Developer Docs

410 articles from EUR-Lex via FTS5 search, Annex III high-risk classifier, Article 50 transparency, Article 73 incident reporting, 42-point audit, penalty calculator.

First international standard for AI impact assessment (May 2025). 6 lifecycle phases × 7 impact categories. Cross-walks to EU AI Act Articles + ISO 42001 clauses. Companion to ISO 42001 AIMS.

Republic of Korea AI Basic Act — in force 22 January 2026. High-impact AI classification, mandatory GenAI labelling, MSIT obligations. Cross-walks to EU AI Act + Japan AI Promotion Act.

EU Digital Operational Resilience Act 5-pillar audit, Article 28 Register of Information, TLPT readiness, incident classification.

NIS2 Directive Article 21 risk-management measures, Article 23 incident classification, Article 20 accountability for essential/important entities.

EU CRA Annex I classifier, SBOM generation, vulnerability handling, conformity assessment. Sept 2027 cliff.

CycloneDX ML-BOM 1.6 + SPDX 3.0 AI profile, EU AI Act Annex IV mapping, NIST AI RMF alignment.

Unified incident classification across EU AI Act Art 73, DORA Art 19, NIS2 Art 23, GDPR Art 33, ISO/IEC 42001 — one incident triggers all regime clocks.

Article 73 5-clock broadcaster: one incident → simultaneous signed reports to EU AI Act Art 73 + DORA Art 19 + NIS2 Art 23 + GDPR Art 33 + ISO 42001 cl 10.1. Single incident_id drives all 5 regimes from the same detection timestamp. Companion to ai-incident-reporting-mcp.

Wbni-2 (NL NIS2) registration packet generator. Classifies Annex I essential / Annex II important + size, generates NCSC-NL portal payload + Article 21 attestation. DEADLINE 30 June 2026. Post-deadline: €100K-€10M + director liability.

EU Cyber Resilience Act Article 14 actively-exploited-vulnerability notifier. 24h/72h/14d three-clock tracker. Generates ENISA + national-CSIRT payload (DE BSI / FR ANSSI / NL NCSC-NL / 7 more). DEADLINE 11 September 2026 — every EU software vendor needs this.

C2PA 2.2 (May 2025) Durable Content Credentials — soft + hard binding (Digimarc-compatible). Survives compression, crop, screenshot, adversarial removal. First-mover before Adobe ships official tooling. 3 perceptual methods (Digimarc soft / robust pHash / video pdf-hash).

Auto-generates Fundamental Rights Impact Assessment per Article 27(1) 9 mandatory elements. Triggers for public bodies, private operators of public services, creditworthiness + life/health-insurance pricers. Cross-walks to EDPB DPIA template. £1,500/mo enterprise wedge (consultants charge £20K-£100K manually).

Provider-side Instructions for Use generator per Article 13(3) — 7 mandatory elements: identity + characteristics + pre-determined changes + Art 14 human oversight + compute lifecycle + log mechanisms + other-relevant. Crosswalks to deployer FRIA. Pairs with meok-eu-ai-act-art-26-fria-mcp.

Risk Management System generator per Article 9 — 4-step iteration (identify / estimate / post-market / mitigate) + 12 risk categories + signed Annex IV bundle. Completes the provider-side triple with Art 13 IFU + AI-BOM. Every high-risk AI provider needs an RMS before market placement.

EU CDSM Directive Article 4(3) Text + Data Mining opt-out. Issues + scans HTTP/HTML/robots.txt/C2PA reservation signals across 20+ AI agents (GPTBot/ClaudeBot/Google-Extended/etc.). Liability shield: signs each training-run scan with audit-defensible attestation. First-mover — nobody else has shipped this.

Map DORA obligations to NIS2 Article 21-23 measures for dual-compliance scoring. EU banks, insurers, CASPs, CTPPs.

Demographic analysis, fairness metrics, mitigation strategies, EU AI Act Article 10 compliance. Signed Article 10 certificates.

EU AI Act Article 50 watermarking. C2PA manifest generation, AI content detection, signed conformity attestations. Aug 2026 cliff.

Dedicated EU AI Act Article 50(2) GenAI watermarking MCP. Visible label + invisible payload + perceptual anchor per the GPAI Code of Practice. 5 modalities (image / text / audio / video / code). C2PA manifest envelope. 2 Aug 2026 cliff.

EU AI Act Code of Practice 2nd draft (Jan 2026) introduced the EU icon + label spec for AI-generated content. 8 emitters: C2PA 2.2 assertion · HTML meta + link tags · image ICC private tag · audio ID3v2 frames · video keyframe uuid box. First-mover — nobody else ships this.

UK AI White Paper 5 principles, AI (Regulation) Bill audit, Algorithmic Transparency Recording Standard, ICO/FCA/MHRA/CMA/Ofcom/HSE guidance.

5-voter Byzantine Fault Tolerant council halts agentic loops when 3-of-5 voters agree no real progress is happening. Detects: repetition · identical errors · goal drift · rapid-fire spinning · no artefact growth. The anti-loop guardrail every agent fleet needs. Saves £1-£3 per agent run on free tier; £100-£1,000/mo on Substrate.

Hard per-session spend cap with signed budget-exhausted attestations. 13 pre-loaded model rates. Twin of BFT Progress Council — spend axis vs stall axis. Pays for itself first time it halts an over-spending agent.

Multi-tenant LLM cost attribution for chargeback billing. Splits one agent's spend across many tenants with signed per-tenant chargeback summaries. Companion to agent-token-budget.

Coinbase HTTP 402 + on-chain settlement. Agents pay per-call without a Stripe account. USDC on Base/Polygon/Solana + Lightning. Pure HTTP. The plumbing for the agent economy.

Bridges Stripe ACP + Google AP2 + Coinbase x402 — the only MCP that covers all 3 live agent-payment protocols. PSD2 + MiCA + 6AMLD + FinCEN BSA overlays. Explicitly addresses the IBM ACP / Stripe ACP name collision.

Bridges Cisco Outshift OASF + AGNTCY Directory under Linux Foundation. Converts MCP server.json and A2A agent-cards into OASF manifests so MEOK agents appear in the enterprise-procurement directory layer. OCI-based schema, capability taxonomy across 7 categories.

EU Digital Identity Wallet bridge for AI agents (eIDAS 2.0). Covers ISO/IEC 18013-5 mDoc, W3C Verifiable Credentials 2.0, OID4VC + OID4VP, EUDI ARF v1.7. Selective disclosure (GDPR Art 5 minimisation). The wallet-based agent-identity bridge for 2026 EU deployments.

Step-debugger for agentic loops. Records every action (input, output, model, tokens, ms, cost) so you can replay deterministically. Branch from any step. Search + export + HMAC-sign for audit. Pairs with BFT Progress Council + Audit Logger.

Stripe Agentic Commerce Protocol bridge — ChatGPT shopping checkout intents + AP2 mandate crosswalk + PSD2 SCA + signed receipts. 60+ ACP launch partners catalogued (Shopify / Etsy / Instacart / DoorDash / Uber Eats / Expedia / etc.).

Signed on-chain settlement receipts for agentic payments. 7 chains (Base / Polygon / Solana / Lightning / Arbitrum / Optimism / Ethereum). MiCA Article 60 + 64 crosswalk. Stripe ACP intent linkage. Closes the agentic-payment chain — only thing that gives MiCA-defensible proof for x402 / on-chain settlements.

Linux Foundation AAIF agent identity bridge — publishes /.well-known/agent-card with DID + capabilities + endpoints + trust attestations. Bridges A2A and Cisco OASF manifests to AAIF. First-mover for the AAIF identity spec.

Google AP2 v0.2.0 — signed user-side spend mandate for agentic commerce. 7 scopes (merchant / category / subscription / negotiation / search / data / A2A). PSD2 SCA crosswalk (passkey strong, SMS weak, Art 13 low-value exemption). MiCA + 6AMLD overlays.

1-line USDC paywall for any FastMCP tool. One decorator turns any tool into a pay-per-call endpoint settled in USDC on Base / Polygon / Solana or BTC on Lightning. The minimal wrapper that Coinbase + Cloudflare + Vercel never shipped.

The WAF for AI agents — scans prompts, RAG docs, tool args, A2A payloads for OWASP LLM01 prompt injection BEFORE they reach a downstream agent.

GDPR Chapter V transfer-basis runtime guard for A2A. Adequacy decisions, SCCs, BCRs, EU AI Act Article 10 data governance.

Verifiable agent-to-agent task handoff with signed provenance chain. Non-repudiable A2A delegation.

Per-agent-pair IAM for A2A. Define policies, gate every call via evaluate_call. EU AI Act Art 14 + ISO 42001 Annex A.7 evidence.

Hash-chained HMAC-signed audit log MCP for A2A calls. EU AI Act Art 12 + DORA Art 17 + ISO 42001 clause 9 auditor-ready evidence.

Fleet-wide shared rate limiter for A2A + multi-MCP deployments. Sliding window + concurrency grants + signed enforcement attestations.

Connects A2A protocol traffic to governance/audit infrastructure. Bridges agent-to-agent calls into compliance evidence chains.

Agent-to-agent payment rails with PSD2 + EU MiCA-compliant transfer attestation.

Capability-scoped delegation between agents. Time-bounded, audit-logged, revocable.

Cryptographic agent identity with W3C DID + verifiable credentials. Trust scores per agent endpoint.

Auction + bidding protocol primitives for multi-agent coordination. Signed negotiation transcripts.

Workflow orchestration over A2A — sequence, branch, retry across heterogeneous agents.

The mesh substrate UNDER A2A / ACP / AP2 / x402. Mint a libp2p PeerID (Ed25519), compose / parse multiaddrs, sign + verify Agent Records, derive deterministic GossipSub topics. The same stack IPFS / Ethereum / Filecoin / Polkadot use — now wired for agents. Lets agents discover + reach each other without a central registry.

Read-only blockchain query bridge for crypto-AI agents. Built-in registry of 10 Cosmos mainnets (Cosmos Hub, Osmosis, Celestia, dYdX, Neutron, Injective, Sei, Akash, Stride, Kava) + custom RPC. ABCI 1.0 + ABCI++ vote extensions (CometBFT 0.38). HMAC-signed query results. No signing, no private keys — safe by construction. Pairs with libp2p mesh + AAIF identity + AP2 payments.

SBOM generation in CycloneDX 1.6 + SPDX 2.3. Required by EO 14028, NIS2, CRA. Signed attestations.

Civilian open-source geospatial awareness — wraps ESA Copernicus Sentinel-1/2/3/5p + OpenStreetMap + Overture Maps + Ordnance Survey UK + INSPIRE EU + DEFRA behind one MCP. Care Membrane ethics gate refuses high-risk targeting/surveillance queries.

Unified gateway for multi-LLM routing — Claude, GPT, Gemini, Llama, local — with cost + latency observability.

Continuous internal compliance audit — reads policy + checks every agent action against rule set.

AI runtime observability — token usage, cost, latency, error rates, drift detection.

6-dimension Noddings care score + sovereignty + dignity scoring on every response. Portable safety eval.

Artificial Intelligence and Data Act (Canada) compliance audit + Annex disclosure tools.

UK Operator Licence, tachograph, drivers' hours, DVSA roadside checks for 3.5T+ goods vehicles.

UK Waste Carrier Registration, EA waste codes, hazardous waste consignment notes for skip hire + waste transport.

ISO 19650 / UK BIM Level 2 compliance. EIR, BEP, MIDP, TIDP, CDE structure validation.

Farm-robotics command + telemetry for spray, harvest, weed-control robots.

ADS-B + Mode S aircraft tracking, NOTAM lookup, conflict detection.

Double-entry bookkeeping primitives, VAT/Sales tax computation, P&L generation.

Brand-voice-constrained ad copy generation for Google + Meta + LinkedIn.

Text-to-ASCII rendering for CLI banners, READMEs, retro art.

Household + small-business budgeting with category breakdowns and trend forecasting.

Smart scheduling across multiple calendars, conflict resolution, prep-time blocks.

SaaS churn prediction from usage + billing + support signals.

Audits any MCP server.json against the official Model Context Protocol spec (2025-12-11). Linting for required fields, semver, slug pattern, recommended fields, naming conventions. HMAC-signed conformity reports — meta-viral for every MCP author.

Automated security red-team for any MCP server. Maps OWASP LLM Top 10 (2025) + 5 MCP-specific risks (tool spoofing, privilege exposure, plain-HTTP resources, ungated destructive verbs) to a 0-100 hardening score with HMAC-signed reports. Every MCP author wants this before publishing — every consumer wants it before loading.

Drop-in test harness for any MCP server. Golden-file diff, schema-drift detection (breaking-change flag), tool-name + description + JSON-Schema validation, idempotency check, pytest template generator, HMAC-signed test report with Shields.io grade badge. Thousands of MCPs ship zero tests — this is the pre-publish gate every author has been missing.

Validates the cross-vendor coding-agent spec (AGENTS.md — Cursor / Claude Code / Cline / Windsurf / Aider / OpenAI Codex, stewarded by AAIF). Required-section gate, security smells (hardcoded secrets / dangerous instructions), consistency with package.json + pyproject.toml + Makefile. Generates passing templates for 6 project types.

One MCP that routes to the whole MEOK fleet. Holds 62 MEOK MCPs (plus your own registered ones) behind a single namespaced endpoint — solves the Claude Code / Cursor tool-count ceiling. Bundle subsets by category, HMAC-sign multi-MCP call chains.

Generate signed .well-known MCP server cards in all 3 SEP shapes (1649 + 1960 + 2127). Claude Desktop 2.1 + Cursor 2026.4 auto-discover MCPs via these. The gap is ~2,000 MCPs on the registry don't have cards. Drop into any static-file host.

OpenAPI 3.1 + AsyncAPI 3.0 spec → human-readable docs with example payloads.

Generate test suites for any OpenAPI spec — happy path + edge cases + load tests.

Keep-a-Changelog generator from git history + PR descriptions. Semver-aware.

Generate GitHub Actions / GitLab CI / Jenkins pipelines from a project description.

WCAG 2.2 AA audit + remediation suggestions for any web page or component.

Backup policy + RPO/RTO calculator + restore-test scheduler.

EVM contract analysis, gas optimisation, Solidity audit primitives.

Verify on-chain attestations, signatures, and proof-of-existence claims.