eu.ansvar/us-regulations-mcp

Install

Config snippet generator goes here (5 client tabs)

README

# US Regulations MCP Server

**Navigate US compliance from the AI age.**

[![npm version](https://badge.fury.io/js/@ansvar%2Fus-regulations-mcp.svg)](https://www.npmjs.com/package/@ansvar/us-regulations-mcp)
[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![GitHub stars](https://img.shields.io/github/stars/Ansvar-Systems/US_compliance_MCP?style=social)](https://github.com/Ansvar-Systems/US_compliance_MCP)
[![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen)](https://nodejs.org)
[![TypeScript](https://img.shields.io/badge/TypeScript-5.9-blue)](https://www.typescriptlang.org/)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Ansvar-Systems/US_compliance_MCP/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Ansvar-Systems/US_compliance_MCP)
[![CodeQL](https://github.com/Ansvar-Systems/US_compliance_MCP/workflows/CodeQL/badge.svg)](https://github.com/Ansvar-Systems/US_compliance_MCP/actions/workflows/codeql.yml)
[![Security](https://github.com/Ansvar-Systems/US_compliance_MCP/workflows/Semgrep/badge.svg)](https://github.com/Ansvar-Systems/US_compliance_MCP/security)

Query **HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, FDA 21 CFR 820 (QSR/QMSR), FDA Premarket & Postmarket Cybersecurity Guidance, FD&C Act Section 524B (PATCH Act), CIRCIA, EPA RMP, FFIEC, NYDFS 500, and 4 state privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA)** directly from Claude, Cursor, or any MCP-compatible client.

If you're building healthcare tech, consumer apps, or financial services for the US market, this is your compliance reference.

Built by [Ansvar Systems](https://ansvar.eu) — Stockholm, Sweden

---

## Why This Exists

US compliance is scattered across regulations.gov PDFs, eCFR.gov pages, state legislative sites, and agency guidance documents. Whether you're:
- A **developer** implementing HIPAA security controls or CCPA consumer rights
- A **product team** navigating breach notification requirements across multiple states
- A **compliance officer** mapping NIST controls to regulatory obligations
- A **legal researcher** comparing incident response timelines across federal and state laws

...you shouldn't need to navigate fragmented federal agencies, 50 state legislatures, and conflicting PDF formats. Ask Claude. Get the exact section. With context.

This MCP server makes US regulations **searchable, cross-referenceable, and AI-readable**.

---

## Quick Start

### Use Remotely (No Install Needed)

> Connect directly to the hosted version — zero dependencies, nothing to install.

**Endpoint:** `https://us-regulations-mcp.vercel.app/mcp`

| Client | How to Connect |
|--------|---------------|
| **Claude.ai** | Settings > Connectors > Add Integration > paste URL |
| **Claude Code** | `claude mcp add us-regulations --transport http https://us-regulations-mcp.vercel.app/mcp` |
| **Claude Desktop** | Add to config (see below) |
| **GitHub Copilot** | Add to VS Code settings (see below) |

**Claude Desktop** — add to `claude_desktop_config.json`:

```json
{
  "mcpServers": {
    "us-regulations": {
      "type": "url",
      "url": "https://us-regulations-mcp.vercel.app/mcp"
    }
  }
}
```

**GitHub Copilot** — add to VS Code `settings.json`:

```json
{
  "github.copilot.chat.mcp.servers": {
    "us-regulations": {
      "type": "http",
      "url": "https://us-regulations-mcp.vercel.app/mcp"
    }
  }
}
```

### Use Locally (npm)

```bash
npx @ansvar/us-regulations-mcp
```

**Claude Desktop** — add to `claude_desktop_config.json`:

**macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json`
**Windows:** `%APPDATA%\Claude\claude_desktop_config.json`

```json
{
  "mcpServers": {
    "us-regulations": {
      "command": "npx",
      "args": ["-y", "@ansvar/us-regulations-mcp"]
    }
  }
}
```

**Cursor / VS Code:**

```json
{
  "mcp.servers": {
    "us-regulations": {
      "command": "npx",
      "args": ["-y", "@ansvar/us-regulations-mcp"]
    }
  }
}
```

## Security & Compliance

This MCP server follows **OpenSSF Best Practices** for secure open source development:

- ✅ **Automated Security Scanning**
  - CodeQL (semantic code analysis)
  - Semgrep (SAST security rules)
  - Trivy (vulnerability scanning)
  - Gitleaks (secret detection)
  - Socket Security (supply chain monitoring)

- ✅ **Daily Freshness Monitoring**
  - Automated checks for regulation updates from official sources
  - Auto-generates PRs when changes detected

- ✅ **Secure Publishing**
  - npm provenance attestation (signed packages)
  - MCP Registry cryptographic signing
  - Azure Key Vault for secret management

- ✅ **Security Metrics**
  - OpenSSF Scorecard weekly evaluation
  - GitHub Security tab for vulnerability tracking

**Report security issues:** See [SECURITY.md](SECURITY.md)

---

## Example Queries

Once connected, just ask naturally:

### Healthcare & HIPAA
- *"What are the HIPAA s