npm - @pactosigna/mcp-server - Versions diffs - 0.1.9 → 0.1.11 - Mend

@pactosigna/mcp-server 0.1.9 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +86 -27
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -21848,7 +21848,18 @@ var REQUIRED_SECTIONS = {
   audit_schedule: ["Scope", "Audit Criteria"],
   audit_report: ["Scope", "Methodology", "Findings", "Conclusion"],
   management_review: ["Review Inputs", "Review Outputs", "Action Items", "Decisions"],
-  hazard_category: ["Description", "Examples", "Applicable Standards"]
+  hazard_category: ["Description", "Examples", "Applicable Standards"],
+  software_risk: ["Harm Assessment"],
+  security_risk: ["Harm Assessment"],
+  usability_risk: ["Harm Assessment"],
+  haz_soe_software: ["Intended Function", "Failure Cause", "Failure Mode", "Failure Effect"],
+  haz_soe_security: [
+    "STRIDE Category & Threat",
+    "Asset",
+    "Vulnerability",
+    "Actor & Attack Vector",
+    "Adverse Impact"
+  ]
 };
 var MemberPermissionsSchema = external_exports.object({
   canSign: external_exports.boolean(),
@@ -22409,6 +22420,7 @@ var DCOSigningObligationSchema = external_exports.object({
   department: external_exports.string(),
   status: external_exports.enum(["pending", "fulfilled"]),
   meaning: external_exports.string().optional(),
+  documentIds: external_exports.array(external_exports.string()).default([]),
   fulfilledBySignatureId: external_exports.string().optional(),
   fulfilledAt: external_exports.string().optional()
 });
@@ -22554,11 +22566,12 @@ var RiskDocumentStatusSchema = external_exports.enum([
   "archived",
   "example"
 ]);
-var MitigationTargetSchema = external_exports.enum([
-  "sequence_probability",
-  "harm_probability",
-  "severity"
+var IsoCategorySchema = external_exports.enum([
+  "safe_design",
+  "protective_measure",
+  "safety_information"
 ]);
+var ReducesTargetSchema = external_exports.enum(["p1_sequence", "p2_harm", "severity"]);
 var RiskGapCodeSchema = external_exports.enum([
   "hazard_no_situation",
   "situation_no_harm",
@@ -22576,13 +22589,19 @@ var RiskGapCodeSchema = external_exports.enum([
   "architecture_no_parent",
   "haz_missing_category",
   "haz_invalid_category",
-  "category_not_approved"
+  "category_not_approved",
+  "missing_iso_category",
+  "missing_risk_acceptable",
+  "unacceptable_no_benefit",
+  "preliminary_not_analyzed",
+  "missing_body_rationale",
+  "orphaned_body_section"
 ]);
 var RiskGapSeveritySchema = external_exports.enum(["error", "warning"]);
 var MitigationSchema = external_exports.object({
   control: external_exports.string().min(1),
-  reduces: MitigationTargetSchema,
-  for_harm: external_exports.string().optional()
+  iso_category: IsoCategorySchema,
+  reduces: ReducesTargetSchema
 });
 var HarmAssessmentSchema = external_exports.object({
   harm: external_exports.string().min(1),
@@ -22590,48 +22609,80 @@ var HarmAssessmentSchema = external_exports.object({
   inherent_exploitability: external_exports.number().int().min(1).max(5).optional(),
   residual_probability: external_exports.number().int().min(1).max(5).optional(),
   residual_exploitability: external_exports.number().int().min(1).max(5).optional(),
-  residual_severity_override: external_exports.number().int().min(1).max(5).optional()
+  harm_severity_override: external_exports.number().int().min(1).max(5).optional(),
+  risk_acceptable: external_exports.boolean(),
+  benefit_outweighs_risk: external_exports.boolean().optional()
+});
+var HazardousSituationAssessmentSchema = external_exports.object({
+  hazardous_situation: external_exports.string().min(1),
+  mitigations: external_exports.array(MitigationSchema).optional(),
+  harms: external_exports.array(HarmAssessmentSchema).min(1)
 });
 var RiskEntryFrontmatterSchema = external_exports.object({
   type: external_exports.enum(["software_risk", "usability_risk", "security_risk"]),
   id: external_exports.string().min(1),
   title: external_exports.string().min(1),
   status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
   analyzes: external_exports.string().min(1),
-  hazardous_situation: external_exports.string().min(1),
-  harm_assessments: external_exports.array(HarmAssessmentSchema).min(1),
   mitigations: external_exports.array(MitigationSchema).optional(),
+  hazardous_situation_assessments: external_exports.array(HazardousSituationAssessmentSchema).min(1),
   cvss_score: external_exports.number().min(0).max(10).optional(),
   cvss_vector: external_exports.string().regex(
     /^CVSS:3\.[01]\/AV:[NALP]\/AC:[LH]\/PR:[NLH]\/UI:[NR]\/S:[UC]\/C:[NLH]\/I:[NLH]\/A:[NLH]$/
   ).optional()
 }).refine(
   (data) => {
+    const allHarms = data.hazardous_situation_assessments.flatMap((hsa) => hsa.harms);
     if (data.type === "security_risk") {
-      return data.harm_assessments.every((ha) => ha.inherent_exploitability != null);
+      return allHarms.every((ha) => ha.inherent_exploitability != null);
     }
-    return data.harm_assessments.every((ha) => ha.inherent_probability != null);
+    return allHarms.every((ha) => ha.inherent_probability != null);
   },
   {
     message: "Security risks must use inherent_exploitability; software/usability risks must use inherent_probability"
   }
+).refine(
+  (data) => {
+    const allHarms = data.hazardous_situation_assessments.flatMap((hsa) => hsa.harms);
+    return allHarms.every((ha) => ha.risk_acceptable || ha.benefit_outweighs_risk != null);
+  },
+  {
+    message: "benefit_outweighs_risk required when risk_acceptable is false"
+  }
 );
-var HazardFrontmatterSchema = external_exports.object({
-  type: external_exports.enum(["haz_soe_software", "haz_soe_security"]),
+var HazardSoftwareFrontmatterSchema = external_exports.object({
+  type: external_exports.literal("haz_soe_software"),
   id: external_exports.string().min(1),
   title: external_exports.string().min(1),
   status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
+  preliminary: external_exports.boolean().default(false),
+  leads_to: external_exports.array(external_exports.string()).optional(),
+  hazard_category: external_exports.string().optional(),
+  detection_score: external_exports.number().int().min(1).max(5).optional(),
+  detection_method: external_exports.string().optional()
+});
+var HazardSecurityFrontmatterSchema = external_exports.object({
+  type: external_exports.literal("haz_soe_security"),
+  id: external_exports.string().min(1),
+  title: external_exports.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: external_exports.string().min(1),
+  reviewers: external_exports.array(external_exports.string()).optional(),
+  approvers: external_exports.array(external_exports.string()).optional(),
+  preliminary: external_exports.boolean().default(false),
   leads_to: external_exports.array(external_exports.string()).optional(),
-  // sFMEA fields
-  failure_mode: external_exports.string().optional(),
-  cause: external_exports.string().optional(),
-  detection_method: external_exports.string().optional(),
-  // STRIDE fields
-  threat_category: external_exports.string().optional(),
-  attack_vector: external_exports.string().optional(),
-  // Hazard category reference (HC-xxx)
   hazard_category: external_exports.string().optional()
 });
+var HazardFrontmatterSchema = external_exports.discriminatedUnion("type", [
+  HazardSoftwareFrontmatterSchema,
+  HazardSecurityFrontmatterSchema
+]);
 var HazardCategoryFrontmatterSchema = external_exports.object({
   type: external_exports.literal("hazard_category"),
   id: external_exports.string().min(1),
@@ -24079,10 +24130,13 @@ var HarmAssessmentEntrySchema = external_exports.object({
   harmSeverity: RiskValueSchema,
   inherentProbability: RiskValueSchema,
   residualProbability: RiskValueSchema,
-  residualSeverityOverride: RiskValueSchema.optional(),
+  harmSeverityOverride: RiskValueSchema.optional(),
   residualSeverity: RiskValueSchema,
   inherentAcceptability: AcceptabilityStatusSchema,
-  residualAcceptability: AcceptabilityStatusSchema
+  residualAcceptability: AcceptabilityStatusSchema,
+  riskAcceptable: external_exports.boolean(),
+  benefitOutweighsRisk: external_exports.boolean().optional(),
+  hazardousSituation: external_exports.string().optional()
 });
 var RiskEntrySchema = external_exports.object({
   id: external_exports.string(),
@@ -24136,6 +24190,8 @@ var RiskListItemSchema = external_exports.object({
   worstResidualProbability: RiskValueSchema.optional(),
   worstAcceptability: AcceptabilityStatusSchema.optional(),
   mitigationsCount: external_exports.number().int().min(0),
+  topLevelMitigationsCount: external_exports.number().int().min(0),
+  perHsMitigationsCount: external_exports.number().int().min(0),
   hasRiskBenefit: external_exports.boolean(),
   cvssScore: external_exports.number().min(0).max(10).optional(),
   cvssVector: external_exports.string().optional()
@@ -25380,6 +25436,7 @@ var ClauseNodeSchema = external_exports.lazy(
     parentClauseId: external_exports.string().nullable(),
     depth: external_exports.number().int().nonnegative(),
     sortOrder: external_exports.number().int().nonnegative(),
+    scope: FrameworkScopeSchema,
     children: external_exports.array(ClauseNodeSchema)
   })
 );
@@ -25439,7 +25496,9 @@ var ClauseComplianceSchema = external_exports.object({
   covered: external_exports.boolean(),
   /** Compliance score 0..1 based on weighted evidence rules */
   score: external_exports.number().min(0).max(1),
-  evidence: external_exports.array(EvidenceItemSchema)
+  evidence: external_exports.array(EvidenceItemSchema),
+  /** Effective scope for this clause. UI uses this to grey out irrelevant clauses. */
+  scope: FrameworkScopeSchema
 });
 var FrameworkComplianceResponseSchema = external_exports.object({
   frameworkId: RegulatoryFrameworkSchema,
@@ -25777,7 +25836,7 @@ var client = new PactoSignaApiClient({
   apiKey: PACTOSIGNA_API_KEY
 });
 var server = new Server(
-  { name: "pactosigna", version: "0.1.9" },
+  { name: "pactosigna", version: "0.1.11" },
   { capabilities: { tools: {} } }
 );
 server.setRequestHandler(ListToolsRequestSchema, async () => ({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pactosigna/mcp-server",
-  "version": "0.1.9",
+  "version": "0.1.11",
   "type": "module",
   "description": "MCP server for PactoSigna QMS — connects Claude Desktop, Cursor, and other AI tools to your quality management system",
   "bin": {