MCP Server — Governance Tools
MCP Server — Governance Tools
The Mima governance MCP server exposes 10 tools to Claude Code, Cursor, and any MCP-compatible AI agent. It is the primary evidence path for agent-based AI systems — any language, 4 lines of config.
Install
Or use npx without installing:
Configuration
Claude Code setup
Add via the CLI:
Or add manually to ~/.claude/settings.json:
Cursor setup
Add to .cursor/mcp.json in your project root:
The 10 tools
get_posture
Returns your overall governance score, per-framework breakdown, and gate status.
Returns: Overall score (0–100), scores by framework (EU AI Act, ISO 42001, SOC 2), count of open gaps, gate pass/fail.
list_systems
Lists all AI systems in the workspace — registered and unregistered.
list_evidence
Returns evidence records filtered by system and time window.
dry_run_attest
Preview which controls an attestation would earn, without writing to the ledger.
Use this before calling attest to confirm what controls a record will map to.
attest
Write an attestation record to the Mima ledger.
register_system
Register an AI system (Art. 9 EU AI Act).
When dry_run: true, returns what would be registered without writing.
acknowledge_policy
Record that a policy has been acknowledged.
When dry_run: true, returns what would be written without writing.
derive_controls
Returns recommended evidence record types for a given system description.
Use this to plan what records to push for a new system.
check_gates
Returns gate pass/fail status with exit codes. Useful in CI.
Returns: Gate name, pass/fail, blocking status, exit code (0 = pass, 1 = soft fail, 2 = hard fail).
suggest_gates
Returns prioritised gate recommendations.
Returns: Gates in three tiers — urgent (gate will fail this week), recommend (close gap soon), consider (low priority).
Claude Code skills
Four skills are pre-packaged for use with / commands in Claude Code.
/mima-check-readiness
Runs a CISO-ready posture summary:
- Calls
get_postureto get current score. - Calls
list_systemsto identify unregistered systems. - Calls
suggest_gatesto surface the most urgent gaps. - Produces a structured report: overall score, framework breakdown, top 3 priority actions.
/mima-close-gaps
8-step compliance copilot loop:
- Gets current posture.
- Identifies the highest-priority open gap.
- Proposes the specific record to push.
- Uses
dry_run_attestto preview what controls would be earned. - Asks for approval before writing.
- Calls
attestor the appropriate GRC method. - Verifies the control was earned.
- Reports the updated posture score.
/mima-register-systems
Art. 9 intake workflow:
- Runs
list_systemsto find unregistered systems. - For each system, asks three Annex III grounding questions.
- Classifies risk tier based on answers (never infers from system name alone).
- Runs
dry_run: trueto preview the registration. - Asks for confirmation.
- Calls
register_system.
/mima-configure-gates
Gate configuration workflow:
- Calls
suggest_gatesto surface recommendations. - Explains the business justification for each.
- Walks through configuration options.
- Applies the chosen gates.
Dry-run pattern
All three write tools support dry-run. The workflow:
This is enforced by the /mima-close-gaps skill. Never write records
without a dry-run preview in agentic contexts.
