framework-mcp 1.1.3 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/.do/app.yaml +78 -0
  2. package/COPILOT_INTEGRATION.md +335 -0
  3. package/DEPLOYMENT_GUIDE.md +335 -0
  4. package/README.md +96 -3
  5. package/RELEASE_NOTES_v1.2.0.md +396 -0
  6. package/dist/core/capability-analyzer.d.ts +29 -0
  7. package/dist/core/capability-analyzer.d.ts.map +1 -0
  8. package/dist/core/capability-analyzer.js +568 -0
  9. package/dist/core/capability-analyzer.js.map +1 -0
  10. package/dist/core/safeguard-manager.d.ts +15 -0
  11. package/dist/core/safeguard-manager.d.ts.map +1 -0
  12. package/dist/core/safeguard-manager.js +315 -0
  13. package/dist/core/safeguard-manager.js.map +1 -0
  14. package/dist/index.d.ts +4 -0
  15. package/dist/index.d.ts.map +1 -1
  16. package/dist/index.js +13 -0
  17. package/dist/index.js.map +1 -1
  18. package/dist/interfaces/http/http-server.d.ts +17 -0
  19. package/dist/interfaces/http/http-server.d.ts.map +1 -0
  20. package/dist/interfaces/http/http-server.js +285 -0
  21. package/dist/interfaces/http/http-server.js.map +1 -0
  22. package/dist/interfaces/mcp/mcp-server.d.ts +18 -0
  23. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -0
  24. package/dist/interfaces/mcp/mcp-server.js +299 -0
  25. package/dist/interfaces/mcp/mcp-server.js.map +1 -0
  26. package/dist/shared/types.d.ts +89 -0
  27. package/dist/shared/types.d.ts.map +1 -0
  28. package/dist/shared/types.js +3 -0
  29. package/dist/shared/types.js.map +1 -0
  30. package/package.json +23 -7
  31. package/src/core/capability-analyzer.ts +708 -0
  32. package/src/core/safeguard-manager.ts +339 -0
  33. package/src/index.ts +17 -0
  34. package/src/interfaces/http/http-server.ts +360 -0
  35. package/src/interfaces/mcp/mcp-server.ts +367 -0
  36. package/src/shared/types.ts +104 -0
  37. package/swagger.json +718 -0
@@ -0,0 +1,335 @@
1
+ # Framework MCP Deployment Guide
2
+
3
+ ## Dual Architecture: MCP + HTTP API
4
+
5
+ Framework MCP v1.1.3 features a **dual architecture** that solves the DigitalOcean App Services stdio vs HTTP mismatch:
6
+
7
+ - **MCP Interface**: stdio-based for Claude Code integration
8
+ - **HTTP Interface**: REST API for cloud deployment
9
+
10
+ ---
11
+
12
+ ## Local Development
13
+
14
+ ### MCP Server (stdio)
15
+ ```bash
16
+ # For Claude Code integration
17
+ npm run start:mcp
18
+
19
+ # Development with auto-rebuild
20
+ npm run dev
21
+ ```
22
+
23
+ ### HTTP Server (Express.js)
24
+ ```bash
25
+ # For web/cloud integration
26
+ npm run start:http
27
+
28
+ # Development with auto-rebuild
29
+ npm run dev:http
30
+ ```
31
+
32
+ ### Test Both Interfaces
33
+ ```bash
34
+ # Build the project
35
+ npm run build
36
+
37
+ # Test MCP interface (requires Claude Code)
38
+ npm run start:mcp
39
+
40
+ # Test HTTP interface
41
+ npm run start:http
42
+ curl http://localhost:8080/health
43
+ ```
44
+
45
+ ---
46
+
47
+ ## Cloud Deployment
48
+
49
+ ### DigitalOcean App Services
50
+
51
+ **The HTTP interface solves the stdio binding issue.**
52
+
53
+ #### 1. Deploy via GitHub Integration
54
+
55
+ 1. Push your code to GitHub
56
+ 2. In DigitalOcean Dashboard:
57
+ - Create New App
58
+ - Connect GitHub repository
59
+ - Select branch: `feature/dual-architecture-http-api`
60
+ - Use provided `.do/app.yaml` configuration
61
+
62
+ #### 2. Deploy via doctl CLI
63
+
64
+ ```bash
65
+ # Install doctl
66
+ snap install doctl
67
+
68
+ # Authenticate
69
+ doctl auth init
70
+
71
+ # Deploy app
72
+ doctl apps create .do/app.yaml
73
+ ```
74
+
75
+ #### 3. Manual Configuration
76
+
77
+ If not using app.yaml:
78
+
79
+ ```yaml
80
+ name: framework-mcp-api
81
+ services:
82
+ - name: api
83
+ run_command: npm run start:http
84
+ environment_slug: node-js
85
+ http_port: 8080
86
+ health_check:
87
+ http_path: /health
88
+ envs:
89
+ - key: NODE_ENV
90
+ value: production
91
+ ```
92
+
93
+ ### Alternative Cloud Platforms
94
+
95
+ The HTTP interface is compatible with any Node.js cloud platform:
96
+
97
+ #### Railway
98
+ ```bash
99
+ railway login
100
+ railway init
101
+ railway up
102
+ ```
103
+
104
+ #### Render
105
+ 1. Connect GitHub repository
106
+ 2. Environment: Node.js
107
+ 3. Build Command: `npm run build`
108
+ 4. Start Command: `npm run start:http`
109
+
110
+ #### AWS App Runner
111
+ 1. Source: GitHub repository
112
+ 2. Runtime: Node.js 18
113
+ 3. Build command: `npm run build`
114
+ 4. Start command: `npm run start:http`
115
+
116
+ ---
117
+
118
+ ## Environment Variables
119
+
120
+ ### Production Configuration
121
+
122
+ ```bash
123
+ # Required
124
+ NODE_ENV=production
125
+ PORT=8080
126
+
127
+ # Optional
128
+ ALLOWED_ORIGINS=https://your-domain.com,https://app.your-domain.com
129
+ ```
130
+
131
+ ### Local Development
132
+
133
+ ```bash
134
+ # Optional
135
+ NODE_ENV=development
136
+ PORT=8080
137
+ ```
138
+
139
+ ---
140
+
141
+ ## API Endpoints
142
+
143
+ ### Health Check
144
+ ```bash
145
+ GET /health
146
+ # Returns server status and metrics
147
+ ```
148
+
149
+ ### Primary Validation
150
+ ```bash
151
+ POST /api/validate-vendor-mapping
152
+ {
153
+ "vendor_name": "AssetMax Pro",
154
+ "safeguard_id": "1.1",
155
+ "claimed_capability": "full",
156
+ "supporting_text": "Comprehensive asset management..."
157
+ }
158
+ ```
159
+
160
+ ### Capability Analysis
161
+ ```bash
162
+ POST /api/analyze-vendor-response
163
+ {
164
+ "vendor_name": "VendorName",
165
+ "safeguard_id": "5.1",
166
+ "response_text": "Our identity management solution..."
167
+ }
168
+ ```
169
+
170
+ ### Safeguards
171
+ ```bash
172
+ GET /api/safeguards # List all safeguards
173
+ GET /api/safeguards/1.1 # Get safeguard details
174
+ GET /api/safeguards/1.1?include_examples=true
175
+ ```
176
+
177
+ ### Performance
178
+ ```bash
179
+ GET /api/metrics # Performance metrics
180
+ ```
181
+
182
+ ---
183
+
184
+ ## Architecture Benefits
185
+
186
+ ### HTTP Interface Advantages
187
+ - ✅ **DigitalOcean Compatible**: Uses HTTP instead of stdio
188
+ - ✅ **REST API**: Standard HTTP endpoints
189
+ - ✅ **Health Checks**: Platform monitoring support
190
+ - ✅ **CORS Enabled**: Web application integration
191
+ - ✅ **Production Ready**: Error handling, security, compression
192
+
193
+ ### MCP Interface Advantages
194
+ - ✅ **Claude Code Integration**: Native stdio communication
195
+ - ✅ **Tool Discovery**: Automatic tool registration
196
+ - ✅ **Type Safety**: Full MCP schema validation
197
+ - ✅ **Rich Responses**: Structured tool responses
198
+
199
+ ### Shared Core Benefits
200
+ - ✅ **Identical Functionality**: Both interfaces use same logic
201
+ - ✅ **Domain Validation**: Auto-downgrade protection in both
202
+ - ✅ **Performance**: 95% cache optimization in both
203
+ - ✅ **Consistency**: Same capability assessment results
204
+
205
+ ---
206
+
207
+ ## Migration Guide
208
+
209
+ ### From MCP-Only to Dual Architecture
210
+
211
+ 1. **No Breaking Changes**: Existing MCP integrations continue working
212
+ 2. **New HTTP Option**: Add cloud deployment capability
213
+ 3. **Gradual Adoption**: Choose interface based on use case
214
+
215
+ ### Use Case Guidelines
216
+
217
+ **Use MCP Interface When:**
218
+ - Integrating with Claude Code
219
+ - Local development and testing
220
+ - Tool-based LLM interactions
221
+
222
+ **Use HTTP Interface When:**
223
+ - Cloud deployment required
224
+ - Web application integration
225
+ - API-based access needed
226
+ - DigitalOcean App Services deployment
227
+
228
+ ---
229
+
230
+ ## Troubleshooting
231
+
232
+ ### Common Issues
233
+
234
+ **Build Errors**
235
+ ```bash
236
+ # Clean rebuild
237
+ rm -rf dist node_modules
238
+ npm install
239
+ npm run build
240
+ ```
241
+
242
+ **Port Conflicts**
243
+ ```bash
244
+ # Use different port
245
+ PORT=3000 npm run start:http
246
+ ```
247
+
248
+ **Health Check Failures**
249
+ - Ensure `/health` endpoint is accessible
250
+ - Check server startup logs
251
+ - Verify PORT environment variable
252
+
253
+ **CORS Issues**
254
+ ```bash
255
+ # Update allowed origins
256
+ ALLOWED_ORIGINS=https://your-domain.com npm run start:http
257
+ ```
258
+
259
+ ### DigitalOcean Specific
260
+
261
+ **App Won't Start**
262
+ - Check build logs for TypeScript errors
263
+ - Verify `npm run start:http` command works locally
264
+ - Ensure package.json scripts are correct
265
+
266
+ **Health Check Fails**
267
+ - Verify `/health` endpoint returns 200 status
268
+ - Check `http_port: 8080` configuration
269
+ - Review app startup time (may need longer initial_delay_seconds)
270
+
271
+ **Environment Variables**
272
+ - Set `NODE_ENV=production` in app configuration
273
+ - Configure `PORT=8080` if not auto-detected
274
+
275
+ ---
276
+
277
+ ## Performance Optimization
278
+
279
+ ### Production Settings
280
+ ```bash
281
+ NODE_ENV=production # Enables performance logging
282
+ ```
283
+
284
+ ### Caching
285
+ - Safeguard details: 5-minute TTL
286
+ - Safeguard lists: 10-minute TTL
287
+ - Automatic cleanup: Every 10 minutes
288
+
289
+ ### Monitoring
290
+ - Built-in performance metrics at `/api/metrics`
291
+ - Request counting and error tracking
292
+ - Execution time monitoring
293
+
294
+ ---
295
+
296
+ ## Security
297
+
298
+ ### CORS Configuration
299
+ ```javascript
300
+ // Configurable via environment
301
+ ALLOWED_ORIGINS=https://your-domain.com,https://app.your-domain.com
302
+ ```
303
+
304
+ ### Input Validation
305
+ - Request size limits (10MB)
306
+ - Text length validation (10-10,000 characters)
307
+ - Capability enum validation
308
+ - XSS prevention
309
+
310
+ ### Rate Limiting
311
+ ```javascript
312
+ // Add rate limiting middleware (optional)
313
+ npm install express-rate-limit
314
+ ```
315
+
316
+ ---
317
+
318
+ ## Success Criteria
319
+
320
+ ### HTTP Deployment Successful When:
321
+ - ✅ Health check returns 200 status
322
+ - ✅ `/api/validate-vendor-mapping` accepts POST requests
323
+ - ✅ Domain validation auto-downgrade works correctly
324
+ - ✅ All 5 capability roles determined accurately
325
+ - ✅ Performance metrics show >95% cache efficiency
326
+
327
+ ### Ready for Production When:
328
+ - ✅ Build completes without errors
329
+ - ✅ Both MCP and HTTP interfaces tested
330
+ - ✅ DigitalOcean deployment successful
331
+ - ✅ API endpoints return expected capability analysis results
332
+
333
+ ---
334
+
335
+ **🎉 Framework MCP v1.1.3 solves the DigitalOcean stdio vs HTTP architecture mismatch while preserving full MCP functionality!**
package/README.md CHANGED
@@ -34,11 +34,12 @@ The server uses the CIS Controls visual framework with color-coded categorizatio
34
34
  - **🟡 Yellow Elements**: Sub-taxonomical components
35
35
  - **⚫ Gray Elements**: Implementation suggestions and methods
36
36
 
37
- ## 🚀 Installation
37
+ ## 🚀 Installation & Deployment
38
38
 
39
39
  ### Prerequisites
40
40
  - Node.js 18+
41
- - Claude Code CLI tool
41
+ - Claude Code CLI tool (for MCP usage)
42
+ - Microsoft Copilot Studio (for custom connector usage)
42
43
 
43
44
  ### Install from npm
44
45
  ```bash
@@ -64,9 +65,32 @@ npm install
64
65
  npm run build
65
66
  ```
66
67
 
68
+ ### Cloud Deployment Options
69
+
70
+ #### Option 1: DigitalOcean App Services
71
+ ```bash
72
+ # Deploy using the included configuration
73
+ doctl apps create .do/app.yaml
74
+ ```
75
+
76
+ #### Option 2: Railway
77
+ ```bash
78
+ railway login
79
+ railway up
80
+ ```
81
+
82
+ #### Option 3: Render
83
+ Connect your GitHub repository and use:
84
+ - **Build Command**: `npm install && npm run build`
85
+ - **Start Command**: `npm run start:http`
86
+ - **Port**: 8080
87
+
88
+ #### Option 4: Microsoft Copilot Custom Connector
89
+ Deploy to any cloud platform and use the included `swagger.json` for Copilot integration.
90
+
67
91
  ## ⚙️ Configuration
68
92
 
69
- ### Claude Code Integration
93
+ ### Claude Code MCP Integration
70
94
 
71
95
  Add to your MCP configuration file (`~/.config/claude-code/mcp.json`):
72
96
 
@@ -82,9 +106,75 @@ Add to your MCP configuration file (`~/.config/claude-code/mcp.json`):
82
106
  }
83
107
  ```
84
108
 
109
+ ### Microsoft Copilot Custom Connector Setup
110
+
111
+ #### Step 1: Deploy HTTP API
112
+ Deploy the Framework MCP HTTP API to any cloud platform (DigitalOcean, Railway, Render, etc.)
113
+
114
+ #### Step 2: Create Custom Connector in Copilot Studio
115
+ 1. Open **Microsoft Copilot Studio**
116
+ 2. Navigate to **Data** → **Custom connectors**
117
+ 3. Click **+ New custom connector** → **Import from OpenAPI file**
118
+ 4. Upload the `swagger.json` file from this repository
119
+ 5. Update the **Host** field to your deployed API URL
120
+ 6. Save and test the connector
121
+
122
+ #### Step 3: Configure Connection
123
+ 1. Create a new connection using your custom connector
124
+ 2. No authentication required (public API)
125
+ 3. Test with the `/health` endpoint to verify connectivity
126
+
127
+ #### Step 4: Create Copilot Actions
128
+ In your Copilot, create actions for capability assessment:
129
+
130
+ **Primary Action - Validate Vendor Capability:**
131
+ ```
132
+ Action: Validate Vendor Mapping
133
+ Description: Validate vendor capability claims against CIS Controls with domain validation
134
+ Connector: Framework MCP Custom Connector
135
+ Operation: validateVendorMapping
136
+ Parameters:
137
+ - vendor_name: {User provided vendor name}
138
+ - safeguard_id: {CIS safeguard ID like "1.1"}
139
+ - claimed_capability: {full|partial|facilitates|governance|validates}
140
+ - supporting_text: {Vendor response text}
141
+ ```
142
+
143
+ **Secondary Action - Analyze Response:**
144
+ ```
145
+ Action: Analyze Vendor Response
146
+ Description: Determine appropriate capability role for vendor response
147
+ Connector: Framework MCP Custom Connector
148
+ Operation: analyzeVendorResponse
149
+ Parameters:
150
+ - vendor_name: {User provided vendor name}
151
+ - safeguard_id: {CIS safeguard ID}
152
+ - response_text: {Vendor response to analyze}
153
+ ```
154
+
155
+ #### Step 5: Example Copilot Prompts
156
+ Once configured, users can interact with your Copilot:
157
+
158
+ ```
159
+ "Validate this vendor capability: CrowdStrike Falcon claims FULL coverage for safeguard 1.1 with this response: 'Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets.'"
160
+
161
+ "Analyze this vendor response for safeguard 5.1: Microsoft Entra ID - 'We provide centralized identity management with automated user provisioning, role-based access controls, and integration with all major business applications.'"
162
+
163
+ "What are the requirements for CIS safeguard 6.3?"
164
+ ```
165
+
85
166
  ### Verify Installation
86
167
  ```bash
168
+ # For MCP usage
87
169
  claude-code "List available CIS Control safeguards"
170
+
171
+ # For HTTP API usage
172
+ curl https://your-api-url.com/health
173
+
174
+ # For Copilot testing
175
+ curl -X POST https://your-api-url.com/api/validate-vendor-mapping \
176
+ -H "Content-Type: application/json" \
177
+ -d '{"vendor_name":"Test Vendor","safeguard_id":"1.1","claimed_capability":"facilitates","supporting_text":"We provide supplemental asset tracking capabilities that enhance existing inventory systems."}'
88
178
  ```
89
179
 
90
180
  ## 📋 Usage Examples
@@ -393,6 +483,9 @@ npm test
393
483
  - [API Reference](docs/api-reference.md)
394
484
  - [CIS Safeguards Reference](docs/safeguards-reference.md)
395
485
  - [Example Usage](examples/example-usage.md)
486
+ - **[Microsoft Copilot Integration Guide](COPILOT_INTEGRATION.md)** - Complete setup guide for custom connectors
487
+ - [Deployment Guide](DEPLOYMENT_GUIDE.md) - Cloud deployment instructions
488
+ - [OpenAPI Specification](swagger.json) - Complete API schema for integrations
396
489
 
397
490
  ## 🐛 Troubleshooting
398
491