framework-mcp 1.3.6 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/mcp-developer.md +41 -0
- package/.claude/agents/project-orchestrator.md +43 -0
- package/.claude/agents/version-consistency-reviewer.md +50 -0
- package/COPILOT_INTEGRATION.md +49 -62
- package/DEPLOYMENT_GUIDE.md +48 -49
- package/MCP_INTEGRATION_GUIDE.md +96 -129
- package/MIGRATION_GUIDE_v1.4.0.md +190 -0
- package/README.md +149 -173
- package/RELEASE_NOTES_v1.3.7.md +275 -0
- package/RELEASE_NOTES_v1.4.0.md +178 -0
- package/SAFEGUARDS_VERIFICATION_LOG.md +157 -0
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +747 -1191
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -2
- package/dist/index.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts +0 -4
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +6 -113
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.d.ts +0 -5
- package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +4 -120
- package/dist/interfaces/mcp/mcp-server.js.map +1 -1
- package/dist/shared/types.d.ts +0 -37
- package/dist/shared/types.d.ts.map +1 -1
- package/examples/example-usage.md +43 -38
- package/examples/llm-analysis-patterns.md +553 -0
- package/package.json +2 -3
- package/scripts/validate-documentation.sh +4 -4
- package/src/core/safeguard-manager.ts +729 -1173
- package/src/index.ts +1 -2
- package/src/interfaces/http/http-server.ts +6 -139
- package/src/interfaces/mcp/mcp-server.ts +4 -145
- package/src/shared/types.ts +0 -40
- package/swagger.json +64 -313
- package/dist/core/capability-analyzer.d.ts +0 -29
- package/dist/core/capability-analyzer.d.ts.map +0 -1
- package/dist/core/capability-analyzer.js +0 -568
- package/dist/core/capability-analyzer.js.map +0 -1
- package/src/core/capability-analyzer.ts +0 -708
|
@@ -13,9 +13,9 @@
|
|
|
13
13
|
|
|
14
14
|
## 1. validate_vendor_mapping (PRIMARY Tool)
|
|
15
15
|
|
|
16
|
-
**Purpose**: Evidence-based validation of vendor capability claims
|
|
16
|
+
**Purpose**: Evidence-based validation of vendor capability claims through comprehensive content analysis
|
|
17
17
|
|
|
18
|
-
### Example 1: FULL Capability Validation (
|
|
18
|
+
### Example 1: FULL Capability Validation (Strong Evidence)
|
|
19
19
|
```bash
|
|
20
20
|
claude-code "Use validate_vendor_mapping to validate:
|
|
21
21
|
Vendor: AssetMax Pro
|
|
@@ -24,18 +24,18 @@ Claimed Capability: full
|
|
|
24
24
|
Supporting Text: Our platform provides comprehensive automated discovery, detailed inventory management with hardware/software tracking, enterprise asset ownership records, departmental assignments, network address management, and documented bi-annual review processes for all enterprise devices."
|
|
25
25
|
```
|
|
26
26
|
|
|
27
|
-
**Expected Result**: SUPPORTED (high confidence
|
|
27
|
+
**Expected Result**: SUPPORTED (high confidence with strong evidence coverage)
|
|
28
28
|
|
|
29
|
-
### Example 2:
|
|
29
|
+
### Example 2: PARTIAL Capability Validation (Limited Scope)
|
|
30
30
|
```bash
|
|
31
31
|
claude-code "Use validate_vendor_mapping to validate:
|
|
32
|
-
Vendor:
|
|
32
|
+
Vendor: NetworkScanner Pro
|
|
33
33
|
Safeguard: 1.1
|
|
34
|
-
Claimed Capability:
|
|
35
|
-
Supporting Text: Our
|
|
34
|
+
Claimed Capability: partial
|
|
35
|
+
Supporting Text: Our network scanner provides comprehensive discovery and detailed inventory of network-connected devices including hardware specifications and operating systems, but is limited to devices accessible via network protocols and does not track software installations or offline systems."
|
|
36
36
|
```
|
|
37
37
|
|
|
38
|
-
**Expected Result**:
|
|
38
|
+
**Expected Result**: SUPPORTED (partial coverage with clearly defined scope limitations)
|
|
39
39
|
|
|
40
40
|
### Example 3: FACILITATES Capability Validation
|
|
41
41
|
```bash
|
|
@@ -46,7 +46,7 @@ Claimed Capability: facilitates
|
|
|
46
46
|
Supporting Text: Our audit platform enhances existing identity management by providing detailed account usage analytics, compliance reporting, and risk-based account prioritization that strengthens account inventory processes."
|
|
47
47
|
```
|
|
48
48
|
|
|
49
|
-
**Expected Result**: SUPPORTED (facilitation language
|
|
49
|
+
**Expected Result**: SUPPORTED (clear facilitation language and enhancement capabilities)
|
|
50
50
|
|
|
51
51
|
---
|
|
52
52
|
|
|
@@ -62,9 +62,9 @@ Safeguard: 5.1
|
|
|
62
62
|
Response Text: We provide centralized identity management with automated user provisioning, comprehensive account lifecycle management, role-based access controls, detailed user directories with departmental tracking, and automated quarterly access reviews with compliance reporting."
|
|
63
63
|
```
|
|
64
64
|
|
|
65
|
-
**Expected Result**: FULL capability (
|
|
65
|
+
**Expected Result**: FULL capability (comprehensive identity management with strong evidence)
|
|
66
66
|
|
|
67
|
-
### Example 2:
|
|
67
|
+
### Example 2: Secondary Capability Analysis
|
|
68
68
|
```bash
|
|
69
69
|
claude-code "Use analyze_vendor_response to analyze:
|
|
70
70
|
Vendor: Nessus Vulnerability Scanner
|
|
@@ -72,7 +72,7 @@ Safeguard: 1.1
|
|
|
72
72
|
Response Text: During vulnerability assessments, we perform comprehensive network discovery and maintain detailed device databases with operating system detection, service enumeration, and hardware fingerprinting."
|
|
73
73
|
```
|
|
74
74
|
|
|
75
|
-
**Expected Result**: FACILITATES capability (
|
|
75
|
+
**Expected Result**: FACILITATES capability (indirect support through discovery capabilities)
|
|
76
76
|
|
|
77
77
|
---
|
|
78
78
|
|
|
@@ -136,17 +136,17 @@ claude-code "Use analyze_vendor_response for each vendor in this list:
|
|
|
136
136
|
3. Vendor: ServiceNow CMDB, Safeguard: 1.1, Response: 'Complete asset lifecycle management...'"
|
|
137
137
|
```
|
|
138
138
|
|
|
139
|
-
###
|
|
139
|
+
### Insufficient Evidence Testing
|
|
140
140
|
```bash
|
|
141
|
-
# Test
|
|
142
|
-
claude-code "Use validate_vendor_mapping to test
|
|
143
|
-
Vendor:
|
|
141
|
+
# Test validation with insufficient evidence
|
|
142
|
+
claude-code "Use validate_vendor_mapping to test evidence analysis:
|
|
143
|
+
Vendor: BasicTracker
|
|
144
144
|
Safeguard: 1.1 (Asset Inventory)
|
|
145
145
|
Claimed: full
|
|
146
|
-
Supporting Text:
|
|
146
|
+
Supporting Text: We help track computers and provide some visibility into your IT environment."
|
|
147
147
|
```
|
|
148
148
|
|
|
149
|
-
**Expected**:
|
|
149
|
+
**Expected**: UNSUPPORTED (insufficient evidence for FULL capability claim)
|
|
150
150
|
|
|
151
151
|
---
|
|
152
152
|
|
|
@@ -160,10 +160,11 @@ Supporting Text: Our SIEM platform logs all network device activity and maintain
|
|
|
160
160
|
"validation_status": "SUPPORTED",
|
|
161
161
|
"confidence_score": 92,
|
|
162
162
|
"validated_capability": "full",
|
|
163
|
-
"
|
|
164
|
-
"
|
|
165
|
-
"
|
|
166
|
-
"
|
|
163
|
+
"content_validation": {
|
|
164
|
+
"implementation_depth": "comprehensive",
|
|
165
|
+
"scope_clarity": "well_defined",
|
|
166
|
+
"evidence_strength": "strong",
|
|
167
|
+
"capability_aligned": true
|
|
167
168
|
},
|
|
168
169
|
"evidence_analysis": {
|
|
169
170
|
"core_requirements_score": 95,
|
|
@@ -174,21 +175,25 @@ Supporting Text: Our SIEM platform logs all network device activity and maintain
|
|
|
174
175
|
}
|
|
175
176
|
```
|
|
176
177
|
|
|
177
|
-
###
|
|
178
|
+
### Insufficient Evidence Example
|
|
178
179
|
```json
|
|
179
180
|
{
|
|
180
|
-
"vendor_name": "
|
|
181
|
+
"vendor_name": "BasicTracker",
|
|
181
182
|
"safeguard_id": "1.1",
|
|
182
|
-
"validation_status": "
|
|
183
|
-
"confidence_score":
|
|
183
|
+
"validation_status": "UNSUPPORTED",
|
|
184
|
+
"confidence_score": 35,
|
|
184
185
|
"claimed_capability": "full",
|
|
185
186
|
"validated_capability": "facilitates",
|
|
186
|
-
"
|
|
187
|
-
"
|
|
188
|
-
"
|
|
189
|
-
"
|
|
190
|
-
"
|
|
191
|
-
}
|
|
187
|
+
"content_validation": {
|
|
188
|
+
"implementation_depth": "limited",
|
|
189
|
+
"scope_clarity": "vague",
|
|
190
|
+
"evidence_strength": "weak",
|
|
191
|
+
"capability_aligned": false
|
|
192
|
+
},
|
|
193
|
+
"gaps_identified": [
|
|
194
|
+
"Insufficient detail on asset tracking capabilities",
|
|
195
|
+
"Missing governance and review processes"
|
|
196
|
+
]
|
|
192
197
|
}
|
|
193
198
|
```
|
|
194
199
|
|
|
@@ -231,11 +236,11 @@ Vendor Response: 'Our endpoint protection platform provides comprehensive asset
|
|
|
231
236
|
|
|
232
237
|
## 💡 Pro Tips
|
|
233
238
|
|
|
234
|
-
### 1. Understanding
|
|
235
|
-
- **
|
|
236
|
-
- **
|
|
237
|
-
- **
|
|
238
|
-
- **
|
|
239
|
+
### 1. Understanding Content Analysis
|
|
240
|
+
- **Implementation Details**: Look for specific technical capabilities and processes
|
|
241
|
+
- **Scope Definition**: Identify clear boundaries and limitations in vendor claims
|
|
242
|
+
- **Evidence Quality**: Assess depth and specificity of supporting information
|
|
243
|
+
- **Language Consistency**: Ensure alignment between claims and supporting evidence
|
|
239
244
|
|
|
240
245
|
### 2. Optimizing Confidence Scores
|
|
241
246
|
- **High scores (80-100%)**: Comprehensive coverage with specific implementation details
|
|
@@ -244,7 +249,7 @@ Vendor Response: 'Our endpoint protection platform provides comprehensive asset
|
|
|
244
249
|
|
|
245
250
|
### 3. Common Validation Patterns
|
|
246
251
|
- **SUPPORTED**: Evidence strongly aligns with claimed capability
|
|
247
|
-
- **QUESTIONABLE**: Partial support
|
|
252
|
+
- **QUESTIONABLE**: Partial support with notable gaps or inconsistencies
|
|
248
253
|
- **UNSUPPORTED**: Evidence does not support the claimed capability
|
|
249
254
|
|
|
250
255
|
### 4. Best Practices
|