framework-mcp 1.3.7 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/COPILOT_INTEGRATION.md +49 -62
  2. package/DEPLOYMENT_GUIDE.md +46 -47
  3. package/MCP_INTEGRATION_GUIDE.md +96 -129
  4. package/MIGRATION_GUIDE_v1.4.0.md +190 -0
  5. package/README.md +148 -173
  6. package/RELEASE_NOTES_v1.4.0.md +178 -0
  7. package/dist/core/safeguard-manager.d.ts.map +1 -1
  8. package/dist/core/safeguard-manager.js +2271 -153
  9. package/dist/core/safeguard-manager.js.map +1 -1
  10. package/dist/index.d.ts +0 -1
  11. package/dist/index.d.ts.map +1 -1
  12. package/dist/index.js +1 -2
  13. package/dist/index.js.map +1 -1
  14. package/dist/interfaces/http/http-server.d.ts +0 -4
  15. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  16. package/dist/interfaces/http/http-server.js +6 -85
  17. package/dist/interfaces/http/http-server.js.map +1 -1
  18. package/dist/interfaces/mcp/mcp-server.d.ts +0 -4
  19. package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
  20. package/dist/interfaces/mcp/mcp-server.js +4 -71
  21. package/dist/interfaces/mcp/mcp-server.js.map +1 -1
  22. package/dist/shared/types.d.ts +7 -0
  23. package/dist/shared/types.d.ts.map +1 -1
  24. package/examples/llm-analysis-patterns.md +553 -0
  25. package/package.json +2 -2
  26. package/scripts/validate-documentation.sh +4 -4
  27. package/src/core/safeguard-manager.ts +2271 -153
  28. package/src/index.ts +1 -2
  29. package/src/interfaces/http/http-server.ts +6 -101
  30. package/src/interfaces/mcp/mcp-server.ts +4 -85
  31. package/src/shared/types.ts +7 -0
  32. package/swagger.json +43 -168
  33. package/dist/core/capability-analyzer.d.ts +0 -23
  34. package/dist/core/capability-analyzer.d.ts.map +0 -1
  35. package/dist/core/capability-analyzer.js +0 -333
  36. package/dist/core/capability-analyzer.js.map +0 -1
  37. package/src/core/capability-analyzer.ts +0 -417
@@ -1,417 +0,0 @@
1
- import {
2
- SafeguardElement,
3
- VendorAnalysis,
4
- PerformanceMetrics,
5
- CacheEntry,
6
- QualityAssessment,
7
- CapabilityType
8
- } from '../shared/types.js';
9
-
10
-
11
- export class CapabilityAnalyzer {
12
- private cache: Map<string, CacheEntry<any>>;
13
- private performanceMetrics: PerformanceMetrics;
14
-
15
- constructor() {
16
- this.cache = new Map();
17
- this.performanceMetrics = {
18
- uptime: Date.now(),
19
- totalRequests: 0,
20
- errorCount: 0,
21
- requestCounts: new Map(),
22
- executionTimes: new Map(),
23
- lastStatsLog: Date.now()
24
- };
25
-
26
- // Set up periodic cache cleanup
27
- setInterval(() => {
28
- this.cleanupExpiredCache();
29
- }, 10 * 60 * 1000); // Every 10 minutes
30
- }
31
-
32
- public performCapabilityAnalysis(vendorName: string, safeguard: SafeguardElement, responseText: string): VendorAnalysis {
33
- const startTime = Date.now();
34
- try {
35
- this.performanceMetrics.totalRequests++;
36
-
37
- const text = responseText.toLowerCase();
38
-
39
- // Step 1: Determine what type of capability this tool is claiming
40
- const claimedCapability = this.determineClaimedCapability(text, safeguard);
41
-
42
- // Step 2: Assess how well the tool executes that specific capability type
43
- const qualityAssessment = this.assessCapabilityQuality(text, safeguard, claimedCapability);
44
-
45
- // Step 3: Generate capability-focused analysis
46
- const result = this.generateCapabilityAnalysis(vendorName, safeguard, responseText, claimedCapability, qualityAssessment);
47
-
48
- // Record performance metrics
49
- this.recordToolExecution('performCapabilityAnalysis', Date.now() - startTime);
50
-
51
- return result;
52
- } catch (error) {
53
- this.performanceMetrics.errorCount++;
54
- this.recordToolExecution('performCapabilityAnalysis_error', Date.now() - startTime);
55
- throw error;
56
- }
57
- }
58
-
59
-
60
- private determineClaimedCapability(text: string, safeguard: SafeguardElement): CapabilityType {
61
- // Capability detection keywords - focused on what the tool DOES, not what elements it covers
62
- const governanceIndicators = [
63
- 'policy', 'policies', 'manage', 'process', 'workflow', 'governance', 'grc',
64
- 'compliance management', 'documented', 'establish', 'maintain', 'procedure',
65
- 'control', 'controls', 'framework', 'standard', 'enterprise risk management',
66
- 'centralized management', 'oversight'
67
- ];
68
-
69
- const facilitatesIndicators = [
70
- 'improve', 'enhance', 'optimize', 'faster', 'better', 'stronger', 'automate',
71
- 'streamline', 'efficiency', 'facilitate', 'support', 'enable', 'accelerate',
72
- 'api', 'integration', 'data', 'export', 'import', 'sync', 'feed',
73
- 'provides data', 'data source', 'data feeds', 'enrichment', 'data enrichment',
74
- 'supplemental data', 'additional data', 'contextual data', 'threat data',
75
- 'intelligence feeds', 'data aggregation', 'data collection', 'data gathering',
76
- 'feeds data', 'populates', 'informs', 'enriches', 'supplements',
77
- 'enables compliance', 'facilitates implementation', 'supports compliance',
78
- 'creates framework', 'enables organizations', 'infrastructure', 'foundation',
79
- 'template', 'templates', 'workflow automation', 'orchestration'
80
- ];
81
-
82
- const validatesIndicators = [
83
- 'audit', 'report', 'evidence', 'verify', 'validate', 'check', 'monitor',
84
- 'compliance', 'compliance report', 'assessment', 'logging', 'tracking', 'review', 'attest',
85
- 'dashboard', 'metrics', 'analytics', 'visibility', 'alert', 'attestation',
86
- 'compliance tracking', 'audit trail', 'reporting capabilities', 'audit capabilities'
87
- ];
88
-
89
- // General implementation indicators for all safeguards
90
- const implementationIndicators = [
91
- 'implement', 'implements', 'implementation', 'deploy', 'execute', 'perform',
92
- 'provides', 'delivers', 'complete', 'fully', 'comprehensive', 'directly',
93
- 'natively', 'built-in', 'core functionality', 'primary function', 'main feature'
94
- ];
95
-
96
- // Calculate keyword presence scores
97
- const governanceScore = this.calculateKeywordScore(text, governanceIndicators);
98
- const facilitatesScore = this.calculateKeywordScore(text, facilitatesIndicators);
99
- const validatesScore = this.calculateKeywordScore(text, validatesIndicators);
100
- const implementationScore = this.calculateKeywordScore(text, implementationIndicators);
101
-
102
- // Determine claimed capability based on strongest indicators and patterns
103
- if (implementationScore > 0.2 && implementationScore >= Math.max(facilitatesScore, governanceScore, validatesScore)) {
104
- // Tool claims to directly implement the safeguard
105
- return implementationScore > 0.5 ? 'full' : 'partial';
106
- } else if (governanceScore > 0.2 && governanceScore >= Math.max(facilitatesScore, validatesScore)) {
107
- return 'governance';
108
- } else if (validatesScore > 0.2 && validatesScore >= facilitatesScore) {
109
- return 'validates';
110
- } else {
111
- return 'facilitates';
112
- }
113
- }
114
-
115
-
116
- private assessCapabilityQuality(text: string, safeguard: SafeguardElement, claimedCapability: string): QualityAssessment {
117
- // Assess how well the tool executes the claimed capability type
118
- const evidence: string[] = [];
119
- const gaps: string[] = [];
120
-
121
- // Quality assessment based on capability type
122
- let qualityScore = 0;
123
-
124
- switch (claimedCapability) {
125
- case 'full':
126
- case 'partial':
127
- qualityScore = this.assessImplementationQuality(text, safeguard, evidence, gaps);
128
- break;
129
- case 'facilitates':
130
- qualityScore = this.assessFacilitationQuality(text, evidence, gaps);
131
- break;
132
- case 'governance':
133
- qualityScore = this.assessGovernanceQuality(text, evidence, gaps);
134
- break;
135
- case 'validates':
136
- qualityScore = this.assessValidationQuality(text, evidence, gaps);
137
- break;
138
- }
139
-
140
- const quality = qualityScore >= 0.8 ? 'excellent' :
141
- qualityScore >= 0.6 ? 'good' :
142
- qualityScore >= 0.4 ? 'fair' : 'poor';
143
-
144
- return {
145
- quality,
146
- confidence: Math.round(qualityScore * 100),
147
- evidence,
148
- gaps
149
- };
150
- }
151
-
152
- private assessImplementationQuality(text: string, safeguard: SafeguardElement, evidence: string[], gaps: string[]): number {
153
- let score = 0;
154
-
155
- // Check for core implementation elements
156
- const coreScore = this.calculateElementCoverage(text, safeguard.coreRequirements);
157
- const subElementScore = this.calculateElementCoverage(text, safeguard.subTaxonomicalElements);
158
- const governanceScore = this.calculateElementCoverage(text, safeguard.governanceElements);
159
-
160
- if (coreScore > 0.5) {
161
- evidence.push('Strong coverage of core requirements');
162
- score += 0.4;
163
- } else if (coreScore > 0.2) {
164
- evidence.push('Partial coverage of core requirements');
165
- score += 0.2;
166
- } else {
167
- gaps.push('Limited coverage of core requirements');
168
- }
169
-
170
- if (subElementScore > 0.3) {
171
- evidence.push('Good coverage of sub-taxonomical elements');
172
- score += 0.3;
173
- } else {
174
- gaps.push('Limited sub-element coverage');
175
- }
176
-
177
- if (governanceScore > 0.3) {
178
- evidence.push('Addresses governance requirements');
179
- score += 0.3;
180
- } else {
181
- gaps.push('Limited governance element coverage');
182
- }
183
-
184
- return Math.min(score, 1.0);
185
- }
186
-
187
- private assessFacilitationQuality(text: string, evidence: string[], gaps: string[]): number {
188
- let score = 0;
189
-
190
- const facilitationKeywords = ['enhance', 'improve', 'optimize', 'enable', 'support', 'facilitate', 'streamline'];
191
- const integrationKeywords = ['api', 'integration', 'data feed', 'export', 'import', 'sync'];
192
- const automationKeywords = ['automate', 'automated', 'orchestration', 'workflow'];
193
-
194
- if (this.calculateKeywordScore(text, facilitationKeywords) > 0.1) {
195
- evidence.push('Clear facilitation capabilities');
196
- score += 0.4;
197
- }
198
-
199
- if (this.calculateKeywordScore(text, integrationKeywords) > 0.1) {
200
- evidence.push('Integration and data sharing capabilities');
201
- score += 0.3;
202
- }
203
-
204
- if (this.calculateKeywordScore(text, automationKeywords) > 0.1) {
205
- evidence.push('Automation and workflow capabilities');
206
- score += 0.3;
207
- }
208
-
209
- if (score < 0.4) {
210
- gaps.push('Limited evidence of facilitation capabilities');
211
- }
212
-
213
- return Math.min(score, 1.0);
214
- }
215
-
216
- private assessGovernanceQuality(text: string, evidence: string[], gaps: string[]): number {
217
- let score = 0;
218
-
219
- const policyKeywords = ['policy', 'policies', 'procedure', 'standard', 'framework'];
220
- const processKeywords = ['process', 'workflow', 'governance', 'management', 'oversight'];
221
- const complianceKeywords = ['compliance', 'grc', 'audit', 'risk management'];
222
-
223
- if (this.calculateKeywordScore(text, policyKeywords) > 0.1) {
224
- evidence.push('Policy and procedure management');
225
- score += 0.4;
226
- }
227
-
228
- if (this.calculateKeywordScore(text, processKeywords) > 0.1) {
229
- evidence.push('Process and workflow capabilities');
230
- score += 0.3;
231
- }
232
-
233
- if (this.calculateKeywordScore(text, complianceKeywords) > 0.1) {
234
- evidence.push('Compliance and risk management features');
235
- score += 0.3;
236
- }
237
-
238
- if (score < 0.4) {
239
- gaps.push('Limited governance capabilities evident');
240
- }
241
-
242
- return Math.min(score, 1.0);
243
- }
244
-
245
- private assessValidationQuality(text: string, evidence: string[], gaps: string[]): number {
246
- let score = 0;
247
-
248
- const auditKeywords = ['audit', 'audit trail', 'evidence', 'verification', 'validation'];
249
- const reportingKeywords = ['report', 'reporting', 'dashboard', 'metrics', 'analytics'];
250
- const monitoringKeywords = ['monitor', 'monitoring', 'tracking', 'logging', 'alerting'];
251
-
252
- if (this.calculateKeywordScore(text, auditKeywords) > 0.1) {
253
- evidence.push('Audit and evidence collection capabilities');
254
- score += 0.4;
255
- }
256
-
257
- if (this.calculateKeywordScore(text, reportingKeywords) > 0.1) {
258
- evidence.push('Reporting and analytics features');
259
- score += 0.3;
260
- }
261
-
262
- if (this.calculateKeywordScore(text, monitoringKeywords) > 0.1) {
263
- evidence.push('Monitoring and tracking capabilities');
264
- score += 0.3;
265
- }
266
-
267
- if (score < 0.4) {
268
- gaps.push('Limited validation and evidence capabilities');
269
- }
270
-
271
- return Math.min(score, 1.0);
272
- }
273
-
274
- private generateCapabilityAnalysis(
275
- vendorName: string,
276
- safeguard: SafeguardElement,
277
- responseText: string,
278
- claimedCapability: CapabilityType,
279
- qualityAssessment: QualityAssessment
280
- ): VendorAnalysis {
281
- const capabilities = {
282
- full: claimedCapability === 'full',
283
- partial: claimedCapability === 'partial',
284
- facilitates: claimedCapability === 'facilitates',
285
- governance: claimedCapability === 'governance',
286
- validates: claimedCapability === 'validates'
287
- };
288
-
289
- const toolCapabilityDescription = this.generateToolCapabilityDescription(claimedCapability, qualityAssessment);
290
- const recommendedUse = this.generateRecommendedUse(claimedCapability, safeguard);
291
-
292
- return {
293
- vendor: vendorName,
294
- safeguardId: safeguard.id,
295
- safeguardTitle: safeguard.title,
296
- capability: claimedCapability,
297
- capabilities,
298
- confidence: qualityAssessment.confidence,
299
- reasoning: `Primary capability: ${claimedCapability.toUpperCase()} (${qualityAssessment.quality} quality)`,
300
- evidence: qualityAssessment.evidence,
301
- toolCapabilityDescription,
302
- recommendedUse
303
- };
304
- }
305
-
306
- private generateToolCapabilityDescription(capability: CapabilityType, quality: QualityAssessment): string {
307
- const qualityDescriptions = {
308
- excellent: 'comprehensive and well-implemented',
309
- good: 'solid and effective',
310
- fair: 'basic but functional',
311
- poor: 'limited or unclear'
312
- };
313
-
314
- const capabilityDescriptions = {
315
- full: 'directly implements the complete safeguard functionality',
316
- partial: 'implements specific aspects of the safeguard with defined scope',
317
- facilitates: 'enhances and enables safeguard implementation by other tools or processes',
318
- governance: 'provides policy, process management, and oversight capabilities',
319
- validates: 'provides evidence collection, audit, and compliance validation capabilities'
320
- };
321
-
322
- return `This tool ${capabilityDescriptions[capability]} with ${qualityDescriptions[quality.quality]} capabilities.`;
323
- }
324
-
325
- private generateRecommendedUse(capability: CapabilityType, safeguard: SafeguardElement): string {
326
- const recommendations = {
327
- full: `Use as the primary implementation tool for ${safeguard.title}. Ensure comprehensive deployment and configuration.`,
328
- partial: `Use as a component within a broader safeguard implementation strategy. Supplement with additional tools or processes.`,
329
- facilitates: `Use to enhance and optimize existing safeguard implementation. Integrate with primary implementation tools.`,
330
- governance: `Use for policy management, process oversight, and compliance framework establishment for ${safeguard.title}.`,
331
- validates: `Use for evidence collection, audit preparation, and compliance validation of ${safeguard.title} implementation.`
332
- };
333
-
334
- return recommendations[capability];
335
- }
336
-
337
-
338
-
339
-
340
-
341
- private calculateKeywordScore(text: string, keywords: string[]): number {
342
- let matches = 0;
343
- for (const keyword of keywords) {
344
- if (text.includes(keyword.toLowerCase())) {
345
- matches++;
346
- }
347
- }
348
- return keywords.length > 0 ? matches / keywords.length : 0;
349
- }
350
-
351
- private calculateElementCoverage(text: string, elements: string[]): number {
352
- let matches = 0;
353
- for (const element of elements) {
354
- if (text.includes(element.toLowerCase())) {
355
- matches++;
356
- }
357
- }
358
- return elements.length > 0 ? matches / elements.length : 0;
359
- }
360
-
361
- private recordToolExecution(toolName: string, executionTime: number): void {
362
- // Update request count
363
- const currentCount = this.performanceMetrics.requestCounts.get(toolName) || 0;
364
- this.performanceMetrics.requestCounts.set(toolName, currentCount + 1);
365
-
366
- // Update execution times (keep last 100 measurements for rolling average)
367
- const times = this.performanceMetrics.executionTimes.get(toolName) || [];
368
- times.push(executionTime);
369
- if (times.length > 100) {
370
- times.shift(); // Remove oldest measurement
371
- }
372
- this.performanceMetrics.executionTimes.set(toolName, times);
373
-
374
- // Log performance stats every 5 minutes in production
375
- if (process.env.NODE_ENV === 'production' &&
376
- Date.now() - this.performanceMetrics.lastStatsLog > 5 * 60 * 1000) {
377
- this.logPerformanceStats();
378
- }
379
- }
380
-
381
- private logPerformanceStats(): void {
382
- const uptime = Math.round((Date.now() - this.performanceMetrics.uptime) / 1000);
383
- const errorRate = (this.performanceMetrics.errorCount / this.performanceMetrics.totalRequests * 100).toFixed(1);
384
-
385
- console.log(`[Framework MCP Performance] Uptime: ${uptime}s, Requests: ${this.performanceMetrics.totalRequests}, Error Rate: ${errorRate}%`);
386
-
387
- // Log per-tool average execution times
388
- for (const [toolName, times] of this.performanceMetrics.executionTimes.entries()) {
389
- const avgTime = times.reduce((a, b) => a + b, 0) / times.length;
390
- console.log(`[Framework MCP Performance] ${toolName}: ${Math.round(avgTime)}ms avg`);
391
- }
392
-
393
- this.performanceMetrics.lastStatsLog = Date.now();
394
- }
395
-
396
- private cleanupExpiredCache(): void {
397
- const now = Date.now();
398
- const expiredKeys: string[] = [];
399
-
400
- for (const [key, entry] of this.cache.entries()) {
401
- // Cache TTL: 5 minutes for most entries
402
- if (now - entry.timestamp > 5 * 60 * 1000) {
403
- expiredKeys.push(key);
404
- }
405
- }
406
-
407
- expiredKeys.forEach(key => this.cache.delete(key));
408
-
409
- if (expiredKeys.length > 0) {
410
- console.log(`[Framework MCP Cache] Cleaned up ${expiredKeys.length} expired entries`);
411
- }
412
- }
413
-
414
- public getPerformanceMetrics(): PerformanceMetrics {
415
- return { ...this.performanceMetrics };
416
- }
417
- }