Server data from the Official MCP Registry
Read-only tools over the Safer Agentic AI framework: 238 patterns + 14 heuristics.
Read-only tools over the Safer Agentic AI framework: 238 patterns + 14 heuristics.
Remote endpoints: streamable-http: https://mcp.saferagenticai.org/mcp
This is a well-structured, read-only MCP server that serves safety framework data with proper input validation, appropriate permissions, and no security vulnerabilities. The codebase demonstrates strong defensive programming practices including argument validation, error handling, and safe file I/O patterns. Permissions are appropriately scoped to read local framework data and environment configuration. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
3 files analyzed · 7 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
From the project's GitHub README.
Serves the SaferAgenticAI framework (canonical criteria + Implementation Patterns layer) to coding assistants via the Model Context Protocol.
Published to the canonical MCP catalogues — install from a registry-aware client or the CLI below:
saferagenticai-mcpio.github.NellInc/saferagenticai-mcpAlso rolling out across the wider MCP ecosystem: mcp.directory, mcpservers.org, PulseMCP (via the registry ingest), and mcp.so.
Pick the path that matches your setup.
uvx (fastest, no manual venv)If you have uv installed, point your MCP client at:
uvx --from git+https://github.com/NellInc/saferagenticai-mcp saferagenticai-mcp
uv handles isolation and caches the install. Works for single-command config
lines in ~/.claude/mcp.json.
pipx (isolated global install)pipx install "git+https://github.com/NellInc/saferagenticai-mcp"
Exposes saferagenticai-mcp globally; updated with pipx upgrade saferagenticai-mcp.
Homebrew / system Python blocks direct pip install under PEP 668, so if
you've cloned the repo and want an editable install:
python3 -m venv research/mcp/.venv
research/mcp/.venv/bin/pip install -e research/mcp/server
Produces research/mcp/.venv/bin/saferagenticai-mcp. Pattern YAML edits in
the repo are picked up live (editable mode).
pipx install saferagenticai-mcp
# or, with the modern uv toolchain:
uv tool install saferagenticai-mcp
# or plain pip:
pip install --user saferagenticai-mcp
For audit-trail reproducibility, pin the version: pipx install saferagenticai-mcp==0.3.3.
The package bundles criteria-v1.json + 238 pattern YAMLs + 4 exemplars
operational_heuristics.yaml inside saferagenticai_mcp/_data/, so a
wheel install works without any repo checkout. (The 0.3.0 wheel predates the
corpus extension and bundles only 214 patterns, no heuristics; 0.3.1 is the
first complete build.)Add to ~/.claude/mcp.json (or your IDE's MCP config). Pick the variant that
matches your install option.
uvx{
"mcpServers": {
"saferagenticai": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/NellInc/saferagenticai-mcp",
"saferagenticai-mcp"
]
}
}
}
pipx or manual venv{
"mcpServers": {
"saferagenticai": {
"command": "/absolute/path/to/saferagenticai-mcp"
}
}
}
For a manual venv checkout, the absolute path is
<repo>/research/mcp/.venv/bin/saferagenticai-mcp.
Restart Claude Code / your IDE after editing. The server will load on the first tool call from your assistant.
| Tool | Input | Returns |
|---|---|---|
list_suites | — | 16 suites with titles and subgoal counts |
get_requirement | id, include_pattern | one subgoal + its Pattern layer; falls back to fuzzy candidates if no exact match |
list_requirements | suite/type/content_type/confidence filters | filtered subgoal list with reliability signals |
search_patterns | query, limit, verbosity | field-weighted ranked matches with matched_in and (in full mode) snippets + confidence flags. Field weights: title 10×, summary 4×, sfr 3×, description 2×, body 1× |
get_cross_references | id, include_inferred | outgoing adjacencies |
get_reverse_references | id | incoming adjacencies (who cites this pattern) |
resolve_id | query | canonicalise a partial id, slug fragment, or display_id; always returns candidates |
find_patterns_for_task | task, limit, verbosity | top patterns grouped by suite for a task description; defaults to compact mode for cheap triage |
list_unreviewed | limit | patterns without reviewed_by, sorted low-confidence first |
review_stats | — | coverage %, per-suite, per-confidence; plus validation issue count |
list_operational_heuristics | suite_id?, query? | operational heuristics distilled from production agentic AI deployment, optionally filtered by suite or keyword |
get_operational_heuristic | id | single operational heuristic by id (e.g. OH::geoffrey-pattern); returns full entry with principle, framework mapping, design patterns, and discovery narrative |
assessor/src/data/criteria-v1.json (extracted from framework.html)research/mcp/suites/<SUITE>/<pattern_id>.yaml (238 files)research/mcp/exemplars/*.yaml (fallback for four anchor subgoals)research/mcp/operational_heuristics.yaml (14 heuristics)At startup the server loads both and builds an in-memory index keyed by pattern_id. display_id lookups are also supported but may resolve to multiple subgoals (underlined variants).
python3 -c "
from saferagenticai_mcp.framework_loader import load_framework
idx = load_framework()
print(f'{len(idx.subgoals)} subgoals, {sum(1 for s in idx.subgoals.values() if s.has_pattern)} with patterns')
"
criteria-v1.json's version field.v1-draft while this directory is being populated; v1 once reviewed.LICENSE, corrected package metadata, and MCP-registry ownership token). Pin explicitly for audit reproducibility.find_patterns_for_task — natural-language task → top patterns grouped by suite. Replaces the need for a separate embedding index at current scale.get_reverse_references.mark_reviewed write tool — deliberately not added. Phase 3 review edits go through the YAML directly (editor + git diff = auditable); the MCP stays read-only.This server (the code in this directory) is licensed MIT — see LICENSE.
The safety-framework content it serves (the patterns, canonical criteria, and operational heuristics bundled under saferagenticai_mcp/_data/) is part of the SaferAgenticAI framework, published under CC-BY-4.0 at the repository root. Attribution: Nell Watson and the Agentic AI Safety Community of Practice.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.