sovereignty-scan-mcp
Vendor sovereignty scanner for EU AI Act compliance. Scans provider stacks for CLOUD Act exposure, data residency, and GDPR DPA status across 55 providers, then suggests EU-native alternatives. Free, no account required.
README
@kajaril/sovereignty-scan-mcp
MCP server for EU AI Act vendor sovereignty scanning. MIT-licensed free tier.
Know where your stack processes data before the enforcer does. Covers 55 providers across 12 categories.
Install
Add to claude_desktop_config.json and restart Claude Desktop. No account required.
{
"mcpServers": {
"sovereignty-scan": {
"type": "http",
"url": "https://sovereignty-scan.kajaril.com/mcp"
}
}
}
Free tier — MIT license, public endpoint, 100 req / day per IP.
Client compatibility
| Client | Status |
|---|---|
| Claude Desktop | ✓ Supported |
| Cursor / Windsurf | ✓ Supported (HTTP MCP) |
| claude.ai web | ✗ Not supported (no HTTP MCP) |
Quick test
Verify the endpoint is live before installing:
curl -s https://sovereignty-scan.kajaril.com/health | jq .
Or call a tool directly:
curl -s -X POST https://sovereignty-scan.kajaril.com/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"scan_provider","arguments":{"name":"cloudflare"}}}' \
| jq .
Tools
scan_provider — Full jurisdictional profile for a single vendor: headquarters country, data residency regions, EU residency option, US CLOUD Act exposure, GDPR DPA availability, and legal framework.
name— string, case-insensitive
Example response:
{
"name": "Cloudflare",
"hq_country": "US",
"data_residency_regions": ["US", "EU", "APAC"],
"eu_residency_option": true,
"us_cloud_act_subject": true,
"gdpr_dpa_available": true,
"legal_framework": "GDPR+SCC"
}
scan_stack — Aggregate jurisdictional summary for a list of vendors: CLOUD Act exposure count, EU residency coverage, missing DPAs. Maximum 50 providers per call.
providers— string[], max 50
list_providers — List all tracked providers. Optional category filter.
category?— AI · Hosting · Database · Auth · Analytics · Observability · CI/CD · Communications · Payments · Search · Sandbox · Cache
get_us_cloud_act_providers — All providers subject to US CLOUD Act compelled disclosure (18 U.S.C. § 2713). No parameters.
suggest_eu_alternatives — EU/EEA/UK/CH-based alternatives in the same category as a given provider. Deterministic ordering: EU/EEA first, then UK/CH. Capped at 10.
provider_name— string, case-insensitive
Pricing
| Free | Paid | |
|---|---|---|
| Price | — | €39–149 / mo |
| License | MIT | Subscription |
| Status | Live | Coming soon |
| Output | Jurisdiction, residency, legal framework, CLOUD Act | + Proprietary risk score + Remediation guidance |
| Auth | None | API key |
| Rate limit | 100 req / day / IP | Extended |
Paid tier notifications: studio@kajaril.com
Self-hosting
Requires a Cloudflare account (Workers + D1 + KV).
1. Clone and install
git clone https://github.com/kajaril/sovereignty-scan-mcp
cd sovereignty-scan-mcp
npm install
2. Create infrastructure
npx wrangler d1 create sovereignty-db-free
npx wrangler kv:namespace create CACHE_KV
npx wrangler rate-limit:namespace create RATE_LIMITER
npx wrangler rate-limit:namespace create BURST_LIMITER
Copy the IDs printed by each command into wrangler.jsonc under d1_databases, kv_namespaces, and unsafe.bindings.
3. Apply schema and seed data
npx wrangler d1 execute sovereignty-db-free --remote --file=migrations/0001_providers.sql
node --input-type=module -e "
import { generateSeedSQL } from './src/seed.js';
process.stdout.write(generateSeedSQL());
" | npx wrangler d1 execute sovereignty-db-free --remote --command=-
4. Deploy
npx wrangler deploy
The custom domain (sovereignty-scan.kajaril.com) in the default config is owned by kajaril — remove or replace the routes entry with your own domain or use the default *.workers.dev URL.
Health
GET https://sovereignty-scan.kajaril.com/health
Returns a structured payload (HTTP 200):
{
"status": "ok",
"provider_count": 55,
"anthropic_path_count": 3,
"last_kv_refresh": "2026-05-11T00:00:00.000Z",
"cache_age_seconds": 86400,
"schema_version": "0001"
}
status is "ok" when D1 is reachable, "degraded" otherwise. cache_age_seconds is null if the KV cache has never been warmed.
License
MIT — see LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.