com.bidda/bidda-compliance
Official18 tools9,762 source-verified compliance nodes (EU AI Act, GDPR, HIPAA, DORA, NIST, MITRE). 14 MCP tools.
Access 9,762 verified compliance rules for EU AI Act, GDPR, HIPAA, DORA, NIST, MITRE.
Captured live from the server via tools/list.
list_pillars
List all compliance pillars in the Bidda Sovereign Intelligence registry with node counts. Use this first to discover available compliance domains before searching. Bidda has 9,964 cryptographically-verified nodes across 39 pillars, including a MITRE layer spanning 6 frameworks (ATT&CK Enterprise/Mobile/ICS, D3FEND, ATLAS, CAPEC) plus Banking, AI Governance, Cybersecurity, Healthcare, Legal, ESG and more.
No parameters.
search_nodes
Search Bidda compliance nodes by keyword. Returns matching node summaries including a one-sentence BLUF (Bottom Line Up Front): the exact compliance obligation in plain language. Every node traces to a primary legal source (no hallucination). Examples: "Basel III capital", "GDPR data breach", "AML transaction monitoring", "SOC 2 Type II".
Parameters (3)
- querystringrequired
Search terms, e.g. "Basel III capital requirements", "GDPR data breach notification 72 hours", "FATF travel rule"
- pillarstring
Optional: filter by pillar name, e.g. "Banking & Global Finance", "Cybersecurity", "AI Governance & Law", "Medical & Healthcare"
- limitnumber
Max results (default 10, max 25)
get_node
Get a specific compliance node by its ID. Returns the node summary: title, compliance pillar, version, last updated, and BLUF. The full node (machine-executable deterministic workflow, actionable schema, primary legal citations, dependency chain) is available at bidda.com.
Parameters (1)
- idstringrequired
Node ID, e.g. "basel-iii-capital", "gdpr-article-5-principles", "fatf-40-recommendations-2023-consolidated", "us-hipaa-privacy-rule"
get_dependency_chain
Walk the prerequisite chain for a compliance node. Given one node, returns its full dependency tree (the prior obligations an agent must satisfy before this one applies). Use this to plan a complete compliance posture: unlocking one node usually requires understanding 3-8 upstream nodes. Defaults to depth 2; max 4.
Parameters (2)
- node_idstringrequired
Root node ID to expand from.
- max_depthinteger
How many hops to walk (1-4). Default 2.
get_crosswalk
Return the cross-framework mapping dimensions for a node: which other regulations, standards, or jurisdictions this rule maps to (e.g. GDPR Article 17 → CCPA right-to-delete → POPIA Section 24). Discovery returns the available dimensions; full mapping values are vault-gated.
Parameters (1)
- node_idstringrequired
Node ID to inspect crosswalks for.
get_latest_changes
List the most recently updated compliance nodes: the regulatory change feed. Use to monitor incoming amendments, new guidance, or freshly added rules. Filter by pillar to focus on a domain. Agents should call this on a schedule to keep compliance posture current.
Parameters (2)
- daysinteger
Look back N days. Default 30. Max 180.
- pillarstring
Optional pillar filter, e.g. "AI Governance" or "Cybersecurity".
get_jurisdiction_bundle
Return all compliance nodes that apply in a specific jurisdiction (EU, US, UK, Australia, Singapore, India, Canada, China, South Africa, Japan, Brazil and others). Use when an agent enters a new market and needs the full regulatory surface for that geography.
Parameters (2)
- jurisdictionstringrequired
Jurisdiction code or name: eu, us, uk, au, sg, india, canada, china, south-africa, japan, brazil.
- limitinteger
Max nodes to return. Default 25. Max 100.
get_mitre_mapping
The MITRE Rosetta Stone. Given a MITRE technique ID across 5 frameworks (ATT&CK Enterprise, ATT&CK Mobile, ATT&CK ICS, D3FEND, ATLAS), return the Bidda node for that technique plus its mapped compliance obligations: NIST 800-53 controls, ISO 27001 Annex A clauses, PCI DSS requirements, NIS2 articles, HIPAA Security Rule, DORA articles, NERC CIP, IEC 62443. The bridge between how SOC teams think (technique IDs) and how compliance teams think (control families). Free.
Parameters (1)
- technique_idstringrequired
MITRE technique ID. ATT&CK Enterprise (T1566, T1486, T1078, T1003.001, T1547.001); ATT&CK Mobile (T1474, T1521, T1471, T1430, T1417); ATT&CK ICS (T0883, T0809, T0879, T0886, T0814); D3FEND (D3-FIM, D3-MFA, D3-NTA, D3-NI, D3-AI, D3-CH); CAPEC (CAPEC-66, CAPEC-63, CAPEC-98, CAPEC-94, CAPEC-49); or ATLAS (AML.T0020).
check_action_compliance
Pre-flight regulatory check. Agent describes an intended action in natural language ("process EU resident biometric data", "transfer health records to a third-party AI vendor", "deploy autonomous trading model in Singapore") and receives a ranked list of regulations that may apply, plus a risk indicator (LOW/MODERATE/HIGH). The primary tool for runtime compliance gating in autonomous agent workflows.
Parameters (3)
- actionstringrequired
Natural-language description of the intended action.
- jurisdictionstring
Optional jurisdiction filter (eu, us, uk, etc.).
- limitinteger
Max matches to return. Default 10. Max 25.
browse_topics
Browse the registry by cross-cutting compliance TOPIC (for example data breach notification, AI transparency, AML and KYC). Returns each topic with how many rules carry it and across how many pillars and jurisdictions. Topics sit on top of the 39 pillars without replacing them. Free, no key required. Pass a topic string to drill into one.
Parameters (1)
- topicstring
Optional topic name to filter or drill into.
compare_jurisdictions
Compare how different jurisdictions address a compliance topic, side by side, including where their numeric thresholds differ (for example a breach-notification deadline of 72 hours versus 30 days). It surfaces the real rules and numbers and does not rank which jurisdiction is stricter. Requires an active Bidda subscription: pass your key as api_key.
Parameters (2)
- topicstringrequired
Topic to compare, for example "data breach notification".
- api_keystringrequired
Your Bidda subscription API key (sent as x-bidda-api-key). A free trial counts.
create_attestation
Create a signed, time-stamped record of which Bidda rules a person or AI agent relied on for a decision. Returns a record ID and a public verify URL so anyone can later confirm the record has not been changed. Useful for agents that must keep an audit trail of what they checked. Requires an active Bidda subscription: pass api_key.
Parameters (5)
- agentstringrequired
The system or AI agent that made the decision.
- nodesarrayrequired
node_ids that were checked (max 50).
- actionstring
Optional: what the agent did.
- workflow_steps_followedarray
Optional: steps the agent followed.
- api_keystringrequired
Your Bidda subscription API key. A free trial counts.
point_in_time
Get a signed record of which committed version of a rule was authoritative at a specific past date, anchored to the public history chain. Useful when an agent must show what a rule said at the moment it acted. Requires an active Bidda subscription: pass api_key.
Parameters (3)
- node_idstringrequired
The rule (node_id).
- as_ofstring
ISO date or time, or epoch milliseconds. Defaults to now.
- api_keystringrequired
Your Bidda subscription API key. A free trial counts.
watch_changes
Subscribe to regulatory change alerts: watch specific rules and/or whole pillars and get notified by email or webhook when their primary source changes. Requires an active Bidda subscription: pass api_key.
Parameters (6)
- nodesarray
node_ids to watch.
- pillarsarray
Pillar names to watch.
- channelsobject
Delivery channels, for example { "email": true, "webhook": false }. Defaults to email.
- webhook_urlstring
Required if the webhook channel is enabled.
- labelstring
Optional name for the alert.
- api_keystringrequired
Your Bidda subscription API key. A free trial counts.
open_run
Open a run ledger: a signed, tamper-evident log of what an agent does across a whole task or conversation (for example a support-bot chat). Returns a run_id. Record one entry per turn with record_run_entry, then seal_run to get a single signed Run Receipt. Requires an active Bidda subscription: pass api_key.
Parameters (3)
- agentstringrequired
The system or agent running the task or conversation.
- labelstring
Optional human label, for example the chat or ticket id.
- api_keystringrequired
Your Bidda subscription API key. A free trial counts.
record_run_entry
Append one entry to an open run: which Bidda rules the agent consulted, what it decided, and the end user's input (as text via note, or privately as input_hash). Each entry is hash-chained to the previous one. Requires an active Bidda subscription: pass api_key.
Parameters (9)
- run_idstringrequired
The run_id returned by open_run.
- nodesarray
Optional node_ids the agent consulted (max 50).
- decisionstring
Optional: what the agent decided or did this turn.
- actionstring
Optional: an action the agent took or checked.
- notestring
Optional: the end user's message as text.
- input_hashstring
Optional: a sha256:... hash of the user's message instead of the text.
- output_hashstring
Optional: a sha256:... hash of the agent's output.
- entry_typestring
Optional: node_consulted | action_checked | decision | note. Defaults to note.
- api_keystringrequired
Your Bidda subscription API key. A free trial counts.
seal_run
Seal an open run into one signed Run Receipt covering every entry, with a public verify URL. Idempotent: sealing an already-sealed run returns the same receipt. Requires an active Bidda subscription: pass api_key.
Parameters (2)
- run_idstringrequired
The run_id to seal.
- api_keystringrequired
Your Bidda subscription API key. A free trial counts.
get_run
Fetch a run and its entries. The owner can read an open or sealed run (pass api_key); a sealed run is also publicly readable by id and reports whether its signature is valid.
Parameters (2)
- run_idstringrequired
The run_id to fetch.
- api_keystring
Optional: your Bidda key, required to read your own still-open run.
README not available yet.
Install
claude_desktop_config.json
{
"mcpServers": {
"bidda-compliance": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://bidda.com/mcp"
]
}
}
}Desktop config is stdio-only; this bridges via mcp-remote. Native remote: Settings > Connectors.