framework-mcp 1.3.5 → 1.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/.claude/agents/mcp-developer.md +41 -0
  2. package/.claude/agents/project-orchestrator.md +43 -0
  3. package/.claude/agents/version-consistency-reviewer.md +50 -0
  4. package/COPILOT_INTEGRATION.md +1 -1
  5. package/DEPLOYMENT_GUIDE.md +4 -4
  6. package/README.md +62 -61
  7. package/RELEASE_NOTES_v1.3.7.md +275 -0
  8. package/SAFEGUARDS_VERIFICATION_LOG.md +157 -0
  9. package/dist/core/capability-analyzer.d.ts +1 -7
  10. package/dist/core/capability-analyzer.d.ts.map +1 -1
  11. package/dist/core/capability-analyzer.js +6 -241
  12. package/dist/core/capability-analyzer.js.map +1 -1
  13. package/dist/core/safeguard-manager.d.ts.map +1 -1
  14. package/dist/core/safeguard-manager.js +747 -1191
  15. package/dist/core/safeguard-manager.js.map +1 -1
  16. package/dist/index.d.ts +0 -53
  17. package/dist/index.d.ts.map +1 -1
  18. package/dist/index.js +0 -1245
  19. package/dist/index.js.map +1 -1
  20. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  21. package/dist/interfaces/http/http-server.js +6 -34
  22. package/dist/interfaces/http/http-server.js.map +1 -1
  23. package/dist/interfaces/mcp/mcp-server.d.ts +0 -1
  24. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
  25. package/dist/interfaces/mcp/mcp-server.js +4 -53
  26. package/dist/interfaces/mcp/mcp-server.js.map +1 -1
  27. package/dist/shared/types.d.ts +0 -37
  28. package/dist/shared/types.d.ts.map +1 -1
  29. package/examples/example-usage.md +43 -38
  30. package/package.json +2 -3
  31. package/scripts/validate-documentation.sh +4 -4
  32. package/src/core/capability-analyzer.ts +7 -298
  33. package/src/core/safeguard-manager.ts +729 -1173
  34. package/src/index.ts +0 -1598
  35. package/src/interfaces/http/http-server.ts +6 -44
  36. package/src/interfaces/mcp/mcp-server.ts +4 -64
  37. package/src/shared/types.ts +0 -40
  38. package/swagger.json +107 -196
@@ -74,47 +74,11 @@ export class FrameworkHttpServer {
74
74
  uptime: Math.round((Date.now() - metrics.uptime) / 1000),
75
75
  totalRequests: metrics.totalRequests,
76
76
  errorCount: metrics.errorCount,
77
- version: '1.3.4',
77
+ version: '1.3.7',
78
78
  timestamp: new Date().toISOString()
79
79
  });
80
80
  });
81
81
 
82
- // Primary validation endpoint
83
- this.app.post('/api/validate-vendor-mapping', async (req, res) => {
84
- try {
85
- const { vendor_name, safeguard_id, claimed_capability, supporting_text } = req.body;
86
-
87
- // Input validation
88
- this.validateInput(req.body, [
89
- 'vendor_name',
90
- 'safeguard_id',
91
- 'claimed_capability',
92
- 'supporting_text'
93
- ]);
94
-
95
- this.validateTextInput(supporting_text, 'Supporting text');
96
- this.validateCapability(claimed_capability);
97
- this.safeguardManager.validateSafeguardId(safeguard_id);
98
-
99
- const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
100
- if (!safeguard) {
101
- return res.status(404).json(this.createErrorResponse('Safeguard not found'));
102
- }
103
-
104
- const result = this.capabilityAnalyzer.validateVendorMapping(
105
- vendor_name,
106
- safeguard_id,
107
- claimed_capability,
108
- supporting_text,
109
- safeguard
110
- );
111
-
112
- res.json(result);
113
- } catch (error) {
114
- console.error('[HTTP Server] validate-vendor-mapping error:', error);
115
- res.status(400).json(this.createErrorResponse(error instanceof Error ? error.message : 'Unknown error'));
116
- }
117
- });
118
82
 
119
83
  // Capability analysis endpoint
120
84
  this.app.post('/api/analyze-vendor-response', async (req, res) => {
@@ -205,11 +169,10 @@ export class FrameworkHttpServer {
205
169
  this.app.get('/api', (req, res) => {
206
170
  res.json({
207
171
  name: 'Framework MCP HTTP API',
208
- version: '1.3.4',
209
- description: 'Dual-architecture HTTP API for vendor capability assessment against CIS Controls Framework',
172
+ version: '1.3.7',
173
+ description: 'Clean HTTP API for vendor capability assessment against CIS Controls Framework',
210
174
  endpoints: {
211
- 'POST /api/validate-vendor-mapping': 'Primary capability validation with domain validation',
212
- 'POST /api/analyze-vendor-response': 'Capability role determination for vendor responses',
175
+ 'POST /api/analyze-vendor-response': 'Primary capability analysis for vendor responses',
213
176
  'GET /api/safeguards': 'List all available CIS safeguards',
214
177
  'GET /api/safeguards/:id': 'Get detailed safeguard breakdown',
215
178
  'GET /health': 'Health check endpoint',
@@ -223,7 +186,6 @@ export class FrameworkHttpServer {
223
186
  'GOVERNANCE - Policy/process management',
224
187
  'VALIDATES - Evidence collection and reporting'
225
188
  ],
226
- domain_validation: 'Auto-downgrade protection for inappropriate capability claims',
227
189
  framework: 'CIS Controls v8.1 (153 safeguards)',
228
190
  deployment: 'DigitalOcean App Services compatible'
229
191
  });
@@ -301,11 +263,11 @@ export class FrameworkHttpServer {
301
263
 
302
264
  public start(): void {
303
265
  this.app.listen(this.port, '0.0.0.0', () => {
304
- console.log(`🚀 Framework MCP HTTP Server v1.3.4 running on port ${this.port}`);
266
+ console.log(`🚀 Framework MCP HTTP Server v1.3.7 running on port ${this.port}`);
305
267
  console.log(`📊 Health check: http://localhost:${this.port}/health`);
306
268
  console.log(`📖 API docs: http://localhost:${this.port}/api`);
307
269
  console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
308
- console.log(`⚡ DigitalOcean App Services compatible`);
270
+ console.log(`⚡ Clean capability analysis - CIS Controls v8.1`);
309
271
  });
310
272
 
311
273
  // Graceful shutdown handling
@@ -20,7 +20,7 @@ export class FrameworkMcpServer {
20
20
  this.server = new Server(
21
21
  {
22
22
  name: 'framework-analyzer',
23
- version: '1.3.4',
23
+ version: '1.3.7',
24
24
  }
25
25
  );
26
26
 
@@ -35,33 +35,6 @@ export class FrameworkMcpServer {
35
35
  this.server.setRequestHandler(ListToolsRequestSchema, async () => {
36
36
  return {
37
37
  tools: [
38
- {
39
- name: 'validate_vendor_mapping',
40
- description: 'PRIMARY: Validate vendor capability claims with domain validation and evidence analysis',
41
- inputSchema: {
42
- type: 'object',
43
- properties: {
44
- vendor_name: {
45
- type: 'string',
46
- description: 'Name of the vendor/tool being analyzed'
47
- },
48
- safeguard_id: {
49
- type: 'string',
50
- description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
51
- },
52
- claimed_capability: {
53
- type: 'string',
54
- description: 'Claimed capability role',
55
- enum: ['full', 'partial', 'facilitates', 'governance', 'validates']
56
- },
57
- supporting_text: {
58
- type: 'string',
59
- description: 'Vendor text supporting their capability claim'
60
- }
61
- },
62
- required: ['vendor_name', 'safeguard_id', 'claimed_capability', 'supporting_text']
63
- }
64
- } as Tool,
65
38
  {
66
39
  name: 'analyze_vendor_response',
67
40
  description: 'Determine vendor tool capability role for specific safeguard',
@@ -121,9 +94,6 @@ export class FrameworkMcpServer {
121
94
 
122
95
  try {
123
96
  switch (name) {
124
- case 'validate_vendor_mapping':
125
- return await this.validateVendorMapping(args);
126
-
127
97
  case 'analyze_vendor_response':
128
98
  return await this.analyzeVendorResponse(args);
129
99
 
@@ -155,36 +125,6 @@ export class FrameworkMcpServer {
155
125
  });
156
126
  }
157
127
 
158
- private async validateVendorMapping(args: any) {
159
- const { vendor_name = 'Unknown Vendor', safeguard_id, claimed_capability, supporting_text } = args;
160
-
161
- // Input validation
162
- this.validateTextInput(supporting_text, 'Supporting text');
163
- this.validateCapability(claimed_capability);
164
- this.safeguardManager.validateSafeguardId(safeguard_id);
165
-
166
- const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
167
- if (!safeguard) {
168
- throw new Error(`Safeguard ${safeguard_id} not found`);
169
- }
170
-
171
- const validation = this.capabilityAnalyzer.validateVendorMapping(
172
- vendor_name,
173
- safeguard_id,
174
- claimed_capability,
175
- supporting_text,
176
- safeguard
177
- );
178
-
179
- return {
180
- content: [
181
- {
182
- type: 'text',
183
- text: JSON.stringify(validation, null, 2),
184
- },
185
- ],
186
- };
187
- }
188
128
 
189
129
  private async analyzeVendorResponse(args: any) {
190
130
  const { vendor_name = 'Unknown Vendor', safeguard_id, response_text } = args;
@@ -240,7 +180,7 @@ export class FrameworkMcpServer {
240
180
  safeguards,
241
181
  total: safeguards.length,
242
182
  framework: 'CIS Controls v8.1',
243
- version: '1.3.4'
183
+ version: '1.3.7'
244
184
  }, null, 2),
245
185
  },
246
186
  ],
@@ -294,8 +234,8 @@ export class FrameworkMcpServer {
294
234
  const transport = new StdioServerTransport();
295
235
  await this.server.connect(transport);
296
236
 
297
- console.error('🤖 Framework MCP Server v1.3.4 running via stdio');
298
- console.error('📊 Capability assessment with domain validation enabled');
237
+ console.error('🤖 Framework MCP Server v1.3.7 running via stdio');
238
+ console.error('📊 Clean capability assessment for CIS Controls v8.1');
299
239
  }
300
240
  }
301
241
 
@@ -38,31 +38,6 @@ export interface VendorAnalysis {
38
38
  recommendedUse: string; // How practitioners should use this tool
39
39
  }
40
40
 
41
- export interface DomainValidationResult {
42
- vendor: string;
43
- safeguard_id: string;
44
- safeguard_title: string;
45
- claimed_capability: string;
46
- validation_status: 'SUPPORTED' | 'QUESTIONABLE' | 'UNSUPPORTED';
47
- confidence_score: number;
48
- evidence_analysis: {
49
- core_requirements_coverage: number;
50
- sub_elements_coverage: number;
51
- governance_alignment: number;
52
- language_consistency: number;
53
- };
54
- domain_validation: {
55
- required_tool_type: string;
56
- detected_tool_type: string;
57
- domain_match: boolean;
58
- capability_adjusted: boolean;
59
- original_claim?: string;
60
- };
61
- gaps_identified: string[];
62
- strengths_identified: string[];
63
- recommendations: string[];
64
- detailed_feedback: string;
65
- }
66
41
 
67
42
  export interface PerformanceMetrics {
68
43
  uptime: number;
@@ -87,18 +62,3 @@ export interface QualityAssessment {
87
62
 
88
63
  export type CapabilityType = 'full' | 'partial' | 'facilitates' | 'governance' | 'validates';
89
64
 
90
- // Domain-specific validation mapping
91
- export interface DomainRequirement {
92
- domain: string;
93
- required_tool_types: string[];
94
- description: string;
95
- }
96
-
97
- // Tool type detection weights
98
- export interface ToolTypeWeights {
99
- [toolType: string]: {
100
- keywords: string[];
101
- baseWeight: number;
102
- contextBonuses: string[];
103
- };
104
- }
package/swagger.json CHANGED
@@ -2,8 +2,8 @@
2
2
  "openapi": "3.0.3",
3
3
  "info": {
4
4
  "title": "Framework MCP API - CIS Controls Capability Assessment",
5
- "description": "Microsoft Copilot-compatible API for vendor capability assessment against CIS Controls Framework v8.1 (153 safeguards). Features consolidated tool architecture with domain validation and auto-downgrade protection for accurate capability role determination (FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES).",
6
- "version": "1.3.5",
5
+ "description": "Microsoft Copilot-compatible API for vendor capability assessment against CIS Controls Framework v8.1 (153 safeguards). Features clean capability analysis architecture for accurate capability role determination (FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES).",
6
+ "version": "1.3.7",
7
7
  "contact": {
8
8
  "name": "Framework MCP Support",
9
9
  "url": "https://github.com/therealcybermattlee/FrameworkMCP"
@@ -44,60 +44,10 @@
44
44
  }
45
45
  }
46
46
  },
47
- "/api/validate-vendor-mapping": {
48
- "post": {
49
- "summary": "Validate Vendor Capability Mapping (PRIMARY)",
50
- "description": "Primary endpoint for validating vendor capability claims against CIS safeguards with domain validation and auto-downgrade protection. Use this for evidence-based capability assessment.",
51
- "operationId": "validateVendorMapping",
52
- "tags": ["Capability Assessment"],
53
- "requestBody": {
54
- "required": true,
55
- "content": {
56
- "application/json": {
57
- "schema": {
58
- "$ref": "#/components/schemas/VendorMappingRequest"
59
- }
60
- }
61
- }
62
- },
63
- "responses": {
64
- "200": {
65
- "description": "Validation completed successfully",
66
- "content": {
67
- "application/json": {
68
- "schema": {
69
- "$ref": "#/components/schemas/ValidationResponse"
70
- }
71
- }
72
- }
73
- },
74
- "400": {
75
- "description": "Invalid request parameters",
76
- "content": {
77
- "application/json": {
78
- "schema": {
79
- "$ref": "#/components/schemas/ErrorResponse"
80
- }
81
- }
82
- }
83
- },
84
- "404": {
85
- "description": "Safeguard not found",
86
- "content": {
87
- "application/json": {
88
- "schema": {
89
- "$ref": "#/components/schemas/ErrorResponse"
90
- }
91
- }
92
- }
93
- }
94
- }
95
- }
96
- },
97
47
  "/api/analyze-vendor-response": {
98
48
  "post": {
99
- "summary": "Analyze Vendor Response",
100
- "description": "Analyze vendor response text to determine appropriate capability role with domain validation",
49
+ "summary": "Analyze Vendor Response (PRIMARY)",
50
+ "description": "Primary endpoint for analyzing vendor response text to determine appropriate capability role for CIS safeguards",
101
51
  "operationId": "analyzeVendorResponse",
102
52
  "tags": ["Capability Assessment"],
103
53
  "requestBody": {
@@ -116,7 +66,7 @@
116
66
  "content": {
117
67
  "application/json": {
118
68
  "schema": {
119
- "$ref": "#/components/schemas/AnalysisResponse"
69
+ "$ref": "#/components/schemas/VendorAnalysisResponse"
120
70
  }
121
71
  }
122
72
  }
@@ -246,6 +196,26 @@
246
196
  }
247
197
  }
248
198
  }
199
+ },
200
+ "/api": {
201
+ "get": {
202
+ "summary": "API Documentation",
203
+ "description": "Get API documentation and available endpoints information",
204
+ "operationId": "getApiDocumentation",
205
+ "tags": ["Monitoring"],
206
+ "responses": {
207
+ "200": {
208
+ "description": "API documentation and endpoints",
209
+ "content": {
210
+ "application/json": {
211
+ "schema": {
212
+ "$ref": "#/components/schemas/ApiDocumentationResponse"
213
+ }
214
+ }
215
+ }
216
+ }
217
+ }
218
+ }
249
219
  }
250
220
  },
251
221
  "components": {
@@ -253,36 +223,7 @@
253
223
  "CapabilityRole": {
254
224
  "type": "string",
255
225
  "enum": ["full", "partial", "facilitates", "governance", "validates"],
256
- "description": "Vendor tool capability roles:\n- FULL: Complete implementation of safeguard (requires domain-appropriate tool)\n- PARTIAL: Limited scope implementation (requires domain-appropriate tool)\n- FACILITATES: Enhancement capabilities (no tool type restrictions)\n- GOVERNANCE: Policy/process management (no tool type restrictions)\n- VALIDATES: Evidence collection and reporting (no tool type restrictions)"
257
- },
258
- "VendorMappingRequest": {
259
- "type": "object",
260
- "required": ["vendor_name", "safeguard_id", "claimed_capability", "supporting_text"],
261
- "properties": {
262
- "vendor_name": {
263
- "type": "string",
264
- "description": "Name of the vendor or tool being analyzed",
265
- "minLength": 1,
266
- "maxLength": 100,
267
- "example": "CrowdStrike Falcon"
268
- },
269
- "safeguard_id": {
270
- "type": "string",
271
- "pattern": "^[0-9]+\\.[0-9]+$",
272
- "description": "CIS safeguard ID (format: X.Y)",
273
- "example": "1.1"
274
- },
275
- "claimed_capability": {
276
- "$ref": "#/components/schemas/CapabilityRole"
277
- },
278
- "supporting_text": {
279
- "type": "string",
280
- "description": "Vendor response or documentation supporting their capability claim",
281
- "minLength": 10,
282
- "maxLength": 10000,
283
- "example": "Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets across the organization."
284
- }
285
- }
226
+ "description": "Vendor tool capability roles:\n- FULL: Complete implementation of safeguard\n- PARTIAL: Limited scope implementation\n- FACILITATES: Enhancement capabilities that enable better/faster/stronger implementation\n- GOVERNANCE: Policy/process management and oversight\n- VALIDATES: Evidence collection, audit, and reporting"
286
227
  },
287
228
  "AnalysisRequest": {
288
229
  "type": "object",
@@ -310,147 +251,78 @@
310
251
  }
311
252
  }
312
253
  },
313
- "ValidationResponse": {
254
+ "VendorAnalysisResponse": {
314
255
  "type": "object",
315
256
  "properties": {
316
- "vendor_name": {
257
+ "vendor": {
317
258
  "type": "string",
318
- "example": "CrowdStrike Falcon"
259
+ "description": "Name of the vendor or tool",
260
+ "example": "Microsoft Defender"
319
261
  },
320
- "safeguard_id": {
262
+ "safeguardId": {
321
263
  "type": "string",
322
- "example": "1.1"
323
- },
324
- "claimed_capability": {
325
- "$ref": "#/components/schemas/CapabilityRole"
326
- },
327
- "validated_capability": {
328
- "$ref": "#/components/schemas/CapabilityRole"
264
+ "description": "CIS safeguard ID",
265
+ "example": "5.1"
329
266
  },
330
- "validation_status": {
267
+ "safeguardTitle": {
331
268
  "type": "string",
332
- "enum": ["SUPPORTED", "QUESTIONABLE", "UNSUPPORTED"],
333
- "description": "Overall validation result"
269
+ "description": "Title of the CIS safeguard",
270
+ "example": "Establish and Maintain an Inventory of Accounts"
334
271
  },
335
- "confidence_score": {
336
- "type": "number",
337
- "minimum": 0,
338
- "maximum": 100,
339
- "description": "Confidence percentage in the assessment"
272
+ "capability": {
273
+ "$ref": "#/components/schemas/CapabilityRole",
274
+ "description": "Primary capability categorization"
340
275
  },
341
- "domain_validation": {
276
+ "capabilities": {
342
277
  "type": "object",
278
+ "description": "Detailed capability breakdown",
343
279
  "properties": {
344
- "tool_type": {
345
- "type": "string",
346
- "description": "Detected tool type category"
347
- },
348
- "domain_appropriate": {
280
+ "full": {
349
281
  "type": "boolean",
350
- "description": "Whether tool type is appropriate for claimed capability"
282
+ "description": "Directly implements the core safeguard functionality"
351
283
  },
352
- "auto_downgrade_applied": {
284
+ "partial": {
353
285
  "type": "boolean",
354
- "description": "Whether capability was auto-downgraded due to domain mismatch"
355
- }
356
- }
357
- },
358
- "evidence_analysis": {
359
- "type": "object",
360
- "properties": {
361
- "core_requirements_score": {
362
- "type": "number",
363
- "minimum": 0,
364
- "maximum": 100
286
+ "description": "Implements limited aspects of the safeguard"
365
287
  },
366
- "governance_elements_score": {
367
- "type": "number",
368
- "minimum": 0,
369
- "maximum": 100
288
+ "facilitates": {
289
+ "type": "boolean",
290
+ "description": "Enhances or enables safeguard implementation by others"
370
291
  },
371
- "sub_elements_score": {
372
- "type": "number",
373
- "minimum": 0,
374
- "maximum": 100
292
+ "governance": {
293
+ "type": "boolean",
294
+ "description": "Provides policy, process, and oversight capabilities"
375
295
  },
376
- "language_consistency_score": {
377
- "type": "number",
378
- "minimum": 0,
379
- "maximum": 100
296
+ "validates": {
297
+ "type": "boolean",
298
+ "description": "Provides evidence, audit, and validation reporting"
380
299
  }
381
300
  }
382
301
  },
302
+ "confidence": {
303
+ "type": "number",
304
+ "minimum": 0,
305
+ "maximum": 100,
306
+ "description": "Confidence score in the assessment"
307
+ },
383
308
  "reasoning": {
384
309
  "type": "string",
385
- "description": "Detailed explanation of the validation decision"
310
+ "description": "Detailed explanation of the capability determination"
386
311
  },
387
- "recommendations": {
312
+ "evidence": {
388
313
  "type": "array",
389
314
  "items": {
390
315
  "type": "string"
391
316
  },
392
- "description": "Actionable recommendations for capability improvement"
317
+ "description": "Evidence supporting the capability assessment"
393
318
  },
394
- "timestamp": {
319
+ "toolCapabilityDescription": {
395
320
  "type": "string",
396
- "format": "date-time"
397
- }
398
- }
399
- },
400
- "AnalysisResponse": {
401
- "type": "object",
402
- "properties": {
403
- "vendor_name": {
404
- "type": "string"
405
- },
406
- "safeguard_id": {
407
- "type": "string"
408
- },
409
- "determined_capability": {
410
- "$ref": "#/components/schemas/CapabilityRole"
411
- },
412
- "confidence_score": {
413
- "type": "number",
414
- "minimum": 0,
415
- "maximum": 100
321
+ "description": "Description of what type of tool this is and its role"
416
322
  },
417
- "domain_validation": {
418
- "type": "object",
419
- "properties": {
420
- "tool_type": {
421
- "type": "string"
422
- },
423
- "domain_appropriate": {
424
- "type": "boolean"
425
- }
426
- }
427
- },
428
- "analysis_details": {
429
- "type": "object",
430
- "properties": {
431
- "core_coverage": {
432
- "type": "number",
433
- "minimum": 0,
434
- "maximum": 100
435
- },
436
- "implementation_depth": {
437
- "type": "number",
438
- "minimum": 0,
439
- "maximum": 100
440
- },
441
- "governance_support": {
442
- "type": "number",
443
- "minimum": 0,
444
- "maximum": 100
445
- }
446
- }
447
- },
448
- "reasoning": {
449
- "type": "string"
450
- },
451
- "timestamp": {
323
+ "recommendedUse": {
452
324
  "type": "string",
453
- "format": "date-time"
325
+ "description": "How practitioners should use this tool for the safeguard"
454
326
  }
455
327
  }
456
328
  },
@@ -563,7 +435,7 @@
563
435
  },
564
436
  "version": {
565
437
  "type": "string",
566
- "example": "1.3.4"
438
+ "example": "1.3.7"
567
439
  },
568
440
  "timestamp": {
569
441
  "type": "string",
@@ -599,6 +471,45 @@
599
471
  }
600
472
  }
601
473
  },
474
+ "ApiDocumentationResponse": {
475
+ "type": "object",
476
+ "properties": {
477
+ "name": {
478
+ "type": "string",
479
+ "example": "Framework MCP HTTP API"
480
+ },
481
+ "version": {
482
+ "type": "string",
483
+ "example": "1.3.7"
484
+ },
485
+ "description": {
486
+ "type": "string",
487
+ "example": "Clean HTTP API for vendor capability assessment against CIS Controls Framework"
488
+ },
489
+ "endpoints": {
490
+ "type": "object",
491
+ "additionalProperties": {
492
+ "type": "string"
493
+ },
494
+ "description": "Available API endpoints and their descriptions"
495
+ },
496
+ "capabilities": {
497
+ "type": "array",
498
+ "items": {
499
+ "type": "string"
500
+ },
501
+ "description": "Supported capability types"
502
+ },
503
+ "framework": {
504
+ "type": "string",
505
+ "example": "CIS Controls v8.1 (153 safeguards)"
506
+ },
507
+ "deployment": {
508
+ "type": "string",
509
+ "example": "DigitalOcean App Services compatible"
510
+ }
511
+ }
512
+ },
602
513
  "ErrorResponse": {
603
514
  "type": "object",
604
515
  "properties": {