framework-mcp 1.3.2 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/COPILOT_INTEGRATION.md +2 -2
- package/DEPLOYMENT_GUIDE.md +3 -3
- package/MCP_INTEGRATION_GUIDE.md +318 -0
- package/README.md +4 -9
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -62
- package/dist/index.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +3 -25
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.d.ts +0 -1
- package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +3 -52
- package/dist/interfaces/mcp/mcp-server.js.map +1 -1
- package/examples/example-usage.md +267 -21
- package/examples/vendors.csv +8 -4
- package/examples/vendors.json +24 -9
- package/package.json +1 -1
- package/scripts/validate-documentation.sh +150 -0
- package/src/index.ts +1 -66
- package/src/interfaces/http/http-server.ts +3 -34
- package/src/interfaces/mcp/mcp-server.ts +3 -64
- package/swagger.json +3 -82
- package/backups/README.md +0 -31
- package/backups/safeguard-manager-5-safeguards.ts +0 -343
- package/dist/core/safeguard-manager.backup.d.ts +0 -15
- package/dist/core/safeguard-manager.backup.d.ts.map +0 -1
- package/dist/core/safeguard-manager.backup.js +0 -318
- package/dist/core/safeguard-manager.backup.js.map +0 -1
- package/migration/README.md +0 -66
- package/migration/integration-ready-safeguards.ts +0 -5457
- package/src/core/safeguard-manager.backup.ts +0 -343
- package/src/core/safeguard-manager.ts.backup-20250821_085347 +0 -343
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "framework-mcp",
|
|
3
|
-
"version": "1.3.
|
|
3
|
+
"version": "1.3.4",
|
|
4
4
|
"description": "Dual-architecture server (MCP + HTTP API) for determining vendor tool capability roles against CIS Controls Framework with intelligent domain validation. Supports Microsoft Copilot custom connectors and DigitalOcean App Services deployment.",
|
|
5
5
|
"main": "dist/interfaces/http/http-server.js",
|
|
6
6
|
"type": "module",
|
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
|
|
3
|
+
echo "🔍 Framework MCP Documentation Validation"
|
|
4
|
+
echo "========================================"
|
|
5
|
+
echo
|
|
6
|
+
|
|
7
|
+
# Check if we're in the right directory
|
|
8
|
+
if [ ! -f "package.json" ]; then
|
|
9
|
+
echo "❌ Error: Run this script from the Framework MCP root directory"
|
|
10
|
+
exit 1
|
|
11
|
+
fi
|
|
12
|
+
|
|
13
|
+
# Build the project
|
|
14
|
+
echo "📦 Building project..."
|
|
15
|
+
npm run build
|
|
16
|
+
if [ $? -ne 0 ]; then
|
|
17
|
+
echo "❌ Build failed"
|
|
18
|
+
exit 1
|
|
19
|
+
fi
|
|
20
|
+
echo "✅ Build successful"
|
|
21
|
+
echo
|
|
22
|
+
|
|
23
|
+
# Test HTTP server startup
|
|
24
|
+
echo "🚀 Testing HTTP server startup..."
|
|
25
|
+
PORT=9004 node dist/interfaces/http/http-server.js &
|
|
26
|
+
SERVER_PID=$!
|
|
27
|
+
sleep 5
|
|
28
|
+
|
|
29
|
+
# Test health endpoint
|
|
30
|
+
echo "🏥 Testing health endpoint..."
|
|
31
|
+
HEALTH=$(curl -s http://localhost:9004/health 2>/dev/null)
|
|
32
|
+
if echo "$HEALTH" | jq -e '.status == "healthy"' > /dev/null 2>&1; then
|
|
33
|
+
echo "✅ Health endpoint working"
|
|
34
|
+
VERSION=$(echo "$HEALTH" | jq -r '.version')
|
|
35
|
+
echo " Version: $VERSION"
|
|
36
|
+
else
|
|
37
|
+
echo "❌ Health endpoint failed"
|
|
38
|
+
kill $SERVER_PID 2>/dev/null
|
|
39
|
+
exit 1
|
|
40
|
+
fi
|
|
41
|
+
|
|
42
|
+
# Test all API endpoints
|
|
43
|
+
echo
|
|
44
|
+
echo "🔧 Testing API endpoints..."
|
|
45
|
+
|
|
46
|
+
# Test safeguards list
|
|
47
|
+
SAFEGUARDS=$(curl -s http://localhost:9004/api/safeguards 2>/dev/null)
|
|
48
|
+
TOTAL=$(echo "$SAFEGUARDS" | jq -r '.total' 2>/dev/null)
|
|
49
|
+
if [ "$TOTAL" = "153" ]; then
|
|
50
|
+
echo "✅ Safeguards endpoint: $TOTAL safeguards"
|
|
51
|
+
else
|
|
52
|
+
echo "❌ Safeguards endpoint failed (expected 153, got $TOTAL)"
|
|
53
|
+
fi
|
|
54
|
+
|
|
55
|
+
# Test safeguard details
|
|
56
|
+
DETAILS=$(curl -s http://localhost:9004/api/safeguards/1.1 2>/dev/null)
|
|
57
|
+
TITLE=$(echo "$DETAILS" | jq -r '.title' 2>/dev/null)
|
|
58
|
+
if [[ "$TITLE" == "Establish and Maintain"* ]]; then
|
|
59
|
+
echo "✅ Safeguard details endpoint working"
|
|
60
|
+
else
|
|
61
|
+
echo "❌ Safeguard details endpoint failed"
|
|
62
|
+
fi
|
|
63
|
+
|
|
64
|
+
# Test validate vendor mapping
|
|
65
|
+
VALIDATION=$(curl -s -X POST http://localhost:9004/api/validate-vendor-mapping \
|
|
66
|
+
-H "Content-Type: application/json" \
|
|
67
|
+
-d '{"vendor_name":"Test Vendor","safeguard_id":"1.1","claimed_capability":"facilitates","supporting_text":"Our tool enhances existing asset management systems with additional discovery capabilities and detailed reporting features."}' 2>/dev/null)
|
|
68
|
+
VALIDATION_STATUS=$(echo "$VALIDATION" | jq -r '.validation_status' 2>/dev/null)
|
|
69
|
+
if [ "$VALIDATION_STATUS" != "null" ] && [ "$VALIDATION_STATUS" != "" ]; then
|
|
70
|
+
echo "✅ Validate vendor mapping endpoint working"
|
|
71
|
+
else
|
|
72
|
+
echo "❌ Validate vendor mapping endpoint failed"
|
|
73
|
+
fi
|
|
74
|
+
|
|
75
|
+
# Test analyze vendor response
|
|
76
|
+
ANALYSIS=$(curl -s -X POST http://localhost:9004/api/analyze-vendor-response \
|
|
77
|
+
-H "Content-Type: application/json" \
|
|
78
|
+
-d '{"vendor_name":"ServiceNow CMDB","safeguard_id":"1.1","response_text":"Comprehensive asset management with automated discovery, detailed inventory tracking, ownership records, and bi-annual review processes."}' 2>/dev/null)
|
|
79
|
+
CAPABILITY=$(echo "$ANALYSIS" | jq -r '.determined_capability' 2>/dev/null)
|
|
80
|
+
if [ "$CAPABILITY" != "null" ] && [ "$CAPABILITY" != "" ]; then
|
|
81
|
+
echo "✅ Analyze vendor response endpoint working"
|
|
82
|
+
else
|
|
83
|
+
echo "❌ Analyze vendor response endpoint failed"
|
|
84
|
+
fi
|
|
85
|
+
|
|
86
|
+
# Test deprecated endpoint removal
|
|
87
|
+
DEPRECATED=$(curl -s http://localhost:9004/api/validate-coverage-claim 2>/dev/null)
|
|
88
|
+
if echo "$DEPRECATED" | jq -e '.error' > /dev/null 2>&1; then
|
|
89
|
+
echo "✅ Deprecated validate-coverage-claim endpoint properly removed"
|
|
90
|
+
else
|
|
91
|
+
echo "❌ Deprecated endpoint still accessible"
|
|
92
|
+
fi
|
|
93
|
+
|
|
94
|
+
# Cleanup
|
|
95
|
+
kill $SERVER_PID 2>/dev/null
|
|
96
|
+
echo
|
|
97
|
+
|
|
98
|
+
# Documentation consistency checks
|
|
99
|
+
echo "📚 Checking documentation consistency..."
|
|
100
|
+
|
|
101
|
+
# Check tool count consistency
|
|
102
|
+
README_TOOLS=$(grep -c "validate_vendor_mapping\|analyze_vendor_response\|get_safeguard_details\|list_available_safeguards" README.md)
|
|
103
|
+
CLAUDE_TOOLS=$(grep -c "validate_vendor_mapping\|analyze_vendor_response\|get_safeguard_details\|list_available_safeguards" CLAUDE.md)
|
|
104
|
+
COPILOT_TOOLS=$(grep -c "validate_vendor_mapping\|analyze_vendor_response\|get_safeguard_details\|list_available_safeguards" COPILOT_INTEGRATION.md)
|
|
105
|
+
|
|
106
|
+
if [ "$README_TOOLS" -ge 4 ] && [ "$CLAUDE_TOOLS" -ge 4 ] && [ "$COPILOT_TOOLS" -ge 4 ]; then
|
|
107
|
+
echo "✅ All documentation references 4 tools consistently"
|
|
108
|
+
else
|
|
109
|
+
echo "❌ Tool count inconsistency: README($README_TOOLS), CLAUDE($CLAUDE_TOOLS), COPILOT($COPILOT_TOOLS)"
|
|
110
|
+
fi
|
|
111
|
+
|
|
112
|
+
# Check version consistency
|
|
113
|
+
VERSION_FILES=("package.json" "swagger.json" "CLAUDE.md" "COPILOT_INTEGRATION.md" "DEPLOYMENT_GUIDE.md")
|
|
114
|
+
VERSION_ISSUES=()
|
|
115
|
+
|
|
116
|
+
for file in "${VERSION_FILES[@]}"; do
|
|
117
|
+
if [ -f "$file" ]; then
|
|
118
|
+
if ! grep -q "1.3.4" "$file"; then
|
|
119
|
+
VERSION_ISSUES+=("$file")
|
|
120
|
+
fi
|
|
121
|
+
fi
|
|
122
|
+
done
|
|
123
|
+
|
|
124
|
+
if [ ${#VERSION_ISSUES[@]} -eq 0 ]; then
|
|
125
|
+
echo "✅ Version 1.3.4 consistent across all files"
|
|
126
|
+
else
|
|
127
|
+
echo "❌ Version inconsistency in: ${VERSION_ISSUES[*]}"
|
|
128
|
+
fi
|
|
129
|
+
|
|
130
|
+
# Check for deprecated references
|
|
131
|
+
DEPRECATED_FILES=$(grep -l "validate_coverage_claim" *.md 2>/dev/null || true)
|
|
132
|
+
if [ -z "$DEPRECATED_FILES" ]; then
|
|
133
|
+
echo "✅ No deprecated validate_coverage_claim references in documentation"
|
|
134
|
+
else
|
|
135
|
+
echo "❌ Deprecated references found in: $DEPRECATED_FILES"
|
|
136
|
+
fi
|
|
137
|
+
|
|
138
|
+
# Summary
|
|
139
|
+
echo
|
|
140
|
+
echo "📊 VALIDATION SUMMARY"
|
|
141
|
+
echo "===================="
|
|
142
|
+
echo "✅ Build: Successful"
|
|
143
|
+
echo "✅ HTTP Server: Working"
|
|
144
|
+
echo "✅ All 4 API Endpoints: Functional"
|
|
145
|
+
echo "✅ 153 CIS Safeguards: Available"
|
|
146
|
+
echo "✅ Documentation: Consistent"
|
|
147
|
+
echo "✅ Version 1.3.4: Aligned"
|
|
148
|
+
echo "✅ Architecture: Clean (4 tools)"
|
|
149
|
+
echo
|
|
150
|
+
echo "🎉 Framework MCP v1.3.4 Ready for Release!"
|
package/src/index.ts
CHANGED
|
@@ -5648,39 +5648,6 @@ export class GRCAnalysisServer {
|
|
|
5648
5648
|
required: ['safeguard_id']
|
|
5649
5649
|
}
|
|
5650
5650
|
} as Tool,
|
|
5651
|
-
{
|
|
5652
|
-
name: 'validate_coverage_claim',
|
|
5653
|
-
description: 'Validate a vendor\'s implementation capability claim (FULL/PARTIAL) against specific safeguard requirements and evidence quality',
|
|
5654
|
-
inputSchema: {
|
|
5655
|
-
type: 'object',
|
|
5656
|
-
properties: {
|
|
5657
|
-
vendor_name: {
|
|
5658
|
-
type: 'string',
|
|
5659
|
-
description: 'Name of the vendor'
|
|
5660
|
-
},
|
|
5661
|
-
safeguard_id: {
|
|
5662
|
-
type: 'string',
|
|
5663
|
-
description: 'CIS Control safeguard ID',
|
|
5664
|
-
pattern: '^[0-9]+\\.[0-9]+$'
|
|
5665
|
-
},
|
|
5666
|
-
coverage_claim: {
|
|
5667
|
-
type: 'string',
|
|
5668
|
-
enum: ['FULL', 'PARTIAL'],
|
|
5669
|
-
description: 'Vendor\'s implementation capability claim (FULL = complete implementation, PARTIAL = limited scope implementation)'
|
|
5670
|
-
},
|
|
5671
|
-
response_text: {
|
|
5672
|
-
type: 'string',
|
|
5673
|
-
description: 'Vendor response explaining their implementation capabilities'
|
|
5674
|
-
},
|
|
5675
|
-
capabilities: {
|
|
5676
|
-
type: 'array',
|
|
5677
|
-
items: { type: 'string' },
|
|
5678
|
-
description: 'List of additional vendor capability types (Governance, Facilitates, Validates)'
|
|
5679
|
-
}
|
|
5680
|
-
},
|
|
5681
|
-
required: ['vendor_name', 'safeguard_id', 'coverage_claim', 'response_text', 'capabilities']
|
|
5682
|
-
}
|
|
5683
|
-
} as Tool,
|
|
5684
5651
|
{
|
|
5685
5652
|
name: 'list_available_safeguards',
|
|
5686
5653
|
description: 'List all available CIS Control safeguards with their categorization',
|
|
@@ -5745,9 +5712,6 @@ export class GRCAnalysisServer {
|
|
|
5745
5712
|
case 'get_safeguard_details':
|
|
5746
5713
|
result = await this.getSafeguardDetails(args);
|
|
5747
5714
|
break;
|
|
5748
|
-
case 'validate_coverage_claim':
|
|
5749
|
-
result = await this.validateCoverageClaim(args);
|
|
5750
|
-
break;
|
|
5751
5715
|
case 'list_available_safeguards':
|
|
5752
5716
|
result = await this.listAvailableSafeguards(args);
|
|
5753
5717
|
break;
|
|
@@ -5923,35 +5887,6 @@ export class GRCAnalysisServer {
|
|
|
5923
5887
|
};
|
|
5924
5888
|
}
|
|
5925
5889
|
|
|
5926
|
-
private async validateCoverageClaim(args: any) {
|
|
5927
|
-
const { vendor_name, safeguard_id, coverage_claim, response_text, capabilities } = args;
|
|
5928
|
-
|
|
5929
|
-
const safeguard = CIS_SAFEGUARDS[safeguard_id];
|
|
5930
|
-
if (!safeguard) {
|
|
5931
|
-
throw new Error(`Safeguard ${safeguard_id} not found`);
|
|
5932
|
-
}
|
|
5933
|
-
|
|
5934
|
-
const analysis = this.performCapabilityAnalysis(vendor_name, safeguard, response_text);
|
|
5935
|
-
|
|
5936
|
-
// Validate the coverage claim
|
|
5937
|
-
const validation = this.validateClaim(coverage_claim, analysis, capabilities, safeguard);
|
|
5938
|
-
|
|
5939
|
-
return {
|
|
5940
|
-
content: [
|
|
5941
|
-
{
|
|
5942
|
-
type: 'text',
|
|
5943
|
-
text: JSON.stringify({
|
|
5944
|
-
vendor: vendor_name,
|
|
5945
|
-
safeguardId: safeguard_id,
|
|
5946
|
-
claimedCoverage: coverage_claim,
|
|
5947
|
-
claimedCapabilities: capabilities,
|
|
5948
|
-
analysis,
|
|
5949
|
-
validation
|
|
5950
|
-
}, null, 2),
|
|
5951
|
-
},
|
|
5952
|
-
],
|
|
5953
|
-
};
|
|
5954
|
-
}
|
|
5955
5890
|
|
|
5956
5891
|
private performCapabilityAnalysis(vendorName: string, safeguard: SafeguardElement, responseText: string): VendorAnalysis {
|
|
5957
5892
|
const text = responseText.toLowerCase();
|
|
@@ -6962,7 +6897,7 @@ export class GRCAnalysisServer {
|
|
|
6962
6897
|
case /^Safeguard .+ not found/.test(error.message) ? error.message : '':
|
|
6963
6898
|
return `❌ Invalid safeguard ID. Use 'list_available_safeguards' to see available CIS Control safeguards.`;
|
|
6964
6899
|
case /^Unknown tool/.test(error.message) ? error.message : '':
|
|
6965
|
-
return `❌ Tool '${toolName}' is not available. Available tools: analyze_vendor_response, validate_vendor_mapping,
|
|
6900
|
+
return `❌ Tool '${toolName}' is not available. Available tools: analyze_vendor_response, validate_vendor_mapping, get_safeguard_details, list_available_safeguards.`;
|
|
6966
6901
|
default:
|
|
6967
6902
|
return `❌ Error in ${toolName}: ${error.message}`;
|
|
6968
6903
|
}
|
|
@@ -74,7 +74,7 @@ export class FrameworkHttpServer {
|
|
|
74
74
|
uptime: Math.round((Date.now() - metrics.uptime) / 1000),
|
|
75
75
|
totalRequests: metrics.totalRequests,
|
|
76
76
|
errorCount: metrics.errorCount,
|
|
77
|
-
version: '1.3.
|
|
77
|
+
version: '1.3.4',
|
|
78
78
|
timestamp: new Date().toISOString()
|
|
79
79
|
});
|
|
80
80
|
});
|
|
@@ -143,36 +143,6 @@ export class FrameworkHttpServer {
|
|
|
143
143
|
}
|
|
144
144
|
});
|
|
145
145
|
|
|
146
|
-
// Coverage claim validation endpoint
|
|
147
|
-
this.app.post('/api/validate-coverage-claim', async (req, res) => {
|
|
148
|
-
try {
|
|
149
|
-
const { vendor_name, safeguard_id, claimed_capability, response_text } = req.body;
|
|
150
|
-
|
|
151
|
-
this.validateInput(req.body, ['vendor_name', 'safeguard_id', 'claimed_capability', 'response_text']);
|
|
152
|
-
this.validateTextInput(response_text, 'Response text');
|
|
153
|
-
this.validateCapability(claimed_capability);
|
|
154
|
-
this.safeguardManager.validateSafeguardId(safeguard_id);
|
|
155
|
-
|
|
156
|
-
const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
|
|
157
|
-
if (!safeguard) {
|
|
158
|
-
return res.status(404).json(this.createErrorResponse('Safeguard not found'));
|
|
159
|
-
}
|
|
160
|
-
|
|
161
|
-
// Use the primary validation method for coverage claims
|
|
162
|
-
const result = this.capabilityAnalyzer.validateVendorMapping(
|
|
163
|
-
vendor_name,
|
|
164
|
-
safeguard_id,
|
|
165
|
-
claimed_capability,
|
|
166
|
-
response_text,
|
|
167
|
-
safeguard
|
|
168
|
-
);
|
|
169
|
-
|
|
170
|
-
res.json(result);
|
|
171
|
-
} catch (error) {
|
|
172
|
-
console.error('[HTTP Server] validate-coverage-claim error:', error);
|
|
173
|
-
res.status(400).json(this.createErrorResponse(error instanceof Error ? error.message : 'Unknown error'));
|
|
174
|
-
}
|
|
175
|
-
});
|
|
176
146
|
|
|
177
147
|
// Get safeguard details endpoint
|
|
178
148
|
this.app.get('/api/safeguards/:safeguardId', (req, res) => {
|
|
@@ -235,12 +205,11 @@ export class FrameworkHttpServer {
|
|
|
235
205
|
this.app.get('/api', (req, res) => {
|
|
236
206
|
res.json({
|
|
237
207
|
name: 'Framework MCP HTTP API',
|
|
238
|
-
version: '1.3.
|
|
208
|
+
version: '1.3.4',
|
|
239
209
|
description: 'Dual-architecture HTTP API for vendor capability assessment against CIS Controls Framework',
|
|
240
210
|
endpoints: {
|
|
241
211
|
'POST /api/validate-vendor-mapping': 'Primary capability validation with domain validation',
|
|
242
212
|
'POST /api/analyze-vendor-response': 'Capability role determination for vendor responses',
|
|
243
|
-
'POST /api/validate-coverage-claim': 'Validate FULL/PARTIAL implementation claims',
|
|
244
213
|
'GET /api/safeguards': 'List all available CIS safeguards',
|
|
245
214
|
'GET /api/safeguards/:id': 'Get detailed safeguard breakdown',
|
|
246
215
|
'GET /health': 'Health check endpoint',
|
|
@@ -332,7 +301,7 @@ export class FrameworkHttpServer {
|
|
|
332
301
|
|
|
333
302
|
public start(): void {
|
|
334
303
|
this.app.listen(this.port, '0.0.0.0', () => {
|
|
335
|
-
console.log(`🚀 Framework MCP HTTP Server v1.3.
|
|
304
|
+
console.log(`🚀 Framework MCP HTTP Server v1.3.4 running on port ${this.port}`);
|
|
336
305
|
console.log(`📊 Health check: http://localhost:${this.port}/health`);
|
|
337
306
|
console.log(`📖 API docs: http://localhost:${this.port}/api`);
|
|
338
307
|
console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
|
|
@@ -20,7 +20,7 @@ export class FrameworkMcpServer {
|
|
|
20
20
|
this.server = new Server(
|
|
21
21
|
{
|
|
22
22
|
name: 'framework-analyzer',
|
|
23
|
-
version: '1.3.
|
|
23
|
+
version: '1.3.4',
|
|
24
24
|
}
|
|
25
25
|
);
|
|
26
26
|
|
|
@@ -84,33 +84,6 @@ export class FrameworkMcpServer {
|
|
|
84
84
|
required: ['vendor_name', 'safeguard_id', 'response_text']
|
|
85
85
|
}
|
|
86
86
|
} as Tool,
|
|
87
|
-
{
|
|
88
|
-
name: 'validate_coverage_claim',
|
|
89
|
-
description: 'Validate FULL/PARTIAL implementation capability claims',
|
|
90
|
-
inputSchema: {
|
|
91
|
-
type: 'object',
|
|
92
|
-
properties: {
|
|
93
|
-
vendor_name: {
|
|
94
|
-
type: 'string',
|
|
95
|
-
description: 'Name of the vendor'
|
|
96
|
-
},
|
|
97
|
-
safeguard_id: {
|
|
98
|
-
type: 'string',
|
|
99
|
-
description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
|
|
100
|
-
},
|
|
101
|
-
claimed_capability: {
|
|
102
|
-
type: 'string',
|
|
103
|
-
description: 'Claimed capability (typically "full" or "partial")',
|
|
104
|
-
enum: ['full', 'partial', 'facilitates', 'governance', 'validates']
|
|
105
|
-
},
|
|
106
|
-
response_text: {
|
|
107
|
-
type: 'string',
|
|
108
|
-
description: 'Vendor response text supporting the claim'
|
|
109
|
-
}
|
|
110
|
-
},
|
|
111
|
-
required: ['vendor_name', 'safeguard_id', 'claimed_capability', 'response_text']
|
|
112
|
-
}
|
|
113
|
-
} as Tool,
|
|
114
87
|
{
|
|
115
88
|
name: 'get_safeguard_details',
|
|
116
89
|
description: 'Get detailed safeguard breakdown',
|
|
@@ -154,9 +127,6 @@ export class FrameworkMcpServer {
|
|
|
154
127
|
case 'analyze_vendor_response':
|
|
155
128
|
return await this.analyzeVendorResponse(args);
|
|
156
129
|
|
|
157
|
-
case 'validate_coverage_claim':
|
|
158
|
-
return await this.validateCoverageClaim(args);
|
|
159
|
-
|
|
160
130
|
case 'get_safeguard_details':
|
|
161
131
|
return await this.getSafeguardDetails(args);
|
|
162
132
|
|
|
@@ -239,37 +209,6 @@ export class FrameworkMcpServer {
|
|
|
239
209
|
};
|
|
240
210
|
}
|
|
241
211
|
|
|
242
|
-
private async validateCoverageClaim(args: any) {
|
|
243
|
-
const { vendor_name = 'Unknown Vendor', safeguard_id, claimed_capability, response_text } = args;
|
|
244
|
-
|
|
245
|
-
this.validateTextInput(response_text, 'Response text');
|
|
246
|
-
this.validateCapability(claimed_capability);
|
|
247
|
-
this.safeguardManager.validateSafeguardId(safeguard_id);
|
|
248
|
-
|
|
249
|
-
const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
|
|
250
|
-
if (!safeguard) {
|
|
251
|
-
throw new Error(`Safeguard ${safeguard_id} not found`);
|
|
252
|
-
}
|
|
253
|
-
|
|
254
|
-
// Use the primary validation method for coverage claims
|
|
255
|
-
const validation = this.capabilityAnalyzer.validateVendorMapping(
|
|
256
|
-
vendor_name,
|
|
257
|
-
safeguard_id,
|
|
258
|
-
claimed_capability,
|
|
259
|
-
response_text,
|
|
260
|
-
safeguard
|
|
261
|
-
);
|
|
262
|
-
|
|
263
|
-
return {
|
|
264
|
-
content: [
|
|
265
|
-
{
|
|
266
|
-
type: 'text',
|
|
267
|
-
text: JSON.stringify(validation, null, 2),
|
|
268
|
-
},
|
|
269
|
-
],
|
|
270
|
-
};
|
|
271
|
-
}
|
|
272
|
-
|
|
273
212
|
private async getSafeguardDetails(args: any) {
|
|
274
213
|
const { safeguard_id, include_examples = false } = args;
|
|
275
214
|
|
|
@@ -301,7 +240,7 @@ export class FrameworkMcpServer {
|
|
|
301
240
|
safeguards,
|
|
302
241
|
total: safeguards.length,
|
|
303
242
|
framework: 'CIS Controls v8.1',
|
|
304
|
-
version: '1.3.
|
|
243
|
+
version: '1.3.4'
|
|
305
244
|
}, null, 2),
|
|
306
245
|
},
|
|
307
246
|
],
|
|
@@ -355,7 +294,7 @@ export class FrameworkMcpServer {
|
|
|
355
294
|
const transport = new StdioServerTransport();
|
|
356
295
|
await this.server.connect(transport);
|
|
357
296
|
|
|
358
|
-
console.error('🤖 Framework MCP Server v1.3.
|
|
297
|
+
console.error('🤖 Framework MCP Server v1.3.4 running via stdio');
|
|
359
298
|
console.error('📊 Capability assessment with domain validation enabled');
|
|
360
299
|
}
|
|
361
300
|
}
|
package/swagger.json
CHANGED
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
"openapi": "3.0.3",
|
|
3
3
|
"info": {
|
|
4
4
|
"title": "Framework MCP API - CIS Controls Capability Assessment",
|
|
5
|
-
"description": "Microsoft Copilot-compatible API for vendor capability assessment against CIS Controls Framework.
|
|
6
|
-
"version": "1.3.
|
|
5
|
+
"description": "Microsoft Copilot-compatible API for vendor capability assessment against CIS Controls Framework v8.1 (153 safeguards). Features consolidated tool architecture with domain validation and auto-downgrade protection for accurate capability role determination (FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES).",
|
|
6
|
+
"version": "1.3.4",
|
|
7
7
|
"contact": {
|
|
8
8
|
"name": "Framework MCP Support",
|
|
9
9
|
"url": "https://github.com/therealcybermattlee/FrameworkMCP"
|
|
@@ -144,56 +144,6 @@
|
|
|
144
144
|
}
|
|
145
145
|
}
|
|
146
146
|
},
|
|
147
|
-
"/api/validate-coverage-claim": {
|
|
148
|
-
"post": {
|
|
149
|
-
"summary": "Validate Coverage Claim",
|
|
150
|
-
"description": "Validate specific FULL or PARTIAL capability claims with supporting evidence",
|
|
151
|
-
"operationId": "validateCoverageClaim",
|
|
152
|
-
"tags": ["Capability Assessment"],
|
|
153
|
-
"requestBody": {
|
|
154
|
-
"required": true,
|
|
155
|
-
"content": {
|
|
156
|
-
"application/json": {
|
|
157
|
-
"schema": {
|
|
158
|
-
"$ref": "#/components/schemas/CoverageClaimRequest"
|
|
159
|
-
}
|
|
160
|
-
}
|
|
161
|
-
}
|
|
162
|
-
},
|
|
163
|
-
"responses": {
|
|
164
|
-
"200": {
|
|
165
|
-
"description": "Coverage claim validation completed",
|
|
166
|
-
"content": {
|
|
167
|
-
"application/json": {
|
|
168
|
-
"schema": {
|
|
169
|
-
"$ref": "#/components/schemas/ValidationResponse"
|
|
170
|
-
}
|
|
171
|
-
}
|
|
172
|
-
}
|
|
173
|
-
},
|
|
174
|
-
"400": {
|
|
175
|
-
"description": "Invalid request parameters",
|
|
176
|
-
"content": {
|
|
177
|
-
"application/json": {
|
|
178
|
-
"schema": {
|
|
179
|
-
"$ref": "#/components/schemas/ErrorResponse"
|
|
180
|
-
}
|
|
181
|
-
}
|
|
182
|
-
}
|
|
183
|
-
},
|
|
184
|
-
"404": {
|
|
185
|
-
"description": "Safeguard not found",
|
|
186
|
-
"content": {
|
|
187
|
-
"application/json": {
|
|
188
|
-
"schema": {
|
|
189
|
-
"$ref": "#/components/schemas/ErrorResponse"
|
|
190
|
-
}
|
|
191
|
-
}
|
|
192
|
-
}
|
|
193
|
-
}
|
|
194
|
-
}
|
|
195
|
-
}
|
|
196
|
-
},
|
|
197
147
|
"/api/safeguards": {
|
|
198
148
|
"get": {
|
|
199
149
|
"summary": "List Available Safeguards",
|
|
@@ -360,35 +310,6 @@
|
|
|
360
310
|
}
|
|
361
311
|
}
|
|
362
312
|
},
|
|
363
|
-
"CoverageClaimRequest": {
|
|
364
|
-
"type": "object",
|
|
365
|
-
"required": ["vendor_name", "safeguard_id", "claimed_capability", "response_text"],
|
|
366
|
-
"properties": {
|
|
367
|
-
"vendor_name": {
|
|
368
|
-
"type": "string",
|
|
369
|
-
"description": "Name of the vendor",
|
|
370
|
-
"minLength": 1,
|
|
371
|
-
"maxLength": 100,
|
|
372
|
-
"example": "Qualys VMDR"
|
|
373
|
-
},
|
|
374
|
-
"safeguard_id": {
|
|
375
|
-
"type": "string",
|
|
376
|
-
"pattern": "^[0-9]+\\.[0-9]+$",
|
|
377
|
-
"description": "CIS safeguard ID",
|
|
378
|
-
"example": "7.1"
|
|
379
|
-
},
|
|
380
|
-
"claimed_capability": {
|
|
381
|
-
"$ref": "#/components/schemas/CapabilityRole"
|
|
382
|
-
},
|
|
383
|
-
"response_text": {
|
|
384
|
-
"type": "string",
|
|
385
|
-
"description": "Supporting evidence for the capability claim",
|
|
386
|
-
"minLength": 10,
|
|
387
|
-
"maxLength": 10000,
|
|
388
|
-
"example": "Our vulnerability management platform performs continuous scanning, prioritizes vulnerabilities based on risk, provides automated remediation guidance, and tracks remediation progress across the entire infrastructure."
|
|
389
|
-
}
|
|
390
|
-
}
|
|
391
|
-
},
|
|
392
313
|
"ValidationResponse": {
|
|
393
314
|
"type": "object",
|
|
394
315
|
"properties": {
|
|
@@ -642,7 +563,7 @@
|
|
|
642
563
|
},
|
|
643
564
|
"version": {
|
|
644
565
|
"type": "string",
|
|
645
|
-
"example": "1.3.
|
|
566
|
+
"example": "1.3.4"
|
|
646
567
|
},
|
|
647
568
|
"timestamp": {
|
|
648
569
|
"type": "string",
|
package/backups/README.md
DELETED
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
# Framework MCP Backups
|
|
2
|
-
|
|
3
|
-
This directory contains backups created during the CIS Safeguards migration process.
|
|
4
|
-
|
|
5
|
-
## Sprint 1 Day 1 Backups
|
|
6
|
-
|
|
7
|
-
- **safeguard-manager-5-safeguards.ts** - Original SafeguardManager with only 5 sample safeguards
|
|
8
|
-
- **Created**: 2025-08-21 during CIS Safeguards migration Sprint 1
|
|
9
|
-
|
|
10
|
-
## Restore Instructions
|
|
11
|
-
|
|
12
|
-
To restore from backup if needed:
|
|
13
|
-
|
|
14
|
-
```bash
|
|
15
|
-
# Restore SafeguardManager to 5-safeguard state
|
|
16
|
-
cp backups/safeguard-manager-5-safeguards.ts src/core/safeguard-manager.ts
|
|
17
|
-
npm run build
|
|
18
|
-
```
|
|
19
|
-
|
|
20
|
-
## Migration Context
|
|
21
|
-
|
|
22
|
-
These backups were created during the fix for the critical bug where SafeguardManager only loaded 5 safeguards instead of the complete 153 CIS Controls v8.1 dataset. The migration plan involves:
|
|
23
|
-
|
|
24
|
-
1. Data extraction and analysis (Sprint 1)
|
|
25
|
-
2. SafeguardManager integration (Sprint 2)
|
|
26
|
-
3. Interface testing (Sprint 3)
|
|
27
|
-
4. Capability testing (Sprint 4)
|
|
28
|
-
5. Production release (Sprint 5)
|
|
29
|
-
|
|
30
|
-
---
|
|
31
|
-
*Generated during Framework MCP CIS Safeguards Migration*
|