framework-mcp 1.3.7 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/COPILOT_INTEGRATION.md +49 -62
- package/DEPLOYMENT_GUIDE.md +46 -47
- package/MCP_INTEGRATION_GUIDE.md +96 -129
- package/MIGRATION_GUIDE_v1.4.0.md +190 -0
- package/README.md +148 -173
- package/RELEASE_NOTES_v1.4.0.md +178 -0
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -2
- package/dist/index.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts +0 -4
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +6 -85
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.d.ts +0 -4
- package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +4 -71
- package/dist/interfaces/mcp/mcp-server.js.map +1 -1
- package/examples/llm-analysis-patterns.md +553 -0
- package/package.json +2 -2
- package/scripts/validate-documentation.sh +4 -4
- package/src/index.ts +1 -2
- package/src/interfaces/http/http-server.ts +6 -101
- package/src/interfaces/mcp/mcp-server.ts +4 -85
- package/swagger.json +7 -167
- package/dist/core/capability-analyzer.d.ts +0 -23
- package/dist/core/capability-analyzer.d.ts.map +0 -1
- package/dist/core/capability-analyzer.js +0 -333
- package/dist/core/capability-analyzer.js.map +0 -1
- package/src/core/capability-analyzer.ts +0 -417
package/COPILOT_INTEGRATION.md
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# Microsoft Copilot Integration Guide
|
|
2
2
|
|
|
3
|
-
This guide provides step-by-step instructions for integrating Framework MCP with Microsoft Copilot using custom connectors.
|
|
3
|
+
This guide provides step-by-step instructions for integrating Framework MCP v1.4.0's Pure Data Provider architecture with Microsoft Copilot using custom connectors.
|
|
4
4
|
|
|
5
5
|
## Overview
|
|
6
6
|
|
|
7
|
-
Framework MCP provides a
|
|
7
|
+
Framework MCP v1.4.0 provides a **Pure Data Provider architecture** with dual interfaces enabling both Model Context Protocol (MCP) integration with Claude Code and HTTP API integration with Microsoft Copilot. This empowers security professionals to access authoritative CIS Controls data through their preferred AI platform for sophisticated, LLM-driven vendor capability analysis.
|
|
8
8
|
|
|
9
9
|
## Prerequisites
|
|
10
10
|
|
|
@@ -52,7 +52,7 @@ Expected response:
|
|
|
52
52
|
"uptime": 1234,
|
|
53
53
|
"totalRequests": 0,
|
|
54
54
|
"errorCount": 0,
|
|
55
|
-
"version": "1.
|
|
55
|
+
"version": "1.4.0",
|
|
56
56
|
"timestamp": "2025-08-21T01:00:00.000Z"
|
|
57
57
|
}
|
|
58
58
|
```
|
|
@@ -74,8 +74,8 @@ Expected response:
|
|
|
74
74
|
- Click **Continue**
|
|
75
75
|
|
|
76
76
|
4. **Configure Connector Details**
|
|
77
|
-
- **Name**: Framework MCP -
|
|
78
|
-
- **Description**:
|
|
77
|
+
- **Name**: Framework MCP - Pure Data Provider
|
|
78
|
+
- **Description**: Authoritative CIS Controls Framework data for LLM-driven analysis
|
|
79
79
|
- **Host**: Update to your deployed API URL (e.g., `your-app.ondigitalocean.app`)
|
|
80
80
|
- **Base URL**: `/`
|
|
81
81
|
|
|
@@ -109,89 +109,72 @@ Expected response:
|
|
|
109
109
|
- Select **Custom connector**
|
|
110
110
|
- Choose your Framework MCP connector
|
|
111
111
|
|
|
112
|
-
##
|
|
112
|
+
## Data Actions Configuration
|
|
113
113
|
|
|
114
|
-
### Primary Action:
|
|
114
|
+
### Primary Action: Get Safeguard Details
|
|
115
115
|
|
|
116
|
-
Configure this action for
|
|
116
|
+
Configure this action for detailed CIS safeguard information:
|
|
117
117
|
|
|
118
118
|
**Action Details:**
|
|
119
|
-
- **Name**:
|
|
120
|
-
- **Description**:
|
|
119
|
+
- **Name**: Get CIS Safeguard Details
|
|
120
|
+
- **Description**: Retrieve detailed CIS Controls safeguard breakdown for LLM analysis
|
|
121
121
|
- **Connector**: Framework MCP Custom Connector
|
|
122
|
-
- **Operation**: `
|
|
122
|
+
- **Operation**: `getSafeguardDetails`
|
|
123
123
|
|
|
124
124
|
**Parameters:**
|
|
125
|
-
- **
|
|
126
|
-
- **
|
|
127
|
-
- **claimed_capability** (Required): Capability role (full, partial, facilitates, governance, validates)
|
|
128
|
-
- **supporting_text** (Required): Vendor response supporting their capability claim
|
|
125
|
+
- **safeguardId** (Required): CIS safeguard ID (e.g., "1.1", "5.1", "12.8")
|
|
126
|
+
- **include_examples** (Optional): Include implementation examples (true/false)
|
|
129
127
|
|
|
130
128
|
**Sample Input:**
|
|
131
129
|
```json
|
|
132
130
|
{
|
|
133
|
-
"
|
|
134
|
-
"
|
|
135
|
-
"claimed_capability": "full",
|
|
136
|
-
"supporting_text": "Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets across the organization."
|
|
131
|
+
"safeguardId": "5.1",
|
|
132
|
+
"include_examples": true
|
|
137
133
|
}
|
|
138
134
|
```
|
|
139
135
|
|
|
140
|
-
### Secondary Action:
|
|
136
|
+
### Secondary Action: List All Safeguards
|
|
141
137
|
|
|
142
|
-
Configure this action for
|
|
138
|
+
Configure this action for safeguard discovery:
|
|
143
139
|
|
|
144
140
|
**Action Details:**
|
|
145
|
-
- **Name**:
|
|
146
|
-
- **Description**:
|
|
141
|
+
- **Name**: List CIS Safeguards
|
|
142
|
+
- **Description**: Get complete list of available CIS Controls safeguards
|
|
147
143
|
- **Connector**: Framework MCP Custom Connector
|
|
148
|
-
- **Operation**: `
|
|
149
|
-
|
|
150
|
-
**Parameters:**
|
|
151
|
-
- **vendor_name** (Required): Name of the vendor
|
|
152
|
-
- **safeguard_id** (Required): CIS safeguard ID
|
|
153
|
-
- **response_text** (Required): Vendor response text to analyze
|
|
154
|
-
|
|
155
|
-
### Additional Actions: Safeguard Information
|
|
156
|
-
|
|
157
|
-
**Get Safeguard Details:**
|
|
158
|
-
- **Operation**: `getSafeguardDetails`
|
|
159
|
-
- **Parameters**: safeguard_id, include_examples (optional)
|
|
144
|
+
- **Operation**: `listSafeguards`
|
|
160
145
|
|
|
161
|
-
**
|
|
162
|
-
- **Operation**: `listAvailableSafeguards`
|
|
163
|
-
- **Parameters**: None
|
|
146
|
+
**No Parameters Required**
|
|
164
147
|
|
|
165
148
|
## Example User Interactions
|
|
166
149
|
|
|
167
|
-
Once configured, users can interact with your Copilot using natural language:
|
|
150
|
+
Once configured, users can interact with your Copilot using natural language for LLM-driven analysis:
|
|
168
151
|
|
|
169
|
-
### Capability
|
|
152
|
+
### LLM-Driven Capability Assessment
|
|
170
153
|
|
|
171
154
|
```
|
|
172
|
-
"
|
|
155
|
+
"Get details for safeguard 1.1, then analyze Microsoft Defender for Endpoint's capability: 'Microsoft Defender provides comprehensive asset discovery, detailed hardware and software inventory, and real-time asset status monitoring across all enterprise endpoints.' Determine appropriate capability role and provide confidence assessment."
|
|
173
156
|
|
|
174
|
-
"
|
|
157
|
+
"Retrieve safeguard 5.1 requirements and assess CrowdStrike Falcon: 'We offer centralized identity integration with detailed user account tracking and automated access reviews.' Consider enterprise environment and provide implementation recommendations."
|
|
175
158
|
|
|
176
|
-
"
|
|
159
|
+
"Get safeguard 6.3 details. For a financial services organization with strict compliance requirements, analyze Okta's MFA solution: 'We provide comprehensive multi-factor authentication for all external applications with adaptive authentication policies, risk-based assessments, and SSO integration.'"
|
|
177
160
|
```
|
|
178
161
|
|
|
179
|
-
###
|
|
162
|
+
### Comparative Analysis Examples
|
|
180
163
|
|
|
181
164
|
```
|
|
182
|
-
"
|
|
165
|
+
"Get safeguard 7.1 details and compare these vulnerability management solutions: 1) Rapid7 InsightVM: 'Continuous vulnerability scanning with automated remediation guidance' 2) Qualys VMDR: 'Cloud-based vulnerability scanning with patch prioritization' 3) Tenable Nessus: 'Comprehensive vulnerability assessment with compliance reporting'. Rank by implementation completeness."
|
|
183
166
|
|
|
184
|
-
"
|
|
167
|
+
"Retrieve details for safeguards 13.1, 13.3, and 13.6. Analyze how SentinelOne addresses these network monitoring requirements and identify any coverage gaps."
|
|
185
168
|
```
|
|
186
169
|
|
|
187
|
-
###
|
|
170
|
+
### Data Discovery Requests
|
|
188
171
|
|
|
189
172
|
```
|
|
190
|
-
"
|
|
173
|
+
"Show me all available CIS safeguards related to identity and access management."
|
|
191
174
|
|
|
192
|
-
"
|
|
175
|
+
"Get detailed breakdown of safeguard 11.1 including all sub-elements and governance requirements."
|
|
193
176
|
|
|
194
|
-
"
|
|
177
|
+
"List all Implementation Group 1 (IG1) safeguards for a small business security assessment."
|
|
195
178
|
```
|
|
196
179
|
|
|
197
180
|
## Advanced Configuration
|
|
@@ -201,20 +184,24 @@ Once configured, users can interact with your Copilot using natural language:
|
|
|
201
184
|
Add these instructions to your Copilot's system message:
|
|
202
185
|
|
|
203
186
|
```
|
|
204
|
-
You are a CIS Controls
|
|
187
|
+
You are a CIS Controls expert powered by Framework MCP's Pure Data Provider architecture. You help security professionals perform sophisticated vendor capability analysis using authoritative CIS Controls data.
|
|
205
188
|
|
|
206
189
|
Key Principles:
|
|
207
|
-
1.
|
|
208
|
-
2.
|
|
209
|
-
3.
|
|
210
|
-
4.
|
|
211
|
-
5.
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
1.
|
|
215
|
-
2.
|
|
216
|
-
3.
|
|
217
|
-
4.
|
|
190
|
+
1. Always retrieve detailed safeguard data using get_safeguard_details before analysis
|
|
191
|
+
2. Apply context-aware analysis considering industry, risk profile, and organizational needs
|
|
192
|
+
3. Explain the 5 capability roles: FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES
|
|
193
|
+
4. Provide transparent reasoning with evidence-based assessments
|
|
194
|
+
5. Offer implementation recommendations and deployment guidance
|
|
195
|
+
|
|
196
|
+
Analysis Approach:
|
|
197
|
+
1. Get safeguard requirements using the data actions
|
|
198
|
+
2. Analyze vendor capabilities against detailed CIS requirements
|
|
199
|
+
3. Consider organizational context (industry, size, risk tolerance)
|
|
200
|
+
4. Provide capability role determination with confidence assessment
|
|
201
|
+
5. Include implementation recommendations and integration considerations
|
|
202
|
+
6. For comparative analysis, rank vendors and explain reasoning
|
|
203
|
+
|
|
204
|
+
Flexibility: Adapt analysis methodology based on user needs - strict compliance, risk-based assessment, technology integration, or custom evaluation criteria.
|
|
218
205
|
```
|
|
219
206
|
|
|
220
207
|
### Environment Variables
|
package/DEPLOYMENT_GUIDE.md
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
# Framework MCP Deployment Guide
|
|
2
2
|
|
|
3
|
-
##
|
|
3
|
+
## Pure Data Provider Architecture: MCP + HTTP API
|
|
4
4
|
|
|
5
|
-
Framework MCP v1.
|
|
5
|
+
Framework MCP v1.4.0 features a **Pure Data Provider architecture** with dual interfaces for maximum flexibility:
|
|
6
6
|
|
|
7
|
-
- **MCP Interface**: stdio-based for Claude Code integration
|
|
8
|
-
- **HTTP Interface**: REST API for cloud deployment
|
|
7
|
+
- **MCP Interface**: stdio-based for Claude Code integration with LLM-driven analysis
|
|
8
|
+
- **HTTP Interface**: REST API for cloud deployment and Microsoft Copilot integration
|
|
9
9
|
|
|
10
10
|
---
|
|
11
11
|
|
|
@@ -146,38 +146,20 @@ GET /health
|
|
|
146
146
|
# Returns server status and metrics
|
|
147
147
|
```
|
|
148
148
|
|
|
149
|
-
###
|
|
149
|
+
### Data Endpoints (Pure Provider Architecture)
|
|
150
150
|
```bash
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
"safeguard_id": "1.1",
|
|
155
|
-
"claimed_capability": "full",
|
|
156
|
-
"supporting_text": "Comprehensive asset management..."
|
|
157
|
-
}
|
|
151
|
+
GET /api/safeguards # List all 153 CIS safeguards
|
|
152
|
+
GET /api/safeguards/1.1 # Get detailed safeguard breakdown
|
|
153
|
+
GET /api/safeguards/1.1?include_examples=true # Include implementation examples
|
|
158
154
|
```
|
|
159
155
|
|
|
160
|
-
###
|
|
161
|
-
```bash
|
|
162
|
-
POST /api/analyze-vendor-response
|
|
163
|
-
{
|
|
164
|
-
"vendor_name": "VendorName",
|
|
165
|
-
"safeguard_id": "5.1",
|
|
166
|
-
"response_text": "Our identity management solution..."
|
|
167
|
-
}
|
|
168
|
-
```
|
|
169
|
-
|
|
170
|
-
### Safeguards
|
|
156
|
+
### Monitoring
|
|
171
157
|
```bash
|
|
172
|
-
GET /api/
|
|
173
|
-
GET /api
|
|
174
|
-
GET /api/safeguards/1.1?include_examples=true
|
|
158
|
+
GET /api/metrics # Performance metrics and statistics
|
|
159
|
+
GET /api # API documentation and capabilities
|
|
175
160
|
```
|
|
176
161
|
|
|
177
|
-
|
|
178
|
-
```bash
|
|
179
|
-
GET /api/metrics # Performance metrics
|
|
180
|
-
```
|
|
162
|
+
**LLM-Driven Analysis**: The Pure Data Provider architecture supplies authoritative CIS data while LLMs perform sophisticated vendor capability analysis with unlimited flexibility.
|
|
181
163
|
|
|
182
164
|
---
|
|
183
165
|
|
|
@@ -185,45 +167,62 @@ GET /api/metrics # Performance metrics
|
|
|
185
167
|
|
|
186
168
|
### HTTP Interface Advantages
|
|
187
169
|
- ✅ **DigitalOcean Compatible**: Uses HTTP instead of stdio
|
|
188
|
-
- ✅ **REST API**: Standard HTTP endpoints
|
|
170
|
+
- ✅ **REST API**: Standard HTTP endpoints for data access
|
|
189
171
|
- ✅ **Health Checks**: Platform monitoring support
|
|
190
172
|
- ✅ **CORS Enabled**: Web application integration
|
|
191
173
|
- ✅ **Production Ready**: Error handling, security, compression
|
|
174
|
+
- ✅ **Microsoft Copilot**: Custom connector compatibility
|
|
192
175
|
|
|
193
176
|
### MCP Interface Advantages
|
|
194
177
|
- ✅ **Claude Code Integration**: Native stdio communication
|
|
195
178
|
- ✅ **Tool Discovery**: Automatic tool registration
|
|
196
179
|
- ✅ **Type Safety**: Full MCP schema validation
|
|
197
|
-
- ✅ **
|
|
180
|
+
- ✅ **LLM-Driven Analysis**: Direct access to safeguards data for intelligent analysis
|
|
198
181
|
|
|
199
|
-
###
|
|
200
|
-
- ✅ **
|
|
201
|
-
- ✅ **
|
|
202
|
-
- ✅ **Performance**:
|
|
203
|
-
- ✅ **
|
|
182
|
+
### Pure Data Provider Benefits
|
|
183
|
+
- ✅ **Clean Architecture**: Simple data provision without analysis complexity
|
|
184
|
+
- ✅ **LLM Flexibility**: Unlimited analysis approaches and methodologies
|
|
185
|
+
- ✅ **Performance Optimized**: Fast data retrieval for real-time analysis
|
|
186
|
+
- ✅ **Context-Aware**: LLMs can apply industry, risk, and organizational context
|
|
187
|
+
- ✅ **Transparent Reasoning**: Full visibility into analysis logic and evidence
|
|
204
188
|
|
|
205
189
|
---
|
|
206
190
|
|
|
207
191
|
## Migration Guide
|
|
208
192
|
|
|
209
|
-
###
|
|
193
|
+
### Migrating to Pure Data Provider v1.4.0
|
|
210
194
|
|
|
211
|
-
1. **
|
|
212
|
-
2. **
|
|
213
|
-
3. **
|
|
195
|
+
1. **Simplified Architecture**: Analysis logic moved to LLM capability
|
|
196
|
+
2. **Enhanced Flexibility**: Unlimited analysis approaches and methodologies
|
|
197
|
+
3. **Maintained Compatibility**: Both interfaces continue providing data access
|
|
198
|
+
4. **Improved Performance**: Optimized for fast data retrieval
|
|
214
199
|
|
|
215
200
|
### Use Case Guidelines
|
|
216
201
|
|
|
217
202
|
**Use MCP Interface When:**
|
|
218
|
-
- Integrating with Claude Code
|
|
203
|
+
- Integrating with Claude Code for LLM-driven analysis
|
|
219
204
|
- Local development and testing
|
|
220
|
-
-
|
|
205
|
+
- Direct tool-based interactions with LLMs
|
|
221
206
|
|
|
222
207
|
**Use HTTP Interface When:**
|
|
223
|
-
- Cloud deployment required
|
|
224
|
-
-
|
|
225
|
-
- API-based access needed
|
|
226
|
-
-
|
|
208
|
+
- Cloud deployment required (DigitalOcean, Railway, Render)
|
|
209
|
+
- Microsoft Copilot custom connector integration
|
|
210
|
+
- Web application or API-based access needed
|
|
211
|
+
- Distributed team access to CIS Controls data
|
|
212
|
+
|
|
213
|
+
### Analysis Pattern Migration
|
|
214
|
+
|
|
215
|
+
**Old Approach (v1.3.7):**
|
|
216
|
+
```bash
|
|
217
|
+
POST /api/analyze-vendor-response
|
|
218
|
+
# Hardcoded analysis with fixed validation rules
|
|
219
|
+
```
|
|
220
|
+
|
|
221
|
+
**New Approach (v1.4.0):**
|
|
222
|
+
```bash
|
|
223
|
+
GET /api/safeguards/5.1
|
|
224
|
+
# Get authoritative data, then use LLM for sophisticated analysis
|
|
225
|
+
```
|
|
227
226
|
|
|
228
227
|
---
|
|
229
228
|
|