MCP Server
Use Regulatory Signals directly inside Claude Desktop, Cursor, or any MCP-compatible AI client. Audit GitHub repositories and run security checks without leaving your workflow.
Install
No global install needed — Claude Desktop and Cursor run the server automatically via npx each time you start a session. Just add the config below.
npx -y @regulatorysignals/mcpClaude Desktop Setup
Open the config file at:
~/Library/Application Support/Claude/claude_desktop_config.json(macOS)
Merge the following into the mcpServers object. If the key already exists, add regulatory-signals alongside your existing entries.
{
"mcpServers": {
"regulatory-signals": {
"command": "npx",
"args": ["-y", "@regulatorysignals/mcp"],
"env": {
"REGULATORY_SIGNALS_API_KEY": "rskey_live_xxxxxxxxxxxx"
}
}
}
}Replace rskey_live_xxxxxxxxxxxx with your API key. Restart Claude Desktop after saving.
Cursor Setup
Open the config file at:
~/.cursor/mcp.json
Add the same block as Claude Desktop:
{
"mcpServers": {
"regulatory-signals": {
"command": "npx",
"args": ["-y", "@regulatorysignals/mcp"],
"env": {
"REGULATORY_SIGNALS_API_KEY": "rskey_live_xxxxxxxxxxxx"
}
}
}
}Reload the Cursor window after saving (Cmd+Shift+P → Developer: Reload Window).
Tool Reference
The server exposes two tools. Use check_repository for instant CI-style gates and audit_repository when you need a full compliance report.
| check_repository | audit_repository | |
|---|---|---|
| Speed | ~5 seconds | 30–120 seconds |
| AI-powered | No | Yes |
| Quota consumed | No | Yes (1 credit) |
| Best for | CI/CD pre-merge gates, quick checks | Full compliance audit, security report |
| Output | Pass/fail checklist (rate limiting, unchecked responses, webhook silent-success, button→route gaps, RLS, Stripe webhook) | Score /100, architecture summary, security issues with fixes, dependency risks, test coverage, EU AI Act compliance |
Get your API key
Generate an API key from the dashboard and paste it into your MCP config. Keys are scoped to your account and can be revoked at any time.
The MCP server runs locally on your machine and calls the Regulatory Signals API on your behalf. All API usage is subject to the Privacy Policy and Terms of Service. Audit credits are deducted from your plan quota for each audit_repository call.