@shiftleftpt/sbd-toe-mcp 0.6.3 → 0.7.0

package/dist/tools/ontology-loader.js

@@ -0,0 +1,206 @@
+/**
+ * ontology-loader
+ *
+ * Loads and caches the SbD-ToE ontology and entity data from data/publish/.
+ * Single source of truth for ontology-driven tools.
+ *
+ * As of kg v1.4.0, all entity types (including requirement and control) are
+ * present in algolia_entities_records_enriched.json with normalised record_type.
+ * The individual entity files (canonical_requirements_s7.json, etc.) are no
+ * longer required.
+ *
+ * Files consumed:
+ *   data/publish/sbdtoe-ontology.yaml              — domain_mapping, rules, pipelines
+ *   data/publish/algolia_entities_records_enriched.json — all entity types by record_type
+ *
+ * All data is read from the published artefacts — nothing is invented.
+ */
+import { readFileSync } from "node:fs";
+import { parse as parseYaml } from "yaml";
+import { resolveAppPath } from "../config.js";
+// ---------------------------------------------------------------------------
+// Cache
+// ---------------------------------------------------------------------------
+let _cache;
+function loadOntologyYaml() {
+    const path = resolveAppPath("data/publish/sbdtoe-ontology.yaml");
+    return parseYaml(readFileSync(path, "utf-8"));
+}
+function loadEnrichedEntities() {
+    const path = resolveAppPath("data/publish/algolia_entities_records_enriched.json");
+    const raw = JSON.parse(readFileSync(path, "utf-8"));
+    return Array.isArray(raw.items) ? raw.items : [];
+}
+function isRecord(v) {
+    return typeof v === "object" && v !== null && !Array.isArray(v);
+}
+function strOf(rec, key) {
+    const v = rec[key];
+    return typeof v === "string" ? v : "";
+}
+function numOf(rec, key) {
+    const v = rec[key];
+    return typeof v === "number" ? v : NaN;
+}
+function arrStr(rec, key) {
+    const v = rec[key];
+    if (!Array.isArray(v))
+        return [];
+    return v.filter((x) => typeof x === "string");
+}
+export function getOntologyData() {
+    if (_cache)
+        return _cache;
+    // Ontology YAML — domain_mapping is the primary join key
+    const ontology = loadOntologyYaml();
+    const domainMapping = {};
+    for (const [cat, domains] of Object.entries(ontology.domain_mapping ?? {})) {
+        if (Array.isArray(domains))
+            domainMapping[cat] = domains.map(String);
+    }
+    // Concerns → categories (static, matches ontology spec §3.3)
+    const concernsMap = {
+        auth: ["AUT", "ACC", "SES"],
+        logging: ["LOG"],
+        validation: ["VAL", "ERR"],
+        api: ["API"],
+        config: ["CFG"],
+        integrity: ["INT"],
+        distribution: ["DST"],
+        ide: ["IDE"],
+        requirements: ["REQ"],
+        architecture: ["ARC"],
+        iac: ["IAC"],
+        encryption: ["ENC"],
+    };
+    // Load all entities from the enriched index (kg v1.4.0+)
+    const allItems = loadEnrichedEntities();
+    const requirements = [];
+    const controls = [];
+    const roles = [];
+    const threats = [];
+    const assignments = [];
+    const userStories = [];
+    for (const item of allItems) {
+        if (!isRecord(item))
+            continue;
+        const rt = strOf(item, "record_type");
+        if (rt === "requirement") {
+            const levels = item["applicable_levels"];
+            const rSrcFile = strOf(item, "source_file");
+            requirements.push({
+                requirement_id: strOf(item, "requirement_id"),
+                type: strOf(item, "type"),
+                category: strOf(item, "category"),
+                name: strOf(item, "name"),
+                applicable_levels: isRecord(levels)
+                    ? { L1: levels["L1"] === true, L2: levels["L2"] === true, L3: levels["L3"] === true }
+                    : { L1: false, L2: false, L3: false },
+                source_chapter: numOf(item, "source_chapter"),
+                ...(rSrcFile ? { source_file: rSrcFile } : {}),
+                domain: typeof item["domain"] === "string" ? item["domain"] : null,
+            });
+            continue;
+        }
+        if (rt === "control") {
+            const cNameEn = strOf(item, "name_en");
+            const cDesc = strOf(item, "description");
+            controls.push({
+                control_id: strOf(item, "control_id"),
+                name: strOf(item, "name"),
+                ...(cNameEn ? { name_en: cNameEn } : {}),
+                domain: strOf(item, "domain"),
+                control_type: strOf(item, "control_type"),
+                abstraction_level: strOf(item, "abstraction_level"),
+                applicable_lifecycle_phases: arrStr(item, "applicable_lifecycle_phases"),
+                source_practice_ids: arrStr(item, "source_practice_ids"),
+                chapter_ids: arrStr(item, "chapter_ids"),
+                ...(cDesc ? { description: cDesc } : {}),
+                aliases: arrStr(item, "aliases"),
+            });
+            continue;
+        }
+        if (rt === "role") {
+            // entity_id is the canonical role identifier in the enriched index
+            const entityId = strOf(item, "entity_id");
+            if (!entityId)
+                continue;
+            roles.push({
+                role_id: entityId,
+                aliases: arrStr(item, "aliases"),
+                canonical: true,
+                source: strOf(item, "source_document_id"),
+            });
+            continue;
+        }
+        if (rt === "threat") {
+            const tMtId = strOf(item, "mitigated_threat_id");
+            const tObjId = strOf(item, "object_id");
+            const tLabel = strOf(item, "threat_label_raw");
+            const tEss = strOf(item, "essence");
+            const tChId = strOf(item, "chapter_id");
+            const tMitSum = strOf(item, "mitigation_summary");
+            threats.push({
+                ...(tMtId ? { mitigated_threat_id: tMtId } : {}),
+                ...(tObjId ? { object_id: tObjId } : {}),
+                ...(tLabel ? { threat_label_raw: tLabel } : {}),
+                ...(tEss ? { essence: tEss } : {}),
+                ...(tChId ? { chapter_id: tChId } : {}),
+                category: typeof item["category"] === "string" ? item["category"] : null,
+                cwe: typeof item["cwe"] === "string" ? item["cwe"] : null,
+                cvss_score: typeof item["cvss_score"] === "number" ? item["cvss_score"] : null,
+                associated_controls: arrStr(item, "associated_controls"),
+                ...(tMitSum ? { mitigation_summary: tMitSum } : {}),
+                ...(typeof item["confidence"] === "number" ? { confidence: item["confidence"] } : {}),
+            });
+            continue;
+        }
+        if (rt === "assignment") {
+            assignments.push({
+                id: strOf(item, "id"),
+                chapter_id: strOf(item, "chapter_id"),
+                practice_id: strOf(item, "practice_id"),
+                role: strOf(item, "role"),
+                phase: strOf(item, "phase"),
+                risk_level: strOf(item, "risk_level"),
+                action: strOf(item, "action"),
+                artifacts: arrStr(item, "artifacts"),
+                ...(strOf(item, "user_story_id") ? { user_story_id: strOf(item, "user_story_id") } : {}),
+            });
+            continue;
+        }
+        if (rt === "user_story") {
+            const usId = strOf(item, "id");
+            const usUsId = strOf(item, "us_id");
+            const usChId = strOf(item, "chapter_id");
+            const usPrId = strOf(item, "practice_id");
+            const usAc = strOf(item, "acceptance_criteria");
+            const usGoal = strOf(item, "goal");
+            const usSumm = strOf(item, "summary");
+            userStories.push({
+                ...(usId ? { id: usId } : {}),
+                ...(usUsId ? { us_id: usUsId } : {}),
+                title: strOf(item, "title"),
+                ...(usChId ? { chapter_id: usChId } : {}),
+                ...(usPrId ? { practice_id: usPrId } : {}),
+                roles_normalized: arrStr(item, "roles_normalized"),
+                risk_levels: arrStr(item, "risk_levels"),
+                ...(usAc ? { acceptance_criteria: usAc } : {}),
+                bdd: arrStr(item, "bdd"),
+                ...(usGoal ? { goal: usGoal } : {}),
+                ...(usSumm ? { summary: usSumm } : {}),
+            });
+            continue;
+        }
+    }
+    _cache = { domainMapping, concernsMap, requirements, controls, roles, threats, assignments, userStories };
+    return _cache;
+}
+/** Resolve a role input string to a canonical role_id, using aliases. */
+export function resolveRoleId(input, roles) {
+    const normalized = input.toLowerCase().replace(/[\s/]+/g, "-");
+    return roles.find((r) => r.role_id === normalized ||
+        r.role_id.replace(/_/g, "-") === normalized ||
+        r.aliases.some((a) => a.toLowerCase().replace(/[\s/]+/g, "-") === normalized))?.role_id;
+}
+//# sourceMappingURL=ontology-loader.js.map

package/dist/tools/ontology-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ontology-loader.js","sourceRoot":"","sources":["../../src/tools/ontology-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AA6F9C,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,IAAI,MAAgC,CAAC;AAErC,SAAS,gBAAgB;IACvB,MAAM,IAAI,GAAG,cAAc,CAAC,mCAAmC,CAAC,CAAC;IACjE,OAAO,SAAS,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAiD,CAAC;AAChG,CAAC;AAED,SAAS,oBAAoB;IAC3B,MAAM,IAAI,GAAG,cAAc,CAAC,qDAAqD,CAAC,CAAC;IACnF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAA0B,CAAC;IAC7E,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACnD,CAAC;AAED,SAAS,QAAQ,CAAC,CAAU;IAC1B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,KAAK,CAAC,GAA4B,EAAE,GAAW;IACtD,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,KAAK,CAAC,GAA4B,EAAE,GAAW;IACtD,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AACzC,CAAC;AAED,SAAS,MAAM,CAAC,GAA4B,EAAE,GAAW;IACvD,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACnB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,yDAAyD;IACzD,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,MAAM,aAAa,GAA6B,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,IAAI,EAAE,CAAC,EAAE,CAAC;QAC3E,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,aAAa,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvE,CAAC;IAED,6DAA6D;IAC7D,MAAM,WAAW,GAA6B;QAC5C,IAAI,EAAU,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;QACnC,OAAO,EAAO,CAAC,KAAK,CAAC;QACrB,UAAU,EAAI,CAAC,KAAK,EAAE,KAAK,CAAC;QAC5B,GAAG,EAAW,CAAC,KAAK,CAAC;QACrB,MAAM,EAAQ,CAAC,KAAK,CAAC;QACrB,SAAS,EAAK,CAAC,KAAK,CAAC;QACrB,YAAY,EAAE,CAAC,KAAK,CAAC;QACrB,GAAG,EAAW,CAAC,KAAK,CAAC;QACrB,YAAY,EAAE,CAAC,KAAK,CAAC;QACrB,YAAY,EAAE,CAAC,KAAK,CAAC;QACrB,GAAG,EAAW,CAAC,KAAK,CAAC;QACrB,UAAU,EAAI,CAAC,KAAK,CAAC;KACtB,CAAC;IAEF,yDAAyD;IACzD,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;IAExC,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,WAAW,GAAyB,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAgB,EAAE,CAAC;IAEpC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9B,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAEtC,IAAI,EAAE,KAAK,aAAa,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACzC,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;YAC5C,YAAY,CAAC,IAAI,CAAC;gBAChB,cAAc,EAAE,KAAK,CAAC,IAAI,EAAE,gBAAgB,CAAC;gBAC7C,IAAI,EAAY,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC;gBACnC,QAAQ,EAAQ,KAAK,CAAC,IAAI,EAAE,UAAU,CAAC;gBACvC,IAAI,EAAY,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC;gBACnC,iBAAiB,EAAE,QAAQ,CAAC,MAAM,CAAC;oBACjC,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE;oBACrF,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE;gBACvC,cAAc,EAAE,KAAK,CAAC,IAAI,EAAE,gBAAgB,CAAC;gBAC7C,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9C,MAAM,EAAU,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;aAC3E,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACvC,MAAM,KAAK,GAAK,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAmB,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC;gBACtD,IAAI,EAAyB,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC;gBAChD,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAO,CAAC,CAAC,EAAE,CAAC;gBAC9C,MAAM,EAAuB,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC;gBAClD,YAAY,EAAiB,KAAK,CAAC,IAAI,EAAE,cAAc,CAAC;gBACxD,iBAAiB,EAAY,KAAK,CAAC,IAAI,EAAE,mBAAmB,CAAC;gBAC7D,2BAA2B,EAAE,MAAM,CAAC,IAAI,EAAE,6BAA6B,CAAC;gBACxE,mBAAmB,EAAU,MAAM,CAAC,IAAI,EAAE,qBAAqB,CAAC;gBAChE,WAAW,EAAkB,MAAM,CAAC,IAAI,EAAE,aAAa,CAAC;gBACxD,GAAG,CAAC,KAAK,CAAG,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,CAAK,CAAC,CAAC,EAAE,CAAC;gBAC9C,OAAO,EAAsB,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC;aACrD,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;YAClB,mEAAmE;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC1C,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACxB,KAAK,CAAC,IAAI,CAAC;gBACT,OAAO,EAAI,QAAQ;gBACnB,OAAO,EAAI,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC;gBAClC,SAAS,EAAE,IAAI;gBACf,MAAM,EAAK,KAAK,CAAC,IAAI,EAAE,oBAAoB,CAAC;aAC7C,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;YACpB,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;YAC/C,MAAM,IAAI,GAAK,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACtC,MAAM,KAAK,GAAI,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,CAAC,KAAK,CAAG,CAAC,CAAC,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAG,CAAC,CAAC,EAAE,CAAC;gBACpD,GAAG,CAAC,MAAM,CAAE,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAa,CAAC,CAAC,EAAE,CAAC;gBACrD,GAAG,CAAC,MAAM,CAAE,CAAC,CAAC,EAAE,gBAAgB,EAAE,MAAM,EAAE,CAAM,CAAC,CAAC,EAAE,CAAC;gBACrD,GAAG,CAAC,IAAI,CAAI,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAiB,CAAC,CAAC,EAAE,CAAC;gBACrD,GAAG,CAAC,KAAK,CAAG,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAa,CAAC,CAAC,EAAE,CAAC;gBACrD,QAAQ,EAAa,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI;gBACnF,GAAG,EAAkB,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI;gBACzE,UAAU,EAAW,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI;gBACvF,mBAAmB,EAAE,MAAM,CAAC,IAAI,EAAE,qBAAqB,CAAC;gBACxD,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAG,CAAC,CAAC,EAAE,CAAC;gBACrD,GAAG,CAAC,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,YAAY,CAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChG,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,YAAY,EAAE,CAAC;YACxB,WAAW,CAAC,IAAI,CAAC;gBACf,EAAE,EAAY,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC;gBAC/B,UAAU,EAAI,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC;gBACvC,WAAW,EAAG,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC;gBACxC,IAAI,EAAU,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC;gBACjC,KAAK,EAAS,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC;gBAClC,UAAU,EAAI,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC;gBACvC,MAAM,EAAQ,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC;gBACnC,SAAS,EAAK,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC;gBACvC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACzF,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,YAAY,EAAE,CAAC;YACxB,MAAM,IAAI,GAAM,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAClC,MAAM,MAAM,GAAI,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACrC,MAAM,MAAM,GAAI,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAI,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAM,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;YACnD,MAAM,MAAM,GAAI,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACpC,MAAM,MAAM,GAAI,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACvC,WAAW,CAAC,IAAI,CAAC;gBACf,GAAG,CAAC,IAAI,CAAG,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAyB,CAAC,CAAC,EAAE,CAAC;gBACvD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAoB,CAAC,CAAC,EAAE,CAAC;gBACvD,KAAK,EAAgB,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAe,CAAC,CAAC,EAAE,CAAC;gBACvD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAc,CAAC,CAAC,EAAE,CAAC;gBACvD,gBAAgB,EAAK,MAAM,CAAC,IAAI,EAAE,kBAAkB,CAAC;gBACrD,WAAW,EAAU,MAAM,CAAC,IAAI,EAAE,aAAa,CAAC;gBAChD,GAAG,CAAC,IAAI,CAAG,CAAC,CAAC,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAQ,CAAC,CAAC,EAAE,CAAC;gBACvD,GAAG,EAAkB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC;gBACxC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAqB,CAAC,CAAC,EAAE,CAAC;gBACvD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAkB,CAAC,CAAC,EAAE,CAAC;aACxD,CAAC,CAAC;YACH,SAAS;QACX,CAAC;IACH,CAAC;IAED,MAAM,GAAG,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;IAC1G,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,KAAsB;IACjE,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC/D,OAAO,KAAK,CAAC,IAAI,CACf,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,OAAO,KAAK,UAAU;QACxB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,UAAU;QAC3C,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,KAAK,UAAU,CAAC,CAChF,EAAE,OAAO,CAAC;AACb,CAAC"}

package/dist/tools/resolve-entities.d.ts

@@ -0,0 +1,26 @@
+/**
+ * resolve_entities
+ *
+ * Low-level entity resolver over the SbD-ToE enriched entities index.
+ * Allows agents to formulate arbitrary queries not covered by the high-level
+ * pipeline tools (consult_security_requirements, get_threat_landscape,
+ * get_guide_by_role).
+ *
+ * Source: data/publish/algolia_entities_records_enriched.json (kg v1.4.0+)
+ * Filter syntax: dot-notation for nested fields, comparison operators for
+ * numeric ranges, array membership checks for array fields.
+ *
+ * All data is read from the published artefacts — nothing is invented.
+ */
+export interface ResolveEntitiesResult {
+    record_type: string;
+    entities: unknown[];
+    total: number;
+    limit: number;
+    meta: {
+        filtersApplied: Record<string, unknown>;
+        note: string;
+    };
+}
+export declare function _resolveEntities(args: Record<string, unknown>, items: unknown[]): ResolveEntitiesResult;
+export declare function handleResolveEntities(args: Record<string, unknown>): ResolveEntitiesResult;

package/dist/tools/resolve-entities.js

@@ -0,0 +1,143 @@
+/**
+ * resolve_entities
+ *
+ * Low-level entity resolver over the SbD-ToE enriched entities index.
+ * Allows agents to formulate arbitrary queries not covered by the high-level
+ * pipeline tools (consult_security_requirements, get_threat_landscape,
+ * get_guide_by_role).
+ *
+ * Source: data/publish/algolia_entities_records_enriched.json (kg v1.4.0+)
+ * Filter syntax: dot-notation for nested fields, comparison operators for
+ * numeric ranges, array membership checks for array fields.
+ *
+ * All data is read from the published artefacts — nothing is invented.
+ */
+import { readFileSync } from "node:fs";
+import { resolveAppPath } from "../config.js";
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+const DEFAULT_LIMIT = 50;
+const MAX_LIMIT = 200;
+function isComparisonOp(v) {
+    if (typeof v !== "object" || v === null || Array.isArray(v))
+        return false;
+    const keys = Object.keys(v);
+    return keys.some((k) => k === "gte" || k === "lte" || k === "in");
+}
+// ---------------------------------------------------------------------------
+// Enriched index cache (independent of getOntologyData — raw records)
+// ---------------------------------------------------------------------------
+let _enrichedCache;
+function loadEnrichedItems() {
+    if (_enrichedCache)
+        return _enrichedCache;
+    const path = resolveAppPath("data/publish/algolia_entities_records_enriched.json");
+    const raw = JSON.parse(readFileSync(path, "utf-8"));
+    _enrichedCache = Array.isArray(raw.items) ? raw.items : [];
+    return _enrichedCache;
+}
+// ---------------------------------------------------------------------------
+// Filter engine
+// ---------------------------------------------------------------------------
+/**
+ * Resolve a dot-notation path against an object.
+ * E.g. "applicable_levels.L2" → obj.applicable_levels.L2
+ */
+function resolvePath(obj, path) {
+    const parts = path.split(".");
+    let cur = obj;
+    for (const part of parts) {
+        if (cur === null || cur === undefined || typeof cur !== "object")
+            return undefined;
+        cur = cur[part];
+    }
+    return cur;
+}
+/**
+ * Match a single filter entry against a field value.
+ * Supports:
+ *   - Comparison ops: { gte, lte } for numbers; { in: [...] } for set membership
+ *   - Array fields: checks if value is IN the array
+ *   - Direct equality
+ */
+function matchesFilter(item, key, filterValue) {
+    const fieldVal = resolvePath(item, key);
+    if (isComparisonOp(filterValue)) {
+        if ("gte" in filterValue && filterValue.gte !== undefined) {
+            const n = typeof fieldVal === "number" ? fieldVal : NaN;
+            if (isNaN(n) || n < filterValue.gte)
+                return false;
+        }
+        if ("lte" in filterValue && filterValue.lte !== undefined) {
+            const n = typeof fieldVal === "number" ? fieldVal : NaN;
+            if (isNaN(n) || n > filterValue.lte)
+                return false;
+        }
+        if ("in" in filterValue && Array.isArray(filterValue.in)) {
+            if (!filterValue.in.includes(fieldVal))
+                return false;
+        }
+        return true;
+    }
+    // Array field: check if filterValue is a member of the array
+    if (Array.isArray(fieldVal)) {
+        return fieldVal.includes(filterValue);
+    }
+    // Direct equality
+    return fieldVal === filterValue;
+}
+function matchesAllFilters(item, filters) {
+    for (const [key, value] of Object.entries(filters)) {
+        if (!matchesFilter(item, key, value))
+            return false;
+    }
+    return true;
+}
+// ---------------------------------------------------------------------------
+// Internal (exported for testability)
+// ---------------------------------------------------------------------------
+export function _resolveEntities(args, items) {
+    const recordType = args["record_type"];
+    if (typeof recordType !== "string" || recordType.trim().length === 0) {
+        throw Object.assign(new Error('Missing required parameter: "record_type".'), { rpcError: { code: -32602, message: 'Missing required parameter: "record_type".' } });
+    }
+    const rawLimit = args["limit"];
+    const limit = typeof rawLimit === "number" && rawLimit > 0
+        ? Math.min(Math.round(rawLimit), MAX_LIMIT)
+        : DEFAULT_LIMIT;
+    const rawFilters = args["filters"];
+    const filters = typeof rawFilters === "object" && rawFilters !== null && !Array.isArray(rawFilters)
+        ? rawFilters
+        : {};
+    // Filter by record_type first, then apply additional filters
+    const matched = items.filter((item) => {
+        if (typeof item !== "object" || item === null)
+            return false;
+        const rt = item["record_type"];
+        if (rt !== recordType)
+            return false;
+        return matchesAllFilters(item, filters);
+    });
+    return {
+        record_type: recordType,
+        entities: matched.slice(0, limit),
+        total: matched.length,
+        limit,
+        meta: {
+            filtersApplied: filters,
+            note: "Entities resolved from algolia_entities_records_enriched.json (kg v1.4.0+). " +
+                "Filters: dot-notation for nested fields (e.g. applicable_levels.L2), " +
+                "comparison ops: {gte, lte} for numbers, {in: [...]} for set membership, " +
+                "array fields: checks if value is a member of the array. " +
+                "Excluded record_types: ImplementationRule, EvidencePattern (source_file: null — §10 constraint)."
+        }
+    };
+}
+// ---------------------------------------------------------------------------
+// Public handler
+// ---------------------------------------------------------------------------
+export function handleResolveEntities(args) {
+    return _resolveEntities(args, loadEnrichedItems());
+}
+//# sourceMappingURL=resolve-entities.js.map

package/dist/tools/resolve-entities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-entities.js","sourceRoot":"","sources":["../../src/tools/resolve-entities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,MAAM,aAAa,GAAG,EAAE,CAAC;AACzB,MAAM,SAAS,GAAG,GAAG,CAAC;AAStB,SAAS,cAAc,CAAC,CAAU;IAChC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;AACpE,CAAC;AAaD,8EAA8E;AAC9E,sEAAsE;AACtE,8EAA8E;AAE9E,IAAI,cAAqC,CAAC;AAE1C,SAAS,iBAAiB;IACxB,IAAI,cAAc;QAAE,OAAO,cAAc,CAAC;IAC1C,MAAM,IAAI,GAAG,cAAc,CAAC,qDAAqD,CAAC,CAAC;IACnF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAA0B,CAAC;IAC7E,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3D,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,WAAW,CAAC,GAAY,EAAE,IAAY;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,GAAG,GAAY,GAAG,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACnF,GAAG,GAAI,GAA+B,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,IAAa,EAAE,GAAW,EAAE,WAAoB;IACrE,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAExC,IAAI,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,IAAI,KAAK,IAAI,WAAW,IAAI,WAAW,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC1D,MAAM,CAAC,GAAG,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YACxD,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;QACpD,CAAC;QACD,IAAI,KAAK,IAAI,WAAW,IAAI,WAAW,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC1D,MAAM,CAAC,GAAG,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YACxD,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;QACpD,CAAC;QACD,IAAI,IAAI,IAAI,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC;YACzD,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,OAAO,KAAK,CAAC;QACvD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,6DAA6D;IAC7D,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC;IAED,kBAAkB;IAClB,OAAO,QAAQ,KAAK,WAAW,CAAC;AAClC,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAa,EAAE,OAAgC;IACxE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,sCAAsC;AACtC,8EAA8E;AAE9E,MAAM,UAAU,gBAAgB,CAC9B,IAA6B,EAC7B,KAAgB;IAEhB,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;IACvC,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrE,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,4CAA4C,CAAC,EACvD,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,4CAA4C,EAAE,EAAE,CACtF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,GAAG,CAAC;QACxD,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAC;QAC3C,CAAC,CAAC,aAAa,CAAC;IAElB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,OAAO,GACX,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;QACjF,CAAC,CAAE,UAAsC;QACzC,CAAC,CAAC,EAAE,CAAC;IAET,6DAA6D;IAC7D,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QAC5D,MAAM,EAAE,GAAI,IAAgC,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAI,EAAE,KAAK,UAAU;YAAE,OAAO,KAAK,CAAC;QACpC,OAAO,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC;QACjC,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,KAAK;QACL,IAAI,EAAE;YACJ,cAAc,EAAE,OAAO;YACvB,IAAI,EACF,8EAA8E;gBAC9E,uEAAuE;gBACvE,0EAA0E;gBAC1E,0DAA0D;gBAC1D,kGAAkG;SACrG;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CACnC,IAA6B;IAE7B,OAAO,gBAAgB,CAAC,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shiftleftpt/sbd-toe-mcp",
-  "version": "0.6.3",
+  "version": "0.7.0",
   "license": "Apache-2.0",
   "description": "MCP server for the SbD-ToE (Security by Design — Theory of Everything) security manual — structured tools for Claude, GitHub Copilot and other MCP clients",
   "keywords": [
@@ -73,5 +73,8 @@
     "@vitest/ui": "^1.6.0",
     "typescript": "^5.9.3",
     "vitest": "^1.6.0"
+  },
+  "dependencies": {
+    "yaml": "^2.8.3"
   }
 }