memory_pack

Extract patterns into draft heuristic pack

promote_memory_pack

MANDATORY Elevate trust level after review

Security Remediation (SRT)

srt_run_watchdog

INFO Submit health checks, detect issues

srt_diagnose

ADVISORY Root cause + repair plan

srt_approve_repair

MANDATORY Approve/reject repair plan

srt_generate_postmortem

ADVISORY Structured incident postmortem

Infrastructure Operations

gia_scan_environment

INFO Scout OS, containers, services

gia_list_packs

INFO Browse remediation/hardening packs

gia_dry_run_pack

ADVISORY Preview with inputsHash binding

gia_apply_pack

MANDATORY Execute with human approval

gia_run_patrol

Read-only posture checks and audit evidence

Resources (5)

gia://spec/mai-framework

MAI classification rules and specification

gia://spec/storey-threshold

Quantitative governance health metric

gia://spec/governance-scoring

IAC scoring dimensions and weights

gia://status/live

Live system health and telemetry

gia://spec/architecture

System architecture and inheritance chain

Prompts (4)

gia-assess

Full governance assessment (risk tier, MAI, scoring, compliance)

gia-design-gate

Design a MAI gate strategy for an agent pipeline

gia-compliance-report

Generate compliance report across all frameworks

gia-health-check

Full system health check with diagnostics

Compliance Frameworks

GIA maps governance controls to 16+ regulatory frameworks. Core four:

NIST 800-53

100 Policies

NIST AI RMF

Risk Management

EU AI Act

Risk Tiers

ISO 42001

AI Management

Rate Limits

Tier	Requests/min	Calls/day	Price
Explorer	10	100	14-day trial
Professional	120	10,000	$500/mo
Enterprise	600	50,000	Custom

Support

Documentation: gia.aceadvising.com/docs
GitHub: knowledgepa3/gia-mcp-server
Support email: support@aceadvising.com
Status: gia.aceadvising.com/health