ComplianceGuard-MCP

A lightweight, local Model Context Protocol (MCP) server that gives LLM clients (Cursor, Claude Desktop) audited file-write tools backed by a SQLite cryptographic ledger. Every write is chained with SHA-256 block hashes suitable for demonstrating tamper-evident audit trails aligned with FDA 21 CFR Part 11 style record-keeping (local proof-of-concept; not a validated GxP system).

Features

• write_compliant_file — Create or update a file and append a signed ledger row.
• verify_ledger_integrity — Walk the full chain and detect manual DB tampering.
• Zero cloud cost — SQLite + local filesystem only.
• Path sandboxing — Writes must resolve under a configurable root (default: server directory).

Quick start

1. Python environment

Requires Python 3.10+.

cd "C:\Users\ORCA VA\Documents\ComplianceGuard-MCP FDA 21 CFR Part 11 Audit Logger"
python -m venv .venv
.\.venv\Scripts\Activate.ps1
pip install -r requirements.txt

2. Smoke test (optional)

python -c "from server import verify_ledger_integrity; print(verify_ledger_integrity())"

3. Register in Cursor

1. Open Cursor Settings → MCP (or edit your MCP config file directly).
2. Add a server entry pointing at this project's server.py using the same Python where you installed dependencies.

Example (Windows) — adjust paths to your machine:

{
  "mcpServers": {
    "complianceguard": {
      "command": "C:\\Users\\ORCA VA\\Documents\\ComplianceGuard-MCP FDA 21 CFR Part 11 Audit Logger\\.venv\\Scripts\\python.exe",
      "args": [
        "C:\\Users\\ORCA VA\\Documents\\ComplianceGuard-MCP FDA 21 CFR Part 11 Audit Logger\\server.py"
      ],
      "env": {
        "COMPLIANCE_GUARD_WRITE_ROOT": "C:\\Users\\ORCA VA\\Documents\\ComplianceGuard-MCP FDA 21 CFR Part 11 Audit Logger"
      }
    }
  }
}

3. Restart Cursor or reload MCP servers.
4. In chat, confirm ComplianceGuard-MCP tools appear: write_compliant_file, verify_ledger_integrity.

4. Register in Claude Desktop

Edit %APPDATA%\Claude\claude_desktop_config.json (create the file if missing):

{
  "mcpServers": {
    "complianceguard": {
      "command": "C:\\Users\\ORCA VA\\Documents\\ComplianceGuard-MCP FDA 21 CFR Part 11 Audit Logger\\.venv\\Scripts\\python.exe",
      "args": [
        "C:\\Users\\ORCA VA\\Documents\\ComplianceGuard-MCP FDA 21 CFR Part 11 Audit Logger\\server.py"
      ],
      "env": {
        "COMPLIANCE_GUARD_WRITE_ROOT": "C:\\Users\\ORCA VA\\Documents\\ComplianceGuard-MCP FDA 21 CFR Part 11 Audit Logger"
      }
    }
  }
}

Restart Claude Desktop after saving.

Tool reference

write_compliant_file

| Parameter | Type | Description | |-----------|------|-------------| | path | string | File path (relative to write root or absolute within it) | | content | string | Full text to write | | reason_for_change | string | Required audit justification |

Returns a confirmation string including content_hash and block_hash.

verify_ledger_integrity

No inputs. Returns JSON:

{
  "status": "SUCCESS",
  "message": "SUCCESS: Ledger is fully untampered",
  "failed_row_ids": [],
  "total_rows": 3,
  "latest_block_hash": "..."
}

On tampering, status is FAILURE and failed_row_ids lists corrupted rows.

Ledger schema

Database file: compliance_audit.db (created next to server.py).

| Column | Description | |--------|-------------| | id | Auto-increment primary key | | timestamp | UTC ISO-8601 string | | file_path | Canonical absolute path written | | action | CREATE or UPDATE | | content_hash | SHA-256 of written content | | reason_for_change | Agent-provided justification | | previous_block_hash | Prior row's block_hash (genesis constant if first) | | block_hash | SHA-256 of timestamp + file_path + content_hash + reason_for_change + previous_block_hash |

Genesis hash (empty ledger):
0000000000000000000000000000000000000000000000000000000000000000

Configuration

| Variable | Default | Purpose | |----------|---------|---------| | COMPLIANCE_GUARD_WRITE_ROOT | Directory containing server.py | Allowed filesystem root for writes |

Security notes

• Paths are resolved and rejected if they escape COMPLIANCE_GUARD_WRITE_ROOT.
• The ledger detects direct edits to compliance_audit.db; protect the DB file with OS permissions and backups.
• This project is an engineering demonstration — production Part 11 systems require validation, access controls, e-signatures, retention policies, and qualified infrastructure.

License

Use and adapt for internal compliance tooling as needed.