framework-mcp 2.4.6 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/README.md +35 -10
  2. package/dist/core/safeguard-manager.d.ts.map +1 -1
  3. package/dist/core/safeguard-manager.js +164 -7066
  4. package/dist/core/safeguard-manager.js.map +1 -1
  5. package/dist/index.d.ts +1 -0
  6. package/dist/index.d.ts.map +1 -1
  7. package/dist/index.js.map +1 -1
  8. package/dist/interfaces/http/http-server.d.ts.map +1 -1
  9. package/dist/interfaces/http/http-server.js +6 -40
  10. package/dist/interfaces/http/http-server.js.map +1 -1
  11. package/dist/interfaces/mcp/mcp-server.js +3 -3
  12. package/dist/shared/types.d.ts +49 -60
  13. package/dist/shared/types.d.ts.map +1 -1
  14. package/dist/shared/types.js.map +1 -1
  15. package/package.json +9 -3
  16. package/swagger.json +10 -133
  17. package/.claude/agents/mcp-developer.md +0 -41
  18. package/.claude/agents/project-orchestrator.md +0 -43
  19. package/.claude/agents/version-consistency-reviewer.md +0 -50
  20. package/.claude/commands/speckit.analyze.md +0 -184
  21. package/.claude/commands/speckit.checklist.md +0 -294
  22. package/.claude/commands/speckit.clarify.md +0 -181
  23. package/.claude/commands/speckit.constitution.md +0 -82
  24. package/.claude/commands/speckit.implement.md +0 -135
  25. package/.claude/commands/speckit.plan.md +0 -89
  26. package/.claude/commands/speckit.specify.md +0 -258
  27. package/.claude/commands/speckit.tasks.md +0 -137
  28. package/.claude/commands/speckit.taskstoissues.md +0 -30
  29. package/.claude/config.json +0 -11
  30. package/.claude_config.json +0 -11
  31. package/.do/app.yaml +0 -78
  32. package/.github/dependabot.yml +0 -15
  33. package/.github/workflows/ci.yml +0 -90
  34. package/.github/workflows/release.yml +0 -30
  35. package/.mcp.json +0 -11
  36. package/.specify/memory/constitution.md +0 -50
  37. package/.specify/scripts/bash/check-prerequisites.sh +0 -166
  38. package/.specify/scripts/bash/common.sh +0 -156
  39. package/.specify/scripts/bash/create-new-feature.sh +0 -297
  40. package/.specify/scripts/bash/setup-plan.sh +0 -61
  41. package/.specify/scripts/bash/update-agent-context.sh +0 -799
  42. package/.specify/templates/agent-file-template.md +0 -28
  43. package/.specify/templates/checklist-template.md +0 -40
  44. package/.specify/templates/plan-template.md +0 -104
  45. package/.specify/templates/spec-template.md +0 -115
  46. package/.specify/templates/tasks-template.md +0 -251
  47. package/examples/example-usage.md +0 -293
  48. package/examples/llm-analysis-patterns.md +0 -553
  49. package/examples/vendors.csv +0 -9
  50. package/examples/vendors.json +0 -32
  51. package/scripts/standardize-prompts.js +0 -325
  52. package/scripts/validate-capability-prompts.js +0 -110
  53. package/scripts/validate-documentation.sh +0 -150
  54. package/src/core/safeguard-manager.ts +0 -16891
  55. package/src/index.ts +0 -17
  56. package/src/interfaces/http/http-server.ts +0 -301
  57. package/src/interfaces/mcp/mcp-server.ts +0 -165
  58. package/src/shared/types.ts +0 -337
  59. package/tsconfig.json +0 -23
package/src/index.ts DELETED
@@ -1,17 +0,0 @@
1
- #!/usr/bin/env node
2
-
3
- // Re-export the MCP server for backward compatibility
4
- import { FrameworkMcpServer } from './interfaces/mcp/mcp-server.js';
5
-
6
- // Start MCP server if this file is run directly
7
- if (import.meta.url === `file://${process.argv[1]}`) {
8
- const server = new FrameworkMcpServer();
9
- server.run().catch(console.error);
10
- }
11
-
12
- export { FrameworkMcpServer } from './interfaces/mcp/mcp-server.js';
13
- export { FrameworkHttpServer } from './interfaces/http/http-server.js';
14
- export { SafeguardManager } from './core/safeguard-manager.js';
15
-
16
- // Pure Data Provider architecture - authentic CIS Controls data via SafeguardManager
17
-
@@ -1,301 +0,0 @@
1
- #!/usr/bin/env node
2
-
3
- import express from 'express';
4
- import cors from 'cors';
5
- import helmet from 'helmet';
6
- import compression from 'compression';
7
- import rateLimit from 'express-rate-limit';
8
- import { SafeguardManager } from '../../core/safeguard-manager.js';
9
- import { RateLimitConfig, RateLimitErrorResponse } from '../../shared/types.js';
10
-
11
- interface ErrorResponse {
12
- error: string;
13
- details?: string;
14
- timestamp: string;
15
- }
16
-
17
- export class FrameworkHttpServer {
18
- private app: express.Application;
19
- private safeguardManager: SafeguardManager;
20
- private port: number;
21
- private rateLimitConfig: RateLimitConfig;
22
-
23
- constructor(port: number = 8080) {
24
- this.app = express();
25
- this.safeguardManager = new SafeguardManager();
26
- this.port = port;
27
- this.rateLimitConfig = this.parseRateLimitConfig();
28
-
29
- this.setupMiddleware();
30
- this.setupRoutes();
31
- this.setupErrorHandling();
32
- }
33
-
34
- private parseRateLimitConfig(): RateLimitConfig {
35
- const skipIpsEnv = process.env.RATE_LIMIT_SKIP_IPS;
36
- return {
37
- windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS || '60000', 10),
38
- max: parseInt(process.env.RATE_LIMIT_MAX || '100', 10),
39
- skipIps: skipIpsEnv ? skipIpsEnv.split(',').map(ip => ip.trim()) : undefined
40
- };
41
- }
42
-
43
- private setupMiddleware(): void {
44
- // Rate limiting middleware - must be before other middleware
45
- const limiter = rateLimit({
46
- windowMs: this.rateLimitConfig.windowMs,
47
- max: this.rateLimitConfig.max,
48
- standardHeaders: true,
49
- legacyHeaders: false,
50
- skip: (req) => {
51
- if (this.rateLimitConfig.skipIps && req.ip) {
52
- return this.rateLimitConfig.skipIps.includes(req.ip);
53
- }
54
- return false;
55
- },
56
- message: {
57
- error: 'Too many requests',
58
- retryAfter: 'See Retry-After header',
59
- timestamp: new Date().toISOString()
60
- },
61
- handler: (req, res, _next, options) => {
62
- console.log(`[Rate Limit] IP ${req.ip} exceeded limit`);
63
- res.status(429).json(options.message);
64
- }
65
- });
66
-
67
- this.app.use(limiter);
68
-
69
- // Security middleware
70
- this.app.use(helmet({
71
- contentSecurityPolicy: {
72
- directives: {
73
- defaultSrc: ["'self'"],
74
- styleSrc: ["'self'", "'unsafe-inline'"],
75
- scriptSrc: ["'self'"],
76
- imgSrc: ["'self'", "data:", "https:"],
77
- },
78
- },
79
- }));
80
-
81
- // CORS configuration
82
- this.app.use(cors({
83
- origin: process.env.ALLOWED_ORIGINS?.split(',') || ['http://localhost:3000'],
84
- methods: ['GET', 'POST', 'OPTIONS'],
85
- allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
86
- credentials: true
87
- }));
88
-
89
- // Compression and parsing
90
- this.app.use(compression());
91
- this.app.use(express.json({ limit: '10mb' }));
92
- this.app.use(express.urlencoded({ extended: true, limit: '10mb' }));
93
-
94
- // Request logging in production
95
- if (process.env.NODE_ENV === 'production') {
96
- this.app.use((req, res, next) => {
97
- console.log(`[${new Date().toISOString()}] ${req.method} ${req.path}`);
98
- next();
99
- });
100
- }
101
- }
102
-
103
- private setupRoutes(): void {
104
- // Health check endpoint
105
- this.app.get('/health', (req, res) => {
106
- res.json({
107
- status: 'healthy',
108
- uptime: Math.round(process.uptime()),
109
- version: '2.4.6',
110
- timestamp: new Date().toISOString()
111
- });
112
- });
113
-
114
- // Safeguards health check endpoint - validates data completeness
115
- this.app.get('/api/health/safeguards', (req, res) => {
116
- try {
117
- const allSafeguards = this.safeguardManager.getAllSafeguards();
118
- const safeguardIds = Object.keys(allSafeguards);
119
-
120
- let totalValidated = 0;
121
- let errors: string[] = [];
122
- const expectedFields = [
123
- 'systemPromptFull',
124
- 'systemPromptPartial',
125
- 'systemPromptFacilitates',
126
- 'systemPromptGovernance',
127
- 'systemPromptValidates'
128
- ];
129
-
130
- for (const safeguardId of safeguardIds) {
131
- const safeguard = allSafeguards[safeguardId];
132
-
133
- // Check all five capability prompts exist and are complete
134
- for (const field of expectedFields) {
135
- const prompt = (safeguard as any)[field];
136
- if (!prompt) {
137
- errors.push(`${safeguardId}: Missing ${field}`);
138
- continue;
139
- }
140
-
141
- if (!prompt.role || !prompt.context || !prompt.objective ||
142
- !prompt.guidelines || !prompt.outputFormat) {
143
- errors.push(`${safeguardId}.${field}: Incomplete structure`);
144
- }
145
- }
146
-
147
- // Check deprecated field is gone
148
- if ('systemPrompt' in safeguard) {
149
- errors.push(`${safeguardId}: Deprecated systemPrompt field exists`);
150
- }
151
-
152
- totalValidated++;
153
- }
154
-
155
- res.json({
156
- status: errors.length === 0 ? 'healthy' : 'unhealthy',
157
- safeguards: {
158
- total: totalValidated,
159
- expected: 153,
160
- complete: totalValidated === 153 && errors.length === 0
161
- },
162
- capabilityPrompts: {
163
- expectedFields: expectedFields.length,
164
- validatedFields: expectedFields.length
165
- },
166
- errors: errors.length,
167
- errorDetails: errors.slice(0, 10), // Show first 10 errors only
168
- timestamp: new Date().toISOString()
169
- });
170
-
171
- } catch (error) {
172
- res.status(500).json({
173
- status: 'error',
174
- message: 'Failed to validate safeguards data',
175
- error: error instanceof Error ? error.message : 'Unknown error',
176
- timestamp: new Date().toISOString()
177
- });
178
- }
179
- });
180
-
181
-
182
-
183
- // Get safeguard details endpoint
184
- this.app.get('/api/safeguards/:safeguardId', (req, res) => {
185
- try {
186
- const { safeguardId } = req.params;
187
- const includeExamples = req.query.include_examples === 'true';
188
-
189
- this.safeguardManager.validateSafeguardId(safeguardId);
190
-
191
- const safeguard = this.safeguardManager.getSafeguardDetails(safeguardId, includeExamples);
192
- if (!safeguard) {
193
- return res.status(404).json(this.createErrorResponse('Safeguard not found'));
194
- }
195
-
196
- res.json(safeguard);
197
- } catch (error) {
198
- console.error('[HTTP Server] get-safeguard-details error:', error);
199
- res.status(400).json(this.createErrorResponse(error instanceof Error ? error.message : 'Unknown error'));
200
- }
201
- });
202
-
203
- // List all safeguards endpoint
204
- this.app.get('/api/safeguards', (req, res) => {
205
- try {
206
- const safeguards = this.safeguardManager.listAvailableSafeguards();
207
-
208
- res.json({
209
- safeguards,
210
- total: safeguards.length,
211
- framework: 'CIS Controls v8.1',
212
- timestamp: new Date().toISOString()
213
- });
214
- } catch (error) {
215
- console.error('[HTTP Server] list-safeguards error:', error);
216
- res.status(500).json(this.createErrorResponse('Internal server error'));
217
- }
218
- });
219
-
220
-
221
- // API documentation endpoint
222
- this.app.get('/api', (req, res) => {
223
- res.json({
224
- name: 'Framework MCP HTTP API',
225
- version: '2.4.6',
226
- description: 'Pure Data Provider serving authentic CIS Controls Framework data',
227
- endpoints: {
228
- 'GET /api/safeguards': 'List all available CIS safeguards',
229
- 'GET /api/safeguards/:id': 'Get detailed safeguard breakdown',
230
- 'GET /health': 'Health check endpoint',
231
- 'GET /api': 'This documentation'
232
- },
233
- framework: 'CIS Controls v8.1 (153 safeguards)',
234
- deployment: 'Cloud-compatible HTTP API'
235
- });
236
- });
237
-
238
- // Root endpoint redirect
239
- this.app.get('/', (req, res) => {
240
- res.redirect('/api');
241
- });
242
- }
243
-
244
- private setupErrorHandling(): void {
245
- // 404 handler
246
- this.app.use('*', (req, res) => {
247
- res.status(404).json(this.createErrorResponse(
248
- `Endpoint not found: ${req.method} ${req.originalUrl}`,
249
- 'Use GET /api for available endpoints'
250
- ));
251
- });
252
-
253
- // Global error handler
254
- this.app.use((error: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
255
- console.error('[HTTP Server] Unhandled error:', error);
256
-
257
- if (!res.headersSent) {
258
- res.status(500).json(this.createErrorResponse(
259
- 'Internal server error',
260
- process.env.NODE_ENV === 'development' ? error.message : undefined
261
- ));
262
- }
263
- });
264
- }
265
-
266
- private createErrorResponse(error: string, details?: string): ErrorResponse {
267
- return {
268
- error,
269
- details,
270
- timestamp: new Date().toISOString()
271
- };
272
- }
273
-
274
- public start(): void {
275
- this.app.listen(this.port, '0.0.0.0', () => {
276
- console.log(`🚀 Framework MCP HTTP Server v2.4.6 running on port ${this.port}`);
277
- console.log(`📊 Health check: http://localhost:${this.port}/health`);
278
- console.log(`📖 API docs: http://localhost:${this.port}/api`);
279
- console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
280
- console.log(`📊 Pure Data Provider - CIS Controls v8.1`);
281
- });
282
-
283
- // Graceful shutdown handling
284
- process.on('SIGTERM', () => {
285
- console.log('🔄 Received SIGTERM, shutting down gracefully...');
286
- process.exit(0);
287
- });
288
-
289
- process.on('SIGINT', () => {
290
- console.log('🔄 Received SIGINT, shutting down gracefully...');
291
- process.exit(0);
292
- });
293
- }
294
- }
295
-
296
- // Start server if this file is run directly
297
- if (import.meta.url === `file://${process.argv[1]}`) {
298
- const port = parseInt(process.env.PORT || '8080', 10);
299
- const server = new FrameworkHttpServer(port);
300
- server.start();
301
- }
@@ -1,165 +0,0 @@
1
- #!/usr/bin/env node
2
-
3
- import { Server } from '@modelcontextprotocol/sdk/server/index.js';
4
- import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
5
- import {
6
- CallToolRequestSchema,
7
- ListToolsRequestSchema,
8
- Tool,
9
- } from '@modelcontextprotocol/sdk/types.js';
10
-
11
- import { SafeguardManager } from '../../core/safeguard-manager.js';
12
-
13
- export class FrameworkMcpServer {
14
- private server: Server;
15
- private safeguardManager: SafeguardManager;
16
-
17
- constructor() {
18
- this.server = new Server(
19
- {
20
- name: 'framework-analyzer',
21
- version: '2.4.6',
22
- }
23
- );
24
-
25
- this.safeguardManager = new SafeguardManager();
26
-
27
- this.setupHandlers();
28
- }
29
-
30
- private setupHandlers(): void {
31
- // List available tools
32
- this.server.setRequestHandler(ListToolsRequestSchema, async () => {
33
- return {
34
- tools: [
35
- {
36
- name: 'get_safeguard_details',
37
- description: 'Get detailed safeguard breakdown',
38
- inputSchema: {
39
- type: 'object',
40
- properties: {
41
- safeguard_id: {
42
- type: 'string',
43
- description: 'CIS safeguard ID (e.g., "1.1", "5.1")'
44
- },
45
- include_examples: {
46
- type: 'boolean',
47
- description: 'Include implementation examples (default: false)'
48
- }
49
- },
50
- required: ['safeguard_id']
51
- }
52
- } as Tool,
53
- {
54
- name: 'list_available_safeguards',
55
- description: 'List all available CIS safeguards',
56
- inputSchema: {
57
- type: 'object',
58
- properties: {},
59
- additionalProperties: false
60
- }
61
- } as Tool,
62
- ],
63
- };
64
- });
65
-
66
- // Handle tool calls
67
- this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
68
- const { name, arguments: args } = request.params;
69
-
70
- try {
71
- switch (name) {
72
- case 'get_safeguard_details':
73
- return await this.getSafeguardDetails(args);
74
-
75
- case 'list_available_safeguards':
76
- return await this.listAvailableSafeguards();
77
-
78
- default:
79
- throw new Error(`Unknown tool: ${name}`);
80
- }
81
- } catch (error) {
82
- const errorMessage = this.formatErrorMessage(error, name);
83
- console.error(`[Framework MCP] Tool execution error: ${name}`, error);
84
-
85
- return {
86
- content: [
87
- {
88
- type: 'text',
89
- text: JSON.stringify({
90
- error: errorMessage,
91
- timestamp: new Date().toISOString()
92
- }, null, 2),
93
- },
94
- ],
95
- };
96
- }
97
- });
98
- }
99
-
100
-
101
- private async getSafeguardDetails(args: any) {
102
- const { safeguard_id, include_examples = false } = args;
103
-
104
- this.safeguardManager.validateSafeguardId(safeguard_id);
105
-
106
- const safeguard = this.safeguardManager.getSafeguardDetails(safeguard_id, include_examples);
107
- if (!safeguard) {
108
- throw new Error(`Safeguard ${safeguard_id} not found`);
109
- }
110
-
111
- return {
112
- content: [
113
- {
114
- type: 'text',
115
- text: JSON.stringify(safeguard, null, 2),
116
- },
117
- ],
118
- };
119
- }
120
-
121
- private async listAvailableSafeguards() {
122
- const safeguards = this.safeguardManager.listAvailableSafeguards();
123
-
124
- return {
125
- content: [
126
- {
127
- type: 'text',
128
- text: JSON.stringify({
129
- safeguards,
130
- total: safeguards.length,
131
- framework: 'CIS Controls v8.1',
132
- version: '2.4.6'
133
- }, null, 2),
134
- },
135
- ],
136
- };
137
- }
138
-
139
- private formatErrorMessage(error: unknown, toolName: string): string {
140
- if (error instanceof Error) {
141
- // Provide helpful guidance for common errors
142
- if (error.message.includes('Safeguard') && error.message.includes('not found')) {
143
- return `${error.message}. Use list_available_safeguards to see all available options.`;
144
- }
145
-
146
- return error.message;
147
- }
148
-
149
- return `Unknown error in tool ${toolName}`;
150
- }
151
-
152
- public async run(): Promise<void> {
153
- const transport = new StdioServerTransport();
154
- await this.server.connect(transport);
155
-
156
- console.error('🤖 Framework MCP Server v2.4.6 running via stdio');
157
- console.error('📊 Pure Data Provider for CIS Controls v8.1');
158
- }
159
- }
160
-
161
- // Start server if this file is run directly
162
- if (import.meta.url === `file://${process.argv[1]}`) {
163
- const server = new FrameworkMcpServer();
164
- server.run().catch(console.error);
165
- }