@pactosigna/mcp-server 0.1.10 → 0.1.11

package/dist/index.js

@@ -21848,7 +21848,18 @@ var REQUIRED_SECTIONS = {
   audit_schedule: ["Scope", "Audit Criteria"],
   audit_report: ["Scope", "Methodology", "Findings", "Conclusion"],
   management_review: ["Review Inputs", "Review Outputs", "Action Items", "Decisions"],
-  hazard_category: ["Description", "Examples", "Applicable Standards"]
+  hazard_category: ["Description", "Examples", "Applicable Standards"],
+  software_risk: ["Harm Assessment"],
+  security_risk: ["Harm Assessment"],
+  usability_risk: ["Harm Assessment"],
+  haz_soe_software: ["Intended Function", "Failure Cause", "Failure Mode", "Failure Effect"],
+  haz_soe_security: [
+    "STRIDE Category & Threat",
+    "Asset",
+    "Vulnerability",
+    "Actor & Attack Vector",
+    "Adverse Impact"
+  ]
 };
 var MemberPermissionsSchema = external_exports.object({
   canSign: external_exports.boolean(),
@@ -22124,6 +22135,114 @@ var ListActionsResponseSchema = external_exports.object({
   limit: external_exports.number(),
   hasMore: external_exports.boolean()
 });
+var CapaStatusSchema = external_exports.enum(CAPA_STATUSES);
+var CapaClassificationSchema = external_exports.enum(CAPA_CLASSIFICATIONS);
+var CapaPrioritySchema = external_exports.enum(CAPA_PRIORITIES);
+var CapaSourceTypeSchema = external_exports.enum(CAPA_SOURCE_TYPES);
+var CapaActionStatusSchema = external_exports.enum(CAPA_ACTION_STATUSES);
+var QmsCapaParamSchema = external_exports.object({
+  orgId: external_exports.string().min(1),
+  qmsId: external_exports.string().min(1)
+});
+var CapaIdParamSchema = external_exports.object({
+  orgId: external_exports.string().min(1),
+  qmsId: external_exports.string().min(1),
+  capaId: external_exports.string().min(1)
+});
+var CapaActionIdParamSchema = external_exports.object({
+  orgId: external_exports.string().min(1),
+  qmsId: external_exports.string().min(1),
+  capaId: external_exports.string().min(1),
+  actionId: external_exports.string().min(1)
+});
+var CreateCapaRequestSchema = external_exports.object({
+  classification: CapaClassificationSchema,
+  priority: CapaPrioritySchema,
+  title: external_exports.string().min(1).max(200),
+  description: external_exports.string().min(1).max(5e3),
+  sourceType: CapaSourceTypeSchema,
+  sourceDescription: external_exports.string().min(1).max(2e3),
+  sourceId: external_exports.string().max(200).optional(),
+  dueDate: external_exports.string().datetime().optional(),
+  affectedDocumentIds: external_exports.array(external_exports.string().min(1)).default([]),
+  affectedDeviceIds: external_exports.array(external_exports.string().min(1)).default([])
+});
+var UpdateCapaRequestSchema = external_exports.object({
+  title: external_exports.string().min(1).max(200).optional(),
+  description: external_exports.string().min(1).max(5e3).optional(),
+  priority: CapaPrioritySchema.optional(),
+  rootCauseDescription: external_exports.string().max(5e3).optional(),
+  verificationDescription: external_exports.string().max(5e3).optional(),
+  affectedDocumentIds: external_exports.array(external_exports.string().min(1)).optional(),
+  affectedDeviceIds: external_exports.array(external_exports.string().min(1)).optional(),
+  dueDate: external_exports.string().datetime().nullable().optional()
+});
+var CloseCapaRequestSchema = external_exports.object({
+  signatureId: external_exports.string().min(1)
+});
+var AddCapaActionRequestSchema = external_exports.object({
+  description: external_exports.string().min(1).max(2e3),
+  assigneeId: external_exports.string().min(1),
+  dueDate: external_exports.string().datetime(),
+  notes: external_exports.string().max(2e3).optional()
+});
+var UpdateCapaActionRequestSchema = external_exports.object({
+  description: external_exports.string().min(1).max(2e3).optional(),
+  assigneeId: external_exports.string().min(1).optional(),
+  dueDate: external_exports.string().datetime().optional(),
+  status: CapaActionStatusSchema.optional(),
+  notes: external_exports.string().max(2e3).optional()
+});
+var CapaListQuerySchema = PaginationParamsSchema.extend({
+  status: CapaStatusSchema.optional(),
+  classification: CapaClassificationSchema.optional(),
+  priority: CapaPrioritySchema.optional()
+});
+var CapaActionResponseSchema = external_exports.object({
+  id: external_exports.string(),
+  description: external_exports.string(),
+  assigneeId: external_exports.string(),
+  assigneeEmail: external_exports.string(),
+  dueDate: external_exports.string(),
+  status: CapaActionStatusSchema,
+  completedAt: external_exports.string().optional(),
+  notes: external_exports.string().optional()
+});
+var CapaResponseSchema = external_exports.object({
+  id: external_exports.string(),
+  qmsId: external_exports.string(),
+  organizationId: external_exports.string(),
+  capaNumber: external_exports.string(),
+  classification: CapaClassificationSchema,
+  priority: CapaPrioritySchema,
+  title: external_exports.string(),
+  description: external_exports.string(),
+  sourceType: CapaSourceTypeSchema,
+  sourceId: external_exports.string().optional(),
+  sourceDescription: external_exports.string(),
+  rootCauseDescription: external_exports.string().optional(),
+  verificationDescription: external_exports.string().optional(),
+  affectedDocumentIds: external_exports.array(external_exports.string()),
+  affectedDeviceIds: external_exports.array(external_exports.string()),
+  actions: external_exports.array(CapaActionResponseSchema),
+  status: CapaStatusSchema,
+  createdAt: external_exports.string(),
+  createdBy: external_exports.string(),
+  investigationStartedAt: external_exports.string().optional(),
+  implementationStartedAt: external_exports.string().optional(),
+  verificationStartedAt: external_exports.string().optional(),
+  closedAt: external_exports.string().optional(),
+  closedBy: external_exports.string().optional(),
+  cancelledAt: external_exports.string().optional(),
+  cancelledBy: external_exports.string().optional(),
+  dueDate: external_exports.string().optional()
+});
+var CapaListResponseSchema = external_exports.object({
+  items: external_exports.array(CapaResponseSchema),
+  total: external_exports.number(),
+  limit: external_exports.number(),
+  offset: external_exports.number()
+});
 var ComplaintStatusSchema = external_exports.enum(COMPLAINT_STATUSES);
 var ComplaintSeveritySchema = external_exports.enum(COMPLAINT_SEVERITIES);
 var ComplaintCategorySchema = external_exports.enum(COMPLAINT_CATEGORIES);
@@ -22347,114 +22466,6 @@ var RequestDCOExportResponseSchema = external_exports.object({
   message: external_exports.string(),
   estimatedMinutes: external_exports.number()
 });
-var CapaStatusSchema = external_exports.enum(CAPA_STATUSES);
-var CapaClassificationSchema = external_exports.enum(CAPA_CLASSIFICATIONS);
-var CapaPrioritySchema = external_exports.enum(CAPA_PRIORITIES);
-var CapaSourceTypeSchema = external_exports.enum(CAPA_SOURCE_TYPES);
-var CapaActionStatusSchema = external_exports.enum(CAPA_ACTION_STATUSES);
-var QmsCapaParamSchema = external_exports.object({
-  orgId: external_exports.string().min(1),
-  qmsId: external_exports.string().min(1)
-});
-var CapaIdParamSchema = external_exports.object({
-  orgId: external_exports.string().min(1),
-  qmsId: external_exports.string().min(1),
-  capaId: external_exports.string().min(1)
-});
-var CapaActionIdParamSchema = external_exports.object({
-  orgId: external_exports.string().min(1),
-  qmsId: external_exports.string().min(1),
-  capaId: external_exports.string().min(1),
-  actionId: external_exports.string().min(1)
-});
-var CreateCapaRequestSchema = external_exports.object({
-  classification: CapaClassificationSchema,
-  priority: CapaPrioritySchema,
-  title: external_exports.string().min(1).max(200),
-  description: external_exports.string().min(1).max(5e3),
-  sourceType: CapaSourceTypeSchema,
-  sourceDescription: external_exports.string().min(1).max(2e3),
-  sourceId: external_exports.string().max(200).optional(),
-  dueDate: external_exports.string().datetime().optional(),
-  affectedDocumentIds: external_exports.array(external_exports.string().min(1)).default([]),
-  affectedDeviceIds: external_exports.array(external_exports.string().min(1)).default([])
-});
-var UpdateCapaRequestSchema = external_exports.object({
-  title: external_exports.string().min(1).max(200).optional(),
-  description: external_exports.string().min(1).max(5e3).optional(),
-  priority: CapaPrioritySchema.optional(),
-  rootCauseDescription: external_exports.string().max(5e3).optional(),
-  verificationDescription: external_exports.string().max(5e3).optional(),
-  affectedDocumentIds: external_exports.array(external_exports.string().min(1)).optional(),
-  affectedDeviceIds: external_exports.array(external_exports.string().min(1)).optional(),
-  dueDate: external_exports.string().datetime().nullable().optional()
-});
-var CloseCapaRequestSchema = external_exports.object({
-  signatureId: external_exports.string().min(1)
-});
-var AddCapaActionRequestSchema = external_exports.object({
-  description: external_exports.string().min(1).max(2e3),
-  assigneeId: external_exports.string().min(1),
-  dueDate: external_exports.string().datetime(),
-  notes: external_exports.string().max(2e3).optional()
-});
-var UpdateCapaActionRequestSchema = external_exports.object({
-  description: external_exports.string().min(1).max(2e3).optional(),
-  assigneeId: external_exports.string().min(1).optional(),
-  dueDate: external_exports.string().datetime().optional(),
-  status: CapaActionStatusSchema.optional(),
-  notes: external_exports.string().max(2e3).optional()
-});
-var CapaListQuerySchema = PaginationParamsSchema.extend({
-  status: CapaStatusSchema.optional(),
-  classification: CapaClassificationSchema.optional(),
-  priority: CapaPrioritySchema.optional()
-});
-var CapaActionResponseSchema = external_exports.object({
-  id: external_exports.string(),
-  description: external_exports.string(),
-  assigneeId: external_exports.string(),
-  assigneeEmail: external_exports.string(),
-  dueDate: external_exports.string(),
-  status: CapaActionStatusSchema,
-  completedAt: external_exports.string().optional(),
-  notes: external_exports.string().optional()
-});
-var CapaResponseSchema = external_exports.object({
-  id: external_exports.string(),
-  qmsId: external_exports.string(),
-  organizationId: external_exports.string(),
-  capaNumber: external_exports.string(),
-  classification: CapaClassificationSchema,
-  priority: CapaPrioritySchema,
-  title: external_exports.string(),
-  description: external_exports.string(),
-  sourceType: CapaSourceTypeSchema,
-  sourceId: external_exports.string().optional(),
-  sourceDescription: external_exports.string(),
-  rootCauseDescription: external_exports.string().optional(),
-  verificationDescription: external_exports.string().optional(),
-  affectedDocumentIds: external_exports.array(external_exports.string()),
-  affectedDeviceIds: external_exports.array(external_exports.string()),
-  actions: external_exports.array(CapaActionResponseSchema),
-  status: CapaStatusSchema,
-  createdAt: external_exports.string(),
-  createdBy: external_exports.string(),
-  investigationStartedAt: external_exports.string().optional(),
-  implementationStartedAt: external_exports.string().optional(),
-  verificationStartedAt: external_exports.string().optional(),
-  closedAt: external_exports.string().optional(),
-  closedBy: external_exports.string().optional(),
-  cancelledAt: external_exports.string().optional(),
-  cancelledBy: external_exports.string().optional(),
-  dueDate: external_exports.string().optional()
-});
-var CapaListResponseSchema = external_exports.object({
-  items: external_exports.array(CapaResponseSchema),
-  total: external_exports.number(),
-  limit: external_exports.number(),
-  offset: external_exports.number()
-});
 var RegulatoryFrameworkSchema = external_exports.enum([
   "ISO_13485",
   "IEC_62304",
@@ -22555,11 +22566,12 @@ var RiskDocumentStatusSchema = external_exports.enum([
   "archived",
   "example"
 ]);
-var MitigationTargetSchema = external_exports.enum([
-  "sequence_probability",
-  "harm_probability",
-  "severity"
+var IsoCategorySchema = external_exports.enum([
+  "safe_design",
+  "protective_measure",
+  "safety_information"
 ]);
+var ReducesTargetSchema = external_exports.enum(["p1_sequence", "p2_harm", "severity"]);
 var RiskGapCodeSchema = external_exports.enum([
   "hazard_no_situation",
   "situation_no_harm",
@@ -22577,13 +22589,19 @@ var RiskGapCodeSchema = external_exports.enum([
   "architecture_no_parent",
   "haz_missing_category",
   "haz_invalid_category",
-  "category_not_approved"
+  "category_not_approved",
+  "missing_iso_category",
+  "missing_risk_acceptable",
+  "unacceptable_no_benefit",
+  "preliminary_not_analyzed",
+  "missing_body_rationale",
+  "orphaned_body_section"
 ]);
 var RiskGapSeveritySchema = external_exports.enum(["error", "warning"]);
 var MitigationSchema = external_exports.object({
   control: external_exports.string().min(1),
-  reduces: MitigationTargetSchema,
-  for_harm: external_exports.string().optional()
+  iso_category: IsoCategorySchema,
+  reduces: ReducesTargetSchema
 });
 var HarmAssessmentSchema = external_exports.object({
   harm: external_exports.string().min(1),
@@ -22591,48 +22609,80 @@ var HarmAssessmentSchema = external_exports.object({
   inherent_exploitability: external_exports.number().int().min(1).max(5).optional(),
   residual_probability: external_exports.number().int().min(1).max(5).optional(),
   residual_exploitability: external_exports.number().int().min(1).max(5).optional(),
-  residual_severity_override: external_exports.number().int().min(1).max(5).optional()
+  harm_severity_override: external_exports.number().int().min(1).max(5).optional(),
+  risk_acceptable: external_exports.boolean(),
+  benefit_outweighs_risk: external_exports.boolean().optional()
+});
+var HazardousSituationAssessmentSchema = external_exports.object({
+  hazardous_situation: external_exports.string().min(1),
+  mitigations: external_exports.array(MitigationSchema).optional(),
+  harms: external_exports.array(HarmAssessmentSchema).min(1)
 });
 var RiskEntryFrontmatterSchema = external_exports.object({
   type: external_exports.enum(["software_risk", "usability_risk", "security_risk"]),
   id: external_exports.string().min(1),
   title: external_exports.string().min(1),
   status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
   analyzes: external_exports.string().min(1),
-  hazardous_situation: external_exports.string().min(1),
-  harm_assessments: external_exports.array(HarmAssessmentSchema).min(1),
   mitigations: external_exports.array(MitigationSchema).optional(),
+  hazardous_situation_assessments: external_exports.array(HazardousSituationAssessmentSchema).min(1),
   cvss_score: external_exports.number().min(0).max(10).optional(),
   cvss_vector: external_exports.string().regex(
     /^CVSS:3\.[01]\/AV:[NALP]\/AC:[LH]\/PR:[NLH]\/UI:[NR]\/S:[UC]\/C:[NLH]\/I:[NLH]\/A:[NLH]$/
   ).optional()
 }).refine(
   (data) => {
+    const allHarms = data.hazardous_situation_assessments.flatMap((hsa) => hsa.harms);
     if (data.type === "security_risk") {
-      return data.harm_assessments.every((ha) => ha.inherent_exploitability != null);
+      return allHarms.every((ha) => ha.inherent_exploitability != null);
     }
-    return data.harm_assessments.every((ha) => ha.inherent_probability != null);
+    return allHarms.every((ha) => ha.inherent_probability != null);
   },
   {
     message: "Security risks must use inherent_exploitability; software/usability risks must use inherent_probability"
   }
+).refine(
+  (data) => {
+    const allHarms = data.hazardous_situation_assessments.flatMap((hsa) => hsa.harms);
+    return allHarms.every((ha) => ha.risk_acceptable || ha.benefit_outweighs_risk != null);
+  },
+  {
+    message: "benefit_outweighs_risk required when risk_acceptable is false"
+  }
 );
-var HazardFrontmatterSchema = external_exports.object({
-  type: external_exports.enum(["haz_soe_software", "haz_soe_security"]),
+var HazardSoftwareFrontmatterSchema = external_exports.object({
+  type: external_exports.literal("haz_soe_software"),
+  id: external_exports.string().min(1),
+  title: external_exports.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
+  preliminary: external_exports.boolean().default(false),
+  leads_to: external_exports.array(external_exports.string()).optional(),
+  hazard_category: external_exports.string().optional(),
+  detection_score: external_exports.number().int().min(1).max(5).optional(),
+  detection_method: external_exports.string().optional()
+});
+var HazardSecurityFrontmatterSchema = external_exports.object({
+  type: external_exports.literal("haz_soe_security"),
   id: external_exports.string().min(1),
   title: external_exports.string().min(1),
   status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
+  preliminary: external_exports.boolean().default(false),
   leads_to: external_exports.array(external_exports.string()).optional(),
-  // sFMEA fields
-  failure_mode: external_exports.string().optional(),
-  cause: external_exports.string().optional(),
-  detection_method: external_exports.string().optional(),
-  // STRIDE fields
-  threat_category: external_exports.string().optional(),
-  attack_vector: external_exports.string().optional(),
-  // Hazard category reference (HC-xxx)
   hazard_category: external_exports.string().optional()
 });
+var HazardFrontmatterSchema = external_exports.discriminatedUnion("type", [
+  HazardSoftwareFrontmatterSchema,
+  HazardSecurityFrontmatterSchema
+]);
 var HazardCategoryFrontmatterSchema = external_exports.object({
   type: external_exports.literal("hazard_category"),
   id: external_exports.string().min(1),
@@ -24080,10 +24130,13 @@ var HarmAssessmentEntrySchema = external_exports.object({
   harmSeverity: RiskValueSchema,
   inherentProbability: RiskValueSchema,
   residualProbability: RiskValueSchema,
-  residualSeverityOverride: RiskValueSchema.optional(),
+  harmSeverityOverride: RiskValueSchema.optional(),
   residualSeverity: RiskValueSchema,
   inherentAcceptability: AcceptabilityStatusSchema,
-  residualAcceptability: AcceptabilityStatusSchema
+  residualAcceptability: AcceptabilityStatusSchema,
+  riskAcceptable: external_exports.boolean(),
+  benefitOutweighsRisk: external_exports.boolean().optional(),
+  hazardousSituation: external_exports.string().optional()
 });
 var RiskEntrySchema = external_exports.object({
   id: external_exports.string(),
@@ -24137,6 +24190,8 @@ var RiskListItemSchema = external_exports.object({
   worstResidualProbability: RiskValueSchema.optional(),
   worstAcceptability: AcceptabilityStatusSchema.optional(),
   mitigationsCount: external_exports.number().int().min(0),
+  topLevelMitigationsCount: external_exports.number().int().min(0),
+  perHsMitigationsCount: external_exports.number().int().min(0),
   hasRiskBenefit: external_exports.boolean(),
   cvssScore: external_exports.number().min(0).max(10).optional(),
   cvssVector: external_exports.string().optional()
@@ -25781,7 +25836,7 @@ var client = new PactoSignaApiClient({
   apiKey: PACTOSIGNA_API_KEY
 });
 var server = new Server(
-  { name: "pactosigna", version: "0.1.10" },
+  { name: "pactosigna", version: "0.1.11" },
   { capabilities: { tools: {} } }
 );
 server.setRequestHandler(ListToolsRequestSchema, async () => ({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pactosigna/mcp-server",
-  "version": "0.1.10",
+  "version": "0.1.11",
   "type": "module",
   "description": "MCP server for PactoSigna QMS — connects Claude Desktop, Cursor, and other AI tools to your quality management system",
   "bin": {