framework-mcp 2.4.6 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +35 -10
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +164 -7066
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js.map +1 -1
- package/dist/interfaces/http/http-server.d.ts.map +1 -1
- package/dist/interfaces/http/http-server.js +6 -40
- package/dist/interfaces/http/http-server.js.map +1 -1
- package/dist/interfaces/mcp/mcp-server.js +3 -3
- package/dist/shared/types.d.ts +49 -60
- package/dist/shared/types.d.ts.map +1 -1
- package/dist/shared/types.js.map +1 -1
- package/package.json +9 -3
- package/swagger.json +10 -133
- package/.claude/agents/mcp-developer.md +0 -41
- package/.claude/agents/project-orchestrator.md +0 -43
- package/.claude/agents/version-consistency-reviewer.md +0 -50
- package/.claude/commands/speckit.analyze.md +0 -184
- package/.claude/commands/speckit.checklist.md +0 -294
- package/.claude/commands/speckit.clarify.md +0 -181
- package/.claude/commands/speckit.constitution.md +0 -82
- package/.claude/commands/speckit.implement.md +0 -135
- package/.claude/commands/speckit.plan.md +0 -89
- package/.claude/commands/speckit.specify.md +0 -258
- package/.claude/commands/speckit.tasks.md +0 -137
- package/.claude/commands/speckit.taskstoissues.md +0 -30
- package/.claude/config.json +0 -11
- package/.claude_config.json +0 -11
- package/.do/app.yaml +0 -78
- package/.github/dependabot.yml +0 -15
- package/.github/workflows/ci.yml +0 -90
- package/.github/workflows/release.yml +0 -30
- package/.mcp.json +0 -11
- package/.specify/memory/constitution.md +0 -50
- package/.specify/scripts/bash/check-prerequisites.sh +0 -166
- package/.specify/scripts/bash/common.sh +0 -156
- package/.specify/scripts/bash/create-new-feature.sh +0 -297
- package/.specify/scripts/bash/setup-plan.sh +0 -61
- package/.specify/scripts/bash/update-agent-context.sh +0 -799
- package/.specify/templates/agent-file-template.md +0 -28
- package/.specify/templates/checklist-template.md +0 -40
- package/.specify/templates/plan-template.md +0 -104
- package/.specify/templates/spec-template.md +0 -115
- package/.specify/templates/tasks-template.md +0 -251
- package/examples/example-usage.md +0 -293
- package/examples/llm-analysis-patterns.md +0 -553
- package/examples/vendors.csv +0 -9
- package/examples/vendors.json +0 -32
- package/scripts/standardize-prompts.js +0 -325
- package/scripts/validate-capability-prompts.js +0 -110
- package/scripts/validate-documentation.sh +0 -150
- package/src/core/safeguard-manager.ts +0 -16891
- package/src/index.ts +0 -17
- package/src/interfaces/http/http-server.ts +0 -301
- package/src/interfaces/mcp/mcp-server.ts +0 -165
- package/src/shared/types.ts +0 -337
- package/tsconfig.json +0 -23
package/src/shared/types.ts
DELETED
|
@@ -1,337 +0,0 @@
|
|
|
1
|
-
// Shared TypeScript types for dual architecture
|
|
2
|
-
|
|
3
|
-
// Enhanced relationship type system
|
|
4
|
-
export type RelationshipType =
|
|
5
|
-
| 'dependency' // Must be implemented for this to work
|
|
6
|
-
| 'prerequisite' // Should be implemented first
|
|
7
|
-
| 'complement' // Work together synergistically
|
|
8
|
-
| 'supports' // Enhanced by this safeguard
|
|
9
|
-
| 'validates' // Provides evidence/validation
|
|
10
|
-
| 'governance' // Provides oversight/policy
|
|
11
|
-
| 'sequence'; // Part of logical implementation sequence
|
|
12
|
-
|
|
13
|
-
export type RelationshipStrength =
|
|
14
|
-
| 'critical' // Essential relationship
|
|
15
|
-
| 'strong' // Important relationship
|
|
16
|
-
| 'moderate' // Useful relationship
|
|
17
|
-
| 'weak'; // Minor relationship
|
|
18
|
-
|
|
19
|
-
export interface SafeguardRelationship {
|
|
20
|
-
id: string; // Target safeguard ID
|
|
21
|
-
type: RelationshipType; // Why they're related
|
|
22
|
-
strength: RelationshipStrength; // How important the relationship is
|
|
23
|
-
context: string; // Brief human-readable explanation
|
|
24
|
-
bidirectional: boolean; // Whether reverse relationship exists
|
|
25
|
-
controlGroup?: string; // Optional CIS Control grouping
|
|
26
|
-
}
|
|
27
|
-
|
|
28
|
-
export interface SafeguardElement {
|
|
29
|
-
id: string;
|
|
30
|
-
title: string;
|
|
31
|
-
description: string;
|
|
32
|
-
implementationGroup: 'IG1' | 'IG2' | 'IG3';
|
|
33
|
-
assetType: string[];
|
|
34
|
-
securityFunction: string[];
|
|
35
|
-
// Color-coded elements from the CIS visualizations
|
|
36
|
-
governanceElements: string[]; // Orange - MUST be met
|
|
37
|
-
coreRequirements: string[]; // Green - The "what" of the safeguard
|
|
38
|
-
subTaxonomicalElements: string[]; // Yellow - Sub-taxonomical elements
|
|
39
|
-
implementationSuggestions: string[]; // Gray - Suggestions for implementation
|
|
40
|
-
|
|
41
|
-
// Backward compatibility - existing consumers still get string[]
|
|
42
|
-
relatedSafeguards: string[];
|
|
43
|
-
|
|
44
|
-
// Enhanced relationships - new optional field for rich relationship data
|
|
45
|
-
enhancedRelationships?: SafeguardRelationship[];
|
|
46
|
-
|
|
47
|
-
// Capability-specific system prompts for different evaluation levels
|
|
48
|
-
systemPromptFull?: {
|
|
49
|
-
role: string; // e.g., "asset_inventory_expert", "access_control_specialist"
|
|
50
|
-
context: string; // Brief context about the safeguard for AI understanding
|
|
51
|
-
objective: string; // What the AI should accomplish
|
|
52
|
-
guidelines: string[]; // Specific evaluation criteria and methods
|
|
53
|
-
outputFormat: string; // Expected response structure for n8n processing
|
|
54
|
-
};
|
|
55
|
-
systemPromptPartial?: {
|
|
56
|
-
role: string;
|
|
57
|
-
context: string;
|
|
58
|
-
objective: string;
|
|
59
|
-
guidelines: string[];
|
|
60
|
-
outputFormat: string;
|
|
61
|
-
};
|
|
62
|
-
systemPromptFacilitates?: {
|
|
63
|
-
role: string;
|
|
64
|
-
context: string;
|
|
65
|
-
objective: string;
|
|
66
|
-
guidelines: string[];
|
|
67
|
-
outputFormat: string;
|
|
68
|
-
};
|
|
69
|
-
systemPromptGovernance?: {
|
|
70
|
-
role: string;
|
|
71
|
-
context: string;
|
|
72
|
-
objective: string;
|
|
73
|
-
guidelines: string[];
|
|
74
|
-
outputFormat: string;
|
|
75
|
-
};
|
|
76
|
-
systemPromptValidates?: {
|
|
77
|
-
role: string;
|
|
78
|
-
context: string;
|
|
79
|
-
objective: string;
|
|
80
|
-
guidelines: string[];
|
|
81
|
-
outputFormat: string;
|
|
82
|
-
};
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
export interface VendorAnalysis {
|
|
86
|
-
vendor: string;
|
|
87
|
-
safeguardId: string;
|
|
88
|
-
safeguardTitle: string;
|
|
89
|
-
// Primary capability categorization - what role does this tool play?
|
|
90
|
-
capability: 'full' | 'partial' | 'facilitates' | 'governance' | 'validates';
|
|
91
|
-
// Detailed capability breakdown
|
|
92
|
-
capabilities: {
|
|
93
|
-
full: boolean; // Directly implements the core safeguard functionality
|
|
94
|
-
partial: boolean; // Implements limited aspects of the safeguard
|
|
95
|
-
facilitates: boolean; // Enhances or enables safeguard implementation by others
|
|
96
|
-
governance: boolean; // Provides policy, process, and oversight capabilities
|
|
97
|
-
validates: boolean; // Provides evidence, audit, and validation reporting
|
|
98
|
-
};
|
|
99
|
-
confidence: number;
|
|
100
|
-
reasoning: string;
|
|
101
|
-
evidence: string[];
|
|
102
|
-
// Capability-focused descriptions (replaces element coverage scoring)
|
|
103
|
-
toolCapabilityDescription: string; // What type of tool this is and its role
|
|
104
|
-
recommendedUse: string; // How practitioners should use this tool
|
|
105
|
-
}
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
export interface PerformanceMetrics {
|
|
109
|
-
uptime: number;
|
|
110
|
-
totalRequests: number;
|
|
111
|
-
errorCount: number;
|
|
112
|
-
requestCounts: Map<string, number>;
|
|
113
|
-
executionTimes: Map<string, number[]>;
|
|
114
|
-
lastStatsLog: number;
|
|
115
|
-
}
|
|
116
|
-
|
|
117
|
-
export interface CacheEntry<T> {
|
|
118
|
-
data: T;
|
|
119
|
-
timestamp: number;
|
|
120
|
-
}
|
|
121
|
-
|
|
122
|
-
export interface QualityAssessment {
|
|
123
|
-
quality: 'excellent' | 'good' | 'fair' | 'poor';
|
|
124
|
-
confidence: number;
|
|
125
|
-
evidence: string[];
|
|
126
|
-
gaps: string[];
|
|
127
|
-
}
|
|
128
|
-
|
|
129
|
-
export type CapabilityType = 'full' | 'partial' | 'facilitates' | 'governance' | 'validates';
|
|
130
|
-
|
|
131
|
-
// Utility functions for enhanced relationship system
|
|
132
|
-
|
|
133
|
-
/**
|
|
134
|
-
* Converts SafeguardRelationship[] to string[] for backward compatibility
|
|
135
|
-
*/
|
|
136
|
-
export function relationshipsToStringArray(relationships: SafeguardRelationship[]): string[] {
|
|
137
|
-
return relationships.map(rel => rel.id);
|
|
138
|
-
}
|
|
139
|
-
|
|
140
|
-
/**
|
|
141
|
-
* Converts string[] to basic SafeguardRelationship[] (when migrating legacy data)
|
|
142
|
-
*/
|
|
143
|
-
export function stringArrayToRelationships(
|
|
144
|
-
ids: string[],
|
|
145
|
-
defaultType: RelationshipType = 'supports',
|
|
146
|
-
defaultStrength: RelationshipStrength = 'moderate'
|
|
147
|
-
): SafeguardRelationship[] {
|
|
148
|
-
return ids.map(id => ({
|
|
149
|
-
id,
|
|
150
|
-
type: defaultType,
|
|
151
|
-
strength: defaultStrength,
|
|
152
|
-
context: `Legacy relationship to ${id}`,
|
|
153
|
-
bidirectional: false
|
|
154
|
-
}));
|
|
155
|
-
}
|
|
156
|
-
|
|
157
|
-
/**
|
|
158
|
-
* Validates that all referenced safeguard IDs exist in the provided set
|
|
159
|
-
*/
|
|
160
|
-
export function validateSafeguardReferences(
|
|
161
|
-
relationships: SafeguardRelationship[],
|
|
162
|
-
validSafeguardIds: Set<string>
|
|
163
|
-
): ValidationResult {
|
|
164
|
-
const invalidIds: string[] = [];
|
|
165
|
-
|
|
166
|
-
for (const rel of relationships) {
|
|
167
|
-
if (!validSafeguardIds.has(rel.id)) {
|
|
168
|
-
invalidIds.push(rel.id);
|
|
169
|
-
}
|
|
170
|
-
}
|
|
171
|
-
|
|
172
|
-
return {
|
|
173
|
-
isValid: invalidIds.length === 0,
|
|
174
|
-
errors: invalidIds.map(id => `Invalid safeguard ID reference: ${id}`)
|
|
175
|
-
};
|
|
176
|
-
}
|
|
177
|
-
|
|
178
|
-
/**
|
|
179
|
-
* Validates bidirectional relationship consistency
|
|
180
|
-
* Returns relationships that claim to be bidirectional but lack reverse relationships
|
|
181
|
-
*/
|
|
182
|
-
export function validateBidirectionalConsistency(
|
|
183
|
-
safeguardId: string,
|
|
184
|
-
relationships: SafeguardRelationship[],
|
|
185
|
-
allSafeguards: Map<string, SafeguardElement>
|
|
186
|
-
): ValidationResult {
|
|
187
|
-
const errors: string[] = [];
|
|
188
|
-
|
|
189
|
-
for (const rel of relationships) {
|
|
190
|
-
if (rel.bidirectional) {
|
|
191
|
-
const targetSafeguard = allSafeguards.get(rel.id);
|
|
192
|
-
if (!targetSafeguard?.enhancedRelationships) {
|
|
193
|
-
errors.push(`Bidirectional relationship with ${rel.id} but target has no enhanced relationships`);
|
|
194
|
-
continue;
|
|
195
|
-
}
|
|
196
|
-
|
|
197
|
-
const reverseRelExists = targetSafeguard.enhancedRelationships.some(
|
|
198
|
-
reverseRel => reverseRel.id === safeguardId && reverseRel.bidirectional
|
|
199
|
-
);
|
|
200
|
-
|
|
201
|
-
if (!reverseRelExists) {
|
|
202
|
-
errors.push(`Bidirectional relationship with ${rel.id} but no reverse relationship found`);
|
|
203
|
-
}
|
|
204
|
-
}
|
|
205
|
-
}
|
|
206
|
-
|
|
207
|
-
return {
|
|
208
|
-
isValid: errors.length === 0,
|
|
209
|
-
errors
|
|
210
|
-
};
|
|
211
|
-
}
|
|
212
|
-
|
|
213
|
-
/**
|
|
214
|
-
* Validates relationship data integrity for a single safeguard
|
|
215
|
-
*/
|
|
216
|
-
export function validateSafeguardRelationships(
|
|
217
|
-
safeguard: SafeguardElement,
|
|
218
|
-
allSafeguards: Map<string, SafeguardElement>
|
|
219
|
-
): ValidationResult {
|
|
220
|
-
const errors: string[] = [];
|
|
221
|
-
|
|
222
|
-
if (!safeguard.enhancedRelationships) {
|
|
223
|
-
// Only validate basic string array consistency
|
|
224
|
-
if (safeguard.relatedSafeguards.length === 0) {
|
|
225
|
-
return { isValid: true, errors: [] };
|
|
226
|
-
}
|
|
227
|
-
|
|
228
|
-
const validIds = new Set(allSafeguards.keys());
|
|
229
|
-
const invalidBasicRefs = safeguard.relatedSafeguards.filter(id => !validIds.has(id));
|
|
230
|
-
if (invalidBasicRefs.length > 0) {
|
|
231
|
-
errors.push(...invalidBasicRefs.map(id => `Invalid basic reference: ${id}`));
|
|
232
|
-
}
|
|
233
|
-
} else {
|
|
234
|
-
// Validate enhanced relationships
|
|
235
|
-
const validIds = new Set(allSafeguards.keys());
|
|
236
|
-
const refValidation = validateSafeguardReferences(safeguard.enhancedRelationships, validIds);
|
|
237
|
-
errors.push(...refValidation.errors);
|
|
238
|
-
|
|
239
|
-
const bidirValidation = validateBidirectionalConsistency(
|
|
240
|
-
safeguard.id,
|
|
241
|
-
safeguard.enhancedRelationships,
|
|
242
|
-
allSafeguards
|
|
243
|
-
);
|
|
244
|
-
errors.push(...bidirValidation.errors);
|
|
245
|
-
|
|
246
|
-
// Validate consistency between legacy and enhanced relationships
|
|
247
|
-
const enhancedIds = new Set(relationshipsToStringArray(safeguard.enhancedRelationships));
|
|
248
|
-
const legacyIds = new Set(safeguard.relatedSafeguards);
|
|
249
|
-
|
|
250
|
-
// Check if legacy array matches enhanced relationships
|
|
251
|
-
if (enhancedIds.size !== legacyIds.size ||
|
|
252
|
-
!Array.from(enhancedIds).every(id => legacyIds.has(id))) {
|
|
253
|
-
errors.push('Mismatch between relatedSafeguards and enhancedRelationships arrays');
|
|
254
|
-
}
|
|
255
|
-
}
|
|
256
|
-
|
|
257
|
-
return {
|
|
258
|
-
isValid: errors.length === 0,
|
|
259
|
-
errors
|
|
260
|
-
};
|
|
261
|
-
}
|
|
262
|
-
|
|
263
|
-
/**
|
|
264
|
-
* Finds potential circular dependencies in relationships
|
|
265
|
-
*/
|
|
266
|
-
export function detectCircularDependencies(
|
|
267
|
-
allSafeguards: Map<string, SafeguardElement>
|
|
268
|
-
): ValidationResult {
|
|
269
|
-
const errors: string[] = [];
|
|
270
|
-
const visited = new Set<string>();
|
|
271
|
-
const recursionStack = new Set<string>();
|
|
272
|
-
|
|
273
|
-
function dfs(safeguardId: string, path: string[]): void {
|
|
274
|
-
if (recursionStack.has(safeguardId)) {
|
|
275
|
-
errors.push(`Circular dependency detected: ${[...path, safeguardId].join(' -> ')}`);
|
|
276
|
-
return;
|
|
277
|
-
}
|
|
278
|
-
|
|
279
|
-
if (visited.has(safeguardId)) {
|
|
280
|
-
return;
|
|
281
|
-
}
|
|
282
|
-
|
|
283
|
-
visited.add(safeguardId);
|
|
284
|
-
recursionStack.add(safeguardId);
|
|
285
|
-
|
|
286
|
-
const safeguard = allSafeguards.get(safeguardId);
|
|
287
|
-
if (safeguard?.enhancedRelationships) {
|
|
288
|
-
const dependencies = safeguard.enhancedRelationships.filter(
|
|
289
|
-
rel => rel.type === 'dependency' || rel.type === 'prerequisite'
|
|
290
|
-
);
|
|
291
|
-
|
|
292
|
-
for (const dep of dependencies) {
|
|
293
|
-
dfs(dep.id, [...path, safeguardId]);
|
|
294
|
-
}
|
|
295
|
-
}
|
|
296
|
-
|
|
297
|
-
recursionStack.delete(safeguardId);
|
|
298
|
-
}
|
|
299
|
-
|
|
300
|
-
// Check all safeguards for circular dependencies
|
|
301
|
-
for (const safeguardId of allSafeguards.keys()) {
|
|
302
|
-
if (!visited.has(safeguardId)) {
|
|
303
|
-
dfs(safeguardId, []);
|
|
304
|
-
}
|
|
305
|
-
}
|
|
306
|
-
|
|
307
|
-
return {
|
|
308
|
-
isValid: errors.length === 0,
|
|
309
|
-
errors
|
|
310
|
-
};
|
|
311
|
-
}
|
|
312
|
-
|
|
313
|
-
export interface ValidationResult {
|
|
314
|
-
isValid: boolean;
|
|
315
|
-
errors: string[];
|
|
316
|
-
}
|
|
317
|
-
|
|
318
|
-
// Rate Limiting Types
|
|
319
|
-
|
|
320
|
-
/**
|
|
321
|
-
* Configuration for rate limiting middleware
|
|
322
|
-
*/
|
|
323
|
-
export interface RateLimitConfig {
|
|
324
|
-
windowMs: number; // Time window in milliseconds
|
|
325
|
-
max: number; // Maximum requests per window
|
|
326
|
-
skipIps?: string[]; // IP addresses to exempt from rate limiting
|
|
327
|
-
}
|
|
328
|
-
|
|
329
|
-
/**
|
|
330
|
-
* Error response returned when rate limit is exceeded
|
|
331
|
-
*/
|
|
332
|
-
export interface RateLimitErrorResponse {
|
|
333
|
-
error: string; // Error message
|
|
334
|
-
retryAfter?: number; // Seconds until rate limit resets
|
|
335
|
-
timestamp: string; // ISO 8601 timestamp
|
|
336
|
-
}
|
|
337
|
-
|
package/tsconfig.json
DELETED
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"compilerOptions": {
|
|
3
|
-
"target": "ES2020",
|
|
4
|
-
"module": "ES2020",
|
|
5
|
-
"moduleResolution": "node",
|
|
6
|
-
"outDir": "./dist",
|
|
7
|
-
"rootDir": "./src",
|
|
8
|
-
"strict": true,
|
|
9
|
-
"esModuleInterop": true,
|
|
10
|
-
"skipLibCheck": true,
|
|
11
|
-
"forceConsistentCasingInFileNames": true,
|
|
12
|
-
"declaration": true,
|
|
13
|
-
"declarationMap": true,
|
|
14
|
-
"sourceMap": true
|
|
15
|
-
},
|
|
16
|
-
"include": [
|
|
17
|
-
"src/**/*"
|
|
18
|
-
],
|
|
19
|
-
"exclude": [
|
|
20
|
-
"node_modules",
|
|
21
|
-
"dist"
|
|
22
|
-
]
|
|
23
|
-
}
|