framework-mcp 1.2.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/COPILOT_INTEGRATION.md +335 -0
- package/README.md +96 -3
- package/dist/interfaces/http/http-server.js +3 -3
- package/dist/interfaces/mcp/mcp-server.js +3 -3
- package/package.json +9 -3
- package/src/interfaces/http/http-server.ts +3 -3
- package/src/interfaces/mcp/mcp-server.ts +3 -3
- package/swagger.json +718 -0
|
@@ -0,0 +1,335 @@
|
|
|
1
|
+
# Microsoft Copilot Integration Guide
|
|
2
|
+
|
|
3
|
+
This guide provides step-by-step instructions for integrating Framework MCP with Microsoft Copilot using custom connectors.
|
|
4
|
+
|
|
5
|
+
## Overview
|
|
6
|
+
|
|
7
|
+
Framework MCP provides a dual-architecture solution that enables both Model Context Protocol (MCP) integration with Claude Code and HTTP API integration with Microsoft Copilot. This allows security professionals to access CIS Controls capability assessment through their preferred AI platform.
|
|
8
|
+
|
|
9
|
+
## Prerequisites
|
|
10
|
+
|
|
11
|
+
- **Microsoft Copilot Studio** access (Microsoft 365 Business license or higher)
|
|
12
|
+
- **Deployed Framework MCP HTTP API** (DigitalOcean, Railway, Render, or other cloud platform)
|
|
13
|
+
- **Administrative permissions** in your Microsoft environment
|
|
14
|
+
|
|
15
|
+
## Quick Start
|
|
16
|
+
|
|
17
|
+
### 1. Deploy the HTTP API
|
|
18
|
+
|
|
19
|
+
First, deploy Framework MCP to a cloud platform. Choose one of these options:
|
|
20
|
+
|
|
21
|
+
#### Option A: DigitalOcean App Services (Recommended)
|
|
22
|
+
```bash
|
|
23
|
+
git clone https://github.com/therealcybermattlee/FrameworkMCP.git
|
|
24
|
+
cd FrameworkMCP
|
|
25
|
+
doctl apps create .do/app.yaml
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
#### Option B: Railway
|
|
29
|
+
```bash
|
|
30
|
+
railway login
|
|
31
|
+
railway up
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
#### Option C: Render
|
|
35
|
+
1. Connect your GitHub repository to Render
|
|
36
|
+
2. Use these settings:
|
|
37
|
+
- **Build Command**: `npm install && npm run build`
|
|
38
|
+
- **Start Command**: `npm run start:http`
|
|
39
|
+
- **Port**: 8080
|
|
40
|
+
|
|
41
|
+
### 2. Verify Deployment
|
|
42
|
+
|
|
43
|
+
Test your deployed API:
|
|
44
|
+
```bash
|
|
45
|
+
curl https://your-api-url.com/health
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Expected response:
|
|
49
|
+
```json
|
|
50
|
+
{
|
|
51
|
+
"status": "healthy",
|
|
52
|
+
"uptime": 1234,
|
|
53
|
+
"totalRequests": 0,
|
|
54
|
+
"errorCount": 0,
|
|
55
|
+
"version": "1.3.1",
|
|
56
|
+
"timestamp": "2025-08-21T01:00:00.000Z"
|
|
57
|
+
}
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
### 3. Create Custom Connector in Copilot Studio
|
|
61
|
+
|
|
62
|
+
1. **Open Microsoft Copilot Studio**
|
|
63
|
+
- Navigate to [https://copilotstudio.microsoft.com](https://copilotstudio.microsoft.com)
|
|
64
|
+
- Sign in with your Microsoft 365 account
|
|
65
|
+
|
|
66
|
+
2. **Access Custom Connectors**
|
|
67
|
+
- In the left navigation, click **Data**
|
|
68
|
+
- Select **Custom connectors**
|
|
69
|
+
|
|
70
|
+
3. **Import OpenAPI Specification**
|
|
71
|
+
- Click **+ New custom connector**
|
|
72
|
+
- Choose **Import from OpenAPI file**
|
|
73
|
+
- Upload the `swagger.json` file from the Framework MCP repository
|
|
74
|
+
- Click **Continue**
|
|
75
|
+
|
|
76
|
+
4. **Configure Connector Details**
|
|
77
|
+
- **Name**: Framework MCP - CIS Controls Capability Assessment
|
|
78
|
+
- **Description**: Validate vendor capability claims against CIS Controls Framework
|
|
79
|
+
- **Host**: Update to your deployed API URL (e.g., `your-app.ondigitalocean.app`)
|
|
80
|
+
- **Base URL**: `/`
|
|
81
|
+
|
|
82
|
+
5. **Review and Save**
|
|
83
|
+
- Review the imported endpoints
|
|
84
|
+
- Click **Create connector**
|
|
85
|
+
|
|
86
|
+
### 4. Test the Connection
|
|
87
|
+
|
|
88
|
+
1. **Create Test Connection**
|
|
89
|
+
- Click **Test** in your custom connector
|
|
90
|
+
- No authentication is required (public API)
|
|
91
|
+
- Click **Create connection**
|
|
92
|
+
|
|
93
|
+
2. **Test Health Endpoint**
|
|
94
|
+
- Select the `healthCheck` operation
|
|
95
|
+
- Click **Test operation**
|
|
96
|
+
- Verify you receive a 200 response with health status
|
|
97
|
+
|
|
98
|
+
### 5. Create Your Copilot
|
|
99
|
+
|
|
100
|
+
1. **Create New Copilot**
|
|
101
|
+
- Go to **Copilots** in Copilot Studio
|
|
102
|
+
- Click **+ New copilot**
|
|
103
|
+
- Choose **Conversational** type
|
|
104
|
+
- Name: "CIS Controls Capability Assessor"
|
|
105
|
+
|
|
106
|
+
2. **Add Custom Actions**
|
|
107
|
+
- In your copilot, go to **Actions**
|
|
108
|
+
- Click **+ Add action**
|
|
109
|
+
- Select **Custom connector**
|
|
110
|
+
- Choose your Framework MCP connector
|
|
111
|
+
|
|
112
|
+
## Custom Actions Configuration
|
|
113
|
+
|
|
114
|
+
### Primary Action: Validate Vendor Capability
|
|
115
|
+
|
|
116
|
+
Configure this action for evidence-based validation:
|
|
117
|
+
|
|
118
|
+
**Action Details:**
|
|
119
|
+
- **Name**: Validate Vendor Capability Mapping
|
|
120
|
+
- **Description**: Validate vendor capability claims against CIS Controls with domain validation and auto-downgrade protection
|
|
121
|
+
- **Connector**: Framework MCP Custom Connector
|
|
122
|
+
- **Operation**: `validateVendorMapping`
|
|
123
|
+
|
|
124
|
+
**Parameters:**
|
|
125
|
+
- **vendor_name** (Required): Name of the vendor/tool being analyzed
|
|
126
|
+
- **safeguard_id** (Required): CIS safeguard ID (e.g., "1.1", "5.1", "12.8")
|
|
127
|
+
- **claimed_capability** (Required): Capability role (full, partial, facilitates, governance, validates)
|
|
128
|
+
- **supporting_text** (Required): Vendor response supporting their capability claim
|
|
129
|
+
|
|
130
|
+
**Sample Input:**
|
|
131
|
+
```json
|
|
132
|
+
{
|
|
133
|
+
"vendor_name": "CrowdStrike Falcon",
|
|
134
|
+
"safeguard_id": "1.1",
|
|
135
|
+
"claimed_capability": "full",
|
|
136
|
+
"supporting_text": "Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets across the organization."
|
|
137
|
+
}
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
### Secondary Action: Analyze Vendor Response
|
|
141
|
+
|
|
142
|
+
Configure this action for capability determination:
|
|
143
|
+
|
|
144
|
+
**Action Details:**
|
|
145
|
+
- **Name**: Analyze Vendor Response
|
|
146
|
+
- **Description**: Determine appropriate capability role for vendor response text
|
|
147
|
+
- **Connector**: Framework MCP Custom Connector
|
|
148
|
+
- **Operation**: `analyzeVendorResponse`
|
|
149
|
+
|
|
150
|
+
**Parameters:**
|
|
151
|
+
- **vendor_name** (Required): Name of the vendor
|
|
152
|
+
- **safeguard_id** (Required): CIS safeguard ID
|
|
153
|
+
- **response_text** (Required): Vendor response text to analyze
|
|
154
|
+
|
|
155
|
+
### Additional Actions: Safeguard Information
|
|
156
|
+
|
|
157
|
+
**Get Safeguard Details:**
|
|
158
|
+
- **Operation**: `getSafeguardDetails`
|
|
159
|
+
- **Parameters**: safeguard_id, include_examples (optional)
|
|
160
|
+
|
|
161
|
+
**List Available Safeguards:**
|
|
162
|
+
- **Operation**: `listSafeguards`
|
|
163
|
+
- **Parameters**: None
|
|
164
|
+
|
|
165
|
+
## Example User Interactions
|
|
166
|
+
|
|
167
|
+
Once configured, users can interact with your Copilot using natural language:
|
|
168
|
+
|
|
169
|
+
### Capability Validation Examples
|
|
170
|
+
|
|
171
|
+
```
|
|
172
|
+
"Validate this vendor capability: Microsoft Defender for Endpoint claims FULL coverage for safeguard 1.1. Their response: 'Microsoft Defender provides comprehensive asset discovery, detailed hardware and software inventory, and real-time asset status monitoring across all enterprise endpoints.'"
|
|
173
|
+
|
|
174
|
+
"Check if CrowdStrike Falcon can provide PARTIAL coverage for safeguard 5.1 based on this: 'We offer centralized identity integration with detailed user account tracking and automated access reviews.'"
|
|
175
|
+
|
|
176
|
+
"Validate this FACILITATES claim: Qualys VMDR for safeguard 1.1 - 'Our vulnerability scanner enhances existing asset management by providing additional device discovery and detailed software inventory during security assessments.'"
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
### Response Analysis Examples
|
|
180
|
+
|
|
181
|
+
```
|
|
182
|
+
"Analyze this vendor response for safeguard 6.3: Okta - 'We provide comprehensive multi-factor authentication for all external applications with adaptive authentication policies, risk-based assessments, and SSO integration.'"
|
|
183
|
+
|
|
184
|
+
"What capability role should we assign to this response for safeguard 7.1: Rapid7 InsightVM - 'Our platform performs continuous vulnerability scanning, provides automated remediation guidance, and tracks patch deployment across the infrastructure.'"
|
|
185
|
+
```
|
|
186
|
+
|
|
187
|
+
### Information Requests
|
|
188
|
+
|
|
189
|
+
```
|
|
190
|
+
"What are the requirements for CIS safeguard 1.1?"
|
|
191
|
+
|
|
192
|
+
"Show me all available CIS safeguards in the inventory domain."
|
|
193
|
+
|
|
194
|
+
"What's the difference between FULL and PARTIAL capability roles?"
|
|
195
|
+
```
|
|
196
|
+
|
|
197
|
+
## Advanced Configuration
|
|
198
|
+
|
|
199
|
+
### Custom Prompts and Instructions
|
|
200
|
+
|
|
201
|
+
Add these instructions to your Copilot's system message:
|
|
202
|
+
|
|
203
|
+
```
|
|
204
|
+
You are a CIS Controls capability assessment expert. You help security professionals evaluate vendor tool capabilities against specific CIS Control safeguards.
|
|
205
|
+
|
|
206
|
+
Key Principles:
|
|
207
|
+
1. Use validate_vendor_mapping for evidence-based validation of capability claims
|
|
208
|
+
2. Use analyze_vendor_response when the capability role is unknown
|
|
209
|
+
3. Always explain the 5 capability roles: FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES
|
|
210
|
+
4. Highlight domain validation results and auto-downgrade protection
|
|
211
|
+
5. Provide actionable recommendations for capability improvements
|
|
212
|
+
|
|
213
|
+
When users provide vendor responses:
|
|
214
|
+
1. Ask for the specific CIS safeguard ID if not provided
|
|
215
|
+
2. Determine if they want validation (they have a claimed capability) or analysis (no claimed capability)
|
|
216
|
+
3. Use the appropriate action and explain the results in plain language
|
|
217
|
+
4. Highlight any domain mismatches or auto-downgrades that occurred
|
|
218
|
+
```
|
|
219
|
+
|
|
220
|
+
### Environment Variables
|
|
221
|
+
|
|
222
|
+
If deploying with authentication or custom configuration:
|
|
223
|
+
|
|
224
|
+
```bash
|
|
225
|
+
# Optional environment variables for your deployed API
|
|
226
|
+
NODE_ENV=production
|
|
227
|
+
PORT=8080
|
|
228
|
+
ALLOWED_ORIGINS=https://copilotstudio.microsoft.com,https://your-domain.com
|
|
229
|
+
```
|
|
230
|
+
|
|
231
|
+
### Rate Limiting and Monitoring
|
|
232
|
+
|
|
233
|
+
Monitor your API usage through the `/api/metrics` endpoint:
|
|
234
|
+
|
|
235
|
+
```bash
|
|
236
|
+
curl https://your-api-url.com/api/metrics
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
Response includes:
|
|
240
|
+
- Request counts by endpoint
|
|
241
|
+
- Error rates
|
|
242
|
+
- Uptime statistics
|
|
243
|
+
- Performance metrics
|
|
244
|
+
|
|
245
|
+
## Troubleshooting
|
|
246
|
+
|
|
247
|
+
### Common Issues
|
|
248
|
+
|
|
249
|
+
**Connection Failed:**
|
|
250
|
+
- Verify your API URL is accessible publicly
|
|
251
|
+
- Check that the `/health` endpoint returns 200
|
|
252
|
+
- Ensure no authentication is required
|
|
253
|
+
|
|
254
|
+
**Operations Not Working:**
|
|
255
|
+
- Verify the `swagger.json` was imported correctly
|
|
256
|
+
- Check that operation IDs match: `validateVendorMapping`, `analyzeVendorResponse`, etc.
|
|
257
|
+
- Test operations individually in the connector test interface
|
|
258
|
+
|
|
259
|
+
**Invalid Responses:**
|
|
260
|
+
- Check request body format matches the schema
|
|
261
|
+
- Verify required fields are provided
|
|
262
|
+
- Review API error messages for validation details
|
|
263
|
+
|
|
264
|
+
**Performance Issues:**
|
|
265
|
+
- Monitor the `/api/metrics` endpoint for high error rates
|
|
266
|
+
- Consider upgrading your cloud deployment plan
|
|
267
|
+
- Check network connectivity from Microsoft's servers
|
|
268
|
+
|
|
269
|
+
### Testing Checklist
|
|
270
|
+
|
|
271
|
+
Before going live, test these scenarios:
|
|
272
|
+
|
|
273
|
+
- [ ] Health check endpoint responds correctly
|
|
274
|
+
- [ ] Validate vendor mapping with FULL claim (domain match)
|
|
275
|
+
- [ ] Validate vendor mapping with FULL claim (domain mismatch - should auto-downgrade)
|
|
276
|
+
- [ ] Analyze vendor response for capability determination
|
|
277
|
+
- [ ] Get safeguard details for a specific safeguard
|
|
278
|
+
- [ ] List all available safeguards
|
|
279
|
+
- [ ] Handle invalid inputs gracefully
|
|
280
|
+
|
|
281
|
+
### Support Resources
|
|
282
|
+
|
|
283
|
+
- **Framework MCP Issues**: [GitHub Issues](https://github.com/therealcybermattlee/FrameworkMCP/issues)
|
|
284
|
+
- **Microsoft Copilot Studio Docs**: [Microsoft Documentation](https://docs.microsoft.com/en-us/microsoft-copilot-studio/)
|
|
285
|
+
- **OpenAPI Connector Guide**: [Custom Connectors in Copilot Studio](https://docs.microsoft.com/en-us/connectors/custom-connectors/)
|
|
286
|
+
|
|
287
|
+
## Best Practices
|
|
288
|
+
|
|
289
|
+
### Security Considerations
|
|
290
|
+
|
|
291
|
+
1. **Deploy with HTTPS**: Always use HTTPS for production deployments
|
|
292
|
+
2. **Monitor Usage**: Regularly check the `/api/metrics` endpoint
|
|
293
|
+
3. **Rate Limiting**: Consider implementing rate limiting for high-traffic scenarios
|
|
294
|
+
4. **Access Logs**: Enable logging in production for audit trails
|
|
295
|
+
|
|
296
|
+
### Performance Optimization
|
|
297
|
+
|
|
298
|
+
1. **CDN**: Consider using a CDN for global deployments
|
|
299
|
+
2. **Caching**: The API includes intelligent caching for repeated requests
|
|
300
|
+
3. **Scaling**: Use cloud platform auto-scaling for high demand
|
|
301
|
+
4. **Monitoring**: Set up health check monitoring with your cloud provider
|
|
302
|
+
|
|
303
|
+
### User Experience
|
|
304
|
+
|
|
305
|
+
1. **Clear Instructions**: Provide users with example prompts
|
|
306
|
+
2. **Error Handling**: Explain what to do when validation fails
|
|
307
|
+
3. **Capability Education**: Help users understand the 5 capability roles
|
|
308
|
+
4. **Domain Validation**: Explain why auto-downgrades occur
|
|
309
|
+
|
|
310
|
+
## Success Metrics
|
|
311
|
+
|
|
312
|
+
Track these metrics to measure integration success:
|
|
313
|
+
|
|
314
|
+
- **Request Volume**: Total API calls per day/week
|
|
315
|
+
- **Error Rate**: Percentage of failed requests (target: <5%)
|
|
316
|
+
- **Response Time**: Average API response time (target: <500ms)
|
|
317
|
+
- **User Satisfaction**: Feedback on capability assessment accuracy
|
|
318
|
+
- **Coverage**: Number of unique safeguards being assessed
|
|
319
|
+
|
|
320
|
+
## Next Steps
|
|
321
|
+
|
|
322
|
+
After successful integration:
|
|
323
|
+
|
|
324
|
+
1. **Train Users**: Provide training on the 5 capability roles and domain validation
|
|
325
|
+
2. **Create Templates**: Develop standard prompts for common assessment scenarios
|
|
326
|
+
3. **Integration Workflows**: Connect with existing GRC tools and processes
|
|
327
|
+
4. **Feedback Loop**: Collect user feedback for continuous improvement
|
|
328
|
+
5. **Scale Usage**: Expand to additional teams and use cases
|
|
329
|
+
|
|
330
|
+
---
|
|
331
|
+
|
|
332
|
+
**Questions or Issues?**
|
|
333
|
+
- 📧 Create an issue: [GitHub Issues](https://github.com/therealcybermattlee/FrameworkMCP/issues)
|
|
334
|
+
- 💬 Start a discussion: [GitHub Discussions](https://github.com/therealcybermattlee/FrameworkMCP/discussions)
|
|
335
|
+
- 🐦 Follow updates: [@cybermattlee](https://twitter.com/cybermattlee)
|
package/README.md
CHANGED
|
@@ -34,11 +34,12 @@ The server uses the CIS Controls visual framework with color-coded categorizatio
|
|
|
34
34
|
- **🟡 Yellow Elements**: Sub-taxonomical components
|
|
35
35
|
- **⚫ Gray Elements**: Implementation suggestions and methods
|
|
36
36
|
|
|
37
|
-
## 🚀 Installation
|
|
37
|
+
## 🚀 Installation & Deployment
|
|
38
38
|
|
|
39
39
|
### Prerequisites
|
|
40
40
|
- Node.js 18+
|
|
41
|
-
- Claude Code CLI tool
|
|
41
|
+
- Claude Code CLI tool (for MCP usage)
|
|
42
|
+
- Microsoft Copilot Studio (for custom connector usage)
|
|
42
43
|
|
|
43
44
|
### Install from npm
|
|
44
45
|
```bash
|
|
@@ -64,9 +65,32 @@ npm install
|
|
|
64
65
|
npm run build
|
|
65
66
|
```
|
|
66
67
|
|
|
68
|
+
### Cloud Deployment Options
|
|
69
|
+
|
|
70
|
+
#### Option 1: DigitalOcean App Services
|
|
71
|
+
```bash
|
|
72
|
+
# Deploy using the included configuration
|
|
73
|
+
doctl apps create .do/app.yaml
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
#### Option 2: Railway
|
|
77
|
+
```bash
|
|
78
|
+
railway login
|
|
79
|
+
railway up
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
#### Option 3: Render
|
|
83
|
+
Connect your GitHub repository and use:
|
|
84
|
+
- **Build Command**: `npm install && npm run build`
|
|
85
|
+
- **Start Command**: `npm run start:http`
|
|
86
|
+
- **Port**: 8080
|
|
87
|
+
|
|
88
|
+
#### Option 4: Microsoft Copilot Custom Connector
|
|
89
|
+
Deploy to any cloud platform and use the included `swagger.json` for Copilot integration.
|
|
90
|
+
|
|
67
91
|
## ⚙️ Configuration
|
|
68
92
|
|
|
69
|
-
### Claude Code Integration
|
|
93
|
+
### Claude Code MCP Integration
|
|
70
94
|
|
|
71
95
|
Add to your MCP configuration file (`~/.config/claude-code/mcp.json`):
|
|
72
96
|
|
|
@@ -82,9 +106,75 @@ Add to your MCP configuration file (`~/.config/claude-code/mcp.json`):
|
|
|
82
106
|
}
|
|
83
107
|
```
|
|
84
108
|
|
|
109
|
+
### Microsoft Copilot Custom Connector Setup
|
|
110
|
+
|
|
111
|
+
#### Step 1: Deploy HTTP API
|
|
112
|
+
Deploy the Framework MCP HTTP API to any cloud platform (DigitalOcean, Railway, Render, etc.)
|
|
113
|
+
|
|
114
|
+
#### Step 2: Create Custom Connector in Copilot Studio
|
|
115
|
+
1. Open **Microsoft Copilot Studio**
|
|
116
|
+
2. Navigate to **Data** → **Custom connectors**
|
|
117
|
+
3. Click **+ New custom connector** → **Import from OpenAPI file**
|
|
118
|
+
4. Upload the `swagger.json` file from this repository
|
|
119
|
+
5. Update the **Host** field to your deployed API URL
|
|
120
|
+
6. Save and test the connector
|
|
121
|
+
|
|
122
|
+
#### Step 3: Configure Connection
|
|
123
|
+
1. Create a new connection using your custom connector
|
|
124
|
+
2. No authentication required (public API)
|
|
125
|
+
3. Test with the `/health` endpoint to verify connectivity
|
|
126
|
+
|
|
127
|
+
#### Step 4: Create Copilot Actions
|
|
128
|
+
In your Copilot, create actions for capability assessment:
|
|
129
|
+
|
|
130
|
+
**Primary Action - Validate Vendor Capability:**
|
|
131
|
+
```
|
|
132
|
+
Action: Validate Vendor Mapping
|
|
133
|
+
Description: Validate vendor capability claims against CIS Controls with domain validation
|
|
134
|
+
Connector: Framework MCP Custom Connector
|
|
135
|
+
Operation: validateVendorMapping
|
|
136
|
+
Parameters:
|
|
137
|
+
- vendor_name: {User provided vendor name}
|
|
138
|
+
- safeguard_id: {CIS safeguard ID like "1.1"}
|
|
139
|
+
- claimed_capability: {full|partial|facilitates|governance|validates}
|
|
140
|
+
- supporting_text: {Vendor response text}
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
**Secondary Action - Analyze Response:**
|
|
144
|
+
```
|
|
145
|
+
Action: Analyze Vendor Response
|
|
146
|
+
Description: Determine appropriate capability role for vendor response
|
|
147
|
+
Connector: Framework MCP Custom Connector
|
|
148
|
+
Operation: analyzeVendorResponse
|
|
149
|
+
Parameters:
|
|
150
|
+
- vendor_name: {User provided vendor name}
|
|
151
|
+
- safeguard_id: {CIS safeguard ID}
|
|
152
|
+
- response_text: {Vendor response to analyze}
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
#### Step 5: Example Copilot Prompts
|
|
156
|
+
Once configured, users can interact with your Copilot:
|
|
157
|
+
|
|
158
|
+
```
|
|
159
|
+
"Validate this vendor capability: CrowdStrike Falcon claims FULL coverage for safeguard 1.1 with this response: 'Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets.'"
|
|
160
|
+
|
|
161
|
+
"Analyze this vendor response for safeguard 5.1: Microsoft Entra ID - 'We provide centralized identity management with automated user provisioning, role-based access controls, and integration with all major business applications.'"
|
|
162
|
+
|
|
163
|
+
"What are the requirements for CIS safeguard 6.3?"
|
|
164
|
+
```
|
|
165
|
+
|
|
85
166
|
### Verify Installation
|
|
86
167
|
```bash
|
|
168
|
+
# For MCP usage
|
|
87
169
|
claude-code "List available CIS Control safeguards"
|
|
170
|
+
|
|
171
|
+
# For HTTP API usage
|
|
172
|
+
curl https://your-api-url.com/health
|
|
173
|
+
|
|
174
|
+
# For Copilot testing
|
|
175
|
+
curl -X POST https://your-api-url.com/api/validate-vendor-mapping \
|
|
176
|
+
-H "Content-Type: application/json" \
|
|
177
|
+
-d '{"vendor_name":"Test Vendor","safeguard_id":"1.1","claimed_capability":"facilitates","supporting_text":"We provide supplemental asset tracking capabilities that enhance existing inventory systems."}'
|
|
88
178
|
```
|
|
89
179
|
|
|
90
180
|
## 📋 Usage Examples
|
|
@@ -393,6 +483,9 @@ npm test
|
|
|
393
483
|
- [API Reference](docs/api-reference.md)
|
|
394
484
|
- [CIS Safeguards Reference](docs/safeguards-reference.md)
|
|
395
485
|
- [Example Usage](examples/example-usage.md)
|
|
486
|
+
- **[Microsoft Copilot Integration Guide](COPILOT_INTEGRATION.md)** - Complete setup guide for custom connectors
|
|
487
|
+
- [Deployment Guide](DEPLOYMENT_GUIDE.md) - Cloud deployment instructions
|
|
488
|
+
- [OpenAPI Specification](swagger.json) - Complete API schema for integrations
|
|
396
489
|
|
|
397
490
|
## 🐛 Troubleshooting
|
|
398
491
|
|
|
@@ -55,7 +55,7 @@ export class FrameworkHttpServer {
|
|
|
55
55
|
uptime: Math.round((Date.now() - metrics.uptime) / 1000),
|
|
56
56
|
totalRequests: metrics.totalRequests,
|
|
57
57
|
errorCount: metrics.errorCount,
|
|
58
|
-
version: '1.
|
|
58
|
+
version: '1.3.1',
|
|
59
59
|
timestamp: new Date().toISOString()
|
|
60
60
|
});
|
|
61
61
|
});
|
|
@@ -181,7 +181,7 @@ export class FrameworkHttpServer {
|
|
|
181
181
|
this.app.get('/api', (req, res) => {
|
|
182
182
|
res.json({
|
|
183
183
|
name: 'Framework MCP HTTP API',
|
|
184
|
-
version: '1.
|
|
184
|
+
version: '1.3.1',
|
|
185
185
|
description: 'Dual-architecture HTTP API for vendor capability assessment against CIS Controls Framework',
|
|
186
186
|
endpoints: {
|
|
187
187
|
'POST /api/validate-vendor-mapping': 'Primary capability validation with domain validation',
|
|
@@ -259,7 +259,7 @@ export class FrameworkHttpServer {
|
|
|
259
259
|
}
|
|
260
260
|
start() {
|
|
261
261
|
this.app.listen(this.port, '0.0.0.0', () => {
|
|
262
|
-
console.log(`🚀 Framework MCP HTTP Server v1.
|
|
262
|
+
console.log(`🚀 Framework MCP HTTP Server v1.3.1 running on port ${this.port}`);
|
|
263
263
|
console.log(`📊 Health check: http://localhost:${this.port}/health`);
|
|
264
264
|
console.log(`📖 API docs: http://localhost:${this.port}/api`);
|
|
265
265
|
console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
|
|
@@ -8,7 +8,7 @@ export class FrameworkMcpServer {
|
|
|
8
8
|
constructor() {
|
|
9
9
|
this.server = new Server({
|
|
10
10
|
name: 'framework-analyzer',
|
|
11
|
-
version: '1.
|
|
11
|
+
version: '1.3.1',
|
|
12
12
|
});
|
|
13
13
|
this.capabilityAnalyzer = new CapabilityAnalyzer();
|
|
14
14
|
this.safeguardManager = new SafeguardManager();
|
|
@@ -245,7 +245,7 @@ export class FrameworkMcpServer {
|
|
|
245
245
|
safeguards,
|
|
246
246
|
total: safeguards.length,
|
|
247
247
|
framework: 'CIS Controls v8.1',
|
|
248
|
-
version: '1.
|
|
248
|
+
version: '1.3.1'
|
|
249
249
|
}, null, 2),
|
|
250
250
|
},
|
|
251
251
|
],
|
|
@@ -287,7 +287,7 @@ export class FrameworkMcpServer {
|
|
|
287
287
|
async run() {
|
|
288
288
|
const transport = new StdioServerTransport();
|
|
289
289
|
await this.server.connect(transport);
|
|
290
|
-
console.error('🤖 Framework MCP Server v1.
|
|
290
|
+
console.error('🤖 Framework MCP Server v1.3.1 running via stdio');
|
|
291
291
|
console.error('📊 Capability assessment with domain validation enabled');
|
|
292
292
|
}
|
|
293
293
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "framework-mcp",
|
|
3
|
-
"version": "1.
|
|
4
|
-
"description": "Dual-architecture server (MCP + HTTP API) for determining vendor tool capability roles against CIS Controls Framework with intelligent domain validation. DigitalOcean App Services
|
|
3
|
+
"version": "1.3.1",
|
|
4
|
+
"description": "Dual-architecture server (MCP + HTTP API) for determining vendor tool capability roles against CIS Controls Framework with intelligent domain validation. Supports Microsoft Copilot custom connectors and DigitalOcean App Services deployment.",
|
|
5
5
|
"main": "dist/interfaces/http/http-server.js",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"scripts": {
|
|
@@ -41,7 +41,13 @@
|
|
|
41
41
|
"vendor-analysis",
|
|
42
42
|
"capability-assessment",
|
|
43
43
|
"cybersecurity",
|
|
44
|
-
"framework"
|
|
44
|
+
"framework",
|
|
45
|
+
"microsoft-copilot",
|
|
46
|
+
"openapi",
|
|
47
|
+
"swagger",
|
|
48
|
+
"custom-connector",
|
|
49
|
+
"http-api",
|
|
50
|
+
"cloud-deployment"
|
|
45
51
|
],
|
|
46
52
|
"author": "Matt Lee <cybermattlee@gmail.com> (https://github.com/therealcybermattlee)",
|
|
47
53
|
"license": "CC-BY-4.0",
|
|
@@ -74,7 +74,7 @@ export class FrameworkHttpServer {
|
|
|
74
74
|
uptime: Math.round((Date.now() - metrics.uptime) / 1000),
|
|
75
75
|
totalRequests: metrics.totalRequests,
|
|
76
76
|
errorCount: metrics.errorCount,
|
|
77
|
-
version: '1.
|
|
77
|
+
version: '1.3.1',
|
|
78
78
|
timestamp: new Date().toISOString()
|
|
79
79
|
});
|
|
80
80
|
});
|
|
@@ -235,7 +235,7 @@ export class FrameworkHttpServer {
|
|
|
235
235
|
this.app.get('/api', (req, res) => {
|
|
236
236
|
res.json({
|
|
237
237
|
name: 'Framework MCP HTTP API',
|
|
238
|
-
version: '1.
|
|
238
|
+
version: '1.3.1',
|
|
239
239
|
description: 'Dual-architecture HTTP API for vendor capability assessment against CIS Controls Framework',
|
|
240
240
|
endpoints: {
|
|
241
241
|
'POST /api/validate-vendor-mapping': 'Primary capability validation with domain validation',
|
|
@@ -332,7 +332,7 @@ export class FrameworkHttpServer {
|
|
|
332
332
|
|
|
333
333
|
public start(): void {
|
|
334
334
|
this.app.listen(this.port, '0.0.0.0', () => {
|
|
335
|
-
console.log(`🚀 Framework MCP HTTP Server v1.
|
|
335
|
+
console.log(`🚀 Framework MCP HTTP Server v1.3.1 running on port ${this.port}`);
|
|
336
336
|
console.log(`📊 Health check: http://localhost:${this.port}/health`);
|
|
337
337
|
console.log(`📖 API docs: http://localhost:${this.port}/api`);
|
|
338
338
|
console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
|
|
@@ -20,7 +20,7 @@ export class FrameworkMcpServer {
|
|
|
20
20
|
this.server = new Server(
|
|
21
21
|
{
|
|
22
22
|
name: 'framework-analyzer',
|
|
23
|
-
version: '1.
|
|
23
|
+
version: '1.3.1',
|
|
24
24
|
}
|
|
25
25
|
);
|
|
26
26
|
|
|
@@ -301,7 +301,7 @@ export class FrameworkMcpServer {
|
|
|
301
301
|
safeguards,
|
|
302
302
|
total: safeguards.length,
|
|
303
303
|
framework: 'CIS Controls v8.1',
|
|
304
|
-
version: '1.
|
|
304
|
+
version: '1.3.1'
|
|
305
305
|
}, null, 2),
|
|
306
306
|
},
|
|
307
307
|
],
|
|
@@ -355,7 +355,7 @@ export class FrameworkMcpServer {
|
|
|
355
355
|
const transport = new StdioServerTransport();
|
|
356
356
|
await this.server.connect(transport);
|
|
357
357
|
|
|
358
|
-
console.error('🤖 Framework MCP Server v1.
|
|
358
|
+
console.error('🤖 Framework MCP Server v1.3.1 running via stdio');
|
|
359
359
|
console.error('📊 Capability assessment with domain validation enabled');
|
|
360
360
|
}
|
|
361
361
|
}
|
package/swagger.json
ADDED
|
@@ -0,0 +1,718 @@
|
|
|
1
|
+
{
|
|
2
|
+
"openapi": "3.0.3",
|
|
3
|
+
"info": {
|
|
4
|
+
"title": "Framework MCP API - CIS Controls Capability Assessment",
|
|
5
|
+
"description": "Microsoft Copilot-compatible API for vendor capability assessment against CIS Controls Framework. Determines vendor tool roles (FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES) with domain validation and auto-downgrade protection.",
|
|
6
|
+
"version": "1.3.1",
|
|
7
|
+
"contact": {
|
|
8
|
+
"name": "Framework MCP Support",
|
|
9
|
+
"url": "https://github.com/therealcybermattlee/FrameworkMCP"
|
|
10
|
+
},
|
|
11
|
+
"license": {
|
|
12
|
+
"name": "MIT",
|
|
13
|
+
"url": "https://opensource.org/licenses/MIT"
|
|
14
|
+
}
|
|
15
|
+
},
|
|
16
|
+
"servers": [
|
|
17
|
+
{
|
|
18
|
+
"url": "https://your-deployment.ondigitalocean.app",
|
|
19
|
+
"description": "Production DigitalOcean App Services deployment"
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"url": "http://localhost:8080",
|
|
23
|
+
"description": "Local development server"
|
|
24
|
+
}
|
|
25
|
+
],
|
|
26
|
+
"paths": {
|
|
27
|
+
"/health": {
|
|
28
|
+
"get": {
|
|
29
|
+
"summary": "Health Check",
|
|
30
|
+
"description": "Check API health status and performance metrics",
|
|
31
|
+
"operationId": "healthCheck",
|
|
32
|
+
"tags": ["Monitoring"],
|
|
33
|
+
"responses": {
|
|
34
|
+
"200": {
|
|
35
|
+
"description": "Service is healthy",
|
|
36
|
+
"content": {
|
|
37
|
+
"application/json": {
|
|
38
|
+
"schema": {
|
|
39
|
+
"$ref": "#/components/schemas/HealthResponse"
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
},
|
|
47
|
+
"/api/validate-vendor-mapping": {
|
|
48
|
+
"post": {
|
|
49
|
+
"summary": "Validate Vendor Capability Mapping (PRIMARY)",
|
|
50
|
+
"description": "Primary endpoint for validating vendor capability claims against CIS safeguards with domain validation and auto-downgrade protection. Use this for evidence-based capability assessment.",
|
|
51
|
+
"operationId": "validateVendorMapping",
|
|
52
|
+
"tags": ["Capability Assessment"],
|
|
53
|
+
"requestBody": {
|
|
54
|
+
"required": true,
|
|
55
|
+
"content": {
|
|
56
|
+
"application/json": {
|
|
57
|
+
"schema": {
|
|
58
|
+
"$ref": "#/components/schemas/VendorMappingRequest"
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
},
|
|
63
|
+
"responses": {
|
|
64
|
+
"200": {
|
|
65
|
+
"description": "Validation completed successfully",
|
|
66
|
+
"content": {
|
|
67
|
+
"application/json": {
|
|
68
|
+
"schema": {
|
|
69
|
+
"$ref": "#/components/schemas/ValidationResponse"
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
},
|
|
74
|
+
"400": {
|
|
75
|
+
"description": "Invalid request parameters",
|
|
76
|
+
"content": {
|
|
77
|
+
"application/json": {
|
|
78
|
+
"schema": {
|
|
79
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
},
|
|
84
|
+
"404": {
|
|
85
|
+
"description": "Safeguard not found",
|
|
86
|
+
"content": {
|
|
87
|
+
"application/json": {
|
|
88
|
+
"schema": {
|
|
89
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
},
|
|
97
|
+
"/api/analyze-vendor-response": {
|
|
98
|
+
"post": {
|
|
99
|
+
"summary": "Analyze Vendor Response",
|
|
100
|
+
"description": "Analyze vendor response text to determine appropriate capability role with domain validation",
|
|
101
|
+
"operationId": "analyzeVendorResponse",
|
|
102
|
+
"tags": ["Capability Assessment"],
|
|
103
|
+
"requestBody": {
|
|
104
|
+
"required": true,
|
|
105
|
+
"content": {
|
|
106
|
+
"application/json": {
|
|
107
|
+
"schema": {
|
|
108
|
+
"$ref": "#/components/schemas/AnalysisRequest"
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
},
|
|
113
|
+
"responses": {
|
|
114
|
+
"200": {
|
|
115
|
+
"description": "Analysis completed successfully",
|
|
116
|
+
"content": {
|
|
117
|
+
"application/json": {
|
|
118
|
+
"schema": {
|
|
119
|
+
"$ref": "#/components/schemas/AnalysisResponse"
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
},
|
|
124
|
+
"400": {
|
|
125
|
+
"description": "Invalid request parameters",
|
|
126
|
+
"content": {
|
|
127
|
+
"application/json": {
|
|
128
|
+
"schema": {
|
|
129
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
},
|
|
134
|
+
"404": {
|
|
135
|
+
"description": "Safeguard not found",
|
|
136
|
+
"content": {
|
|
137
|
+
"application/json": {
|
|
138
|
+
"schema": {
|
|
139
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
},
|
|
147
|
+
"/api/validate-coverage-claim": {
|
|
148
|
+
"post": {
|
|
149
|
+
"summary": "Validate Coverage Claim",
|
|
150
|
+
"description": "Validate specific FULL or PARTIAL capability claims with supporting evidence",
|
|
151
|
+
"operationId": "validateCoverageClaim",
|
|
152
|
+
"tags": ["Capability Assessment"],
|
|
153
|
+
"requestBody": {
|
|
154
|
+
"required": true,
|
|
155
|
+
"content": {
|
|
156
|
+
"application/json": {
|
|
157
|
+
"schema": {
|
|
158
|
+
"$ref": "#/components/schemas/CoverageClaimRequest"
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
},
|
|
163
|
+
"responses": {
|
|
164
|
+
"200": {
|
|
165
|
+
"description": "Coverage claim validation completed",
|
|
166
|
+
"content": {
|
|
167
|
+
"application/json": {
|
|
168
|
+
"schema": {
|
|
169
|
+
"$ref": "#/components/schemas/ValidationResponse"
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
},
|
|
174
|
+
"400": {
|
|
175
|
+
"description": "Invalid request parameters",
|
|
176
|
+
"content": {
|
|
177
|
+
"application/json": {
|
|
178
|
+
"schema": {
|
|
179
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
},
|
|
184
|
+
"404": {
|
|
185
|
+
"description": "Safeguard not found",
|
|
186
|
+
"content": {
|
|
187
|
+
"application/json": {
|
|
188
|
+
"schema": {
|
|
189
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
},
|
|
197
|
+
"/api/safeguards": {
|
|
198
|
+
"get": {
|
|
199
|
+
"summary": "List Available Safeguards",
|
|
200
|
+
"description": "Get a list of all available CIS Controls v8.1 safeguards (153 total)",
|
|
201
|
+
"operationId": "listSafeguards",
|
|
202
|
+
"tags": ["Safeguards"],
|
|
203
|
+
"responses": {
|
|
204
|
+
"200": {
|
|
205
|
+
"description": "List of available safeguards",
|
|
206
|
+
"content": {
|
|
207
|
+
"application/json": {
|
|
208
|
+
"schema": {
|
|
209
|
+
"$ref": "#/components/schemas/SafeguardListResponse"
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
},
|
|
217
|
+
"/api/safeguards/{safeguardId}": {
|
|
218
|
+
"get": {
|
|
219
|
+
"summary": "Get Safeguard Details",
|
|
220
|
+
"description": "Get detailed information about a specific CIS safeguard including governance elements, core requirements, and implementation suggestions",
|
|
221
|
+
"operationId": "getSafeguardDetails",
|
|
222
|
+
"tags": ["Safeguards"],
|
|
223
|
+
"parameters": [
|
|
224
|
+
{
|
|
225
|
+
"name": "safeguardId",
|
|
226
|
+
"in": "path",
|
|
227
|
+
"required": true,
|
|
228
|
+
"description": "CIS safeguard ID (e.g., '1.1', '5.1', '12.8')",
|
|
229
|
+
"schema": {
|
|
230
|
+
"type": "string",
|
|
231
|
+
"pattern": "^[0-9]+\\.[0-9]+$",
|
|
232
|
+
"example": "1.1"
|
|
233
|
+
}
|
|
234
|
+
},
|
|
235
|
+
{
|
|
236
|
+
"name": "include_examples",
|
|
237
|
+
"in": "query",
|
|
238
|
+
"required": false,
|
|
239
|
+
"description": "Include implementation examples in response",
|
|
240
|
+
"schema": {
|
|
241
|
+
"type": "boolean",
|
|
242
|
+
"default": false
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
],
|
|
246
|
+
"responses": {
|
|
247
|
+
"200": {
|
|
248
|
+
"description": "Safeguard details retrieved successfully",
|
|
249
|
+
"content": {
|
|
250
|
+
"application/json": {
|
|
251
|
+
"schema": {
|
|
252
|
+
"$ref": "#/components/schemas/SafeguardDetails"
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
}
|
|
256
|
+
},
|
|
257
|
+
"400": {
|
|
258
|
+
"description": "Invalid safeguard ID format",
|
|
259
|
+
"content": {
|
|
260
|
+
"application/json": {
|
|
261
|
+
"schema": {
|
|
262
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
263
|
+
}
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
},
|
|
267
|
+
"404": {
|
|
268
|
+
"description": "Safeguard not found",
|
|
269
|
+
"content": {
|
|
270
|
+
"application/json": {
|
|
271
|
+
"schema": {
|
|
272
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
},
|
|
280
|
+
"/api/metrics": {
|
|
281
|
+
"get": {
|
|
282
|
+
"summary": "Performance Metrics",
|
|
283
|
+
"description": "Get API performance metrics and usage statistics",
|
|
284
|
+
"operationId": "getMetrics",
|
|
285
|
+
"tags": ["Monitoring"],
|
|
286
|
+
"responses": {
|
|
287
|
+
"200": {
|
|
288
|
+
"description": "Performance metrics",
|
|
289
|
+
"content": {
|
|
290
|
+
"application/json": {
|
|
291
|
+
"schema": {
|
|
292
|
+
"$ref": "#/components/schemas/MetricsResponse"
|
|
293
|
+
}
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
}
|
|
297
|
+
}
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
},
|
|
301
|
+
"components": {
|
|
302
|
+
"schemas": {
|
|
303
|
+
"CapabilityRole": {
|
|
304
|
+
"type": "string",
|
|
305
|
+
"enum": ["full", "partial", "facilitates", "governance", "validates"],
|
|
306
|
+
"description": "Vendor tool capability roles:\n- FULL: Complete implementation of safeguard (requires domain-appropriate tool)\n- PARTIAL: Limited scope implementation (requires domain-appropriate tool)\n- FACILITATES: Enhancement capabilities (no tool type restrictions)\n- GOVERNANCE: Policy/process management (no tool type restrictions)\n- VALIDATES: Evidence collection and reporting (no tool type restrictions)"
|
|
307
|
+
},
|
|
308
|
+
"VendorMappingRequest": {
|
|
309
|
+
"type": "object",
|
|
310
|
+
"required": ["vendor_name", "safeguard_id", "claimed_capability", "supporting_text"],
|
|
311
|
+
"properties": {
|
|
312
|
+
"vendor_name": {
|
|
313
|
+
"type": "string",
|
|
314
|
+
"description": "Name of the vendor or tool being analyzed",
|
|
315
|
+
"minLength": 1,
|
|
316
|
+
"maxLength": 100,
|
|
317
|
+
"example": "CrowdStrike Falcon"
|
|
318
|
+
},
|
|
319
|
+
"safeguard_id": {
|
|
320
|
+
"type": "string",
|
|
321
|
+
"pattern": "^[0-9]+\\.[0-9]+$",
|
|
322
|
+
"description": "CIS safeguard ID (format: X.Y)",
|
|
323
|
+
"example": "1.1"
|
|
324
|
+
},
|
|
325
|
+
"claimed_capability": {
|
|
326
|
+
"$ref": "#/components/schemas/CapabilityRole"
|
|
327
|
+
},
|
|
328
|
+
"supporting_text": {
|
|
329
|
+
"type": "string",
|
|
330
|
+
"description": "Vendor response or documentation supporting their capability claim",
|
|
331
|
+
"minLength": 10,
|
|
332
|
+
"maxLength": 10000,
|
|
333
|
+
"example": "Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets across the organization."
|
|
334
|
+
}
|
|
335
|
+
}
|
|
336
|
+
},
|
|
337
|
+
"AnalysisRequest": {
|
|
338
|
+
"type": "object",
|
|
339
|
+
"required": ["vendor_name", "safeguard_id", "response_text"],
|
|
340
|
+
"properties": {
|
|
341
|
+
"vendor_name": {
|
|
342
|
+
"type": "string",
|
|
343
|
+
"description": "Name of the vendor",
|
|
344
|
+
"minLength": 1,
|
|
345
|
+
"maxLength": 100,
|
|
346
|
+
"example": "Microsoft Defender"
|
|
347
|
+
},
|
|
348
|
+
"safeguard_id": {
|
|
349
|
+
"type": "string",
|
|
350
|
+
"pattern": "^[0-9]+\\.[0-9]+$",
|
|
351
|
+
"description": "CIS safeguard ID",
|
|
352
|
+
"example": "5.1"
|
|
353
|
+
},
|
|
354
|
+
"response_text": {
|
|
355
|
+
"type": "string",
|
|
356
|
+
"description": "Vendor response text to analyze for capability determination",
|
|
357
|
+
"minLength": 10,
|
|
358
|
+
"maxLength": 10000,
|
|
359
|
+
"example": "We provide centralized account management with role-based access controls, automated provisioning and deprovisioning, and integration with Active Directory for enterprise identity management."
|
|
360
|
+
}
|
|
361
|
+
}
|
|
362
|
+
},
|
|
363
|
+
"CoverageClaimRequest": {
|
|
364
|
+
"type": "object",
|
|
365
|
+
"required": ["vendor_name", "safeguard_id", "claimed_capability", "response_text"],
|
|
366
|
+
"properties": {
|
|
367
|
+
"vendor_name": {
|
|
368
|
+
"type": "string",
|
|
369
|
+
"description": "Name of the vendor",
|
|
370
|
+
"minLength": 1,
|
|
371
|
+
"maxLength": 100,
|
|
372
|
+
"example": "Qualys VMDR"
|
|
373
|
+
},
|
|
374
|
+
"safeguard_id": {
|
|
375
|
+
"type": "string",
|
|
376
|
+
"pattern": "^[0-9]+\\.[0-9]+$",
|
|
377
|
+
"description": "CIS safeguard ID",
|
|
378
|
+
"example": "7.1"
|
|
379
|
+
},
|
|
380
|
+
"claimed_capability": {
|
|
381
|
+
"$ref": "#/components/schemas/CapabilityRole"
|
|
382
|
+
},
|
|
383
|
+
"response_text": {
|
|
384
|
+
"type": "string",
|
|
385
|
+
"description": "Supporting evidence for the capability claim",
|
|
386
|
+
"minLength": 10,
|
|
387
|
+
"maxLength": 10000,
|
|
388
|
+
"example": "Our vulnerability management platform performs continuous scanning, prioritizes vulnerabilities based on risk, provides automated remediation guidance, and tracks remediation progress across the entire infrastructure."
|
|
389
|
+
}
|
|
390
|
+
}
|
|
391
|
+
},
|
|
392
|
+
"ValidationResponse": {
|
|
393
|
+
"type": "object",
|
|
394
|
+
"properties": {
|
|
395
|
+
"vendor_name": {
|
|
396
|
+
"type": "string",
|
|
397
|
+
"example": "CrowdStrike Falcon"
|
|
398
|
+
},
|
|
399
|
+
"safeguard_id": {
|
|
400
|
+
"type": "string",
|
|
401
|
+
"example": "1.1"
|
|
402
|
+
},
|
|
403
|
+
"claimed_capability": {
|
|
404
|
+
"$ref": "#/components/schemas/CapabilityRole"
|
|
405
|
+
},
|
|
406
|
+
"validated_capability": {
|
|
407
|
+
"$ref": "#/components/schemas/CapabilityRole"
|
|
408
|
+
},
|
|
409
|
+
"validation_status": {
|
|
410
|
+
"type": "string",
|
|
411
|
+
"enum": ["SUPPORTED", "QUESTIONABLE", "UNSUPPORTED"],
|
|
412
|
+
"description": "Overall validation result"
|
|
413
|
+
},
|
|
414
|
+
"confidence_score": {
|
|
415
|
+
"type": "number",
|
|
416
|
+
"minimum": 0,
|
|
417
|
+
"maximum": 100,
|
|
418
|
+
"description": "Confidence percentage in the assessment"
|
|
419
|
+
},
|
|
420
|
+
"domain_validation": {
|
|
421
|
+
"type": "object",
|
|
422
|
+
"properties": {
|
|
423
|
+
"tool_type": {
|
|
424
|
+
"type": "string",
|
|
425
|
+
"description": "Detected tool type category"
|
|
426
|
+
},
|
|
427
|
+
"domain_appropriate": {
|
|
428
|
+
"type": "boolean",
|
|
429
|
+
"description": "Whether tool type is appropriate for claimed capability"
|
|
430
|
+
},
|
|
431
|
+
"auto_downgrade_applied": {
|
|
432
|
+
"type": "boolean",
|
|
433
|
+
"description": "Whether capability was auto-downgraded due to domain mismatch"
|
|
434
|
+
}
|
|
435
|
+
}
|
|
436
|
+
},
|
|
437
|
+
"evidence_analysis": {
|
|
438
|
+
"type": "object",
|
|
439
|
+
"properties": {
|
|
440
|
+
"core_requirements_score": {
|
|
441
|
+
"type": "number",
|
|
442
|
+
"minimum": 0,
|
|
443
|
+
"maximum": 100
|
|
444
|
+
},
|
|
445
|
+
"governance_elements_score": {
|
|
446
|
+
"type": "number",
|
|
447
|
+
"minimum": 0,
|
|
448
|
+
"maximum": 100
|
|
449
|
+
},
|
|
450
|
+
"sub_elements_score": {
|
|
451
|
+
"type": "number",
|
|
452
|
+
"minimum": 0,
|
|
453
|
+
"maximum": 100
|
|
454
|
+
},
|
|
455
|
+
"language_consistency_score": {
|
|
456
|
+
"type": "number",
|
|
457
|
+
"minimum": 0,
|
|
458
|
+
"maximum": 100
|
|
459
|
+
}
|
|
460
|
+
}
|
|
461
|
+
},
|
|
462
|
+
"reasoning": {
|
|
463
|
+
"type": "string",
|
|
464
|
+
"description": "Detailed explanation of the validation decision"
|
|
465
|
+
},
|
|
466
|
+
"recommendations": {
|
|
467
|
+
"type": "array",
|
|
468
|
+
"items": {
|
|
469
|
+
"type": "string"
|
|
470
|
+
},
|
|
471
|
+
"description": "Actionable recommendations for capability improvement"
|
|
472
|
+
},
|
|
473
|
+
"timestamp": {
|
|
474
|
+
"type": "string",
|
|
475
|
+
"format": "date-time"
|
|
476
|
+
}
|
|
477
|
+
}
|
|
478
|
+
},
|
|
479
|
+
"AnalysisResponse": {
|
|
480
|
+
"type": "object",
|
|
481
|
+
"properties": {
|
|
482
|
+
"vendor_name": {
|
|
483
|
+
"type": "string"
|
|
484
|
+
},
|
|
485
|
+
"safeguard_id": {
|
|
486
|
+
"type": "string"
|
|
487
|
+
},
|
|
488
|
+
"determined_capability": {
|
|
489
|
+
"$ref": "#/components/schemas/CapabilityRole"
|
|
490
|
+
},
|
|
491
|
+
"confidence_score": {
|
|
492
|
+
"type": "number",
|
|
493
|
+
"minimum": 0,
|
|
494
|
+
"maximum": 100
|
|
495
|
+
},
|
|
496
|
+
"domain_validation": {
|
|
497
|
+
"type": "object",
|
|
498
|
+
"properties": {
|
|
499
|
+
"tool_type": {
|
|
500
|
+
"type": "string"
|
|
501
|
+
},
|
|
502
|
+
"domain_appropriate": {
|
|
503
|
+
"type": "boolean"
|
|
504
|
+
}
|
|
505
|
+
}
|
|
506
|
+
},
|
|
507
|
+
"analysis_details": {
|
|
508
|
+
"type": "object",
|
|
509
|
+
"properties": {
|
|
510
|
+
"core_coverage": {
|
|
511
|
+
"type": "number",
|
|
512
|
+
"minimum": 0,
|
|
513
|
+
"maximum": 100
|
|
514
|
+
},
|
|
515
|
+
"implementation_depth": {
|
|
516
|
+
"type": "number",
|
|
517
|
+
"minimum": 0,
|
|
518
|
+
"maximum": 100
|
|
519
|
+
},
|
|
520
|
+
"governance_support": {
|
|
521
|
+
"type": "number",
|
|
522
|
+
"minimum": 0,
|
|
523
|
+
"maximum": 100
|
|
524
|
+
}
|
|
525
|
+
}
|
|
526
|
+
},
|
|
527
|
+
"reasoning": {
|
|
528
|
+
"type": "string"
|
|
529
|
+
},
|
|
530
|
+
"timestamp": {
|
|
531
|
+
"type": "string",
|
|
532
|
+
"format": "date-time"
|
|
533
|
+
}
|
|
534
|
+
}
|
|
535
|
+
},
|
|
536
|
+
"SafeguardListResponse": {
|
|
537
|
+
"type": "object",
|
|
538
|
+
"properties": {
|
|
539
|
+
"safeguards": {
|
|
540
|
+
"type": "array",
|
|
541
|
+
"items": {
|
|
542
|
+
"type": "object",
|
|
543
|
+
"properties": {
|
|
544
|
+
"id": {
|
|
545
|
+
"type": "string",
|
|
546
|
+
"example": "1.1"
|
|
547
|
+
},
|
|
548
|
+
"title": {
|
|
549
|
+
"type": "string",
|
|
550
|
+
"example": "Establish and Maintain Detailed Enterprise Asset Inventory"
|
|
551
|
+
},
|
|
552
|
+
"implementationGroup": {
|
|
553
|
+
"type": "string",
|
|
554
|
+
"enum": ["IG1", "IG2", "IG3"],
|
|
555
|
+
"example": "IG1"
|
|
556
|
+
}
|
|
557
|
+
}
|
|
558
|
+
}
|
|
559
|
+
},
|
|
560
|
+
"total": {
|
|
561
|
+
"type": "integer",
|
|
562
|
+
"example": 153
|
|
563
|
+
},
|
|
564
|
+
"framework": {
|
|
565
|
+
"type": "string",
|
|
566
|
+
"example": "CIS Controls v8.1"
|
|
567
|
+
},
|
|
568
|
+
"timestamp": {
|
|
569
|
+
"type": "string",
|
|
570
|
+
"format": "date-time"
|
|
571
|
+
}
|
|
572
|
+
}
|
|
573
|
+
},
|
|
574
|
+
"SafeguardDetails": {
|
|
575
|
+
"type": "object",
|
|
576
|
+
"properties": {
|
|
577
|
+
"id": {
|
|
578
|
+
"type": "string",
|
|
579
|
+
"example": "1.1"
|
|
580
|
+
},
|
|
581
|
+
"title": {
|
|
582
|
+
"type": "string",
|
|
583
|
+
"example": "Establish and Maintain Detailed Enterprise Asset Inventory"
|
|
584
|
+
},
|
|
585
|
+
"description": {
|
|
586
|
+
"type": "string",
|
|
587
|
+
"description": "Detailed description of the safeguard requirements"
|
|
588
|
+
},
|
|
589
|
+
"implementationGroup": {
|
|
590
|
+
"type": "string",
|
|
591
|
+
"enum": ["IG1", "IG2", "IG3"],
|
|
592
|
+
"example": "IG1"
|
|
593
|
+
},
|
|
594
|
+
"governanceElements": {
|
|
595
|
+
"type": "array",
|
|
596
|
+
"items": {
|
|
597
|
+
"type": "string"
|
|
598
|
+
},
|
|
599
|
+
"description": "Governance requirements that MUST be met (Orange elements)"
|
|
600
|
+
},
|
|
601
|
+
"coreRequirements": {
|
|
602
|
+
"type": "array",
|
|
603
|
+
"items": {
|
|
604
|
+
"type": "string"
|
|
605
|
+
},
|
|
606
|
+
"description": "Core 'what' requirements of the safeguard (Green elements)"
|
|
607
|
+
},
|
|
608
|
+
"subTaxonomicalElements": {
|
|
609
|
+
"type": "array",
|
|
610
|
+
"items": {
|
|
611
|
+
"type": "string"
|
|
612
|
+
},
|
|
613
|
+
"description": "Sub-taxonomical components (Yellow elements)"
|
|
614
|
+
},
|
|
615
|
+
"implementationSuggestions": {
|
|
616
|
+
"type": "array",
|
|
617
|
+
"items": {
|
|
618
|
+
"type": "string"
|
|
619
|
+
},
|
|
620
|
+
"description": "Implementation methods and suggestions (Gray elements)"
|
|
621
|
+
}
|
|
622
|
+
}
|
|
623
|
+
},
|
|
624
|
+
"HealthResponse": {
|
|
625
|
+
"type": "object",
|
|
626
|
+
"properties": {
|
|
627
|
+
"status": {
|
|
628
|
+
"type": "string",
|
|
629
|
+
"example": "healthy"
|
|
630
|
+
},
|
|
631
|
+
"uptime": {
|
|
632
|
+
"type": "integer",
|
|
633
|
+
"description": "Uptime in seconds"
|
|
634
|
+
},
|
|
635
|
+
"totalRequests": {
|
|
636
|
+
"type": "integer",
|
|
637
|
+
"description": "Total requests processed"
|
|
638
|
+
},
|
|
639
|
+
"errorCount": {
|
|
640
|
+
"type": "integer",
|
|
641
|
+
"description": "Total errors encountered"
|
|
642
|
+
},
|
|
643
|
+
"version": {
|
|
644
|
+
"type": "string",
|
|
645
|
+
"example": "1.3.1"
|
|
646
|
+
},
|
|
647
|
+
"timestamp": {
|
|
648
|
+
"type": "string",
|
|
649
|
+
"format": "date-time"
|
|
650
|
+
}
|
|
651
|
+
}
|
|
652
|
+
},
|
|
653
|
+
"MetricsResponse": {
|
|
654
|
+
"type": "object",
|
|
655
|
+
"properties": {
|
|
656
|
+
"uptime_seconds": {
|
|
657
|
+
"type": "integer"
|
|
658
|
+
},
|
|
659
|
+
"total_requests": {
|
|
660
|
+
"type": "integer"
|
|
661
|
+
},
|
|
662
|
+
"error_count": {
|
|
663
|
+
"type": "integer"
|
|
664
|
+
},
|
|
665
|
+
"error_rate": {
|
|
666
|
+
"type": "string",
|
|
667
|
+
"example": "0.5%"
|
|
668
|
+
},
|
|
669
|
+
"request_counts": {
|
|
670
|
+
"type": "object",
|
|
671
|
+
"additionalProperties": {
|
|
672
|
+
"type": "integer"
|
|
673
|
+
}
|
|
674
|
+
},
|
|
675
|
+
"timestamp": {
|
|
676
|
+
"type": "string",
|
|
677
|
+
"format": "date-time"
|
|
678
|
+
}
|
|
679
|
+
}
|
|
680
|
+
},
|
|
681
|
+
"ErrorResponse": {
|
|
682
|
+
"type": "object",
|
|
683
|
+
"properties": {
|
|
684
|
+
"error": {
|
|
685
|
+
"type": "string",
|
|
686
|
+
"description": "Error message"
|
|
687
|
+
},
|
|
688
|
+
"details": {
|
|
689
|
+
"type": "string",
|
|
690
|
+
"description": "Additional error details"
|
|
691
|
+
},
|
|
692
|
+
"timestamp": {
|
|
693
|
+
"type": "string",
|
|
694
|
+
"format": "date-time"
|
|
695
|
+
}
|
|
696
|
+
}
|
|
697
|
+
}
|
|
698
|
+
}
|
|
699
|
+
},
|
|
700
|
+
"tags": [
|
|
701
|
+
{
|
|
702
|
+
"name": "Capability Assessment",
|
|
703
|
+
"description": "Primary API endpoints for vendor capability assessment against CIS Controls"
|
|
704
|
+
},
|
|
705
|
+
{
|
|
706
|
+
"name": "Safeguards",
|
|
707
|
+
"description": "CIS Controls safeguards information and details"
|
|
708
|
+
},
|
|
709
|
+
{
|
|
710
|
+
"name": "Monitoring",
|
|
711
|
+
"description": "Health checks and performance monitoring"
|
|
712
|
+
}
|
|
713
|
+
],
|
|
714
|
+
"externalDocs": {
|
|
715
|
+
"description": "Framework MCP GitHub Repository",
|
|
716
|
+
"url": "https://github.com/therealcybermattlee/FrameworkMCP"
|
|
717
|
+
}
|
|
718
|
+
}
|