Quickstart — Mima Governance SDK

Five minutes from install to your first compliance record in the ledger.


Prerequisites

  • A Mima workspace (sign up at app.mima.works)
  • An API key from Settings → API Keys (mima_ext_...)
  • Python 3.9+ or Node.js 18+

Python

Install

$pip install mima-governance

Configure

1from mima_governance import MimaGovernance
2
3mima = MimaGovernance(
4 api_key="mima_ext_...",
5 system_name="customer-support-ai",
6)

The SDK resolves your workspace automatically from the API key. Pass workspace_id= explicitly only when managing multiple workspaces.

First attestation

Wrap the function that calls your LLM:

1@mima.attest(tool_name="generate_response")
2def generate_response(user_message: str) -> str:
3 return claude.messages.create(
4 model="claude-opus-4-6",
5 messages=[{"role": "user", "content": user_message}],
6 ).content[0].text
7
8result = generate_response("How do I reset my password?")
9# One attestation record is now in the Mima ledger.

First GRC record

1mima.ai_risk_assessment(
2 system_name="customer-support-ai",
3 risk_tier="limited",
4 use_case="Customer support question routing",
5 intended_purpose="Route customer queries to the correct support team",
6 impact_domains=["customer_service"],
7 art5_self_assessment=True,
8 assessor="alice@example.com",
9)

Check your posture at app.mima.works/posture — the record appears within seconds.


TypeScript

Install

$npm install @mima-ai/governance

Configure

1import { MimaGovernance } from '@mima-ai/governance';
2
3const mima = new MimaGovernance({
4 apiKey: process.env.MIMA_API_KEY!,
5 systemName: 'customer-support-ai',
6});

First attestation

1const generateResponse = mima.wrap('generate_response', async (userMessage: string) => {
2 const msg = await anthropic.messages.create({
3 model: 'claude-opus-4-6',
4 messages: [{ role: 'user', content: userMessage }],
5 });
6 return msg.content[0].type === 'text' ? msg.content[0].text : '';
7});
8
9const reply = await generateResponse('How do I reset my password?');
10// Attestation record pushed automatically.

First GRC record

1await mima.aiRiskAssessment(
2 'customer-support-ai',
3 'limited',
4 'Customer support question routing',
5 {
6 intendedPurpose: 'Route customer queries to the correct support team',
7 impactDomains: ['customer_service'],
8 art5SelfAssessment: true,
9 assessor: 'alice@example.com',
10 },
11);

Using the MCP server (Claude Code / Cursor)

If you’re using an AI coding agent rather than app code, configure the MCP server instead of the SDK. It works for any language.

1{
2 "mcpServers": {
3 "mima-governance": {
4 "command": "npx",
5 "args": ["-y", "@mima-ai/governance-mcp"],
6 "env": {
7 "MIMA_API_KEY": "mima_ext_...",
8 "MIMA_SYSTEM_NAME": "customer-support-ai"
9 }
10 }
11 }
12}

Then ask your agent: “Use mima to check my governance posture” or “Log an AI risk assessment for this system.”

See MCP Server for the full tool reference.


What happens next

  1. Records flow into the Mima evidence ledger, timestamped and HMAC-signed.
  2. Each record earns mapped controls (e.g. EUAIA_ART9, ISO42001_6_1).
  3. Your posture score updates in real time on the dashboard.
  4. Gates check for required evidence before deploys or quarterly reviews.

Next steps

GoalDoc
All 11 GRC record typesRecord Types
Full Python SDK referencePython SDK
Full TypeScript SDK referenceTypeScript SDK
OTEL / runtime guardOpenTelemetry Guard
MCP server toolsMCP Server
ESLint pluginESLint Plugin
CLI referenceCLI
REST API referenceAPI Reference