Server data from the Official MCP Registry
Cryptographic AI governance + audit. 18 tools, 28 frameworks. EU AI Act, NIST, OWASP, CMMC, SR 11-7
Cryptographic AI governance + audit. 18 tools, 28 frameworks. EU AI Act, NIST, OWASP, CMMC, SR 11-7
Valid MCP server (2 strong, 2 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry.
9 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: SWT3_API_KEY
Environment variable: SWT3_TENANT_ID
Environment variable: SWT3_CONFIG_FILE
Environment variable: SWT3_CLEARING_LEVEL
Environment variable: SWT3_AGENT_ID
Environment variable: SWT3_SIGNING_KEY
Add this to your MCP configuration file:
{
"mcpServers": {
"io-tenova-swt3-witness": {
"env": {
"SWT3_API_KEY": "your-swt3-api-key-here",
"SWT3_AGENT_ID": "your-swt3-agent-id-here",
"SWT3_TENANT_ID": "your-swt3-tenant-id-here",
"SWT3_CONFIG_FILE": "your-swt3-config-file-here",
"SWT3_SIGNING_KEY": "your-swt3-signing-key-here",
"SWT3_CLEARING_LEVEL": "your-swt3-clearing-level-here"
},
"args": [
"-y",
"@tenova/swt3-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
Don't audit the agent's thoughts. Audit the agent's actions.
AI agents are making production decisions: approving loans, triaging patients, managing infrastructure, writing code. In 2026, 65% of firms reported AI agent security incidents. Only 14.4% of agents go live with full security approval. When something goes wrong, there is no tamper-proof audit trail. Logs are mutable. Metrics are averaged. Nobody can prove what the agent actually did.
GPAI transparency obligations are enforceable now. EU AI Act high-risk enforcement begins December 2, 2027. NIST AI RMF, SR 11-7, and CMMC impose similar obligations. 72% of enterprises believe they have AI governance but lack actual control. Most teams have nothing but dashboards and hope.
SWT3 (Sovereign Witness Traceability) is a deterministic witness protocol for AI systems. It intercepts AI actions, hashes the evidence, and anchors cryptographic proof to an immutable ledger. Your code gets the full response. The auditor gets tamper-proof evidence. Raw prompts and responses never leave your infrastructure.
Python
pip install swt3-ai
python -m swt3_ai.demo
TypeScript
npm install @tenova/swt3-ai
npx swt3-demo
No API keys. No account. No network calls. You will see the full witnessing pipeline run locally.
from swt3_ai import Witness
from openai import OpenAI
witness = Witness(endpoint="https://sovereign.tenova.io", api_key="axm_live_...", tenant_id="YOUR_TENANT")
client = witness.wrap(OpenAI())
# Every inference is now witnessed. Your code does not change.
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Summarize this contract"}],
)
Works with OpenAI, Anthropic, AWS Bedrock, Vercel AI SDK, LangChain, LiteLLM (100+ providers), and any OpenAI-compatible endpoint (vLLM, Ollama, Azure OpenAI).
AI compliance doesn't stop at the model layer. Regulators want to know what hardware ran the inference, whether it was authorized, and whether the compute environment changed between audit periods. Today, no platform provides cryptographic proof of which silicon processed which workload. SWT3 does.
Deploy a DaemonSet that discovers accelerator hardware on every node and mints AI-HW.1 attestation anchors. Zero application code changes. One Helm install.
helm install swt3-witness oci://ghcr.io/tenova-labs/charts/swt3-witness \
--set config.endpoint="https://sovereign.tenova.io" \
--set config.apiKey="axm_live_..." \
--set config.tenantId="YOUR_TENANT"
The DaemonSet auto-discovers 6 accelerator types per node:
| Discovery Path | Silicon | Method |
|---|---|---|
| NVIDIA GPU | A100, H100, H200, B200, GB200, NVL72 | nvidia-smi |
| Google TPU | v4, v5e, v5p, v6e, Trillium | TPU_NAME env |
| AMD MI | MI300X, MI325X, MI250 | rocm-smi |
| AWS Trainium | Trainium2, Inferentia2 | neuron-ls |
| Intel Gaudi | Gaudi3, Gaudi2 | hl-smi |
| PCI Fallback | Any 3D controller / processing accelerator | /sys/bus/pci |
Each node reports its silicon vendor, topology, memory, and per-accelerator detail. Non-accelerator nodes produce a valid anchor attesting "no accelerator detected" -- absence of hardware is also auditable evidence. Mixed-silicon clusters (NVIDIA + TPU + AMD in the same cluster) are fully supported.
What this proves to your auditor:
The witness context includes silicon_vendor, discovery_method, and accelerators[]. All device identifiers are SHA-256 hashed before leaving the node. Serial numbers, UUIDs, and bus IDs are never transmitted in plaintext.
See the Cross-Silicon K8s Attestation Guide for GKE, EKS, AKS, and on-prem deployment patterns.
Each inference produces anchors across 103 AI procedures spanning 52 namespaces:
| Procedure | Domain | What It Proves | Regulatory Mapping |
|---|---|---|---|
| AI-INF.1 | Inference | Prompt and response captured (provenance) | EU AI Act Art. 12 |
| AI-INF.2 | Inference | Latency within threshold (detects model swaps) | NIST AI RMF MEASURE 2.6 |
| AI-MDL.1 | Model | Deployed model matches approved hash (integrity) | EU AI Act Art. 9 |
| AI-MDL.2 | Model | Model version identifier recorded (tracking) | EU AI Act Art. 72 |
| AI-MDL.5 | Model | Weight file SHA-256 verified (tamper detection) | EU AI Act Art. 15(4) |
| AI-MDL.6 | Model | LoRA/PEFT adapter stack attested | EU AI Act Art. 12(2)(b) |
| AI-MDL.7 | Model | Quantization method recorded | EU AI Act Art. 15(3) |
| AI-GRD.1 | Guardrail | Required safety filters were active (enforcement) | NIST AI RMF GOVERN 1.5 |
| AI-GRD.2 | Safety | No content filter or refusal triggered | EU AI Act Art. 14 |
| AI-GRD.3 | Gatekeeper | Pre-call guardrail gate enforced | EU AI Act Art. 9(2) |
| AI-RAG.1 | Retrieval | RAG context chunks and corpus attested | EU AI Act Art. 12(2)(a) |
| AI-RAG.2 | Retrieval | Retrieval relevance scoring verified | EU AI Act Art. 10(2) |
| AI-TOOL.1 | Tool Use | Agent tool/function call recorded (latency, success) | NIST AI RMF MANAGE 4.1 |
| AI-ID.1 | Identity | Witness instance identity attested (agent accountability) | EU AI Act Art. 13 |
| AI-ACC.1 | Access | Resource access granted or denied with scope | EU AI Act Art. 9(4)(c) |
| AI-REV.1 | Revocation | Previously-issued anchor revoked with reason | EU AI Act Art. 12(3) |
| AI-SEC.1 | Security | Adversarial threat detection performed | EU AI Act Art. 15(4) |
| AI-SEC.2 | Security | Input validated and sanitized before inference | EU AI Act Art. 15(3) |
| AI-SKILL.1 | Skills | Loaded skill/tool/plugin manifest attested | EU AI Act Art. 12(2)(b) |
| AI-SKILL.2 | Memory | Active memory sources bound to decision | EU AI Act Art. 12(2)(a) |
| AI-SKILL.3 | Alignment | RLHF/DPO reward model binding recorded | EU AI Act Art. 9(4)(a) |
| AI-CHAIN.1 | Chain | Multi-agent handoff witnessed with cycle tracking | EU AI Act Art. 12(2)(a) |
| AI-VIO.1 | Violation | Policy violation detected during inference | EU AI Act Art. 9(4)(a) |
| AI-CHR.1 | Charter | Agent charter/system prompt hash attested | EU AI Act Art. 13 |
| AI-MDL.8 | Model | Model verified against approved registry | EU AI Act Art. 51 |
| AI-HITL.3 | Oversight | Reviewer identity bound to human review | EU AI Act Art. 12(3)(d) |
| AI-SAFE.1 | Safety | Stop mechanism tested, safe state confirmed | EU AI Act Art. 14(4)(e) |
| AI-HW.1 | Hardware | GPU/accelerator inventory attested at startup | EU AI Act Art. 15(4) |
| AI-TRUST.1 | Trust | Mutual compliance trust verified between agents | EU AI Act Art. 9(4)(c) |
| AI-TRUST.2 | Trust | Trust handshake details recorded | EU AI Act Art. 12(2)(a) |
| AI-MARK.1 | Content | Content provenance marking attested | EU AI Act Art. 50(2) |
| AI-BASE.1 | Baseline | Agent behavioral baseline monitored | NIST AI RMF MEASURE 2.6 |
| AI-ENV.1 | Environment | Runtime environment fingerprint recorded | EU AI Act Art. 15(4) |
| AI-ENV.2 | Environment | Dependency manifest attested | EU AI Act Art. 15(3) |
| AI-DATA.3 | Data | Training data lineage attested | EU AI Act Art. 10(2) |
| AI-DATA.4 | Data | Data quality metrics recorded | EU AI Act Art. 10(3) |
| AI-CHAIN.2 | Chain | Chain-of-trust credential verified | EU AI Act Art. 9(4)(c) |
Plus 65 additional procedures covering fairness, explainability, inference volume, model drift, human oversight, cybersecurity, supply chain, content marking, agent lifecycle, financial transactions, and cross-border routing. See the full procedure registry.
A Level 1 anchor for AI-INF.1 (Inference Provenance). This is what reaches the witness ledger. No prompts, no responses, just cryptographic proof.
{
"procedure_id": "AI-INF.1",
"factor_a": 1,
"factor_b": 1,
"factor_c": 0,
"clearing_level": 1,
"anchor_fingerprint": "c059eb5938c0",
"anchor_epoch": 1774800000,
"fingerprint_timestamp_ms": 1774800000000,
"ai_prompt_hash": "315f5bdb76d078c4",
"ai_response_hash": "a1b2c3d4e5f60718",
"ai_latency_ms": 842,
"ai_model_id": "gpt-4o",
"ai_context": {
"provider": "openai",
"guardrails": ["content-filter", "pii-redaction"]
}
}
The anchor_fingerprint is computed from SHA256("WITNESS:{tenant}:{procedure}:{fa}:{fb}:{fc}:{ts}"). Anyone with the factors can independently verify the math. Trust is a vulnerability. Math is the remedy.
The clearing engine controls what leaves your infrastructure. Your code always gets the full response. Clearing only affects what reaches the witness ledger.
| Level | Name | On the Wire | Use Case |
|---|---|---|---|
| 0 | Analytics | Hashes + factors + model + provider + guardrails | Internal analytics |
| 1 | Standard | Hashes + factors + model + provider | Default. Production apps |
| 2 | Sensitive | Hashes + factors + model only | Healthcare, legal, PII workloads |
| 3 | Classified | Numeric factors only. Model ID hashed. | Defense, air-gapped environments |
At Level 1+, raw prompts and responses never leave your infrastructure.
| Language | Package | Install |
|---|---|---|
| Python | swt3-ai | pip install swt3-ai |
| TypeScript | @tenova/swt3-ai | npm install @tenova/swt3-ai |
| Swift | swt3-ai | Swift Package Manager |
| Rust | swt3-ai | cargo add swt3-ai |
| C# | swt3-ai | dotnet add package swt3-ai |
| Ruby | swt3-ai | gem install swt3-ai |
| MCP Server | @tenova/swt3-mcp | npx @tenova/swt3-mcp |
7 SDKs, identical fingerprints. 207 cross-language test vectors validated at build time.
pip install swt3-ai or npm install @tenova/swt3-ai| Framework | Coverage |
|---|---|
| EU AI Act | Articles 9, 10, 12, 13, 14, 15, 50, 51, 53, 72 |
| NIST AI RMF | GOVERN, MAP, MEASURE, MANAGE (10 subcategories) |
| NIST 800-53 | SI-7, AU-2, AU-3, AC controls |
| CMMC v2.0 | Level 2 practice mappings |
| SR 11-7 | Model Risk Management (5 examination areas) |
| ISO 42001 | Annex A AI management controls |
packages/swt3-ai/ Python SDK (PyPI: swt3-ai)
packages/swt3-ai-ts/ TypeScript SDK (npm: @tenova/swt3-ai)
packages/swt3-ai-swift/ Swift SDK (Swift Package Index)
packages/swt3-ai-rust/ Rust SDK (crates.io: swt3-ai)
packages/swt3-ai-dotnet/ C# SDK (NuGet: swt3-ai)
packages/swt3-ai-ruby/ Ruby SDK (RubyGems: swt3-ai)
packages/swt3-mcp/ MCP Server (npm: @tenova/swt3-mcp)
packages/swt3-witness/ K8s DaemonSet (GHCR + Helm)
packages/libswt3/ Protocol reference implementation
config/ Control definitions and framework crosswalks
Your prompts and responses never leave your infrastructure. The SDK computes SHA-256 hashes locally and transmits only irreversible hashes and numeric factors to the witness ledger. At Clearing Level 3, even the model name is hashed.
See CONTRIBUTING.md for development setup and guidelines.
Apache 2.0. See LICENSE. Patent pending.
If you believe AI systems should prove they followed the rules, give us a star.
SWT3: Sovereign Witness Traceability. We don't run your models. We witness them.
TeNova - Defining the AI Accountability Standard.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.