Meridian

Meridian

Local-first AI compliance scanner via Model Context Protocol, scanning codebases for violations of DPDPA 2023, RBI FREE-AI, SEBI AI/ML, and the EU AI Act.

Category
访问服务器

README

<p align="center"> <img src=".github/brand/logo-full.svg" alt="Meridian — AI Compliance Intelligence" width="720"> </p>

Meridian

Local-first AI compliance scanner via Model Context Protocol.
Scan your codebase for violations of DPDPA 2023, RBI FREE-AI, SEBI AI/ML, and the EU AI Act — directly inside Cursor, Claude Desktop, Windsurf, or Antigravity.

Python 3.11+ License: Apache 2.0 EU AI Act DPDPA 2023 Zero telemetry


What it does

Meridian exposes six MCP tools that any AI coding assistant can call:

Tool Description
scan_repository Scan a local repo for compliance violations — returns a Markdown report with line numbers, regulatory citations, and fixes
evaluate_policy Check a privacy policy, DPA, or model card for compliance gaps
explain_violation Get a plain-English explanation of any regulatory clause with exact penalties
show_models List all supported LLM providers and configuration instructions
cache_status Show or clear the local SQLite scan cache
check_health Verify server config, detected API keys, and licence status

How scanning works

Your code → AST slicer → Stage 1 (Evaluator LLM) → candidate violations
                       → Stage 2 (Critic LLM)    → confirmed violations
                       → SHA-256 SQLite cache     → zero cost on re-scan
  • Stage 1 finds candidate violations across all file × framework pairs concurrently
  • Stage 2 runs a second LLM to disprove HIGH/CRITICAL findings, eliminating false positives
  • Cache skips re-evaluation of unchanged files — only new or modified code is sent to the API

Supported frameworks

Framework Tier Key penalties
dpdpa — DPDPA 2023 + Rules 2025 Free ₹250 Cr security failure · ₹200 Cr breach notification · ₹200 Cr children's data
rbi — RBI FREE-AI Aug 2025 Pro 7 Sutras — fairness, explainability, security, accountability
eu — EU AI Act Art. 9 Pro €30M / 6% global turnover for high-risk system failures
sebi — SEBI AI/ML Guidelines Jun 2025 Pro SEBI §5.1–§5.5 pillars

Supported LLM providers

Meridian uses litellmyou bring your own API key, Meridian never touches your credentials.

Provider Key env var Example models
Anthropic ANTHROPIC_API_KEY claude-opus-4-8, claude-haiku-4-5
OpenAI OPENAI_API_KEY gpt-5.4-pro, gpt-5.4-nano
Gemini GEMINI_API_KEY gemini/gemini-3.5-flash
Groq GROQ_API_KEY groq/meta-llama/llama-4-maverick-17b-128e-instruct
OpenRouter OPENROUTER_API_KEY openrouter/anthropic/claude-opus-4-8
AWS Bedrock AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_REGION_NAME bedrock/anthropic.claude-opus-4-8-20260501-v1:0
Ollama (local) (none) ollama/llama4:scout, ollama/mistral

You can mix providers — e.g. Anthropic for Stage 1 and Groq for Stage 2 (cheapest critic):

MERIDIAN_EVALUATOR_MODEL=claude-opus-4-8
MERIDIAN_CRITIC_MODEL=groq/llama-3.1-8b-instant

Installation & Setup

Meridian can be run as a local CLI compliance scanner, or connected directly to an MCP-capable client like Cursor, Claude Desktop, Windsurf, or Antigravity.

Option A: The quick way (no install, using uvx)

If you have uv installed, you don't even need to pre-install Meridian! You can run it instantly or register it as an MCP server using uvx:

"meridian-compliance": {
  "command": "uvx",
  "args": ["meridian-mcp"],
  "env": {
    "GROQ_API_KEY": "gsk_...",
    "MERIDIAN_EVALUATOR_MODEL": "groq/llama3-8b-8192",
    "MERIDIAN_CRITIC_MODEL": "groq/llama3-8b-8192"
  }
}

Option B: Installing via pip (PyPI)

Install the packages and binaries globally or to your active python environment:

pip install meridian-mcp

This installs two executables on your system path:

  1. meridian-mcp: The MCP Server command.
  2. meridian-ci: The CI/CD CLI command-line scanner.

MCP Server Setup

Connect Meridian to your AI editor so your assistant can scan your repository and answer compliance questions.

1. Cursor (~/.cursor/mcp.json or GUI settings)

Add a new MCP server in Cursor Settings -> Features -> MCP:

  • Name: meridian-compliance
  • Type: command
  • Command: meridian-mcp (use the absolute path to your Python env's meridian-mcp executable if it's not globally on your PATH)
  • Environment Variables:
    • GROQ_API_KEY: your-key-here (or ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.)

Or paste the following configuration directly into your mcp.json file:

{
  "mcpServers": {
    "meridian-compliance": {
      "command": "meridian-mcp",
      "env": {
        "GROQ_API_KEY": "YOUR_GROQ_API_KEY"
      }
    }
  }
}

2. Claude Desktop (%APPDATA%\Claude\claude_desktop_config.json)

Add the following to your configuration:

{
  "mcpServers": {
    "meridian-compliance": {
      "command": "meridian-mcp",
      "env": {
        "GROQ_API_KEY": "YOUR_GROQ_API_KEY"
      }
    }
  }
}

3. Antigravity (~/.antigravity/mcp.json or GUI settings)

Add a new MCP server in Antigravity Settings -> Features -> MCP:

  • Name: meridian-compliance
  • Type: command
  • Command: meridian-mcp (use the absolute path to your Python env's meridian-mcp executable if it's not globally on your PATH)
  • Environment Variables:
    • GROQ_API_KEY: your-key-here (or ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.)

Or paste the following configuration directly into your mcp.json file:

{
  "mcpServers": {
    "meridian-compliance": {
      "command": "meridian-mcp",
      "env": {
        "GROQ_API_KEY": "YOUR_GROQ_API_KEY"
      }
    }
  }
}

Meridian Architecture

Below is a diagram illustrating the architecture of Meridian and its integration with various AI coding assistants:

flowchart TD
    subgraph Clients["AI Coding Assistants (MCP Clients)"]
        direction LR
        A1[Meridian CI/CD]
        A2[Cursor]
        A3[Windsurf]
        A4[Claude Desktop]
        A5[Antigravity]
    end

    subgraph Server["Meridian (MCP Server)"]
        B1[FastMCP Server]
        B2[Async Orchestrator]
        B3[AST Parser]
        B4[Security Redactor]
        
        subgraph Scanning["Scanning Logic"]
            C1[Stage 1: Evaluator LLM]
            C2[Stage 2: Critic LLM]
        end
        
        B5[(SQLite Cache)]
        B6[Licensing Gate]
    end

    subgraph External["External Services"]
        direction LR
        D1[Anthropic/OpenAI/Groq/Gemini]
        D2[Regulatory Databases]
    end

    A1 -- Local CLI --> B2
    A2 -- MCP Protocol --> B1
    A3 -- MCP Protocol --> B1
    A4 -- MCP Protocol --> B1
    A5 -- MCP Protocol --> B1

    B1 --> B2
    B2 --> B3
    B2 <--> B5
    B3 --> B4
    B4 --> C1
    
    C1 --> C2
    C1 -- LiteLLM --> D1
    
    C2 -- LiteLLM --> D1
    C2 --> B6
    
    B6 -. Pro License .-> D2

Local CLI Usage (meridian-ci)

Once installed via pip, you can scan any local project directory for compliance rules:

# 1. Set your LLM API Key (using Groq, Anthropic, or OpenAI)
export GROQ_API_KEY="gsk_..."

# 2. Run the scanner
meridian-ci --dir . --frameworks dpdpa

CI/CD Pipeline Gate

Block PR merges on critical compliance violations by integrating meridian-ci as a step in your pipeline:

# .github/workflows/compliance.yml
- name: Run Meridian compliance gate
  run: meridian-ci --dir . --frameworks dpdpa --fail-on critical
  env:
    GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}

Options:

  • --dir: Directory to scan (defaults to .)
  • --frameworks: Frameworks to scan (dpdpa, rbi, eu, sebi)
  • --fail-on: Block PRs/builds on violations at or above this severity (low, medium, high, critical)
  • --output: Output format (text, markdown, json)
  • --max-files: Maximum number of files to process

Environment Variables

Configure these optional variables to adjust model defaults:

Variable Default Description
MERIDIAN_EVALUATOR_MODEL claude-opus-4-8 Stage 1 model — finds candidate violations
MERIDIAN_CRITIC_MODEL claude-haiku-4-5 Stage 2 model — filters out false positives
MERIDIAN_MAX_CONCURRENT 5 Max concurrent LLM requests
MERIDIAN_LICENSE_KEY (none) Pro license key — unlocks RBI, EU, and SEBI rulesets

Quick start (inside your AI assistant)

Once the MCP server is connected:

check_health()                                 # verify setup and detected keys
show_models()                                  # see all providers and config options
scan_repository(path=".", frameworks="dpdpa")  # scan current repo
evaluate_policy(policy_text="...")             # check a privacy policy
explain_violation(statutory_clause="DPDPA §6(1)")  # plain-English explanation
cache_status()                                 # view cache stats
cache_status(clear=True)                       # wipe cache

Project structure

src/meridian/
├── server.py      # MCP server — 6 tools exposed via FastMCP
├── scanner.py     # Async orchestrator — file × framework concurrency
├── evaluator.py   # Dual-stage litellm evaluator with cache and retry
├── config.py      # Multi-provider LLM config (load_config, validate_config)
├── ast_parser.py  # Language-aware code slicer (Python, JS/TS, SQL, YAML)
├── prompts.py     # Regulatory prompts for all four frameworks
├── models.py      # Pydantic models — Violation, FileScanResult, ScanReport
├── cache.py       # SQLite SHA-256 scan cache (~/.meridian/cache.db)
├── security.py    # Secret redactor — strips API keys/JWTs before LLM calls
├── licensing.py   # Licence gate — free (DPDPA) vs Pro (RBI, EU, SEBI)
└── cli.py         # meridian-ci — CI/CD gate binary

Contributing & Running Tests

If you want to contribute to Meridian or run the test suite locally:

# 1. Clone the repository
git clone https://github.com/KNambiarDJsc/Meridian.git
cd Meridian

# 2. Create and activate a virtual environment
python -m venv .venv
.venv\Scripts\activate        # Windows
source .venv/bin/activate     # macOS / Linux

# 3. Install in editable mode with development dependencies
pip install -e ".[dev]"

# 4. Run the test suite
pytest tests/ -v

All 47 tests covering AST parsing, cache, prompts, and CLI logic pass locally without making any external API calls.


Privacy

  • Zero telemetry. Meridian sends no usage data anywhere.
  • Keys never leave your machine. API keys are read from your environment and passed directly to the provider SDK — Meridian has no server, no proxy, no logging of credentials.
  • Code stays local until you call a tool. The secret redactor (security.py) strips API keys, JWTs, and high-entropy strings from code slices before they are sent to any LLM.
  • Cache is local. Scan results are stored in ~/.meridian/cache.db on your machine only.

Pricing / licence

Tier Frameworks How to get
Free (Apache 2.0) DPDPA 2023 Use immediately, no key needed
Pro DPDPA + RBI FREE-AI + EU AI Act + SEBI AI/ML Set MERIDIAN_LICENSE_KEYmeridian.so/pro

License

Apache 2.0 — see LICENSE.


<!-- mcp-name: io.github.KNambiarDJsc/meridian-mcp -->

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选