framework-mcp 1.5.2 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/.claude/commands/speckit.analyze.md +184 -0
  2. package/.claude/commands/speckit.checklist.md +294 -0
  3. package/.claude/commands/speckit.clarify.md +181 -0
  4. package/.claude/commands/speckit.constitution.md +82 -0
  5. package/.claude/commands/speckit.implement.md +135 -0
  6. package/.claude/commands/speckit.plan.md +89 -0
  7. package/.claude/commands/speckit.specify.md +258 -0
  8. package/.claude/commands/speckit.tasks.md +137 -0
  9. package/.claude/commands/speckit.taskstoissues.md +30 -0
  10. package/.do/app.yaml +1 -1
  11. package/.github/dependabot.yml +15 -0
  12. package/.github/workflows/ci.yml +19 -1
  13. package/.specify/memory/constitution.md +50 -0
  14. package/.specify/scripts/bash/check-prerequisites.sh +166 -0
  15. package/.specify/scripts/bash/common.sh +156 -0
  16. package/.specify/scripts/bash/create-new-feature.sh +297 -0
  17. package/.specify/scripts/bash/setup-plan.sh +61 -0
  18. package/.specify/scripts/bash/update-agent-context.sh +799 -0
  19. package/.specify/templates/agent-file-template.md +28 -0
  20. package/.specify/templates/checklist-template.md +40 -0
  21. package/.specify/templates/plan-template.md +104 -0
  22. package/.specify/templates/spec-template.md +115 -0
  23. package/.specify/templates/tasks-template.md +251 -0
  24. package/README.md +84 -435
  25. package/dist/core/safeguard-manager.d.ts.map +1 -1
  26. package/dist/core/safeguard-manager.js +7295 -2700
  27. package/dist/core/safeguard-manager.js.map +1 -1
  28. package/dist/interfaces/http/http-server.d.ts +2 -0
  29. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  30. package/dist/interfaces/http/http-server.js +95 -3
  31. package/dist/interfaces/http/http-server.js.map +1 -1
  32. package/dist/interfaces/mcp/mcp-server.js +3 -3
  33. package/dist/shared/types.d.ts +85 -2
  34. package/dist/shared/types.d.ts.map +1 -1
  35. package/dist/shared/types.js +132 -1
  36. package/dist/shared/types.js.map +1 -1
  37. package/package.json +7 -4
  38. package/scripts/standardize-prompts.js +325 -0
  39. package/scripts/validate-capability-prompts.js +110 -0
  40. package/src/core/safeguard-manager.ts +12376 -2586
  41. package/src/interfaces/http/http-server.ts +109 -4
  42. package/src/interfaces/mcp/mcp-server.ts +3 -3
  43. package/src/shared/types.ts +268 -2
  44. package/swagger.json +58 -38
  45. package/CAPABILITY_TRANSFORMATION_SUMMARY.md +0 -158
  46. package/CIS_CONTROLS_IMPLEMENTATION_PLAN.md +0 -220
  47. package/COPILOT_INTEGRATION.md +0 -322
  48. package/DAYS_5_6_COMPLETION_SUMMARY.md +0 -178
  49. package/DEPLOYMENT_GUIDE.md +0 -334
  50. package/DEPLOYMENT_SUMMARY_v1.1.3.md +0 -211
  51. package/MCP_INTEGRATION_GUIDE.md +0 -285
  52. package/MIGRATION_GUIDE_v1.4.0.md +0 -190
  53. package/RELEASE_NOTES_v1.1.3.md +0 -321
  54. package/RELEASE_NOTES_v1.2.0.md +0 -396
  55. package/RELEASE_NOTES_v1.3.7.md +0 -275
  56. package/RELEASE_NOTES_v1.4.0.md +0 -178
  57. package/SAFEGUARDS_VERIFICATION_LOG.md +0 -157
  58. package/coordinator-bot-compact.txt +0 -33
  59. package/coordinator-bot-system-prompt.md +0 -192
  60. package/docs/installation.md +0 -71
  61. package/scripts/analyze-data-structure.cjs +0 -74
  62. package/scripts/clean-safeguards-data.cjs +0 -60
  63. package/scripts/comprehensive-validation.cjs +0 -176
  64. package/scripts/count-safeguards.cjs +0 -89
  65. package/scripts/format-safeguards-proper.cjs +0 -44
  66. package/scripts/validate-formatted-data.cjs +0 -88
  67. package/test_capability_integration.js +0 -73
  68. package/test_comprehensive_scenarios.js +0 -192
  69. package/test_enhanced_detection.js +0 -74
  70. package/test_integrated_validation.js +0 -112
  71. package/test_language_update.js +0 -101
  72. package/test_live_validation.json +0 -12
  73. package/test_performance_monitoring.js +0 -124
  74. package/test_runner_automated.js +0 -156
  75. package/test_suite_comprehensive.js +0 -218
package/README.md CHANGED
@@ -1,99 +1,43 @@
1
- # Vendor Framework Analyzer MCP Server
1
+ # Framework MCP
2
2
 
3
3
  [![npm version](https://badge.fury.io/js/framework-mcp.svg)](https://badge.fury.io/js/framework-mcp)
4
4
  [![License: CC BY 4.0](https://img.shields.io/badge/License-CC%20BY%204.0-lightgrey.svg)](https://creativecommons.org/licenses/by/4.0/)
5
- [![GitHub](https://img.shields.io/github/stars/therealcybermattlee/FrameworkMCP?style=social)](https://github.com/therealcybermattlee/FrameworkMCP)
6
- [![Website](https://img.shields.io/badge/Website-cyberrise.org-blue)](https://cyberrise.org)
7
5
 
8
- A Model Context Protocol (MCP) server providing **authoritative CIS Controls Framework data** to empower LLMs with sophisticated, context-aware vendor capability analysis. This Pure Data Provider architecture enables security professionals to perform flexible, intelligent assessment of vendor tool capabilities against specific CIS Control safeguards.
6
+ A Model Context Protocol (MCP) server providing **authoritative CIS Controls Framework data** for LLM-driven vendor capability analysis. Access all 153 CIS v8.1 safeguards through MCP or HTTP API.
9
7
 
10
- ## 🎯 Purpose
11
-
12
- This MCP server empowers security teams to:
13
- - **Access authoritative CIS Controls data** for all 153 safeguards across 18 controls
14
- - **Leverage LLM intelligence** for sophisticated, context-aware vendor capability analysis
15
- - **Perform flexible assessment** across 5 capability types: Full, Partial, Facilitates, Governance, and Validates
16
- - **Apply custom analysis methodologies** with complete transparency and reasoning
17
-
18
- ## 🎯 The 5 Capability Roles
19
-
20
- | Capability Role | Description | LLM Analysis Approach |
21
- |-----------------|-------------|----------------------|
22
- | **FULL** | Complete implementation of safeguard requirements | LLMs assess comprehensive coverage against detailed safeguard data |
23
- | **PARTIAL** | Limited scope implementation with clear boundaries | LLMs identify scope limitations and coverage gaps |
24
- | **FACILITATES** | Enhancement capabilities that enable others to implement safeguards better/faster/stronger | LLMs recognize facilitation patterns and indirect support capabilities |
25
- | **GOVERNANCE** | Policy/process management and oversight capabilities | LLMs evaluate governance elements and process management features |
26
- | **VALIDATES** | Verification capabilities providing evidence and reporting | LLMs assess audit, monitoring, and reporting capabilities |
27
-
28
- ## 🎨 CIS Controls Framework Integration
29
-
30
- The server uses the CIS Controls visual framework with color-coded categorization:
31
-
32
- - **🟠 Orange Elements**: Governance requirements that MUST be met
33
- - **🟢 Green Elements**: Core "what" of the safeguard
34
- - **🟡 Yellow Elements**: Sub-taxonomical components
35
- - **⚫ Gray Elements**: Implementation suggestions and methods
36
-
37
- ## 🚀 Installation & Deployment
38
-
39
- ### Prerequisites
40
- - Node.js 18+
41
- - Claude Code CLI tool (for MCP usage)
42
- - Microsoft Copilot Studio (for custom connector usage)
8
+ ## Quick Start
43
9
 
44
10
  ### Install from npm
45
11
  ```bash
46
12
  npm install -g framework-mcp
47
13
  ```
48
14
 
49
- ### Update to Latest Version
50
- ```bash
51
- npm update -g framework-mcp
52
- ```
53
-
54
- Or reinstall to get the latest version:
55
- ```bash
56
- npm uninstall -g framework-mcp
57
- npm install -g framework-mcp
58
- ```
59
-
60
15
  ### Install from source
61
16
  ```bash
62
17
  git clone https://github.com/therealcybermattlee/FrameworkMCP.git
63
18
  cd FrameworkMCP
64
- npm install
65
- npm run build
66
- ```
67
-
68
- ### Cloud Deployment Options
69
-
70
- #### Option 1: DigitalOcean App Services
71
- ```bash
72
- # Deploy using the included configuration
73
- doctl apps create .do/app.yaml
19
+ npm install && npm run build
74
20
  ```
75
21
 
76
- #### Option 2: Railway
77
- ```bash
78
- railway login
79
- railway up
80
- ```
22
+ ## Configuration
81
23
 
82
- #### Option 3: Render
83
- Connect your GitHub repository and use:
84
- - **Build Command**: `npm install && npm run build`
85
- - **Start Command**: `npm run start:http`
86
- - **Port**: 8080
24
+ ### MCP Integration (Claude Code)
87
25
 
88
- #### Option 4: Microsoft Copilot Custom Connector
89
- Deploy to any cloud platform and use the included `swagger.json` for Copilot integration.
26
+ Add to `~/.config/claude-code/mcp.json`:
90
27
 
91
- ## ⚙️ Configuration
92
-
93
- ### Claude Code MCP Integration
94
-
95
- Add to your MCP configuration file (`~/.config/claude-code/mcp.json`):
28
+ ```json
29
+ {
30
+ "mcpServers": {
31
+ "framework-analyzer": {
32
+ "command": "framework-mcp",
33
+ "args": [],
34
+ "env": {}
35
+ }
36
+ }
37
+ }
38
+ ```
96
39
 
40
+ Or if installed from source:
97
41
  ```json
98
42
  {
99
43
  "mcpServers": {
@@ -106,402 +50,107 @@ Add to your MCP configuration file (`~/.config/claude-code/mcp.json`):
106
50
  }
107
51
  ```
108
52
 
109
- ### Microsoft Copilot Custom Connector Setup
110
-
111
- #### Step 1: Deploy HTTP API
112
- Deploy the Framework MCP HTTP API to any cloud platform (DigitalOcean, Railway, Render, etc.)
113
-
114
- #### Step 2: Create Custom Connector in Copilot Studio
115
- 1. Open **Microsoft Copilot Studio**
116
- 2. Navigate to **Data** → **Custom connectors**
117
- 3. Click **+ New custom connector** → **Import from OpenAPI file**
118
- 4. Upload the `swagger.json` file from this repository
119
- 5. Update the **Host** field to your deployed API URL
120
- 6. Save and test the connector
53
+ ### HTTP API (Local)
121
54
 
122
- #### Step 3: Configure Connection
123
- 1. Create a new connection using your custom connector
124
- 2. No authentication required (public API)
125
- 3. Test with the `/health` endpoint to verify connectivity
126
-
127
- #### Step 4: Create Copilot Actions
128
- In your Copilot, create actions for capability assessment:
129
-
130
- **Primary Action - Validate Vendor Capability:**
131
- ```
132
- Action: Validate Vendor Mapping
133
- Description: Validate vendor capability claims against CIS Controls through content analysis
134
- Connector: Framework MCP Custom Connector
135
- Operation: validateVendorMapping
136
- Parameters:
137
- - vendor_name: {User provided vendor name}
138
- - safeguard_id: {CIS safeguard ID like "1.1"}
139
- - claimed_capability: {full|partial|facilitates|governance|validates}
140
- - supporting_text: {Vendor response text}
141
- ```
142
-
143
- **Secondary Action - Analyze Response:**
144
- ```
145
- Action: Analyze Vendor Response
146
- Description: Determine appropriate capability role for vendor response
147
- Connector: Framework MCP Custom Connector
148
- Operation: analyzeVendorResponse
149
- Parameters:
150
- - vendor_name: {User provided vendor name}
151
- - safeguard_id: {CIS safeguard ID}
152
- - response_text: {Vendor response to analyze}
153
- ```
154
-
155
- #### Step 5: Example Copilot Prompts
156
- Once configured, users can interact with your Copilot:
157
-
158
- ```
159
- "Validate this vendor capability: CrowdStrike Falcon claims FULL coverage for safeguard 1.1 with this response: 'Our platform provides comprehensive enterprise asset inventory with real-time discovery, automated classification, and continuous monitoring of all hardware and software assets.'"
160
-
161
- "Analyze this vendor response for safeguard 5.1: Microsoft Entra ID - 'We provide centralized identity management with automated user provisioning, role-based access controls, and integration with all major business applications.'"
162
-
163
- "What are the requirements for CIS safeguard 6.3?"
164
- ```
165
-
166
- ### Verify Installation
167
55
  ```bash
168
- # For MCP usage
169
- claude-code "List available CIS Control safeguards"
170
-
171
- # For HTTP API usage
172
- curl https://your-api-url.com/health
173
-
174
- # For Copilot testing
175
- curl -X POST https://your-api-url.com/api/validate-vendor-mapping \
176
- -H "Content-Type: application/json" \
177
- -d '{"vendor_name":"Test Vendor","safeguard_id":"1.1","claimed_capability":"facilitates","supporting_text":"We provide supplemental asset tracking capabilities that enhance existing inventory systems."}'
56
+ npm run start:http
57
+ # Server runs on http://localhost:8080
178
58
  ```
179
59
 
180
- ## 📋 LLM-Driven Analysis Examples
60
+ ## API Reference
181
61
 
182
- ### Basic Vendor Capability Assessment
183
-
184
- ```bash
185
- claude-code "Get safeguard details for 5.1, then analyze this vendor response: SecureIAM Corp - 'Our tool is a full identity provider with comprehensive account management. We maintain detailed user inventories including names, usernames, departments, and access rights. Automated quarterly reviews ensure all accounts are authorized and compliant.' Determine appropriate capability role and provide confidence assessment."
186
- ```
187
-
188
- ### Context-Aware Analysis
189
-
190
- ```bash
191
- claude-code "Get safeguard 8.2 details. For a high-risk financial services environment, analyze this logging solution: 'We collect endpoint telemetry and forward logs to SIEM platforms.' Consider regulatory requirements (SOX, PCI-DSS) and determine capability role with implementation recommendations."
192
- ```
193
-
194
- ### Multi-Vendor Comparative Analysis
195
-
196
- ```bash
197
- claude-code "Get safeguard 1.1 details. Compare these asset management solutions and rank by implementation completeness for a 500-employee company: 1) Lansweeper: 'Complete network discovery and automated inventory' 2) ServiceNow: 'CMDB with manual asset entry workflows' 3) Microsoft Intune: 'Managed device tracking with Azure AD integration'. Provide deployment complexity assessment."
198
- ```
199
-
200
- ### Bulk Analysis from File
201
-
202
- Create `vendors.csv`:
203
- ```csv
204
- vendor,safeguard,response
205
- VendorA,5.1,"Complete IAM solution with policy management and quarterly reviews"
206
- VendorB,5.1,"Basic user directory with manual account tracking"
207
- VendorC,6.3,"MFA enforcement for all external applications with SSO integration"
208
- ```
209
-
210
- ```bash
211
- claude-code "Get details for safeguards referenced in vendors.csv. Analyze each vendor response, determine capability roles, and provide implementation roadmap recommendations based on organizational gaps."
212
- ```
213
-
214
- ### Claim Validation Assessment
215
-
216
- ```bash
217
- claude-code "Get safeguard 12.4 details. This vendor claims FULL capability for network boundary monitoring: 'We monitor all network traffic, identify unauthorized devices, and generate real-time alerts.' Validate this claim against the specific safeguard requirements and provide evidence-based assessment."
218
- ```
219
-
220
- ### Risk-Based Analysis
221
-
222
- ```bash
223
- claude-code "Get safeguard 11.1 details. For a healthcare organization with HIPAA requirements, assess Veeam Backup's capability: 'Automated daily backups with 99.9% recovery success rate and quarterly recovery testing.' Focus on governance and validation aspects."
224
- ```
225
-
226
- ## 📊 Sample LLM Analysis Patterns
227
-
228
- ### Context-Aware Assessment Response
229
- ```
230
- ASSESSMENT: SecureIAM Corp - Safeguard 5.1 Analysis
231
-
232
- CAPABILITY DETERMINATION: FULL + GOVERNANCE + VALIDATES
233
- CONFIDENCE: 87%
234
-
235
- ANALYSIS:
236
- Based on safeguard 5.1 requirements for comprehensive account inventory management:
237
-
238
- ✅ CORE REQUIREMENTS COVERAGE:
239
- - Complete user inventory (names, usernames, departments)
240
- - Access rights tracking and management
241
- - Identity provider capabilities with centralized management
242
-
243
- ✅ GOVERNANCE ELEMENTS:
244
- - Automated quarterly review processes
245
- - Compliance verification workflows
246
- - Policy enforcement capabilities
247
-
248
- ✅ VALIDATION CAPABILITIES:
249
- - Continuous monitoring and reporting
250
- - Authorization verification
251
- - Compliance status tracking
252
-
253
- EVIDENCE QUALITY: High - Specific implementation details provided
254
- SCOPE DEFINITION: Comprehensive enterprise account management
255
-
256
- RECOMMENDATION: Strong FULL capability alignment with additional governance and validation roles. Suitable for enterprise Implementation Group 2-3 deployments.
257
- ```
258
-
259
- ### Multi-Vendor Comparison Response
260
- ```
261
- COMPARATIVE ANALYSIS: Asset Management Solutions for Safeguard 1.1
262
-
263
- RANKING BY IMPLEMENTATION COMPLETENESS:
264
-
265
- 1. 🥇 LANSWEEPER (FULL + VALIDATES)
266
- - Comprehensive automated discovery
267
- - Network-wide asset visibility
268
- - Strong for 500-employee deployment
269
- - Implementation: Medium complexity
270
-
271
- 2. 🥈 MICROSOFT INTUNE (PARTIAL + GOVERNANCE)
272
- - Managed device focus (limited scope)
273
- - Strong Azure AD integration
274
- - Governance capabilities present
275
- - Implementation: Low complexity (if using Microsoft stack)
276
-
277
- 3. 🥉 SERVICENOW (FACILITATES + GOVERNANCE)
278
- - CMDB foundation requires manual processes
279
- - Strong workflow and governance features
280
- - Facilitates comprehensive asset management
281
- - Implementation: High complexity
282
-
283
- RECOMMENDATION: Lansweeper provides best immediate coverage for IG1 requirements. Consider Intune if Microsoft-centric environment, ServiceNow for complex enterprise with mature processes.
284
- ```
285
-
286
- ### Risk-Based Healthcare Analysis
287
- ```
288
- HIPAA-FOCUSED ANALYSIS: Veeam Backup vs Safeguard 11.1
289
-
290
- CAPABILITY: FULL + VALIDATES
291
- COMPLIANCE CONFIDENCE: 92%
292
-
293
- HIPAA CONSIDERATIONS:
294
- ✅ Recovery time objectives meet healthcare uptime requirements
295
- ✅ Quarterly testing demonstrates due diligence
296
- ✅ 99.9% success rate supports business continuity
297
-
298
- GOVERNANCE ALIGNMENT:
299
- - Documented recovery procedures (required for HIPAA)
300
- - Regular testing and validation processes
301
- - Performance metrics and reporting
302
-
303
- GAPS TO ADDRESS:
304
- - Verify encryption at rest/in transit for PHI
305
- - Confirm audit logging capabilities
306
- - Validate access controls for backup systems
307
-
308
- IMPLEMENTATION RECOMMENDATION: Strong foundation for HIPAA compliance. Supplement with documented encryption policies and access control procedures.
309
- ```
310
-
311
- ## 🔧 Available Tools
62
+ ### MCP Tools
312
63
 
313
64
  | Tool | Description |
314
65
  |------|-------------|
315
- | `get_safeguard_details` | **PRIMARY** Get detailed safeguard breakdown with structured CIS data for LLM analysis |
316
- | `list_available_safeguards` | List all available CIS safeguards (153 total) for framework exploration |
317
-
318
- **Pure Data Provider Architecture**: Framework MCP provides authoritative CIS Controls data while LLMs perform sophisticated, context-aware capability analysis with unlimited flexibility.
66
+ | `get_safeguard_details` | Get detailed safeguard breakdown with capability-specific prompts |
67
+ | `list_available_safeguards` | List all 153 CIS safeguards |
319
68
 
320
- ## 📁 File Formats Supported
69
+ ### HTTP Endpoints
321
70
 
322
- ### JSON Format
323
- ```json
324
- [
325
- {
326
- "name": "VendorName",
327
- "safeguard_id": "5.1",
328
- "response": "Vendor response text..."
329
- }
330
- ]
331
- ```
71
+ | Endpoint | Description |
72
+ |----------|-------------|
73
+ | `GET /health` | Health check |
74
+ | `GET /api` | API documentation |
75
+ | `GET /api/safeguards` | List all safeguards |
76
+ | `GET /api/safeguards/:id` | Get safeguard details |
77
+ | `GET /api/safeguards/:id?include_examples=true` | Include implementation examples |
332
78
 
333
- ### CSV Format
334
- ```csv
335
- vendor,safeguard,response
336
- VendorName,5.1,"Response text..."
337
- ```
79
+ ## Usage Examples
338
80
 
339
- ### Text Format
340
- ```
341
- Vendor: VendorName - Safeguard: 5.1
342
- Response text here...
343
-
344
- Vendor: AnotherVendor - Safeguard: 6.3
345
- Another response...
81
+ ### MCP (Claude Code)
82
+ ```bash
83
+ claude-code "Use get_safeguard_details for safeguard 1.1"
84
+ claude-code "List all available CIS safeguards"
346
85
  ```
347
86
 
348
- ## 🚀 LLM-Driven Analysis Advantages
349
-
350
- Framework MCP v1.4.0's **Pure Data Provider architecture** empowers LLMs to perform sophisticated vendor capability analysis with unprecedented flexibility and intelligence.
351
-
352
- ### Key Benefits Over Hardcoded Analysis
353
-
354
- | Advantage | Description | LLM Capability |
355
- |-----------|-------------|----------------|
356
- | **Context Awareness** | Analysis considers industry, risk profile, and organizational needs | LLMs understand sector-specific requirements and compliance frameworks |
357
- | **Analytical Flexibility** | Apply custom methodologies and assessment criteria | Multiple analysis approaches: strict compliance, risk-based, comparative |
358
- | **Transparent Reasoning** | Complete visibility into analysis logic and evidence evaluation | LLMs explain their reasoning and provide detailed justifications |
359
- | **Adaptive Intelligence** | Dynamic assessment based on evolving requirements | LLMs can adjust analysis based on new information or changing priorities |
360
- | **Natural Language** | Complex analysis requests in plain English | No need for rigid tool parameters or predefined validation rules |
361
-
362
- ### Enhanced Analysis Capabilities
363
-
364
- **Multi-Dimensional Assessment**: LLMs can simultaneously evaluate:
365
- - Technical capability alignment with safeguard requirements
366
- - Deployment complexity and organizational fit
367
- - Risk mitigation effectiveness and compliance coverage
368
- - Integration potential with existing technology stacks
369
- - Cost-benefit analysis and implementation roadmaps
370
-
371
- **Advanced Analysis Patterns**:
372
- - **Comparative Vendor Evaluation**: Rank multiple solutions against specific criteria
373
- - **Gap Analysis**: Identify coverage gaps and recommend complementary tools
374
- - **Risk-Based Assessment**: Prioritize capability importance based on threat landscape
375
- - **Compliance Mapping**: Align vendor capabilities with regulatory requirements
376
- - **Implementation Planning**: Generate deployment strategies and success metrics
377
-
378
- ### Flexibility Examples
379
-
87
+ ### HTTP API
380
88
  ```bash
381
- # Custom compliance-focused analysis
382
- claude-code "Get safeguard 8.3 details. For PCI-DSS Level 1 compliance, assess Splunk Enterprise Security considering cardholder data environment requirements and provide implementation timeline recommendations."
383
-
384
- # Technology stack integration assessment
385
- claude-code "Get safeguard 16.1 details. We use Azure DevOps and GitHub. Analyze how SonarQube integrates with our pipeline for secure code analysis and recommend configuration best practices."
386
-
387
- # Risk-based prioritization
388
- claude-code "Get details for safeguards 13.1, 13.3, and 13.6. Our organization faces advanced persistent threats. Rank these network monitoring vendors by threat detection capability: 1) CrowdStrike Falcon 2) SentinelOne 3) Microsoft Defender for Endpoint."
89
+ curl http://localhost:8080/api/safeguards
90
+ curl http://localhost:8080/api/safeguards/1.1
91
+ curl http://localhost:8080/api/safeguards/5.1?include_examples=true
389
92
  ```
390
93
 
391
- ## 🎯 CIS Controls Coverage
94
+ ## The 5 Capability Roles
392
95
 
393
- **Complete CIS Controls v8.1 Framework Implementation**
394
- - **153 total safeguards** across all 18 controls
395
- - **Full framework coverage** from Controls 1-18
396
- - **Comprehensive vendor analysis** capability for all CIS safeguards
96
+ Each safeguard includes prompts for five assessment types:
397
97
 
398
- ### v1.4.0 Pure Data Provider Highlights
399
- - ✅ **Simplified Architecture** - Clean data provision without analysis complexity
400
- - **LLM-Powered Analysis** - Sophisticated, context-aware capability assessment
401
- - **Enhanced Flexibility** - Custom methodologies and unlimited analysis approaches
402
- - **Complete Framework** - All 18 Controls with 153 safeguards for comprehensive evaluation
403
- - **Transparent Reasoning** - Full visibility into analysis logic and evidence evaluation
98
+ | Role | Field | Use Case |
99
+ |------|-------|----------|
100
+ | **Full** | `systemPromptFull` | Vendor claims complete implementation |
101
+ | **Partial** | `systemPromptPartial` | Vendor provides limited features |
102
+ | **Facilitates** | `systemPromptFacilitates` | Tool enables others to implement |
103
+ | **Governance** | `systemPromptGovernance` | Policy/process/oversight capabilities |
104
+ | **Validates** | `systemPromptValidates` | Audit/evidence/reporting capabilities |
404
105
 
405
- ## 🛠️ Development
106
+ ## Cloud Deployment
406
107
 
407
- ### Build from Source
108
+ ### DigitalOcean App Services
408
109
  ```bash
409
- git clone https://github.com/therealcybermattlee/FrameworkMCP.git
410
- cd FrameworkMCP
411
- npm install
412
- npm run build
413
- ```
414
-
415
- ### Add New Safeguards
416
- Edit `src/core/safeguard-manager.ts` and add to the `initializeSafeguards()` method:
417
-
418
- ```typescript
419
- "X.Y": {
420
- id: "X.Y",
421
- title: "Safeguard Title",
422
- description: "Description...",
423
- implementationGroup: "IG1",
424
- governanceElements: [...], // Orange - MUST be met
425
- coreRequirements: [...], // Green - The "what"
426
- subTaxonomicalElements: [...], // Yellow - Sub-elements
427
- implementationSuggestions: [...], // Gray - Suggestions
428
- // ...
429
- }
110
+ doctl apps create .do/app.yaml
430
111
  ```
431
112
 
432
- ### Testing
113
+ ### Railway
433
114
  ```bash
434
- npm test
115
+ railway login && railway up
435
116
  ```
436
117
 
437
- ## 🤝 Contributing
438
-
439
- 1. Fork the repository
440
- 2. Create a feature branch (`git checkout -b feature/amazing-feature`)
441
- 3. Commit your changes (`git commit -m 'Add amazing feature'`)
442
- 4. Push to the branch (`git push origin feature/amazing-feature`)
443
- 5. Open a Pull Request
118
+ ### Render
119
+ - **Build**: `npm install && npm run build`
120
+ - **Start**: `npm run start:http`
121
+ - **Port**: 8080
444
122
 
445
- ### Guidelines
446
- - Follow the existing code style
447
- - Add tests for new features
448
- - Update documentation
449
- - Ensure all tests pass
123
+ ### Environment Variables
450
124
 
451
- ## 📖 Documentation
125
+ | Variable | Default | Description |
126
+ |----------|---------|-------------|
127
+ | `PORT` | 8080 | HTTP server port |
128
+ | `NODE_ENV` | development | Environment mode |
129
+ | `ALLOWED_ORIGINS` | localhost:3000 | CORS allowed origins (comma-separated) |
130
+ | `RATE_LIMIT_WINDOW_MS` | 60000 | Rate limit window (ms) |
131
+ | `RATE_LIMIT_MAX` | 100 | Max requests per window |
452
132
 
453
- - [Installation Guide](docs/installation.md)
454
- - [API Reference](docs/api-reference.md)
455
- - [CIS Safeguards Reference](docs/safeguards-reference.md)
456
- - [Example Usage](examples/example-usage.md)
457
- - **[Microsoft Copilot Integration Guide](COPILOT_INTEGRATION.md)** - Complete setup guide for custom connectors
458
- - [Deployment Guide](DEPLOYMENT_GUIDE.md) - Cloud deployment instructions
459
- - [OpenAPI Specification](swagger.json) - Complete API schema for integrations
133
+ ## CIS Controls Coverage
460
134
 
461
- ## 🐛 Troubleshooting
135
+ - **153 safeguards** across 18 controls
136
+ - **CIS Controls v8.1** framework
137
+ - **Color-coded elements**: Governance (orange), Core (green), Sub-elements (yellow), Suggestions (gray)
462
138
 
463
- ### Common Issues
139
+ ## Development
464
140
 
465
- **Permission denied:**
466
141
  ```bash
467
- chmod +x dist/index.js
142
+ npm run build # Compile TypeScript
143
+ npm run start:mcp # Run MCP server
144
+ npm run start:http # Run HTTP server
145
+ npm run dev # Build + run MCP
146
+ npm run dev:http # Build + run HTTP
468
147
  ```
469
148
 
470
- **Module not found:**
471
- ```bash
472
- npm install
473
- npm run build
474
- ```
475
-
476
- **MCP server not connecting:**
477
- - Check Claude Code MCP configuration
478
- - Verify file paths are absolute
479
- - Ensure Node.js version compatibility
480
-
481
- ## 📄 License
482
-
483
- This project is licensed under the Creative Commons Attribution 4.0 International License by Cyber RISE, Inc - see the [LICENSE](LICENSE) file for details.
484
-
485
- You are free to:
486
- - **Share** — copy and redistribute the material in any medium or format
487
- - **Adapt** — remix, transform, and build upon the material for any purpose, even commercially
488
-
489
- Under the following terms:
490
- - **Attribution** — You must give appropriate credit to Cyber RISE, Inc, provide a link to the license, and indicate if changes were made
491
-
492
- ## 🙏 Acknowledgments
493
-
494
- - **Center for Internet Security (CIS)** for the CIS Controls Framework
495
- - **Pax8** and community contributors for the CIS Controls visualizations
496
- - **Anthropic** for the Model Context Protocol and Claude Code
497
-
498
- ## 📞 Support
149
+ ## License
499
150
 
500
- - 📧 **Issues**: [GitHub Issues](https://github.com/therealcybermattlee/FrameworkMCP/issues)
501
- - 📖 **Documentation**: [Project Wiki](https://github.com/therealcybermattlee/FrameworkMCP/wiki)
502
- - 💬 **Discussions**: [GitHub Discussions](https://github.com/therealcybermattlee/FrameworkMCP/discussions)
503
- - 🐦 **Updates**: Follow [@cybermattlee](https://twitter.com/cybermattlee) for project updates
151
+ Creative Commons Attribution 4.0 International License - [Cyber RISE, Inc](https://cyberrise.org)
504
152
 
505
- ---
153
+ ## Support
506
154
 
507
- **Built with ❤️ for the cybersecurity community by [Matt Lee](https://github.com/therealcybermattlee)**
155
+ - [GitHub Issues](https://github.com/therealcybermattlee/FrameworkMCP/issues)
156
+ - [GitHub Discussions](https://github.com/therealcybermattlee/FrameworkMCP/discussions)
@@ -1 +1 @@
1
- {"version":3,"file":"safeguard-manager.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;IAC9C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAChE,OAAO,CAAC,kBAAkB,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAa;;IAQzB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAgBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,2BAA2B;IAmCnC;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAO7D;;OAEG;IACI,UAAU,IAAI,IAAI;IAKzB,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;CAw8N7B"}
1
+ {"version":3,"file":"safeguard-manager.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;IAC9C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAChE,OAAO,CAAC,kBAAkB,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAa;;IAQzB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAgBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,2BAA2B;IAmCnC;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAO7D;;OAEG;IACI,UAAU,IAAI,IAAI;IAKzB,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;CAsghB7B"}