Aicard
FreeNot checkedEnables AI agents to auto-generate NIST AI RMF and EU AI Act Annex IV compliant model and system cards via MCP.
About
Enables AI agents to auto-generate NIST AI RMF and EU AI Act Annex IV compliant model and system cards via MCP.
README
AICARD
Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards
PyPI CI License: COCL 1.0 Suite
AI Security & Governance — securing LLMs, agents, and the MCP supply chain.
pip install cognis-aicard
aicard scan . # → prioritized findings in seconds
🔎 Example output
Real, reproducible output from the tool — runs offline:
$ aicard-emit --version
aicard 0.3.8
$ aicard-emit --help
usage: aicard [-h] [--version] {check,card} ...
Auto-generate and lint NIST AI RMF / EU AI Act Annex IV model & system cards
from a JSON descriptor.
positional arguments:
{check,card}
check evaluate a descriptor and report findings
card render a Markdown model card from a descriptor
options:
-h, --help show this help message and exit
--version show program's version number and exit
Example: aicard check demos/01-basic/system.json --format json
Blocks above are real
aicardoutput — reproduce them from a clone.
Sample result format (illustrative values — run on your own data for real findings):
{"timestamp":1643723400,"data":{"indicator":"IP:192.168.1.100","description":"Suspicious network activity","severity":"high"},"findings":[{"id":123,"title":"Network Scan","description":"Network scan detected on 192.168.1.100","category":"network"},{"id":124,"title":"File Transfer","description":"File transfer detected from 192.168.1.100","category":"file_transfer"}]}
Usage — step by step
aicard auto-generates and lints NIST AI RMF / EU AI Act Annex IV model & system cards from a JSON descriptor.
- Install (Python 3.10+):
pip install -e . # or: pipx install aicard - Check a descriptor against the disclosure requirements (human-readable table):
aicard check demos/01-basic/system.json - Render a Markdown model/system card from the same descriptor:
aicard card system.json > MODEL_CARD.md - Read the output in the format your workflow speaks —
table(default),json,sarif(SARIF 2.1.0 for code-scanning), orcsv(GRC dashboards):aicard check system.json --format json | jq '.findings' aicard check system.json --format sarif > aicard.sarif # upload to GitHub code-scanning aicard check system.json --format csv > findings.csv # drop into a model-risk tracker aicard card system.json --format json | jq -r '.card_markdown' - Gate CI on compliance —
check/cardexit1when any blocking finding is present,0when compliant,2on input error:- run: pip install -e . && aicard check system.json # non-zero fails the job
Worked demos
demos/ ships realistic descriptors in the real JSON input format, each with a
SCENARIO.md (provenance, expected output, exact run command, how to act):
| Demo | Domain | Outcome |
|---|---|---|
01-basic/loan_triage.json |
Consumer credit scoring | non-compliant (missing monitoring) |
10-fraud-detection/transaction_fraud.json |
Real-time payment fraud | compliant (reference shape) |
11-edtech-grading-highrisk/essay_grader.json |
Automated essay scoring (Annex III) | blocker: missing test data |
12-medical-triage-compliant/symptom_triage.json |
Clinical triage routing | compliant |
13-autonomous-perception/lane_perception.json |
ADAS Level-2 perception | blocker: empty limitations |
14-insurance-pricing/auto_pricing.json |
Auto-insurance premium model | warn + blocker (two findings) |
15-recsys-transparency/feed_ranker.json |
Social-feed recommender (DSA) | compliant with one warning |
16-genai-support-copilot/support_copilot.json |
RAG support copilot | compliant |
aicard check demos/14-insurance-pricing/auto_pricing.json --format csv
Contents
- Why aicard? · Features · Quick start · Example · Architecture · AI stack · How it compares · Integrations · Install anywhere · Related · Contributing
Why aicard?
Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards — without standing up heavyweight infrastructure.
aicard is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table · JSON · SARIF), gate CI on it, and let agents drive it over MCP.
Features
- ✅ Load Descriptor
- ✅ Evaluate against 18 NIST AI RMF / EU AI Act Annex IV disclosure requirements
- ✅ Render Card (Markdown model/system card)
- ✅ Render Report Table
- ✅ Export findings as JSON · SARIF 2.1.0 · CSV
- ✅ Report To Dict
- ✅ 8 worked demos in
demos/(credit, fraud, medical, EdTech, ADAS, insurance, recsys, GenAI) - ✅ Runs on Linux/macOS/Windows · Docker · devcontainer
- ✅ Ports in Python, JavaScript, Go, and Rust (
ports/)
Quick start
pip install cognis-aicard
aicard --version
aicard scan . # scan current project
aicard scan . --format json # machine-readable
aicard scan . --fail-on high # CI gate (non-zero exit)
Example
$ aicard scan .
[HIGH ] AIC-001 example finding (./src/app.py)
[MEDIUM ] AIC-002 another signal (./config.yaml)
2 findings · risk score 5 · 38ms
Architecture
flowchart LR
IN[input] --> P[aicard<br/>analyze + score]
P --> OUT[report]
Use it from any AI stack
aicard is interoperable with every popular way of using AI:
- MCP server —
aicard mcp(Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet) - OpenAI-compatible / JSON — pipe
aicard scan . --format jsoninto any agent or LLM - LangChain · CrewAI · AutoGen · LlamaIndex — wrap the CLI/JSON as a tool in one line
- CI / scripts — exit codes + SARIF for non-AI pipelines
How it compares
| Cognis aicard | typical tools | |
|---|---|---|
| Self-hostable, no account | ✅ | varies |
| Single command, zero config | ✅ | ⚠️ |
| JSON + SARIF for CI | ✅ | varies |
| MCP-native (AI agents) | ✅ | ❌ |
| Polyglot ports (JS/Go/Rust) | ✅ | ❌ |
| Open license | ✅ COCL | varies |
Integrations
Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (aicard mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.
Install — every way, every platform
pip install "git+https://github.com/cognis-digital/aicard.git" # pip (works today)
pipx install "git+https://github.com/cognis-digital/aicard.git" # isolated CLI
uv tool install "git+https://github.com/cognis-digital/aicard.git" # uv
pip install cognis-aicard # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/aicard:latest --help # Docker
brew install cognis-digital/tap/aicard # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/aicard/main/install.sh | sh
| Linux | macOS | Windows | Docker | Cloud |
|---|---|---|---|---|
scripts/setup-linux.sh |
scripts/setup-macos.sh |
scripts/setup-windows.ps1 |
docker run ghcr.io/cognis-digital/aicard |
DEPLOY.md (AWS/Azure/GCP/k8s) |
Related Cognis tools
- aegis — AI Agent Permission & Access Auditor — surfaces the lethal trifecta of credentials + injection + reach
- promptmirror — Prompt-injection & indirect-injection scanner for any LLM context input
- ledgermind — Local LLM cost & token forensics proxy with anomaly detection
- adversa — LLM red-team harness — OWASP LLM Top 10 + MITRE ATLAS attack packs
- guardpost — Runtime agent firewall — PII redaction, rate limits, policy enforcement
- hallumark — LLM hallucination & grounding auditor for RAG systems
Explore the suite → 🗂️ all 170+ tools · ⭐ awesome-cognis · 🔗 cognis-sources · 🤖 uncensored-fleet · 🧠 engram
Contributing
PRs, new rules, and demo scenarios are welcome under the collaboration-pull model — see CONTRIBUTING.md and SECURITY.md.
⭐ If
aicardsaved you time, star it — it genuinely helps others find it.
Interoperability
{} composes with the 300+ tool Cognis suite — JSON in/out and a shared
OpenAI-compatible /v1 backbone. See INTEROP.md for the
suite map, composition patterns, and reference stacks.
License
Source-available under the Cognis Open Collaboration License (COCL) v1.0 — free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license ([email protected]). See LICENSE.
Installing Aicard
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/cognis-digital/aicardFAQ
Is Aicard MCP free?
Yes, Aicard MCP is free — one-click install via Unyly at no cost.
Does Aicard need an API key?
No, Aicard runs without API keys or environment variables.
Is Aicard hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Aicard in Claude Desktop, Claude Code or Cursor?
Open Aicard on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
by modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
by xuzexin-hzCompare Aicard with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All ai MCPs
