@greenarmor/ges-mcp-server 1.0.1 → 1.1.0

package/dist/index.d.ts

@@ -1,2 +1,4 @@
 export { handleRequest } from "./server.js";
 export type { MCPRequest, MCPResponse } from "./server.js";
+export { createAutoFixPlan, applyAutoFixAction, getNpmInstallsFromActions } from "./server.js";
+export type { AutoFixAction, AutoFixResult } from "./server.js";

package/dist/index.js

@@ -1 +1,2 @@
 export { handleRequest } from "./server.js";
+export { createAutoFixPlan, applyAutoFixAction, getNpmInstallsFromActions } from "./server.js";

package/dist/server.d.ts

@@ -1,4 +1,19 @@
 #!/usr/bin/env node
+import type { Finding } from "@greenarmor/ges-audit-engine";
+export type AutoFixAction = {
+    type: "create" | "modify" | "append" | "npm-install";
+    filePath: string;
+    content?: string;
+    search?: string;
+    replace?: string;
+    description: string;
+    ruleId: string;
+};
+export type AutoFixResult = {
+    applied: boolean;
+    action: AutoFixAction;
+    error?: string;
+};
 export interface MCPRequest {
     jsonrpc: string;
     id?: number | string | null;
@@ -15,4 +30,10 @@ export interface MCPResponse {
         data?: unknown;
     };
 }
+export declare function createAutoFixPlan(root: string, findings: Finding[], filterRuleIds?: Set<string>): {
+    actions: AutoFixAction[];
+    warnings: string[];
+};
+export declare function applyAutoFixAction(root: string, action: AutoFixAction): AutoFixResult;
+export declare function getNpmInstallsFromActions(actions: AutoFixAction[]): string[];
 export declare function handleRequest(request: MCPRequest): MCPResponse | null;

package/dist/server.js

@@ -595,7 +595,7 @@ function generateImplementationSteps(control) {
     }
     return steps;
 }
-function createAutoFixPlan(root, findings, filterRuleIds) {
+export function createAutoFixPlan(root, findings, filterRuleIds) {
     const actions = [];
     const warnings = [];
     const processedRules = new Set();
@@ -669,7 +669,7 @@ function createAutoFixPlan(root, findings, filterRuleIds) {
     }
     return { actions, warnings };
 }
-function applyAutoFixAction(root, action) {
+export function applyAutoFixAction(root, action) {
     const fullPath = path.join(root, action.filePath);
     try {
         switch (action.type) {
@@ -1557,7 +1557,7 @@ function buildAuditModelFix(root) {
     }
     return [];
 }
-function getNpmInstallsFromActions(actions) {
+export function getNpmInstallsFromActions(actions) {
     const installs = new Set();
     for (const a of actions) {
         if (a.type !== "npm-install")

package/dist/server.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/server.test.js

@@ -0,0 +1,152 @@
+import { describe, it, expect } from "vitest";
+import { handleRequest } from "./server.js";
+function req(method, params, id = 1) {
+    return { jsonrpc: "2.0", id, method, params };
+}
+function callTool(name, args = {}, id = 1) {
+    return req("tools/call", { name, arguments: args }, id);
+}
+function getResultText(response) {
+    const r = response;
+    return r.result?.content?.[0]?.text ?? "";
+}
+describe("MCP Protocol", () => {
+    it("responds to initialize", () => {
+        const res = handleRequest(req("initialize"));
+        expect(res).not.toBeNull();
+        const result = res.result;
+        expect(result.protocolVersion).toBe("2024-11-05");
+        expect(result.serverInfo.name).toBe("gesf-mcp-server");
+    });
+    it("returns null for notifications/initialized", () => {
+        const res = handleRequest({ jsonrpc: "2.0", method: "notifications/initialized" });
+        expect(res).toBeNull();
+    });
+    it("returns null for notifications/cancelled", () => {
+        const res = handleRequest({ jsonrpc: "2.0", method: "notifications/cancelled" });
+        expect(res).toBeNull();
+    });
+    it("responds to ping", () => {
+        const res = handleRequest(req("ping"));
+        expect(res).not.toBeNull();
+        expect(res.result).toBeDefined();
+    });
+    it("returns null for ping notification", () => {
+        const res = handleRequest({ jsonrpc: "2.0", method: "ping" });
+        expect(res).toBeNull();
+    });
+    it("responds to tools/list with 17 tools", () => {
+        const res = handleRequest(req("tools/list"));
+        const tools = res.result.tools;
+        expect(tools.length).toBe(17);
+    });
+    it("returns error for unknown method", () => {
+        const res = handleRequest(req("unknown/method"));
+        expect(res.error).toBeDefined();
+    });
+});
+describe("tools/list content", () => {
+    it("includes all expected tool names", () => {
+        const res = handleRequest(req("tools/list"));
+        const tools = res.result.tools;
+        const names = tools.map((t) => t.name);
+        expect(names).toContain("check_compliance");
+        expect(names).toContain("check_project_status");
+        expect(names).toContain("list_missing_controls");
+        expect(names).toContain("list_framework_controls");
+        expect(names).toContain("run_audit");
+        expect(names).toContain("generate_compliance_report");
+        expect(names).toContain("generate_audit_report");
+        expect(names).toContain("fix_recommendation");
+        expect(names).toContain("auto_fix");
+        expect(names).toContain("implement_control");
+        expect(names).toContain("apply_control_override");
+        expect(names).toContain("generate_retention_policy");
+        expect(names).toContain("generate_incident_response");
+        expect(names).toContain("generate_risk_assessment");
+        expect(names).toContain("generate_dpa");
+        expect(names).toContain("generate_data_inventory");
+        expect(names).toContain("generate_processing_records");
+    });
+});
+describe("check_compliance tool", () => {
+    it("returns compliance score output", () => {
+        const res = handleRequest(callTool("check_compliance", { project_type: "saas" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+        expect(text).toContain("GDPR");
+    });
+});
+describe("list_missing_controls tool", () => {
+    it("returns missing controls for GDPR", () => {
+        const res = handleRequest(callTool("list_missing_controls", { framework: "GDPR" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+    });
+});
+describe("list_framework_controls tool", () => {
+    it("returns all GDPR controls", () => {
+        const res = handleRequest(callTool("list_framework_controls", { framework: "GDPR" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+    });
+});
+describe("generate_retention_policy tool", () => {
+    it("generates a retention policy", () => {
+        const res = handleRequest(callTool("generate_retention_policy", { project_name: "TestApp" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+        expect(text).toContain("Retention");
+    });
+});
+describe("generate_incident_response tool", () => {
+    it("generates an incident response plan", () => {
+        const res = handleRequest(callTool("generate_incident_response", { project_name: "TestApp" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+        expect(text).toContain("Incident");
+    });
+});
+describe("generate_risk_assessment tool", () => {
+    it("generates a risk assessment", () => {
+        const res = handleRequest(callTool("generate_risk_assessment", { project_name: "TestApp" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+        expect(text).toContain("Risk");
+    });
+});
+describe("generate_dpa tool", () => {
+    it("generates a DPA", () => {
+        const res = handleRequest(callTool("generate_dpa", { project_name: "TestApp" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+        expect(text).toContain("Data Processing");
+    });
+});
+describe("generate_data_inventory tool", () => {
+    it("generates a data inventory", () => {
+        const res = handleRequest(callTool("generate_data_inventory", { project_name: "TestApp" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+    });
+});
+describe("generate_processing_records tool", () => {
+    it("generates processing records", () => {
+        const res = handleRequest(callTool("generate_processing_records", { project_name: "TestApp" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+    });
+});
+describe("fix_recommendation tool", () => {
+    it("returns guidance for a control ID", () => {
+        const res = handleRequest(callTool("fix_recommendation", { control_id: "GDPR-ART32-002" }));
+        const text = getResultText(res);
+        expect(text.length).toBeGreaterThan(0);
+    });
+});
+describe("unknown tool", () => {
+    it("returns error for unknown tool name", () => {
+        const res = handleRequest(callTool("nonexistent_tool"));
+        expect(res.error).toBeDefined();
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@greenarmor/ges-mcp-server",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "GESF MCP Server - AI Compliance Assistant for GDPR, OWASP, NIST, CIS. Check compliance, generate policies, assess risks via MCP protocol.",
   "keywords": [
     "ai",
@@ -44,27 +44,29 @@
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist bundle tsconfig.tsbuildinfo",
+    "prepublishOnly": "tsc",
+    "test": "vitest run"
+  },
   "dependencies": {
-    "@greenarmor/ges-core": "1.0.1",
-    "@greenarmor/ges-audit-engine": "1.0.1",
-    "@greenarmor/ges-compliance-engine": "1.0.1",
-    "@greenarmor/ges-doc-generator": "1.0.1",
-    "@greenarmor/ges-scoring-engine": "1.0.1",
-    "@greenarmor/ges-rules-engine": "1.0.1",
-    "@greenarmor/ges-report-generator": "1.0.1",
-    "@greenarmor/ges-policy-engine": "1.0.1"
+    "@greenarmor/ges-audit-engine": "workspace:*",
+    "@greenarmor/ges-compliance-engine": "workspace:*",
+    "@greenarmor/ges-core": "workspace:*",
+    "@greenarmor/ges-doc-generator": "workspace:*",
+    "@greenarmor/ges-policy-engine": "workspace:*",
+    "@greenarmor/ges-report-generator": "workspace:*",
+    "@greenarmor/ges-rules-engine": "workspace:*",
+    "@greenarmor/ges-scoring-engine": "workspace:*"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",
     "esbuild": "^0.28.0",
-    "typescript": "^6.0.0"
+    "typescript": "^6.0.0",
+    "vitest": "^4.1.8"
   },
   "engines": {
     "node": ">=20.0.0"
-  },
-  "scripts": {
-    "build": "tsc",
-    "clean": "rm -rf dist bundle tsconfig.tsbuildinfo",
-    "test": "echo \"no tests yet\""
   }
-}
+}

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2025–2026 greenarmor
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.