Skip to main content
hc
Submit
mcpSource-backedReview first Safety Privacy

ComplyHat MCP Server for Claude

ComplyHat remote MCP server that turns AI agents into compliance documenters for SR 26-2, EU AI Act, NIST AI RMF, and ISO/IEC 42001 with OAuth and audit-ready DOCX output.

by ComplyHat·added 2026-06-14·
Claude CodeCodexCursorClaude Desktop
HarnessClaude CodeCodexCursorClaude Desktop
Review first review before installing

Open the source and read safety notes before installing.

Safety notes

  • finalize report modes persist approved compliance prose with cryptographic hashes; review before finalizing.
  • Bias, drift, and explainability tools operate on host-supplied datasets and model metadata.
  • ComplyHat output is documentation support, not legal advice or an automatic compliance determination.
  • Paid plans bill per MCP install seat; confirm billing scope before team-wide rollout.

Privacy notes

  • ComplyHat computes scores in memory and persists summary artifacts, not raw training data or source code.
  • OAuth tokens and workspace data are tenant-isolated under ComplyHat's security model.
  • Approved reports and compliance memory may contain model names, risk positions, and audit metadata.

Prerequisites

  • ComplyHat account; OAuth consent runs automatically on the first tool invocation.
  • Claude Code, Claude Desktop, Codex, OpenClaw, NemoClaw, or another MCP-capable host.
  • Evidence summaries your host can extract for model tests; ComplyHat does not read source code or weights.
  • Human review workflow before submitting compliance documents to regulators or counsel.

Schema details

Install type
cli
Reading time
4 min
Difficulty score
40
Troubleshooting
Yes
Breaking changes
No
Collection metadata
Estimated setup
10 minutes
Difficulty
intermediate
Tool listing metadata
Full copyable content
{
  "mcpServers": {
    "complyhat": {
      "url": "https://complyhat.ai/api/mcp",
      "type": "http"
    }
  }
}

About this resource

Overview

ComplyHat is a hosted Model Context Protocol server that helps AI agents draft, test, and finalize compliance documentation across four frameworks: SR 26-2, EU AI Act, NIST AI RMF, and ISO/IEC 42001. Your host agent supplies extracted evidence; ComplyHat computes scores, tags prose as [EXTRACTED], [INFERRED], or [AMBIGUOUS], and renders regulator-ready DOCX outputs after human approval.

Install documentation is at docs.complyhat.ai/quickstart. The canonical MCP URL is https://complyhat.ai/api/mcp, registered as ai.complyhat/compliance.

Features

  • Eleven entity tools plus a guidance meta-tool behind one MCP URL.
  • Framework templates for Annex IV, ongoing monitoring, and management attestations.
  • Bias, drift, explainability, adversarial, and data-governance workflows.
  • Immutable audit events and sha256-finalized reports.
  • Compliance memory wiki that compounds approved positions across filings.
  • OAuth 2.1 with dynamic client registration; no API keys to paste manually.

Use Cases

  • Start an EU AI Act draft report for a production model and review tagged citations.
  • Run a bias test and attach results to a quarterly compliance packet.
  • Check which frameworks apply to a new generative-AI use case.
  • Append an approved legal position to the tenant compliance memory wiki.
  • Export a finalized DOCX for counsel review before regulatory submission.

Installation

Claude Code

claude mcp add --transport http complyhat https://complyhat.ai/api/mcp

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "complyhat": {
      "transport": "streamable-http",
      "url": "https://complyhat.ai/api/mcp"
    }
  }
}

Codex CLI

codex mcp add --url https://complyhat.ai/api/mcp complyhat

Restart your host after adding the connector. OAuth runs on the first tool call.

Configuration

{
  "mcpServers": {
    "complyhat": {
      "url": "https://complyhat.ai/api/mcp",
      "type": "http"
    }
  }
}

Examples

Framework status

Call the frameworks tool with mode status and summarize which templates my workspace supports.

Start a draft report

Start an EU AI Act draft report for model ID 00000000-0000-0000-0000-000000000000 named Q2 validation.

Bias test

Run a bias test for our credit model and summarize disparate impact results for counsel review.

Security

  • Humans must approve reports before treating them as regulatory submissions.
  • ComplyHat never marks a model compliant automatically; finalize only after review.
  • Revoke OAuth access from ComplyHat or the MCP host if a connector is decommissioned.

Troubleshooting

OAuth consent loop

Sign in at complyhat.ai/login and confirm your host completed the consent screen.

Missing evidence fields

Supply predictions, labels, protected attributes, or distribution snapshots from the host; ComplyHat does not read private codebases.

409 on wiki write

Pass prev_version from the latest wiki.read response when replacing compliance memory.

Framework version drift

Use frameworks.check_freshness and verify amendments at the regulator source before submission.

#compliance#ai-governance#eu-ai-act#audit#remote-mcp

Source citations

Add this badge to your README

Show that ComplyHat MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/complyhat-mcp-server.svg)](https://heyclau.de/entry/mcp/complyhat-mcp-server)

How it compares

ComplyHat MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

FieldComplyHat MCP Server for Claude

ComplyHat remote MCP server that turns AI agents into compliance documenters for SR 26-2, EU AI Act, NIST AI RMF, and ISO/IEC 42001 with OAuth and audit-ready DOCX output.

Open dossier 		Clarid Compliance MCP Server for Claude

Clarid AI hosted MCP server that checks bank and credit-union marketing materials for FDIC, NCUA, TILA, Reg DD, Reg Z, UDAAP, and Equal Housing compliance over streamable HTTP.

Open dossier 		Microsoft Learn MCP Server

Official Microsoft Learn remote MCP server that gives AI agents real-time access to Microsoft documentation search, page fetch, and code sample search.

Open dossier 		pg-aiguide MCP Server

PostgreSQL documentation and best-practice MCP server from Timescale that gives Claude semantic and keyword search across PostgreSQL, TimescaleDB, and PostGIS docs.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorymcpmcpmcpmcp
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorComplyHatClarid AIMicrosoftTimescale
Added2026-06-142026-06-142026-06-052026-06-05
Platforms
Claude CodeCodexCursorClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesfinalize report modes persist approved compliance prose with cryptographic hashes; review before finalizing. Bias, drift, and explainability tools operate on host-supplied datasets and model metadata. ComplyHat output is documentation support, not legal advice or an automatic compliance determination. Paid plans bill per MCP install seat; confirm billing scope before team-wide rollout.Marketing copy you submit is sent to Clarid for automated compliance analysis. Do not treat MCP output as a substitute for counsel review before publishing regulated materials. Confirm institution-specific policies still apply after automated checks pass. Avoid submitting customer PII unless your compliance program explicitly allows it.The server is documentation-focused, but retrieved docs can still influence generated commands; review commands before running them. Remote MCP availability and schema can change, so verify client compatibility before depending on it in automation.The hosted MCP endpoint is documentation-focused and read-only, but generated SQL and migration advice still needs human review before execution. Documentation search results can influence schema design, indexes, retention policies, and extension setup, so test generated SQL in development first. Self-hosted deployments need database credentials and embedding configuration; keep those scoped to the docs database, not production application data. The package can expose stdio and HTTP transports; bind local HTTP deployments only where intended and protect any non-local endpoint.
Privacy notesComplyHat computes scores in memory and persists summary artifacts, not raw training data or source code. OAuth tokens and workspace data are tenant-isolated under ComplyHat's security model. Approved reports and compliance memory may contain model names, risk positions, and audit metadata.Submitted marketing text is processed by Clarid AI under its own privacy and retention terms. Campaign drafts may contain product terms, rates, or institution names that should stay internal. Use least-privilege connectors and avoid sharing draft materials in public chat logs.Prompts and queries sent to a remote MCP server can reveal product names, architecture details, or error messages. Avoid sending customer identifiers or private tenant data when documentation search is enough.Queries sent to the hosted MCP endpoint may reveal database names, schema intent, performance problems, product plans, or internal architecture details. Self-hosted semantic search can send queries or documentation chunks to the configured embedding provider unless a local compatible endpoint is used. Tool outputs can contain excerpts from PostgreSQL, TimescaleDB, Tiger Cloud, or PostGIS documentation that are then included in the model context. Do not include customer data, credentials, production connection strings, or private incident details when a generalized documentation query is enough.
Prerequisites
  • ComplyHat account; OAuth consent runs automatically on the first tool invocation.
  • Claude Code, Claude Desktop, Codex, OpenClaw, NemoClaw, or another MCP-capable host.
  • Evidence summaries your host can extract for model tests; ComplyHat does not read source code or weights.
  • Human review workflow before submitting compliance documents to regulators or counsel.
  • Claude Pro, Team, or Enterprise with Connectors support, or another MCP client with streamable HTTP transport.
  • Marketing or compliance content you are authorized to submit for review.
  • Understanding that Clarid output supports compliance workflows and is not legal advice.
  • Internet access to reach the Clarid hosted endpoint.
  • An MCP-compatible client that supports remote HTTP MCP servers.
  • Network access to learn.microsoft.com.
  • A Microsoft technology question where official Learn grounding is useful.
  • An MCP-compatible client that supports remote HTTP MCP servers.
  • Network access to `mcp.tigerdata.com`.
  • PostgreSQL, TimescaleDB, Tiger Cloud, or PostGIS questions where documentation grounding is useful.
  • Optional self-hosting dependencies if running the package locally, including a populated Postgres docs database and embedding provider key.
Install
claude mcp add --transport http complyhat https://complyhat.ai/api/mcp
claude mcp add --transport http clarid-compliance https://mcp.clarid.ai/mcp
claude mcp add --transport http microsoft-learn https://learn.microsoft.com/api/mcp
claude mcp add --transport http pg-aiguide https://mcp.tigerdata.com/docs
Config
{
  "mcpServers": {
    "complyhat": {
      "url": "https://complyhat.ai/api/mcp",
      "type": "http"
    }
  }
}
{
  "mcpServers": {
    "clarid-compliance": {
      "url": "https://mcp.clarid.ai/mcp",
      "type": "http"
    }
  }
}
{
  "mcpServers": {
    "microsoft-learn": {
      "url": "https://learn.microsoft.com/api/mcp"
    }
  }
}
{
  "mcpServers": {
    "pg-aiguide": {
      "type": "http",
      "url": "https://mcp.tigerdata.com/docs"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.