framework-mcp 1.1.3 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/.do/app.yaml +78 -0
  2. package/COPILOT_INTEGRATION.md +335 -0
  3. package/DEPLOYMENT_GUIDE.md +335 -0
  4. package/README.md +96 -3
  5. package/RELEASE_NOTES_v1.2.0.md +396 -0
  6. package/dist/core/capability-analyzer.d.ts +29 -0
  7. package/dist/core/capability-analyzer.d.ts.map +1 -0
  8. package/dist/core/capability-analyzer.js +568 -0
  9. package/dist/core/capability-analyzer.js.map +1 -0
  10. package/dist/core/safeguard-manager.d.ts +15 -0
  11. package/dist/core/safeguard-manager.d.ts.map +1 -0
  12. package/dist/core/safeguard-manager.js +315 -0
  13. package/dist/core/safeguard-manager.js.map +1 -0
  14. package/dist/index.d.ts +4 -0
  15. package/dist/index.d.ts.map +1 -1
  16. package/dist/index.js +13 -0
  17. package/dist/index.js.map +1 -1
  18. package/dist/interfaces/http/http-server.d.ts +17 -0
  19. package/dist/interfaces/http/http-server.d.ts.map +1 -0
  20. package/dist/interfaces/http/http-server.js +285 -0
  21. package/dist/interfaces/http/http-server.js.map +1 -0
  22. package/dist/interfaces/mcp/mcp-server.d.ts +18 -0
  23. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -0
  24. package/dist/interfaces/mcp/mcp-server.js +299 -0
  25. package/dist/interfaces/mcp/mcp-server.js.map +1 -0
  26. package/dist/shared/types.d.ts +89 -0
  27. package/dist/shared/types.d.ts.map +1 -0
  28. package/dist/shared/types.js +3 -0
  29. package/dist/shared/types.js.map +1 -0
  30. package/package.json +23 -7
  31. package/src/core/capability-analyzer.ts +708 -0
  32. package/src/core/safeguard-manager.ts +339 -0
  33. package/src/index.ts +17 -0
  34. package/src/interfaces/http/http-server.ts +360 -0
  35. package/src/interfaces/mcp/mcp-server.ts +367 -0
  36. package/src/shared/types.ts +104 -0
  37. package/swagger.json +718 -0
@@ -0,0 +1,367 @@
1
+ #!/usr/bin/env node
2
+
3
+ import { Server } from '@modelcontextprotocol/sdk/server/index.js';
4
+ import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
5
+ import {
6
+ CallToolRequestSchema,
7
+ ListToolsRequestSchema,
8
+ Tool,
9
+ } from '@modelcontextprotocol/sdk/types.js';
10
+
11
+ import { CapabilityAnalyzer } from '../../core/capability-analyzer.js';
12
+ import { SafeguardManager } from '../../core/safeguard-manager.js';
13
+
14
+ export class FrameworkMcpServer {
15
+ private server: Server;
16
+ private capabilityAnalyzer: CapabilityAnalyzer;
17
+ private safeguardManager: SafeguardManager;
18
+
19
+ constructor() {
20
+ this.server = new Server(
21
+ {
22
+ name: 'framework-analyzer',
23
+ version: '1.2.0',
24
+ }
25
+ );
26
+
27
+ this.capabilityAnalyzer = new CapabilityAnalyzer();
28
+ this.safeguardManager = new SafeguardManager();
29
+
30
+ this.setupHandlers();
31
+ }
32
+
33
+ private setupHandlers(): void {
34
+ // List available tools
35
+ this.server.setRequestHandler(ListToolsRequestSchema, async () => {
36
+ return {
37
+ tools: [
38
+ {
39
+ name: 'validate_vendor_mapping',
40
+ description: 'PRIMARY: Validate vendor capability claims with domain validation and evidence analysis',
41
+ inputSchema: {
42
+ type: 'object',
43
+ properties: {
44
+ vendor_name: {
45
+ type: 'string',
46
+ description: 'Name of the vendor/tool being analyzed'
47
+ },
48
+ safeguard_id: {
49
+ type: 'string',
50
+ description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
51
+ },
52
+ claimed_capability: {
53
+ type: 'string',
54
+ description: 'Claimed capability role',
55
+ enum: ['full', 'partial', 'facilitates', 'governance', 'validates']
56
+ },
57
+ supporting_text: {
58
+ type: 'string',
59
+ description: 'Vendor text supporting their capability claim'
60
+ }
61
+ },
62
+ required: ['vendor_name', 'safeguard_id', 'claimed_capability', 'supporting_text']
63
+ }
64
+ } as Tool,
65
+ {
66
+ name: 'analyze_vendor_response',
67
+ description: 'Determine vendor tool capability role for specific safeguard',
68
+ inputSchema: {
69
+ type: 'object',
70
+ properties: {
71
+ vendor_name: {
72
+ type: 'string',
73
+ description: 'Name of the vendor'
74
+ },
75
+ safeguard_id: {
76
+ type: 'string',
77
+ description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
78
+ },
79
+ response_text: {
80
+ type: 'string',
81
+ description: 'Vendor response text to analyze'
82
+ }
83
+ },
84
+ required: ['vendor_name', 'safeguard_id', 'response_text']
85
+ }
86
+ } as Tool,
87
+ {
88
+ name: 'validate_coverage_claim',
89
+ description: 'Validate FULL/PARTIAL implementation capability claims',
90
+ inputSchema: {
91
+ type: 'object',
92
+ properties: {
93
+ vendor_name: {
94
+ type: 'string',
95
+ description: 'Name of the vendor'
96
+ },
97
+ safeguard_id: {
98
+ type: 'string',
99
+ description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
100
+ },
101
+ claimed_capability: {
102
+ type: 'string',
103
+ description: 'Claimed capability (typically "full" or "partial")',
104
+ enum: ['full', 'partial', 'facilitates', 'governance', 'validates']
105
+ },
106
+ response_text: {
107
+ type: 'string',
108
+ description: 'Vendor response text supporting the claim'
109
+ }
110
+ },
111
+ required: ['vendor_name', 'safeguard_id', 'claimed_capability', 'response_text']
112
+ }
113
+ } as Tool,
114
+ {
115
+ name: 'get_safeguard_details',
116
+ description: 'Get detailed safeguard breakdown',
117
+ inputSchema: {
118
+ type: 'object',
119
+ properties: {
120
+ safeguard_id: {
121
+ type: 'string',
122
+ description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
123
+ },
124
+ include_examples: {
125
+ type: 'boolean',
126
+ description: 'Include implementation examples (default: false)'
127
+ }
128
+ },
129
+ required: ['safeguard_id']
130
+ }
131
+ } as Tool,
132
+ {
133
+ name: 'list_available_safeguards',
134
+ description: 'List all available CIS safeguards',
135
+ inputSchema: {
136
+ type: 'object',
137
+ properties: {},
138
+ additionalProperties: false
139
+ }
140
+ } as Tool,
141
+ ],
142
+ };
143
+ });
144
+
145
+ // Handle tool calls
146
+ this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
147
+ const { name, arguments: args } = request.params;
148
+
149
+ try {
150
+ switch (name) {
151
+ case 'validate_vendor_mapping':
152
+ return await this.validateVendorMapping(args);
153
+
154
+ case 'analyze_vendor_response':
155
+ return await this.analyzeVendorResponse(args);
156
+
157
+ case 'validate_coverage_claim':
158
+ return await this.validateCoverageClaim(args);
159
+
160
+ case 'get_safeguard_details':
161
+ return await this.getSafeguardDetails(args);
162
+
163
+ case 'list_available_safeguards':
164
+ return await this.listAvailableSafeguards();
165
+
166
+ default:
167
+ throw new Error(`Unknown tool: ${name}`);
168
+ }
169
+ } catch (error) {
170
+ const errorMessage = this.formatErrorMessage(error, name);
171
+ console.error(`[Framework MCP] Tool execution error: ${name}`, error);
172
+
173
+ return {
174
+ content: [
175
+ {
176
+ type: 'text',
177
+ text: JSON.stringify({
178
+ error: errorMessage,
179
+ timestamp: new Date().toISOString()
180
+ }, null, 2),
181
+ },
182
+ ],
183
+ };
184
+ }
185
+ });
186
+ }
187
+
188
+ private async validateVendorMapping(args: any) {
189
+ const { vendor_name = 'Unknown Vendor', safeguard_id, claimed_capability, supporting_text } = args;
190
+
191
+ // Input validation
192
+ this.validateTextInput(supporting_text, 'Supporting text');
193
+ this.validateCapability(claimed_capability);
194
+ this.safeguardManager.validateSafeguardId(safeguard_id);
195
+
196
+ const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
197
+ if (!safeguard) {
198
+ throw new Error(`Safeguard ${safeguard_id} not found`);
199
+ }
200
+
201
+ const validation = this.capabilityAnalyzer.validateVendorMapping(
202
+ vendor_name,
203
+ safeguard_id,
204
+ claimed_capability,
205
+ supporting_text,
206
+ safeguard
207
+ );
208
+
209
+ return {
210
+ content: [
211
+ {
212
+ type: 'text',
213
+ text: JSON.stringify(validation, null, 2),
214
+ },
215
+ ],
216
+ };
217
+ }
218
+
219
+ private async analyzeVendorResponse(args: any) {
220
+ const { vendor_name = 'Unknown Vendor', safeguard_id, response_text } = args;
221
+
222
+ this.validateTextInput(response_text, 'Response text');
223
+ this.safeguardManager.validateSafeguardId(safeguard_id);
224
+
225
+ const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
226
+ if (!safeguard) {
227
+ throw new Error(`Safeguard ${safeguard_id} not found`);
228
+ }
229
+
230
+ const analysis = this.capabilityAnalyzer.performCapabilityAnalysis(vendor_name, safeguard, response_text);
231
+
232
+ return {
233
+ content: [
234
+ {
235
+ type: 'text',
236
+ text: JSON.stringify(analysis, null, 2),
237
+ },
238
+ ],
239
+ };
240
+ }
241
+
242
+ private async validateCoverageClaim(args: any) {
243
+ const { vendor_name = 'Unknown Vendor', safeguard_id, claimed_capability, response_text } = args;
244
+
245
+ this.validateTextInput(response_text, 'Response text');
246
+ this.validateCapability(claimed_capability);
247
+ this.safeguardManager.validateSafeguardId(safeguard_id);
248
+
249
+ const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
250
+ if (!safeguard) {
251
+ throw new Error(`Safeguard ${safeguard_id} not found`);
252
+ }
253
+
254
+ // Use the primary validation method for coverage claims
255
+ const validation = this.capabilityAnalyzer.validateVendorMapping(
256
+ vendor_name,
257
+ safeguard_id,
258
+ claimed_capability,
259
+ response_text,
260
+ safeguard
261
+ );
262
+
263
+ return {
264
+ content: [
265
+ {
266
+ type: 'text',
267
+ text: JSON.stringify(validation, null, 2),
268
+ },
269
+ ],
270
+ };
271
+ }
272
+
273
+ private async getSafeguardDetails(args: any) {
274
+ const { safeguard_id, include_examples = false } = args;
275
+
276
+ this.safeguardManager.validateSafeguardId(safeguard_id);
277
+
278
+ const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id, include_examples);
279
+ if (!safeguard) {
280
+ throw new Error(`Safeguard ${safeguard_id} not found`);
281
+ }
282
+
283
+ return {
284
+ content: [
285
+ {
286
+ type: 'text',
287
+ text: JSON.stringify(safeguard, null, 2),
288
+ },
289
+ ],
290
+ };
291
+ }
292
+
293
+ private async listAvailableSafeguards() {
294
+ const safeguards = this.safeguardManager.listAvailableSafeguards();
295
+
296
+ return {
297
+ content: [
298
+ {
299
+ type: 'text',
300
+ text: JSON.stringify({
301
+ safeguards,
302
+ total: safeguards.length,
303
+ framework: 'CIS Controls v8.1',
304
+ version: '1.2.0'
305
+ }, null, 2),
306
+ },
307
+ ],
308
+ };
309
+ }
310
+
311
+ private validateTextInput(text: string, fieldName: string): void {
312
+ if (typeof text !== 'string') {
313
+ throw new Error(`${fieldName} must be a string`);
314
+ }
315
+
316
+ if (text.length < 10) {
317
+ throw new Error(`${fieldName} must be at least 10 characters long`);
318
+ }
319
+
320
+ if (text.length > 10000) {
321
+ throw new Error(`${fieldName} must be less than 10,000 characters`);
322
+ }
323
+ }
324
+
325
+ private validateCapability(capability: string): void {
326
+ const validCapabilities = ['full', 'partial', 'facilitates', 'governance', 'validates'];
327
+
328
+ if (!validCapabilities.includes(capability.toLowerCase())) {
329
+ throw new Error(`Invalid capability '${capability}'. Valid options: ${validCapabilities.join(', ')}`);
330
+ }
331
+ }
332
+
333
+ private formatErrorMessage(error: unknown, toolName: string): string {
334
+ if (error instanceof Error) {
335
+ // Provide helpful guidance for common errors
336
+ if (error.message.includes('Safeguard') && error.message.includes('not found')) {
337
+ return `${error.message}. Use list_available_safeguards to see all available options.`;
338
+ }
339
+
340
+ if (error.message.includes('Invalid capability')) {
341
+ return `${error.message}. Capability roles determine what function the vendor tool plays in safeguard implementation.`;
342
+ }
343
+
344
+ if (error.message.includes('characters')) {
345
+ return `${error.message}. Ensure your input text is substantive enough for analysis.`;
346
+ }
347
+
348
+ return error.message;
349
+ }
350
+
351
+ return `Unknown error in tool ${toolName}`;
352
+ }
353
+
354
+ public async run(): Promise<void> {
355
+ const transport = new StdioServerTransport();
356
+ await this.server.connect(transport);
357
+
358
+ console.error('🤖 Framework MCP Server v1.2.0 running via stdio');
359
+ console.error('📊 Capability assessment with domain validation enabled');
360
+ }
361
+ }
362
+
363
+ // Start server if this file is run directly
364
+ if (import.meta.url === `file://${process.argv[1]}`) {
365
+ const server = new FrameworkMcpServer();
366
+ server.run().catch(console.error);
367
+ }
@@ -0,0 +1,104 @@
1
+ // Shared TypeScript types for dual architecture
2
+
3
+ export interface SafeguardElement {
4
+ id: string;
5
+ title: string;
6
+ description: string;
7
+ implementationGroup: 'IG1' | 'IG2' | 'IG3';
8
+ assetType: string[];
9
+ securityFunction: string[];
10
+ // Color-coded elements from the CIS visualizations
11
+ governanceElements: string[]; // Orange - MUST be met
12
+ coreRequirements: string[]; // Green - The "what" of the safeguard
13
+ subTaxonomicalElements: string[]; // Yellow - Sub-taxonomical elements
14
+ implementationSuggestions: string[]; // Gray - Suggestions for implementation
15
+ relatedSafeguards: string[];
16
+ keywords: string[];
17
+ }
18
+
19
+ export interface VendorAnalysis {
20
+ vendor: string;
21
+ safeguardId: string;
22
+ safeguardTitle: string;
23
+ // Primary capability categorization - what role does this tool play?
24
+ capability: 'full' | 'partial' | 'facilitates' | 'governance' | 'validates';
25
+ // Detailed capability breakdown
26
+ capabilities: {
27
+ full: boolean; // Directly implements the core safeguard functionality
28
+ partial: boolean; // Implements limited aspects of the safeguard
29
+ facilitates: boolean; // Enhances or enables safeguard implementation by others
30
+ governance: boolean; // Provides policy, process, and oversight capabilities
31
+ validates: boolean; // Provides evidence, audit, and validation reporting
32
+ };
33
+ confidence: number;
34
+ reasoning: string;
35
+ evidence: string[];
36
+ // Capability-focused descriptions (replaces element coverage scoring)
37
+ toolCapabilityDescription: string; // What type of tool this is and its role
38
+ recommendedUse: string; // How practitioners should use this tool
39
+ }
40
+
41
+ export interface DomainValidationResult {
42
+ vendor: string;
43
+ safeguard_id: string;
44
+ safeguard_title: string;
45
+ claimed_capability: string;
46
+ validation_status: 'SUPPORTED' | 'QUESTIONABLE' | 'UNSUPPORTED';
47
+ confidence_score: number;
48
+ evidence_analysis: {
49
+ core_requirements_coverage: number;
50
+ sub_elements_coverage: number;
51
+ governance_alignment: number;
52
+ language_consistency: number;
53
+ };
54
+ domain_validation: {
55
+ required_tool_type: string;
56
+ detected_tool_type: string;
57
+ domain_match: boolean;
58
+ capability_adjusted: boolean;
59
+ original_claim?: string;
60
+ };
61
+ gaps_identified: string[];
62
+ strengths_identified: string[];
63
+ recommendations: string[];
64
+ detailed_feedback: string;
65
+ }
66
+
67
+ export interface PerformanceMetrics {
68
+ uptime: number;
69
+ totalRequests: number;
70
+ errorCount: number;
71
+ requestCounts: Map<string, number>;
72
+ executionTimes: Map<string, number[]>;
73
+ lastStatsLog: number;
74
+ }
75
+
76
+ export interface CacheEntry<T> {
77
+ data: T;
78
+ timestamp: number;
79
+ }
80
+
81
+ export interface QualityAssessment {
82
+ quality: 'excellent' | 'good' | 'fair' | 'poor';
83
+ confidence: number;
84
+ evidence: string[];
85
+ gaps: string[];
86
+ }
87
+
88
+ export type CapabilityType = 'full' | 'partial' | 'facilitates' | 'governance' | 'validates';
89
+
90
+ // Domain-specific validation mapping
91
+ export interface DomainRequirement {
92
+ domain: string;
93
+ required_tool_types: string[];
94
+ description: string;
95
+ }
96
+
97
+ // Tool type detection weights
98
+ export interface ToolTypeWeights {
99
+ [toolType: string]: {
100
+ keywords: string[];
101
+ baseWeight: number;
102
+ contextBonuses: string[];
103
+ };
104
+ }