framework-mcp 1.1.3 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/.do/app.yaml +78 -0
  2. package/COPILOT_INTEGRATION.md +335 -0
  3. package/DEPLOYMENT_GUIDE.md +335 -0
  4. package/README.md +96 -3
  5. package/RELEASE_NOTES_v1.2.0.md +396 -0
  6. package/dist/core/capability-analyzer.d.ts +29 -0
  7. package/dist/core/capability-analyzer.d.ts.map +1 -0
  8. package/dist/core/capability-analyzer.js +568 -0
  9. package/dist/core/capability-analyzer.js.map +1 -0
  10. package/dist/core/safeguard-manager.d.ts +15 -0
  11. package/dist/core/safeguard-manager.d.ts.map +1 -0
  12. package/dist/core/safeguard-manager.js +315 -0
  13. package/dist/core/safeguard-manager.js.map +1 -0
  14. package/dist/index.d.ts +4 -0
  15. package/dist/index.d.ts.map +1 -1
  16. package/dist/index.js +13 -0
  17. package/dist/index.js.map +1 -1
  18. package/dist/interfaces/http/http-server.d.ts +17 -0
  19. package/dist/interfaces/http/http-server.d.ts.map +1 -0
  20. package/dist/interfaces/http/http-server.js +285 -0
  21. package/dist/interfaces/http/http-server.js.map +1 -0
  22. package/dist/interfaces/mcp/mcp-server.d.ts +18 -0
  23. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -0
  24. package/dist/interfaces/mcp/mcp-server.js +299 -0
  25. package/dist/interfaces/mcp/mcp-server.js.map +1 -0
  26. package/dist/shared/types.d.ts +89 -0
  27. package/dist/shared/types.d.ts.map +1 -0
  28. package/dist/shared/types.js +3 -0
  29. package/dist/shared/types.js.map +1 -0
  30. package/package.json +23 -7
  31. package/src/core/capability-analyzer.ts +708 -0
  32. package/src/core/safeguard-manager.ts +339 -0
  33. package/src/index.ts +17 -0
  34. package/src/interfaces/http/http-server.ts +360 -0
  35. package/src/interfaces/mcp/mcp-server.ts +367 -0
  36. package/src/shared/types.ts +104 -0
  37. package/swagger.json +718 -0
package/swagger.json ADDED
@@ -0,0 +1,718 @@
1
+ {
2
+ "openapi": "3.0.3",
3
+ "info": {
4
+ "title": "Framework MCP API - CIS Controls Capability Assessment",
5
+ "description": "Microsoft Copilot-compatible API for vendor capability assessment against CIS Controls Framework. Determines vendor tool roles (FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES) with domain validation and auto-downgrade protection.",
6
+ "version": "1.2.0",
7
+ "contact": {
8
+ "name": "Framework MCP Support",
9
+ "url": "https://github.com/therealcybermattlee/FrameworkMCP"
10
+ },
11
+ "license": {
12
+ "name": "MIT",
13
+ "url": "https://opensource.org/licenses/MIT"
14
+ }
15
+ },
16
+ "servers": [
17
+ {
18
+ "url": "https://your-deployment.ondigitalocean.app",
19
+ "description": "Production DigitalOcean App Services deployment"
20
+ },
21
+ {
22
+ "url": "http://localhost:8080",
23
+ "description": "Local development server"
24
+ }
25
+ ],
26
+ "paths": {
27
+ "/health": {
28
+ "get": {
29
+ "summary": "Health Check",
30
+ "description": "Check API health status and performance metrics",
31
+ "operationId": "healthCheck",
32
+ "tags": ["Monitoring"],
33
+ "responses": {
34
+ "200": {
35
+ "description": "Service is healthy",
36
+ "content": {
37
+ "application/json": {
38
+ "schema": {
39
+ "$ref": "#/components/schemas/HealthResponse"
40
+ }
41
+ }
42
+ }
43
+ }
44
+ }
45
+ }
46
+ },
47
+ "/api/validate-vendor-mapping": {
48
+ "post": {
49
+ "summary": "Validate Vendor Capability Mapping (PRIMARY)",
50
+ "description": "Primary endpoint for validating vendor capability claims against CIS safeguards with domain validation and auto-downgrade protection. Use this for evidence-based capability assessment.",
51
+ "operationId": "validateVendorMapping",
52
+ "tags": ["Capability Assessment"],
53
+ "requestBody": {
54
+ "required": true,
55
+ "content": {
56
+ "application/json": {
57
+ "schema": {
58
+ "$ref": "#/components/schemas/VendorMappingRequest"
59
+ }
60
+ }
61
+ }
62
+ },
63
+ "responses": {
64
+ "200": {
65
+ "description": "Validation completed successfully",
66
+ "content": {
67
+ "application/json": {
68
+ "schema": {
69
+ "$ref": "#/components/schemas/ValidationResponse"
70
+ }
71
+ }
72
+ }
73
+ },
74
+ "400": {
75
+ "description": "Invalid request parameters",
76
+ "content": {
77
+ "application/json": {
78
+ "schema": {
79
+ "$ref": "#/components/schemas/ErrorResponse"
80
+ }
81
+ }
82
+ }
83
+ },
84
+ "404": {
85
+ "description": "Safeguard not found",
86
+ "content": {
87
+ "application/json": {
88
+ "schema": {
89
+ "$ref": "#/components/schemas/ErrorResponse"
90
+ }
91
+ }
92
+ }
93
+ }
94
+ }
95
+ }
96
+ },
97
+ "/api/analyze-vendor-response": {
98
+ "post": {
99
+ "summary": "Analyze Vendor Response",
100
+ "description": "Analyze vendor response text to determine appropriate capability role with domain validation",
101
+ "operationId": "analyzeVendorResponse",
102
+ "tags": ["Capability Assessment"],
103
+ "requestBody": {
104
+ "required": true,
105
+ "content": {
106
+ "application/json": {
107
+ "schema": {
108
+ "$ref": "#/components/schemas/AnalysisRequest"
109
+ }
110
+ }
111
+ }
112
+ },
113
+ "responses": {
114
+ "200": {
115
+ "description": "Analysis completed successfully",
116
+ "content": {
117
+ "application/json": {
118
+ "schema": {
119
+ "$ref": "#/components/schemas/AnalysisResponse"
120
+ }
121
+ }
122
+ }
123
+ },
124
+ "400": {
125
+ "description": "Invalid request parameters",
126
+ "content": {
127
+ "application/json": {
128
+ "schema": {
129
+ "$ref": "#/components/schemas/ErrorResponse"
130
+ }
131
+ }
132
+ }
133
+ },
134
+ "404": {
135
+ "description": "Safeguard not found",
136
+ "content": {
137
+ "application/json": {
138
+ "schema": {
139
+ "$ref": "#/components/schemas/ErrorResponse"
140
+ }
141
+ }
142
+ }
143
+ }
144
+ }
145
+ }
146
+ },
147
+ "/api/validate-coverage-claim": {
148
+ "post": {
149
+ "summary": "Validate Coverage Claim",
150
+ "description": "Validate specific FULL or PARTIAL capability claims with supporting evidence",
151
+ "operationId": "validateCoverageClaim",
152
+ "tags": ["Capability Assessment"],
153
+ "requestBody": {
154
+ "required": true,
155
+ "content": {
156
+ "application/json": {
157
+ "schema": {
158
+ "$ref": "#/components/schemas/CoverageClaimRequest"
159
+ }
160
+ }
161
+ }
162
+ },
163
+ "responses": {
164
+ "200": {
165
+ "description": "Coverage claim validation completed",
166
+ "content": {
167
+ "application/json": {
168
+ "schema": {
169
+ "$ref": "#/components/schemas/ValidationResponse"
170
+ }
171
+ }
172
+ }
173
+ },
174
+ "400": {
175
+ "description": "Invalid request parameters",
176
+ "content": {
177
+ "application/json": {
178
+ "schema": {
179
+ "$ref": "#/components/schemas/ErrorResponse"
180
+ }
181
+ }
182
+ }
183
+ },
184
+ "404": {
185
+ "description": "Safeguard not found",
186
+ "content": {
187
+ "application/json": {
188
+ "schema": {
189
+ "$ref": "#/components/schemas/ErrorResponse"
190
+ }
191
+ }
192
+ }
193
+ }
194
+ }
195
+ }
196
+ },
197
+ "/api/safeguards": {
198
+ "get": {
199
+ "summary": "List Available Safeguards",
200
+ "description": "Get a list of all available CIS Controls v8.1 safeguards (153 total)",
201
+ "operationId": "listSafeguards",
202
+ "tags": ["Safeguards"],
203
+ "responses": {
204
+ "200": {
205
+ "description": "List of available safeguards",
206
+ "content": {
207
+ "application/json": {
208
+ "schema": {
209
+ "$ref": "#/components/schemas/SafeguardListResponse"
210
+ }
211
+ }
212
+ }
213
+ }
214
+ }
215
+ }
216
+ },
217
+ "/api/safeguards/{safeguardId}": {
218
+ "get": {
219
+ "summary": "Get Safeguard Details",
220
+ "description": "Get detailed information about a specific CIS safeguard including governance elements, core requirements, and implementation suggestions",
221
+ "operationId": "getSafeguardDetails",
222
+ "tags": ["Safeguards"],
223
+ "parameters": [
224
+ {
225
+ "name": "safeguardId",
226
+ "in": "path",
227
+ "required": true,
228
+ "description": "CIS safeguard ID (e.g., '1.1', '5.1', '12.8')",
229
+ "schema": {
230
+ "type": "string",
231
+ "pattern": "^[0-9]+\\.[0-9]+$",
232
+ "example": "1.1"
233
+ }
234
+ },
235
+ {
236
+ "name": "include_examples",
237
+ "in": "query",
238
+ "required": false,
239
+ "description": "Include implementation examples in response",
240
+ "schema": {
241
+ "type": "boolean",
242
+ "default": false
243
+ }
244
+ }
245
+ ],
246
+ "responses": {
247
+ "200": {
248
+ "description": "Safeguard details retrieved successfully",
249
+ "content": {
250
+ "application/json": {
251
+ "schema": {
252
+ "$ref": "#/components/schemas/SafeguardDetails"
253
+ }
254
+ }
255
+ }
256
+ },
257
+ "400": {
258
+ "description": "Invalid safeguard ID format",
259
+ "content": {
260
+ "application/json": {
261
+ "schema": {
262
+ "$ref": "#/components/schemas/ErrorResponse"
263
+ }
264
+ }
265
+ }
266
+ },
267
+ "404": {
268
+ "description": "Safeguard not found",
269
+ "content": {
270
+ "application/json": {
271
+ "schema": {
272
+ "$ref": "#/components/schemas/ErrorResponse"
273
+ }
274
+ }
275
+ }
276
+ }
277
+ }
278
+ }
279
+ },
280
+ "/api/metrics": {
281
+ "get": {
282
+ "summary": "Performance Metrics",
283
+ "description": "Get API performance metrics and usage statistics",
284
+ "operationId": "getMetrics",
285
+ "tags": ["Monitoring"],
286
+ "responses": {
287
+ "200": {
288
+ "description": "Performance metrics",
289
+ "content": {
290
+ "application/json": {
291
+ "schema": {
292
+ "$ref": "#/components/schemas/MetricsResponse"
293
+ }
294
+ }
295
+ }
296
+ }
297
+ }
298
+ }
299
+ }
300
+ },
301
+ "components": {
302
+ "schemas": {
303
+ "CapabilityRole": {
304
+ "type": "string",
305
+ "enum": ["full", "partial", "facilitates", "governance", "validates"],
306
+ "description": "Vendor tool capability roles:\n- FULL: Complete implementation of safeguard (requires domain-appropriate tool)\n- PARTIAL: Limited scope implementation (requires domain-appropriate tool)\n- FACILITATES: Enhancement capabilities (no tool type restrictions)\n- GOVERNANCE: Policy/process management (no tool type restrictions)\n- VALIDATES: Evidence collection and reporting (no tool type restrictions)"
307
+ },
308
+ "VendorMappingRequest": {
309
+ "type": "object",
310
+ "required": ["vendor_name", "safeguard_id", "claimed_capability", "supporting_text"],
311
+ "properties": {
312
+ "vendor_name": {
313
+ "type": "string",
314
+ "description": "Name of the vendor or tool being analyzed",
315
+ "minLength": 1,
316
+ "maxLength": 100,
317
+ "example": "CrowdStrike Falcon"
318
+ },
319
+ "safeguard_id": {
320
+ "type": "string",
321
+ "pattern": "^[0-9]+\\.[0-9]+$",
322
+ "description": "CIS safeguard ID (format: X.Y)",
323
+ "example": "1.1"
324
+ },
325
+ "claimed_capability": {
326
+ "$ref": "#/components/schemas/CapabilityRole"
327
+ },
328
+ "supporting_text": {
329
+ "type": "string",
330
+ "description": "Vendor response or documentation supporting their capability claim",
331
+ "minLength": 10,
332
+ "maxLength": 10000,
333
+ "example": "Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets across the organization."
334
+ }
335
+ }
336
+ },
337
+ "AnalysisRequest": {
338
+ "type": "object",
339
+ "required": ["vendor_name", "safeguard_id", "response_text"],
340
+ "properties": {
341
+ "vendor_name": {
342
+ "type": "string",
343
+ "description": "Name of the vendor",
344
+ "minLength": 1,
345
+ "maxLength": 100,
346
+ "example": "Microsoft Defender"
347
+ },
348
+ "safeguard_id": {
349
+ "type": "string",
350
+ "pattern": "^[0-9]+\\.[0-9]+$",
351
+ "description": "CIS safeguard ID",
352
+ "example": "5.1"
353
+ },
354
+ "response_text": {
355
+ "type": "string",
356
+ "description": "Vendor response text to analyze for capability determination",
357
+ "minLength": 10,
358
+ "maxLength": 10000,
359
+ "example": "We provide centralized account management with role-based access controls, automated provisioning and deprovisioning, and integration with Active Directory for enterprise identity management."
360
+ }
361
+ }
362
+ },
363
+ "CoverageClaimRequest": {
364
+ "type": "object",
365
+ "required": ["vendor_name", "safeguard_id", "claimed_capability", "response_text"],
366
+ "properties": {
367
+ "vendor_name": {
368
+ "type": "string",
369
+ "description": "Name of the vendor",
370
+ "minLength": 1,
371
+ "maxLength": 100,
372
+ "example": "Qualys VMDR"
373
+ },
374
+ "safeguard_id": {
375
+ "type": "string",
376
+ "pattern": "^[0-9]+\\.[0-9]+$",
377
+ "description": "CIS safeguard ID",
378
+ "example": "7.1"
379
+ },
380
+ "claimed_capability": {
381
+ "$ref": "#/components/schemas/CapabilityRole"
382
+ },
383
+ "response_text": {
384
+ "type": "string",
385
+ "description": "Supporting evidence for the capability claim",
386
+ "minLength": 10,
387
+ "maxLength": 10000,
388
+ "example": "Our vulnerability management platform performs continuous scanning, prioritizes vulnerabilities based on risk, provides automated remediation guidance, and tracks remediation progress across the entire infrastructure."
389
+ }
390
+ }
391
+ },
392
+ "ValidationResponse": {
393
+ "type": "object",
394
+ "properties": {
395
+ "vendor_name": {
396
+ "type": "string",
397
+ "example": "CrowdStrike Falcon"
398
+ },
399
+ "safeguard_id": {
400
+ "type": "string",
401
+ "example": "1.1"
402
+ },
403
+ "claimed_capability": {
404
+ "$ref": "#/components/schemas/CapabilityRole"
405
+ },
406
+ "validated_capability": {
407
+ "$ref": "#/components/schemas/CapabilityRole"
408
+ },
409
+ "validation_status": {
410
+ "type": "string",
411
+ "enum": ["SUPPORTED", "QUESTIONABLE", "UNSUPPORTED"],
412
+ "description": "Overall validation result"
413
+ },
414
+ "confidence_score": {
415
+ "type": "number",
416
+ "minimum": 0,
417
+ "maximum": 100,
418
+ "description": "Confidence percentage in the assessment"
419
+ },
420
+ "domain_validation": {
421
+ "type": "object",
422
+ "properties": {
423
+ "tool_type": {
424
+ "type": "string",
425
+ "description": "Detected tool type category"
426
+ },
427
+ "domain_appropriate": {
428
+ "type": "boolean",
429
+ "description": "Whether tool type is appropriate for claimed capability"
430
+ },
431
+ "auto_downgrade_applied": {
432
+ "type": "boolean",
433
+ "description": "Whether capability was auto-downgraded due to domain mismatch"
434
+ }
435
+ }
436
+ },
437
+ "evidence_analysis": {
438
+ "type": "object",
439
+ "properties": {
440
+ "core_requirements_score": {
441
+ "type": "number",
442
+ "minimum": 0,
443
+ "maximum": 100
444
+ },
445
+ "governance_elements_score": {
446
+ "type": "number",
447
+ "minimum": 0,
448
+ "maximum": 100
449
+ },
450
+ "sub_elements_score": {
451
+ "type": "number",
452
+ "minimum": 0,
453
+ "maximum": 100
454
+ },
455
+ "language_consistency_score": {
456
+ "type": "number",
457
+ "minimum": 0,
458
+ "maximum": 100
459
+ }
460
+ }
461
+ },
462
+ "reasoning": {
463
+ "type": "string",
464
+ "description": "Detailed explanation of the validation decision"
465
+ },
466
+ "recommendations": {
467
+ "type": "array",
468
+ "items": {
469
+ "type": "string"
470
+ },
471
+ "description": "Actionable recommendations for capability improvement"
472
+ },
473
+ "timestamp": {
474
+ "type": "string",
475
+ "format": "date-time"
476
+ }
477
+ }
478
+ },
479
+ "AnalysisResponse": {
480
+ "type": "object",
481
+ "properties": {
482
+ "vendor_name": {
483
+ "type": "string"
484
+ },
485
+ "safeguard_id": {
486
+ "type": "string"
487
+ },
488
+ "determined_capability": {
489
+ "$ref": "#/components/schemas/CapabilityRole"
490
+ },
491
+ "confidence_score": {
492
+ "type": "number",
493
+ "minimum": 0,
494
+ "maximum": 100
495
+ },
496
+ "domain_validation": {
497
+ "type": "object",
498
+ "properties": {
499
+ "tool_type": {
500
+ "type": "string"
501
+ },
502
+ "domain_appropriate": {
503
+ "type": "boolean"
504
+ }
505
+ }
506
+ },
507
+ "analysis_details": {
508
+ "type": "object",
509
+ "properties": {
510
+ "core_coverage": {
511
+ "type": "number",
512
+ "minimum": 0,
513
+ "maximum": 100
514
+ },
515
+ "implementation_depth": {
516
+ "type": "number",
517
+ "minimum": 0,
518
+ "maximum": 100
519
+ },
520
+ "governance_support": {
521
+ "type": "number",
522
+ "minimum": 0,
523
+ "maximum": 100
524
+ }
525
+ }
526
+ },
527
+ "reasoning": {
528
+ "type": "string"
529
+ },
530
+ "timestamp": {
531
+ "type": "string",
532
+ "format": "date-time"
533
+ }
534
+ }
535
+ },
536
+ "SafeguardListResponse": {
537
+ "type": "object",
538
+ "properties": {
539
+ "safeguards": {
540
+ "type": "array",
541
+ "items": {
542
+ "type": "object",
543
+ "properties": {
544
+ "id": {
545
+ "type": "string",
546
+ "example": "1.1"
547
+ },
548
+ "title": {
549
+ "type": "string",
550
+ "example": "Establish and Maintain Detailed Enterprise Asset Inventory"
551
+ },
552
+ "implementationGroup": {
553
+ "type": "string",
554
+ "enum": ["IG1", "IG2", "IG3"],
555
+ "example": "IG1"
556
+ }
557
+ }
558
+ }
559
+ },
560
+ "total": {
561
+ "type": "integer",
562
+ "example": 153
563
+ },
564
+ "framework": {
565
+ "type": "string",
566
+ "example": "CIS Controls v8.1"
567
+ },
568
+ "timestamp": {
569
+ "type": "string",
570
+ "format": "date-time"
571
+ }
572
+ }
573
+ },
574
+ "SafeguardDetails": {
575
+ "type": "object",
576
+ "properties": {
577
+ "id": {
578
+ "type": "string",
579
+ "example": "1.1"
580
+ },
581
+ "title": {
582
+ "type": "string",
583
+ "example": "Establish and Maintain Detailed Enterprise Asset Inventory"
584
+ },
585
+ "description": {
586
+ "type": "string",
587
+ "description": "Detailed description of the safeguard requirements"
588
+ },
589
+ "implementationGroup": {
590
+ "type": "string",
591
+ "enum": ["IG1", "IG2", "IG3"],
592
+ "example": "IG1"
593
+ },
594
+ "governanceElements": {
595
+ "type": "array",
596
+ "items": {
597
+ "type": "string"
598
+ },
599
+ "description": "Governance requirements that MUST be met (Orange elements)"
600
+ },
601
+ "coreRequirements": {
602
+ "type": "array",
603
+ "items": {
604
+ "type": "string"
605
+ },
606
+ "description": "Core 'what' requirements of the safeguard (Green elements)"
607
+ },
608
+ "subTaxonomicalElements": {
609
+ "type": "array",
610
+ "items": {
611
+ "type": "string"
612
+ },
613
+ "description": "Sub-taxonomical components (Yellow elements)"
614
+ },
615
+ "implementationSuggestions": {
616
+ "type": "array",
617
+ "items": {
618
+ "type": "string"
619
+ },
620
+ "description": "Implementation methods and suggestions (Gray elements)"
621
+ }
622
+ }
623
+ },
624
+ "HealthResponse": {
625
+ "type": "object",
626
+ "properties": {
627
+ "status": {
628
+ "type": "string",
629
+ "example": "healthy"
630
+ },
631
+ "uptime": {
632
+ "type": "integer",
633
+ "description": "Uptime in seconds"
634
+ },
635
+ "totalRequests": {
636
+ "type": "integer",
637
+ "description": "Total requests processed"
638
+ },
639
+ "errorCount": {
640
+ "type": "integer",
641
+ "description": "Total errors encountered"
642
+ },
643
+ "version": {
644
+ "type": "string",
645
+ "example": "1.2.0"
646
+ },
647
+ "timestamp": {
648
+ "type": "string",
649
+ "format": "date-time"
650
+ }
651
+ }
652
+ },
653
+ "MetricsResponse": {
654
+ "type": "object",
655
+ "properties": {
656
+ "uptime_seconds": {
657
+ "type": "integer"
658
+ },
659
+ "total_requests": {
660
+ "type": "integer"
661
+ },
662
+ "error_count": {
663
+ "type": "integer"
664
+ },
665
+ "error_rate": {
666
+ "type": "string",
667
+ "example": "0.5%"
668
+ },
669
+ "request_counts": {
670
+ "type": "object",
671
+ "additionalProperties": {
672
+ "type": "integer"
673
+ }
674
+ },
675
+ "timestamp": {
676
+ "type": "string",
677
+ "format": "date-time"
678
+ }
679
+ }
680
+ },
681
+ "ErrorResponse": {
682
+ "type": "object",
683
+ "properties": {
684
+ "error": {
685
+ "type": "string",
686
+ "description": "Error message"
687
+ },
688
+ "details": {
689
+ "type": "string",
690
+ "description": "Additional error details"
691
+ },
692
+ "timestamp": {
693
+ "type": "string",
694
+ "format": "date-time"
695
+ }
696
+ }
697
+ }
698
+ }
699
+ },
700
+ "tags": [
701
+ {
702
+ "name": "Capability Assessment",
703
+ "description": "Primary API endpoints for vendor capability assessment against CIS Controls"
704
+ },
705
+ {
706
+ "name": "Safeguards",
707
+ "description": "CIS Controls safeguards information and details"
708
+ },
709
+ {
710
+ "name": "Monitoring",
711
+ "description": "Health checks and performance monitoring"
712
+ }
713
+ ],
714
+ "externalDocs": {
715
+ "description": "Framework MCP GitHub Repository",
716
+ "url": "https://github.com/therealcybermattlee/FrameworkMCP"
717
+ }
718
+ }