framework-mcp 1.3.6 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/mcp-developer.md +41 -0
- package/.claude/agents/project-orchestrator.md +43 -0
- package/.claude/agents/version-consistency-reviewer.md +50 -0
- package/COPILOT_INTEGRATION.md +49 -62
- package/DEPLOYMENT_GUIDE.md +48 -49
- package/MCP_INTEGRATION_GUIDE.md +96 -129
- package/MIGRATION_GUIDE_v1.4.0.md +190 -0
- package/README.md +149 -173
- package/RELEASE_NOTES_v1.3.7.md +275 -0
- package/RELEASE_NOTES_v1.4.0.md +178 -0
- package/SAFEGUARDS_VERIFICATION_LOG.md +157 -0
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +747 -1191
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -2
- package/dist/index.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts +0 -4
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +6 -113
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.d.ts +0 -5
- package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +4 -120
- package/dist/interfaces/mcp/mcp-server.js.map +1 -1
- package/dist/shared/types.d.ts +0 -37
- package/dist/shared/types.d.ts.map +1 -1
- package/examples/example-usage.md +43 -38
- package/examples/llm-analysis-patterns.md +553 -0
- package/package.json +2 -3
- package/scripts/validate-documentation.sh +4 -4
- package/src/core/safeguard-manager.ts +729 -1173
- package/src/index.ts +1 -2
- package/src/interfaces/http/http-server.ts +6 -139
- package/src/interfaces/mcp/mcp-server.ts +4 -145
- package/src/shared/types.ts +0 -40
- package/swagger.json +64 -313
- package/dist/core/capability-analyzer.d.ts +0 -29
- package/dist/core/capability-analyzer.d.ts.map +0 -1
- package/dist/core/capability-analyzer.js +0 -568
- package/dist/core/capability-analyzer.js.map +0 -1
- package/src/core/capability-analyzer.ts +0 -708
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: mcp-developer
|
|
3
|
+
description: Use this agent when implementing code changes, developing new features, or writing code according to sprint requirements. Examples: <example>Context: The project manager has assigned a sprint task to implement a new MCP tool for data validation. user: 'I need to implement the validate_data_format tool according to the sprint requirements' assistant: 'I'll use the mcp-developer agent to implement this new MCP tool according to the sprint specifications' <commentary>Since the user needs to implement code according to sprint requirements, use the mcp-developer agent to write the implementation.</commentary></example> <example>Context: A new feature needs to be added to the MCP server based on sprint planning. user: 'The project manager wants me to add support for CSV file processing in the next sprint' assistant: 'I'll use the mcp-developer agent to implement the CSV processing feature according to the sprint requirements' <commentary>Since this involves implementing new functionality according to sprint planning, use the mcp-developer agent.</commentary></example>
|
|
4
|
+
model: sonnet
|
|
5
|
+
color: orange
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
You are an expert MCP (Model Context Protocol) developer with deep expertise in JSON APIs, TypeScript, and Node.js development. You specialize in implementing MCP servers and tools according to sprint requirements and project specifications.
|
|
9
|
+
|
|
10
|
+
Your core responsibilities:
|
|
11
|
+
- Implement code changes and new features according to sprint requirements provided by the project manager
|
|
12
|
+
- Write clean, maintainable TypeScript code following established project patterns
|
|
13
|
+
- Develop MCP tools and server functionality with proper JSON schema validation
|
|
14
|
+
- Follow the existing codebase architecture and coding standards from CLAUDE.md
|
|
15
|
+
- Ensure all implementations align with MCP protocol specifications
|
|
16
|
+
- Write production-ready code with proper error handling and type safety
|
|
17
|
+
|
|
18
|
+
When implementing code:
|
|
19
|
+
1. **Analyze Sprint Requirements**: Carefully review the sprint specifications and acceptance criteria
|
|
20
|
+
2. **Follow Project Patterns**: Adhere to existing code structure, naming conventions, and architectural patterns
|
|
21
|
+
3. **Implement with Precision**: Write code that exactly meets the specified requirements without over-engineering
|
|
22
|
+
4. **Ensure Type Safety**: Use strict TypeScript typing and proper interface definitions
|
|
23
|
+
5. **Handle Errors Gracefully**: Implement comprehensive error handling and validation
|
|
24
|
+
6. **Optimize Performance**: Consider caching, efficiency, and scalability in your implementations
|
|
25
|
+
7. **Document Code**: Include clear comments for complex logic and maintain JSDoc standards
|
|
26
|
+
|
|
27
|
+
For MCP-specific implementations:
|
|
28
|
+
- Follow MCP protocol standards for tool definitions and responses
|
|
29
|
+
- Implement proper JSON schema validation for all inputs and outputs
|
|
30
|
+
- Ensure tools are properly registered and exported
|
|
31
|
+
- Handle MCP error responses according to protocol specifications
|
|
32
|
+
- Maintain consistency with existing tool patterns in the codebase
|
|
33
|
+
|
|
34
|
+
Code quality standards:
|
|
35
|
+
- Use existing project dependencies and avoid introducing unnecessary new ones
|
|
36
|
+
- Follow the established file structure and organization
|
|
37
|
+
- Implement comprehensive input validation and sanitization
|
|
38
|
+
- Write code that integrates seamlessly with existing functionality
|
|
39
|
+
- Ensure backward compatibility unless explicitly specified otherwise
|
|
40
|
+
|
|
41
|
+
You work collaboratively with the project manager who provides sprint requirements and the consistency reviewer who will review your code before release. Always implement exactly what is specified in the sprint requirements - no more, no less.
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: project-orchestrator
|
|
3
|
+
description: Use this agent when you need to evaluate, approve, or disapprove project plans, coordinate multiple agents, or ensure system-wide coherence. Examples: <example>Context: User is planning to refactor the CIS safeguards data structure. user: 'I want to change how we store safeguard data from objects to arrays for better performance' assistant: 'Let me use the project-orchestrator agent to evaluate this architectural change and its system-wide impacts' <commentary>Since this is a significant architectural decision that could affect multiple parts of the system, use the project-orchestrator to assess the plan holistically.</commentary></example> <example>Context: Multiple agents are being deployed for different tasks. user: 'I've created three new agents for code review, testing, and documentation. Should I deploy them all at once?' assistant: 'I'll use the project-orchestrator agent to coordinate this multi-agent deployment strategy' <commentary>The orchestrator should evaluate the deployment plan and ensure proper sequencing and resource allocation.</commentary></example>
|
|
4
|
+
model: sonnet
|
|
5
|
+
color: green
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
You are the Project Orchestrator, the strategic overseer responsible for evaluating and coordinating all project plans and agent activities. Your role is to ensure system-wide coherence, prevent conflicts, and maintain project integrity through thoughtful analysis and decision-making.
|
|
9
|
+
|
|
10
|
+
Your core responsibilities:
|
|
11
|
+
|
|
12
|
+
**Plan Evaluation Framework:**
|
|
13
|
+
1. **Sequential Impact Analysis** - Trace how proposed changes will ripple through the system, identifying all affected components, dependencies, and downstream effects
|
|
14
|
+
2. **Zen Principle Application** - Seek the path of least resistance that achieves maximum benefit with minimal disruption
|
|
15
|
+
3. **Conflict Detection** - Identify potential conflicts with existing systems, ongoing work, or planned initiatives
|
|
16
|
+
4. **Resource Assessment** - Evaluate whether the plan aligns with available resources and project constraints
|
|
17
|
+
5. **Risk-Benefit Analysis** - Weigh potential gains against implementation costs and risks
|
|
18
|
+
|
|
19
|
+
**Decision-Making Process:**
|
|
20
|
+
- **APPROVE** plans that demonstrate clear value, minimal risk, and proper consideration of system impacts
|
|
21
|
+
- **CONDITIONAL APPROVAL** for plans requiring modifications or specific sequencing
|
|
22
|
+
- **DISAPPROVE** plans that pose unacceptable risks, conflicts, or resource demands
|
|
23
|
+
- **DEFER** plans requiring additional information or stakeholder input
|
|
24
|
+
|
|
25
|
+
**Agent Fleet Management:**
|
|
26
|
+
- Coordinate agent deployment sequences to prevent resource conflicts
|
|
27
|
+
- Ensure agents have complementary rather than overlapping responsibilities
|
|
28
|
+
- Monitor for agent interaction patterns that could cause system instability
|
|
29
|
+
- Establish clear escalation paths and communication protocols between agents
|
|
30
|
+
|
|
31
|
+
**Communication Style:**
|
|
32
|
+
- Provide clear, reasoned decisions with supporting rationale
|
|
33
|
+
- Identify specific concerns and suggest concrete modifications when needed
|
|
34
|
+
- Use structured thinking to break down complex decisions into manageable components
|
|
35
|
+
- Maintain a calm, authoritative tone that inspires confidence in your oversight
|
|
36
|
+
|
|
37
|
+
**Quality Assurance:**
|
|
38
|
+
- Always consider the long-term implications of decisions, not just immediate effects
|
|
39
|
+
- Verify that approved plans align with project goals and architectural principles
|
|
40
|
+
- Ensure decisions maintain system stability and user experience
|
|
41
|
+
- Document key decision points and rationale for future reference
|
|
42
|
+
|
|
43
|
+
When evaluating plans, think step-by-step through the sequential impacts, apply zen principles to find elegant solutions, and make decisions that serve the overall project health. Your approval carries weight - use it wisely to guide the project toward success while preventing costly mistakes.
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: version-consistency-reviewer
|
|
3
|
+
description: Use this agent when you need to review code before committing to GitHub or releasing to NPM to ensure version consistency across all components. Examples: <example>Context: The user has just finished implementing a new feature in their MCP server and is ready to commit the changes. user: 'I've finished adding the new authentication feature to the MCP server. Here's the updated code for review before I commit it.' assistant: 'I'll use the version-consistency-reviewer agent to check that all version numbers are properly aligned before this code is committed.' <commentary>Since the user is preparing to commit code, use the version-consistency-reviewer agent to verify version consistency across package.json, server configuration, and any version tags.</commentary></example> <example>Context: The user is preparing to release a new version of their NPM package. user: 'Ready to publish version 2.1.0 to NPM. Can you review everything is set up correctly?' assistant: 'Let me use the version-consistency-reviewer agent to ensure all version numbers are consistent before publishing.' <commentary>Since the user is preparing for NPM publication, use the version-consistency-reviewer agent to verify CI/CD requirements are met.</commentary></example>
|
|
4
|
+
model: sonnet
|
|
5
|
+
color: yellow
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
You are a Version Consistency Reviewer, an expert in MCP (Model Context Protocol) server development, NPM package management, and CI/CD pipeline requirements. Your primary responsibility is ensuring version consistency across all components before code commits and package releases.
|
|
9
|
+
|
|
10
|
+
Your expertise includes:
|
|
11
|
+
- MCP server architecture and configuration patterns
|
|
12
|
+
- NPM package.json structure and versioning semantics
|
|
13
|
+
- Git tagging strategies and repository management
|
|
14
|
+
- CI/CD pipeline requirements for automated publishing
|
|
15
|
+
- Version synchronization across distributed systems
|
|
16
|
+
|
|
17
|
+
When reviewing code, you will systematically verify:
|
|
18
|
+
|
|
19
|
+
**Version Consistency Checks:**
|
|
20
|
+
1. **package.json version** - Verify the version field matches intended release
|
|
21
|
+
2. **MCP server configuration** - Check server version declarations in code
|
|
22
|
+
3. **Git repository tags** - Ensure tag versions align with package versions
|
|
23
|
+
4. **HTTP server version headers** - Validate version reporting in server responses
|
|
24
|
+
5. **Documentation version references** - Check README, CHANGELOG, and API docs
|
|
25
|
+
6. **Dependency version compatibility** - Verify dependency ranges are appropriate
|
|
26
|
+
|
|
27
|
+
**CI/CD Compliance Verification:**
|
|
28
|
+
- Confirm version increments follow semantic versioning (semver)
|
|
29
|
+
- Validate that Git tags exist and match package.json version
|
|
30
|
+
- Check for version conflicts that would block automated publishing
|
|
31
|
+
- Verify pre-release identifiers are properly formatted
|
|
32
|
+
- Ensure version consistency across monorepo packages if applicable
|
|
33
|
+
|
|
34
|
+
**Review Process:**
|
|
35
|
+
1. **Extract all version declarations** from the codebase
|
|
36
|
+
2. **Cross-reference versions** across package.json, server code, and tags
|
|
37
|
+
3. **Identify discrepancies** and potential CI/CD blocking issues
|
|
38
|
+
4. **Validate semantic versioning** compliance for the intended change type
|
|
39
|
+
5. **Check dependency compatibility** for version updates
|
|
40
|
+
6. **Provide specific remediation steps** for any issues found
|
|
41
|
+
|
|
42
|
+
**Output Format:**
|
|
43
|
+
Provide a structured review with:
|
|
44
|
+
- **Version Summary**: Current versions found across all components
|
|
45
|
+
- **Consistency Status**: PASS/FAIL with specific issues identified
|
|
46
|
+
- **CI/CD Readiness**: Assessment of automated publishing requirements
|
|
47
|
+
- **Recommendations**: Specific actions needed before commit/release
|
|
48
|
+
- **Risk Assessment**: Potential impacts of version mismatches
|
|
49
|
+
|
|
50
|
+
You will be thorough but efficient, focusing on critical version consistency issues that could break CI/CD pipelines or cause deployment failures. Always provide actionable guidance for resolving any version conflicts before code release.
|
package/COPILOT_INTEGRATION.md
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# Microsoft Copilot Integration Guide
|
|
2
2
|
|
|
3
|
-
This guide provides step-by-step instructions for integrating Framework MCP with Microsoft Copilot using custom connectors.
|
|
3
|
+
This guide provides step-by-step instructions for integrating Framework MCP v1.4.0's Pure Data Provider architecture with Microsoft Copilot using custom connectors.
|
|
4
4
|
|
|
5
5
|
## Overview
|
|
6
6
|
|
|
7
|
-
Framework MCP provides a
|
|
7
|
+
Framework MCP v1.4.0 provides a **Pure Data Provider architecture** with dual interfaces enabling both Model Context Protocol (MCP) integration with Claude Code and HTTP API integration with Microsoft Copilot. This empowers security professionals to access authoritative CIS Controls data through their preferred AI platform for sophisticated, LLM-driven vendor capability analysis.
|
|
8
8
|
|
|
9
9
|
## Prerequisites
|
|
10
10
|
|
|
@@ -52,7 +52,7 @@ Expected response:
|
|
|
52
52
|
"uptime": 1234,
|
|
53
53
|
"totalRequests": 0,
|
|
54
54
|
"errorCount": 0,
|
|
55
|
-
"version": "1.
|
|
55
|
+
"version": "1.4.0",
|
|
56
56
|
"timestamp": "2025-08-21T01:00:00.000Z"
|
|
57
57
|
}
|
|
58
58
|
```
|
|
@@ -74,8 +74,8 @@ Expected response:
|
|
|
74
74
|
- Click **Continue**
|
|
75
75
|
|
|
76
76
|
4. **Configure Connector Details**
|
|
77
|
-
- **Name**: Framework MCP -
|
|
78
|
-
- **Description**:
|
|
77
|
+
- **Name**: Framework MCP - Pure Data Provider
|
|
78
|
+
- **Description**: Authoritative CIS Controls Framework data for LLM-driven analysis
|
|
79
79
|
- **Host**: Update to your deployed API URL (e.g., `your-app.ondigitalocean.app`)
|
|
80
80
|
- **Base URL**: `/`
|
|
81
81
|
|
|
@@ -109,89 +109,72 @@ Expected response:
|
|
|
109
109
|
- Select **Custom connector**
|
|
110
110
|
- Choose your Framework MCP connector
|
|
111
111
|
|
|
112
|
-
##
|
|
112
|
+
## Data Actions Configuration
|
|
113
113
|
|
|
114
|
-
### Primary Action:
|
|
114
|
+
### Primary Action: Get Safeguard Details
|
|
115
115
|
|
|
116
|
-
Configure this action for
|
|
116
|
+
Configure this action for detailed CIS safeguard information:
|
|
117
117
|
|
|
118
118
|
**Action Details:**
|
|
119
|
-
- **Name**:
|
|
120
|
-
- **Description**:
|
|
119
|
+
- **Name**: Get CIS Safeguard Details
|
|
120
|
+
- **Description**: Retrieve detailed CIS Controls safeguard breakdown for LLM analysis
|
|
121
121
|
- **Connector**: Framework MCP Custom Connector
|
|
122
|
-
- **Operation**: `
|
|
122
|
+
- **Operation**: `getSafeguardDetails`
|
|
123
123
|
|
|
124
124
|
**Parameters:**
|
|
125
|
-
- **
|
|
126
|
-
- **
|
|
127
|
-
- **claimed_capability** (Required): Capability role (full, partial, facilitates, governance, validates)
|
|
128
|
-
- **supporting_text** (Required): Vendor response supporting their capability claim
|
|
125
|
+
- **safeguardId** (Required): CIS safeguard ID (e.g., "1.1", "5.1", "12.8")
|
|
126
|
+
- **include_examples** (Optional): Include implementation examples (true/false)
|
|
129
127
|
|
|
130
128
|
**Sample Input:**
|
|
131
129
|
```json
|
|
132
130
|
{
|
|
133
|
-
"
|
|
134
|
-
"
|
|
135
|
-
"claimed_capability": "full",
|
|
136
|
-
"supporting_text": "Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets across the organization."
|
|
131
|
+
"safeguardId": "5.1",
|
|
132
|
+
"include_examples": true
|
|
137
133
|
}
|
|
138
134
|
```
|
|
139
135
|
|
|
140
|
-
### Secondary Action:
|
|
136
|
+
### Secondary Action: List All Safeguards
|
|
141
137
|
|
|
142
|
-
Configure this action for
|
|
138
|
+
Configure this action for safeguard discovery:
|
|
143
139
|
|
|
144
140
|
**Action Details:**
|
|
145
|
-
- **Name**:
|
|
146
|
-
- **Description**:
|
|
141
|
+
- **Name**: List CIS Safeguards
|
|
142
|
+
- **Description**: Get complete list of available CIS Controls safeguards
|
|
147
143
|
- **Connector**: Framework MCP Custom Connector
|
|
148
|
-
- **Operation**: `
|
|
149
|
-
|
|
150
|
-
**Parameters:**
|
|
151
|
-
- **vendor_name** (Required): Name of the vendor
|
|
152
|
-
- **safeguard_id** (Required): CIS safeguard ID
|
|
153
|
-
- **response_text** (Required): Vendor response text to analyze
|
|
154
|
-
|
|
155
|
-
### Additional Actions: Safeguard Information
|
|
156
|
-
|
|
157
|
-
**Get Safeguard Details:**
|
|
158
|
-
- **Operation**: `getSafeguardDetails`
|
|
159
|
-
- **Parameters**: safeguard_id, include_examples (optional)
|
|
144
|
+
- **Operation**: `listSafeguards`
|
|
160
145
|
|
|
161
|
-
**
|
|
162
|
-
- **Operation**: `listAvailableSafeguards`
|
|
163
|
-
- **Parameters**: None
|
|
146
|
+
**No Parameters Required**
|
|
164
147
|
|
|
165
148
|
## Example User Interactions
|
|
166
149
|
|
|
167
|
-
Once configured, users can interact with your Copilot using natural language:
|
|
150
|
+
Once configured, users can interact with your Copilot using natural language for LLM-driven analysis:
|
|
168
151
|
|
|
169
|
-
### Capability
|
|
152
|
+
### LLM-Driven Capability Assessment
|
|
170
153
|
|
|
171
154
|
```
|
|
172
|
-
"
|
|
155
|
+
"Get details for safeguard 1.1, then analyze Microsoft Defender for Endpoint's capability: 'Microsoft Defender provides comprehensive asset discovery, detailed hardware and software inventory, and real-time asset status monitoring across all enterprise endpoints.' Determine appropriate capability role and provide confidence assessment."
|
|
173
156
|
|
|
174
|
-
"
|
|
157
|
+
"Retrieve safeguard 5.1 requirements and assess CrowdStrike Falcon: 'We offer centralized identity integration with detailed user account tracking and automated access reviews.' Consider enterprise environment and provide implementation recommendations."
|
|
175
158
|
|
|
176
|
-
"
|
|
159
|
+
"Get safeguard 6.3 details. For a financial services organization with strict compliance requirements, analyze Okta's MFA solution: 'We provide comprehensive multi-factor authentication for all external applications with adaptive authentication policies, risk-based assessments, and SSO integration.'"
|
|
177
160
|
```
|
|
178
161
|
|
|
179
|
-
###
|
|
162
|
+
### Comparative Analysis Examples
|
|
180
163
|
|
|
181
164
|
```
|
|
182
|
-
"
|
|
165
|
+
"Get safeguard 7.1 details and compare these vulnerability management solutions: 1) Rapid7 InsightVM: 'Continuous vulnerability scanning with automated remediation guidance' 2) Qualys VMDR: 'Cloud-based vulnerability scanning with patch prioritization' 3) Tenable Nessus: 'Comprehensive vulnerability assessment with compliance reporting'. Rank by implementation completeness."
|
|
183
166
|
|
|
184
|
-
"
|
|
167
|
+
"Retrieve details for safeguards 13.1, 13.3, and 13.6. Analyze how SentinelOne addresses these network monitoring requirements and identify any coverage gaps."
|
|
185
168
|
```
|
|
186
169
|
|
|
187
|
-
###
|
|
170
|
+
### Data Discovery Requests
|
|
188
171
|
|
|
189
172
|
```
|
|
190
|
-
"
|
|
173
|
+
"Show me all available CIS safeguards related to identity and access management."
|
|
191
174
|
|
|
192
|
-
"
|
|
175
|
+
"Get detailed breakdown of safeguard 11.1 including all sub-elements and governance requirements."
|
|
193
176
|
|
|
194
|
-
"
|
|
177
|
+
"List all Implementation Group 1 (IG1) safeguards for a small business security assessment."
|
|
195
178
|
```
|
|
196
179
|
|
|
197
180
|
## Advanced Configuration
|
|
@@ -201,20 +184,24 @@ Once configured, users can interact with your Copilot using natural language:
|
|
|
201
184
|
Add these instructions to your Copilot's system message:
|
|
202
185
|
|
|
203
186
|
```
|
|
204
|
-
You are a CIS Controls
|
|
187
|
+
You are a CIS Controls expert powered by Framework MCP's Pure Data Provider architecture. You help security professionals perform sophisticated vendor capability analysis using authoritative CIS Controls data.
|
|
205
188
|
|
|
206
189
|
Key Principles:
|
|
207
|
-
1.
|
|
208
|
-
2.
|
|
209
|
-
3.
|
|
210
|
-
4.
|
|
211
|
-
5.
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
1.
|
|
215
|
-
2.
|
|
216
|
-
3.
|
|
217
|
-
4.
|
|
190
|
+
1. Always retrieve detailed safeguard data using get_safeguard_details before analysis
|
|
191
|
+
2. Apply context-aware analysis considering industry, risk profile, and organizational needs
|
|
192
|
+
3. Explain the 5 capability roles: FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES
|
|
193
|
+
4. Provide transparent reasoning with evidence-based assessments
|
|
194
|
+
5. Offer implementation recommendations and deployment guidance
|
|
195
|
+
|
|
196
|
+
Analysis Approach:
|
|
197
|
+
1. Get safeguard requirements using the data actions
|
|
198
|
+
2. Analyze vendor capabilities against detailed CIS requirements
|
|
199
|
+
3. Consider organizational context (industry, size, risk tolerance)
|
|
200
|
+
4. Provide capability role determination with confidence assessment
|
|
201
|
+
5. Include implementation recommendations and integration considerations
|
|
202
|
+
6. For comparative analysis, rank vendors and explain reasoning
|
|
203
|
+
|
|
204
|
+
Flexibility: Adapt analysis methodology based on user needs - strict compliance, risk-based assessment, technology integration, or custom evaluation criteria.
|
|
218
205
|
```
|
|
219
206
|
|
|
220
207
|
### Environment Variables
|
package/DEPLOYMENT_GUIDE.md
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
# Framework MCP Deployment Guide
|
|
2
2
|
|
|
3
|
-
##
|
|
3
|
+
## Pure Data Provider Architecture: MCP + HTTP API
|
|
4
4
|
|
|
5
|
-
Framework MCP v1.
|
|
5
|
+
Framework MCP v1.4.0 features a **Pure Data Provider architecture** with dual interfaces for maximum flexibility:
|
|
6
6
|
|
|
7
|
-
- **MCP Interface**: stdio-based for Claude Code integration
|
|
8
|
-
- **HTTP Interface**: REST API for cloud deployment
|
|
7
|
+
- **MCP Interface**: stdio-based for Claude Code integration with LLM-driven analysis
|
|
8
|
+
- **HTTP Interface**: REST API for cloud deployment and Microsoft Copilot integration
|
|
9
9
|
|
|
10
10
|
---
|
|
11
11
|
|
|
@@ -146,38 +146,20 @@ GET /health
|
|
|
146
146
|
# Returns server status and metrics
|
|
147
147
|
```
|
|
148
148
|
|
|
149
|
-
###
|
|
149
|
+
### Data Endpoints (Pure Provider Architecture)
|
|
150
150
|
```bash
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
"safeguard_id": "1.1",
|
|
155
|
-
"claimed_capability": "full",
|
|
156
|
-
"supporting_text": "Comprehensive asset management..."
|
|
157
|
-
}
|
|
151
|
+
GET /api/safeguards # List all 153 CIS safeguards
|
|
152
|
+
GET /api/safeguards/1.1 # Get detailed safeguard breakdown
|
|
153
|
+
GET /api/safeguards/1.1?include_examples=true # Include implementation examples
|
|
158
154
|
```
|
|
159
155
|
|
|
160
|
-
###
|
|
161
|
-
```bash
|
|
162
|
-
POST /api/analyze-vendor-response
|
|
163
|
-
{
|
|
164
|
-
"vendor_name": "VendorName",
|
|
165
|
-
"safeguard_id": "5.1",
|
|
166
|
-
"response_text": "Our identity management solution..."
|
|
167
|
-
}
|
|
168
|
-
```
|
|
169
|
-
|
|
170
|
-
### Safeguards
|
|
156
|
+
### Monitoring
|
|
171
157
|
```bash
|
|
172
|
-
GET /api/
|
|
173
|
-
GET /api
|
|
174
|
-
GET /api/safeguards/1.1?include_examples=true
|
|
158
|
+
GET /api/metrics # Performance metrics and statistics
|
|
159
|
+
GET /api # API documentation and capabilities
|
|
175
160
|
```
|
|
176
161
|
|
|
177
|
-
|
|
178
|
-
```bash
|
|
179
|
-
GET /api/metrics # Performance metrics
|
|
180
|
-
```
|
|
162
|
+
**LLM-Driven Analysis**: The Pure Data Provider architecture supplies authoritative CIS data while LLMs perform sophisticated vendor capability analysis with unlimited flexibility.
|
|
181
163
|
|
|
182
164
|
---
|
|
183
165
|
|
|
@@ -185,45 +167,62 @@ GET /api/metrics # Performance metrics
|
|
|
185
167
|
|
|
186
168
|
### HTTP Interface Advantages
|
|
187
169
|
- ✅ **DigitalOcean Compatible**: Uses HTTP instead of stdio
|
|
188
|
-
- ✅ **REST API**: Standard HTTP endpoints
|
|
170
|
+
- ✅ **REST API**: Standard HTTP endpoints for data access
|
|
189
171
|
- ✅ **Health Checks**: Platform monitoring support
|
|
190
172
|
- ✅ **CORS Enabled**: Web application integration
|
|
191
173
|
- ✅ **Production Ready**: Error handling, security, compression
|
|
174
|
+
- ✅ **Microsoft Copilot**: Custom connector compatibility
|
|
192
175
|
|
|
193
176
|
### MCP Interface Advantages
|
|
194
177
|
- ✅ **Claude Code Integration**: Native stdio communication
|
|
195
178
|
- ✅ **Tool Discovery**: Automatic tool registration
|
|
196
179
|
- ✅ **Type Safety**: Full MCP schema validation
|
|
197
|
-
- ✅ **
|
|
180
|
+
- ✅ **LLM-Driven Analysis**: Direct access to safeguards data for intelligent analysis
|
|
198
181
|
|
|
199
|
-
###
|
|
200
|
-
- ✅ **
|
|
201
|
-
- ✅ **
|
|
202
|
-
- ✅ **Performance**:
|
|
203
|
-
- ✅ **
|
|
182
|
+
### Pure Data Provider Benefits
|
|
183
|
+
- ✅ **Clean Architecture**: Simple data provision without analysis complexity
|
|
184
|
+
- ✅ **LLM Flexibility**: Unlimited analysis approaches and methodologies
|
|
185
|
+
- ✅ **Performance Optimized**: Fast data retrieval for real-time analysis
|
|
186
|
+
- ✅ **Context-Aware**: LLMs can apply industry, risk, and organizational context
|
|
187
|
+
- ✅ **Transparent Reasoning**: Full visibility into analysis logic and evidence
|
|
204
188
|
|
|
205
189
|
---
|
|
206
190
|
|
|
207
191
|
## Migration Guide
|
|
208
192
|
|
|
209
|
-
###
|
|
193
|
+
### Migrating to Pure Data Provider v1.4.0
|
|
210
194
|
|
|
211
|
-
1. **
|
|
212
|
-
2. **
|
|
213
|
-
3. **
|
|
195
|
+
1. **Simplified Architecture**: Analysis logic moved to LLM capability
|
|
196
|
+
2. **Enhanced Flexibility**: Unlimited analysis approaches and methodologies
|
|
197
|
+
3. **Maintained Compatibility**: Both interfaces continue providing data access
|
|
198
|
+
4. **Improved Performance**: Optimized for fast data retrieval
|
|
214
199
|
|
|
215
200
|
### Use Case Guidelines
|
|
216
201
|
|
|
217
202
|
**Use MCP Interface When:**
|
|
218
|
-
- Integrating with Claude Code
|
|
203
|
+
- Integrating with Claude Code for LLM-driven analysis
|
|
219
204
|
- Local development and testing
|
|
220
|
-
-
|
|
205
|
+
- Direct tool-based interactions with LLMs
|
|
221
206
|
|
|
222
207
|
**Use HTTP Interface When:**
|
|
223
|
-
- Cloud deployment required
|
|
224
|
-
-
|
|
225
|
-
- API-based access needed
|
|
226
|
-
-
|
|
208
|
+
- Cloud deployment required (DigitalOcean, Railway, Render)
|
|
209
|
+
- Microsoft Copilot custom connector integration
|
|
210
|
+
- Web application or API-based access needed
|
|
211
|
+
- Distributed team access to CIS Controls data
|
|
212
|
+
|
|
213
|
+
### Analysis Pattern Migration
|
|
214
|
+
|
|
215
|
+
**Old Approach (v1.3.7):**
|
|
216
|
+
```bash
|
|
217
|
+
POST /api/analyze-vendor-response
|
|
218
|
+
# Hardcoded analysis with fixed validation rules
|
|
219
|
+
```
|
|
220
|
+
|
|
221
|
+
**New Approach (v1.4.0):**
|
|
222
|
+
```bash
|
|
223
|
+
GET /api/safeguards/5.1
|
|
224
|
+
# Get authoritative data, then use LLM for sophisticated analysis
|
|
225
|
+
```
|
|
227
226
|
|
|
228
227
|
---
|
|
229
228
|
|
|
@@ -320,7 +319,7 @@ npm install express-rate-limit
|
|
|
320
319
|
### HTTP Deployment Successful When:
|
|
321
320
|
- ✅ Health check returns 200 status
|
|
322
321
|
- ✅ `/api/validate-vendor-mapping` accepts POST requests
|
|
323
|
-
- ✅
|
|
322
|
+
- ✅ Content-based capability analysis works correctly
|
|
324
323
|
- ✅ All 5 capability roles determined accurately
|
|
325
324
|
- ✅ Performance metrics show >95% cache efficiency
|
|
326
325
|
|
|
@@ -332,4 +331,4 @@ npm install express-rate-limit
|
|
|
332
331
|
|
|
333
332
|
---
|
|
334
333
|
|
|
335
|
-
**🎉 Framework MCP v1.3.
|
|
334
|
+
**🎉 Framework MCP v1.3.7 solves the DigitalOcean stdio vs HTTP architecture mismatch while preserving full MCP functionality!**
|