npm - @pactosigna/mcp-server - Versions diffs - 0.1.10 → 0.1.12 - Mend

@pactosigna/mcp-server 0.1.10 → 0.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +264 -150
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -21840,15 +21840,27 @@ var LINK_TYPES = {
   analyzes: "Analyzes"
 };
 var REQUIRED_SECTIONS = {
-  user_need: ["Purpose", "Stakeholder", "User Needs"],
-  architecture: ["Purpose"],
+  user_need: ["User Story", "Validation Criteria"],
+  architecture: ["Purpose", "Architecture Overview", "Interfaces"],
+  detailed_design: ["Purpose", "Detailed Design", "Interfaces"],
   release_plan: ["Scope", "Applicable Plans", "Release-Specific Criteria", "Known Anomalies"],
   design_review: ["Review Scope", "Attendees", "Findings", "Actions", "Conclusion"],
   release_notes: ["Changes", "Known Issues"],
   audit_schedule: ["Scope", "Audit Criteria"],
   audit_report: ["Scope", "Methodology", "Findings", "Conclusion"],
   management_review: ["Review Inputs", "Review Outputs", "Action Items", "Decisions"],
-  hazard_category: ["Description", "Examples", "Applicable Standards"]
+  hazard_category: ["Description", "Examples", "Applicable Standards"],
+  software_risk: ["Harm Assessment"],
+  security_risk: ["Harm Assessment"],
+  usability_risk: ["Harm Assessment"],
+  haz_soe_software: ["Intended Function", "Failure Cause", "Failure Mode", "Failure Effect"],
+  haz_soe_security: [
+    "STRIDE Category & Threat",
+    "Asset",
+    "Vulnerability",
+    "Actor & Attack Vector",
+    "Adverse Impact"
+  ]
 };
 var MemberPermissionsSchema = external_exports.object({
   canSign: external_exports.boolean(),
@@ -22124,6 +22136,114 @@ var ListActionsResponseSchema = external_exports.object({
   limit: external_exports.number(),
   hasMore: external_exports.boolean()
 });
+var CapaStatusSchema = external_exports.enum(CAPA_STATUSES);
+var CapaClassificationSchema = external_exports.enum(CAPA_CLASSIFICATIONS);
+var CapaPrioritySchema = external_exports.enum(CAPA_PRIORITIES);
+var CapaSourceTypeSchema = external_exports.enum(CAPA_SOURCE_TYPES);
+var CapaActionStatusSchema = external_exports.enum(CAPA_ACTION_STATUSES);
+var QmsCapaParamSchema = external_exports.object({
+  orgId: external_exports.string().min(1),
+  qmsId: external_exports.string().min(1)
+});
+var CapaIdParamSchema = external_exports.object({
+  orgId: external_exports.string().min(1),
+  qmsId: external_exports.string().min(1),
+  capaId: external_exports.string().min(1)
+});
+var CapaActionIdParamSchema = external_exports.object({
+  orgId: external_exports.string().min(1),
+  qmsId: external_exports.string().min(1),
+  capaId: external_exports.string().min(1),
+  actionId: external_exports.string().min(1)
+});
+var CreateCapaRequestSchema = external_exports.object({
+  classification: CapaClassificationSchema,
+  priority: CapaPrioritySchema,
+  title: external_exports.string().min(1).max(200),
+  description: external_exports.string().min(1).max(5e3),
+  sourceType: CapaSourceTypeSchema,
+  sourceDescription: external_exports.string().min(1).max(2e3),
+  sourceId: external_exports.string().max(200).optional(),
+  dueDate: external_exports.string().datetime().optional(),
+  affectedDocumentIds: external_exports.array(external_exports.string().min(1)).default([]),
+  affectedDeviceIds: external_exports.array(external_exports.string().min(1)).default([])
+});
+var UpdateCapaRequestSchema = external_exports.object({
+  title: external_exports.string().min(1).max(200).optional(),
+  description: external_exports.string().min(1).max(5e3).optional(),
+  priority: CapaPrioritySchema.optional(),
+  rootCauseDescription: external_exports.string().max(5e3).optional(),
+  verificationDescription: external_exports.string().max(5e3).optional(),
+  affectedDocumentIds: external_exports.array(external_exports.string().min(1)).optional(),
+  affectedDeviceIds: external_exports.array(external_exports.string().min(1)).optional(),
+  dueDate: external_exports.string().datetime().nullable().optional()
+});
+var CloseCapaRequestSchema = external_exports.object({
+  signatureId: external_exports.string().min(1)
+});
+var AddCapaActionRequestSchema = external_exports.object({
+  description: external_exports.string().min(1).max(2e3),
+  assigneeId: external_exports.string().min(1),
+  dueDate: external_exports.string().datetime(),
+  notes: external_exports.string().max(2e3).optional()
+});
+var UpdateCapaActionRequestSchema = external_exports.object({
+  description: external_exports.string().min(1).max(2e3).optional(),
+  assigneeId: external_exports.string().min(1).optional(),
+  dueDate: external_exports.string().datetime().optional(),
+  status: CapaActionStatusSchema.optional(),
+  notes: external_exports.string().max(2e3).optional()
+});
+var CapaListQuerySchema = PaginationParamsSchema.extend({
+  status: CapaStatusSchema.optional(),
+  classification: CapaClassificationSchema.optional(),
+  priority: CapaPrioritySchema.optional()
+});
+var CapaActionResponseSchema = external_exports.object({
+  id: external_exports.string(),
+  description: external_exports.string(),
+  assigneeId: external_exports.string(),
+  assigneeEmail: external_exports.string(),
+  dueDate: external_exports.string(),
+  status: CapaActionStatusSchema,
+  completedAt: external_exports.string().optional(),
+  notes: external_exports.string().optional()
+});
+var CapaResponseSchema = external_exports.object({
+  id: external_exports.string(),
+  qmsId: external_exports.string(),
+  organizationId: external_exports.string(),
+  capaNumber: external_exports.string(),
+  classification: CapaClassificationSchema,
+  priority: CapaPrioritySchema,
+  title: external_exports.string(),
+  description: external_exports.string(),
+  sourceType: CapaSourceTypeSchema,
+  sourceId: external_exports.string().optional(),
+  sourceDescription: external_exports.string(),
+  rootCauseDescription: external_exports.string().optional(),
+  verificationDescription: external_exports.string().optional(),
+  affectedDocumentIds: external_exports.array(external_exports.string()),
+  affectedDeviceIds: external_exports.array(external_exports.string()),
+  actions: external_exports.array(CapaActionResponseSchema),
+  status: CapaStatusSchema,
+  createdAt: external_exports.string(),
+  createdBy: external_exports.string(),
+  investigationStartedAt: external_exports.string().optional(),
+  implementationStartedAt: external_exports.string().optional(),
+  verificationStartedAt: external_exports.string().optional(),
+  closedAt: external_exports.string().optional(),
+  closedBy: external_exports.string().optional(),
+  cancelledAt: external_exports.string().optional(),
+  cancelledBy: external_exports.string().optional(),
+  dueDate: external_exports.string().optional()
+});
+var CapaListResponseSchema = external_exports.object({
+  items: external_exports.array(CapaResponseSchema),
+  total: external_exports.number(),
+  limit: external_exports.number(),
+  offset: external_exports.number()
+});
 var ComplaintStatusSchema = external_exports.enum(COMPLAINT_STATUSES);
 var ComplaintSeveritySchema = external_exports.enum(COMPLAINT_SEVERITIES);
 var ComplaintCategorySchema = external_exports.enum(COMPLAINT_CATEGORIES);
@@ -22347,114 +22467,6 @@ var RequestDCOExportResponseSchema = external_exports.object({
   message: external_exports.string(),
   estimatedMinutes: external_exports.number()
 });
-var CapaStatusSchema = external_exports.enum(CAPA_STATUSES);
-var CapaClassificationSchema = external_exports.enum(CAPA_CLASSIFICATIONS);
-var CapaPrioritySchema = external_exports.enum(CAPA_PRIORITIES);
-var CapaSourceTypeSchema = external_exports.enum(CAPA_SOURCE_TYPES);
-var CapaActionStatusSchema = external_exports.enum(CAPA_ACTION_STATUSES);
-var QmsCapaParamSchema = external_exports.object({
-  orgId: external_exports.string().min(1),
-  qmsId: external_exports.string().min(1)
-});
-var CapaIdParamSchema = external_exports.object({
-  orgId: external_exports.string().min(1),
-  qmsId: external_exports.string().min(1),
-  capaId: external_exports.string().min(1)
-});
-var CapaActionIdParamSchema = external_exports.object({
-  orgId: external_exports.string().min(1),
-  qmsId: external_exports.string().min(1),
-  capaId: external_exports.string().min(1),
-  actionId: external_exports.string().min(1)
-});
-var CreateCapaRequestSchema = external_exports.object({
-  classification: CapaClassificationSchema,
-  priority: CapaPrioritySchema,
-  title: external_exports.string().min(1).max(200),
-  description: external_exports.string().min(1).max(5e3),
-  sourceType: CapaSourceTypeSchema,
-  sourceDescription: external_exports.string().min(1).max(2e3),
-  sourceId: external_exports.string().max(200).optional(),
-  dueDate: external_exports.string().datetime().optional(),
-  affectedDocumentIds: external_exports.array(external_exports.string().min(1)).default([]),
-  affectedDeviceIds: external_exports.array(external_exports.string().min(1)).default([])
-});
-var UpdateCapaRequestSchema = external_exports.object({
-  title: external_exports.string().min(1).max(200).optional(),
-  description: external_exports.string().min(1).max(5e3).optional(),
-  priority: CapaPrioritySchema.optional(),
-  rootCauseDescription: external_exports.string().max(5e3).optional(),
-  verificationDescription: external_exports.string().max(5e3).optional(),
-  affectedDocumentIds: external_exports.array(external_exports.string().min(1)).optional(),
-  affectedDeviceIds: external_exports.array(external_exports.string().min(1)).optional(),
-  dueDate: external_exports.string().datetime().nullable().optional()
-});
-var CloseCapaRequestSchema = external_exports.object({
-  signatureId: external_exports.string().min(1)
-});
-var AddCapaActionRequestSchema = external_exports.object({
-  description: external_exports.string().min(1).max(2e3),
-  assigneeId: external_exports.string().min(1),
-  dueDate: external_exports.string().datetime(),
-  notes: external_exports.string().max(2e3).optional()
-});
-var UpdateCapaActionRequestSchema = external_exports.object({
-  description: external_exports.string().min(1).max(2e3).optional(),
-  assigneeId: external_exports.string().min(1).optional(),
-  dueDate: external_exports.string().datetime().optional(),
-  status: CapaActionStatusSchema.optional(),
-  notes: external_exports.string().max(2e3).optional()
-});
-var CapaListQuerySchema = PaginationParamsSchema.extend({
-  status: CapaStatusSchema.optional(),
-  classification: CapaClassificationSchema.optional(),
-  priority: CapaPrioritySchema.optional()
-});
-var CapaActionResponseSchema = external_exports.object({
-  id: external_exports.string(),
-  description: external_exports.string(),
-  assigneeId: external_exports.string(),
-  assigneeEmail: external_exports.string(),
-  dueDate: external_exports.string(),
-  status: CapaActionStatusSchema,
-  completedAt: external_exports.string().optional(),
-  notes: external_exports.string().optional()
-});
-var CapaResponseSchema = external_exports.object({
-  id: external_exports.string(),
-  qmsId: external_exports.string(),
-  organizationId: external_exports.string(),
-  capaNumber: external_exports.string(),
-  classification: CapaClassificationSchema,
-  priority: CapaPrioritySchema,
-  title: external_exports.string(),
-  description: external_exports.string(),
-  sourceType: CapaSourceTypeSchema,
-  sourceId: external_exports.string().optional(),
-  sourceDescription: external_exports.string(),
-  rootCauseDescription: external_exports.string().optional(),
-  verificationDescription: external_exports.string().optional(),
-  affectedDocumentIds: external_exports.array(external_exports.string()),
-  affectedDeviceIds: external_exports.array(external_exports.string()),
-  actions: external_exports.array(CapaActionResponseSchema),
-  status: CapaStatusSchema,
-  createdAt: external_exports.string(),
-  createdBy: external_exports.string(),
-  investigationStartedAt: external_exports.string().optional(),
-  implementationStartedAt: external_exports.string().optional(),
-  verificationStartedAt: external_exports.string().optional(),
-  closedAt: external_exports.string().optional(),
-  closedBy: external_exports.string().optional(),
-  cancelledAt: external_exports.string().optional(),
-  cancelledBy: external_exports.string().optional(),
-  dueDate: external_exports.string().optional()
-});
-var CapaListResponseSchema = external_exports.object({
-  items: external_exports.array(CapaResponseSchema),
-  total: external_exports.number(),
-  limit: external_exports.number(),
-  offset: external_exports.number()
-});
 var RegulatoryFrameworkSchema = external_exports.enum([
   "ISO_13485",
   "IEC_62304",
@@ -22555,11 +22567,12 @@ var RiskDocumentStatusSchema = external_exports.enum([
   "archived",
   "example"
 ]);
-var MitigationTargetSchema = external_exports.enum([
-  "sequence_probability",
-  "harm_probability",
-  "severity"
+var IsoCategorySchema = external_exports.enum([
+  "safe_design",
+  "protective_measure",
+  "safety_information"
 ]);
+var ReducesTargetSchema = external_exports.enum(["p1_sequence", "p2_harm", "severity"]);
 var RiskGapCodeSchema = external_exports.enum([
   "hazard_no_situation",
   "situation_no_harm",
@@ -22577,13 +22590,19 @@ var RiskGapCodeSchema = external_exports.enum([
   "architecture_no_parent",
   "haz_missing_category",
   "haz_invalid_category",
-  "category_not_approved"
+  "category_not_approved",
+  "missing_iso_category",
+  "missing_risk_acceptable",
+  "unacceptable_no_benefit",
+  "preliminary_not_analyzed",
+  "missing_body_rationale",
+  "orphaned_body_section"
 ]);
 var RiskGapSeveritySchema = external_exports.enum(["error", "warning"]);
 var MitigationSchema = external_exports.object({
   control: external_exports.string().min(1),
-  reduces: MitigationTargetSchema,
-  for_harm: external_exports.string().optional()
+  iso_category: IsoCategorySchema,
+  reduces: ReducesTargetSchema
 });
 var HarmAssessmentSchema = external_exports.object({
   harm: external_exports.string().min(1),
@@ -22591,48 +22610,80 @@ var HarmAssessmentSchema = external_exports.object({
   inherent_exploitability: external_exports.number().int().min(1).max(5).optional(),
   residual_probability: external_exports.number().int().min(1).max(5).optional(),
   residual_exploitability: external_exports.number().int().min(1).max(5).optional(),
-  residual_severity_override: external_exports.number().int().min(1).max(5).optional()
+  harm_severity_override: external_exports.number().int().min(1).max(5).optional(),
+  risk_acceptable: external_exports.boolean(),
+  benefit_outweighs_risk: external_exports.boolean().optional()
+});
+var HazardousSituationAssessmentSchema = external_exports.object({
+  hazardous_situation: external_exports.string().min(1),
+  mitigations: external_exports.array(MitigationSchema).optional(),
+  harms: external_exports.array(HarmAssessmentSchema).min(1)
 });
 var RiskEntryFrontmatterSchema = external_exports.object({
   type: external_exports.enum(["software_risk", "usability_risk", "security_risk"]),
   id: external_exports.string().min(1),
   title: external_exports.string().min(1),
   status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
   analyzes: external_exports.string().min(1),
-  hazardous_situation: external_exports.string().min(1),
-  harm_assessments: external_exports.array(HarmAssessmentSchema).min(1),
   mitigations: external_exports.array(MitigationSchema).optional(),
+  hazardous_situation_assessments: external_exports.array(HazardousSituationAssessmentSchema).min(1),
   cvss_score: external_exports.number().min(0).max(10).optional(),
   cvss_vector: external_exports.string().regex(
     /^CVSS:3\.[01]\/AV:[NALP]\/AC:[LH]\/PR:[NLH]\/UI:[NR]\/S:[UC]\/C:[NLH]\/I:[NLH]\/A:[NLH]$/
   ).optional()
 }).refine(
   (data) => {
+    const allHarms = data.hazardous_situation_assessments.flatMap((hsa) => hsa.harms);
     if (data.type === "security_risk") {
-      return data.harm_assessments.every((ha) => ha.inherent_exploitability != null);
+      return allHarms.every((ha) => ha.inherent_exploitability != null);
     }
-    return data.harm_assessments.every((ha) => ha.inherent_probability != null);
+    return allHarms.every((ha) => ha.inherent_probability != null);
   },
   {
     message: "Security risks must use inherent_exploitability; software/usability risks must use inherent_probability"
   }
+).refine(
+  (data) => {
+    const allHarms = data.hazardous_situation_assessments.flatMap((hsa) => hsa.harms);
+    return allHarms.every((ha) => ha.risk_acceptable || ha.benefit_outweighs_risk != null);
+  },
+  {
+    message: "benefit_outweighs_risk required when risk_acceptable is false"
+  }
 );
-var HazardFrontmatterSchema = external_exports.object({
-  type: external_exports.enum(["haz_soe_software", "haz_soe_security"]),
+var HazardSoftwareFrontmatterSchema = external_exports.object({
+  type: external_exports.literal("haz_soe_software"),
   id: external_exports.string().min(1),
   title: external_exports.string().min(1),
   status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
+  preliminary: external_exports.boolean().default(false),
+  leads_to: external_exports.array(external_exports.string()).optional(),
+  hazard_category: external_exports.string().optional(),
+  detection_score: external_exports.number().int().min(1).max(5).optional(),
+  detection_method: external_exports.string().optional()
+});
+var HazardSecurityFrontmatterSchema = external_exports.object({
+  type: external_exports.literal("haz_soe_security"),
+  id: external_exports.string().min(1),
+  title: external_exports.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
+  preliminary: external_exports.boolean().default(false),
   leads_to: external_exports.array(external_exports.string()).optional(),
-  // sFMEA fields
-  failure_mode: external_exports.string().optional(),
-  cause: external_exports.string().optional(),
-  detection_method: external_exports.string().optional(),
-  // STRIDE fields
-  threat_category: external_exports.string().optional(),
-  attack_vector: external_exports.string().optional(),
-  // Hazard category reference (HC-xxx)
   hazard_category: external_exports.string().optional()
 });
+var HazardFrontmatterSchema = external_exports.discriminatedUnion("type", [
+  HazardSoftwareFrontmatterSchema,
+  HazardSecurityFrontmatterSchema
+]);
 var HazardCategoryFrontmatterSchema = external_exports.object({
   type: external_exports.literal("hazard_category"),
   id: external_exports.string().min(1),
@@ -22776,28 +22827,38 @@ var SegregationSchema = external_exports.object({
 var ArchitectureFrontmatterSchema = external_exports.object({
   id: external_exports.string().min(1),
   title: external_exports.string().min(1),
+  /** Required — cannot be inferred from folder alone since architecture/ and design/ share parent */
   type: external_exports.literal("architecture"),
   status: RiskDocumentStatusSchema,
-  software_item_type: SoftwareItemTypeSchema.optional(),
+  /** IEC 62304 §5.3 — C4/IEC mapping: system, subsystem, component, unit (required) */
+  software_item_type: SoftwareItemTypeSchema,
+  /** Parent HLD doc ID (optional for system-level, recommended for subsystem/component) */
   parent_item: external_exports.string().optional(),
-  safety_class: external_exports.enum(["A", "B", "C"]).optional(),
+  safety_class: SafetyClassSchema.optional(),
   segregation: SegregationSchema.optional(),
-  author: external_exports.string().optional(),
+  /** Document author — required for all regulated document types */
+  author: external_exports.string().min(1),
   reviewers: external_exports.array(external_exports.string()).optional(),
-  approvers: external_exports.array(external_exports.string()).optional()
+  /** Approver list — required for all regulated document types */
+  approvers: external_exports.array(external_exports.string()).min(1)
 });
 var DetailedDesignFrontmatterSchema = external_exports.object({
   id: external_exports.string().min(1),
   title: external_exports.string().min(1),
+  /** Required — cannot be inferred from folder alone since architecture/ and design/ share parent */
   type: external_exports.literal("detailed_design"),
   status: RiskDocumentStatusSchema,
-  software_item_type: SoftwareItemTypeSchema.optional(),
-  parent_item: external_exports.string().optional(),
-  safety_class: external_exports.enum(["A", "B", "C"]).optional(),
+  /** IEC 62304 §5.4 — typically component or unit (required) */
+  software_item_type: SoftwareItemTypeSchema,
+  /** Parent HLD doc ID — required for SDD (must reference parent architecture) */
+  parent_item: external_exports.string().min(1),
+  safety_class: SafetyClassSchema.optional(),
   segregation: SegregationSchema.optional(),
-  author: external_exports.string().optional(),
+  /** Document author — required for all regulated document types */
+  author: external_exports.string().min(1),
   reviewers: external_exports.array(external_exports.string()).optional(),
-  approvers: external_exports.array(external_exports.string()).optional()
+  /** Approver list — required for all regulated document types */
+  approvers: external_exports.array(external_exports.string()).min(1)
 });
 var AnomalyCategorySchema = external_exports.enum([
   "bug",
@@ -22926,17 +22987,21 @@ var UserNeedFrontmatterSchema = external_exports.object({
   status: RiskDocumentStatusSchema,
   /** Validated if present — ensures frontmatter doesn't misidentify the document type */
   type: external_exports.literal("user_need").optional(),
-  /** The user role or stakeholder (e.g., "Quality Manager", "Developer") */
-  stakeholder: external_exports.string().optional(),
+  /** The user role or stakeholder (e.g., "Quality Manager", "Developer") — required per ISO 13485 §7.3.2 */
+  stakeholder: external_exports.string().min(1),
   /** MoSCoW priority classification */
   priority: UserNeedPrioritySchema.optional(),
   /** Where this need originated (e.g., "ISO 13485 §7.3", "user interview") */
   source: external_exports.string().optional(),
   /** IDs of product requirements derived from this need */
   derives: external_exports.array(external_exports.string()).optional(),
-  author: external_exports.string().optional(),
+  /** Document author — required for all regulated document types */
+  author: external_exports.string().min(1),
   reviewers: external_exports.array(external_exports.string()).optional(),
-  approvers: external_exports.array(external_exports.string()).optional()
+  /** Approver list — required for all regulated document types */
+  approvers: external_exports.array(external_exports.string()).min(1),
+  /** Optional reference to a Use Specification persona (US-xxx) per IEC 62366 */
+  use_specification: external_exports.string().optional()
 });
 var RequirementTypeSchema = external_exports.enum([
   "functional",
@@ -22974,6 +23039,46 @@ var RequirementFrontmatterSchema = external_exports.object({
   /** Downstream traceability — IDs of documents this requirement traces to (e.g., SRS for PRS) */
   traces_to: external_exports.array(external_exports.string()).optional()
 });
+var ProductRequirementFrontmatterSchema = external_exports.object({
+  id: external_exports.string().min(1),
+  title: external_exports.string().min(1),
+  status: RiskDocumentStatusSchema,
+  /** IEC 62304 §5.2.2 — requirement classification (optional for PRS) */
+  req_type: RequirementTypeSchema.optional(),
+  /** Authoring convention — controls which required sections are checked */
+  format: RequirementFormatSchema.optional(),
+  /** ISO 13485 §7.3.3 — how this PRS design input is fulfilled (defaults to 'software') */
+  fulfillment_type: RequirementFulfillmentTypeSchema.optional(),
+  /** Document author — required for all regulated document types */
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  /** Approver list — required for all regulated document types */
+  approvers: external_exports.array(external_exports.string()).min(1),
+  /** Upstream traceability — IDs of User Need documents this PRS traces from (required) */
+  traces_from: external_exports.array(external_exports.string()).min(1),
+  /** Downstream traceability — IDs of SRS documents this PRS traces to */
+  traces_to: external_exports.array(external_exports.string()).optional()
+});
+var SoftwareRequirementFrontmatterSchema = external_exports.object({
+  id: external_exports.string().min(1),
+  title: external_exports.string().min(1),
+  status: RiskDocumentStatusSchema,
+  /** IEC 62304 §5.2.2 — requirement classification (recommended for SRS) */
+  req_type: RequirementTypeSchema.optional(),
+  /** Authoring convention — controls which required sections are checked */
+  format: RequirementFormatSchema.optional(),
+  /** Document author — required for all regulated document types */
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  /** Approver list — required for all regulated document types */
+  approvers: external_exports.array(external_exports.string()).min(1),
+  /** Upstream traceability — IDs of PRS documents this SRS traces from (required) */
+  traces_from: external_exports.array(external_exports.string()).min(1),
+  /** Downstream traceability — IDs of documents this SRS traces to */
+  traces_to: external_exports.array(external_exports.string()).optional(),
+  /** HLD/SDD document ID that implements this requirement */
+  implemented_in: external_exports.string().optional()
+});
 var TestProtocolFrontmatterSchema = external_exports.object({
   type: external_exports.literal("test_protocol"),
   id: external_exports.string().min(1),
@@ -23244,7 +23349,8 @@ var EvidenceRuleConditionsSeedSchema = external_exports.object({
   documentType: DocumentTypeSchema.optional(),
   linkType: LinkTypeSchema.optional(),
   status: external_exports.string().optional(),
-  minCount: external_exports.number().int().positive().optional()
+  minCount: external_exports.number().int().positive().optional(),
+  safetyClass: SafetyClassSchema.optional()
 });
 var EvidenceRuleSeedSchema = external_exports.object({
   clauseId: external_exports.string().min(1),
@@ -24080,10 +24186,13 @@ var HarmAssessmentEntrySchema = external_exports.object({
   harmSeverity: RiskValueSchema,
   inherentProbability: RiskValueSchema,
   residualProbability: RiskValueSchema,
-  residualSeverityOverride: RiskValueSchema.optional(),
+  harmSeverityOverride: RiskValueSchema.optional(),
   residualSeverity: RiskValueSchema,
   inherentAcceptability: AcceptabilityStatusSchema,
-  residualAcceptability: AcceptabilityStatusSchema
+  residualAcceptability: AcceptabilityStatusSchema,
+  riskAcceptable: external_exports.boolean(),
+  benefitOutweighsRisk: external_exports.boolean().optional(),
+  hazardousSituation: external_exports.string().optional()
 });
 var RiskEntrySchema = external_exports.object({
   id: external_exports.string(),
@@ -24137,6 +24246,8 @@ var RiskListItemSchema = external_exports.object({
   worstResidualProbability: RiskValueSchema.optional(),
   worstAcceptability: AcceptabilityStatusSchema.optional(),
   mitigationsCount: external_exports.number().int().min(0),
+  topLevelMitigationsCount: external_exports.number().int().min(0),
+  perHsMitigationsCount: external_exports.number().int().min(0),
   hasRiskBenefit: external_exports.boolean(),
   cvssScore: external_exports.number().min(0).max(10).optional(),
   cvssVector: external_exports.string().optional()
@@ -25517,6 +25628,9 @@ var SCHEMA_MAP = {
   // Product (ISO 13485 §7.3)
   product_development_plan: ProductDevelopmentPlanFrontmatterSchema,
   intended_use: IntendedUseFrontmatterSchema,
+  // Architecture (IEC 62304 §5.3)
+  architecture: ArchitectureFrontmatterSchema,
+  detailed_design: DetailedDesignFrontmatterSchema,
   // User needs (ISO 13485 §7.3.2)
   user_need: UserNeedFrontmatterSchema,
   // Requirements (IEC 62304 §5.2.2, ISO 13485 §7.3.3)
@@ -25781,7 +25895,7 @@ var client = new PactoSignaApiClient({
   apiKey: PACTOSIGNA_API_KEY
 });
 var server = new Server(
-  { name: "pactosigna", version: "0.1.10" },
+  { name: "pactosigna", version: "0.1.12" },
   { capabilities: { tools: {} } }
 );
 server.setRequestHandler(ListToolsRequestSchema, async () => ({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pactosigna/mcp-server",
-  "version": "0.1.10",
+  "version": "0.1.12",
   "type": "module",
   "description": "MCP server for PactoSigna QMS — connects Claude Desktop, Cursor, and other AI tools to your quality management system",
   "bin": {