Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Aicard

FreeNot checked

Enables AI agents to auto-generate NIST AI RMF and EU AI Act Annex IV compliant model and system cards via MCP.

GitHubEmbed

About

Enables AI agents to auto-generate NIST AI RMF and EU AI Act Annex IV compliant model and system cards via MCP.

README

AICARD

AICARD

Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards

PyPI CI License: COCL 1.0 Suite

AI Security & Governance — securing LLMs, agents, and the MCP supply chain.

pip install cognis-aicard
aicard scan .            # → prioritized findings in seconds

🔎 Example output

Real, reproducible output from the tool — runs offline:

$ aicard-emit --version
aicard 0.3.8
$ aicard-emit --help
usage: aicard [-h] [--version] {check,card} ...

Auto-generate and lint NIST AI RMF / EU AI Act Annex IV model & system cards
from a JSON descriptor.

positional arguments:
  {check,card}
    check       evaluate a descriptor and report findings
    card        render a Markdown model card from a descriptor

options:
  -h, --help    show this help message and exit
  --version     show program's version number and exit

Example: aicard check demos/01-basic/system.json --format json

Blocks above are real aicard output — reproduce them from a clone.

Sample result format (illustrative values — run on your own data for real findings):

{"timestamp":1643723400,"data":{"indicator":"IP:192.168.1.100","description":"Suspicious network activity","severity":"high"},"findings":[{"id":123,"title":"Network Scan","description":"Network scan detected on 192.168.1.100","category":"network"},{"id":124,"title":"File Transfer","description":"File transfer detected from 192.168.1.100","category":"file_transfer"}]}

Usage — step by step

aicard auto-generates and lints NIST AI RMF / EU AI Act Annex IV model & system cards from a JSON descriptor.

  1. Install (Python 3.10+):
    pip install -e .            # or: pipx install aicard
    
  2. Check a descriptor against the disclosure requirements (human-readable table):
    aicard check demos/01-basic/system.json
    
  3. Render a Markdown model/system card from the same descriptor:
    aicard card system.json > MODEL_CARD.md
    
  4. Read the output in the format your workflow speaks — table (default), json, sarif (SARIF 2.1.0 for code-scanning), or csv (GRC dashboards):
    aicard check system.json --format json  | jq '.findings'
    aicard check system.json --format sarif > aicard.sarif   # upload to GitHub code-scanning
    aicard check system.json --format csv   > findings.csv   # drop into a model-risk tracker
    aicard card  system.json --format json  | jq -r '.card_markdown'
    
  5. Gate CI on compliancecheck/card exit 1 when any blocking finding is present, 0 when compliant, 2 on input error:
    - run: pip install -e . && aicard check system.json   # non-zero fails the job
    

Worked demos

demos/ ships realistic descriptors in the real JSON input format, each with a SCENARIO.md (provenance, expected output, exact run command, how to act):

Demo Domain Outcome
01-basic/loan_triage.json Consumer credit scoring non-compliant (missing monitoring)
10-fraud-detection/transaction_fraud.json Real-time payment fraud compliant (reference shape)
11-edtech-grading-highrisk/essay_grader.json Automated essay scoring (Annex III) blocker: missing test data
12-medical-triage-compliant/symptom_triage.json Clinical triage routing compliant
13-autonomous-perception/lane_perception.json ADAS Level-2 perception blocker: empty limitations
14-insurance-pricing/auto_pricing.json Auto-insurance premium model warn + blocker (two findings)
15-recsys-transparency/feed_ranker.json Social-feed recommender (DSA) compliant with one warning
16-genai-support-copilot/support_copilot.json RAG support copilot compliant
aicard check demos/14-insurance-pricing/auto_pricing.json --format csv

Contents

Why aicard?

Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards — without standing up heavyweight infrastructure.

aicard is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table · JSON · SARIF), gate CI on it, and let agents drive it over MCP.

Features

  • ✅ Load Descriptor
  • ✅ Evaluate against 18 NIST AI RMF / EU AI Act Annex IV disclosure requirements
  • ✅ Render Card (Markdown model/system card)
  • ✅ Render Report Table
  • ✅ Export findings as JSON · SARIF 2.1.0 · CSV
  • ✅ Report To Dict
  • ✅ 8 worked demos in demos/ (credit, fraud, medical, EdTech, ADAS, insurance, recsys, GenAI)
  • ✅ Runs on Linux/macOS/Windows · Docker · devcontainer
  • ✅ Ports in Python, JavaScript, Go, and Rust (ports/)

Quick start

pip install cognis-aicard
aicard --version
aicard scan .                       # scan current project
aicard scan . --format json         # machine-readable
aicard scan . --fail-on high        # CI gate (non-zero exit)

Example

$ aicard scan .
  [HIGH    ] AIC-001  example finding             (./src/app.py)
  [MEDIUM  ] AIC-002  another signal              (./config.yaml)

  2 findings · risk score 5 · 38ms

Architecture

flowchart LR
  IN[input] --> P[aicard<br/>analyze + score]
  P --> OUT[report]

Use it from any AI stack

aicard is interoperable with every popular way of using AI:

  • MCP serveraicard mcp (Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet)
  • OpenAI-compatible / JSON — pipe aicard scan . --format json into any agent or LLM
  • LangChain · CrewAI · AutoGen · LlamaIndex — wrap the CLI/JSON as a tool in one line
  • CI / scripts — exit codes + SARIF for non-AI pipelines

How it compares

Cognis aicard typical tools
Self-hostable, no account varies
Single command, zero config ⚠️
JSON + SARIF for CI varies
MCP-native (AI agents)
Polyglot ports (JS/Go/Rust)
Open license ✅ COCL varies

Integrations

Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (aicard mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.

Install — every way, every platform

pip install "git+https://github.com/cognis-digital/aicard.git"    # pip (works today)
pipx install "git+https://github.com/cognis-digital/aicard.git"   # isolated CLI
uv tool install "git+https://github.com/cognis-digital/aicard.git" # uv
pip install cognis-aicard                                          # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/aicard:latest --help        # Docker
brew install cognis-digital/tap/aicard                             # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/aicard/main/install.sh | sh
Linux macOS Windows Docker Cloud
scripts/setup-linux.sh scripts/setup-macos.sh scripts/setup-windows.ps1 docker run ghcr.io/cognis-digital/aicard DEPLOY.md (AWS/Azure/GCP/k8s)

Related Cognis tools

  • aegis — AI Agent Permission & Access Auditor — surfaces the lethal trifecta of credentials + injection + reach
  • promptmirror — Prompt-injection & indirect-injection scanner for any LLM context input
  • ledgermind — Local LLM cost & token forensics proxy with anomaly detection
  • adversa — LLM red-team harness — OWASP LLM Top 10 + MITRE ATLAS attack packs
  • guardpost — Runtime agent firewall — PII redaction, rate limits, policy enforcement
  • hallumark — LLM hallucination & grounding auditor for RAG systems

Explore the suite → 🗂️ all 170+ tools · ⭐ awesome-cognis · 🔗 cognis-sources · 🤖 uncensored-fleet · 🧠 engram

Contributing

PRs, new rules, and demo scenarios are welcome under the collaboration-pull model — see CONTRIBUTING.md and SECURITY.md.

⭐ If aicard saved you time, star it — it genuinely helps others find it.

Interoperability

{} composes with the 300+ tool Cognis suite — JSON in/out and a shared OpenAI-compatible /v1 backbone. See INTEROP.md for the suite map, composition patterns, and reference stacks.

License

Source-available under the Cognis Open Collaboration License (COCL) v1.0 — free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license ([email protected]). See LICENSE.


Cognis Digital · one of 170+ tools in the Cognis Neural Suite · Making Tomorrow Better Today

from github.com/cognis-digital/aicard

Installing Aicard

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/cognis-digital/aicard

FAQ

Is Aicard MCP free?

Yes, Aicard MCP is free — one-click install via Unyly at no cost.

Does Aicard need an API key?

No, Aicard runs without API keys or environment variables.

Is Aicard hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install Aicard in Claude Desktop, Claude Code or Cursor?

Open Aicard on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Aicard with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All ai MCPs