framework-mcp 1.3.7 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -4,7 +4,6 @@ import express from 'express';
4
4
  import cors from 'cors';
5
5
  import helmet from 'helmet';
6
6
  import compression from 'compression';
7
- import { CapabilityAnalyzer } from '../../core/capability-analyzer.js';
8
7
  import { SafeguardManager } from '../../core/safeguard-manager.js';
9
8
 
10
9
  interface ErrorResponse {
@@ -15,13 +14,11 @@ interface ErrorResponse {
15
14
 
16
15
  export class FrameworkHttpServer {
17
16
  private app: express.Application;
18
- private capabilityAnalyzer: CapabilityAnalyzer;
19
17
  private safeguardManager: SafeguardManager;
20
18
  private port: number;
21
19
 
22
20
  constructor(port: number = 8080) {
23
21
  this.app = express();
24
- this.capabilityAnalyzer = new CapabilityAnalyzer();
25
22
  this.safeguardManager = new SafeguardManager();
26
23
  this.port = port;
27
24
 
@@ -68,45 +65,15 @@ export class FrameworkHttpServer {
68
65
  private setupRoutes(): void {
69
66
  // Health check endpoint (required for DigitalOcean App Services)
70
67
  this.app.get('/health', (req, res) => {
71
- const metrics = this.capabilityAnalyzer.getPerformanceMetrics();
72
68
  res.json({
73
69
  status: 'healthy',
74
- uptime: Math.round((Date.now() - metrics.uptime) / 1000),
75
- totalRequests: metrics.totalRequests,
76
- errorCount: metrics.errorCount,
77
- version: '1.3.7',
70
+ uptime: Math.round(process.uptime()),
71
+ version: '1.4.0',
78
72
  timestamp: new Date().toISOString()
79
73
  });
80
74
  });
81
75
 
82
76
 
83
- // Capability analysis endpoint
84
- this.app.post('/api/analyze-vendor-response', async (req, res) => {
85
- try {
86
- const { vendor_name, safeguard_id, response_text } = req.body;
87
-
88
- this.validateInput(req.body, ['vendor_name', 'safeguard_id', 'response_text']);
89
- this.validateTextInput(response_text, 'Response text');
90
- this.safeguardManager.validateSafeguardId(safeguard_id);
91
-
92
- const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
93
- if (!safeguard) {
94
- return res.status(404).json(this.createErrorResponse('Safeguard not found'));
95
- }
96
-
97
- const result = this.capabilityAnalyzer.performCapabilityAnalysis(
98
- vendor_name,
99
- safeguard,
100
- response_text
101
- );
102
-
103
- res.json(result);
104
- } catch (error) {
105
- console.error('[HTTP Server] analyze-vendor-response error:', error);
106
- res.status(400).json(this.createErrorResponse(error instanceof Error ? error.message : 'Unknown error'));
107
- }
108
- });
109
-
110
77
 
111
78
  // Get safeguard details endpoint
112
79
  this.app.get('/api/safeguards/:safeguardId', (req, res) => {
@@ -145,47 +112,19 @@ export class FrameworkHttpServer {
145
112
  }
146
113
  });
147
114
 
148
- // Performance metrics endpoint
149
- this.app.get('/api/metrics', (req, res) => {
150
- try {
151
- const metrics = this.capabilityAnalyzer.getPerformanceMetrics();
152
-
153
- res.json({
154
- uptime_seconds: Math.round((Date.now() - metrics.uptime) / 1000),
155
- total_requests: metrics.totalRequests,
156
- error_count: metrics.errorCount,
157
- error_rate: metrics.totalRequests > 0 ?
158
- ((metrics.errorCount / metrics.totalRequests) * 100).toFixed(2) + '%' : '0%',
159
- request_counts: Object.fromEntries(metrics.requestCounts),
160
- timestamp: new Date().toISOString()
161
- });
162
- } catch (error) {
163
- console.error('[HTTP Server] metrics error:', error);
164
- res.status(500).json(this.createErrorResponse('Metrics unavailable'));
165
- }
166
- });
167
115
 
168
116
  // API documentation endpoint
169
117
  this.app.get('/api', (req, res) => {
170
118
  res.json({
171
119
  name: 'Framework MCP HTTP API',
172
- version: '1.3.7',
173
- description: 'Clean HTTP API for vendor capability assessment against CIS Controls Framework',
120
+ version: '1.4.0',
121
+ description: 'Pure Data Provider serving authentic CIS Controls Framework data',
174
122
  endpoints: {
175
- 'POST /api/analyze-vendor-response': 'Primary capability analysis for vendor responses',
176
123
  'GET /api/safeguards': 'List all available CIS safeguards',
177
124
  'GET /api/safeguards/:id': 'Get detailed safeguard breakdown',
178
125
  'GET /health': 'Health check endpoint',
179
- 'GET /api/metrics': 'Performance metrics',
180
126
  'GET /api': 'This documentation'
181
127
  },
182
- capabilities: [
183
- 'FULL - Complete implementation of safeguard',
184
- 'PARTIAL - Limited scope implementation',
185
- 'FACILITATES - Enhancement capabilities',
186
- 'GOVERNANCE - Policy/process management',
187
- 'VALIDATES - Evidence collection and reporting'
188
- ],
189
128
  framework: 'CIS Controls v8.1 (153 safeguards)',
190
129
  deployment: 'DigitalOcean App Services compatible'
191
130
  });
@@ -219,40 +158,6 @@ export class FrameworkHttpServer {
219
158
  });
220
159
  }
221
160
 
222
- private validateInput(body: any, requiredFields: string[]): void {
223
- if (!body || typeof body !== 'object') {
224
- throw new Error('Request body is required and must be valid JSON');
225
- }
226
-
227
- for (const field of requiredFields) {
228
- if (!body[field] || typeof body[field] !== 'string') {
229
- throw new Error(`Field '${field}' is required and must be a non-empty string`);
230
- }
231
- }
232
- }
233
-
234
- private validateTextInput(text: string, fieldName: string): void {
235
- if (typeof text !== 'string') {
236
- throw new Error(`${fieldName} must be a string`);
237
- }
238
-
239
- if (text.length < 10) {
240
- throw new Error(`${fieldName} must be at least 10 characters long`);
241
- }
242
-
243
- if (text.length > 10000) {
244
- throw new Error(`${fieldName} must be less than 10,000 characters`);
245
- }
246
- }
247
-
248
- private validateCapability(capability: string): void {
249
- const validCapabilities = ['full', 'partial', 'facilitates', 'governance', 'validates'];
250
-
251
- if (!validCapabilities.includes(capability.toLowerCase())) {
252
- throw new Error(`Invalid capability '${capability}'. Valid options: ${validCapabilities.join(', ')}`);
253
- }
254
- }
255
-
256
161
  private createErrorResponse(error: string, details?: string): ErrorResponse {
257
162
  return {
258
163
  error,
@@ -263,11 +168,11 @@ export class FrameworkHttpServer {
263
168
 
264
169
  public start(): void {
265
170
  this.app.listen(this.port, '0.0.0.0', () => {
266
- console.log(`🚀 Framework MCP HTTP Server v1.3.7 running on port ${this.port}`);
171
+ console.log(`🚀 Framework MCP HTTP Server v1.4.0 running on port ${this.port}`);
267
172
  console.log(`📊 Health check: http://localhost:${this.port}/health`);
268
173
  console.log(`📖 API docs: http://localhost:${this.port}/api`);
269
174
  console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
270
- console.log(`⚡ Clean capability analysis - CIS Controls v8.1`);
175
+ console.log(`📊 Pure Data Provider - CIS Controls v8.1`);
271
176
  });
272
177
 
273
178
  // Graceful shutdown handling
@@ -8,23 +8,20 @@ import {
8
8
  Tool,
9
9
  } from '@modelcontextprotocol/sdk/types.js';
10
10
 
11
- import { CapabilityAnalyzer } from '../../core/capability-analyzer.js';
12
11
  import { SafeguardManager } from '../../core/safeguard-manager.js';
13
12
 
14
13
  export class FrameworkMcpServer {
15
14
  private server: Server;
16
- private capabilityAnalyzer: CapabilityAnalyzer;
17
15
  private safeguardManager: SafeguardManager;
18
16
 
19
17
  constructor() {
20
18
  this.server = new Server(
21
19
  {
22
20
  name: 'framework-analyzer',
23
- version: '1.3.7',
21
+ version: '1.4.0',
24
22
  }
25
23
  );
26
24
 
27
- this.capabilityAnalyzer = new CapabilityAnalyzer();
28
25
  this.safeguardManager = new SafeguardManager();
29
26
 
30
27
  this.setupHandlers();
@@ -35,28 +32,6 @@ export class FrameworkMcpServer {
35
32
  this.server.setRequestHandler(ListToolsRequestSchema, async () => {
36
33
  return {
37
34
  tools: [
38
- {
39
- name: 'analyze_vendor_response',
40
- description: 'Determine vendor tool capability role for specific safeguard',
41
- inputSchema: {
42
- type: 'object',
43
- properties: {
44
- vendor_name: {
45
- type: 'string',
46
- description: 'Name of the vendor'
47
- },
48
- safeguard_id: {
49
- type: 'string',
50
- description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
51
- },
52
- response_text: {
53
- type: 'string',
54
- description: 'Vendor response text to analyze'
55
- }
56
- },
57
- required: ['vendor_name', 'safeguard_id', 'response_text']
58
- }
59
- } as Tool,
60
35
  {
61
36
  name: 'get_safeguard_details',
62
37
  description: 'Get detailed safeguard breakdown',
@@ -94,9 +69,6 @@ export class FrameworkMcpServer {
94
69
 
95
70
  try {
96
71
  switch (name) {
97
- case 'analyze_vendor_response':
98
- return await this.analyzeVendorResponse(args);
99
-
100
72
  case 'get_safeguard_details':
101
73
  return await this.getSafeguardDetails(args);
102
74
 
@@ -126,29 +98,6 @@ export class FrameworkMcpServer {
126
98
  }
127
99
 
128
100
 
129
- private async analyzeVendorResponse(args: any) {
130
- const { vendor_name = 'Unknown Vendor', safeguard_id, response_text } = args;
131
-
132
- this.validateTextInput(response_text, 'Response text');
133
- this.safeguardManager.validateSafeguardId(safeguard_id);
134
-
135
- const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
136
- if (!safeguard) {
137
- throw new Error(`Safeguard ${safeguard_id} not found`);
138
- }
139
-
140
- const analysis = this.capabilityAnalyzer.performCapabilityAnalysis(vendor_name, safeguard, response_text);
141
-
142
- return {
143
- content: [
144
- {
145
- type: 'text',
146
- text: JSON.stringify(analysis, null, 2),
147
- },
148
- ],
149
- };
150
- }
151
-
152
101
  private async getSafeguardDetails(args: any) {
153
102
  const { safeguard_id, include_examples = false } = args;
154
103
 
@@ -180,35 +129,13 @@ export class FrameworkMcpServer {
180
129
  safeguards,
181
130
  total: safeguards.length,
182
131
  framework: 'CIS Controls v8.1',
183
- version: '1.3.7'
132
+ version: '1.4.0'
184
133
  }, null, 2),
185
134
  },
186
135
  ],
187
136
  };
188
137
  }
189
138
 
190
- private validateTextInput(text: string, fieldName: string): void {
191
- if (typeof text !== 'string') {
192
- throw new Error(`${fieldName} must be a string`);
193
- }
194
-
195
- if (text.length < 10) {
196
- throw new Error(`${fieldName} must be at least 10 characters long`);
197
- }
198
-
199
- if (text.length > 10000) {
200
- throw new Error(`${fieldName} must be less than 10,000 characters`);
201
- }
202
- }
203
-
204
- private validateCapability(capability: string): void {
205
- const validCapabilities = ['full', 'partial', 'facilitates', 'governance', 'validates'];
206
-
207
- if (!validCapabilities.includes(capability.toLowerCase())) {
208
- throw new Error(`Invalid capability '${capability}'. Valid options: ${validCapabilities.join(', ')}`);
209
- }
210
- }
211
-
212
139
  private formatErrorMessage(error: unknown, toolName: string): string {
213
140
  if (error instanceof Error) {
214
141
  // Provide helpful guidance for common errors
@@ -216,14 +143,6 @@ export class FrameworkMcpServer {
216
143
  return `${error.message}. Use list_available_safeguards to see all available options.`;
217
144
  }
218
145
 
219
- if (error.message.includes('Invalid capability')) {
220
- return `${error.message}. Capability roles determine what function the vendor tool plays in safeguard implementation.`;
221
- }
222
-
223
- if (error.message.includes('characters')) {
224
- return `${error.message}. Ensure your input text is substantive enough for analysis.`;
225
- }
226
-
227
146
  return error.message;
228
147
  }
229
148
 
@@ -234,8 +153,8 @@ export class FrameworkMcpServer {
234
153
  const transport = new StdioServerTransport();
235
154
  await this.server.connect(transport);
236
155
 
237
- console.error('🤖 Framework MCP Server v1.3.7 running via stdio');
238
- console.error('📊 Clean capability assessment for CIS Controls v8.1');
156
+ console.error('🤖 Framework MCP Server v1.4.0 running via stdio');
157
+ console.error('📊 Pure Data Provider for CIS Controls v8.1');
239
158
  }
240
159
  }
241
160
 
package/swagger.json CHANGED
@@ -1,9 +1,9 @@
1
1
  {
2
2
  "openapi": "3.0.3",
3
3
  "info": {
4
- "title": "Framework MCP API - CIS Controls Capability Assessment",
5
- "description": "Microsoft Copilot-compatible API for vendor capability assessment against CIS Controls Framework v8.1 (153 safeguards). Features clean capability analysis architecture for accurate capability role determination (FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES).",
6
- "version": "1.3.7",
4
+ "title": "Framework MCP API - Pure Data Provider",
5
+ "description": "Microsoft Copilot-compatible API providing authoritative CIS Controls Framework v8.1 data (153 safeguards). Pure Data Provider architecture empowers LLMs with structured safeguards data for sophisticated, context-aware vendor capability analysis.",
6
+ "version": "1.4.0",
7
7
  "contact": {
8
8
  "name": "Framework MCP Support",
9
9
  "url": "https://github.com/therealcybermattlee/FrameworkMCP"
@@ -44,56 +44,6 @@
44
44
  }
45
45
  }
46
46
  },
47
- "/api/analyze-vendor-response": {
48
- "post": {
49
- "summary": "Analyze Vendor Response (PRIMARY)",
50
- "description": "Primary endpoint for analyzing vendor response text to determine appropriate capability role for CIS safeguards",
51
- "operationId": "analyzeVendorResponse",
52
- "tags": ["Capability Assessment"],
53
- "requestBody": {
54
- "required": true,
55
- "content": {
56
- "application/json": {
57
- "schema": {
58
- "$ref": "#/components/schemas/AnalysisRequest"
59
- }
60
- }
61
- }
62
- },
63
- "responses": {
64
- "200": {
65
- "description": "Analysis completed successfully",
66
- "content": {
67
- "application/json": {
68
- "schema": {
69
- "$ref": "#/components/schemas/VendorAnalysisResponse"
70
- }
71
- }
72
- }
73
- },
74
- "400": {
75
- "description": "Invalid request parameters",
76
- "content": {
77
- "application/json": {
78
- "schema": {
79
- "$ref": "#/components/schemas/ErrorResponse"
80
- }
81
- }
82
- }
83
- },
84
- "404": {
85
- "description": "Safeguard not found",
86
- "content": {
87
- "application/json": {
88
- "schema": {
89
- "$ref": "#/components/schemas/ErrorResponse"
90
- }
91
- }
92
- }
93
- }
94
- }
95
- }
96
- },
97
47
  "/api/safeguards": {
98
48
  "get": {
99
49
  "summary": "List Available Safeguards",
@@ -220,112 +170,6 @@
220
170
  },
221
171
  "components": {
222
172
  "schemas": {
223
- "CapabilityRole": {
224
- "type": "string",
225
- "enum": ["full", "partial", "facilitates", "governance", "validates"],
226
- "description": "Vendor tool capability roles:\n- FULL: Complete implementation of safeguard\n- PARTIAL: Limited scope implementation\n- FACILITATES: Enhancement capabilities that enable better/faster/stronger implementation\n- GOVERNANCE: Policy/process management and oversight\n- VALIDATES: Evidence collection, audit, and reporting"
227
- },
228
- "AnalysisRequest": {
229
- "type": "object",
230
- "required": ["vendor_name", "safeguard_id", "response_text"],
231
- "properties": {
232
- "vendor_name": {
233
- "type": "string",
234
- "description": "Name of the vendor",
235
- "minLength": 1,
236
- "maxLength": 100,
237
- "example": "Microsoft Defender"
238
- },
239
- "safeguard_id": {
240
- "type": "string",
241
- "pattern": "^[0-9]+\\.[0-9]+$",
242
- "description": "CIS safeguard ID",
243
- "example": "5.1"
244
- },
245
- "response_text": {
246
- "type": "string",
247
- "description": "Vendor response text to analyze for capability determination",
248
- "minLength": 10,
249
- "maxLength": 10000,
250
- "example": "We provide centralized account management with role-based access controls, automated provisioning and deprovisioning, and integration with Active Directory for enterprise identity management."
251
- }
252
- }
253
- },
254
- "VendorAnalysisResponse": {
255
- "type": "object",
256
- "properties": {
257
- "vendor": {
258
- "type": "string",
259
- "description": "Name of the vendor or tool",
260
- "example": "Microsoft Defender"
261
- },
262
- "safeguardId": {
263
- "type": "string",
264
- "description": "CIS safeguard ID",
265
- "example": "5.1"
266
- },
267
- "safeguardTitle": {
268
- "type": "string",
269
- "description": "Title of the CIS safeguard",
270
- "example": "Establish and Maintain an Inventory of Accounts"
271
- },
272
- "capability": {
273
- "$ref": "#/components/schemas/CapabilityRole",
274
- "description": "Primary capability categorization"
275
- },
276
- "capabilities": {
277
- "type": "object",
278
- "description": "Detailed capability breakdown",
279
- "properties": {
280
- "full": {
281
- "type": "boolean",
282
- "description": "Directly implements the core safeguard functionality"
283
- },
284
- "partial": {
285
- "type": "boolean",
286
- "description": "Implements limited aspects of the safeguard"
287
- },
288
- "facilitates": {
289
- "type": "boolean",
290
- "description": "Enhances or enables safeguard implementation by others"
291
- },
292
- "governance": {
293
- "type": "boolean",
294
- "description": "Provides policy, process, and oversight capabilities"
295
- },
296
- "validates": {
297
- "type": "boolean",
298
- "description": "Provides evidence, audit, and validation reporting"
299
- }
300
- }
301
- },
302
- "confidence": {
303
- "type": "number",
304
- "minimum": 0,
305
- "maximum": 100,
306
- "description": "Confidence score in the assessment"
307
- },
308
- "reasoning": {
309
- "type": "string",
310
- "description": "Detailed explanation of the capability determination"
311
- },
312
- "evidence": {
313
- "type": "array",
314
- "items": {
315
- "type": "string"
316
- },
317
- "description": "Evidence supporting the capability assessment"
318
- },
319
- "toolCapabilityDescription": {
320
- "type": "string",
321
- "description": "Description of what type of tool this is and its role"
322
- },
323
- "recommendedUse": {
324
- "type": "string",
325
- "description": "How practitioners should use this tool for the safeguard"
326
- }
327
- }
328
- },
329
173
  "SafeguardListResponse": {
330
174
  "type": "object",
331
175
  "properties": {
@@ -435,7 +279,7 @@
435
279
  },
436
280
  "version": {
437
281
  "type": "string",
438
- "example": "1.3.7"
282
+ "example": "1.4.0"
439
283
  },
440
284
  "timestamp": {
441
285
  "type": "string",
@@ -480,11 +324,11 @@
480
324
  },
481
325
  "version": {
482
326
  "type": "string",
483
- "example": "1.3.7"
327
+ "example": "1.4.0"
484
328
  },
485
329
  "description": {
486
330
  "type": "string",
487
- "example": "Clean HTTP API for vendor capability assessment against CIS Controls Framework"
331
+ "example": "Pure Data Provider API serving authoritative CIS Controls Framework data for LLM-driven analysis"
488
332
  },
489
333
  "endpoints": {
490
334
  "type": "object",
@@ -530,13 +374,9 @@
530
374
  }
531
375
  },
532
376
  "tags": [
533
- {
534
- "name": "Capability Assessment",
535
- "description": "Primary API endpoints for vendor capability assessment against CIS Controls"
536
- },
537
377
  {
538
378
  "name": "Safeguards",
539
- "description": "CIS Controls safeguards information and details"
379
+ "description": "Authoritative CIS Controls safeguards data for LLM-driven analysis"
540
380
  },
541
381
  {
542
382
  "name": "Monitoring",
@@ -1,23 +0,0 @@
1
- import { SafeguardElement, VendorAnalysis, PerformanceMetrics } from '../shared/types.js';
2
- export declare class CapabilityAnalyzer {
3
- private cache;
4
- private performanceMetrics;
5
- constructor();
6
- performCapabilityAnalysis(vendorName: string, safeguard: SafeguardElement, responseText: string): VendorAnalysis;
7
- private determineClaimedCapability;
8
- private assessCapabilityQuality;
9
- private assessImplementationQuality;
10
- private assessFacilitationQuality;
11
- private assessGovernanceQuality;
12
- private assessValidationQuality;
13
- private generateCapabilityAnalysis;
14
- private generateToolCapabilityDescription;
15
- private generateRecommendedUse;
16
- private calculateKeywordScore;
17
- private calculateElementCoverage;
18
- private recordToolExecution;
19
- private logPerformanceStats;
20
- private cleanupExpiredCache;
21
- getPerformanceMetrics(): PerformanceMetrics;
22
- }
23
- //# sourceMappingURL=capability-analyzer.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"capability-analyzer.d.ts","sourceRoot":"","sources":["../../src/core/capability-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAInB,MAAM,oBAAoB,CAAC;AAG5B,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,kBAAkB,CAAqB;;IAmBxC,yBAAyB,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,GAAG,cAAc;IA4BvH,OAAO,CAAC,0BAA0B;IAwDlC,OAAO,CAAC,uBAAuB;IAoC/B,OAAO,CAAC,2BAA2B;IAmCnC,OAAO,CAAC,yBAAyB;IA6BjC,OAAO,CAAC,uBAAuB;IA6B/B,OAAO,CAAC,uBAAuB;IA6B/B,OAAO,CAAC,0BAA0B;IAgClC,OAAO,CAAC,iCAAiC;IAmBzC,OAAO,CAAC,sBAAsB;IAgB9B,OAAO,CAAC,qBAAqB;IAU7B,OAAO,CAAC,wBAAwB;IAUhC,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,mBAAmB;IAe3B,OAAO,CAAC,mBAAmB;IAkBpB,qBAAqB,IAAI,kBAAkB;CAGnD"}