Skip to main content

MCP Server

Serve the Safer Agentic AI framework — canonical criteria plus 214 Implementation Patterns — to Claude Code, Cursor, Windsurf, or any MCP client, so your coding assistant grounds safety recommendations in the canonical Drivers, Inhibitors, and patterns as you write code.

View on PyPI Back to framework

What you get

  • 214 Implementation Patterns — one concrete pattern per subgoal: 107 code-applicable, 54 governance, 36 process, 17 ecosystem. Each anchored to its SFRs and evidence requirements.
  • 10 MCP tools for lookup, filtered listing, field-weighted search, cross-reference navigation, and task-first pattern discovery.
  • Task-first lookup — ask “what patterns apply to a tool-using agent executing shell commands?” and the server returns relevant patterns grouped by suite, ranked by field-weighted keyword matching.
  • Hot reload — pattern YAML edits are picked up on each tool call, no restart needed.

The Implementation Patterns layer is developer guidance derived from the framework — not normative. Compliance claims anchor to the framework itself. Patterns help teams get there.

Install

Pick the path that matches your setup.

1 From PyPI (recommended)

pipx install saferagenticai-mcp
# or
pip install --user saferagenticai-mcp

The wheel bundles criteria-v1.json, 214 pattern YAMLs, and 4 exemplars, so it works without any repo checkout.

2 With uvx (no manual install)

If you have uv installed, your MCP client can launch the server on demand:

uvx saferagenticai-mcp

uv handles isolation and caches the install. This works well as a single-command entry in ~/.claude/mcp.json.

3 Manual venv (editable checkout)

If you have a local checkout and want pattern edits picked up live:

python3 -m venv research/mcp/.venv
research/mcp/.venv/bin/pip install -e research/mcp/server

Produces research/mcp/.venv/bin/saferagenticai-mcp.

Configure (Claude Code)

Add the server to ~/.claude/mcp.json (or your IDE's MCP config). Restart Claude Code after editing; the server loads on the first tool call.

With pipx or PyPI install

"mcpServers": {
  "saferagenticai": {
    "command": "saferagenticai-mcp"
  }
}

With uvx

"mcpServers": {
  "saferagenticai": {
    "command": "uvx",
    "args": ["saferagenticai-mcp"]
  }
}

With a manual venv checkout

Use the absolute path to the venv binary:

"command": "/absolute/path/to/research/mcp/.venv/bin/saferagenticai-mcp"

Tools (10 total)

Tool Input Returns
list_suites 16 suites with titles and subgoal counts
get_requirement id, include_pattern One subgoal plus its Pattern layer; falls back to fuzzy candidates if no exact match
list_requirements suite / type / content_type / confidence filters Filtered subgoal list with reliability signals
search_patterns query, limit Field-weighted ranked matches with matched_in and snippets
get_cross_references id, include_inferred Outgoing adjacencies
get_reverse_references id Incoming adjacencies (who cites this pattern)
resolve_id query Canonicalise a partial id, slug fragment, or display_id; always returns candidates
find_patterns_for_task task (natural language) Top patterns grouped by suite for a task description
list_unreviewed limit Patterns without reviewed_by, sorted low-confidence first
review_stats Coverage %, per-suite, per-confidence; plus validation issue count

Data sources

  • Canonical framework — extracted from the Safer Agentic AI Recommended Practices and shipped as criteria-v1.json.
  • Pattern layer — one YAML file per subgoal under suites/.
  • Exemplars — four hand-written anchor patterns used as few-shot references (D3.2 Sandboxing, D7.2 Culture of Safety, D9.2 Compliance, I7.3).

At startup the server loads both layers and builds an in-memory index keyed by pattern_id. display_id lookups (e.g. D3.2) are also supported and may resolve to multiple subgoals when underlined variants exist.

Smoke test

Verify the install without an MCP client:

python3 -c "
from saferagenticai_mcp.framework_loader import load_framework
idx = load_framework()
print(f'{len(idx.subgoals)} subgoals, '
      f'{sum(1 for s in idx.subgoals.values() if s.has_pattern)} with patterns')
"

Two-layer authorship

The framework is served in two layers with different review bars and update cadences:

  • Canonical layer — the normative SFRs and evidence requirements, authored by Nell Watson and Ali Hessami. Stable, auditable, versioned via criteria-v1.json.
  • Implementation Patterns layer — LLM-drafted, human-reviewed guidance that translates normative requirements into code patterns, governance templates, and process scaffolds. Versioned independently.

Every pattern entry carries provenance: drafted_by, anchor_exemplar, confidence, needs_human_review, and reviewed_by once redlined.

Versioning

  • Canonical framework — follows criteria-v1.json's version field.
  • Pattern layerv1-draft during active review; v1 once all patterns have a human reviewed_by.

Scope

  • Transport — stdio only; no remote or authenticated transport.
  • Search — field-weighted keyword scoring. Sufficient at 214 patterns; embedding-based semantic search would be worth it at ~10× this scale.
  • Read-only — no mark_reviewed write tool. Review edits go through the YAML files directly so editor + git diff stay auditable.

Questions or issues? Reach us through the contact form on the homepage.