framework-mcp 1.5.3 → 2.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/commands/speckit.analyze.md +184 -0
- package/.claude/commands/speckit.checklist.md +294 -0
- package/.claude/commands/speckit.clarify.md +181 -0
- package/.claude/commands/speckit.constitution.md +82 -0
- package/.claude/commands/speckit.implement.md +135 -0
- package/.claude/commands/speckit.plan.md +89 -0
- package/.claude/commands/speckit.specify.md +258 -0
- package/.claude/commands/speckit.tasks.md +137 -0
- package/.claude/commands/speckit.taskstoissues.md +30 -0
- package/.do/app.yaml +1 -1
- package/.github/dependabot.yml +15 -0
- package/.github/workflows/ci.yml +31 -2
- package/.specify/memory/constitution.md +50 -0
- package/.specify/scripts/bash/check-prerequisites.sh +166 -0
- package/.specify/scripts/bash/common.sh +156 -0
- package/.specify/scripts/bash/create-new-feature.sh +297 -0
- package/.specify/scripts/bash/setup-plan.sh +61 -0
- package/.specify/scripts/bash/update-agent-context.sh +799 -0
- package/.specify/templates/agent-file-template.md +28 -0
- package/.specify/templates/checklist-template.md +40 -0
- package/.specify/templates/plan-template.md +104 -0
- package/.specify/templates/spec-template.md +115 -0
- package/.specify/templates/tasks-template.md +251 -0
- package/README.md +84 -435
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +7105 -2543
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts +2 -0
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +95 -3
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +3 -3
- package/dist/shared/types.d.ts +85 -2
- package/dist/shared/types.d.ts.map +1 -1
- package/dist/shared/types.js +132 -1
- package/dist/shared/types.js.map +1 -1
- package/package.json +7 -4
- package/scripts/standardize-prompts.js +325 -0
- package/scripts/validate-capability-prompts.js +110 -0
- package/src/core/safeguard-manager.ts +12387 -2630
- package/src/interfaces/http/http-server.ts +109 -4
- package/src/interfaces/mcp/mcp-server.ts +3 -3
- package/src/shared/types.ts +268 -2
- package/swagger.json +56 -36
- package/CAPABILITY_TRANSFORMATION_SUMMARY.md +0 -158
- package/CIS_CONTROLS_IMPLEMENTATION_PLAN.md +0 -220
- package/COPILOT_INTEGRATION.md +0 -322
- package/DAYS_5_6_COMPLETION_SUMMARY.md +0 -178
- package/DEPLOYMENT_GUIDE.md +0 -334
- package/DEPLOYMENT_SUMMARY_v1.1.3.md +0 -211
- package/MCP_INTEGRATION_GUIDE.md +0 -285
- package/MIGRATION_GUIDE_v1.4.0.md +0 -190
- package/RELEASE_NOTES_v1.1.3.md +0 -321
- package/RELEASE_NOTES_v1.2.0.md +0 -396
- package/RELEASE_NOTES_v1.3.7.md +0 -275
- package/RELEASE_NOTES_v1.4.0.md +0 -178
- package/SAFEGUARDS_VERIFICATION_LOG.md +0 -157
- package/coordinator-bot-compact.txt +0 -33
- package/coordinator-bot-system-prompt.md +0 -192
- package/docs/installation.md +0 -71
- package/scripts/analyze-data-structure.cjs +0 -74
- package/scripts/clean-safeguards-data.cjs +0 -60
- package/scripts/comprehensive-validation.cjs +0 -176
- package/scripts/count-safeguards.cjs +0 -89
- package/scripts/format-safeguards-proper.cjs +0 -44
- package/scripts/validate-formatted-data.cjs +0 -88
- package/test_capability_integration.js +0 -73
- package/test_comprehensive_scenarios.js +0 -192
- package/test_enhanced_detection.js +0 -74
- package/test_integrated_validation.js +0 -112
- package/test_language_update.js +0 -101
- package/test_live_validation.json +0 -12
- package/test_performance_monitoring.js +0 -124
- package/test_runner_automated.js +0 -156
- package/test_suite_comprehensive.js +0 -218
package/RELEASE_NOTES_v1.2.0.md
DELETED
|
@@ -1,396 +0,0 @@
|
|
|
1
|
-
# Framework MCP v1.2.0 Release Notes
|
|
2
|
-
|
|
3
|
-
## 🚀 Major Release: Dual Architecture - DigitalOcean Deployment Support
|
|
4
|
-
|
|
5
|
-
**Release Date**: August 2025
|
|
6
|
-
**Version**: 1.2.0
|
|
7
|
-
**Breaking Changes**: None (fully backward compatible)
|
|
8
|
-
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
## 🌟 Executive Summary
|
|
12
|
-
|
|
13
|
-
Framework MCP v1.2.0 introduces **dual architecture support**, solving the critical DigitalOcean App Services deployment issue while maintaining full backward compatibility. This release enables both local MCP integration and cloud HTTP deployment through a shared core architecture.
|
|
14
|
-
|
|
15
|
-
**Primary Achievement**: Solves the stdio vs HTTP binding conflict that prevented cloud deployment.
|
|
16
|
-
|
|
17
|
-
---
|
|
18
|
-
|
|
19
|
-
## 🏗️ Major New Features
|
|
20
|
-
|
|
21
|
-
### **1. Dual Architecture Implementation**
|
|
22
|
-
|
|
23
|
-
```
|
|
24
|
-
[Shared Core Logic]
|
|
25
|
-
|
|
|
26
|
-
+------+------+
|
|
27
|
-
| |
|
|
28
|
-
[MCP Interface] [HTTP Interface]
|
|
29
|
-
| |
|
|
30
|
-
[stdio comm] [Express.js]
|
|
31
|
-
| |
|
|
32
|
-
[Claude Code] [Cloud Deploy]
|
|
33
|
-
```
|
|
34
|
-
|
|
35
|
-
**Components**:
|
|
36
|
-
- **Shared Core**: `CapabilityAnalyzer` + `SafeguardManager` with identical logic
|
|
37
|
-
- **MCP Interface**: Refactored stdio-based server for Claude Code integration
|
|
38
|
-
- **HTTP Interface**: Express.js REST API for cloud deployment
|
|
39
|
-
|
|
40
|
-
### **2. Production-Ready HTTP API**
|
|
41
|
-
|
|
42
|
-
**New REST Endpoints**:
|
|
43
|
-
```
|
|
44
|
-
POST /api/validate-vendor-mapping # Primary capability validation
|
|
45
|
-
POST /api/analyze-vendor-response # Capability role determination
|
|
46
|
-
POST /api/validate-coverage-claim # Implementation claim validation
|
|
47
|
-
GET /api/safeguards # List all safeguards
|
|
48
|
-
GET /api/safeguards/:id # Get safeguard details
|
|
49
|
-
GET /health # Platform health check
|
|
50
|
-
GET /api/metrics # Performance monitoring
|
|
51
|
-
```
|
|
52
|
-
|
|
53
|
-
**Production Features**:
|
|
54
|
-
- ✅ **Health Checks**: Platform monitoring support (`/health`)
|
|
55
|
-
- ✅ **CORS Enabled**: Web application integration
|
|
56
|
-
- ✅ **Security Hardened**: Helmet, input validation, rate limiting ready
|
|
57
|
-
- ✅ **Compression**: Optimized response sizes
|
|
58
|
-
- ✅ **Error Handling**: Production-friendly error messages
|
|
59
|
-
- ✅ **Performance Monitoring**: Real-time metrics at `/api/metrics`
|
|
60
|
-
|
|
61
|
-
### **3. DigitalOcean App Services Support**
|
|
62
|
-
|
|
63
|
-
**Complete Configuration**:
|
|
64
|
-
- ✅ **HTTP Port Binding**: Port 8080 (not stdio)
|
|
65
|
-
- ✅ **Health Check Endpoint**: `/health` with proper status codes
|
|
66
|
-
- ✅ **Environment Variables**: Production configuration support
|
|
67
|
-
- ✅ **Auto-Scaling**: Resource allocation configuration
|
|
68
|
-
- ✅ **Deployment YAML**: Complete `.do/app.yaml` provided
|
|
69
|
-
|
|
70
|
-
**Deployment Command**:
|
|
71
|
-
```bash
|
|
72
|
-
# Option 1: GitHub integration (recommended)
|
|
73
|
-
# Connect branch: feature/dual-architecture-http-api
|
|
74
|
-
|
|
75
|
-
# Option 2: doctl CLI
|
|
76
|
-
doctl apps create .do/app.yaml
|
|
77
|
-
```
|
|
78
|
-
|
|
79
|
-
---
|
|
80
|
-
|
|
81
|
-
## 🔧 Technical Enhancements
|
|
82
|
-
|
|
83
|
-
### **Shared Core Architecture**
|
|
84
|
-
|
|
85
|
-
**CapabilityAnalyzer Class**:
|
|
86
|
-
- Extracted from MCP server implementation
|
|
87
|
-
- Maintains all v1.1.3 performance optimizations (95% cache improvement)
|
|
88
|
-
- Preserves domain validation and auto-downgrade logic
|
|
89
|
-
- Identical functionality across MCP and HTTP interfaces
|
|
90
|
-
|
|
91
|
-
**SafeguardManager Class**:
|
|
92
|
-
- Centralized CIS safeguards data management
|
|
93
|
-
- Intelligent caching with configurable TTL
|
|
94
|
-
- Input validation and error handling
|
|
95
|
-
- Support for implementation examples
|
|
96
|
-
|
|
97
|
-
### **Interface Compatibility**
|
|
98
|
-
|
|
99
|
-
**MCP Interface** (Preserved):
|
|
100
|
-
```typescript
|
|
101
|
-
// Exact same tool signatures
|
|
102
|
-
validate_vendor_mapping(vendor_name, safeguard_id, claimed_capability, supporting_text)
|
|
103
|
-
analyze_vendor_response(vendor_name, safeguard_id, response_text)
|
|
104
|
-
validate_coverage_claim(vendor_name, safeguard_id, claimed_capability, response_text)
|
|
105
|
-
get_safeguard_details(safeguard_id, include_examples)
|
|
106
|
-
list_available_safeguards()
|
|
107
|
-
```
|
|
108
|
-
|
|
109
|
-
**HTTP Interface** (New):
|
|
110
|
-
```bash
|
|
111
|
-
# RESTful equivalent endpoints
|
|
112
|
-
curl -X POST /api/validate-vendor-mapping -d '{"vendor_name":"...", "safeguard_id":"1.1", ...}'
|
|
113
|
-
curl -X POST /api/analyze-vendor-response -d '{"vendor_name":"...", "safeguard_id":"5.1", ...}'
|
|
114
|
-
curl -X POST /api/validate-coverage-claim -d '{"vendor_name":"...", "claimed_capability":"full", ...}'
|
|
115
|
-
curl /api/safeguards/1.1?include_examples=true
|
|
116
|
-
curl /api/safeguards
|
|
117
|
-
```
|
|
118
|
-
|
|
119
|
-
---
|
|
120
|
-
|
|
121
|
-
## 📦 Package and Deployment Updates
|
|
122
|
-
|
|
123
|
-
### **Package.json Enhancements**
|
|
124
|
-
|
|
125
|
-
**New Scripts**:
|
|
126
|
-
```json
|
|
127
|
-
{
|
|
128
|
-
"start": "node dist/interfaces/http/http-server.js", // Default: HTTP server
|
|
129
|
-
"start:mcp": "node dist/index.js", // MCP server
|
|
130
|
-
"start:http": "node dist/interfaces/http/http-server.js", // HTTP server
|
|
131
|
-
"dev": "tsc && npm run start:mcp", // MCP development
|
|
132
|
-
"dev:http": "tsc && npm run start:http" // HTTP development
|
|
133
|
-
}
|
|
134
|
-
```
|
|
135
|
-
|
|
136
|
-
**Updated Dependencies**:
|
|
137
|
-
```json
|
|
138
|
-
{
|
|
139
|
-
"express": "^4.18.2",
|
|
140
|
-
"cors": "^2.8.5",
|
|
141
|
-
"helmet": "^8.1.0",
|
|
142
|
-
"compression": "^1.8.1"
|
|
143
|
-
}
|
|
144
|
-
```
|
|
145
|
-
|
|
146
|
-
**Main Entry Point**:
|
|
147
|
-
- **Default**: `dist/interfaces/http/http-server.js` (cloud-ready)
|
|
148
|
-
- **MCP**: `dist/index.js` (Claude Code integration)
|
|
149
|
-
|
|
150
|
-
### **Cloud Platform Support**
|
|
151
|
-
|
|
152
|
-
**DigitalOcean App Services**:
|
|
153
|
-
```yaml
|
|
154
|
-
name: framework-mcp-api
|
|
155
|
-
services:
|
|
156
|
-
- name: api
|
|
157
|
-
run_command: npm run start:http
|
|
158
|
-
http_port: 8080
|
|
159
|
-
health_check:
|
|
160
|
-
http_path: /health
|
|
161
|
-
```
|
|
162
|
-
|
|
163
|
-
**Alternative Platforms**:
|
|
164
|
-
- **Railway**: `railway up`
|
|
165
|
-
- **Render**: Node.js + `npm run start:http`
|
|
166
|
-
- **AWS App Runner**: HTTP service configuration
|
|
167
|
-
- **Google Cloud Run**: Container deployment ready
|
|
168
|
-
|
|
169
|
-
---
|
|
170
|
-
|
|
171
|
-
## 🧪 Testing and Validation
|
|
172
|
-
|
|
173
|
-
### **Dual Interface Testing**
|
|
174
|
-
|
|
175
|
-
**HTTP API Validation**:
|
|
176
|
-
```bash
|
|
177
|
-
# Health check
|
|
178
|
-
curl http://localhost:8080/health
|
|
179
|
-
|
|
180
|
-
# Primary validation endpoint
|
|
181
|
-
curl -X POST http://localhost:8080/api/validate-vendor-mapping \
|
|
182
|
-
-H "Content-Type: application/json" \
|
|
183
|
-
-d '{"vendor_name":"AssetMax Pro","safeguard_id":"1.1","claimed_capability":"full","supporting_text":"..."}'
|
|
184
|
-
|
|
185
|
-
# Domain validation test
|
|
186
|
-
curl -X POST http://localhost:8080/api/validate-vendor-mapping \
|
|
187
|
-
-H "Content-Type: application/json" \
|
|
188
|
-
-d '{"vendor_name":"ThreatIntel Pro","safeguard_id":"1.1","claimed_capability":"full","supporting_text":"..."}'
|
|
189
|
-
```
|
|
190
|
-
|
|
191
|
-
**MCP Interface Validation**:
|
|
192
|
-
```bash
|
|
193
|
-
# Standard MCP usage (unchanged)
|
|
194
|
-
npm run start:mcp
|
|
195
|
-
# Use with Claude Code as before
|
|
196
|
-
```
|
|
197
|
-
|
|
198
|
-
### **Performance Verification**
|
|
199
|
-
|
|
200
|
-
**Shared Core Performance**:
|
|
201
|
-
- ✅ **95% Cache Improvement**: Maintained across both interfaces
|
|
202
|
-
- ✅ **Domain Validation**: Auto-downgrade working in both MCP and HTTP
|
|
203
|
-
- ✅ **Memory Management**: Intelligent cache cleanup active
|
|
204
|
-
- ✅ **Error Handling**: Production-friendly messages in both interfaces
|
|
205
|
-
|
|
206
|
-
**HTTP-Specific Performance**:
|
|
207
|
-
- ✅ **Response Times**: Sub-200ms for cached requests
|
|
208
|
-
- ✅ **Compression**: Significant bandwidth reduction
|
|
209
|
-
- ✅ **Concurrent Requests**: Express.js scalability
|
|
210
|
-
- ✅ **Health Monitoring**: Real-time metrics collection
|
|
211
|
-
|
|
212
|
-
---
|
|
213
|
-
|
|
214
|
-
## 📋 Migration Guide
|
|
215
|
-
|
|
216
|
-
### **No Breaking Changes**
|
|
217
|
-
|
|
218
|
-
**Existing MCP Users**:
|
|
219
|
-
- ✅ **Zero Changes Required**: All existing integrations continue working
|
|
220
|
-
- ✅ **Same Tool Signatures**: No API changes to MCP tools
|
|
221
|
-
- ✅ **Same Results**: Identical capability assessment output
|
|
222
|
-
- ✅ **Same Performance**: All v1.1.3 optimizations preserved
|
|
223
|
-
|
|
224
|
-
**Upgrade Path**:
|
|
225
|
-
```bash
|
|
226
|
-
# Update to v1.2.0
|
|
227
|
-
npm update -g framework-mcp
|
|
228
|
-
|
|
229
|
-
# Existing usage continues working
|
|
230
|
-
npm run start:mcp # or npm run dev
|
|
231
|
-
|
|
232
|
-
# New cloud deployment option available
|
|
233
|
-
npm run start:http
|
|
234
|
-
```
|
|
235
|
-
|
|
236
|
-
### **New Deployment Options**
|
|
237
|
-
|
|
238
|
-
**When to Use Each Interface**:
|
|
239
|
-
|
|
240
|
-
**Use MCP Interface For**:
|
|
241
|
-
- Claude Code integration
|
|
242
|
-
- Local development and testing
|
|
243
|
-
- Tool-based LLM interactions
|
|
244
|
-
- Existing workflows (no changes needed)
|
|
245
|
-
|
|
246
|
-
**Use HTTP Interface For**:
|
|
247
|
-
- DigitalOcean App Services deployment
|
|
248
|
-
- Cloud platform deployment
|
|
249
|
-
- Web application integration
|
|
250
|
-
- API-based access requirements
|
|
251
|
-
- Production scaling needs
|
|
252
|
-
|
|
253
|
-
---
|
|
254
|
-
|
|
255
|
-
## 🔒 Security and Validation
|
|
256
|
-
|
|
257
|
-
### **HTTP API Security**
|
|
258
|
-
|
|
259
|
-
**Input Validation**:
|
|
260
|
-
- Request size limits (10MB maximum)
|
|
261
|
-
- Text length validation (10-10,000 characters)
|
|
262
|
-
- Capability enum validation
|
|
263
|
-
- Safeguard ID format validation
|
|
264
|
-
- XSS prevention through input sanitization
|
|
265
|
-
|
|
266
|
-
**Security Headers**:
|
|
267
|
-
```javascript
|
|
268
|
-
// Helmet security configuration
|
|
269
|
-
helmet({
|
|
270
|
-
contentSecurityPolicy: true,
|
|
271
|
-
crossOriginEmbedderPolicy: true,
|
|
272
|
-
crossOriginOpenerPolicy: true,
|
|
273
|
-
crossOriginResourcePolicy: true
|
|
274
|
-
})
|
|
275
|
-
```
|
|
276
|
-
|
|
277
|
-
**CORS Configuration**:
|
|
278
|
-
```bash
|
|
279
|
-
# Configurable via environment
|
|
280
|
-
ALLOWED_ORIGINS=https://your-domain.com,https://app.your-domain.com
|
|
281
|
-
```
|
|
282
|
-
|
|
283
|
-
### **Production Environment**
|
|
284
|
-
|
|
285
|
-
**Environment Variables**:
|
|
286
|
-
```bash
|
|
287
|
-
NODE_ENV=production # Required for production optimizations
|
|
288
|
-
PORT=8080 # HTTP server port
|
|
289
|
-
ALLOWED_ORIGINS=... # CORS configuration
|
|
290
|
-
```
|
|
291
|
-
|
|
292
|
-
**Monitoring and Observability**:
|
|
293
|
-
- Real-time performance metrics at `/api/metrics`
|
|
294
|
-
- Health check endpoint for platform monitoring
|
|
295
|
-
- Error tracking and logging
|
|
296
|
-
- Request counting and response time monitoring
|
|
297
|
-
|
|
298
|
-
---
|
|
299
|
-
|
|
300
|
-
## 📈 Business Impact
|
|
301
|
-
|
|
302
|
-
### **For Security Practitioners**
|
|
303
|
-
- **☁️ Cloud Deployment**: Access capability assessment from any cloud platform
|
|
304
|
-
- **🔌 API Integration**: Integrate with existing security tools and workflows
|
|
305
|
-
- **📊 Scalability**: Deploy at enterprise scale with cloud auto-scaling
|
|
306
|
-
- **🔄 Flexibility**: Choose deployment method based on use case
|
|
307
|
-
|
|
308
|
-
### **For Development Teams**
|
|
309
|
-
- **🚀 Faster Deployment**: Cloud-ready HTTP API out of the box
|
|
310
|
-
- **🔧 CI/CD Ready**: Standard REST API for automation pipelines
|
|
311
|
-
- **🌐 Web Integration**: Direct integration with web applications
|
|
312
|
-
- **📋 Platform Agnostic**: Deploy on any cloud platform
|
|
313
|
-
|
|
314
|
-
### **For Enterprise Adoption**
|
|
315
|
-
- **💼 Production Ready**: Enterprise-grade HTTP API with monitoring
|
|
316
|
-
- **🔒 Security Hardened**: Production security best practices implemented
|
|
317
|
-
- **📈 Scalable**: Cloud-native architecture for enterprise workloads
|
|
318
|
-
- **🛡️ Reliable**: Health checks and error handling for high availability
|
|
319
|
-
|
|
320
|
-
---
|
|
321
|
-
|
|
322
|
-
## 🎯 Success Metrics
|
|
323
|
-
|
|
324
|
-
### **Deployment Success Indicators**
|
|
325
|
-
- ✅ **Health Check**: `/health` returns 200 status
|
|
326
|
-
- ✅ **API Functionality**: All endpoints return expected responses
|
|
327
|
-
- ✅ **Domain Validation**: Auto-downgrade working correctly
|
|
328
|
-
- ✅ **Performance**: Cache hit rates >95%
|
|
329
|
-
- ✅ **Cloud Platform**: Successful deployment to DigitalOcean
|
|
330
|
-
|
|
331
|
-
### **Integration Success Indicators**
|
|
332
|
-
- ✅ **MCP Compatibility**: Existing Claude Code integrations work unchanged
|
|
333
|
-
- ✅ **HTTP API**: REST endpoints accessible and functional
|
|
334
|
-
- ✅ **Capability Assessment**: All 5 roles determined accurately
|
|
335
|
-
- ✅ **Error Handling**: Production-friendly error messages
|
|
336
|
-
- ✅ **Monitoring**: Performance metrics collection active
|
|
337
|
-
|
|
338
|
-
---
|
|
339
|
-
|
|
340
|
-
## 🚀 What's Next
|
|
341
|
-
|
|
342
|
-
### **Immediate Benefits (Day 1)**
|
|
343
|
-
- **Cloud Deployment**: Deploy to DigitalOcean App Services immediately
|
|
344
|
-
- **API Access**: Integrate with web applications and automation
|
|
345
|
-
- **Scalability**: Enterprise-ready deployment capability
|
|
346
|
-
- **Monitoring**: Production observability and health checks
|
|
347
|
-
|
|
348
|
-
### **Strategic Impact (Month 1)**
|
|
349
|
-
- **Enterprise Adoption**: Cloud-native capability assessment platform
|
|
350
|
-
- **Integration Ecosystem**: API-first architecture enables broader tooling
|
|
351
|
-
- **Scalable Operations**: Cloud auto-scaling for high-volume assessments
|
|
352
|
-
- **Multi-Platform**: Deploy across multiple cloud providers
|
|
353
|
-
|
|
354
|
-
---
|
|
355
|
-
|
|
356
|
-
## 📞 Support and Resources
|
|
357
|
-
|
|
358
|
-
### **Documentation**
|
|
359
|
-
- **📖 Deployment Guide**: Complete `DEPLOYMENT_GUIDE.md` included
|
|
360
|
-
- **⚙️ Configuration**: DigitalOcean `.do/app.yaml` provided
|
|
361
|
-
- **🔧 API Reference**: REST endpoint documentation at `/api`
|
|
362
|
-
- **🧪 Testing Guide**: Validation commands and examples
|
|
363
|
-
|
|
364
|
-
### **Community and Support**
|
|
365
|
-
- **GitHub Issues**: Bug reports and feature requests
|
|
366
|
-
- **GitHub Discussions**: Community Q&A and best practices
|
|
367
|
-
- **Documentation**: Complete API and deployment documentation
|
|
368
|
-
- **Examples**: Production deployment configurations
|
|
369
|
-
|
|
370
|
-
---
|
|
371
|
-
|
|
372
|
-
## 🎊 Release Summary
|
|
373
|
-
|
|
374
|
-
**Framework MCP v1.2.0** delivers the **most significant deployment enhancement** in the project's history:
|
|
375
|
-
|
|
376
|
-
✅ **Dual Architecture**: MCP + HTTP interfaces with shared core logic
|
|
377
|
-
✅ **DigitalOcean Ready**: Solves stdio vs HTTP deployment conflict
|
|
378
|
-
✅ **Backward Compatible**: Zero breaking changes to existing integrations
|
|
379
|
-
✅ **Production Ready**: Enterprise-grade HTTP API with monitoring
|
|
380
|
-
✅ **Cloud Agnostic**: Deploy on any cloud platform
|
|
381
|
-
✅ **API First**: REST endpoints for modern integration patterns
|
|
382
|
-
|
|
383
|
-
**This release transforms Framework MCP from a local-only tool to a cloud-native, enterprise-ready capability assessment platform while preserving all existing functionality.**
|
|
384
|
-
|
|
385
|
-
---
|
|
386
|
-
|
|
387
|
-
**🌟 Upgrade today and unlock cloud deployment for your capability assessment workflows!**
|
|
388
|
-
|
|
389
|
-
```bash
|
|
390
|
-
npm install -g framework-mcp@1.2.0
|
|
391
|
-
```
|
|
392
|
-
|
|
393
|
-
**Deploy to DigitalOcean**:
|
|
394
|
-
```bash
|
|
395
|
-
doctl apps create .do/app.yaml
|
|
396
|
-
```
|
package/RELEASE_NOTES_v1.3.7.md
DELETED
|
@@ -1,275 +0,0 @@
|
|
|
1
|
-
# Framework MCP v1.3.7 Release Notes
|
|
2
|
-
|
|
3
|
-
**Release Date**: August 21, 2025
|
|
4
|
-
**Version**: 1.3.7
|
|
5
|
-
**Sprint**: 4-Sprint Architecture Cleanup Complete
|
|
6
|
-
|
|
7
|
-
## 🎉 Major Release: Clean Architecture & Complete Documentation Ecosystem
|
|
8
|
-
|
|
9
|
-
Framework MCP v1.3.7 represents a **major architectural cleanup** that simplifies and strengthens the codebase while maintaining all functionality. This release completes a comprehensive 4-sprint refactoring initiative focused on content-based capability analysis.
|
|
10
|
-
|
|
11
|
-
---
|
|
12
|
-
|
|
13
|
-
## 🚀 What's New in v1.3.7
|
|
14
|
-
|
|
15
|
-
### ✅ **Sprint 1 (Days 1-2): Domain Validation Removal**
|
|
16
|
-
- **REMOVED**: All domain validation logic and tool type detection
|
|
17
|
-
- **SIMPLIFIED**: Capability analysis now uses pure content-based assessment
|
|
18
|
-
- **ENHANCED**: More reliable and consistent capability role determination
|
|
19
|
-
- **CLEANED**: Eliminated complex auto-downgrade logic
|
|
20
|
-
|
|
21
|
-
### ✅ **Sprint 2 (Days 3-4): Safeguards Data Replacement**
|
|
22
|
-
- **REPLACED**: All 153 safeguards with exact CIS Controls PDF data
|
|
23
|
-
- **IMPROVED**: More accurate and authoritative safeguard definitions
|
|
24
|
-
- **ENHANCED**: Better alignment with official CIS Controls v8.1 framework
|
|
25
|
-
- **STANDARDIZED**: Consistent data structure across all safeguards
|
|
26
|
-
|
|
27
|
-
### ✅ **Sprint 3 (Days 5-6): API Documentation Alignment**
|
|
28
|
-
- **UPDATED**: Complete Swagger/OpenAPI specification alignment
|
|
29
|
-
- **FIXED**: All API endpoint documentation reflects clean architecture
|
|
30
|
-
- **REMOVED**: Domain validation references from API docs
|
|
31
|
-
- **ENHANCED**: Clearer and more accurate API documentation
|
|
32
|
-
|
|
33
|
-
### ✅ **Sprint 4 (Days 7-8): Documentation Ecosystem Completion**
|
|
34
|
-
- **UPDATED**: Complete README.md overhaul with clean architecture
|
|
35
|
-
- **REVISED**: All example usage to reflect simplified approach
|
|
36
|
-
- **CLEANED**: Deployment guide updated for v1.3.7
|
|
37
|
-
- **COMPLETED**: Comprehensive documentation consistency
|
|
38
|
-
|
|
39
|
-
---
|
|
40
|
-
|
|
41
|
-
## 🎯 Core Changes Summary
|
|
42
|
-
|
|
43
|
-
### **Capability Analysis Engine**
|
|
44
|
-
- **BEFORE**: Complex domain validation with tool type detection and auto-downgrade
|
|
45
|
-
- **AFTER**: Clean content-based analysis focusing on evidence quality
|
|
46
|
-
- **BENEFIT**: More reliable, transparent, and maintainable assessment logic
|
|
47
|
-
|
|
48
|
-
### **Safeguards Framework**
|
|
49
|
-
- **BEFORE**: Interpreted safeguard data with potential inconsistencies
|
|
50
|
-
- **AFTER**: Exact CIS Controls PDF data with authoritative definitions
|
|
51
|
-
- **BENEFIT**: Perfect alignment with official CIS Controls v8.1 framework
|
|
52
|
-
|
|
53
|
-
### **API Documentation**
|
|
54
|
-
- **BEFORE**: Mixed references to domain validation features
|
|
55
|
-
- **AFTER**: Clean, consistent documentation reflecting actual functionality
|
|
56
|
-
- **BENEFIT**: Accurate developer experience and integration guidance
|
|
57
|
-
|
|
58
|
-
### **Documentation Ecosystem**
|
|
59
|
-
- **BEFORE**: Domain validation examples and references throughout
|
|
60
|
-
- **AFTER**: Content-based examples and clean architecture descriptions
|
|
61
|
-
- **BENEFIT**: Clear, consistent documentation across entire project
|
|
62
|
-
|
|
63
|
-
---
|
|
64
|
-
|
|
65
|
-
## 🔧 Technical Improvements
|
|
66
|
-
|
|
67
|
-
### **Code Quality**
|
|
68
|
-
- **Reduced Complexity**: Eliminated domain validation logic paths
|
|
69
|
-
- **Improved Maintainability**: Cleaner, more focused codebase
|
|
70
|
-
- **Enhanced Reliability**: Fewer edge cases and validation conflicts
|
|
71
|
-
- **Better Performance**: Streamlined analysis without tool type detection
|
|
72
|
-
|
|
73
|
-
### **API Consistency**
|
|
74
|
-
- **Unified Response Format**: Consistent JSON structure across endpoints
|
|
75
|
-
- **Clear Error Handling**: Simplified error responses without domain mismatches
|
|
76
|
-
- **Improved Validation**: Content-focused validation criteria
|
|
77
|
-
- **Enhanced Documentation**: Accurate Swagger/OpenAPI specifications
|
|
78
|
-
|
|
79
|
-
### **User Experience**
|
|
80
|
-
- **Simplified Workflow**: No need to understand domain validation rules
|
|
81
|
-
- **Clearer Results**: Content-based confidence scores and evidence analysis
|
|
82
|
-
- **Better Examples**: Real-world scenarios with practical guidance
|
|
83
|
-
- **Consistent Behavior**: Predictable capability role determination
|
|
84
|
-
|
|
85
|
-
---
|
|
86
|
-
|
|
87
|
-
## 📋 Migration Guide
|
|
88
|
-
|
|
89
|
-
### **For Existing Users**
|
|
90
|
-
✅ **No Breaking Changes**: All existing API endpoints continue working
|
|
91
|
-
✅ **Same Input Format**: No changes to request structure
|
|
92
|
-
✅ **Enhanced Output**: Improved response quality without domain validation complexity
|
|
93
|
-
✅ **Better Documentation**: Updated examples and usage guidance
|
|
94
|
-
|
|
95
|
-
### **What Changed**
|
|
96
|
-
- **Domain Validation**: Removed entirely - no more auto-downgrade logic
|
|
97
|
-
- **Tool Type Detection**: Eliminated - focus on content analysis only
|
|
98
|
-
- **Response Format**: `domain_validation` fields replaced with `content_validation`
|
|
99
|
-
- **Example Usage**: Updated to reflect content-based approach
|
|
100
|
-
|
|
101
|
-
### **What Stayed the Same**
|
|
102
|
-
- **Core Functionality**: All 5 capability roles (FULL, PARTIAL, FACILITATES, GOVERNANCE, VALIDATES)
|
|
103
|
-
- **API Endpoints**: Same URLs and HTTP methods
|
|
104
|
-
- **Input Parameters**: Same request structure
|
|
105
|
-
- **CIS Coverage**: Complete 153 safeguards across all 18 controls
|
|
106
|
-
|
|
107
|
-
---
|
|
108
|
-
|
|
109
|
-
## 🎨 New Content-Based Analysis
|
|
110
|
-
|
|
111
|
-
### **Analysis Dimensions**
|
|
112
|
-
| Dimension | Description | Focus |
|
|
113
|
-
|-----------|-------------|-------|
|
|
114
|
-
| **Core Requirements Coverage** | Alignment with primary safeguard elements | Implementation specifics |
|
|
115
|
-
| **Sub-Elements Coverage** | Support for detailed components | Breadth of coverage |
|
|
116
|
-
| **Governance Alignment** | Policy/process management | Oversight capabilities |
|
|
117
|
-
| **Implementation Depth** | Technical detail and specificity | Solution completeness |
|
|
118
|
-
| **Language Consistency** | Claim-evidence alignment | Response quality |
|
|
119
|
-
|
|
120
|
-
### **Validation Logic**
|
|
121
|
-
- **Strong Evidence**: Detailed implementation with comprehensive coverage
|
|
122
|
-
- **Moderate Evidence**: Good coverage with some gaps or general language
|
|
123
|
-
- **Weak Evidence**: Limited specifics, vague implementation details
|
|
124
|
-
|
|
125
|
-
### **Status Determination**
|
|
126
|
-
- **SUPPORTED** (70-100%): Evidence strongly supports claimed capability
|
|
127
|
-
- **QUESTIONABLE** (40-69%): Partial support with notable gaps or inconsistencies
|
|
128
|
-
- **UNSUPPORTED** (0-39%): Evidence does not adequately support the claim
|
|
129
|
-
|
|
130
|
-
---
|
|
131
|
-
|
|
132
|
-
## 📊 Example Response Updates
|
|
133
|
-
|
|
134
|
-
### **Before (v1.3.6)**
|
|
135
|
-
```json
|
|
136
|
-
{
|
|
137
|
-
"domain_validation": {
|
|
138
|
-
"required_tool_type": "inventory",
|
|
139
|
-
"detected_tool_type": "threat_intelligence",
|
|
140
|
-
"domain_match": false,
|
|
141
|
-
"capability_adjusted": true
|
|
142
|
-
}
|
|
143
|
-
}
|
|
144
|
-
```
|
|
145
|
-
|
|
146
|
-
### **After (v1.3.7)**
|
|
147
|
-
```json
|
|
148
|
-
{
|
|
149
|
-
"content_validation": {
|
|
150
|
-
"implementation_depth": "comprehensive",
|
|
151
|
-
"scope_clarity": "well_defined",
|
|
152
|
-
"evidence_strength": "strong",
|
|
153
|
-
"capability_aligned": true
|
|
154
|
-
}
|
|
155
|
-
}
|
|
156
|
-
```
|
|
157
|
-
|
|
158
|
-
---
|
|
159
|
-
|
|
160
|
-
## 🛠️ Developer Benefits
|
|
161
|
-
|
|
162
|
-
### **Simplified Integration**
|
|
163
|
-
- **No Tool Type Mapping**: No need to understand domain validation rules
|
|
164
|
-
- **Clearer Responses**: Content-focused validation results
|
|
165
|
-
- **Better Documentation**: Accurate examples and integration guides
|
|
166
|
-
- **Consistent Behavior**: Predictable capability assessment logic
|
|
167
|
-
|
|
168
|
-
### **Enhanced Reliability**
|
|
169
|
-
- **Fewer Edge Cases**: No domain mismatch conflicts
|
|
170
|
-
- **Cleaner Codebase**: Reduced complexity and technical debt
|
|
171
|
-
- **Better Testing**: Simpler test scenarios and validation logic
|
|
172
|
-
- **Improved Performance**: Streamlined analysis pipeline
|
|
173
|
-
|
|
174
|
-
---
|
|
175
|
-
|
|
176
|
-
## 📈 Performance Improvements
|
|
177
|
-
|
|
178
|
-
- **95% Cache Efficiency**: Maintained high-performance caching
|
|
179
|
-
- **Reduced Analysis Time**: Simpler logic paths improve speed
|
|
180
|
-
- **Lower Memory Usage**: Eliminated tool type detection overhead
|
|
181
|
-
- **Better Scalability**: Clean architecture supports growth
|
|
182
|
-
|
|
183
|
-
---
|
|
184
|
-
|
|
185
|
-
## 🔒 Security & Compliance
|
|
186
|
-
|
|
187
|
-
- **Same Security Model**: No changes to security posture
|
|
188
|
-
- **CIS Controls Alignment**: Perfect alignment with official v8.1 framework
|
|
189
|
-
- **Data Integrity**: Authoritative safeguard data from official sources
|
|
190
|
-
- **Audit Trail**: Clear content-based assessment reasoning
|
|
191
|
-
|
|
192
|
-
---
|
|
193
|
-
|
|
194
|
-
## 🎯 Use Case Examples
|
|
195
|
-
|
|
196
|
-
### **GRC Teams**
|
|
197
|
-
```bash
|
|
198
|
-
# Validate vendor capability claims with content analysis
|
|
199
|
-
claude-code "Use validate_vendor_mapping for vendor 'AssetMax Pro',
|
|
200
|
-
safeguard '1.1', claimed capability 'full', with supporting text:
|
|
201
|
-
'Comprehensive automated discovery, detailed inventory management...'"
|
|
202
|
-
```
|
|
203
|
-
|
|
204
|
-
### **Security Professionals**
|
|
205
|
-
```bash
|
|
206
|
-
# Analyze vendor responses for capability determination
|
|
207
|
-
claude-code "Use analyze_vendor_response to analyze Microsoft Entra ID
|
|
208
|
-
for safeguard 5.1 with response about centralized identity management..."
|
|
209
|
-
```
|
|
210
|
-
|
|
211
|
-
### **Compliance Assessors**
|
|
212
|
-
```bash
|
|
213
|
-
# Get detailed safeguard requirements for assessment
|
|
214
|
-
claude-code "Use get_safeguard_details for safeguard 1.1 with examples
|
|
215
|
-
to understand complete requirements"
|
|
216
|
-
```
|
|
217
|
-
|
|
218
|
-
---
|
|
219
|
-
|
|
220
|
-
## 🗂️ Complete File Changes
|
|
221
|
-
|
|
222
|
-
### **Updated Documentation**
|
|
223
|
-
- `README.md` - Complete overhaul with clean architecture
|
|
224
|
-
- `DEPLOYMENT_GUIDE.md` - Updated for v1.3.7 without domain validation
|
|
225
|
-
- `examples/example-usage.md` - All examples updated for content-based approach
|
|
226
|
-
- `swagger.json` - API documentation aligned with clean architecture
|
|
227
|
-
|
|
228
|
-
### **Core Implementation Files**
|
|
229
|
-
- `src/core/capability-analyzer.ts` - Domain validation logic removed
|
|
230
|
-
- `src/core/safeguard-manager.ts` - All 153 safeguards updated with CIS PDF data
|
|
231
|
-
- `src/interfaces/http/http-server.ts` - API responses updated
|
|
232
|
-
- `src/interfaces/mcp/mcp-server.ts` - MCP tool responses cleaned
|
|
233
|
-
|
|
234
|
-
---
|
|
235
|
-
|
|
236
|
-
## 🎉 Success Metrics
|
|
237
|
-
|
|
238
|
-
✅ **Architecture Cleanup**: 100% domain validation removal completed
|
|
239
|
-
✅ **Data Quality**: 153/153 safeguards updated with authoritative CIS data
|
|
240
|
-
✅ **Documentation**: 100% documentation consistency achieved
|
|
241
|
-
✅ **API Alignment**: Complete Swagger/OpenAPI specification accuracy
|
|
242
|
-
✅ **User Experience**: Simplified, content-focused capability analysis
|
|
243
|
-
✅ **Performance**: Maintained 95%+ cache efficiency
|
|
244
|
-
✅ **Reliability**: Eliminated domain validation edge cases
|
|
245
|
-
|
|
246
|
-
---
|
|
247
|
-
|
|
248
|
-
## 🚀 What's Next
|
|
249
|
-
|
|
250
|
-
Framework MCP v1.3.7 represents the **complete architecture cleanup** and establishes a solid foundation for future enhancements:
|
|
251
|
-
|
|
252
|
-
- **Enhanced Analytics**: Advanced content analysis features
|
|
253
|
-
- **Extended Coverage**: Additional CIS Controls as they're released
|
|
254
|
-
- **Integration Improvements**: Enhanced MCP and HTTP API capabilities
|
|
255
|
-
- **Performance Optimization**: Continued efficiency improvements
|
|
256
|
-
|
|
257
|
-
---
|
|
258
|
-
|
|
259
|
-
## 🙏 Acknowledgments
|
|
260
|
-
|
|
261
|
-
This major release was made possible by:
|
|
262
|
-
- **CIS Controls Framework**: Official CIS Controls v8.1 documentation
|
|
263
|
-
- **Community Feedback**: User input driving simplification efforts
|
|
264
|
-
- **Architecture Review**: Comprehensive code quality and maintainability focus
|
|
265
|
-
|
|
266
|
-
---
|
|
267
|
-
|
|
268
|
-
**🎯 Framework MCP v1.3.7: Clean Architecture. Authoritative Data. Enhanced Reliability.**
|
|
269
|
-
|
|
270
|
-
For support, documentation, and updates:
|
|
271
|
-
- **GitHub**: [Framework MCP Repository](https://github.com/therealcybermattlee/FrameworkMCP)
|
|
272
|
-
- **Issues**: [GitHub Issues](https://github.com/therealcybermattlee/FrameworkMCP/issues)
|
|
273
|
-
- **Documentation**: Complete API and usage documentation included
|
|
274
|
-
|
|
275
|
-
**Framework MCP v1.3.7 - Ready for Production** ✅
|