framework-mcp 1.3.6 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/.claude/agents/mcp-developer.md +41 -0
  2. package/.claude/agents/project-orchestrator.md +43 -0
  3. package/.claude/agents/version-consistency-reviewer.md +50 -0
  4. package/COPILOT_INTEGRATION.md +49 -62
  5. package/DEPLOYMENT_GUIDE.md +48 -49
  6. package/MCP_INTEGRATION_GUIDE.md +96 -129
  7. package/MIGRATION_GUIDE_v1.4.0.md +190 -0
  8. package/README.md +149 -173
  9. package/RELEASE_NOTES_v1.3.7.md +275 -0
  10. package/RELEASE_NOTES_v1.4.0.md +178 -0
  11. package/SAFEGUARDS_VERIFICATION_LOG.md +157 -0
  12. package/dist/core/safeguard-manager.d.ts.map +1 -1
  13. package/dist/core/safeguard-manager.js +747 -1191
  14. package/dist/core/safeguard-manager.js.map +1 -1
  15. package/dist/index.d.ts +0 -1
  16. package/dist/index.d.ts.map +1 -1
  17. package/dist/index.js +1 -2
  18. package/dist/index.js.map +1 -1
  19. package/dist/interfaces/http/http-server.d.ts +0 -4
  20. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  21. package/dist/interfaces/http/http-server.js +6 -113
  22. package/dist/interfaces/http/http-server.js.map +1 -1
  23. package/dist/interfaces/mcp/mcp-server.d.ts +0 -5
  24. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
  25. package/dist/interfaces/mcp/mcp-server.js +4 -120
  26. package/dist/interfaces/mcp/mcp-server.js.map +1 -1
  27. package/dist/shared/types.d.ts +0 -37
  28. package/dist/shared/types.d.ts.map +1 -1
  29. package/examples/example-usage.md +43 -38
  30. package/examples/llm-analysis-patterns.md +553 -0
  31. package/package.json +2 -3
  32. package/scripts/validate-documentation.sh +4 -4
  33. package/src/core/safeguard-manager.ts +729 -1173
  34. package/src/index.ts +1 -2
  35. package/src/interfaces/http/http-server.ts +6 -139
  36. package/src/interfaces/mcp/mcp-server.ts +4 -145
  37. package/src/shared/types.ts +0 -40
  38. package/swagger.json +64 -313
  39. package/dist/core/capability-analyzer.d.ts +0 -29
  40. package/dist/core/capability-analyzer.d.ts.map +0 -1
  41. package/dist/core/capability-analyzer.js +0 -568
  42. package/dist/core/capability-analyzer.js.map +0 -1
  43. package/src/core/capability-analyzer.ts +0 -708
@@ -13,9 +13,9 @@
13
13
 
14
14
  ## 1. validate_vendor_mapping (PRIMARY Tool)
15
15
 
16
- **Purpose**: Evidence-based validation of vendor capability claims with domain validation
16
+ **Purpose**: Evidence-based validation of vendor capability claims through comprehensive content analysis
17
17
 
18
- ### Example 1: FULL Capability Validation (Domain Match)
18
+ ### Example 1: FULL Capability Validation (Strong Evidence)
19
19
  ```bash
20
20
  claude-code "Use validate_vendor_mapping to validate:
21
21
  Vendor: AssetMax Pro
@@ -24,18 +24,18 @@ Claimed Capability: full
24
24
  Supporting Text: Our platform provides comprehensive automated discovery, detailed inventory management with hardware/software tracking, enterprise asset ownership records, departmental assignments, network address management, and documented bi-annual review processes for all enterprise devices."
25
25
  ```
26
26
 
27
- **Expected Result**: SUPPORTED (high confidence, no auto-downgrade)
27
+ **Expected Result**: SUPPORTED (high confidence with strong evidence coverage)
28
28
 
29
- ### Example 2: FULL Capability Validation (Domain Mismatch - Auto-Downgrade)
29
+ ### Example 2: PARTIAL Capability Validation (Limited Scope)
30
30
  ```bash
31
31
  claude-code "Use validate_vendor_mapping to validate:
32
- Vendor: ThreatIntel Pro
32
+ Vendor: NetworkScanner Pro
33
33
  Safeguard: 1.1
34
- Claimed Capability: full
35
- Supporting Text: Our threat intelligence platform discovers network devices during security scans and maintains detailed vulnerability databases with comprehensive asset visibility."
34
+ Claimed Capability: partial
35
+ Supporting Text: Our network scanner provides comprehensive discovery and detailed inventory of network-connected devices including hardware specifications and operating systems, but is limited to devices accessible via network protocols and does not track software installations or offline systems."
36
36
  ```
37
37
 
38
- **Expected Result**: Auto-downgraded from FULL FACILITATES (domain mismatch: threat_intelligence ≠ inventory)
38
+ **Expected Result**: SUPPORTED (partial coverage with clearly defined scope limitations)
39
39
 
40
40
  ### Example 3: FACILITATES Capability Validation
41
41
  ```bash
@@ -46,7 +46,7 @@ Claimed Capability: facilitates
46
46
  Supporting Text: Our audit platform enhances existing identity management by providing detailed account usage analytics, compliance reporting, and risk-based account prioritization that strengthens account inventory processes."
47
47
  ```
48
48
 
49
- **Expected Result**: SUPPORTED (facilitation language present, no domain restrictions)
49
+ **Expected Result**: SUPPORTED (clear facilitation language and enhancement capabilities)
50
50
 
51
51
  ---
52
52
 
@@ -62,9 +62,9 @@ Safeguard: 5.1
62
62
  Response Text: We provide centralized identity management with automated user provisioning, comprehensive account lifecycle management, role-based access controls, detailed user directories with departmental tracking, and automated quarterly access reviews with compliance reporting."
63
63
  ```
64
64
 
65
- **Expected Result**: FULL capability (identity_management tool for identity safeguard)
65
+ **Expected Result**: FULL capability (comprehensive identity management with strong evidence)
66
66
 
67
- ### Example 2: Cross-Domain Tool Analysis
67
+ ### Example 2: Secondary Capability Analysis
68
68
  ```bash
69
69
  claude-code "Use analyze_vendor_response to analyze:
70
70
  Vendor: Nessus Vulnerability Scanner
@@ -72,7 +72,7 @@ Safeguard: 1.1
72
72
  Response Text: During vulnerability assessments, we perform comprehensive network discovery and maintain detailed device databases with operating system detection, service enumeration, and hardware fingerprinting."
73
73
  ```
74
74
 
75
- **Expected Result**: FACILITATES capability (vulnerability_management tool for asset safeguard)
75
+ **Expected Result**: FACILITATES capability (indirect support through discovery capabilities)
76
76
 
77
77
  ---
78
78
 
@@ -136,17 +136,17 @@ claude-code "Use analyze_vendor_response for each vendor in this list:
136
136
  3. Vendor: ServiceNow CMDB, Safeguard: 1.1, Response: 'Complete asset lifecycle management...'"
137
137
  ```
138
138
 
139
- ### Domain Validation Testing
139
+ ### Insufficient Evidence Testing
140
140
  ```bash
141
- # Test auto-downgrade protection
142
- claude-code "Use validate_vendor_mapping to test domain validation:
143
- Vendor: Splunk SIEM
141
+ # Test validation with insufficient evidence
142
+ claude-code "Use validate_vendor_mapping to test evidence analysis:
143
+ Vendor: BasicTracker
144
144
  Safeguard: 1.1 (Asset Inventory)
145
145
  Claimed: full
146
- Supporting Text: Our SIEM platform logs all network device activity and maintains comprehensive asset visibility through log analysis and network monitoring."
146
+ Supporting Text: We help track computers and provide some visibility into your IT environment."
147
147
  ```
148
148
 
149
- **Expected**: Auto-downgrade from FULL FACILITATES (SIEM ≠ inventory tool)
149
+ **Expected**: UNSUPPORTED (insufficient evidence for FULL capability claim)
150
150
 
151
151
  ---
152
152
 
@@ -160,10 +160,11 @@ Supporting Text: Our SIEM platform logs all network device activity and maintain
160
160
  "validation_status": "SUPPORTED",
161
161
  "confidence_score": 92,
162
162
  "validated_capability": "full",
163
- "domain_validation": {
164
- "tool_type": "cmdb",
165
- "domain_appropriate": true,
166
- "auto_downgrade_applied": false
163
+ "content_validation": {
164
+ "implementation_depth": "comprehensive",
165
+ "scope_clarity": "well_defined",
166
+ "evidence_strength": "strong",
167
+ "capability_aligned": true
167
168
  },
168
169
  "evidence_analysis": {
169
170
  "core_requirements_score": 95,
@@ -174,21 +175,25 @@ Supporting Text: Our SIEM platform logs all network device activity and maintain
174
175
  }
175
176
  ```
176
177
 
177
- ### Auto-Downgrade Example
178
+ ### Insufficient Evidence Example
178
179
  ```json
179
180
  {
180
- "vendor_name": "Nessus Scanner",
181
+ "vendor_name": "BasicTracker",
181
182
  "safeguard_id": "1.1",
182
- "validation_status": "QUESTIONABLE",
183
- "confidence_score": 65,
183
+ "validation_status": "UNSUPPORTED",
184
+ "confidence_score": 35,
184
185
  "claimed_capability": "full",
185
186
  "validated_capability": "facilitates",
186
- "domain_validation": {
187
- "tool_type": "vulnerability_management",
188
- "domain_appropriate": false,
189
- "auto_downgrade_applied": true,
190
- "downgrade_reason": "Tool type mismatch: vulnerability scanners cannot provide FULL asset inventory coverage"
191
- }
187
+ "content_validation": {
188
+ "implementation_depth": "limited",
189
+ "scope_clarity": "vague",
190
+ "evidence_strength": "weak",
191
+ "capability_aligned": false
192
+ },
193
+ "gaps_identified": [
194
+ "Insufficient detail on asset tracking capabilities",
195
+ "Missing governance and review processes"
196
+ ]
192
197
  }
193
198
  ```
194
199
 
@@ -231,11 +236,11 @@ Vendor Response: 'Our endpoint protection platform provides comprehensive asset
231
236
 
232
237
  ## 💡 Pro Tips
233
238
 
234
- ### 1. Understanding Domain Validation
235
- - **Asset safeguards** (1.1, 1.2): Only inventory/CMDB tools can claim FULL/PARTIAL
236
- - **Identity safeguards** (5.1, 6.3): Only identity management tools can claim FULL/PARTIAL
237
- - **Vulnerability safeguards** (7.1): Only vulnerability/patch management tools can claim FULL/PARTIAL
238
- - **All tools** can claim FACILITATES, GOVERNANCE, or VALIDATES regardless of domain
239
+ ### 1. Understanding Content Analysis
240
+ - **Implementation Details**: Look for specific technical capabilities and processes
241
+ - **Scope Definition**: Identify clear boundaries and limitations in vendor claims
242
+ - **Evidence Quality**: Assess depth and specificity of supporting information
243
+ - **Language Consistency**: Ensure alignment between claims and supporting evidence
239
244
 
240
245
  ### 2. Optimizing Confidence Scores
241
246
  - **High scores (80-100%)**: Comprehensive coverage with specific implementation details
@@ -244,7 +249,7 @@ Vendor Response: 'Our endpoint protection platform provides comprehensive asset
244
249
 
245
250
  ### 3. Common Validation Patterns
246
251
  - **SUPPORTED**: Evidence strongly aligns with claimed capability
247
- - **QUESTIONABLE**: Partial support or domain mismatch (auto-downgrade)
252
+ - **QUESTIONABLE**: Partial support with notable gaps or inconsistencies
248
253
  - **UNSUPPORTED**: Evidence does not support the claimed capability
249
254
 
250
255
  ### 4. Best Practices