agent-security-scanner-mcp 4.1.0 → 4.2.0

package/compliance/soc2-technical-controls.json

@@ -0,0 +1,148 @@
+{
+  "schema_version": "1.1",
+  "framework": "SOC2-Technical",
+  "source": "AICPA Trust Services Criteria (2017) — technical controls subset",
+  "source_snapshot": "2026-03-31",
+  "source_note": "Technical controls only. This does not cover organizational, administrative, or physical SOC 2 controls. Not a substitute for a SOC 2 audit.",
+  "domains": ["security", "availability", "confidentiality", "supply-chain", "auth"],
+  "controls": [
+    {
+      "id": "SOC2-T001",
+      "title": "Software dependency inventory exists",
+      "domain": "supply-chain",
+      "references": ["CC6.6", "CC7.1"],
+      "scanner_tools": ["sbom_generate"],
+      "evidence_requirements": [
+        "CycloneDX SBOM generated from project lockfiles",
+        "Component count and ecosystem breakdown"
+      ],
+      "evaluation": {
+        "evidence_checks": [
+          { "path": "sbom.component_count", "operator": "gte", "value": 1, "on_fail": "fail", "reason": "No dependency inventory — SBOM generation found zero components" }
+        ]
+      }
+    },
+    {
+      "id": "SOC2-T002",
+      "title": "No critical dependency vulnerabilities",
+      "domain": "supply-chain",
+      "references": ["CC6.6", "CC7.1", "CC7.2"],
+      "scanner_tools": ["sbom_generate", "sbom_scan_vulnerabilities"],
+      "evidence_requirements": [
+        "OSV vulnerability scan results for all SBOM components",
+        "Zero critical-severity known vulnerabilities"
+      ],
+      "evaluation": {
+        "evidence_checks": [
+          { "path": "supply_chain.vulnerabilities.by_severity.critical", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical dependency vulnerabilities found", "default": 0 },
+          { "path": "supply_chain.vulnerabilities.by_severity.high", "operator": "lte", "value": 5, "on_fail": "partial", "reason": "High-severity dependency vulnerabilities exceed threshold", "default": 0 }
+        ]
+      }
+    },
+    {
+      "id": "SOC2-T003",
+      "title": "No hallucinated (phantom) packages in dependency tree",
+      "domain": "supply-chain",
+      "references": ["CC6.6", "CC6.8"],
+      "scanner_tools": ["sbom_generate", "sbom_check_hallucinations"],
+      "evidence_requirements": [
+        "Hallucination check results for all SBOM components",
+        "Zero hallucinated packages detected"
+      ],
+      "evaluation": {
+        "evidence_checks": [
+          { "path": "supply_chain.hallucinations.hallucinated_count", "operator": "eq", "value": 0, "on_fail": "fail", "reason": "Hallucinated (phantom) packages detected in dependency tree" },
+          { "path": "supply_chain.hallucinations.legitimate_count", "operator": "gte", "value": 1, "on_fail": "not_evaluated", "not_evaluated_reason": "No packages could be verified — all ecosystems unsupported by hallucination checker", "default": 0 }
+        ]
+      }
+    },
+    {
+      "id": "SOC2-T004",
+      "title": "No critical code security findings",
+      "domain": "security",
+      "references": ["CC6.1", "CC6.6", "CC7.2"],
+      "scanner_tools": ["scan_security", "scan_project"],
+      "evidence_requirements": [
+        "Static analysis scan with zero CRITICAL findings",
+        "Project-level security grade"
+      ],
+      "evaluation": {
+        "evidence_checks": [
+          { "path": "scan.by_category_severity.injection.CRITICAL", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical injection vulnerabilities found", "default": 0 },
+          { "path": "scan.by_category_severity.deserialization.CRITICAL", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical deserialization vulnerabilities found", "default": 0 },
+          { "path": "scan.by_severity.CRITICAL", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical code findings present", "default": 0 }
+        ]
+      }
+    },
+    {
+      "id": "SOC2-T005",
+      "title": "Data exfiltration and information exposure below threshold",
+      "domain": "confidentiality",
+      "references": ["CC6.1", "CC6.5", "C1.1"],
+      "scanner_tools": ["scan_security", "scan_project"],
+      "evidence_requirements": [
+        "Exfiltration pattern scan results",
+        "Information exposure findings below threshold"
+      ],
+      "evaluation": {
+        "evidence_checks": [
+          { "path": "scan.by_category_severity.exfiltration.CRITICAL", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical exfiltration findings detected", "default": 0 },
+          { "path": "scan.by_category_severity.exfiltration.HIGH", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "High-severity exfiltration findings detected", "default": 0 },
+          { "path": "scan.by_category_severity.info-exposure.CRITICAL", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical information exposure findings detected", "default": 0 },
+          { "path": "scan.by_category_severity.info-exposure.HIGH", "operator": "lte", "value": 3, "on_fail": "partial", "reason": "High-severity information exposure findings exceed threshold", "default": 0 }
+        ]
+      }
+    },
+    {
+      "id": "SOC2-T006",
+      "title": "Cryptographic controls adequate",
+      "domain": "confidentiality",
+      "references": ["CC6.1", "CC6.7", "C1.1"],
+      "scanner_tools": ["scan_security", "scan_project"],
+      "evidence_requirements": [
+        "No critical/high crypto findings (weak algorithms, hardcoded keys)",
+        "Encryption usage scan results"
+      ],
+      "evaluation": {
+        "evidence_checks": [
+          { "path": "scan.by_category_severity.crypto.CRITICAL", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical cryptographic findings (weak algorithms, hardcoded keys)", "default": 0 },
+          { "path": "scan.by_category_severity.crypto.HIGH", "operator": "lte", "value": 2, "on_fail": "partial", "reason": "High-severity cryptographic findings exceed threshold", "default": 0 }
+        ]
+      }
+    },
+    {
+      "id": "SOC2-T007",
+      "title": "Authentication and authorization controls adequate",
+      "domain": "auth",
+      "references": ["CC6.1", "CC6.2", "CC6.3"],
+      "scanner_tools": ["scan_security", "scan_project"],
+      "evidence_requirements": [
+        "No critical auth findings (hardcoded creds, missing auth checks)",
+        "Least-privilege and permissions scan results"
+      ],
+      "evaluation": {
+        "evidence_checks": [
+          { "path": "scan.by_category_severity.auth.CRITICAL", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical authentication/authorization findings detected", "default": 0 },
+          { "path": "scan.by_category_severity.auth.HIGH", "operator": "lte", "value": 2, "on_fail": "partial", "reason": "High-severity auth findings exceed threshold", "default": 0 },
+          { "path": "scan.by_category_severity.permissions.CRITICAL", "operator": "lte", "value": 0, "on_fail": "fail", "reason": "Critical permissions/least-privilege findings detected", "default": 0 }
+        ]
+      }
+    },
+    {
+      "id": "SOC2-T008",
+      "title": "Dependency drift tracked when baseline exists",
+      "domain": "supply-chain",
+      "references": ["CC6.6", "CC8.1"],
+      "scanner_tools": ["sbom_generate", "sbom_diff"],
+      "evidence_requirements": [
+        "SBOM baseline comparison results",
+        "Change tracking for added, removed, and version-changed packages"
+      ],
+      "evaluation": {
+        "evidence_checks": [
+          { "path": "supply_chain.drift.baseline_exists", "operator": "eq", "value": true, "on_fail": "not_evaluated", "not_evaluated_reason": "No SBOM baseline — dependency drift cannot be evaluated" }
+        ]
+      }
+    }
+  ]
+}

package/index.js

@@ -28,6 +28,12 @@ import { runInitHooks } from './src/cli/init-hooks.js';
 import { runReport } from './src/cli/report.js';
 import { scoreAivssSchema, scoreAivssTool } from './src/tools/score-aivss.js';
 import { complianceControlsSchema, getComplianceControls } from './src/tools/compliance-controls.js';
+import { sbomGenerateSchema, sbomGenerate } from './src/tools/sbom-generate.js';
+import { sbomVulnerabilitiesSchema, sbomScanVulnerabilities } from './src/tools/sbom-vulnerabilities.js';
+import { sbomHallucinationsSchema, sbomCheckHallucinations } from './src/tools/sbom-hallucinations.js';
+import { sbomDiffSchema, sbomDiff } from './src/tools/sbom-diff.js';
+import { sbomReportSchema, sbomExportReport } from './src/tools/sbom-report.js';
+import { evaluateComplianceSchema, evaluateCompliance } from './src/tools/evaluate-compliance.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -247,11 +253,57 @@ server.tool(
 
 server.tool(
   "get_compliance_controls",
-  "Look up AIUC-1 compliance controls with evaluation criteria. Filter by domain (security/safety), control IDs, or OWASP LLM tags. Returns structured evaluation rules for pass/partial/fail assessment.",
+  "Look up compliance controls with evaluation criteria. Supports multiple frameworks: aiuc-1 (default), soc2-technical, gdpr-technical. Filter by domain, control IDs, or OWASP LLM tags.",
   complianceControlsSchema,
   getComplianceControls
 );
 
+server.tool(
+  "evaluate_compliance",
+  "Evaluate a project against compliance frameworks (SOC2-technical, GDPR-technical, AIUC-1). Collects evidence from code scans, SBOM, vulnerability checks, and hallucination detection, then evaluates controls. Optionally saves timestamped evidence bundle.",
+  evaluateComplianceSchema,
+  evaluateCompliance
+);
+
+// ===========================================
+// SBOM / SUPPLY CHAIN ANALYSIS
+// ===========================================
+
+server.tool(
+  "sbom_generate",
+  "Generate a CycloneDX v1.5 SBOM for a project. Discovers all dependencies (direct + transitive) from lock files and manifests across Node.js, Python, Go, Rust, Ruby, Java. Use verbosity='minimal' for counts, 'compact' (default) for component list, 'full' for complete CycloneDX JSON.",
+  sbomGenerateSchema,
+  sbomGenerate
+);
+
+server.tool(
+  "sbom_scan_vulnerabilities",
+  "Cross-reference SBOM components against OSV.dev vulnerability database. Returns CVE IDs, CVSS scores, severity, and fix recommendations. Accepts directory_path (generates fresh) or sbom_path (loads saved artifact).",
+  sbomVulnerabilitiesSchema,
+  sbomScanVulnerabilities
+);
+
+server.tool(
+  "sbom_check_hallucinations",
+  "Check all packages in an SBOM against official registries to detect hallucinated (AI-invented) package names. Supports npm, pypi, rubygems, dart, perl, raku, crates. Go/Java marked as unsupported.",
+  sbomHallucinationsSchema,
+  sbomCheckHallucinations
+);
+
+server.tool(
+  "sbom_diff",
+  "Compare current project SBOM against a stored baseline. Reports added, removed, and version-changed packages. Use save_baseline=true to create initial baseline.",
+  sbomDiffSchema,
+  sbomDiff
+);
+
+server.tool(
+  "sbom_export_report",
+  "Generate an HTML or JSON audit report from SBOM data, optionally enriched with vulnerability scan results. Suitable for PCI-DSS and compliance audits.",
+  sbomReportSchema,
+  sbomExportReport
+);
+
 // ===========================================
 // CLI COMMANDS - Extracted to src/cli/
 // ===========================================
@@ -524,6 +576,95 @@ const cliArgs = process.argv.slice(2);
     console.error(`  Error: ${err.message}\n`);
     process.exit(1);
   });
+} else if (cliArgs[0] === 'sbom-generate') {
+  const dirPath = cliArgs[1] || '.';
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const save = cliArgs.includes('--save');
+  const outIdx = cliArgs.indexOf('--output');
+  const outputPath = outIdx !== -1 ? cliArgs[outIdx + 1] : (save ? join(dirPath, '.scanner', 'sbom.json') : undefined);
+
+  sbomGenerate({ directory_path: dirPath, output_path: outputPath, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'sbom-vulnerabilities') {
+  const dirPath = cliArgs[1] || '.';
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const sbomIdx = cliArgs.indexOf('--sbom-path');
+  const sbomPath = sbomIdx !== -1 ? cliArgs[sbomIdx + 1] : undefined;
+
+  sbomScanVulnerabilities({
+    directory_path: sbomPath ? undefined : dirPath,
+    sbom_path: sbomPath,
+    verbosity,
+  }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.total_vulnerabilities > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'sbom-check-hallucinations') {
+  const dirPath = cliArgs[1] || '.';
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  loadPackageLists();
+  sbomCheckHallucinations({ directory_path: dirPath, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.hallucinated_count > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'sbom-diff') {
+  const dirPath = cliArgs[1] || '.';
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const saveBaseline = cliArgs.includes('--save-baseline');
+  const baselineIdx = cliArgs.indexOf('--baseline-path');
+  const baselinePath = baselineIdx !== -1 ? cliArgs[baselineIdx + 1] : undefined;
+
+  sbomDiff({ directory_path: dirPath, baseline_path: baselinePath, save_baseline: saveBaseline, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'sbom-report') {
+  const dirPath = cliArgs[1] || '.';
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const formatIdx = cliArgs.indexOf('--format');
+  const format = formatIdx !== -1 ? cliArgs[formatIdx + 1] : 'html';
+  const outIdx = cliArgs.indexOf('--output');
+  const outputPath = outIdx !== -1 ? cliArgs[outIdx + 1] : join(dirPath, '.scanner', 'sbom-report.html');
+  const noVulns = cliArgs.includes('--no-vulnerabilities');
+
+  sbomExportReport({
+    directory_path: dirPath,
+    format,
+    include_vulnerabilities: !noVulns,
+    output_path: outputPath,
+    verbosity,
+  }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
 } else if (cliArgs[0] === 'scan-clawhub') {
   // Import and run SAFE ClawHub scanner (no code execution)
   await import('./src/cli/scan-clawhub-safe.js');
@@ -550,6 +691,12 @@ const cliArgs = process.argv.slice(2);
   console.log('    scan-action <t> <v>  Check agent action before execution');
   console.log('    audit [--config-path] Audit OpenClaw config for security issues [experimental]');
   console.log('    harden [--fix]       Auto-harden OpenClaw configuration [experimental]\n');
+  console.log('  SBOM / Supply Chain:');
+  console.log('    sbom-generate <dir>  Generate CycloneDX SBOM [--save] [--output <path>]');
+  console.log('    sbom-vulnerabilities <dir> Scan SBOM against OSV.dev [--sbom-path <path>]');
+  console.log('    sbom-check-hallucinations <dir> Check SBOM packages against registries');
+  console.log('    sbom-diff <dir>      Compare SBOM against baseline [--save-baseline]');
+  console.log('    sbom-report <dir>    Generate SBOM audit report [--format html|json]\n');
   console.log('    (no args)            Start MCP server on stdio\n');
   console.log('  Options:');
   console.log('    --verbosity <level>  minimal|compact|full (default: compact)');

package/openclaw.plugin.json

@@ -7,7 +7,7 @@
   "openclaw": {
     "extensions": ["tools", "skills"],
     "emoji": "shield",
-    "permissions": ["fs:read"]
+    "permissions": ["fs:read", "fs:write"]
   },
   "tools": [
     {
@@ -33,6 +33,26 @@
     {
       "name": "scanner_health",
       "description": "Check plugin health status"
+    },
+    {
+      "name": "sbom_generate",
+      "description": "Generate CycloneDX SBOM for a project"
+    },
+    {
+      "name": "sbom_scan_vulnerabilities",
+      "description": "Scan SBOM against OSV.dev vulnerability database"
+    },
+    {
+      "name": "sbom_check_hallucinations",
+      "description": "Check SBOM packages against official registries"
+    },
+    {
+      "name": "sbom_diff",
+      "description": "Compare current SBOM against stored baseline"
+    },
+    {
+      "name": "sbom_export_report",
+      "description": "Generate HTML/JSON SBOM audit report"
     }
   ],
   "skills": [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "4.1.0",
+  "version": "4.2.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
   "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",

package/src/lib/compliance-controls.js

@@ -1,6 +1,6 @@
-// src/lib/compliance-controls.js — AIUC-1 controls registry loader + schema validator.
+// src/lib/compliance-controls.js — Multi-framework controls registry loader + schema validator.
 
-import { readFileSync } from 'fs';
+import { readFileSync, readdirSync } from 'fs';
 import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
 
@@ -11,14 +11,15 @@ try {
   __dirname = process.cwd();
 }
 
-const KNOWN_DOMAINS = new Set(['security', 'safety']);
 const KNOWN_TOOLS = new Set([
   'scan_security', 'scan_agent_prompt', 'scan_project', 'scan_skill',
   'scan_mcp_server', 'scan_agent_action', 'scan_git_diff',
+  'sbom_generate', 'sbom_scan_vulnerabilities', 'sbom_check_hallucinations', 'sbom_diff',
 ]);
 const OWASP_TAG_RE = /^LLM\d{2}$/;
+const VALID_CHECK_OPS = new Set(['exists', 'eq', 'lte', 'gte']);
 
-let _cache = null;
+const _cache = new Map();
 
 /**
  * Validate the controls registry schema. Returns array of error strings (empty = valid).
@@ -36,6 +37,13 @@ export function validateRegistry(data) {
     return errors;
   }
 
+  // Validate registry-level domains array
+  if (!Array.isArray(data.domains) || data.domains.length === 0) {
+    errors.push('Registry must have a non-empty "domains" array');
+    return errors;
+  }
+  const registryDomains = new Set(data.domains);
+
   const ids = new Set();
   for (const ctrl of data.controls) {
     // Required fields
@@ -50,9 +58,9 @@ export function validateRegistry(data) {
     }
     ids.add(ctrl.id);
 
-    // Domain validation
-    if (ctrl.domain && !KNOWN_DOMAINS.has(ctrl.domain)) {
-      errors.push(`Control ${ctrl.id}: unknown domain "${ctrl.domain}"`);
+    // Domain validation — check against this registry's own domains
+    if (ctrl.domain && !registryDomains.has(ctrl.domain)) {
+      errors.push(`Control ${ctrl.id}: unknown domain "${ctrl.domain}" (registry allows: ${data.domains.join(', ')})`);
     }
 
     // Scanner tools validation
@@ -64,7 +72,7 @@ export function validateRegistry(data) {
       }
     }
 
-    // OWASP tags validation
+    // OWASP tags validation (optional — only validated when present)
     if (Array.isArray(ctrl.owasp_llm)) {
       for (const tag of ctrl.owasp_llm) {
         if (!OWASP_TAG_RE.test(tag)) {
@@ -73,6 +81,19 @@ export function validateRegistry(data) {
       }
     }
 
+    // References validation (optional — array of strings)
+    if (ctrl.references !== undefined) {
+      if (!Array.isArray(ctrl.references)) {
+        errors.push(`Control ${ctrl.id}: references must be an array`);
+      } else {
+        for (const ref of ctrl.references) {
+          if (typeof ref !== 'string') {
+            errors.push(`Control ${ctrl.id}: each reference must be a string`);
+          }
+        }
+      }
+    }
+
     // Evaluation field types
     if (ctrl.evaluation) {
       const ev = ctrl.evaluation;
@@ -102,6 +123,39 @@ export function validateRegistry(data) {
       if (ev.min_grade !== undefined && typeof ev.min_grade !== 'string') {
         errors.push(`Control ${ctrl.id}: evaluation.min_grade must be a string`);
       }
+
+      // evidence_checks validation (generic path-based checks for SOC2/GDPR controls)
+      if (ev.evidence_checks !== undefined) {
+        if (!Array.isArray(ev.evidence_checks)) {
+          errors.push(`Control ${ctrl.id}: evaluation.evidence_checks must be an array`);
+        } else {
+          for (let i = 0; i < ev.evidence_checks.length; i++) {
+            const check = ev.evidence_checks[i];
+            const prefix = `Control ${ctrl.id}: evidence_checks[${i}]`;
+            if (!check.path || typeof check.path !== 'string') {
+              errors.push(`${prefix}: must have a string "path"`);
+            }
+            if (!check.operator || !VALID_CHECK_OPS.has(check.operator)) {
+              errors.push(`${prefix}: operator must be one of: ${[...VALID_CHECK_OPS].join(', ')}`);
+            }
+            if (check.operator !== 'exists' && check.value === undefined) {
+              errors.push(`${prefix}: non-exists operators require a "value"`);
+            }
+            if (!check.on_fail || !['fail', 'partial', 'not_evaluated'].includes(check.on_fail)) {
+              errors.push(`${prefix}: on_fail must be "fail", "partial", or "not_evaluated"`);
+            }
+            if (check.not_evaluated_reason !== undefined && typeof check.not_evaluated_reason !== 'string') {
+              errors.push(`${prefix}: not_evaluated_reason must be a string`);
+            }
+            if (check.reason !== undefined && typeof check.reason !== 'string') {
+              errors.push(`${prefix}: reason must be a string`);
+            }
+            if (check.default !== undefined && typeof check.default !== 'number' && typeof check.default !== 'boolean') {
+              errors.push(`${prefix}: default must be a number or boolean`);
+            }
+          }
+        }
+      }
     }
   }
 
@@ -109,34 +163,42 @@ export function validateRegistry(data) {
 }
 
 /**
- * Load the AIUC-1 controls registry. Validates on first load.
+ * Load a controls registry by framework name. Validates on first load per framework.
+ * @param {string} [framework='aiuc-1'] - Framework identifier (maps to compliance/<framework>-controls.json)
  * @returns {object} The full registry object
  */
-export function loadControls() {
-  if (_cache) return _cache;
-
-  const controlsPath = join(__dirname, '..', '..', 'compliance', 'aiuc-1-controls.json');
-  const data = JSON.parse(readFileSync(controlsPath, 'utf-8'));
+export function loadControls(framework = 'aiuc-1') {
+  if (_cache.has(framework)) return _cache.get(framework);
+
+  const controlsPath = join(__dirname, '..', '..', 'compliance', `${framework}-controls.json`);
+  let raw;
+  try {
+    raw = readFileSync(controlsPath, 'utf-8');
+  } catch (err) {
+    throw new Error(`Cannot load controls registry for framework "${framework}": ${err.message}`);
+  }
+  const data = JSON.parse(raw);
 
   const errors = validateRegistry(data);
   if (errors.length > 0) {
-    throw new Error(`AIUC-1 controls registry validation failed:\n${errors.join('\n')}`);
+    throw new Error(`${framework} controls registry validation failed:\n${errors.join('\n')}`);
   }
 
-  _cache = data;
+  _cache.set(framework, data);
   return data;
 }
 
 /**
- * Filter controls by domain, control IDs, or OWASP tags.
+ * Filter controls by framework, domain, control IDs, or OWASP tags.
  * @param {object} [filters]
- * @param {string} [filters.domain] - 'security', 'safety', or 'all'
+ * @param {string} [filters.framework] - Framework to load (default: 'aiuc-1')
+ * @param {string} [filters.domain] - Domain name or 'all'
  * @param {string[]} [filters.controlIds] - Specific control IDs
  * @param {string[]} [filters.owaspFilter] - OWASP LLM tags to match
  * @returns {object[]} Filtered controls
  */
-export function filterControls({ domain, controlIds, owaspFilter } = {}) {
-  const registry = loadControls();
+export function filterControls({ framework = 'aiuc-1', domain, controlIds, owaspFilter } = {}) {
+  const registry = loadControls(framework);
   let controls = registry.controls;
 
   if (domain && domain !== 'all') {
@@ -158,7 +220,24 @@ export function filterControls({ domain, controlIds, owaspFilter } = {}) {
   return controls;
 }
 
+/**
+ * List available framework names by scanning the compliance directory.
+ * @returns {string[]} Available framework identifiers
+ */
+export function listFrameworks() {
+  const dir = join(__dirname, '..', '..', 'compliance');
+  try {
+    return readdirSync(dir)
+      .filter(f => f.endsWith('-controls.json'))
+      .map(f => f.replace('-controls.json', ''));
+  } catch {
+    return [];
+  }
+}
+
+export { KNOWN_TOOLS };
+
 // Reset cache (for testing)
 export function _resetCache() {
-  _cache = null;
+  _cache.clear();
 }