npm - @greenarmor/ges-mcp-server - Versions diffs - 1.2.4 → 1.2.5 - Mend

@greenarmor/ges-mcp-server 1.2.4 → 1.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/server.js +104 -3
package/package.json +12 -12

package/dist/server.js CHANGED Viewed

@@ -9,6 +9,7 @@ import { generateScoreFile, formatScoreOutput, computeGrade, generateBadgeSvg, i
 import { runAudit, deduplicateFindings } from "@greenarmor/ges-audit-engine";
 import { GESF_VERSION, GES_DIR, COMPLIANCE_DIR, SECURITY_DIR, CONTROLS_DIR, POLICIES_DIR, CHECKLISTS_DIR, DOCS_DIR, REPORTS_DIR, DEFAULT_FRAMEWORKS } from "@greenarmor/ges-core";
 import { appendFixHistory, createFixHistoryEntry } from "@greenarmor/ges-core";
+import { addFrameworkToConfig, removeFrameworkFromConfig, saveControlOverride, loadControlsFromDisk, recordActivity } from "@greenarmor/ges-core";
 import { ProjectConfigSchema } from "@greenarmor/ges-core";
 import { generateComplianceDocs, generateSecurityDocs, generateConfigJson, generateMetadataJson, generateFrameworkVersionJson, generateScoreJson } from "@greenarmor/ges-doc-generator";
 import { generateAllWorkflows } from "@greenarmor/ges-cicd-generator";
@@ -2201,6 +2202,14 @@ export function handleRequest(request) {
                         lines.push(`\n*Note: ${projectConfig.overrides.length} control overrides applied.*`);
                     }
                     resultText = lines.join("\n");
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "audit",
+                        title: `MCP audit completed`,
+                        description: `Scanned ${scannedFiles} files, found ${findings.length} findings (${critical.length} critical, ${high.length} high, ${medium.length} medium, ${low.length} low). Overall score: ${score.overall}%.`,
+                        status: critical.length > 0 ? "failed" : findings.length > 0 ? "partial" : "success",
+                        details: { findings_count: findings.length, score: score.overall, files_scanned: scannedFiles },
+                    });
                     break;
                 }
                 case "generate_compliance_report": {
@@ -2318,13 +2327,18 @@ export function handleRequest(request) {
                     let projectControls = [];
                     try {
                         const configPath = path.join(projectPath, ".ges", "config.json");
+                        let inMemoryControls = [];
                         if (fs.existsSync(configPath)) {
                             const cfg = JSON.parse(fs.readFileSync(configPath, "utf-8"));
                             const fwLower = new Set(cfg.frameworks.map((f) => f.toLowerCase()));
                             const allPacks = getAllPacks();
                             const filtered = allPacks.filter((pack) => fwLower.has(pack.id.toLowerCase()));
-                            projectControls = filtered.flatMap((p) => p.controls);
+                            inMemoryControls = filtered.flatMap((p) => p.controls);
                         }
+                        const diskControls = loadControlsFromDisk(projectPath);
+                        const seenIds = new Set(inMemoryControls.map(c => c.id));
+                        const extraFromDisk = diskControls.filter(c => !seenIds.has(c.id));
+                        projectControls = [...inMemoryControls, ...extraFromDisk];
                     }
                     catch { /* ignore */ }
                     const npmInstalls = getNpmInstallsFromActions(actions);
@@ -2423,6 +2437,14 @@ export function handleRequest(request) {
                     lines.push("4. Address remaining manual review items");
                     lines.push("5. Use `fix_recommendation` tool for detailed guidance on manual items");
                     resultText = lines.join("\n");
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "fix",
+                        title: `MCP auto-fix ${dryRun ? "planned" : "applied"}: ${applied} fixes`,
+                        description: `${dryRun ? "Planned" : "Applied"} ${applied} fix(es)${failed > 0 ? ` (${failed} failed)` : ""}. Scanned ${scannedFiles} files, ${findings.length} findings found.`,
+                        status: failed > 0 ? "partial" : "success",
+                        details: { fixes_applied: applied, findings_count: findings.length },
+                    });
                     break;
                 }
                 case "apply_control_override": {
@@ -2471,6 +2493,13 @@ export function handleRequest(request) {
                         `\nRun \`ges audit\` then \`ges score\` to see the updated compliance score.`,
                     ];
                     resultText = lines.join("\n");
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "control_override",
+                        title: `Control ${controlId} → ${status}`,
+                        description: `MCP applied override: control ${controlId} set to ${status}. Reason: ${reason || "(none)"}`,
+                        details: { controls_affected: [controlId] },
+                    });
                     break;
                 }
                 case "implement_control": {
@@ -2536,18 +2565,27 @@ export function handleRequest(request) {
                         break;
                     }
                     lines.push(`**Control**: ${plan.name}\n`);
+                    let appliedCount = 0;
+                    let skippedCount = 0;
                     for (const action of plan.actions) {
                         const result = applyAutoFixAction(projectPath, action);
                         if (result.applied) {
+                            appliedCount++;
                             lines.push(`- ✓ [${action.type}] ${action.filePath}: ${action.description}`);
                         }
                         else if (result.error === "File already exists") {
+                            skippedCount++;
                             lines.push(`- → [${action.type}] ${action.filePath}: Already exists (skipped)`);
                         }
                         else {
                             lines.push(`- ✗ [${action.type}] ${action.filePath}: ${result.error}`);
                         }
                     }
+                    if (appliedCount > 0 || skippedCount > 0) {
+                        saveControlOverride(projectPath, controlId, "pass", `Auto-implemented by GESF (${plan.name})`);
+                        lines.push(`\n✅ Control **${controlId}** marked as **pass** in .ges/control-overrides.json`);
+                        lines.push(`   The dashboard will reflect this immediately.`);
+                    }
                     const npmInstalls = getNpmInstallsFromActions(plan.actions);
                     if (npmInstalls.length > 0) {
                         lines.push(`\n## Install Dependencies\n`);
@@ -2564,8 +2602,14 @@ export function handleRequest(request) {
                     lines.push("1. Install any npm packages listed above");
                     lines.push("2. Import and integrate the generated files into your app");
                     lines.push("3. Run `ges audit` to verify the control is now passing");
-                    lines.push(`4. Or use \`apply_control_override\` with control_id="${controlId}" if verified manually`);
                     resultText = lines.join("\n");
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "implement_control",
+                        title: `Control implemented: ${controlId} (${plan.name})`,
+                        description: `Auto-implemented control ${controlId} (${plan.name}). ${appliedCount} actions applied, ${skippedCount} skipped. Control marked as pass.`,
+                        details: { controls_affected: [controlId], files_created: plan.actions.filter(a => a.type === "create").map(a => a.filePath) },
+                    });
                     break;
                 }
                 case "generate_badge": {
@@ -2725,6 +2769,13 @@ export function handleRequest(request) {
                     lines.push(`3. Run \`ges badge\` to generate a compliance badge for README`);
                     lines.push(`4. Review and customize documents in compliance/ and security/`);
                     resultText = lines.join("\n");
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "init",
+                        title: `Project initialized: ${projectName}`,
+                        description: `Initialized GESF for ${projectType} project with frameworks: ${frameworks.join(", ")}. Installed ${packs.length} policy packs.`,
+                        details: { packs_affected: packs.map(p => p.id), frameworks_added: frameworks.map(f => String(f)) },
+                    });
                     break;
                 }
                 case "run_scans": {
@@ -2755,6 +2806,13 @@ export function handleRequest(request) {
                         lines.push(`\n**${failed.length} scanner(s) reported failures.** Review findings above.`);
                     }
                     resultText = lines.join("\n");
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "scan",
+                        title: `MCP security scans completed (${results.length} tools)`,
+                        description: `Ran ${results.length} scanner(s) for ${ecosystemDetail} ecosystem. ${results.filter(r => r.status === "pass").length} passed, ${failed.length} failed.`,
+                        status: failed.length > 0 ? "partial" : "success",
+                    });
                     break;
                 }
                 case "doctor": {
@@ -2889,6 +2947,13 @@ export function handleRequest(request) {
                     }
                     lines.push(hasErrors ? "\n❌ **Validation failed.** Fix the issues above." : "\n✅ **All validations passed.**");
                     resultText = lines.join("\n");
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "validate",
+                        title: `MCP validation ${hasErrors ? "failed" : "passed"}`,
+                        description: hasErrors ? "Configuration or directory structure has issues." : "All validations passed.",
+                        status: hasErrors ? "failed" : "success",
+                    });
                     break;
                 }
                 case "policy_list": {
@@ -2924,7 +2989,23 @@ export function handleRequest(request) {
                     const packDir = path.join(projectPath, CONTROLS_DIR, pack.id);
                     fs.mkdirSync(packDir, { recursive: true });
                     fs.writeFileSync(path.join(packDir, "controls.json"), JSON.stringify(pack.controls, null, 2));
-                    resultText = `✅ Installed policy pack: **${pack.id}** (${pack.name})\n${pack.controls.length} controls written to ${CONTROLS_DIR}/${pack.id}/controls.json`;
+                    const addedToConfig = addFrameworkToConfig(projectPath, pack.id.toUpperCase());
+                    const lines = [
+                        `✅ Installed policy pack: **${pack.id}** (${pack.name})`,
+                        `${pack.controls.length} controls written to ${CONTROLS_DIR}/${pack.id}/controls.json`,
+                    ];
+                    if (addedToConfig) {
+                        lines.push(`Added ${pack.id.toUpperCase()} to project frameworks in .ges/config.json`);
+                    }
+                    lines.push(`The web dashboard will now reflect this pack's controls.`);
+                    resultText = lines.join("\n");
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "policy_install",
+                        title: `MCP installed pack: ${pack.name}`,
+                        description: `Installed ${pack.controls.length} controls from ${pack.id} pack.${addedToConfig ? ` Added ${pack.id.toUpperCase()} to config frameworks.` : ""}`,
+                        details: { packs_affected: [pack.id], frameworks_added: addedToConfig ? [pack.id.toUpperCase()] : [] },
+                    });
                     break;
                 }
                 case "policy_remove": {
@@ -2940,7 +3021,15 @@ export function handleRequest(request) {
                         break;
                     }
                     fs.rmSync(packDir, { recursive: true, force: true });
+                    removeFrameworkFromConfig(projectPath, packId.toUpperCase());
                     resultText = `✅ Removed policy pack: **${packId}** from ${projectPath}`;
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "policy_remove",
+                        title: `MCP removed pack: ${packId}`,
+                        description: `Removed ${packId} pack and its controls from the project.`,
+                        details: { packs_affected: [packId] },
+                    });
                     break;
                 }
                 case "update_check": {
@@ -2991,6 +3080,12 @@ export function handleRequest(request) {
                     fs.writeFileSync(hookPath, hookContent);
                     fs.chmodSync(hookPath, 0o755);
                     resultText = `✅ Installed pre-commit hook at ${hookPath}\n\nThe hook will run 'ges audit --ci' before allowing commits.\n- To bypass: \`git commit --no-verify\`\n- To remove: use \`install_hooks\` with action: "uninstall"`;
+                    recordActivity(projectPath, {
+                        source: "mcp",
+                        action: "hooks_install",
+                        title: `MCP installed pre-commit hook`,
+                        description: `Installed pre-commit hook that runs 'ges audit --ci' before each commit.`,
+                    });
                     break;
                 }
                 case "start_dashboard": {
@@ -3029,6 +3124,12 @@ export function handleRequest(request) {
                         lines.push(`- Control status matrix`);
                         lines.push(`- Audit history timeline`);
                         resultText = lines.join("\n");
+                        recordActivity(projectPath, {
+                            source: "mcp",
+                            action: "dashboard_start",
+                            title: `Dashboard started on ${host}:${port}`,
+                            description: `Web dashboard is running at http://${host}:${port}`,
+                        });
                     }
                     catch (err) {
                         const msg = err instanceof Error ? err.message : String(err);

package/package.json CHANGED Viewed

@@ -3,17 +3,17 @@
     "ges-mcp": "dist/server.js"
   },
   "dependencies": {
-    "@greenarmor/ges-audit-engine": "1.2.4",
-    "@greenarmor/ges-cicd-generator": "1.2.4",
-    "@greenarmor/ges-compliance-engine": "1.2.4",
-    "@greenarmor/ges-core": "1.2.4",
-    "@greenarmor/ges-doc-generator": "1.2.4",
-    "@greenarmor/ges-policy-engine": "1.2.4",
-    "@greenarmor/ges-report-generator": "1.2.4",
-    "@greenarmor/ges-rules-engine": "1.2.4",
-    "@greenarmor/ges-scanner-integration": "1.2.4",
-    "@greenarmor/ges-scoring-engine": "1.2.4",
-    "@greenarmor/ges-web-dashboard": "1.2.4"
+    "@greenarmor/ges-audit-engine": "1.2.5",
+    "@greenarmor/ges-cicd-generator": "1.2.5",
+    "@greenarmor/ges-compliance-engine": "1.2.5",
+    "@greenarmor/ges-core": "1.2.5",
+    "@greenarmor/ges-doc-generator": "1.2.5",
+    "@greenarmor/ges-policy-engine": "1.2.5",
+    "@greenarmor/ges-report-generator": "1.2.5",
+    "@greenarmor/ges-rules-engine": "1.2.5",
+    "@greenarmor/ges-scanner-integration": "1.2.5",
+    "@greenarmor/ges-scoring-engine": "1.2.5",
+    "@greenarmor/ges-web-dashboard": "1.2.5"
   },
   "description": "GESF MCP Server - AI Compliance Assistant for GDPR, OWASP, NIST, CIS. Check compliance, generate policies, assess risks via MCP protocol.",
   "devDependencies": {
@@ -67,7 +67,7 @@
   },
   "type": "module",
   "types": "./dist/index.d.ts",
-  "version": "1.2.4",
+  "version": "1.2.5",
   "scripts": {
     "build": "tsc",
     "clean": "rm -rf dist bundle tsconfig.tsbuildinfo",