GIA MCP Server

AI Governance-as-a-Service for Claude-powered workflows. Connect via MCP to classify decisions, enforce gates, audit actions, and generate compliance evidence.

Tools

Resources

Prompts

Frameworks

Quick Start

1. Get an API Key

gia_a1b2c3d4e5f6... # 68 characters, one-time reveal

2. Connect via Claude Code

Add the GIA MCP server to your project's .mcp.json in the project root:

      .mcp.json
{
  "mcpServers": {
    "gia": {
      "type": "http",
      "url": "https://gia.aceadvising.com/mcp",
      "headers": {
        "Authorization": "Bearer ${GIA_API_KEY}"
      }
    }
  }
}
    

3. Connect via Claude Desktop

Edit your Claude Desktop config (Settings > Developer > Edit Config):

      claude_desktop_config.json
{
  "mcpServers": {
    "gia": {
      "command": "npx",
      "args": ["-y", "gia-mcp-server"],
      "env": {
        "GIA_API_KEY": "your-api-key-here"
      }
    }
  }
}
    

4. Connect via API (Direct HTTP)

Any MCP-compatible client can connect to the Streamable HTTP endpoint:

# Endpoint
POST https://gia.aceadvising.com/mcp

# Headers
Authorization: Bearer <your-api-key>
Content-Type: application/json

# Health check (no auth required)
GET https://gia.aceadvising.com/health
    

Your First Governance Call

Once connected, try classifying a decision. In Claude Code, just ask Claude:

      Claude Code prompt
# Ask Claude to classify any AI agent decision
"Classify this decision: Generate a report summarizing Q4 financial results for the board"

# GIA will return:
Classification: ADVISORY
Confidence: 0.82
Rationale: Internal report generation — logged, no gate required
Mapped to: NIST AI RMF (GOVERN, MAP) | ISO 42001 (A.7.1)
    

Try these follow-up prompts to explore the platform's capabilities:

"Check the governance health of my system" — runs evaluate_threshold + system_status
"Score the governance of my last operation" — runs score_governance (Integrity, Accuracy, Compliance)
"Show me what NIST 800-53 controls GIA covers" — runs map_compliance
"Generate a full governance report" — runs generate_report
"Seal a memory pack for our VA claims SOPs" — runs seal_memory_pack

Authentication

The platform uses Bearer API key authentication. Include your key in every request:

Authorization: Bearer gia_your_api_key_here

Keys are SHA-256 hashed at rest — the platform never stores plaintext keys
One-time reveal — full key shown once at creation, masked forever after
Key fingerprint — 8-character hash prefix for audit logs and identification
Rate limited — Starter: 30 req/min, Professional: 120 req/min, Enterprise: 600 req/min
Revocation — keys can be instantly revoked via admin API

Transport

Protocol: Streamable HTTP (MCP recommended transport)
Sessions: Server-generated UUID via Mcp-Session-Id header
Session timeout: 30 minutes of inactivity
TLS: All connections encrypted via HTTPS (TLS 1.2+)
SSE: Not used — Streamable HTTP only

Tools (29)

Governance Core

classify_decision

MAI classification (Mandatory / Advisory / Informational)

evaluate_threshold

Storey Threshold™ — governance escalation rate

score_governance

Weighted IAC scoring (Integrity, Accuracy, Compliance)

assess_risk_tier

EU AI Act risk tier assessment

map_compliance

Map to NIST 800-53, AI RMF, EU AI Act, ISO 42001

approve_gate

MANDATORY Human-in-the-loop gate

generate_report

Governance status report

system_status

Engine health, uptime, telemetry

Audit & Monitoring

audit_pipeline

Query the forensic audit ledger

monitor_agents

Agent health, failures, repair history

verify_ledger

Verify hash-chain integrity of audit trail

record_governance_event

Log gate triggers, drift, violations

record_value_metric

Track time saved, risk blocked, ROI

generate_impact_report

Economic + governance impact report

Governed Memory Packs

seal_memory_pack

Create immutable, TTL-bound knowledge artifact

load_memory_pack

Load pack with trust/role/TTL validation

transfer_memory_pack

MANDATORY Governed inter-agent transfer

compose_memory_packs

Merge packs (trust contaminates downward)

distill_memory_pack

Extract patterns into draft heuristic pack

promote_memory_pack

MANDATORY Elevate trust level after review

Security Remediation (SRT)

srt_run_watchdog

INFO Submit health checks, detect issues

srt_diagnose

ADVISORY Root cause + repair plan

srt_approve_repair

MANDATORY Approve/reject repair plan

srt_generate_postmortem

ADVISORY Structured incident postmortem

Infrastructure Operations

gia_scan_environment

INFO Scout OS, containers, services

gia_list_packs

INFO Browse remediation/hardening packs

gia_dry_run_pack

ADVISORY Preview with inputsHash binding

gia_apply_pack

MANDATORY Execute with human approval

gia_run_patrol

Read-only posture checks and audit evidence

Resources (5)

gia://spec/mai-framework

MAI classification rules and specification

gia://spec/storey-threshold

Quantitative governance health metric

gia://spec/governance-scoring

IAC scoring dimensions and weights

gia://status/live

Live system health and telemetry

gia://spec/architecture

System architecture and inheritance chain

Prompts (4)

gia-assess

Full governance assessment (risk tier, MAI, scoring, compliance)

gia-design-gate

Design a MAI gate strategy for an agent pipeline

gia-compliance-report

Generate compliance report across all frameworks

gia-health-check

Full system health check with diagnostics

Compliance Frameworks

ACE maps governance controls to four major regulatory frameworks:

NIST 800-53

100 Policies

NIST AI RMF

Risk Management

EU AI Act

Risk Tiers

ISO 42001

AI Management

Rate Limits

Tier	Requests/min	Calls/day	Price
Starter	30	1,000	Free
Professional	120	10,000	$500/mo
Enterprise	600	50,000	Custom

Support

Documentation: gia.aceadvising.com/docs
GitHub: knowledgepa3/gia-platform
Support email: support@aceadvising.com
Status: gia.aceadvising.com/health