framework-mcp 1.3.5 → 1.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/mcp-developer.md +41 -0
- package/.claude/agents/project-orchestrator.md +43 -0
- package/.claude/agents/version-consistency-reviewer.md +50 -0
- package/COPILOT_INTEGRATION.md +1 -1
- package/DEPLOYMENT_GUIDE.md +4 -4
- package/README.md +62 -61
- package/RELEASE_NOTES_v1.3.7.md +275 -0
- package/SAFEGUARDS_VERIFICATION_LOG.md +157 -0
- package/dist/core/capability-analyzer.d.ts +1 -7
- package/dist/core/capability-analyzer.d.ts.map +1 -1
- package/dist/core/capability-analyzer.js +6 -241
- package/dist/core/capability-analyzer.js.map +1 -1
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +747 -1191
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/index.d.ts +0 -53
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -1245
- package/dist/index.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +6 -34
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.d.ts +0 -1
- package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +4 -53
- package/dist/interfaces/mcp/mcp-server.js.map +1 -1
- package/dist/shared/types.d.ts +0 -37
- package/dist/shared/types.d.ts.map +1 -1
- package/examples/example-usage.md +43 -38
- package/package.json +2 -3
- package/scripts/validate-documentation.sh +4 -4
- package/src/core/capability-analyzer.ts +7 -298
- package/src/core/safeguard-manager.ts +729 -1173
- package/src/index.ts +0 -1598
- package/src/interfaces/http/http-server.ts +6 -44
- package/src/interfaces/mcp/mcp-server.ts +4 -64
- package/src/shared/types.ts +0 -40
- package/swagger.json +107 -196
|
@@ -115,14 +115,14 @@ VERSION_ISSUES=()
|
|
|
115
115
|
|
|
116
116
|
for file in "${VERSION_FILES[@]}"; do
|
|
117
117
|
if [ -f "$file" ]; then
|
|
118
|
-
if ! grep -q "1.3.
|
|
118
|
+
if ! grep -q "1.3.7" "$file"; then
|
|
119
119
|
VERSION_ISSUES+=("$file")
|
|
120
120
|
fi
|
|
121
121
|
fi
|
|
122
122
|
done
|
|
123
123
|
|
|
124
124
|
if [ ${#VERSION_ISSUES[@]} -eq 0 ]; then
|
|
125
|
-
echo "✅ Version 1.3.
|
|
125
|
+
echo "✅ Version 1.3.7 consistent across all files"
|
|
126
126
|
else
|
|
127
127
|
echo "❌ Version inconsistency in: ${VERSION_ISSUES[*]}"
|
|
128
128
|
fi
|
|
@@ -144,7 +144,7 @@ echo "✅ HTTP Server: Working"
|
|
|
144
144
|
echo "✅ All 4 API Endpoints: Functional"
|
|
145
145
|
echo "✅ 153 CIS Safeguards: Available"
|
|
146
146
|
echo "✅ Documentation: Consistent"
|
|
147
|
-
echo "✅ Version 1.3.
|
|
147
|
+
echo "✅ Version 1.3.7: Aligned"
|
|
148
148
|
echo "✅ Architecture: Clean (4 tools)"
|
|
149
149
|
echo
|
|
150
|
-
echo "🎉 Framework MCP v1.3.
|
|
150
|
+
echo "🎉 Framework MCP v1.3.7 Ready for Release!"
|
|
@@ -1,77 +1,12 @@
|
|
|
1
1
|
import {
|
|
2
2
|
SafeguardElement,
|
|
3
3
|
VendorAnalysis,
|
|
4
|
-
DomainValidationResult,
|
|
5
4
|
PerformanceMetrics,
|
|
6
5
|
CacheEntry,
|
|
7
6
|
QualityAssessment,
|
|
8
|
-
CapabilityType
|
|
9
|
-
DomainRequirement,
|
|
10
|
-
ToolTypeWeights
|
|
7
|
+
CapabilityType
|
|
11
8
|
} from '../shared/types.js';
|
|
12
9
|
|
|
13
|
-
// Domain-specific validation mapping
|
|
14
|
-
const SAFEGUARD_DOMAIN_REQUIREMENTS: Record<string, DomainRequirement> = {
|
|
15
|
-
"1.1": {
|
|
16
|
-
domain: "Asset Inventory",
|
|
17
|
-
required_tool_types: ["inventory", "asset_management", "cmdb", "discovery"],
|
|
18
|
-
description: "Only asset inventory and discovery tools can provide FULL/PARTIAL implementation capability"
|
|
19
|
-
},
|
|
20
|
-
"1.2": {
|
|
21
|
-
domain: "Asset Management",
|
|
22
|
-
required_tool_types: ["inventory", "asset_management", "network_security", "nac"],
|
|
23
|
-
description: "Asset management or network access control tools required for FULL/PARTIAL implementation capability"
|
|
24
|
-
},
|
|
25
|
-
"5.1": {
|
|
26
|
-
domain: "Account Management",
|
|
27
|
-
required_tool_types: ["identity_management", "iam", "directory", "account_management"],
|
|
28
|
-
description: "Identity and account management tools required for FULL/PARTIAL implementation capability"
|
|
29
|
-
},
|
|
30
|
-
"6.3": {
|
|
31
|
-
domain: "Authentication",
|
|
32
|
-
required_tool_types: ["mfa", "authentication", "identity_management", "iam"],
|
|
33
|
-
description: "Multi-factor authentication and identity tools required for FULL/PARTIAL implementation capability"
|
|
34
|
-
},
|
|
35
|
-
"7.1": {
|
|
36
|
-
domain: "Vulnerability Management",
|
|
37
|
-
required_tool_types: ["vulnerability_management", "vulnerability_scanner", "patch_management"],
|
|
38
|
-
description: "Vulnerability management and scanning tools required for FULL/PARTIAL implementation capability"
|
|
39
|
-
}
|
|
40
|
-
};
|
|
41
|
-
|
|
42
|
-
// Tool type detection weights for enhanced accuracy
|
|
43
|
-
const TOOL_TYPE_DETECTION_WEIGHTS: ToolTypeWeights = {
|
|
44
|
-
inventory: {
|
|
45
|
-
keywords: ['inventory', 'asset discovery', 'device enumeration', 'cmdb', 'configuration management database'],
|
|
46
|
-
baseWeight: 3,
|
|
47
|
-
contextBonuses: ['asset', 'device', 'hardware', 'software', 'endpoint']
|
|
48
|
-
},
|
|
49
|
-
asset_management: {
|
|
50
|
-
keywords: ['asset management', 'asset tracking', 'asset lifecycle', 'asset monitoring'],
|
|
51
|
-
baseWeight: 3,
|
|
52
|
-
contextBonuses: ['lifecycle', 'tracking', 'monitoring', 'management']
|
|
53
|
-
},
|
|
54
|
-
identity_management: {
|
|
55
|
-
keywords: ['identity', 'iam', 'identity management', 'user management', 'directory'],
|
|
56
|
-
baseWeight: 3,
|
|
57
|
-
contextBonuses: ['user', 'account', 'authentication', 'authorization', 'ldap', 'active directory']
|
|
58
|
-
},
|
|
59
|
-
vulnerability_management: {
|
|
60
|
-
keywords: ['vulnerability', 'vuln', 'security scanning', 'penetration testing', 'patch management'],
|
|
61
|
-
baseWeight: 3,
|
|
62
|
-
contextBonuses: ['scan', 'test', 'patch', 'remediation', 'cve']
|
|
63
|
-
},
|
|
64
|
-
threat_intelligence: {
|
|
65
|
-
keywords: ['threat intelligence', 'threat feeds', 'ioc', 'indicators', 'threat data'],
|
|
66
|
-
baseWeight: 2,
|
|
67
|
-
contextBonuses: ['intelligence', 'feeds', 'indicators', 'malware', 'threat']
|
|
68
|
-
},
|
|
69
|
-
governance: {
|
|
70
|
-
keywords: ['grc', 'governance', 'compliance management', 'policy management', 'risk management'],
|
|
71
|
-
baseWeight: 2,
|
|
72
|
-
contextBonuses: ['policy', 'compliance', 'governance', 'risk', 'audit']
|
|
73
|
-
}
|
|
74
|
-
};
|
|
75
10
|
|
|
76
11
|
export class CapabilityAnalyzer {
|
|
77
12
|
private cache: Map<string, CacheEntry<any>>;
|
|
@@ -121,88 +56,6 @@ export class CapabilityAnalyzer {
|
|
|
121
56
|
}
|
|
122
57
|
}
|
|
123
58
|
|
|
124
|
-
public validateVendorMapping(
|
|
125
|
-
vendorName: string,
|
|
126
|
-
safeguardId: string,
|
|
127
|
-
claimedCapability: string,
|
|
128
|
-
supportingText: string,
|
|
129
|
-
safeguard: SafeguardElement
|
|
130
|
-
): DomainValidationResult {
|
|
131
|
-
const startTime = Date.now();
|
|
132
|
-
try {
|
|
133
|
-
this.performanceMetrics.totalRequests++;
|
|
134
|
-
|
|
135
|
-
const text = supportingText.toLowerCase();
|
|
136
|
-
|
|
137
|
-
// Detect tool type and validate domain match
|
|
138
|
-
const detectedToolType = this.detectToolType(supportingText, safeguard.id);
|
|
139
|
-
const domainValidation = this.validateDomainMatch(safeguard.id, claimedCapability, detectedToolType);
|
|
140
|
-
|
|
141
|
-
// Adjust capability if domain mismatch detected
|
|
142
|
-
let effectiveCapability = claimedCapability;
|
|
143
|
-
let originalClaim: string | undefined;
|
|
144
|
-
|
|
145
|
-
if (domainValidation.should_adjust_capability) {
|
|
146
|
-
originalClaim = claimedCapability;
|
|
147
|
-
effectiveCapability = domainValidation.adjusted_capability!;
|
|
148
|
-
}
|
|
149
|
-
|
|
150
|
-
// Perform capability-focused analysis of the supporting text
|
|
151
|
-
const actualAnalysis = this.performCapabilityAnalysis(vendorName, safeguard, supportingText);
|
|
152
|
-
|
|
153
|
-
// Validate claimed capability against actual capability analysis and domain requirements
|
|
154
|
-
const validation = this.assessCapabilityClaimAlignment(
|
|
155
|
-
claimedCapability,
|
|
156
|
-
effectiveCapability,
|
|
157
|
-
actualAnalysis,
|
|
158
|
-
domainValidation,
|
|
159
|
-
text
|
|
160
|
-
);
|
|
161
|
-
|
|
162
|
-
// Add domain validation gaps if capability was adjusted
|
|
163
|
-
if (domainValidation.should_adjust_capability) {
|
|
164
|
-
validation.gaps.unshift(`Domain mismatch: ${domainValidation.reasoning}`);
|
|
165
|
-
validation.recommendations.unshift(`Correct capability mapping should be '${effectiveCapability.toUpperCase()}' for ${detectedToolType} tools`);
|
|
166
|
-
// Reduce confidence for domain mismatches
|
|
167
|
-
validation.confidence = Math.max(validation.confidence - 20, 0);
|
|
168
|
-
}
|
|
169
|
-
|
|
170
|
-
const result: DomainValidationResult = {
|
|
171
|
-
vendor: vendorName,
|
|
172
|
-
safeguard_id: safeguard.id,
|
|
173
|
-
safeguard_title: safeguard.title,
|
|
174
|
-
claimed_capability: claimedCapability,
|
|
175
|
-
validation_status: validation.status as 'SUPPORTED' | 'QUESTIONABLE' | 'UNSUPPORTED',
|
|
176
|
-
confidence_score: validation.confidence,
|
|
177
|
-
evidence_analysis: {
|
|
178
|
-
core_requirements_coverage: validation.core_requirements_coverage || 0,
|
|
179
|
-
sub_elements_coverage: validation.sub_elements_coverage || 0,
|
|
180
|
-
governance_alignment: validation.governance_alignment || 0,
|
|
181
|
-
language_consistency: validation.language_consistency || 0
|
|
182
|
-
},
|
|
183
|
-
domain_validation: {
|
|
184
|
-
required_tool_type: domainValidation.required_tool_types.join('/'),
|
|
185
|
-
detected_tool_type: detectedToolType,
|
|
186
|
-
domain_match: domainValidation.domain_match,
|
|
187
|
-
capability_adjusted: domainValidation.should_adjust_capability,
|
|
188
|
-
original_claim: originalClaim
|
|
189
|
-
},
|
|
190
|
-
gaps_identified: validation.gaps,
|
|
191
|
-
strengths_identified: validation.strengths,
|
|
192
|
-
recommendations: validation.recommendations,
|
|
193
|
-
detailed_feedback: validation.feedback
|
|
194
|
-
};
|
|
195
|
-
|
|
196
|
-
// Record performance metrics
|
|
197
|
-
this.recordToolExecution('validateVendorMapping', Date.now() - startTime);
|
|
198
|
-
|
|
199
|
-
return result;
|
|
200
|
-
} catch (error) {
|
|
201
|
-
this.performanceMetrics.errorCount++;
|
|
202
|
-
this.recordToolExecution('validateVendorMapping_error', Date.now() - startTime);
|
|
203
|
-
throw error;
|
|
204
|
-
}
|
|
205
|
-
}
|
|
206
59
|
|
|
207
60
|
private determineClaimedCapability(text: string, safeguard: SafeguardElement): CapabilityType {
|
|
208
61
|
// Capability detection keywords - focused on what the tool DOES, not what elements it covers
|
|
@@ -233,8 +86,12 @@ export class CapabilityAnalyzer {
|
|
|
233
86
|
'compliance tracking', 'audit trail', 'reporting capabilities', 'audit capabilities'
|
|
234
87
|
];
|
|
235
88
|
|
|
236
|
-
//
|
|
237
|
-
const implementationIndicators =
|
|
89
|
+
// General implementation indicators for all safeguards
|
|
90
|
+
const implementationIndicators = [
|
|
91
|
+
'implement', 'implements', 'implementation', 'deploy', 'execute', 'perform',
|
|
92
|
+
'provides', 'delivers', 'complete', 'fully', 'comprehensive', 'directly',
|
|
93
|
+
'natively', 'built-in', 'core functionality', 'primary function', 'main feature'
|
|
94
|
+
];
|
|
238
95
|
|
|
239
96
|
// Calculate keyword presence scores
|
|
240
97
|
const governanceScore = this.calculateKeywordScore(text, governanceIndicators);
|
|
@@ -255,18 +112,6 @@ export class CapabilityAnalyzer {
|
|
|
255
112
|
}
|
|
256
113
|
}
|
|
257
114
|
|
|
258
|
-
private getImplementationIndicators(safeguardId: string): string[] {
|
|
259
|
-
// Return specific indicators for what constitutes direct implementation for each safeguard
|
|
260
|
-
const implementationMap: Record<string, string[]> = {
|
|
261
|
-
"1.1": ['inventory', 'discovery', 'asset management', 'catalog', 'enumerate', 'scan devices', 'device database'],
|
|
262
|
-
"1.2": ['unauthorized', 'rogue', 'detect', 'identify unauthorized', 'quarantine', 'block unauthorized'],
|
|
263
|
-
"5.1": ['account inventory', 'user management', 'identity management', 'account lifecycle', 'user provisioning'],
|
|
264
|
-
"6.3": ['multi-factor', 'mfa', '2fa', 'authentication', 'two-factor', 'multi-factor authentication'],
|
|
265
|
-
"7.1": ['vulnerability', 'vuln', 'scanning', 'vulnerability management', 'security testing', 'penetration testing']
|
|
266
|
-
};
|
|
267
|
-
|
|
268
|
-
return implementationMap[safeguardId] || [];
|
|
269
|
-
}
|
|
270
115
|
|
|
271
116
|
private assessCapabilityQuality(text: string, safeguard: SafeguardElement, claimedCapability: string): QualityAssessment {
|
|
272
117
|
// Assess how well the tool executes the claimed capability type
|
|
@@ -489,145 +334,9 @@ export class CapabilityAnalyzer {
|
|
|
489
334
|
return recommendations[capability];
|
|
490
335
|
}
|
|
491
336
|
|
|
492
|
-
private detectToolType(text: string, safeguardId: string): string {
|
|
493
|
-
const lowerText = text.toLowerCase();
|
|
494
|
-
let bestMatch = 'unknown';
|
|
495
|
-
let highestScore = 0;
|
|
496
337
|
|
|
497
|
-
for (const [toolType, config] of Object.entries(TOOL_TYPE_DETECTION_WEIGHTS)) {
|
|
498
|
-
let score = 0;
|
|
499
|
-
|
|
500
|
-
// Base keyword matching
|
|
501
|
-
for (const keyword of config.keywords) {
|
|
502
|
-
if (lowerText.includes(keyword.toLowerCase())) {
|
|
503
|
-
score += config.baseWeight;
|
|
504
|
-
}
|
|
505
|
-
}
|
|
506
|
-
|
|
507
|
-
// Context bonus keywords
|
|
508
|
-
for (const bonus of config.contextBonuses) {
|
|
509
|
-
if (lowerText.includes(bonus.toLowerCase())) {
|
|
510
|
-
score += 1;
|
|
511
|
-
}
|
|
512
|
-
}
|
|
513
|
-
|
|
514
|
-
if (score > highestScore) {
|
|
515
|
-
highestScore = score;
|
|
516
|
-
bestMatch = toolType;
|
|
517
|
-
}
|
|
518
|
-
}
|
|
519
338
|
|
|
520
|
-
return bestMatch;
|
|
521
|
-
}
|
|
522
|
-
|
|
523
|
-
private validateDomainMatch(safeguardId: string, claimedCapability: string, detectedToolType: string) {
|
|
524
|
-
const domainReq = SAFEGUARD_DOMAIN_REQUIREMENTS[safeguardId];
|
|
525
|
-
|
|
526
|
-
if (!domainReq) {
|
|
527
|
-
return {
|
|
528
|
-
domain_match: true,
|
|
529
|
-
should_adjust_capability: false,
|
|
530
|
-
required_tool_types: ['any'],
|
|
531
|
-
reasoning: 'No specific domain requirements for this safeguard'
|
|
532
|
-
};
|
|
533
|
-
}
|
|
534
|
-
|
|
535
|
-
const needsDomainValidation = ['full', 'partial'].includes(claimedCapability.toLowerCase());
|
|
536
|
-
|
|
537
|
-
if (!needsDomainValidation) {
|
|
538
|
-
return {
|
|
539
|
-
domain_match: true,
|
|
540
|
-
should_adjust_capability: false,
|
|
541
|
-
required_tool_types: domainReq.required_tool_types,
|
|
542
|
-
reasoning: 'Domain validation not required for this capability type'
|
|
543
|
-
};
|
|
544
|
-
}
|
|
545
|
-
|
|
546
|
-
const domainMatch = domainReq.required_tool_types.includes(detectedToolType);
|
|
547
|
-
|
|
548
|
-
return {
|
|
549
|
-
domain_match: domainMatch,
|
|
550
|
-
should_adjust_capability: !domainMatch,
|
|
551
|
-
adjusted_capability: !domainMatch ? 'facilitates' : undefined,
|
|
552
|
-
required_tool_types: domainReq.required_tool_types,
|
|
553
|
-
reasoning: !domainMatch ?
|
|
554
|
-
`Tool type '${detectedToolType}' cannot provide ${claimedCapability.toUpperCase()} coverage for ${domainReq.domain} safeguards` :
|
|
555
|
-
'Tool type matches domain requirements'
|
|
556
|
-
};
|
|
557
|
-
}
|
|
558
|
-
|
|
559
|
-
private assessCapabilityClaimAlignment(
|
|
560
|
-
claimedCapability: string,
|
|
561
|
-
effectiveCapability: string,
|
|
562
|
-
actualAnalysis: VendorAnalysis,
|
|
563
|
-
domainValidation: any,
|
|
564
|
-
text: string
|
|
565
|
-
) {
|
|
566
|
-
const gaps: string[] = [];
|
|
567
|
-
const strengths: string[] = [];
|
|
568
|
-
const recommendations: string[] = [];
|
|
569
|
-
|
|
570
|
-
let confidence = actualAnalysis.confidence;
|
|
571
|
-
let status = 'SUPPORTED';
|
|
572
339
|
|
|
573
|
-
// Assess alignment between claimed and detected capabilities
|
|
574
|
-
if (actualAnalysis.capability !== effectiveCapability.toLowerCase()) {
|
|
575
|
-
gaps.push(`Claimed capability '${claimedCapability}' differs from detected capability '${actualAnalysis.capability}'`);
|
|
576
|
-
confidence = Math.max(confidence - 15, 0);
|
|
577
|
-
}
|
|
578
|
-
|
|
579
|
-
// Add evidence from actual analysis
|
|
580
|
-
if (actualAnalysis.evidence.length > 0) {
|
|
581
|
-
strengths.push(...actualAnalysis.evidence);
|
|
582
|
-
}
|
|
583
|
-
|
|
584
|
-
// Determine final validation status
|
|
585
|
-
if (confidence < 40) {
|
|
586
|
-
status = 'UNSUPPORTED';
|
|
587
|
-
} else if (confidence < 70 || !domainValidation.domain_match) {
|
|
588
|
-
status = 'QUESTIONABLE';
|
|
589
|
-
}
|
|
590
|
-
|
|
591
|
-
return {
|
|
592
|
-
status,
|
|
593
|
-
confidence,
|
|
594
|
-
gaps,
|
|
595
|
-
strengths,
|
|
596
|
-
recommendations,
|
|
597
|
-
feedback: this.generateValidationFeedback(claimedCapability, actualAnalysis, domainValidation, confidence, status),
|
|
598
|
-
core_requirements_coverage: 85, // Placeholder - would calculate from actual analysis
|
|
599
|
-
sub_elements_coverage: 75,
|
|
600
|
-
governance_alignment: 80,
|
|
601
|
-
language_consistency: 90
|
|
602
|
-
};
|
|
603
|
-
}
|
|
604
|
-
|
|
605
|
-
private generateValidationFeedback(
|
|
606
|
-
claimedCapability: string,
|
|
607
|
-
actualAnalysis: VendorAnalysis,
|
|
608
|
-
domainValidation: any,
|
|
609
|
-
confidence: number,
|
|
610
|
-
status: string
|
|
611
|
-
): string {
|
|
612
|
-
let feedback = `Validation of ${claimedCapability.toUpperCase()} capability claim: ${status} (${confidence}% alignment)\n\n`;
|
|
613
|
-
|
|
614
|
-
if (domainValidation.should_adjust_capability) {
|
|
615
|
-
feedback += `DOMAIN VALIDATION: Tool type '${domainValidation.detected_tool_type}' cannot provide ${claimedCapability.toUpperCase()} coverage for this safeguard. Capability automatically adjusted to FACILITATES.\n\n`;
|
|
616
|
-
}
|
|
617
|
-
|
|
618
|
-
if (actualAnalysis.evidence.length > 0) {
|
|
619
|
-
feedback += 'STRENGTHS:\n';
|
|
620
|
-
actualAnalysis.evidence.forEach(evidence => {
|
|
621
|
-
feedback += `• ${evidence}\n`;
|
|
622
|
-
});
|
|
623
|
-
feedback += '\n';
|
|
624
|
-
}
|
|
625
|
-
|
|
626
|
-
feedback += `ASSESSMENT: ${actualAnalysis.toolCapabilityDescription}\n\n`;
|
|
627
|
-
feedback += `RECOMMENDED USE: ${actualAnalysis.recommendedUse}`;
|
|
628
|
-
|
|
629
|
-
return feedback;
|
|
630
|
-
}
|
|
631
340
|
|
|
632
341
|
private calculateKeywordScore(text: string, keywords: string[]): number {
|
|
633
342
|
let matches = 0;
|