framework-mcp 1.3.2 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/COPILOT_INTEGRATION.md +2 -2
  2. package/DEPLOYMENT_GUIDE.md +3 -3
  3. package/MCP_INTEGRATION_GUIDE.md +318 -0
  4. package/README.md +4 -9
  5. package/dist/index.d.ts +0 -1
  6. package/dist/index.d.ts.map +1 -1
  7. package/dist/index.js +1 -62
  8. package/dist/index.js.map +1 -1
  9. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  10. package/dist/interfaces/http/http-server.js +3 -25
  11. package/dist/interfaces/http/http-server.js.map +1 -1
  12. package/dist/interfaces/mcp/mcp-server.d.ts +0 -1
  13. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
  14. package/dist/interfaces/mcp/mcp-server.js +3 -52
  15. package/dist/interfaces/mcp/mcp-server.js.map +1 -1
  16. package/examples/example-usage.md +267 -21
  17. package/examples/vendors.csv +8 -4
  18. package/examples/vendors.json +24 -9
  19. package/package.json +1 -1
  20. package/scripts/validate-documentation.sh +150 -0
  21. package/src/index.ts +1 -66
  22. package/src/interfaces/http/http-server.ts +3 -34
  23. package/src/interfaces/mcp/mcp-server.ts +3 -64
  24. package/swagger.json +3 -82
  25. package/backups/README.md +0 -31
  26. package/backups/safeguard-manager-5-safeguards.ts +0 -343
  27. package/dist/core/safeguard-manager.backup.d.ts +0 -15
  28. package/dist/core/safeguard-manager.backup.d.ts.map +0 -1
  29. package/dist/core/safeguard-manager.backup.js +0 -318
  30. package/dist/core/safeguard-manager.backup.js.map +0 -1
  31. package/migration/README.md +0 -66
  32. package/migration/integration-ready-safeguards.ts +0 -5457
  33. package/src/core/safeguard-manager.backup.ts +0 -343
  34. package/src/core/safeguard-manager.ts.backup-20250821_085347 +0 -343
@@ -52,7 +52,7 @@ Expected response:
52
52
  "uptime": 1234,
53
53
  "totalRequests": 0,
54
54
  "errorCount": 0,
55
- "version": "1.3.1",
55
+ "version": "1.3.4",
56
56
  "timestamp": "2025-08-21T01:00:00.000Z"
57
57
  }
58
58
  ```
@@ -159,7 +159,7 @@ Configure this action for capability determination:
159
159
  - **Parameters**: safeguard_id, include_examples (optional)
160
160
 
161
161
  **List Available Safeguards:**
162
- - **Operation**: `listSafeguards`
162
+ - **Operation**: `listAvailableSafeguards`
163
163
  - **Parameters**: None
164
164
 
165
165
  ## Example User Interactions
@@ -2,7 +2,7 @@
2
2
 
3
3
  ## Dual Architecture: MCP + HTTP API
4
4
 
5
- Framework MCP v1.1.3 features a **dual architecture** that solves the DigitalOcean App Services stdio vs HTTP mismatch:
5
+ Framework MCP v1.3.4 features a **dual architecture** that solves the DigitalOcean App Services stdio vs HTTP mismatch:
6
6
 
7
7
  - **MCP Interface**: stdio-based for Claude Code integration
8
8
  - **HTTP Interface**: REST API for cloud deployment
@@ -56,7 +56,7 @@ curl http://localhost:8080/health
56
56
  2. In DigitalOcean Dashboard:
57
57
  - Create New App
58
58
  - Connect GitHub repository
59
- - Select branch: `feature/dual-architecture-http-api`
59
+ - Select branch: `main`
60
60
  - Use provided `.do/app.yaml` configuration
61
61
 
62
62
  #### 2. Deploy via doctl CLI
@@ -332,4 +332,4 @@ npm install express-rate-limit
332
332
 
333
333
  ---
334
334
 
335
- **🎉 Framework MCP v1.1.3 solves the DigitalOcean stdio vs HTTP architecture mismatch while preserving full MCP functionality!**
335
+ **🎉 Framework MCP v1.3.4 solves the DigitalOcean stdio vs HTTP architecture mismatch while preserving full MCP functionality!**
@@ -0,0 +1,318 @@
1
+ # Framework MCP Integration Guide
2
+
3
+ ## Claude Code MCP Integration
4
+
5
+ This guide shows how to integrate Framework MCP with Claude Code for CIS Controls capability assessment.
6
+
7
+ ## Prerequisites
8
+
9
+ - **Claude Code CLI** installed and configured
10
+ - **Node.js 18+** for running the MCP server
11
+ - **Framework MCP** installed locally or from npm
12
+
13
+ ## Installation Options
14
+
15
+ ### Option 1: Install from npm (Recommended)
16
+ ```bash
17
+ npm install -g framework-mcp
18
+ ```
19
+
20
+ ### Option 2: Build from Source
21
+ ```bash
22
+ git clone https://github.com/therealcybermattlee/FrameworkMCP.git
23
+ cd FrameworkMCP
24
+ npm install
25
+ npm run build
26
+ ```
27
+
28
+ ## MCP Configuration
29
+
30
+ ### Configure Claude Code MCP Settings
31
+
32
+ Add Framework MCP to your MCP configuration file:
33
+
34
+ **Location**: `~/.config/claude-code/mcp.json`
35
+
36
+ ```json
37
+ {
38
+ "mcpServers": {
39
+ "framework-analyzer": {
40
+ "command": "node",
41
+ "args": ["/path/to/FrameworkMCP/dist/index.js"],
42
+ "env": {}
43
+ }
44
+ }
45
+ }
46
+ ```
47
+
48
+ ### For npm Global Installation
49
+ ```json
50
+ {
51
+ "mcpServers": {
52
+ "framework-analyzer": {
53
+ "command": "framework-mcp",
54
+ "args": [],
55
+ "env": {}
56
+ }
57
+ }
58
+ }
59
+ ```
60
+
61
+ ## Verify Installation
62
+
63
+ Test your MCP integration:
64
+
65
+ ```bash
66
+ claude-code "List all available CIS Control safeguards"
67
+ ```
68
+
69
+ Expected response: List of 153 safeguards across 18 CIS Controls
70
+
71
+ ## 🔧 MCP Tool Usage
72
+
73
+ ### 1. validate_vendor_mapping (PRIMARY)
74
+
75
+ **Most Important Tool**: Evidence-based validation with domain validation
76
+
77
+ ```bash
78
+ # Validate FULL capability claim (should pass)
79
+ claude-code "Use validate_vendor_mapping with vendor_name 'ServiceNow CMDB', safeguard_id '1.1', claimed_capability 'full', and supporting_text 'Our CMDB provides comprehensive asset lifecycle management with automated discovery, detailed hardware and software inventory tracking, enterprise asset ownership records, departmental assignments, and documented bi-annual review processes.'"
80
+
81
+ # Validate FULL capability claim (should auto-downgrade)
82
+ claude-code "Use validate_vendor_mapping with vendor_name 'Splunk SIEM', safeguard_id '1.1', claimed_capability 'full', and supporting_text 'Our SIEM platform provides comprehensive network visibility through log analysis and maintains detailed asset information through security event correlation.'"
83
+
84
+ # Validate FACILITATES capability claim
85
+ claude-code "Use validate_vendor_mapping with vendor_name 'Nessus Scanner', safeguard_id '1.1', claimed_capability 'facilitates', and supporting_text 'Our vulnerability scanner enhances existing asset management by providing additional device discovery and detailed software inventory during security assessments.'"
86
+ ```
87
+
88
+ ### 2. analyze_vendor_response
89
+
90
+ **Purpose**: Determine appropriate capability role when unknown
91
+
92
+ ```bash
93
+ # Analyze identity management vendor
94
+ claude-code "Use analyze_vendor_response with vendor_name 'Okta', safeguard_id '5.1', and response_text 'We provide comprehensive identity lifecycle management with automated account provisioning, detailed user directories, quarterly access reviews, and full compliance reporting with audit trails.'"
95
+
96
+ # Analyze cross-domain vendor
97
+ claude-code "Use analyze_vendor_response with vendor_name 'CrowdStrike Falcon', safeguard_id '1.1', and response_text 'Our endpoint protection platform provides real-time asset visibility with comprehensive device inventory, software tracking, and continuous asset monitoring across all enterprise endpoints.'"
98
+ ```
99
+
100
+ ### 3. get_safeguard_details
101
+
102
+ **Purpose**: Research safeguard requirements before assessment
103
+
104
+ ```bash
105
+ # Basic safeguard details
106
+ claude-code "Use get_safeguard_details with safeguard_id '1.1'"
107
+
108
+ # Detailed safeguard with examples
109
+ claude-code "Use get_safeguard_details with safeguard_id '5.1' and include_examples true"
110
+
111
+ # Research multiple safeguards
112
+ claude-code "Use get_safeguard_details for safeguard 6.3 then explain what makes this safeguard different from 5.1"
113
+ ```
114
+
115
+ ### 4. list_available_safeguards
116
+
117
+ **Purpose**: Discover available safeguards for planning
118
+
119
+ ```bash
120
+ # Complete safeguard list
121
+ claude-code "Use list_available_safeguards"
122
+
123
+ # Targeted safeguard discovery
124
+ claude-code "Use list_available_safeguards then identify which safeguards are most relevant for identity management vendor assessment"
125
+ ```
126
+
127
+ ## 📋 Common MCP Workflows
128
+
129
+ ### Workflow 1: New Vendor Assessment
130
+ ```bash
131
+ # Step 1: Research the safeguard
132
+ claude-code "Use get_safeguard_details for safeguard 1.1 to understand all requirements"
133
+
134
+ # Step 2: Analyze vendor response (capability unknown)
135
+ claude-code "Use analyze_vendor_response for vendor 'Device42' with safeguard '1.1' and response 'Our IT asset management platform provides comprehensive device discovery, detailed inventory tracking, and complete asset lifecycle management.'"
136
+
137
+ # Step 3: Validate specific claim (if vendor claims specific capability)
138
+ claude-code "Use validate_vendor_mapping to validate Device42's claim of 'full' capability for safeguard 1.1"
139
+ ```
140
+
141
+ ### Workflow 2: Claims Validation Audit
142
+ ```bash
143
+ # Validate high-confidence claim
144
+ claude-code "Use validate_vendor_mapping for vendor 'Microsoft Entra ID', safeguard '5.1', claimed capability 'full', with supporting text 'Complete identity management with automated provisioning, detailed account inventories, quarterly reviews, and comprehensive compliance reporting.'"
145
+
146
+ # Validate questionable claim
147
+ claude-code "Use validate_vendor_mapping for vendor 'Network Scanner Pro', safeguard '1.1', claimed capability 'full', with supporting text 'We scan networks and find devices.'"
148
+ ```
149
+
150
+ ### Workflow 3: Multi-Safeguard Vendor Analysis
151
+ ```bash
152
+ # Analyze vendor across multiple safeguards
153
+ claude-code "Use analyze_vendor_response for Microsoft Defender for Endpoint across these scenarios:
154
+ 1. Safeguard 1.1: 'Comprehensive endpoint asset discovery and inventory'
155
+ 2. Safeguard 7.1: 'Continuous vulnerability assessment and patch management'
156
+ 3. Safeguard 1.2: 'Unauthorized device detection and blocking'"
157
+ ```
158
+
159
+ ## 🎯 Domain Validation Examples
160
+
161
+ ### Asset Management Domain (Safeguards 1.1, 1.2)
162
+ ```bash
163
+ # Appropriate tool type (should pass)
164
+ claude-code "Use validate_vendor_mapping for 'Lansweeper', safeguard '1.1', claimed 'full', with 'Complete IT asset management with automated discovery, comprehensive inventory, and detailed asset tracking.'"
165
+
166
+ # Inappropriate tool type (should auto-downgrade)
167
+ claude-code "Use validate_vendor_mapping for 'Qualys VMDR', safeguard '1.1', claimed 'full', with 'Vulnerability scanning with network discovery and asset databases.'"
168
+ ```
169
+
170
+ ### Identity Management Domain (Safeguards 5.1, 6.3)
171
+ ```bash
172
+ # Appropriate tool type (should pass)
173
+ claude-code "Use validate_vendor_mapping for 'SailPoint', safeguard '5.1', claimed 'full', with 'Identity governance with comprehensive account management, lifecycle automation, and quarterly certifications.'"
174
+
175
+ # Inappropriate tool type (should auto-downgrade)
176
+ claude-code "Use validate_vendor_mapping for 'Splunk', safeguard '5.1', claimed 'full', with 'Account activity monitoring and user behavior analytics through log analysis.'"
177
+ ```
178
+
179
+ ## 🚀 Advanced MCP Usage
180
+
181
+ ### Custom Analysis Prompts
182
+ ```bash
183
+ # Comparative assessment
184
+ claude-code "Use validate_vendor_mapping to compare these FULL capability claims for safeguard 1.1: ServiceNow CMDB vs Device42 vs Lansweeper. Analyze domain validation, evidence quality, and confidence scores."
185
+
186
+ # Gap analysis
187
+ claude-code "Use get_safeguard_details for safeguard 5.1, then use analyze_vendor_response for Vendor 'BasicIAM' with response 'We provide user directories and password management.' Identify capability gaps."
188
+
189
+ # Compliance planning
190
+ claude-code "Use list_available_safeguards to identify all safeguards in Controls 1-3, then recommend which vendor types would be needed for comprehensive coverage."
191
+ ```
192
+
193
+ ### Error Handling Examples
194
+ ```bash
195
+ # Invalid safeguard ID
196
+ claude-code "Use get_safeguard_details with safeguard_id '99.99'"
197
+ # Expected: Error with available safeguards suggestion
198
+
199
+ # Invalid capability role
200
+ claude-code "Use validate_vendor_mapping with claimed_capability 'super-full'"
201
+ # Expected: Error listing valid capability roles
202
+
203
+ # Insufficient supporting text
204
+ claude-code "Use validate_vendor_mapping with supporting_text 'Good tool'"
205
+ # Expected: Error requiring minimum 10 characters
206
+ ```
207
+
208
+ ## 📊 Understanding MCP Responses
209
+
210
+ ### Successful Validation Response
211
+ ```json
212
+ {
213
+ "vendor_name": "ServiceNow CMDB",
214
+ "safeguard_id": "1.1",
215
+ "claimed_capability": "full",
216
+ "validated_capability": "full",
217
+ "validation_status": "SUPPORTED",
218
+ "confidence_score": 88,
219
+ "domain_validation": {
220
+ "tool_type": "cmdb",
221
+ "domain_appropriate": true,
222
+ "auto_downgrade_applied": false
223
+ },
224
+ "evidence_analysis": {
225
+ "core_requirements_score": 95,
226
+ "governance_elements_score": 80,
227
+ "sub_elements_score": 85,
228
+ "language_consistency_score": 92
229
+ },
230
+ "reasoning": "Strong evidence for FULL capability with appropriate tool type",
231
+ "recommendations": []
232
+ }
233
+ ```
234
+
235
+ ### Auto-Downgrade Response
236
+ ```json
237
+ {
238
+ "vendor_name": "Nessus Scanner",
239
+ "safeguard_id": "1.1",
240
+ "claimed_capability": "full",
241
+ "validated_capability": "facilitates",
242
+ "validation_status": "QUESTIONABLE",
243
+ "confidence_score": 60,
244
+ "domain_validation": {
245
+ "tool_type": "vulnerability_management",
246
+ "domain_appropriate": false,
247
+ "auto_downgrade_applied": true
248
+ },
249
+ "reasoning": "Auto-downgraded from FULL to FACILITATES due to domain mismatch",
250
+ "recommendations": [
251
+ "Consider repositioning as FACILITATES capability to align with tool type"
252
+ ]
253
+ }
254
+ ```
255
+
256
+ ## 🔍 Troubleshooting
257
+
258
+ ### Common MCP Issues
259
+
260
+ **MCP Server Not Found:**
261
+ ```bash
262
+ # Check Claude Code MCP configuration
263
+ cat ~/.config/claude-code/mcp.json
264
+
265
+ # Verify file paths are absolute
266
+ which node
267
+ ls -la /path/to/FrameworkMCP/dist/index.js
268
+ ```
269
+
270
+ **Permission Denied:**
271
+ ```bash
272
+ chmod +x /path/to/FrameworkMCP/dist/index.js
273
+ ```
274
+
275
+ **Module Not Found:**
276
+ ```bash
277
+ cd /path/to/FrameworkMCP
278
+ npm install
279
+ npm run build
280
+ ```
281
+
282
+ **Tool Not Available:**
283
+ ```bash
284
+ # Restart Claude Code after MCP configuration changes
285
+ # Verify MCP server is running in Claude Code logs
286
+ ```
287
+
288
+ ### Verification Commands
289
+
290
+ ```bash
291
+ # Test MCP connection
292
+ claude-code "Use list_available_safeguards to verify Framework MCP is working"
293
+
294
+ # Test all 4 tools
295
+ claude-code "Test Framework MCP by using each tool: list_available_safeguards, get_safeguard_details for 1.1, analyze_vendor_response for a test vendor, and validate_vendor_mapping for a test claim"
296
+
297
+ # Performance test
298
+ claude-code "Use validate_vendor_mapping 5 times with different vendors to test caching performance"
299
+ ```
300
+
301
+ ## 🎉 Success Criteria
302
+
303
+ Your MCP integration is successful when:
304
+
305
+ - ✅ `list_available_safeguards` returns 153 safeguards
306
+ - ✅ `get_safeguard_details` returns detailed safeguard breakdowns
307
+ - ✅ `analyze_vendor_response` determines appropriate capability roles
308
+ - ✅ `validate_vendor_mapping` performs evidence-based validation with domain validation
309
+ - ✅ Auto-downgrade protection works for domain mismatches
310
+ - ✅ All responses include confidence scores and detailed reasoning
311
+
312
+ ---
313
+
314
+ **🔗 Related Documentation**
315
+ - [Main README](README.md) - Project overview and installation
316
+ - [Deployment Guide](DEPLOYMENT_GUIDE.md) - Cloud deployment options
317
+ - [Copilot Integration](COPILOT_INTEGRATION.md) - Microsoft Copilot setup
318
+ - [Example Usage](examples/example-usage.md) - Detailed tool examples
package/README.md CHANGED
@@ -219,14 +219,10 @@ claude-code "Show me the detailed breakdown of safeguard 5.1 including all sub-e
219
219
 
220
220
  ### Validate Vendor Capability Claims
221
221
 
222
- **NEW**: Validate whether a vendor's stated capability mapping is actually supported by their explanatory text.
222
+ **PRIMARY TOOL**: Validate whether a vendor's stated capability mapping is actually supported by their explanatory text.
223
223
 
224
224
  ```bash
225
- claude-code "Validate this vendor capability claim:
226
- Vendor: SecureAssets Corp
227
- Safeguard: 1.1
228
- Claimed Capability: FULL
229
- Supporting Text: 'Our comprehensive asset management platform performs automated discovery of all enterprise devices, maintains detailed hardware and software inventories, tracks ownership and location data, provides real-time asset status monitoring, and includes documented inventory procedures with bi-annual review capabilities.'"
225
+ claude-code "Use validate_vendor_mapping with vendor_name 'SecureAssets Corp', safeguard_id '1.1', claimed_capability 'full', and supporting_text 'Our comprehensive asset management platform performs automated discovery of all enterprise devices, maintains detailed hardware and software inventories, tracks ownership and location data, provides real-time asset status monitoring, and includes documented inventory procedures with bi-annual review capabilities.'"
230
226
  ```
231
227
 
232
228
  ## 📊 Sample Output
@@ -330,9 +326,8 @@ Supporting Text: 'Our comprehensive asset management platform performs automated
330
326
 
331
327
  | Tool | Description |
332
328
  |------|-------------|
333
- | `analyze_vendor_response` | Determine vendor tool capability role for specific safeguard |
334
329
  | `validate_vendor_mapping` | **PRIMARY** Validate vendor's claimed capability role against supporting evidence with domain validation |
335
- | `validate_coverage_claim` | Validate FULL/PARTIAL implementation capability claims |
330
+ | `analyze_vendor_response` | Determine vendor tool capability role for specific safeguard |
336
331
  | `get_safeguard_details` | Get detailed safeguard breakdown |
337
332
  | `list_available_safeguards` | List all available CIS safeguards |
338
333
 
@@ -442,7 +437,7 @@ npm run build
442
437
  ```
443
438
 
444
439
  ### Add New Safeguards
445
- Edit `src/index.ts` and add to the `CIS_SAFEGUARDS` object:
440
+ Edit `src/core/safeguard-manager.ts` and add to the `initializeSafeguards()` method:
446
441
 
447
442
  ```typescript
448
443
  "X.Y": {
package/dist/index.d.ts CHANGED
@@ -10,7 +10,6 @@ export declare class GRCAnalysisServer {
10
10
  private getSafeguardDetails;
11
11
  private listAvailableSafeguards;
12
12
  private analyzeVendorResponse;
13
- private validateCoverageClaim;
14
13
  private performCapabilityAnalysis;
15
14
  private determineClaimedCapability;
16
15
  private getImplementationIndicators;
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAWA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAw8K/D,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAS;;IAavB,OAAO,CAAC,iBAAiB;YAsLX,mBAAmB;YAyDnB,uBAAuB;YAyDvB,qBAAqB;YAyBrB,qBAAqB;IA8BnC,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,0BAA0B;IAmDlC,OAAO,CAAC,2BAA2B;IAanC,OAAO,CAAC,uBAAuB;IA4C/B,OAAO,CAAC,2BAA2B;IAgCnC,OAAO,CAAC,uBAAuB;IAkB/B,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAa/B,OAAO,CAAC,0BAA0B;IAyBlC,OAAO,CAAC,2BAA2B;IAenC,OAAO,CAAC,iCAAiC;IAYzC,OAAO,CAAC,sBAAsB;IAY9B,OAAO,CAAC,qBAAqB;IAmB7B,OAAO,CAAC,sBAAsB;IA0C9B,OAAO,CAAC,4BAA4B;IAwCpC,OAAO,CAAC,uBAAuB;IA6B/B,OAAO,CAAC,yBAAyB;IA6BjC,OAAO,CAAC,aAAa;YAsFP,qBAAqB;IA2BnC,OAAO,CAAC,uBAAuB;IAkE/B,OAAO,CAAC,8BAA8B;IAqFtC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,kBAAkB;IAQ1B,OAAO,CAAC,+BAA+B;IAQvC,OAAO,CAAC,4BAA4B;IAQpC,OAAO,CAAC,0BAA0B;IAQlC,OAAO,CAAC,wBAAwB;IAQhC,OAAO,CAAC,wBAAwB;IAShC,OAAO,CAAC,cAAc;IAqJtB,OAAO,CAAC,mBAAmB;IA6C3B,OAAO,CAAC,oCAAoC;IAgC5C,OAAO,CAAC,0BAA0B;IAkClC,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,kBAAkB,CAKxB;IAGF,OAAO,CAAC,KAAK,CAIX;IAEF,OAAO,CAAC,yBAAyB;IAWjC,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,YAAY;IAcpB,OAAO,CAAC,mBAAmB;IAgB3B,OAAO,CAAC,mBAAmB;IAY3B,OAAO,CAAC,mBAAmB;IAc3B,OAAO,CAAC,iBAAiB;IAczB,OAAO,CAAC,kBAAkB;IAOpB,GAAG;CAYV"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAWA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAw8K/D,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAS;;IAavB,OAAO,CAAC,iBAAiB;YAkJX,mBAAmB;YAyDnB,uBAAuB;YAyDvB,qBAAqB;IA0BnC,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,0BAA0B;IAmDlC,OAAO,CAAC,2BAA2B;IAanC,OAAO,CAAC,uBAAuB;IA4C/B,OAAO,CAAC,2BAA2B;IAgCnC,OAAO,CAAC,uBAAuB;IAkB/B,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAa/B,OAAO,CAAC,0BAA0B;IAyBlC,OAAO,CAAC,2BAA2B;IAenC,OAAO,CAAC,iCAAiC;IAYzC,OAAO,CAAC,sBAAsB;IAY9B,OAAO,CAAC,qBAAqB;IAmB7B,OAAO,CAAC,sBAAsB;IA0C9B,OAAO,CAAC,4BAA4B;IAwCpC,OAAO,CAAC,uBAAuB;IA6B/B,OAAO,CAAC,yBAAyB;IA6BjC,OAAO,CAAC,aAAa;YAsFP,qBAAqB;IA2BnC,OAAO,CAAC,uBAAuB;IAkE/B,OAAO,CAAC,8BAA8B;IAqFtC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,kBAAkB;IAQ1B,OAAO,CAAC,+BAA+B;IAQvC,OAAO,CAAC,4BAA4B;IAQpC,OAAO,CAAC,0BAA0B;IAQlC,OAAO,CAAC,wBAAwB;IAQhC,OAAO,CAAC,wBAAwB;IAShC,OAAO,CAAC,cAAc;IAqJtB,OAAO,CAAC,mBAAmB;IA6C3B,OAAO,CAAC,oCAAoC;IAgC5C,OAAO,CAAC,0BAA0B;IAkClC,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,kBAAkB,CAKxB;IAGF,OAAO,CAAC,KAAK,CAIX;IAEF,OAAO,CAAC,yBAAyB;IAWjC,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,YAAY;IAcpB,OAAO,CAAC,mBAAmB;IAgB3B,OAAO,CAAC,mBAAmB;IAY3B,OAAO,CAAC,mBAAmB;IAc3B,OAAO,CAAC,iBAAiB;IAczB,OAAO,CAAC,kBAAkB;IAOpB,GAAG;CAYV"}
package/dist/index.js CHANGED
@@ -5540,39 +5540,6 @@ export class GRCAnalysisServer {
5540
5540
  required: ['safeguard_id']
5541
5541
  }
5542
5542
  },
5543
- {
5544
- name: 'validate_coverage_claim',
5545
- description: 'Validate a vendor\'s implementation capability claim (FULL/PARTIAL) against specific safeguard requirements and evidence quality',
5546
- inputSchema: {
5547
- type: 'object',
5548
- properties: {
5549
- vendor_name: {
5550
- type: 'string',
5551
- description: 'Name of the vendor'
5552
- },
5553
- safeguard_id: {
5554
- type: 'string',
5555
- description: 'CIS Control safeguard ID',
5556
- pattern: '^[0-9]+\\.[0-9]+$'
5557
- },
5558
- coverage_claim: {
5559
- type: 'string',
5560
- enum: ['FULL', 'PARTIAL'],
5561
- description: 'Vendor\'s implementation capability claim (FULL = complete implementation, PARTIAL = limited scope implementation)'
5562
- },
5563
- response_text: {
5564
- type: 'string',
5565
- description: 'Vendor response explaining their implementation capabilities'
5566
- },
5567
- capabilities: {
5568
- type: 'array',
5569
- items: { type: 'string' },
5570
- description: 'List of additional vendor capability types (Governance, Facilitates, Validates)'
5571
- }
5572
- },
5573
- required: ['vendor_name', 'safeguard_id', 'coverage_claim', 'response_text', 'capabilities']
5574
- }
5575
- },
5576
5543
  {
5577
5544
  name: 'list_available_safeguards',
5578
5545
  description: 'List all available CIS Control safeguards with their categorization',
@@ -5635,9 +5602,6 @@ export class GRCAnalysisServer {
5635
5602
  case 'get_safeguard_details':
5636
5603
  result = await this.getSafeguardDetails(args);
5637
5604
  break;
5638
- case 'validate_coverage_claim':
5639
- result = await this.validateCoverageClaim(args);
5640
- break;
5641
5605
  case 'list_available_safeguards':
5642
5606
  result = await this.listAvailableSafeguards(args);
5643
5607
  break;
@@ -5786,31 +5750,6 @@ export class GRCAnalysisServer {
5786
5750
  ],
5787
5751
  };
5788
5752
  }
5789
- async validateCoverageClaim(args) {
5790
- const { vendor_name, safeguard_id, coverage_claim, response_text, capabilities } = args;
5791
- const safeguard = CIS_SAFEGUARDS[safeguard_id];
5792
- if (!safeguard) {
5793
- throw new Error(`Safeguard ${safeguard_id} not found`);
5794
- }
5795
- const analysis = this.performCapabilityAnalysis(vendor_name, safeguard, response_text);
5796
- // Validate the coverage claim
5797
- const validation = this.validateClaim(coverage_claim, analysis, capabilities, safeguard);
5798
- return {
5799
- content: [
5800
- {
5801
- type: 'text',
5802
- text: JSON.stringify({
5803
- vendor: vendor_name,
5804
- safeguardId: safeguard_id,
5805
- claimedCoverage: coverage_claim,
5806
- claimedCapabilities: capabilities,
5807
- analysis,
5808
- validation
5809
- }, null, 2),
5810
- },
5811
- ],
5812
- };
5813
- }
5814
5753
  performCapabilityAnalysis(vendorName, safeguard, responseText) {
5815
5754
  const text = responseText.toLowerCase();
5816
5755
  // Step 1: Determine what type of capability this tool is claiming
@@ -6634,7 +6573,7 @@ export class GRCAnalysisServer {
6634
6573
  case /^Safeguard .+ not found/.test(error.message) ? error.message : '':
6635
6574
  return `❌ Invalid safeguard ID. Use 'list_available_safeguards' to see available CIS Control safeguards.`;
6636
6575
  case /^Unknown tool/.test(error.message) ? error.message : '':
6637
- return `❌ Tool '${toolName}' is not available. Available tools: analyze_vendor_response, validate_vendor_mapping, validate_coverage_claim, get_safeguard_details, list_available_safeguards.`;
6576
+ return `❌ Tool '${toolName}' is not available. Available tools: analyze_vendor_response, validate_vendor_mapping, get_safeguard_details, list_available_safeguards.`;
6638
6577
  default:
6639
6578
  return `❌ Error in ${toolName}: ${error.message}`;
6640
6579
  }