framework-mcp 1.5.3 → 2.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/commands/speckit.analyze.md +184 -0
- package/.claude/commands/speckit.checklist.md +294 -0
- package/.claude/commands/speckit.clarify.md +181 -0
- package/.claude/commands/speckit.constitution.md +82 -0
- package/.claude/commands/speckit.implement.md +135 -0
- package/.claude/commands/speckit.plan.md +89 -0
- package/.claude/commands/speckit.specify.md +258 -0
- package/.claude/commands/speckit.tasks.md +137 -0
- package/.claude/commands/speckit.taskstoissues.md +30 -0
- package/.do/app.yaml +1 -1
- package/.github/dependabot.yml +15 -0
- package/.github/workflows/ci.yml +19 -1
- package/.specify/memory/constitution.md +50 -0
- package/.specify/scripts/bash/check-prerequisites.sh +166 -0
- package/.specify/scripts/bash/common.sh +156 -0
- package/.specify/scripts/bash/create-new-feature.sh +297 -0
- package/.specify/scripts/bash/setup-plan.sh +61 -0
- package/.specify/scripts/bash/update-agent-context.sh +799 -0
- package/.specify/templates/agent-file-template.md +28 -0
- package/.specify/templates/checklist-template.md +40 -0
- package/.specify/templates/plan-template.md +104 -0
- package/.specify/templates/spec-template.md +115 -0
- package/.specify/templates/tasks-template.md +251 -0
- package/README.md +84 -435
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +7295 -2700
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts +2 -0
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +95 -3
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +3 -3
- package/dist/shared/types.d.ts +85 -2
- package/dist/shared/types.d.ts.map +1 -1
- package/dist/shared/types.js +132 -1
- package/dist/shared/types.js.map +1 -1
- package/package.json +7 -4
- package/scripts/standardize-prompts.js +325 -0
- package/scripts/validate-capability-prompts.js +110 -0
- package/src/core/safeguard-manager.ts +12376 -2586
- package/src/interfaces/http/http-server.ts +109 -4
- package/src/interfaces/mcp/mcp-server.ts +3 -3
- package/src/shared/types.ts +268 -2
- package/swagger.json +56 -36
- package/CAPABILITY_TRANSFORMATION_SUMMARY.md +0 -158
- package/CIS_CONTROLS_IMPLEMENTATION_PLAN.md +0 -220
- package/COPILOT_INTEGRATION.md +0 -322
- package/DAYS_5_6_COMPLETION_SUMMARY.md +0 -178
- package/DEPLOYMENT_GUIDE.md +0 -334
- package/DEPLOYMENT_SUMMARY_v1.1.3.md +0 -211
- package/MCP_INTEGRATION_GUIDE.md +0 -285
- package/MIGRATION_GUIDE_v1.4.0.md +0 -190
- package/RELEASE_NOTES_v1.1.3.md +0 -321
- package/RELEASE_NOTES_v1.2.0.md +0 -396
- package/RELEASE_NOTES_v1.3.7.md +0 -275
- package/RELEASE_NOTES_v1.4.0.md +0 -178
- package/SAFEGUARDS_VERIFICATION_LOG.md +0 -157
- package/coordinator-bot-compact.txt +0 -33
- package/coordinator-bot-system-prompt.md +0 -192
- package/docs/installation.md +0 -71
- package/scripts/analyze-data-structure.cjs +0 -74
- package/scripts/clean-safeguards-data.cjs +0 -60
- package/scripts/comprehensive-validation.cjs +0 -176
- package/scripts/count-safeguards.cjs +0 -89
- package/scripts/format-safeguards-proper.cjs +0 -44
- package/scripts/validate-formatted-data.cjs +0 -88
- package/test_capability_integration.js +0 -73
- package/test_comprehensive_scenarios.js +0 -192
- package/test_enhanced_detection.js +0 -74
- package/test_integrated_validation.js +0 -112
- package/test_language_update.js +0 -101
- package/test_live_validation.json +0 -12
- package/test_performance_monitoring.js +0 -124
- package/test_runner_automated.js +0 -156
- package/test_suite_comprehensive.js +0 -218
package/RELEASE_NOTES_v1.4.0.md
DELETED
|
@@ -1,178 +0,0 @@
|
|
|
1
|
-
# Framework MCP v1.4.0 Release Notes
|
|
2
|
-
|
|
3
|
-
**"Pure Data Provider Architecture - Empowering LLMs with Authoritative CIS Controls Data"**
|
|
4
|
-
|
|
5
|
-
*Released: September 15, 2025*
|
|
6
|
-
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
## 🚀 Major Architectural Advancement
|
|
10
|
-
|
|
11
|
-
Framework MCP v1.4.0 represents a **fundamental architectural transformation** from complex vendor analysis to **Pure Data Provider architecture**. This release empowers LLMs with **authoritative CIS Controls v8.1 data** while maximizing analytical flexibility and simplicity.
|
|
12
|
-
|
|
13
|
-
## ✨ What's New
|
|
14
|
-
|
|
15
|
-
### 🏗️ Pure Data Provider Architecture
|
|
16
|
-
- **Dramatically simplified codebase**: Removed 500+ lines of complex vendor analysis logic
|
|
17
|
-
- **Clean 2-tool architecture**: Focus on authoritative data provision, not analysis
|
|
18
|
-
- **Enhanced LLM integration**: Maximum flexibility for sophisticated analysis approaches
|
|
19
|
-
- **Maintained data authenticity**: Complete CIS Controls v8.1 dataset (153 safeguards) preserved
|
|
20
|
-
|
|
21
|
-
### 🔧 Simplified Tool Interface
|
|
22
|
-
- **`get_safeguard_details`**: Rich, comprehensive safeguard data with full context
|
|
23
|
-
- **`list_available_safeguards`**: Complete inventory of available CIS safeguards
|
|
24
|
-
- **Removed complexity**: Eliminated confusing `analyze_vendor_response` tool that constrained LLM capabilities
|
|
25
|
-
|
|
26
|
-
### 🧠 LLM Empowerment Benefits
|
|
27
|
-
- **Natural analysis workflow**: LLMs can perform vendor capability analysis using native reasoning
|
|
28
|
-
- **Context-rich data**: Each safeguard includes governance elements, core requirements, sub-taxonomical elements
|
|
29
|
-
- **Flexible approaches**: Support for any analysis methodology or framework
|
|
30
|
-
- **Sophisticated reasoning**: Enable complex, multi-step analysis without tool constraints
|
|
31
|
-
|
|
32
|
-
### 🔗 Enhanced Microsoft Copilot Integration
|
|
33
|
-
- **Updated custom connector**: Optimized swagger.json for Copilot workflows
|
|
34
|
-
- **Data-focused endpoints**: Clean API structure for seamless integration
|
|
35
|
-
- **Production-ready**: DigitalOcean App Services deployment support
|
|
36
|
-
- **Developer-friendly**: Comprehensive examples and documentation
|
|
37
|
-
|
|
38
|
-
## 🛠️ Technical Improvements
|
|
39
|
-
|
|
40
|
-
### Performance & Reliability
|
|
41
|
-
- **Optimized caching**: Intelligent safeguard data caching for faster response times
|
|
42
|
-
- **Reduced complexity**: Simplified codebase for better maintainability
|
|
43
|
-
- **Error handling**: Robust error management and graceful degradation
|
|
44
|
-
- **Type safety**: Strict TypeScript implementation throughout
|
|
45
|
-
|
|
46
|
-
### Developer Experience
|
|
47
|
-
- **Cleaner API**: Simplified endpoint structure
|
|
48
|
-
- **Better documentation**: Updated examples and integration guides
|
|
49
|
-
- **Migration support**: Clear migration path from v1.3.x
|
|
50
|
-
- **Testing coverage**: Comprehensive validation suite
|
|
51
|
-
|
|
52
|
-
## 📋 Complete Feature Matrix
|
|
53
|
-
|
|
54
|
-
| Feature | v1.3.7 | v1.4.0 | Status |
|
|
55
|
-
|---------|---------|---------|---------|
|
|
56
|
-
| **Core Functionality** | | | |
|
|
57
|
-
| CIS Controls v8.1 Data | ✅ (153 safeguards) | ✅ (153 safeguards) | **Preserved** |
|
|
58
|
-
| MCP Server Interface | ✅ | ✅ | **Enhanced** |
|
|
59
|
-
| HTTP API Server | ✅ | ✅ | **Simplified** |
|
|
60
|
-
| **Tool Interface** | | | |
|
|
61
|
-
| get_safeguard_details | ✅ | ✅ | **Enhanced with richer context** |
|
|
62
|
-
| list_available_safeguards | ✅ | ✅ | **Maintained** |
|
|
63
|
-
| analyze_vendor_response | ✅ | ❌ | **Removed** - LLMs handle analysis natively |
|
|
64
|
-
| **Integration Support** | | | |
|
|
65
|
-
| Microsoft Copilot | ✅ | ✅ | **Improved with updated connector** |
|
|
66
|
-
| DigitalOcean Deployment | ✅ | ✅ | **Maintained** |
|
|
67
|
-
| Local Development | ✅ | ✅ | **Simplified** |
|
|
68
|
-
|
|
69
|
-
## 🔄 Migration Guide
|
|
70
|
-
|
|
71
|
-
### From v1.3.x to v1.4.0
|
|
72
|
-
|
|
73
|
-
#### **Breaking Changes**
|
|
74
|
-
- **`analyze_vendor_response` tool removed**: LLMs now perform analysis using native reasoning with `get_safeguard_details` data
|
|
75
|
-
- **Simplified API**: Vendor analysis endpoints removed from HTTP API
|
|
76
|
-
|
|
77
|
-
#### **Migration Steps**
|
|
78
|
-
|
|
79
|
-
1. **Update Dependencies**
|
|
80
|
-
```bash
|
|
81
|
-
npm update framework-mcp
|
|
82
|
-
```
|
|
83
|
-
|
|
84
|
-
2. **Modify Analysis Workflows**
|
|
85
|
-
```javascript
|
|
86
|
-
// OLD v1.3.x approach
|
|
87
|
-
await mcp.call("analyze_vendor_response", {
|
|
88
|
-
vendor_name: "Example Corp",
|
|
89
|
-
safeguard_id: "1.1",
|
|
90
|
-
vendor_response: "We provide asset management..."
|
|
91
|
-
});
|
|
92
|
-
|
|
93
|
-
// NEW v1.4.0 approach - Let LLM analyze with full context
|
|
94
|
-
const safeguard = await mcp.call("get_safeguard_details", {
|
|
95
|
-
safeguard_id: "1.1",
|
|
96
|
-
include_examples: true
|
|
97
|
-
});
|
|
98
|
-
|
|
99
|
-
// LLM then analyzes vendor response against safeguard data
|
|
100
|
-
// Using natural reasoning and sophisticated analysis approaches
|
|
101
|
-
```
|
|
102
|
-
|
|
103
|
-
3. **Update Microsoft Copilot Connectors**
|
|
104
|
-
- Import updated `swagger.json`
|
|
105
|
-
- Remove vendor analysis action references
|
|
106
|
-
- Focus on data retrieval and LLM-driven analysis
|
|
107
|
-
|
|
108
|
-
#### **Benefits of Migration**
|
|
109
|
-
- **Increased flexibility**: LLMs can use any analysis methodology
|
|
110
|
-
- **Better accuracy**: Access to complete safeguard context
|
|
111
|
-
- **Reduced complexity**: Simpler tool interface
|
|
112
|
-
- **Enhanced reasoning**: Natural language analysis capabilities
|
|
113
|
-
|
|
114
|
-
## 🏆 Success Criteria Achieved
|
|
115
|
-
|
|
116
|
-
✅ **Dramatically simplified codebase** (~500+ lines removed)
|
|
117
|
-
✅ **Clean 2-tool architecture** focused on data provision
|
|
118
|
-
✅ **Maintained authentic CIS Controls data integrity**
|
|
119
|
-
✅ **Enhanced LLM integration capabilities**
|
|
120
|
-
✅ **Comprehensive migration documentation**
|
|
121
|
-
✅ **Updated integration guides for all platforms**
|
|
122
|
-
|
|
123
|
-
## 🔮 Strategic Vision
|
|
124
|
-
|
|
125
|
-
**"Data Authenticity + LLM Intelligence = Superior Analysis"**
|
|
126
|
-
|
|
127
|
-
Framework MCP v1.4.0 positions the project as the **authoritative source for CIS Controls data** while unleashing the full analytical power of modern LLMs. This architecture:
|
|
128
|
-
|
|
129
|
-
- **Preserves authenticity**: Official CIS Controls v8.1 data integrity maintained
|
|
130
|
-
- **Maximizes intelligence**: LLMs apply sophisticated reasoning without constraints
|
|
131
|
-
- **Ensures scalability**: Simple, clean architecture supports future enhancements
|
|
132
|
-
- **Enables innovation**: Foundation for advanced analysis methodologies
|
|
133
|
-
|
|
134
|
-
## 🚀 Getting Started
|
|
135
|
-
|
|
136
|
-
### Quick Installation
|
|
137
|
-
```bash
|
|
138
|
-
npm install framework-mcp@1.4.0
|
|
139
|
-
```
|
|
140
|
-
|
|
141
|
-
### MCP Server Usage
|
|
142
|
-
```javascript
|
|
143
|
-
import { FrameworkMcpServer } from 'framework-mcp';
|
|
144
|
-
|
|
145
|
-
const server = new FrameworkMcpServer();
|
|
146
|
-
server.run();
|
|
147
|
-
```
|
|
148
|
-
|
|
149
|
-
### HTTP API Usage
|
|
150
|
-
```javascript
|
|
151
|
-
import { FrameworkHttpServer } from 'framework-mcp';
|
|
152
|
-
|
|
153
|
-
const server = new FrameworkHttpServer(8080);
|
|
154
|
-
server.start();
|
|
155
|
-
```
|
|
156
|
-
|
|
157
|
-
### Microsoft Copilot Integration
|
|
158
|
-
1. Import updated `swagger.json` as custom connector
|
|
159
|
-
2. Use data endpoints to retrieve safeguard information
|
|
160
|
-
3. Let Copilot analyze vendor responses against CIS Controls
|
|
161
|
-
|
|
162
|
-
## 🔗 Resources
|
|
163
|
-
|
|
164
|
-
- **Repository**: https://github.com/therealcybermattlee/FrameworkMCP
|
|
165
|
-
- **Documentation**: See `/docs` directory for comprehensive guides
|
|
166
|
-
- **Migration Guide**: Complete transition documentation included
|
|
167
|
-
- **Examples**: Updated integration examples for all platforms
|
|
168
|
-
- **Support**: GitHub Issues for questions and feedback
|
|
169
|
-
|
|
170
|
-
## 🙏 Acknowledgments
|
|
171
|
-
|
|
172
|
-
This release represents the culmination of extensive architectural evaluation and the recognition that **LLMs perform better analysis when given rich data rather than constrained tools**. We thank the community for feedback that led to this important architectural evolution.
|
|
173
|
-
|
|
174
|
-
---
|
|
175
|
-
|
|
176
|
-
**Framework MCP v1.4.0: Where Data Authenticity Meets LLM Intelligence** 🚀
|
|
177
|
-
|
|
178
|
-
*For support and questions, please visit our [GitHub repository](https://github.com/therealcybermattlee/FrameworkMCP).*
|
|
@@ -1,157 +0,0 @@
|
|
|
1
|
-
# Safeguards Data Verification Log - Sprint 2
|
|
2
|
-
|
|
3
|
-
## MISSION: Verify all 153 safeguards contain ONLY exact elements from CIS Controls PDFs
|
|
4
|
-
|
|
5
|
-
### EXTRACTION RULES:
|
|
6
|
-
- 🟠 Orange Elements → Governance requirements (MUST be met)
|
|
7
|
-
- 🟢 Green Elements → Core "what" requirements
|
|
8
|
-
- 🟡 Yellow Elements → Sub-taxonomical components
|
|
9
|
-
- ⚫ Gray Elements → Implementation suggestions/methods
|
|
10
|
-
- **ABSOLUTELY NO AI-generated additions, interpretations, or expansions**
|
|
11
|
-
- **ONLY extract text exactly as it appears in colored sections**
|
|
12
|
-
|
|
13
|
-
---
|
|
14
|
-
|
|
15
|
-
## VERIFICATION STATUS
|
|
16
|
-
|
|
17
|
-
### CONTROL 1: Inventory and Control of Enterprise Assets
|
|
18
|
-
|
|
19
|
-
#### ✅ Safeguard 1.1: Establish and Maintain a Detailed Enterprise Asset Inventory
|
|
20
|
-
|
|
21
|
-
**PDF Review Date:** 2025-08-21
|
|
22
|
-
|
|
23
|
-
**🟠 Orange Elements (Governance) - FROM PDF:**
|
|
24
|
-
- "Establish"
|
|
25
|
-
- "Maintain"
|
|
26
|
-
- "Enterprise Asset Management Policy / Process"
|
|
27
|
-
- "Review and update the inventory of all enterprise assets bi-annually, or more frequently"
|
|
28
|
-
|
|
29
|
-
**CURRENT CODE (Governance Elements):**
|
|
30
|
-
```
|
|
31
|
-
"establish inventory process",
|
|
32
|
-
"maintain inventory process",
|
|
33
|
-
"documented process",
|
|
34
|
-
"review and update bi-annually",
|
|
35
|
-
"enterprise asset management policy"
|
|
36
|
-
```
|
|
37
|
-
|
|
38
|
-
**❌ ISSUES FOUND:**
|
|
39
|
-
1. "documented process" - NOT found in PDF orange elements
|
|
40
|
-
2. Missing "or more frequently" from the bi-annual requirement
|
|
41
|
-
3. Elements are paraphrased rather than exact text
|
|
42
|
-
|
|
43
|
-
**🟢 Green Elements (Core Requirements) - FROM PDF:**
|
|
44
|
-
- "accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data"
|
|
45
|
-
- Individual green boxes: "Detailed", "Accurate", "Potential to store or process data"
|
|
46
|
-
|
|
47
|
-
**CURRENT CODE (Core Requirements):**
|
|
48
|
-
```
|
|
49
|
-
"accurate inventory",
|
|
50
|
-
"detailed inventory",
|
|
51
|
-
"up-to-date inventory",
|
|
52
|
-
"all enterprise assets",
|
|
53
|
-
"potential to store or process data"
|
|
54
|
-
```
|
|
55
|
-
|
|
56
|
-
**❌ ISSUES FOUND:**
|
|
57
|
-
1. Elements are broken down artificially - should be the complete phrase from the safeguard description
|
|
58
|
-
2. Missing "up-to-date" as a standalone element from the PDF
|
|
59
|
-
|
|
60
|
-
**🟡 Yellow Elements (Sub-taxonomical) - FROM PDF:**
|
|
61
|
-
From yellow hexagons and boxes:
|
|
62
|
-
- "Network Address (IF STATIC)"
|
|
63
|
-
- "Hardware Address"
|
|
64
|
-
- "Machine Name"
|
|
65
|
-
- "Enterprise asset owner"
|
|
66
|
-
- "Department for each asset"
|
|
67
|
-
- "Asset has been approved to connect to the network"
|
|
68
|
-
- "End-User Devices" → "Mobile", "Portable"
|
|
69
|
-
- "Network Devices"
|
|
70
|
-
- "IOT Devices"
|
|
71
|
-
- "Servers"
|
|
72
|
-
- "Connected to Infrastructure" → "Physically", "Virtually", "Remotely"
|
|
73
|
-
- "Those within cloud environments"
|
|
74
|
-
- "Regularly Connected Devices - NOT Under Control of Enterprise"
|
|
75
|
-
|
|
76
|
-
**CURRENT CODE (Sub-taxonomical Elements):**
|
|
77
|
-
```
|
|
78
|
-
"network address (if static)",
|
|
79
|
-
"hardware address",
|
|
80
|
-
"machine name",
|
|
81
|
-
"enterprise asset owner",
|
|
82
|
-
"department for each asset",
|
|
83
|
-
"approved to connect to network",
|
|
84
|
-
"end-user devices (portable and mobile)",
|
|
85
|
-
"network devices",
|
|
86
|
-
"non-computing/IoT devices",
|
|
87
|
-
"servers",
|
|
88
|
-
"physical connection",
|
|
89
|
-
"virtual connection",
|
|
90
|
-
"remote connection",
|
|
91
|
-
"cloud environments",
|
|
92
|
-
"regularly connected devices not under enterprise control"
|
|
93
|
-
```
|
|
94
|
-
|
|
95
|
-
**❌ ISSUES FOUND:**
|
|
96
|
-
1. "non-computing/IoT devices" should be "IOT Devices" (exact from PDF)
|
|
97
|
-
2. "approved to connect to network" missing "Asset has been" prefix
|
|
98
|
-
3. Connection types are paraphrased ("physical connection" vs "Physically")
|
|
99
|
-
4. "cloud environments" should be "Those within cloud environments"
|
|
100
|
-
|
|
101
|
-
**⚫ Gray Elements (Implementation Suggestions) - FROM PDF:**
|
|
102
|
-
- "For mobile end-user devices, MDM type tools can support this process, where appropriate"
|
|
103
|
-
|
|
104
|
-
**CURRENT CODE (Implementation Suggestions):**
|
|
105
|
-
```
|
|
106
|
-
"MDM type tools for mobile devices",
|
|
107
|
-
"enterprise and software asset management tool",
|
|
108
|
-
"asset discovery tools",
|
|
109
|
-
"DHCP logging",
|
|
110
|
-
"passive discovery tools"
|
|
111
|
-
```
|
|
112
|
-
|
|
113
|
-
**❌ ISSUES FOUND:**
|
|
114
|
-
1. Only includes partial text from the gray element - missing complete context
|
|
115
|
-
2. Added multiple items not found in PDF gray sections for this safeguard
|
|
116
|
-
3. Should only include the exact gray text from PDF
|
|
117
|
-
|
|
118
|
-
---
|
|
119
|
-
|
|
120
|
-
#### ✅ Safeguard 1.2: Address Unauthorized Assets
|
|
121
|
-
**CORRECTED:** Updated to exact PDF elements only
|
|
122
|
-
- Orange: "Ensure that a process exists to address unauthorized assets on a weekly basis"
|
|
123
|
-
- Green: "Address Unauthorized Assets"
|
|
124
|
-
- Yellow: "On a weekly basis"
|
|
125
|
-
- Gray: "The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset"
|
|
126
|
-
|
|
127
|
-
#### ✅ Safeguard 1.3: Utilize an Active Discovery Tool
|
|
128
|
-
**CORRECTED:** Updated to exact PDF elements only
|
|
129
|
-
- Orange: Two exact phrases from PDF text
|
|
130
|
-
- Green: "Active discovery tool", "Identify Assets Connected To Network"
|
|
131
|
-
- Yellow: "Utilize", "Configure", "Execute daily", "Execute daily, or more frequently"
|
|
132
|
-
- Gray: Empty (no gray text identified in PDF)
|
|
133
|
-
|
|
134
|
-
#### ✅ Safeguard 1.4: Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory
|
|
135
|
-
**CORRECTED:** Updated to exact PDF elements only
|
|
136
|
-
- Orange: Two complete sentences from PDF
|
|
137
|
-
- Green: "DHCP Logging on all DHCP servers", "IPAM", "Update asset inventory"
|
|
138
|
-
- Yellow: "Use", "Review and Use Logs", "Update asset inventory", "Weekly", "More Frequently"
|
|
139
|
-
- Gray: Empty (no gray text identified in PDF)
|
|
140
|
-
|
|
141
|
-
#### ✅ Safeguard 1.5: Use a Passive Asset Discovery Tool
|
|
142
|
-
**CORRECTED:** Updated to exact PDF elements only
|
|
143
|
-
- Orange: Two complete sentences from PDF
|
|
144
|
-
- Green: "Passive Discovery Tool", "Identify Assets Connected To Network", "Update asset inventory"
|
|
145
|
-
- Yellow: "Use", "Review and Use scans", "Update asset inventory", "Weekly", "More Frequently"
|
|
146
|
-
- Gray: Empty (no gray text identified in PDF)
|
|
147
|
-
|
|
148
|
-
---
|
|
149
|
-
|
|
150
|
-
## CONTROL 1 SUMMARY: ✅ COMPLETE
|
|
151
|
-
- **Status:** All 5 safeguards verified and corrected
|
|
152
|
-
- **Issues Identified:** Significant AI-generated content in all safeguards
|
|
153
|
-
- **Resolution:** Replaced with exact PDF text only
|
|
154
|
-
- **Verification Method:** Direct comparison with color-coded elements in CIS Control 1 PDF
|
|
155
|
-
|
|
156
|
-
## NEXT STEPS:
|
|
157
|
-
Continue with Control 2 safeguards verification...
|
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
You are the CIS Controls Framework Coordinator Bot. Your job is to:
|
|
2
|
-
|
|
3
|
-
1. Query Framework MCP API for safeguard details: GET /api/safeguards/{safeguardId}
|
|
4
|
-
2. Classify vendor solutions using the 5-tier capability framework
|
|
5
|
-
3. Route to specialized assessment agents
|
|
6
|
-
|
|
7
|
-
## Capability Classifications:
|
|
8
|
-
|
|
9
|
-
**FULL** = Complete implementation of all core safeguard functionality
|
|
10
|
-
**PARTIAL** = Limited implementation missing key elements
|
|
11
|
-
**FACILITATES** = Enhances/enables safeguard implementation by others
|
|
12
|
-
**GOVERNANCE** = Policy, process, and oversight capabilities
|
|
13
|
-
**VALIDATES** = Evidence collection, audit, and compliance reporting
|
|
14
|
-
|
|
15
|
-
## Process:
|
|
16
|
-
1. Extract systemPrompt from API response
|
|
17
|
-
2. Analyze vendor solution against safeguard requirements
|
|
18
|
-
3. Classify capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES)
|
|
19
|
-
4. Route to appropriate specialist agent:
|
|
20
|
-
- FULL → Full Implementation Assessment Agent
|
|
21
|
-
- PARTIAL → Gap Analysis Specialist Agent
|
|
22
|
-
- FACILITATES → Integration Capability Assessment Agent
|
|
23
|
-
- GOVERNANCE → Governance Framework Assessment Agent
|
|
24
|
-
- VALIDATES → Validation and Reporting Assessment Agent
|
|
25
|
-
|
|
26
|
-
## Agent Handoff:
|
|
27
|
-
Provide complete safeguard context, vendor details, systemPrompt role/guidelines, and expected output format to the selected specialist agent.
|
|
28
|
-
|
|
29
|
-
## Output Format:
|
|
30
|
-
- Capability Classification: {FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES}
|
|
31
|
-
- Confidence: {0-100}
|
|
32
|
-
- Routing: {SpecializedAgentName}
|
|
33
|
-
- Evidence: {key findings supporting classification}
|
|
@@ -1,192 +0,0 @@
|
|
|
1
|
-
# CIS Controls Framework Coordinator Bot System Prompt
|
|
2
|
-
|
|
3
|
-
## Role
|
|
4
|
-
You are the **CIS Controls Framework Coordinator Bot**, responsible for orchestrating vendor capability assessments against the CIS Controls Framework v8.1. Your primary function is to query the Framework MCP API for specific safeguards and route analysis to specialized safeguard-specific agents.
|
|
5
|
-
|
|
6
|
-
## Core Responsibilities
|
|
7
|
-
|
|
8
|
-
### 1. API Query Management
|
|
9
|
-
- Query the Framework MCP API at the specified endpoint for safeguard details
|
|
10
|
-
- Extract the complete safeguard information including:
|
|
11
|
-
- Core requirements (green elements)
|
|
12
|
-
- Governance elements (orange elements)
|
|
13
|
-
- Sub-taxonomical elements (yellow elements)
|
|
14
|
-
- Implementation suggestions (gray elements)
|
|
15
|
-
- **systemPrompt** field for agent routing
|
|
16
|
-
|
|
17
|
-
### 2. Capability Classification Expertise
|
|
18
|
-
You must understand and apply the **5-tier CIS Controls capability framework**:
|
|
19
|
-
|
|
20
|
-
#### **FULL** - Complete Implementation
|
|
21
|
-
- **Definition**: Vendor solution directly implements ALL core safeguard functionality
|
|
22
|
-
- **Criteria**: Covers governance elements, core requirements, and most sub-taxonomical elements
|
|
23
|
-
- **Examples**: Complete asset inventory platform, comprehensive vulnerability management suite
|
|
24
|
-
- **Routing**: Send to specialized implementation assessment agent
|
|
25
|
-
|
|
26
|
-
#### **PARTIAL** - Limited Implementation
|
|
27
|
-
- **Definition**: Vendor solution implements specific aspects of the safeguard but lacks complete coverage
|
|
28
|
-
- **Criteria**: Addresses some core requirements but missing key governance or sub-taxonomical elements
|
|
29
|
-
- **Examples**: Basic asset discovery without lifecycle management, MFA without policy enforcement
|
|
30
|
-
- **Routing**: Send to gap analysis specialist agent
|
|
31
|
-
|
|
32
|
-
#### **FACILITATES** - Enhancement/Enablement
|
|
33
|
-
- **Definition**: Vendor solution enhances or enables safeguard implementation by other tools
|
|
34
|
-
- **Criteria**: Provides supporting capabilities that help others implement the safeguard
|
|
35
|
-
- **Examples**: Identity providers for MFA, SIEM for audit log analysis, APIs for integration
|
|
36
|
-
- **Routing**: Send to integration capability assessment agent
|
|
37
|
-
|
|
38
|
-
#### **GOVERNANCE** - Policy/Process/Oversight
|
|
39
|
-
- **Definition**: Vendor solution provides policy management, process workflows, and oversight capabilities
|
|
40
|
-
- **Criteria**: Focuses on governance elements, compliance reporting, policy enforcement
|
|
41
|
-
- **Examples**: GRC platforms, policy management systems, compliance dashboards
|
|
42
|
-
- **Routing**: Send to governance framework assessment agent
|
|
43
|
-
|
|
44
|
-
#### **VALIDATES** - Evidence/Audit/Reporting
|
|
45
|
-
- **Definition**: Vendor solution provides evidence collection, audit capabilities, and validation reporting
|
|
46
|
-
- **Criteria**: Focuses on proving safeguard implementation, compliance measurement, audit trails
|
|
47
|
-
- **Examples**: Compliance assessment tools, audit reporting platforms, evidence collection systems
|
|
48
|
-
- **Routing**: Send to validation and reporting assessment agent
|
|
49
|
-
|
|
50
|
-
### 3. Agent Routing Logic
|
|
51
|
-
|
|
52
|
-
#### Step 1: Safeguard Analysis
|
|
53
|
-
1. Query Framework MCP API: `GET /api/safeguards/{safeguardId}`
|
|
54
|
-
2. Extract systemPrompt from response
|
|
55
|
-
3. Parse vendor solution description from user input
|
|
56
|
-
4. Identify primary capability type using the systemPrompt guidelines
|
|
57
|
-
|
|
58
|
-
#### Step 2: Specialized Agent Selection
|
|
59
|
-
Based on capability classification, route to appropriate agent:
|
|
60
|
-
|
|
61
|
-
```
|
|
62
|
-
IF capability = "FULL":
|
|
63
|
-
→ Route to: Full Implementation Assessment Agent
|
|
64
|
-
→ systemPrompt.role: Use exact role from API response
|
|
65
|
-
→ Context: Complete safeguard evaluation
|
|
66
|
-
|
|
67
|
-
IF capability = "PARTIAL":
|
|
68
|
-
→ Route to: Gap Analysis Specialist Agent
|
|
69
|
-
→ Focus: Identify missing elements and implementation gaps
|
|
70
|
-
→ Context: Partial implementation assessment
|
|
71
|
-
|
|
72
|
-
IF capability = "FACILITATES":
|
|
73
|
-
→ Route to: Integration Capability Assessment Agent
|
|
74
|
-
→ Focus: Evaluate enablement and enhancement capabilities
|
|
75
|
-
→ Context: Supporting tool evaluation
|
|
76
|
-
|
|
77
|
-
IF capability = "GOVERNANCE":
|
|
78
|
-
→ Route to: Governance Framework Assessment Agent
|
|
79
|
-
→ Focus: Policy, process, and oversight capabilities
|
|
80
|
-
→ Context: GRC implementation evaluation
|
|
81
|
-
|
|
82
|
-
IF capability = "VALIDATES":
|
|
83
|
-
→ Route to: Validation and Reporting Assessment Agent
|
|
84
|
-
→ Focus: Evidence, audit, and compliance reporting
|
|
85
|
-
→ Context: Validation tool evaluation
|
|
86
|
-
```
|
|
87
|
-
|
|
88
|
-
#### Step 3: Agent Handoff Package
|
|
89
|
-
Provide the selected agent with:
|
|
90
|
-
|
|
91
|
-
1. **Complete Safeguard Context**:
|
|
92
|
-
- Full API response from Framework MCP
|
|
93
|
-
- systemPrompt with role, context, objective, guidelines, outputFormat
|
|
94
|
-
- Safeguard ID, title, implementation group
|
|
95
|
-
|
|
96
|
-
2. **Vendor Solution Details**:
|
|
97
|
-
- Vendor name and solution description
|
|
98
|
-
- User-provided context and requirements
|
|
99
|
-
- Specific evaluation focus areas
|
|
100
|
-
|
|
101
|
-
3. **Assessment Framework**:
|
|
102
|
-
- Expected output format from systemPrompt.outputFormat
|
|
103
|
-
- Confidence scoring requirements (0-100)
|
|
104
|
-
- Evidence requirement specifications
|
|
105
|
-
- Gap identification needs (if applicable)
|
|
106
|
-
|
|
107
|
-
### 4. Quality Control Standards
|
|
108
|
-
|
|
109
|
-
#### Pre-Routing Validation
|
|
110
|
-
- ✅ Verify safeguard ID exists (1.1 - 18.5 format)
|
|
111
|
-
- ✅ Confirm API response includes systemPrompt field
|
|
112
|
-
- ✅ Validate vendor solution description contains sufficient detail
|
|
113
|
-
- ✅ Check that capability classification is defensible
|
|
114
|
-
|
|
115
|
-
#### Agent Briefing Requirements
|
|
116
|
-
- 📋 Provide complete CIS Controls context
|
|
117
|
-
- 📋 Include specific evaluation guidelines from systemPrompt
|
|
118
|
-
- 📋 Specify expected output format exactly
|
|
119
|
-
- 📋 Define confidence and evidence requirements
|
|
120
|
-
|
|
121
|
-
#### Error Handling
|
|
122
|
-
- 🚫 Invalid safeguard ID → Request clarification
|
|
123
|
-
- 🚫 API unavailable → Notify user and suggest retry
|
|
124
|
-
- 🚫 Insufficient vendor details → Request more information
|
|
125
|
-
- 🚫 Ambiguous capability classification → Ask clarifying questions
|
|
126
|
-
|
|
127
|
-
### 5. Communication Protocols
|
|
128
|
-
|
|
129
|
-
#### User Interaction Format
|
|
130
|
-
```
|
|
131
|
-
🎯 **Safeguard Analysis Request Received**
|
|
132
|
-
- Safeguard: {safeguardId} - {title}
|
|
133
|
-
- Vendor: {vendorName}
|
|
134
|
-
- Solution: {solutionDescription}
|
|
135
|
-
|
|
136
|
-
🔍 **Querying Framework MCP API...**
|
|
137
|
-
[API query status]
|
|
138
|
-
|
|
139
|
-
📊 **Capability Assessment**
|
|
140
|
-
- Primary Classification: {FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES}
|
|
141
|
-
- Routing Decision: {SpecializedAgentName}
|
|
142
|
-
|
|
143
|
-
🤝 **Handing off to Specialized Agent**
|
|
144
|
-
[Agent briefing summary]
|
|
145
|
-
```
|
|
146
|
-
|
|
147
|
-
#### Agent Handoff Format
|
|
148
|
-
```
|
|
149
|
-
SPECIALIZED AGENT BRIEFING
|
|
150
|
-
==========================
|
|
151
|
-
|
|
152
|
-
SAFEGUARD CONTEXT:
|
|
153
|
-
- ID: {safeguardId}
|
|
154
|
-
- Title: {safeguardTitle}
|
|
155
|
-
- Implementation Group: {IG1/IG2/IG3}
|
|
156
|
-
- systemPrompt Role: {expertRole}
|
|
157
|
-
|
|
158
|
-
VENDOR SOLUTION:
|
|
159
|
-
- Name: {vendorName}
|
|
160
|
-
- Description: {solutionDescription}
|
|
161
|
-
- Assessment Focus: {capabilityType}
|
|
162
|
-
|
|
163
|
-
EVALUATION FRAMEWORK:
|
|
164
|
-
{Complete systemPrompt content}
|
|
165
|
-
|
|
166
|
-
EXPECTED OUTPUT:
|
|
167
|
-
{systemPrompt.outputFormat requirements}
|
|
168
|
-
```
|
|
169
|
-
|
|
170
|
-
## Example Workflow
|
|
171
|
-
|
|
172
|
-
**User Input**: "Assess Microsoft Defender for Endpoint against CIS safeguard 1.1"
|
|
173
|
-
|
|
174
|
-
**Coordinator Response**:
|
|
175
|
-
1. Query API for safeguard 1.1 details
|
|
176
|
-
2. Extract systemPrompt showing asset_inventory_expert role
|
|
177
|
-
3. Analyze Microsoft Defender for Endpoint capabilities
|
|
178
|
-
4. Classify as "PARTIAL" (asset visibility without complete inventory lifecycle)
|
|
179
|
-
5. Route to Gap Analysis Specialist Agent
|
|
180
|
-
6. Provide agent with complete briefing package
|
|
181
|
-
7. Monitor specialist assessment and provide final summary
|
|
182
|
-
|
|
183
|
-
## Success Metrics
|
|
184
|
-
- ✅ 100% accurate safeguard data retrieval
|
|
185
|
-
- ✅ Correct capability classification >95%
|
|
186
|
-
- ✅ Appropriate agent routing decisions
|
|
187
|
-
- ✅ Complete context handoffs
|
|
188
|
-
- ✅ Structured, actionable assessment outputs
|
|
189
|
-
|
|
190
|
-
---
|
|
191
|
-
|
|
192
|
-
**Framework MCP API Integration**: This coordinator relies on the Framework MCP v1.5.1+ API with systemPrompt functionality for all safeguard details and routing decisions.
|
package/docs/installation.md
DELETED
|
@@ -1,71 +0,0 @@
|
|
|
1
|
-
# Installation Guide
|
|
2
|
-
|
|
3
|
-
## System Requirements
|
|
4
|
-
|
|
5
|
-
- Node.js 18.0 or higher
|
|
6
|
-
- npm 8.0 or higher
|
|
7
|
-
- Claude Code CLI tool
|
|
8
|
-
|
|
9
|
-
## Installation Methods
|
|
10
|
-
|
|
11
|
-
### Method 1: npm Global Install
|
|
12
|
-
|
|
13
|
-
```bash
|
|
14
|
-
npm install -g framework-mcp
|
|
15
|
-
```
|
|
16
|
-
|
|
17
|
-
### Method 2: Local Development Install
|
|
18
|
-
|
|
19
|
-
```bash
|
|
20
|
-
git clone https://github.com/therealcybermattlee/FrameworkMCP.git
|
|
21
|
-
cd FrameworkMCP
|
|
22
|
-
npm install
|
|
23
|
-
npm run build
|
|
24
|
-
```
|
|
25
|
-
|
|
26
|
-
## Configuration
|
|
27
|
-
|
|
28
|
-
### Claude Code MCP Setup
|
|
29
|
-
|
|
30
|
-
1. Locate your Claude Code MCP configuration file:
|
|
31
|
-
- macOS/Linux: `~/.config/claude-code/mcp.json`
|
|
32
|
-
- Windows: `%APPDATA%\claude-code\mcp.json`
|
|
33
|
-
|
|
34
|
-
2. Add the Framework MCP server:
|
|
35
|
-
|
|
36
|
-
```json
|
|
37
|
-
{
|
|
38
|
-
"mcpServers": {
|
|
39
|
-
"framework-analyzer": {
|
|
40
|
-
"command": "node",
|
|
41
|
-
"args": ["/absolute/path/to/FrameworkMCP/dist/index.js"],
|
|
42
|
-
"env": {}
|
|
43
|
-
}
|
|
44
|
-
}
|
|
45
|
-
}
|
|
46
|
-
```
|
|
47
|
-
|
|
48
|
-
3. Restart Claude Code
|
|
49
|
-
|
|
50
|
-
### Verification
|
|
51
|
-
|
|
52
|
-
```bash
|
|
53
|
-
claude-code "List available CIS Control safeguards"
|
|
54
|
-
```
|
|
55
|
-
|
|
56
|
-
Expected output should include available safeguards like 1.1, 5.1, 6.3, etc.
|
|
57
|
-
|
|
58
|
-
## Troubleshooting
|
|
59
|
-
|
|
60
|
-
### Permission Issues
|
|
61
|
-
```bash
|
|
62
|
-
chmod +x dist/index.js
|
|
63
|
-
```
|
|
64
|
-
|
|
65
|
-
### Path Issues
|
|
66
|
-
Ensure you use absolute paths in the MCP configuration.
|
|
67
|
-
|
|
68
|
-
### Build Issues
|
|
69
|
-
```bash
|
|
70
|
-
npm run build
|
|
71
|
-
```
|