framework-mcp 1.3.7 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/COPILOT_INTEGRATION.md +49 -62
- package/DEPLOYMENT_GUIDE.md +46 -47
- package/MCP_INTEGRATION_GUIDE.md +96 -129
- package/MIGRATION_GUIDE_v1.4.0.md +190 -0
- package/README.md +148 -173
- package/RELEASE_NOTES_v1.4.0.md +178 -0
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +2271 -153
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -2
- package/dist/index.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts +0 -4
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +6 -85
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.d.ts +0 -4
- package/dist/interfaces/mcp/mcp-server.d.ts.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +4 -71
- package/dist/interfaces/mcp/mcp-server.js.map +1 -1
- package/dist/shared/types.d.ts +7 -0
- package/dist/shared/types.d.ts.map +1 -1
- package/examples/llm-analysis-patterns.md +553 -0
- package/package.json +2 -2
- package/scripts/validate-documentation.sh +4 -4
- package/src/core/safeguard-manager.ts +2271 -153
- package/src/index.ts +1 -2
- package/src/interfaces/http/http-server.ts +6 -101
- package/src/interfaces/mcp/mcp-server.ts +4 -85
- package/src/shared/types.ts +7 -0
- package/swagger.json +43 -168
- package/dist/core/capability-analyzer.d.ts +0 -23
- package/dist/core/capability-analyzer.d.ts.map +0 -1
- package/dist/core/capability-analyzer.js +0 -333
- package/dist/core/capability-analyzer.js.map +0 -1
- package/src/core/capability-analyzer.ts +0 -417
package/src/index.ts
CHANGED
|
@@ -11,8 +11,7 @@ if (import.meta.url === `file://${process.argv[1]}`) {
|
|
|
11
11
|
|
|
12
12
|
export { FrameworkMcpServer } from './interfaces/mcp/mcp-server.js';
|
|
13
13
|
export { FrameworkHttpServer } from './interfaces/http/http-server.js';
|
|
14
|
-
export { CapabilityAnalyzer } from './core/capability-analyzer.js';
|
|
15
14
|
export { SafeguardManager } from './core/safeguard-manager.js';
|
|
16
15
|
|
|
17
|
-
//
|
|
16
|
+
// Pure Data Provider architecture - authentic CIS Controls data via SafeguardManager
|
|
18
17
|
|
|
@@ -4,7 +4,6 @@ import express from 'express';
|
|
|
4
4
|
import cors from 'cors';
|
|
5
5
|
import helmet from 'helmet';
|
|
6
6
|
import compression from 'compression';
|
|
7
|
-
import { CapabilityAnalyzer } from '../../core/capability-analyzer.js';
|
|
8
7
|
import { SafeguardManager } from '../../core/safeguard-manager.js';
|
|
9
8
|
|
|
10
9
|
interface ErrorResponse {
|
|
@@ -15,13 +14,11 @@ interface ErrorResponse {
|
|
|
15
14
|
|
|
16
15
|
export class FrameworkHttpServer {
|
|
17
16
|
private app: express.Application;
|
|
18
|
-
private capabilityAnalyzer: CapabilityAnalyzer;
|
|
19
17
|
private safeguardManager: SafeguardManager;
|
|
20
18
|
private port: number;
|
|
21
19
|
|
|
22
20
|
constructor(port: number = 8080) {
|
|
23
21
|
this.app = express();
|
|
24
|
-
this.capabilityAnalyzer = new CapabilityAnalyzer();
|
|
25
22
|
this.safeguardManager = new SafeguardManager();
|
|
26
23
|
this.port = port;
|
|
27
24
|
|
|
@@ -68,45 +65,15 @@ export class FrameworkHttpServer {
|
|
|
68
65
|
private setupRoutes(): void {
|
|
69
66
|
// Health check endpoint (required for DigitalOcean App Services)
|
|
70
67
|
this.app.get('/health', (req, res) => {
|
|
71
|
-
const metrics = this.capabilityAnalyzer.getPerformanceMetrics();
|
|
72
68
|
res.json({
|
|
73
69
|
status: 'healthy',
|
|
74
|
-
uptime: Math.round(
|
|
75
|
-
|
|
76
|
-
errorCount: metrics.errorCount,
|
|
77
|
-
version: '1.3.7',
|
|
70
|
+
uptime: Math.round(process.uptime()),
|
|
71
|
+
version: '1.4.0',
|
|
78
72
|
timestamp: new Date().toISOString()
|
|
79
73
|
});
|
|
80
74
|
});
|
|
81
75
|
|
|
82
76
|
|
|
83
|
-
// Capability analysis endpoint
|
|
84
|
-
this.app.post('/api/analyze-vendor-response', async (req, res) => {
|
|
85
|
-
try {
|
|
86
|
-
const { vendor_name, safeguard_id, response_text } = req.body;
|
|
87
|
-
|
|
88
|
-
this.validateInput(req.body, ['vendor_name', 'safeguard_id', 'response_text']);
|
|
89
|
-
this.validateTextInput(response_text, 'Response text');
|
|
90
|
-
this.safeguardManager.validateSafeguardId(safeguard_id);
|
|
91
|
-
|
|
92
|
-
const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
|
|
93
|
-
if (!safeguard) {
|
|
94
|
-
return res.status(404).json(this.createErrorResponse('Safeguard not found'));
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
const result = this.capabilityAnalyzer.performCapabilityAnalysis(
|
|
98
|
-
vendor_name,
|
|
99
|
-
safeguard,
|
|
100
|
-
response_text
|
|
101
|
-
);
|
|
102
|
-
|
|
103
|
-
res.json(result);
|
|
104
|
-
} catch (error) {
|
|
105
|
-
console.error('[HTTP Server] analyze-vendor-response error:', error);
|
|
106
|
-
res.status(400).json(this.createErrorResponse(error instanceof Error ? error.message : 'Unknown error'));
|
|
107
|
-
}
|
|
108
|
-
});
|
|
109
|
-
|
|
110
77
|
|
|
111
78
|
// Get safeguard details endpoint
|
|
112
79
|
this.app.get('/api/safeguards/:safeguardId', (req, res) => {
|
|
@@ -145,47 +112,19 @@ export class FrameworkHttpServer {
|
|
|
145
112
|
}
|
|
146
113
|
});
|
|
147
114
|
|
|
148
|
-
// Performance metrics endpoint
|
|
149
|
-
this.app.get('/api/metrics', (req, res) => {
|
|
150
|
-
try {
|
|
151
|
-
const metrics = this.capabilityAnalyzer.getPerformanceMetrics();
|
|
152
|
-
|
|
153
|
-
res.json({
|
|
154
|
-
uptime_seconds: Math.round((Date.now() - metrics.uptime) / 1000),
|
|
155
|
-
total_requests: metrics.totalRequests,
|
|
156
|
-
error_count: metrics.errorCount,
|
|
157
|
-
error_rate: metrics.totalRequests > 0 ?
|
|
158
|
-
((metrics.errorCount / metrics.totalRequests) * 100).toFixed(2) + '%' : '0%',
|
|
159
|
-
request_counts: Object.fromEntries(metrics.requestCounts),
|
|
160
|
-
timestamp: new Date().toISOString()
|
|
161
|
-
});
|
|
162
|
-
} catch (error) {
|
|
163
|
-
console.error('[HTTP Server] metrics error:', error);
|
|
164
|
-
res.status(500).json(this.createErrorResponse('Metrics unavailable'));
|
|
165
|
-
}
|
|
166
|
-
});
|
|
167
115
|
|
|
168
116
|
// API documentation endpoint
|
|
169
117
|
this.app.get('/api', (req, res) => {
|
|
170
118
|
res.json({
|
|
171
119
|
name: 'Framework MCP HTTP API',
|
|
172
|
-
version: '1.
|
|
173
|
-
description: '
|
|
120
|
+
version: '1.4.0',
|
|
121
|
+
description: 'Pure Data Provider serving authentic CIS Controls Framework data',
|
|
174
122
|
endpoints: {
|
|
175
|
-
'POST /api/analyze-vendor-response': 'Primary capability analysis for vendor responses',
|
|
176
123
|
'GET /api/safeguards': 'List all available CIS safeguards',
|
|
177
124
|
'GET /api/safeguards/:id': 'Get detailed safeguard breakdown',
|
|
178
125
|
'GET /health': 'Health check endpoint',
|
|
179
|
-
'GET /api/metrics': 'Performance metrics',
|
|
180
126
|
'GET /api': 'This documentation'
|
|
181
127
|
},
|
|
182
|
-
capabilities: [
|
|
183
|
-
'FULL - Complete implementation of safeguard',
|
|
184
|
-
'PARTIAL - Limited scope implementation',
|
|
185
|
-
'FACILITATES - Enhancement capabilities',
|
|
186
|
-
'GOVERNANCE - Policy/process management',
|
|
187
|
-
'VALIDATES - Evidence collection and reporting'
|
|
188
|
-
],
|
|
189
128
|
framework: 'CIS Controls v8.1 (153 safeguards)',
|
|
190
129
|
deployment: 'DigitalOcean App Services compatible'
|
|
191
130
|
});
|
|
@@ -219,40 +158,6 @@ export class FrameworkHttpServer {
|
|
|
219
158
|
});
|
|
220
159
|
}
|
|
221
160
|
|
|
222
|
-
private validateInput(body: any, requiredFields: string[]): void {
|
|
223
|
-
if (!body || typeof body !== 'object') {
|
|
224
|
-
throw new Error('Request body is required and must be valid JSON');
|
|
225
|
-
}
|
|
226
|
-
|
|
227
|
-
for (const field of requiredFields) {
|
|
228
|
-
if (!body[field] || typeof body[field] !== 'string') {
|
|
229
|
-
throw new Error(`Field '${field}' is required and must be a non-empty string`);
|
|
230
|
-
}
|
|
231
|
-
}
|
|
232
|
-
}
|
|
233
|
-
|
|
234
|
-
private validateTextInput(text: string, fieldName: string): void {
|
|
235
|
-
if (typeof text !== 'string') {
|
|
236
|
-
throw new Error(`${fieldName} must be a string`);
|
|
237
|
-
}
|
|
238
|
-
|
|
239
|
-
if (text.length < 10) {
|
|
240
|
-
throw new Error(`${fieldName} must be at least 10 characters long`);
|
|
241
|
-
}
|
|
242
|
-
|
|
243
|
-
if (text.length > 10000) {
|
|
244
|
-
throw new Error(`${fieldName} must be less than 10,000 characters`);
|
|
245
|
-
}
|
|
246
|
-
}
|
|
247
|
-
|
|
248
|
-
private validateCapability(capability: string): void {
|
|
249
|
-
const validCapabilities = ['full', 'partial', 'facilitates', 'governance', 'validates'];
|
|
250
|
-
|
|
251
|
-
if (!validCapabilities.includes(capability.toLowerCase())) {
|
|
252
|
-
throw new Error(`Invalid capability '${capability}'. Valid options: ${validCapabilities.join(', ')}`);
|
|
253
|
-
}
|
|
254
|
-
}
|
|
255
|
-
|
|
256
161
|
private createErrorResponse(error: string, details?: string): ErrorResponse {
|
|
257
162
|
return {
|
|
258
163
|
error,
|
|
@@ -263,11 +168,11 @@ export class FrameworkHttpServer {
|
|
|
263
168
|
|
|
264
169
|
public start(): void {
|
|
265
170
|
this.app.listen(this.port, '0.0.0.0', () => {
|
|
266
|
-
console.log(`🚀 Framework MCP HTTP Server v1.
|
|
171
|
+
console.log(`🚀 Framework MCP HTTP Server v1.4.0 running on port ${this.port}`);
|
|
267
172
|
console.log(`📊 Health check: http://localhost:${this.port}/health`);
|
|
268
173
|
console.log(`📖 API docs: http://localhost:${this.port}/api`);
|
|
269
174
|
console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
|
|
270
|
-
console.log(
|
|
175
|
+
console.log(`📊 Pure Data Provider - CIS Controls v8.1`);
|
|
271
176
|
});
|
|
272
177
|
|
|
273
178
|
// Graceful shutdown handling
|
|
@@ -8,23 +8,20 @@ import {
|
|
|
8
8
|
Tool,
|
|
9
9
|
} from '@modelcontextprotocol/sdk/types.js';
|
|
10
10
|
|
|
11
|
-
import { CapabilityAnalyzer } from '../../core/capability-analyzer.js';
|
|
12
11
|
import { SafeguardManager } from '../../core/safeguard-manager.js';
|
|
13
12
|
|
|
14
13
|
export class FrameworkMcpServer {
|
|
15
14
|
private server: Server;
|
|
16
|
-
private capabilityAnalyzer: CapabilityAnalyzer;
|
|
17
15
|
private safeguardManager: SafeguardManager;
|
|
18
16
|
|
|
19
17
|
constructor() {
|
|
20
18
|
this.server = new Server(
|
|
21
19
|
{
|
|
22
20
|
name: 'framework-analyzer',
|
|
23
|
-
version: '1.
|
|
21
|
+
version: '1.4.0',
|
|
24
22
|
}
|
|
25
23
|
);
|
|
26
24
|
|
|
27
|
-
this.capabilityAnalyzer = new CapabilityAnalyzer();
|
|
28
25
|
this.safeguardManager = new SafeguardManager();
|
|
29
26
|
|
|
30
27
|
this.setupHandlers();
|
|
@@ -35,28 +32,6 @@ export class FrameworkMcpServer {
|
|
|
35
32
|
this.server.setRequestHandler(ListToolsRequestSchema, async () => {
|
|
36
33
|
return {
|
|
37
34
|
tools: [
|
|
38
|
-
{
|
|
39
|
-
name: 'analyze_vendor_response',
|
|
40
|
-
description: 'Determine vendor tool capability role for specific safeguard',
|
|
41
|
-
inputSchema: {
|
|
42
|
-
type: 'object',
|
|
43
|
-
properties: {
|
|
44
|
-
vendor_name: {
|
|
45
|
-
type: 'string',
|
|
46
|
-
description: 'Name of the vendor'
|
|
47
|
-
},
|
|
48
|
-
safeguard_id: {
|
|
49
|
-
type: 'string',
|
|
50
|
-
description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
|
|
51
|
-
},
|
|
52
|
-
response_text: {
|
|
53
|
-
type: 'string',
|
|
54
|
-
description: 'Vendor response text to analyze'
|
|
55
|
-
}
|
|
56
|
-
},
|
|
57
|
-
required: ['vendor_name', 'safeguard_id', 'response_text']
|
|
58
|
-
}
|
|
59
|
-
} as Tool,
|
|
60
35
|
{
|
|
61
36
|
name: 'get_safeguard_details',
|
|
62
37
|
description: 'Get detailed safeguard breakdown',
|
|
@@ -94,9 +69,6 @@ export class FrameworkMcpServer {
|
|
|
94
69
|
|
|
95
70
|
try {
|
|
96
71
|
switch (name) {
|
|
97
|
-
case 'analyze_vendor_response':
|
|
98
|
-
return await this.analyzeVendorResponse(args);
|
|
99
|
-
|
|
100
72
|
case 'get_safeguard_details':
|
|
101
73
|
return await this.getSafeguardDetails(args);
|
|
102
74
|
|
|
@@ -126,29 +98,6 @@ export class FrameworkMcpServer {
|
|
|
126
98
|
}
|
|
127
99
|
|
|
128
100
|
|
|
129
|
-
private async analyzeVendorResponse(args: any) {
|
|
130
|
-
const { vendor_name = 'Unknown Vendor', safeguard_id, response_text } = args;
|
|
131
|
-
|
|
132
|
-
this.validateTextInput(response_text, 'Response text');
|
|
133
|
-
this.safeguardManager.validateSafeguardId(safeguard_id);
|
|
134
|
-
|
|
135
|
-
const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id);
|
|
136
|
-
if (!safeguard) {
|
|
137
|
-
throw new Error(`Safeguard ${safeguard_id} not found`);
|
|
138
|
-
}
|
|
139
|
-
|
|
140
|
-
const analysis = this.capabilityAnalyzer.performCapabilityAnalysis(vendor_name, safeguard, response_text);
|
|
141
|
-
|
|
142
|
-
return {
|
|
143
|
-
content: [
|
|
144
|
-
{
|
|
145
|
-
type: 'text',
|
|
146
|
-
text: JSON.stringify(analysis, null, 2),
|
|
147
|
-
},
|
|
148
|
-
],
|
|
149
|
-
};
|
|
150
|
-
}
|
|
151
|
-
|
|
152
101
|
private async getSafeguardDetails(args: any) {
|
|
153
102
|
const { safeguard_id, include_examples = false } = args;
|
|
154
103
|
|
|
@@ -180,35 +129,13 @@ export class FrameworkMcpServer {
|
|
|
180
129
|
safeguards,
|
|
181
130
|
total: safeguards.length,
|
|
182
131
|
framework: 'CIS Controls v8.1',
|
|
183
|
-
version: '1.
|
|
132
|
+
version: '1.4.0'
|
|
184
133
|
}, null, 2),
|
|
185
134
|
},
|
|
186
135
|
],
|
|
187
136
|
};
|
|
188
137
|
}
|
|
189
138
|
|
|
190
|
-
private validateTextInput(text: string, fieldName: string): void {
|
|
191
|
-
if (typeof text !== 'string') {
|
|
192
|
-
throw new Error(`${fieldName} must be a string`);
|
|
193
|
-
}
|
|
194
|
-
|
|
195
|
-
if (text.length < 10) {
|
|
196
|
-
throw new Error(`${fieldName} must be at least 10 characters long`);
|
|
197
|
-
}
|
|
198
|
-
|
|
199
|
-
if (text.length > 10000) {
|
|
200
|
-
throw new Error(`${fieldName} must be less than 10,000 characters`);
|
|
201
|
-
}
|
|
202
|
-
}
|
|
203
|
-
|
|
204
|
-
private validateCapability(capability: string): void {
|
|
205
|
-
const validCapabilities = ['full', 'partial', 'facilitates', 'governance', 'validates'];
|
|
206
|
-
|
|
207
|
-
if (!validCapabilities.includes(capability.toLowerCase())) {
|
|
208
|
-
throw new Error(`Invalid capability '${capability}'. Valid options: ${validCapabilities.join(', ')}`);
|
|
209
|
-
}
|
|
210
|
-
}
|
|
211
|
-
|
|
212
139
|
private formatErrorMessage(error: unknown, toolName: string): string {
|
|
213
140
|
if (error instanceof Error) {
|
|
214
141
|
// Provide helpful guidance for common errors
|
|
@@ -216,14 +143,6 @@ export class FrameworkMcpServer {
|
|
|
216
143
|
return `${error.message}. Use list_available_safeguards to see all available options.`;
|
|
217
144
|
}
|
|
218
145
|
|
|
219
|
-
if (error.message.includes('Invalid capability')) {
|
|
220
|
-
return `${error.message}. Capability roles determine what function the vendor tool plays in safeguard implementation.`;
|
|
221
|
-
}
|
|
222
|
-
|
|
223
|
-
if (error.message.includes('characters')) {
|
|
224
|
-
return `${error.message}. Ensure your input text is substantive enough for analysis.`;
|
|
225
|
-
}
|
|
226
|
-
|
|
227
146
|
return error.message;
|
|
228
147
|
}
|
|
229
148
|
|
|
@@ -234,8 +153,8 @@ export class FrameworkMcpServer {
|
|
|
234
153
|
const transport = new StdioServerTransport();
|
|
235
154
|
await this.server.connect(transport);
|
|
236
155
|
|
|
237
|
-
console.error('🤖 Framework MCP Server v1.
|
|
238
|
-
console.error('📊
|
|
156
|
+
console.error('🤖 Framework MCP Server v1.4.0 running via stdio');
|
|
157
|
+
console.error('📊 Pure Data Provider for CIS Controls v8.1');
|
|
239
158
|
}
|
|
240
159
|
}
|
|
241
160
|
|
package/src/shared/types.ts
CHANGED
|
@@ -14,6 +14,13 @@ export interface SafeguardElement {
|
|
|
14
14
|
implementationSuggestions: string[]; // Gray - Suggestions for implementation
|
|
15
15
|
relatedSafeguards: string[];
|
|
16
16
|
keywords: string[];
|
|
17
|
+
systemPrompt?: {
|
|
18
|
+
role: string; // e.g., "asset_inventory_expert", "access_control_specialist"
|
|
19
|
+
context: string; // Brief context about the safeguard for AI understanding
|
|
20
|
+
objective: string; // What the AI should accomplish
|
|
21
|
+
guidelines: string[]; // Specific evaluation criteria and methods
|
|
22
|
+
outputFormat: string; // Expected response structure for n8n processing
|
|
23
|
+
};
|
|
17
24
|
}
|
|
18
25
|
|
|
19
26
|
export interface VendorAnalysis {
|
package/swagger.json
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
{
|
|
2
2
|
"openapi": "3.0.3",
|
|
3
3
|
"info": {
|
|
4
|
-
"title": "Framework MCP API -
|
|
5
|
-
"description": "Microsoft Copilot-compatible API
|
|
6
|
-
"version": "1.
|
|
4
|
+
"title": "Framework MCP API - Pure Data Provider",
|
|
5
|
+
"description": "Microsoft Copilot-compatible API providing authoritative CIS Controls Framework v8.1 data (153 safeguards). Pure Data Provider architecture empowers LLMs with structured safeguards data and AI-driven systemPrompts for sophisticated, context-aware vendor capability analysis and n8n workflow automation.",
|
|
6
|
+
"version": "1.5.0",
|
|
7
7
|
"contact": {
|
|
8
8
|
"name": "Framework MCP Support",
|
|
9
9
|
"url": "https://github.com/therealcybermattlee/FrameworkMCP"
|
|
@@ -44,56 +44,6 @@
|
|
|
44
44
|
}
|
|
45
45
|
}
|
|
46
46
|
},
|
|
47
|
-
"/api/analyze-vendor-response": {
|
|
48
|
-
"post": {
|
|
49
|
-
"summary": "Analyze Vendor Response (PRIMARY)",
|
|
50
|
-
"description": "Primary endpoint for analyzing vendor response text to determine appropriate capability role for CIS safeguards",
|
|
51
|
-
"operationId": "analyzeVendorResponse",
|
|
52
|
-
"tags": ["Capability Assessment"],
|
|
53
|
-
"requestBody": {
|
|
54
|
-
"required": true,
|
|
55
|
-
"content": {
|
|
56
|
-
"application/json": {
|
|
57
|
-
"schema": {
|
|
58
|
-
"$ref": "#/components/schemas/AnalysisRequest"
|
|
59
|
-
}
|
|
60
|
-
}
|
|
61
|
-
}
|
|
62
|
-
},
|
|
63
|
-
"responses": {
|
|
64
|
-
"200": {
|
|
65
|
-
"description": "Analysis completed successfully",
|
|
66
|
-
"content": {
|
|
67
|
-
"application/json": {
|
|
68
|
-
"schema": {
|
|
69
|
-
"$ref": "#/components/schemas/VendorAnalysisResponse"
|
|
70
|
-
}
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
},
|
|
74
|
-
"400": {
|
|
75
|
-
"description": "Invalid request parameters",
|
|
76
|
-
"content": {
|
|
77
|
-
"application/json": {
|
|
78
|
-
"schema": {
|
|
79
|
-
"$ref": "#/components/schemas/ErrorResponse"
|
|
80
|
-
}
|
|
81
|
-
}
|
|
82
|
-
}
|
|
83
|
-
},
|
|
84
|
-
"404": {
|
|
85
|
-
"description": "Safeguard not found",
|
|
86
|
-
"content": {
|
|
87
|
-
"application/json": {
|
|
88
|
-
"schema": {
|
|
89
|
-
"$ref": "#/components/schemas/ErrorResponse"
|
|
90
|
-
}
|
|
91
|
-
}
|
|
92
|
-
}
|
|
93
|
-
}
|
|
94
|
-
}
|
|
95
|
-
}
|
|
96
|
-
},
|
|
97
47
|
"/api/safeguards": {
|
|
98
48
|
"get": {
|
|
99
49
|
"summary": "List Available Safeguards",
|
|
@@ -117,7 +67,7 @@
|
|
|
117
67
|
"/api/safeguards/{safeguardId}": {
|
|
118
68
|
"get": {
|
|
119
69
|
"summary": "Get Safeguard Details",
|
|
120
|
-
"description": "Get detailed information about a specific CIS safeguard including governance elements, core requirements, and
|
|
70
|
+
"description": "Get detailed information about a specific CIS safeguard including governance elements, core requirements, implementation suggestions, and AI-driven systemPrompt for n8n workflow integration",
|
|
121
71
|
"operationId": "getSafeguardDetails",
|
|
122
72
|
"tags": ["Safeguards"],
|
|
123
73
|
"parameters": [
|
|
@@ -220,112 +170,6 @@
|
|
|
220
170
|
},
|
|
221
171
|
"components": {
|
|
222
172
|
"schemas": {
|
|
223
|
-
"CapabilityRole": {
|
|
224
|
-
"type": "string",
|
|
225
|
-
"enum": ["full", "partial", "facilitates", "governance", "validates"],
|
|
226
|
-
"description": "Vendor tool capability roles:\n- FULL: Complete implementation of safeguard\n- PARTIAL: Limited scope implementation\n- FACILITATES: Enhancement capabilities that enable better/faster/stronger implementation\n- GOVERNANCE: Policy/process management and oversight\n- VALIDATES: Evidence collection, audit, and reporting"
|
|
227
|
-
},
|
|
228
|
-
"AnalysisRequest": {
|
|
229
|
-
"type": "object",
|
|
230
|
-
"required": ["vendor_name", "safeguard_id", "response_text"],
|
|
231
|
-
"properties": {
|
|
232
|
-
"vendor_name": {
|
|
233
|
-
"type": "string",
|
|
234
|
-
"description": "Name of the vendor",
|
|
235
|
-
"minLength": 1,
|
|
236
|
-
"maxLength": 100,
|
|
237
|
-
"example": "Microsoft Defender"
|
|
238
|
-
},
|
|
239
|
-
"safeguard_id": {
|
|
240
|
-
"type": "string",
|
|
241
|
-
"pattern": "^[0-9]+\\.[0-9]+$",
|
|
242
|
-
"description": "CIS safeguard ID",
|
|
243
|
-
"example": "5.1"
|
|
244
|
-
},
|
|
245
|
-
"response_text": {
|
|
246
|
-
"type": "string",
|
|
247
|
-
"description": "Vendor response text to analyze for capability determination",
|
|
248
|
-
"minLength": 10,
|
|
249
|
-
"maxLength": 10000,
|
|
250
|
-
"example": "We provide centralized account management with role-based access controls, automated provisioning and deprovisioning, and integration with Active Directory for enterprise identity management."
|
|
251
|
-
}
|
|
252
|
-
}
|
|
253
|
-
},
|
|
254
|
-
"VendorAnalysisResponse": {
|
|
255
|
-
"type": "object",
|
|
256
|
-
"properties": {
|
|
257
|
-
"vendor": {
|
|
258
|
-
"type": "string",
|
|
259
|
-
"description": "Name of the vendor or tool",
|
|
260
|
-
"example": "Microsoft Defender"
|
|
261
|
-
},
|
|
262
|
-
"safeguardId": {
|
|
263
|
-
"type": "string",
|
|
264
|
-
"description": "CIS safeguard ID",
|
|
265
|
-
"example": "5.1"
|
|
266
|
-
},
|
|
267
|
-
"safeguardTitle": {
|
|
268
|
-
"type": "string",
|
|
269
|
-
"description": "Title of the CIS safeguard",
|
|
270
|
-
"example": "Establish and Maintain an Inventory of Accounts"
|
|
271
|
-
},
|
|
272
|
-
"capability": {
|
|
273
|
-
"$ref": "#/components/schemas/CapabilityRole",
|
|
274
|
-
"description": "Primary capability categorization"
|
|
275
|
-
},
|
|
276
|
-
"capabilities": {
|
|
277
|
-
"type": "object",
|
|
278
|
-
"description": "Detailed capability breakdown",
|
|
279
|
-
"properties": {
|
|
280
|
-
"full": {
|
|
281
|
-
"type": "boolean",
|
|
282
|
-
"description": "Directly implements the core safeguard functionality"
|
|
283
|
-
},
|
|
284
|
-
"partial": {
|
|
285
|
-
"type": "boolean",
|
|
286
|
-
"description": "Implements limited aspects of the safeguard"
|
|
287
|
-
},
|
|
288
|
-
"facilitates": {
|
|
289
|
-
"type": "boolean",
|
|
290
|
-
"description": "Enhances or enables safeguard implementation by others"
|
|
291
|
-
},
|
|
292
|
-
"governance": {
|
|
293
|
-
"type": "boolean",
|
|
294
|
-
"description": "Provides policy, process, and oversight capabilities"
|
|
295
|
-
},
|
|
296
|
-
"validates": {
|
|
297
|
-
"type": "boolean",
|
|
298
|
-
"description": "Provides evidence, audit, and validation reporting"
|
|
299
|
-
}
|
|
300
|
-
}
|
|
301
|
-
},
|
|
302
|
-
"confidence": {
|
|
303
|
-
"type": "number",
|
|
304
|
-
"minimum": 0,
|
|
305
|
-
"maximum": 100,
|
|
306
|
-
"description": "Confidence score in the assessment"
|
|
307
|
-
},
|
|
308
|
-
"reasoning": {
|
|
309
|
-
"type": "string",
|
|
310
|
-
"description": "Detailed explanation of the capability determination"
|
|
311
|
-
},
|
|
312
|
-
"evidence": {
|
|
313
|
-
"type": "array",
|
|
314
|
-
"items": {
|
|
315
|
-
"type": "string"
|
|
316
|
-
},
|
|
317
|
-
"description": "Evidence supporting the capability assessment"
|
|
318
|
-
},
|
|
319
|
-
"toolCapabilityDescription": {
|
|
320
|
-
"type": "string",
|
|
321
|
-
"description": "Description of what type of tool this is and its role"
|
|
322
|
-
},
|
|
323
|
-
"recommendedUse": {
|
|
324
|
-
"type": "string",
|
|
325
|
-
"description": "How practitioners should use this tool for the safeguard"
|
|
326
|
-
}
|
|
327
|
-
}
|
|
328
|
-
},
|
|
329
173
|
"SafeguardListResponse": {
|
|
330
174
|
"type": "object",
|
|
331
175
|
"properties": {
|
|
@@ -411,6 +255,41 @@
|
|
|
411
255
|
"type": "string"
|
|
412
256
|
},
|
|
413
257
|
"description": "Implementation methods and suggestions (Gray elements)"
|
|
258
|
+
},
|
|
259
|
+
"systemPrompt": {
|
|
260
|
+
"type": "object",
|
|
261
|
+
"description": "AI-driven system prompt for n8n workflow automation and vendor analysis",
|
|
262
|
+
"properties": {
|
|
263
|
+
"role": {
|
|
264
|
+
"type": "string",
|
|
265
|
+
"description": "Expert role for the specific control type",
|
|
266
|
+
"example": "asset_inventory_expert"
|
|
267
|
+
},
|
|
268
|
+
"context": {
|
|
269
|
+
"type": "string",
|
|
270
|
+
"description": "Brief context about the safeguard for AI understanding",
|
|
271
|
+
"example": "You are evaluating enterprise asset inventory solutions against CIS Control 1.1 requirements"
|
|
272
|
+
},
|
|
273
|
+
"objective": {
|
|
274
|
+
"type": "string",
|
|
275
|
+
"description": "What the AI should accomplish",
|
|
276
|
+
"example": "Determine if vendor solution provides complete asset inventory capabilities"
|
|
277
|
+
},
|
|
278
|
+
"guidelines": {
|
|
279
|
+
"type": "array",
|
|
280
|
+
"items": {
|
|
281
|
+
"type": "string"
|
|
282
|
+
},
|
|
283
|
+
"description": "Specific evaluation criteria and methods",
|
|
284
|
+
"example": ["Verify coverage of all asset types", "Confirm data collection accuracy"]
|
|
285
|
+
},
|
|
286
|
+
"outputFormat": {
|
|
287
|
+
"type": "string",
|
|
288
|
+
"description": "Expected response structure for n8n processing",
|
|
289
|
+
"example": "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
|
|
290
|
+
}
|
|
291
|
+
},
|
|
292
|
+
"required": ["role", "context", "objective", "guidelines", "outputFormat"]
|
|
414
293
|
}
|
|
415
294
|
}
|
|
416
295
|
},
|
|
@@ -435,7 +314,7 @@
|
|
|
435
314
|
},
|
|
436
315
|
"version": {
|
|
437
316
|
"type": "string",
|
|
438
|
-
"example": "1.
|
|
317
|
+
"example": "1.5.0"
|
|
439
318
|
},
|
|
440
319
|
"timestamp": {
|
|
441
320
|
"type": "string",
|
|
@@ -480,11 +359,11 @@
|
|
|
480
359
|
},
|
|
481
360
|
"version": {
|
|
482
361
|
"type": "string",
|
|
483
|
-
"example": "1.
|
|
362
|
+
"example": "1.5.0"
|
|
484
363
|
},
|
|
485
364
|
"description": {
|
|
486
365
|
"type": "string",
|
|
487
|
-
"example": "
|
|
366
|
+
"example": "Pure Data Provider API serving authoritative CIS Controls Framework data for LLM-driven analysis"
|
|
488
367
|
},
|
|
489
368
|
"endpoints": {
|
|
490
369
|
"type": "object",
|
|
@@ -530,13 +409,9 @@
|
|
|
530
409
|
}
|
|
531
410
|
},
|
|
532
411
|
"tags": [
|
|
533
|
-
{
|
|
534
|
-
"name": "Capability Assessment",
|
|
535
|
-
"description": "Primary API endpoints for vendor capability assessment against CIS Controls"
|
|
536
|
-
},
|
|
537
412
|
{
|
|
538
413
|
"name": "Safeguards",
|
|
539
|
-
"description": "CIS Controls safeguards
|
|
414
|
+
"description": "Authoritative CIS Controls safeguards data for LLM-driven analysis"
|
|
540
415
|
},
|
|
541
416
|
{
|
|
542
417
|
"name": "Monitoring",
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
import { SafeguardElement, VendorAnalysis, PerformanceMetrics } from '../shared/types.js';
|
|
2
|
-
export declare class CapabilityAnalyzer {
|
|
3
|
-
private cache;
|
|
4
|
-
private performanceMetrics;
|
|
5
|
-
constructor();
|
|
6
|
-
performCapabilityAnalysis(vendorName: string, safeguard: SafeguardElement, responseText: string): VendorAnalysis;
|
|
7
|
-
private determineClaimedCapability;
|
|
8
|
-
private assessCapabilityQuality;
|
|
9
|
-
private assessImplementationQuality;
|
|
10
|
-
private assessFacilitationQuality;
|
|
11
|
-
private assessGovernanceQuality;
|
|
12
|
-
private assessValidationQuality;
|
|
13
|
-
private generateCapabilityAnalysis;
|
|
14
|
-
private generateToolCapabilityDescription;
|
|
15
|
-
private generateRecommendedUse;
|
|
16
|
-
private calculateKeywordScore;
|
|
17
|
-
private calculateElementCoverage;
|
|
18
|
-
private recordToolExecution;
|
|
19
|
-
private logPerformanceStats;
|
|
20
|
-
private cleanupExpiredCache;
|
|
21
|
-
getPerformanceMetrics(): PerformanceMetrics;
|
|
22
|
-
}
|
|
23
|
-
//# sourceMappingURL=capability-analyzer.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"capability-analyzer.d.ts","sourceRoot":"","sources":["../../src/core/capability-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAInB,MAAM,oBAAoB,CAAC;AAG5B,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,kBAAkB,CAAqB;;IAmBxC,yBAAyB,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,GAAG,cAAc;IA4BvH,OAAO,CAAC,0BAA0B;IAwDlC,OAAO,CAAC,uBAAuB;IAoC/B,OAAO,CAAC,2BAA2B;IAmCnC,OAAO,CAAC,yBAAyB;IA6BjC,OAAO,CAAC,uBAAuB;IA6B/B,OAAO,CAAC,uBAAuB;IA6B/B,OAAO,CAAC,0BAA0B;IAgClC,OAAO,CAAC,iCAAiC;IAmBzC,OAAO,CAAC,sBAAsB;IAgB9B,OAAO,CAAC,qBAAqB;IAU7B,OAAO,CAAC,wBAAwB;IAUhC,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,mBAAmB;IAe3B,OAAO,CAAC,mBAAmB;IAkBpB,qBAAqB,IAAI,kBAAkB;CAGnD"}
|