framework-mcp 1.3.5 → 1.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/.claude/agents/mcp-developer.md +41 -0
  2. package/.claude/agents/project-orchestrator.md +43 -0
  3. package/.claude/agents/version-consistency-reviewer.md +50 -0
  4. package/COPILOT_INTEGRATION.md +1 -1
  5. package/DEPLOYMENT_GUIDE.md +4 -4
  6. package/README.md +62 -61
  7. package/RELEASE_NOTES_v1.3.7.md +275 -0
  8. package/SAFEGUARDS_VERIFICATION_LOG.md +157 -0
  9. package/dist/core/capability-analyzer.d.ts +1 -7
  10. package/dist/core/capability-analyzer.d.ts.map +1 -1
  11. package/dist/core/capability-analyzer.js +6 -241
  12. package/dist/core/capability-analyzer.js.map +1 -1
  13. package/dist/core/safeguard-manager.d.ts.map +1 -1
  14. package/dist/core/safeguard-manager.js +747 -1191
  15. package/dist/core/safeguard-manager.js.map +1 -1
  16. package/dist/index.d.ts +0 -53
  17. package/dist/index.d.ts.map +1 -1
  18. package/dist/index.js +0 -1245
  19. package/dist/index.js.map +1 -1
  20. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  21. package/dist/interfaces/http/http-server.js +6 -34
  22. package/dist/interfaces/http/http-server.js.map +1 -1
  23. package/dist/interfaces/mcp/mcp-server.d.ts +0 -1
  24. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
  25. package/dist/interfaces/mcp/mcp-server.js +4 -53
  26. package/dist/interfaces/mcp/mcp-server.js.map +1 -1
  27. package/dist/shared/types.d.ts +0 -37
  28. package/dist/shared/types.d.ts.map +1 -1
  29. package/examples/example-usage.md +43 -38
  30. package/package.json +2 -3
  31. package/scripts/validate-documentation.sh +4 -4
  32. package/src/core/capability-analyzer.ts +7 -298
  33. package/src/core/safeguard-manager.ts +729 -1173
  34. package/src/index.ts +0 -1598
  35. package/src/interfaces/http/http-server.ts +6 -44
  36. package/src/interfaces/mcp/mcp-server.ts +4 -64
  37. package/src/shared/types.ts +0 -40
  38. package/swagger.json +107 -196
@@ -115,14 +115,14 @@ VERSION_ISSUES=()
115
115
 
116
116
  for file in "${VERSION_FILES[@]}"; do
117
117
  if [ -f "$file" ]; then
118
- if ! grep -q "1.3.5" "$file"; then
118
+ if ! grep -q "1.3.7" "$file"; then
119
119
  VERSION_ISSUES+=("$file")
120
120
  fi
121
121
  fi
122
122
  done
123
123
 
124
124
  if [ ${#VERSION_ISSUES[@]} -eq 0 ]; then
125
- echo "✅ Version 1.3.5 consistent across all files"
125
+ echo "✅ Version 1.3.7 consistent across all files"
126
126
  else
127
127
  echo "❌ Version inconsistency in: ${VERSION_ISSUES[*]}"
128
128
  fi
@@ -144,7 +144,7 @@ echo "✅ HTTP Server: Working"
144
144
  echo "✅ All 4 API Endpoints: Functional"
145
145
  echo "✅ 153 CIS Safeguards: Available"
146
146
  echo "✅ Documentation: Consistent"
147
- echo "✅ Version 1.3.5: Aligned"
147
+ echo "✅ Version 1.3.7: Aligned"
148
148
  echo "✅ Architecture: Clean (4 tools)"
149
149
  echo
150
- echo "🎉 Framework MCP v1.3.5 Ready for Release!"
150
+ echo "🎉 Framework MCP v1.3.7 Ready for Release!"
@@ -1,77 +1,12 @@
1
1
  import {
2
2
  SafeguardElement,
3
3
  VendorAnalysis,
4
- DomainValidationResult,
5
4
  PerformanceMetrics,
6
5
  CacheEntry,
7
6
  QualityAssessment,
8
- CapabilityType,
9
- DomainRequirement,
10
- ToolTypeWeights
7
+ CapabilityType
11
8
  } from '../shared/types.js';
12
9
 
13
- // Domain-specific validation mapping
14
- const SAFEGUARD_DOMAIN_REQUIREMENTS: Record<string, DomainRequirement> = {
15
- "1.1": {
16
- domain: "Asset Inventory",
17
- required_tool_types: ["inventory", "asset_management", "cmdb", "discovery"],
18
- description: "Only asset inventory and discovery tools can provide FULL/PARTIAL implementation capability"
19
- },
20
- "1.2": {
21
- domain: "Asset Management",
22
- required_tool_types: ["inventory", "asset_management", "network_security", "nac"],
23
- description: "Asset management or network access control tools required for FULL/PARTIAL implementation capability"
24
- },
25
- "5.1": {
26
- domain: "Account Management",
27
- required_tool_types: ["identity_management", "iam", "directory", "account_management"],
28
- description: "Identity and account management tools required for FULL/PARTIAL implementation capability"
29
- },
30
- "6.3": {
31
- domain: "Authentication",
32
- required_tool_types: ["mfa", "authentication", "identity_management", "iam"],
33
- description: "Multi-factor authentication and identity tools required for FULL/PARTIAL implementation capability"
34
- },
35
- "7.1": {
36
- domain: "Vulnerability Management",
37
- required_tool_types: ["vulnerability_management", "vulnerability_scanner", "patch_management"],
38
- description: "Vulnerability management and scanning tools required for FULL/PARTIAL implementation capability"
39
- }
40
- };
41
-
42
- // Tool type detection weights for enhanced accuracy
43
- const TOOL_TYPE_DETECTION_WEIGHTS: ToolTypeWeights = {
44
- inventory: {
45
- keywords: ['inventory', 'asset discovery', 'device enumeration', 'cmdb', 'configuration management database'],
46
- baseWeight: 3,
47
- contextBonuses: ['asset', 'device', 'hardware', 'software', 'endpoint']
48
- },
49
- asset_management: {
50
- keywords: ['asset management', 'asset tracking', 'asset lifecycle', 'asset monitoring'],
51
- baseWeight: 3,
52
- contextBonuses: ['lifecycle', 'tracking', 'monitoring', 'management']
53
- },
54
- identity_management: {
55
- keywords: ['identity', 'iam', 'identity management', 'user management', 'directory'],
56
- baseWeight: 3,
57
- contextBonuses: ['user', 'account', 'authentication', 'authorization', 'ldap', 'active directory']
58
- },
59
- vulnerability_management: {
60
- keywords: ['vulnerability', 'vuln', 'security scanning', 'penetration testing', 'patch management'],
61
- baseWeight: 3,
62
- contextBonuses: ['scan', 'test', 'patch', 'remediation', 'cve']
63
- },
64
- threat_intelligence: {
65
- keywords: ['threat intelligence', 'threat feeds', 'ioc', 'indicators', 'threat data'],
66
- baseWeight: 2,
67
- contextBonuses: ['intelligence', 'feeds', 'indicators', 'malware', 'threat']
68
- },
69
- governance: {
70
- keywords: ['grc', 'governance', 'compliance management', 'policy management', 'risk management'],
71
- baseWeight: 2,
72
- contextBonuses: ['policy', 'compliance', 'governance', 'risk', 'audit']
73
- }
74
- };
75
10
 
76
11
  export class CapabilityAnalyzer {
77
12
  private cache: Map<string, CacheEntry<any>>;
@@ -121,88 +56,6 @@ export class CapabilityAnalyzer {
121
56
  }
122
57
  }
123
58
 
124
- public validateVendorMapping(
125
- vendorName: string,
126
- safeguardId: string,
127
- claimedCapability: string,
128
- supportingText: string,
129
- safeguard: SafeguardElement
130
- ): DomainValidationResult {
131
- const startTime = Date.now();
132
- try {
133
- this.performanceMetrics.totalRequests++;
134
-
135
- const text = supportingText.toLowerCase();
136
-
137
- // Detect tool type and validate domain match
138
- const detectedToolType = this.detectToolType(supportingText, safeguard.id);
139
- const domainValidation = this.validateDomainMatch(safeguard.id, claimedCapability, detectedToolType);
140
-
141
- // Adjust capability if domain mismatch detected
142
- let effectiveCapability = claimedCapability;
143
- let originalClaim: string | undefined;
144
-
145
- if (domainValidation.should_adjust_capability) {
146
- originalClaim = claimedCapability;
147
- effectiveCapability = domainValidation.adjusted_capability!;
148
- }
149
-
150
- // Perform capability-focused analysis of the supporting text
151
- const actualAnalysis = this.performCapabilityAnalysis(vendorName, safeguard, supportingText);
152
-
153
- // Validate claimed capability against actual capability analysis and domain requirements
154
- const validation = this.assessCapabilityClaimAlignment(
155
- claimedCapability,
156
- effectiveCapability,
157
- actualAnalysis,
158
- domainValidation,
159
- text
160
- );
161
-
162
- // Add domain validation gaps if capability was adjusted
163
- if (domainValidation.should_adjust_capability) {
164
- validation.gaps.unshift(`Domain mismatch: ${domainValidation.reasoning}`);
165
- validation.recommendations.unshift(`Correct capability mapping should be '${effectiveCapability.toUpperCase()}' for ${detectedToolType} tools`);
166
- // Reduce confidence for domain mismatches
167
- validation.confidence = Math.max(validation.confidence - 20, 0);
168
- }
169
-
170
- const result: DomainValidationResult = {
171
- vendor: vendorName,
172
- safeguard_id: safeguard.id,
173
- safeguard_title: safeguard.title,
174
- claimed_capability: claimedCapability,
175
- validation_status: validation.status as 'SUPPORTED' | 'QUESTIONABLE' | 'UNSUPPORTED',
176
- confidence_score: validation.confidence,
177
- evidence_analysis: {
178
- core_requirements_coverage: validation.core_requirements_coverage || 0,
179
- sub_elements_coverage: validation.sub_elements_coverage || 0,
180
- governance_alignment: validation.governance_alignment || 0,
181
- language_consistency: validation.language_consistency || 0
182
- },
183
- domain_validation: {
184
- required_tool_type: domainValidation.required_tool_types.join('/'),
185
- detected_tool_type: detectedToolType,
186
- domain_match: domainValidation.domain_match,
187
- capability_adjusted: domainValidation.should_adjust_capability,
188
- original_claim: originalClaim
189
- },
190
- gaps_identified: validation.gaps,
191
- strengths_identified: validation.strengths,
192
- recommendations: validation.recommendations,
193
- detailed_feedback: validation.feedback
194
- };
195
-
196
- // Record performance metrics
197
- this.recordToolExecution('validateVendorMapping', Date.now() - startTime);
198
-
199
- return result;
200
- } catch (error) {
201
- this.performanceMetrics.errorCount++;
202
- this.recordToolExecution('validateVendorMapping_error', Date.now() - startTime);
203
- throw error;
204
- }
205
- }
206
59
 
207
60
  private determineClaimedCapability(text: string, safeguard: SafeguardElement): CapabilityType {
208
61
  // Capability detection keywords - focused on what the tool DOES, not what elements it covers
@@ -233,8 +86,12 @@ export class CapabilityAnalyzer {
233
86
  'compliance tracking', 'audit trail', 'reporting capabilities', 'audit capabilities'
234
87
  ];
235
88
 
236
- // Direct implementation indicators (tools that actually perform the safeguard)
237
- const implementationIndicators = this.getImplementationIndicators(safeguard.id);
89
+ // General implementation indicators for all safeguards
90
+ const implementationIndicators = [
91
+ 'implement', 'implements', 'implementation', 'deploy', 'execute', 'perform',
92
+ 'provides', 'delivers', 'complete', 'fully', 'comprehensive', 'directly',
93
+ 'natively', 'built-in', 'core functionality', 'primary function', 'main feature'
94
+ ];
238
95
 
239
96
  // Calculate keyword presence scores
240
97
  const governanceScore = this.calculateKeywordScore(text, governanceIndicators);
@@ -255,18 +112,6 @@ export class CapabilityAnalyzer {
255
112
  }
256
113
  }
257
114
 
258
- private getImplementationIndicators(safeguardId: string): string[] {
259
- // Return specific indicators for what constitutes direct implementation for each safeguard
260
- const implementationMap: Record<string, string[]> = {
261
- "1.1": ['inventory', 'discovery', 'asset management', 'catalog', 'enumerate', 'scan devices', 'device database'],
262
- "1.2": ['unauthorized', 'rogue', 'detect', 'identify unauthorized', 'quarantine', 'block unauthorized'],
263
- "5.1": ['account inventory', 'user management', 'identity management', 'account lifecycle', 'user provisioning'],
264
- "6.3": ['multi-factor', 'mfa', '2fa', 'authentication', 'two-factor', 'multi-factor authentication'],
265
- "7.1": ['vulnerability', 'vuln', 'scanning', 'vulnerability management', 'security testing', 'penetration testing']
266
- };
267
-
268
- return implementationMap[safeguardId] || [];
269
- }
270
115
 
271
116
  private assessCapabilityQuality(text: string, safeguard: SafeguardElement, claimedCapability: string): QualityAssessment {
272
117
  // Assess how well the tool executes the claimed capability type
@@ -489,145 +334,9 @@ export class CapabilityAnalyzer {
489
334
  return recommendations[capability];
490
335
  }
491
336
 
492
- private detectToolType(text: string, safeguardId: string): string {
493
- const lowerText = text.toLowerCase();
494
- let bestMatch = 'unknown';
495
- let highestScore = 0;
496
337
 
497
- for (const [toolType, config] of Object.entries(TOOL_TYPE_DETECTION_WEIGHTS)) {
498
- let score = 0;
499
-
500
- // Base keyword matching
501
- for (const keyword of config.keywords) {
502
- if (lowerText.includes(keyword.toLowerCase())) {
503
- score += config.baseWeight;
504
- }
505
- }
506
-
507
- // Context bonus keywords
508
- for (const bonus of config.contextBonuses) {
509
- if (lowerText.includes(bonus.toLowerCase())) {
510
- score += 1;
511
- }
512
- }
513
-
514
- if (score > highestScore) {
515
- highestScore = score;
516
- bestMatch = toolType;
517
- }
518
- }
519
338
 
520
- return bestMatch;
521
- }
522
-
523
- private validateDomainMatch(safeguardId: string, claimedCapability: string, detectedToolType: string) {
524
- const domainReq = SAFEGUARD_DOMAIN_REQUIREMENTS[safeguardId];
525
-
526
- if (!domainReq) {
527
- return {
528
- domain_match: true,
529
- should_adjust_capability: false,
530
- required_tool_types: ['any'],
531
- reasoning: 'No specific domain requirements for this safeguard'
532
- };
533
- }
534
-
535
- const needsDomainValidation = ['full', 'partial'].includes(claimedCapability.toLowerCase());
536
-
537
- if (!needsDomainValidation) {
538
- return {
539
- domain_match: true,
540
- should_adjust_capability: false,
541
- required_tool_types: domainReq.required_tool_types,
542
- reasoning: 'Domain validation not required for this capability type'
543
- };
544
- }
545
-
546
- const domainMatch = domainReq.required_tool_types.includes(detectedToolType);
547
-
548
- return {
549
- domain_match: domainMatch,
550
- should_adjust_capability: !domainMatch,
551
- adjusted_capability: !domainMatch ? 'facilitates' : undefined,
552
- required_tool_types: domainReq.required_tool_types,
553
- reasoning: !domainMatch ?
554
- `Tool type '${detectedToolType}' cannot provide ${claimedCapability.toUpperCase()} coverage for ${domainReq.domain} safeguards` :
555
- 'Tool type matches domain requirements'
556
- };
557
- }
558
-
559
- private assessCapabilityClaimAlignment(
560
- claimedCapability: string,
561
- effectiveCapability: string,
562
- actualAnalysis: VendorAnalysis,
563
- domainValidation: any,
564
- text: string
565
- ) {
566
- const gaps: string[] = [];
567
- const strengths: string[] = [];
568
- const recommendations: string[] = [];
569
-
570
- let confidence = actualAnalysis.confidence;
571
- let status = 'SUPPORTED';
572
339
 
573
- // Assess alignment between claimed and detected capabilities
574
- if (actualAnalysis.capability !== effectiveCapability.toLowerCase()) {
575
- gaps.push(`Claimed capability '${claimedCapability}' differs from detected capability '${actualAnalysis.capability}'`);
576
- confidence = Math.max(confidence - 15, 0);
577
- }
578
-
579
- // Add evidence from actual analysis
580
- if (actualAnalysis.evidence.length > 0) {
581
- strengths.push(...actualAnalysis.evidence);
582
- }
583
-
584
- // Determine final validation status
585
- if (confidence < 40) {
586
- status = 'UNSUPPORTED';
587
- } else if (confidence < 70 || !domainValidation.domain_match) {
588
- status = 'QUESTIONABLE';
589
- }
590
-
591
- return {
592
- status,
593
- confidence,
594
- gaps,
595
- strengths,
596
- recommendations,
597
- feedback: this.generateValidationFeedback(claimedCapability, actualAnalysis, domainValidation, confidence, status),
598
- core_requirements_coverage: 85, // Placeholder - would calculate from actual analysis
599
- sub_elements_coverage: 75,
600
- governance_alignment: 80,
601
- language_consistency: 90
602
- };
603
- }
604
-
605
- private generateValidationFeedback(
606
- claimedCapability: string,
607
- actualAnalysis: VendorAnalysis,
608
- domainValidation: any,
609
- confidence: number,
610
- status: string
611
- ): string {
612
- let feedback = `Validation of ${claimedCapability.toUpperCase()} capability claim: ${status} (${confidence}% alignment)\n\n`;
613
-
614
- if (domainValidation.should_adjust_capability) {
615
- feedback += `DOMAIN VALIDATION: Tool type '${domainValidation.detected_tool_type}' cannot provide ${claimedCapability.toUpperCase()} coverage for this safeguard. Capability automatically adjusted to FACILITATES.\n\n`;
616
- }
617
-
618
- if (actualAnalysis.evidence.length > 0) {
619
- feedback += 'STRENGTHS:\n';
620
- actualAnalysis.evidence.forEach(evidence => {
621
- feedback += `• ${evidence}\n`;
622
- });
623
- feedback += '\n';
624
- }
625
-
626
- feedback += `ASSESSMENT: ${actualAnalysis.toolCapabilityDescription}\n\n`;
627
- feedback += `RECOMMENDED USE: ${actualAnalysis.recommendedUse}`;
628
-
629
- return feedback;
630
- }
631
340
 
632
341
  private calculateKeywordScore(text: string, keywords: string[]): number {
633
342
  let matches = 0;