icdev 1.0.0__py3-none-any.whl

icdev/tools/mcp/tool_registry.py

@@ -0,0 +1,2008 @@
+#!/usr/bin/env python3
+# CUI // SP-CTI
+"""Declarative tool registry for the Unified MCP Gateway Server (D301).
+
+Maps tool name -> (module, handler, schema) for all ICDEV tools.
+Used by unified_server.py for lazy-loaded handler dispatch.
+
+Auto-generated by generate_registry.py, manually completed for servers
+that use non-standard instantiation patterns (gateway, context, innovation,
+observability).
+
+Categories:
+    core (5)
+    compliance (36)
+    builder (13)
+    infra (6)
+    knowledge (5)
+    maintenance (4)
+    mbse (10)
+    modernization (10)
+    requirements (10)
+    supply_chain (9)
+    simulation (8)
+    integration (10)
+    marketplace (11)
+    devsecops (12)
+    gateway (5)
+    context (5)
+    innovation (10)
+    observability (6)
+    translation (9)
+    dx (5)
+    cloud (5)
+    registry (9)
+    security_agentic (9)
+    testing (6)
+    installer (4)
+    misc (8)
+
+Total: 230 tools, 6 resources
+"""
+
+
+TOOL_REGISTRY = {
+    # ============================================================
+    # CORE (5 tools)
+    # ============================================================
+    "project_create": {
+        "category": "core",
+        "module": "icdev.tools.mcp.core_server",
+        "handler": "handle_project_create",
+        "description": "Create a new ICDEV project with UUID, directory scaffolding, database record, and audit trail entry.",
+        "input_schema": {"type": "object", "properties": {"name": {"type": "string", "description": "Project name (human-readable)"}, "description": {"type": "string", "description": "Project description"}, "type": {"type": "string", "description": "Project type", "enum": ["webapp", "microservice", "api", "cli", "data_pipeline", "iac"], "default": "webapp"}, "classification": {"type": "string", "description": "Data classification level", "enum": ["CUI", "FOUO", "Public"], "default": "CUI"}, "tech_stack": {"type": "object", "description": "Technology stack (backend, frontend, database)", "properties": {"backend": {"type": "string"}, "frontend": {"type": "string"}, "database": {"type": "string"}}}}, "required": ["name"]},
+    },
+    "project_list": {
+        "category": "core",
+        "module": "icdev.tools.mcp.core_server",
+        "handler": "handle_project_list",
+        "description": "List all ICDEV projects from the database, optionally filtered by status.",
+        "input_schema": {"type": "object", "properties": {"status_filter": {"type": "string", "description": "Filter by project status (active, archived, suspended)", "enum": ["active", "archived", "suspended"]}}},
+    },
+    "project_status": {
+        "category": "core",
+        "module": "icdev.tools.mcp.core_server",
+        "handler": "handle_project_status",
+        "description": "Get detailed project status including compliance (SSP, POA&M, STIG), security (scans, vulnerabilities, SBOM), deployment (per environment), and test (pass rate, coverage) summaries.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}}, "required": ["project_id"]},
+    },
+    "task_dispatch": {
+        "category": "core",
+        "module": "icdev.tools.mcp.core_server",
+        "handler": "handle_task_dispatch",
+        "description": "Create an A2A (Agent-to-Agent) task record to dispatch work to another agent.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project (optional)"}, "target_agent_id": {"type": "string", "description": "ID of the target agent to receive the task"}, "skill_id": {"type": "string", "description": "Skill identifier the target agent should execute"}, "input_data": {"type": "object", "description": "Input data for the task"}, "priority": {"type": "integer", "description": "Task priority (1=highest, 10=lowest)", "minimum": 1, "maximum": 10, "default": 5}}, "required": ["skill_id"]},
+    },
+    "agent_status": {
+        "category": "core",
+        "module": "icdev.tools.mcp.core_server",
+        "handler": "handle_agent_status",
+        "description": "Get the status of registered A2A agents, including active task counts.",
+        "input_schema": {"type": "object", "properties": {"agent_id": {"type": "string", "description": "Specific agent ID to query (omit for all agents)"}}},
+    },
+    # ============================================================
+    # COMPLIANCE (31 tools)
+    # ============================================================
+    "nist_lookup": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_nist_lookup",
+        "description": "Look up NIST 800-53 Rev 5 security controls by control ID (e.g., AC-2) or list all controls in a family (e.g., AC, AU, SA).",
+        "input_schema": {"type": "object", "properties": {"control_id": {"type": "string", "description": "Control ID to look up (e.g., AC-2, SA-11)"}, "family": {"type": "string", "description": "Family code to list all controls (e.g., AC, AU, CM, IA, SA, SC)"}}},
+    },
+    "ssp_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_ssp_generate",
+        "description": "Generate a System Security Plan (SSP) document for a project with all 17 sections per NIST 800-53. Includes CUI markings.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory for SSP document (optional)"}}, "required": ["project_id"]},
+    },
+    "poam_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_poam_generate",
+        "description": "Generate a Plan of Action & Milestones (POA&M) document from security scan findings with corrective actions and milestones.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory for POA&M (optional)"}}, "required": ["project_id"]},
+    },
+    "stig_check": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_stig_check",
+        "description": "Run STIG compliance checks against a project. Returns findings categorized as CAT1 (critical), CAT2 (high), CAT3 (medium).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "stig_profile": {"type": "string", "description": "STIG profile to check against", "enum": ["webapp", "container", "database", "linux", "network"], "default": "webapp"}}, "required": ["project_id"]},
+    },
+    "sbom_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_sbom_generate",
+        "description": "Generate a Software Bill of Materials (SBOM) in CycloneDX format. Lists all dependencies with versions and known vulnerabilities.",
+        "input_schema": {"type": "object", "properties": {"project_dir": {"type": "string", "description": "Path to the project directory"}, "project_id": {"type": "string", "description": "UUID of the project (optional, for DB recording)"}}, "required": ["project_dir"]},
+    },
+    "cui_mark": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_cui_mark",
+        "description": "Apply CUI (Controlled Unclassified Information) markings to a file or content string. Adds CUI // SP-CTI banners and designation indicators.",
+        "input_schema": {"type": "object", "properties": {"file_path": {"type": "string", "description": "Path to file to mark with CUI banners"}, "content": {"type": "string", "description": "Content string to mark (alternative to file_path)"}, "marking": {"type": "string", "description": "CUI marking text", "default": "CUI // SP-CTI"}}},
+    },
+    "control_map": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_control_map",
+        "description": "Map a project activity (e.g., code.commit, test.execute, deploy) to relevant NIST 800-53 controls. Records the mapping in the database.",
+        "input_schema": {"type": "object", "properties": {"activity": {"type": "string", "description": "Activity type (e.g., code.commit, test.execute, security.scan, deploy.staging)"}, "project_id": {"type": "string", "description": "UUID of the project (optional)"}}, "required": ["activity"]},
+    },
+    "cssp_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_cssp_assess",
+        "description": "Run CSSP assessment per DoD Instruction 8530.01 against a project. Evaluates 5 functional areas: Identify, Protect, Detect, Respond, Sustain.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "functional_area": {"type": "string", "description": "Functional area to assess (default: all)", "enum": ["all", "Identify", "Protect", "Detect", "Respond", "Sustain"], "default": "all"}}, "required": ["project_id"]},
+    },
+    "cssp_report": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_cssp_report",
+        "description": "Generate a CSSP certification report with functional area scores, evidence summary, and certification recommendation.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory (optional)"}}, "required": ["project_id"]},
+    },
+    "cssp_ir_plan": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_cssp_ir_plan",
+        "description": "Generate an Incident Response Plan per CSSP SOC requirements with escalation timelines and SOC coordination procedures.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory (optional)"}}, "required": ["project_id"]},
+    },
+    "cssp_evidence": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_cssp_evidence",
+        "description": "Collect and index evidence artifacts for CSSP assessment. Scans project for compliance artifacts and maps them to CSSP requirements.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "project_dir": {"type": "string", "description": "Project directory path (optional)"}}, "required": ["project_id"]},
+    },
+    "xacta_sync": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_xacta_sync",
+        "description": "Sync project compliance data to Xacta 360 (system of record for CSSP/ATO). Supports API, export, and hybrid modes.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "mode": {"type": "string", "description": "Sync mode", "enum": ["api", "export", "hybrid"], "default": "hybrid"}}, "required": ["project_id"]},
+    },
+    "xacta_export": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_xacta_export",
+        "description": "Generate Xacta 360-compatible export files (OSCAL JSON or CSV) for batch import.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "format": {"type": "string", "description": "Export format", "enum": ["oscal", "csv", "all"], "default": "oscal"}}, "required": ["project_id"]},
+    },
+    "sbd_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_sbd_assess",
+        "description": "Run Secure by Design assessment per CISA commitments and DoDI 5000.87 across 14 security domains.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project to assess"}, "domain": {"type": "string", "enum": ["all", "Authentication", "Memory Safety", "Vulnerability Mgmt", "Intrusion Evidence", "Cryptography", "Access Control", "Input Handling", "Error Handling", "Supply Chain", "Threat Modeling", "Defense in Depth", "Secure Defaults", "CUI Compliance", "DoD Software Assurance"], "default": "all", "description": "Domain to assess (default: all)"}, "project_dir": {"type": "string", "description": "Project directory for file-based checks (optional)"}}, "required": ["project_id"]},
+    },
+    "sbd_report": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_sbd_report",
+        "description": "Generate a Secure by Design assessment report with domain scores and CISA commitment status.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory (optional)"}}, "required": ["project_id"]},
+    },
+    "ivv_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_ivv_assess",
+        "description": "Run IV&V assessment per IEEE 1012 across 9 process areas (verification + validation).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project to assess"}, "process_area": {"type": "string", "enum": ["all", "Requirements Verification", "Design Verification", "Code Verification", "Test Verification", "Integration Verification", "Traceability Analysis", "Security Verification", "Build/Deploy Verification", "Process Compliance"], "default": "all", "description": "Process area to assess (default: all)"}, "project_dir": {"type": "string", "description": "Project directory for file-based checks (optional)"}}, "required": ["project_id"]},
+    },
+    "ivv_report": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_ivv_report",
+        "description": "Generate an IV&V certification report with verification/validation scores and certification recommendation.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory (optional)"}}, "required": ["project_id"]},
+    },
+    "rtm_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_rtm_generate",
+        "description": "Generate a Requirements Traceability Matrix (RTM) linking requirements to design, code, and tests.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "project_dir": {"type": "string", "description": "Project directory to scan for artifacts"}}, "required": ["project_id"]},
+    },
+    "crosswalk_query": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_crosswalk_query",
+        "description": "Query control crosswalk engine for multi-framework mappings (NIST 800-53 ↔ FedRAMP ↔ 800-171 ↔ CMMC). Actions: frameworks_for_control, controls_for_framework, controls_for_impact_level, coverage, gap_analysis.",
+        "input_schema": {"type": "object", "properties": {"action": {"type": "string", "enum": ["frameworks_for_control", "controls_for_framework", "controls_for_impact_level", "coverage", "gap_analysis"], "default": "frameworks_for_control", "description": "Query action to perform"}, "control_id": {"type": "string", "description": "NIST 800-53 control ID (e.g., AC-2)"}, "framework": {"type": "string", "description": "Target framework (fedramp, cmmc, 800-171)"}, "baseline": {"type": "string", "description": "Framework baseline (moderate, high, l2, l3)"}, "project_id": {"type": "string", "description": "UUID of the project (for coverage/gap_analysis)"}, "impact_level": {"type": "string", "enum": ["IL4", "IL5", "IL6"], "description": "DoD Impact Level"}}},
+    },
+    "fedramp_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_fedramp_assess",
+        "description": "Run FedRAMP Moderate or High baseline security assessment against a project. Inherits NIST 800-53 implementations via crosswalk.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "baseline": {"type": "string", "enum": ["moderate", "high"], "default": "moderate", "description": "FedRAMP baseline to assess against"}, "project_dir": {"type": "string", "description": "Project directory for auto-checks (optional)"}}, "required": ["project_id"]},
+    },
+    "fedramp_report": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_fedramp_report",
+        "description": "Generate a FedRAMP assessment report with control family scores, gap analysis, and readiness score.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "baseline": {"type": "string", "enum": ["moderate", "high"], "default": "moderate"}, "output_path": {"type": "string", "description": "Output path for report (optional)"}}, "required": ["project_id"]},
+    },
+    "cmmc_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_cmmc_assess",
+        "description": "Run CMMC Level 2 or Level 3 assessment against a project. Evaluates practices across 14 domains.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "level": {"type": "integer", "enum": [2, 3], "default": 2, "description": "CMMC level to assess"}, "project_dir": {"type": "string", "description": "Project directory for auto-checks (optional)"}}, "required": ["project_id"]},
+    },
+    "cmmc_report": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_cmmc_report",
+        "description": "Generate a CMMC assessment report with domain scores, practice status, and NIST 800-171 cross-reference.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "level": {"type": "integer", "enum": [2, 3], "default": 2}, "output_path": {"type": "string", "description": "Output path for report (optional)"}}, "required": ["project_id"]},
+    },
+    "oscal_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_oscal_generate",
+        "description": "Generate NIST OSCAL 1.1.2 artifacts (SSP, POA&M, Assessment Results, Component Definition) in machine-readable format.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "artifact": {"type": "string", "enum": ["ssp", "poam", "assessment_results", "component_definition", "all"], "default": "ssp", "description": "OSCAL artifact type to generate"}, "format": {"type": "string", "enum": ["json", "xml", "yaml"], "default": "json", "description": "Output format"}}, "required": ["project_id"]},
+    },
+    "emass_sync": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_emass_sync",
+        "description": "Sync project compliance data to eMASS (DoD system of record). Supports API, export, and hybrid modes.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "mode": {"type": "string", "enum": ["api", "export", "hybrid"], "default": "hybrid", "description": "Sync mode: api (REST), export (CSV/files), hybrid (try API, fall back to export)"}}, "required": ["project_id"]},
+    },
+    "cato_monitor": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_cato_monitor",
+        "description": "Monitor continuous ATO (cATO) evidence freshness and readiness. Actions: readiness, check_freshness, auto_reassess, dashboard, expire.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "action": {"type": "string", "enum": ["readiness", "check_freshness", "auto_reassess", "dashboard", "expire"], "default": "readiness", "description": "Monitoring action to perform"}}, "required": ["project_id"]},
+    },
+    "pi_compliance": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_pi_compliance",
+        "description": "Track compliance across SAFe Program Increments (PIs). Actions: start, record, close, velocity, burndown, report.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "action": {"type": "string", "enum": ["start", "record", "close", "velocity", "burndown", "report"], "default": "velocity", "description": "PI tracking action"}, "pi_number": {"type": "string", "description": "PI identifier (e.g., PI-24.1)"}, "start_date": {"type": "string", "description": "PI start date (YYYY-MM-DD)"}, "end_date": {"type": "string", "description": "PI end date (YYYY-MM-DD)"}}, "required": ["project_id"]},
+    },
+    "classification_check": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_classification_check",
+        "description": "Validate project classification markings, get marking banners, or query impact level baselines.",
+        "input_schema": {"type": "object", "properties": {"action": {"type": "string", "enum": ["validate", "banner", "baseline", "profile"], "default": "validate", "description": "Classification action"}, "project_id": {"type": "string", "description": "UUID of the project (for validate)"}, "impact_level": {"type": "string", "enum": ["IL4", "IL5", "IL6"], "description": "Impact level (for baseline/profile)"}, "classification": {"type": "string", "description": "Classification level (for banner)"}}},
+    },
+    "fips199_categorize": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_fips199_categorize",
+        "description": "FIPS 199 security categorization using NIST SP 800-60 information types. Actions: categorize, add_type, remove_type, list_types, list_catalog, get, gate.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "action": {"type": "string", "enum": ["categorize", "add_type", "remove_type", "list_types", "list_catalog", "get", "gate"], "default": "categorize"}, "type_id": {"type": "string", "description": "SP 800-60 info type ID (e.g., D.1.1.1)"}, "method": {"type": "string", "enum": ["information_type", "manual", "cnssi_1253"], "default": "information_type"}, "manual_c": {"type": "string", "enum": ["Low", "Moderate", "High"]}, "manual_i": {"type": "string", "enum": ["Low", "Moderate", "High"]}, "manual_a": {"type": "string", "enum": ["Low", "Moderate", "High"]}, "adjust_c": {"type": "string", "enum": ["Low", "Moderate", "High"]}, "adjust_i": {"type": "string", "enum": ["Low", "Moderate", "High"]}, "adjust_a": {"type": "string", "enum": ["Low", "Moderate", "High"]}, "justification": {"type": "string"}, "category": {"type": "string", "description": "Catalog filter (D.1, D.2, D.3)"}}},
+    },
+    "fips200_validate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_fips200_validate",
+        "description": "Validate FIPS 200 minimum security requirements across all 17 areas.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "project_dir": {"type": "string"}, "gate": {"type": "boolean", "default": False}}, "required": ["project_id"]},
+    },
+    "security_categorize": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_security_categorize",
+        "description": "Full security categorization: FIPS 199 + FIPS 200 + baseline selection.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}}, "required": ["project_id"]},
+    },
+    "oscal_validate_deep": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_oscal_validate_deep",
+        "description": "Run 3-layer deep OSCAL validation: structural → pydantic → Metaschema. Each layer independently optional.",
+        "input_schema": {"type": "object", "properties": {"file_path": {"type": "string", "description": "Path to OSCAL JSON file"}, "project_id": {"type": "string", "description": "Project UUID (optional)"}}, "required": ["file_path"]},
+    },
+    "oscal_convert": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_oscal_convert",
+        "description": "Convert OSCAL artifact between JSON, XML, and YAML formats using oscal-cli.",
+        "input_schema": {"type": "object", "properties": {"input_path": {"type": "string", "description": "Path to input OSCAL file"}, "output_format": {"type": "string", "enum": ["json", "xml", "yaml"], "default": "xml"}, "output_path": {"type": "string", "description": "Output file path (optional)"}}, "required": ["input_path"]},
+    },
+    "oscal_resolve_profile": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_oscal_resolve_profile",
+        "description": "Flatten an OSCAL Profile into a resolved Catalog using oscal-cli profile resolution.",
+        "input_schema": {"type": "object", "properties": {"profile_path": {"type": "string", "description": "Path to OSCAL Profile JSON"}, "output_path": {"type": "string", "description": "Output path (optional)"}}, "required": ["profile_path"]},
+    },
+    "oscal_catalog_lookup": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_oscal_catalog_lookup",
+        "description": "Look up NIST 800-53 controls from official OSCAL catalog (1000+ controls) with ICDEV fallback.",
+        "input_schema": {"type": "object", "properties": {"control_id": {"type": "string", "description": "Control ID (e.g., AC-2)"}, "family": {"type": "string", "description": "Family code (e.g., AC, AU)"}}},
+    },
+    "oscal_detect_tools": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.compliance_server",
+        "handler": "handle_oscal_detect_tools",
+        "description": "Detect available OSCAL ecosystem tools (oscal-cli, oscal-pydantic, NIST catalog).",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    # ============================================================
+    # BUILDER (13 tools)
+    # ============================================================
+    "scaffold": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_scaffold",
+        "description": "Generate a project directory structure from templates. Includes CUI markings, README, compliance directory, Dockerfile, .gitignore, and test scaffolding.",
+        "input_schema": {"type": "object", "properties": {"name": {"type": "string", "description": "Project name"}, "type": {"type": "string", "description": "Project type (includes multi-language scaffolds)", "enum": ["webapp", "microservice", "api", "cli", "data_pipeline", "iac", "java-backend", "java-microservice", "go-backend", "go-microservice", "rust-backend", "csharp-backend", "csharp-api", "typescript-backend", "typescript-api"], "default": "webapp"}, "output_dir": {"type": "string", "description": "Output directory (optional, defaults to projects/)"}, "tech_stack": {"type": "object", "description": "Technology stack preferences", "properties": {"backend": {"type": "string"}, "frontend": {"type": "string"}, "database": {"type": "string"}}}}, "required": ["name"]},
+    },
+    "write_tests": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_write_tests",
+        "description": "Generate test files from a feature description (RED phase of TDD). Creates Gherkin BDD feature files and language-specific step definitions/unit tests.",
+        "input_schema": {"type": "object", "properties": {"feature": {"type": "string", "description": "Feature description to generate tests for"}, "project_dir": {"type": "string", "description": "Path to the project directory"}, "test_type": {"type": "string", "description": "Type of tests to generate", "enum": ["unit", "bdd", "both"], "default": "both"}, "language": {"type": "string", "description": "Target language for step definitions and unit tests", "enum": ["python", "java", "javascript", "typescript", "go", "rust", "csharp"], "default": "python"}}, "required": ["feature"]},
+    },
+    "generate_code": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_generate_code",
+        "description": "Generate implementation code to make failing tests pass (GREEN phase of TDD). Analyzes test file to determine required code. Supports 6 languages.",
+        "input_schema": {"type": "object", "properties": {"test_file": {"type": "string", "description": "Path to the failing test file"}, "project_dir": {"type": "string", "description": "Path to the project directory"}, "language": {"type": "string", "description": "Target language for generated code", "enum": ["python", "java", "javascript", "typescript", "go", "rust", "csharp"], "default": "python"}}, "required": ["test_file"]},
+    },
+    "run_tests": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_run_tests",
+        "description": "Execute the test suite using pytest (unit tests) and/or behave (BDD). Returns pass/fail status, output, and coverage data.",
+        "input_schema": {"type": "object", "properties": {"project_dir": {"type": "string", "description": "Path to the project directory"}, "test_type": {"type": "string", "description": "Which tests to run", "enum": ["unit", "bdd", "all"], "default": "all"}, "verbose": {"type": "boolean", "description": "Verbose output", "default": False}, "coverage": {"type": "boolean", "description": "Generate coverage report", "default": True}}, "required": ["project_dir"]},
+    },
+    "lint": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_lint",
+        "description": "Run linters on a project (multi-language: bandit, checkstyle, golangci-lint, clippy, dotnet analyzers, eslint).",
+        "input_schema": {"type": "object", "properties": {"project_dir": {"type": "string", "description": "Path to the project directory"}}, "required": ["project_dir"]},
+    },
+    "format": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_format",
+        "description": "Run code formatters on a project (multi-language: black, google-java-format, gofmt, rustfmt, dotnet-format, prettier).",
+        "input_schema": {"type": "object", "properties": {"project_dir": {"type": "string", "description": "Path to the project directory"}}, "required": ["project_dir"]},
+    },
+    "agentic_fitness": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_agentic_fitness",
+        "description": "Assess component fitness for agentic architecture. Scores across 6 dimensions (autonomy, statefulness, tool-density, collaboration, error-recovery, domain-complexity). Returns scorecard with overall_score and per-dimension ratings.",
+        "input_schema": {"type": "object", "properties": {"spec": {"type": "string", "description": "Application specification or description to assess"}, "project_id": {"type": "string", "description": "Project ID for tracking (optional)"}}, "required": ["spec"]},
+    },
+    "generate_blueprint": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_generate_blueprint",
+        "description": "Generate a deployment blueprint from a fitness scorecard. Produces agent topology, port assignments, MCP server config, goal selection, and infrastructure plan for the child application.",
+        "input_schema": {"type": "object", "properties": {"fitness_scorecard": {"type": "string", "description": "Path to the fitness scorecard JSON file"}, "user_decisions": {"type": "object", "description": "User decisions (cloud provider, MBSE, ATO, port offset, etc.)"}, "app_name": {"type": "string", "description": "Name of the child application"}, "cloud_provider": {"type": "string", "description": "Cloud provider", "enum": ["aws", "gcp", "azure", "oracle"], "default": "aws"}, "cloud_region": {"type": "string", "description": "Cloud region", "default": "us-gov-west-1"}, "impact_level": {"type": "string", "description": "Impact level", "enum": ["IL2", "IL4", "IL5", "IL6"], "default": "IL4"}, "output": {"type": "string", "description": "Output path for the blueprint JSON (optional)"}}, "required": ["fitness_scorecard", "app_name"]},
+    },
+    "generate_child_app": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_generate_child_app",
+        "description": "Generate a mini-ICDEV clone child application from a blueprint. Runs the 12-step generation pipeline: scaffold, agents, goals, tools, memory, DB, MCP, CLAUDE.md, CI/CD, compliance, Docker, K8s.",
+        "input_schema": {"type": "object", "properties": {"blueprint": {"type": "string", "description": "Path to the blueprint JSON file"}, "output": {"type": "string", "description": "Output directory for the generated application (optional)"}}, "required": ["blueprint"]},
+    },
+    "dev_profile_create": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_dev_profile_create",
+        "description": "Create a tenant/project development profile from a starter template or explicit data. Supports 6 starter templates (dod_baseline, fedramp_baseline, healthcare_baseline, financial_baseline, law_enforcement, startup). Profiles define coding standards, tooling preferences, and compliance requirements.",
+        "input_schema": {"type": "object", "properties": {"scope": {"type": "string", "description": "Profile scope level", "enum": ["platform", "tenant", "program", "project", "user"], "default": "project"}, "scope_id": {"type": "string", "description": "Scope entity ID (e.g., tenant-abc, proj-123)"}, "template": {"type": "string", "description": "Starter template name (e.g., dod_baseline, fedramp_baseline, startup)"}, "profile_data": {"type": "object", "description": "Explicit profile data (merged on top of template if both given)"}, "created_by": {"type": "string", "description": "Creator identity", "default": "mcp-client"}}, "required": ["scope_id"]},
+    },
+    "dev_profile_get": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_dev_profile_get",
+        "description": "Get the current active development profile for a scope. Returns all profile dimensions (language, style, testing, architecture, security, compliance, operations, documentation, git, ai).",
+        "input_schema": {"type": "object", "properties": {"scope": {"type": "string", "enum": ["platform", "tenant", "program", "project", "user"], "default": "project"}, "scope_id": {"type": "string", "description": "Scope entity ID"}, "version": {"type": "integer", "description": "Specific version number (omit for current)"}}, "required": ["scope_id"]},
+    },
+    "dev_profile_resolve": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_dev_profile_resolve",
+        "description": "Resolve the 5-layer cascade (platform -> tenant -> program -> project -> user) to produce the effective merged profile with provenance tracking. Shows which scope set each value and whether dimensions are locked.",
+        "input_schema": {"type": "object", "properties": {"scope": {"type": "string", "enum": ["platform", "tenant", "program", "project", "user"], "default": "project"}, "scope_id": {"type": "string", "description": "Scope entity ID to resolve from"}}, "required": ["scope_id"]},
+    },
+    "dev_profile_detect": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.builder_server",
+        "handler": "handle_dev_profile_detect",
+        "description": "Auto-detect development profile from an existing repository. Scans files, git history, CI/CD configs, and code patterns to suggest profile dimensions with confidence scores. Advisory only (D185) — requires explicit acceptance.",
+        "input_schema": {"type": "object", "properties": {"repo_path": {"type": "string", "description": "Path to repository to scan"}, "tenant_id": {"type": "string", "description": "Tenant ID (for storing detection results)"}, "project_id": {"type": "string", "description": "Project ID (for storing detection results)"}, "store": {"type": "boolean", "description": "Whether to store detection results in DB", "default": False}}, "required": ["repo_path"]},
+    },
+    # ============================================================
+    # INFRA (6 tools)
+    # ============================================================
+    "terraform_plan": {
+        "category": "infra",
+        "module": "icdev.tools.mcp.infra_server",
+        "handler": "handle_terraform_plan",
+        "description": "Generate Terraform configurations for AWS GovCloud deployment. Produces provider.tf, variables.tf, main.tf with VPC, ECR, and RDS modules.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory for Terraform files"}, "modules": {"type": "array", "description": "Terraform modules to generate", "items": {"type": "string", "enum": ["vpc", "ecr", "rds", "s3", "iam"]}, "default": ["vpc", "ecr", "rds"]}}, "required": ["project_id"]},
+    },
+    "terraform_apply": {
+        "category": "infra",
+        "module": "icdev.tools.mcp.infra_server",
+        "handler": "handle_terraform_apply",
+        "description": "Apply Terraform configurations. Requires explicit approval flag. In production, delegates to GitLab CI/CD pipeline.",
+        "input_schema": {"type": "object", "properties": {"terraform_dir": {"type": "string", "description": "Directory containing Terraform files"}, "approved": {"type": "boolean", "description": "Explicit approval to apply changes", "default": False}}, "required": ["terraform_dir"]},
+    },
+    "ansible_run": {
+        "category": "infra",
+        "module": "icdev.tools.mcp.infra_server",
+        "handler": "handle_ansible_run",
+        "description": "Generate Ansible playbooks for server configuration and application deployment.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory for Ansible files"}, "playbook_type": {"type": "string", "description": "Type of playbook to generate", "enum": ["deploy", "configure", "harden", "backup"], "default": "deploy"}}, "required": ["project_id"]},
+    },
+    "k8s_deploy": {
+        "category": "infra",
+        "module": "icdev.tools.mcp.infra_server",
+        "handler": "handle_k8s_deploy",
+        "description": "Generate Kubernetes manifests (Deployment, Service, ConfigMap, NetworkPolicy) for a project with security hardening.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory for K8s manifests"}, "environment": {"type": "string", "description": "Target environment", "enum": ["staging", "production"], "default": "staging"}}, "required": ["project_id"]},
+    },
+    "pipeline_generate": {
+        "category": "infra",
+        "module": "icdev.tools.mcp.infra_server",
+        "handler": "handle_pipeline_generate",
+        "description": "Generate a GitLab CI/CD pipeline (.gitlab-ci.yml) with 7 stages: lint, test, security-scan, build, compliance-check, deploy-staging, deploy-prod.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}, "output_dir": {"type": "string", "description": "Output directory for pipeline config"}, "stages": {"type": "array", "description": "Pipeline stages to include", "items": {"type": "string"}}}, "required": ["project_id"]},
+    },
+    "rollback": {
+        "category": "infra",
+        "module": "icdev.tools.mcp.infra_server",
+        "handler": "handle_rollback",
+        "description": "Rollback a deployment to a previous version. Records the rollback in audit trail and updates deployment status.",
+        "input_schema": {"type": "object", "properties": {"deployment_id": {"type": "string", "description": "ID of the deployment to rollback"}, "target_version": {"type": "string", "description": "Version to rollback to (optional, defaults to previous)"}, "reason": {"type": "string", "description": "Reason for rollback"}}, "required": ["deployment_id"]},
+    },
+    # ============================================================
+    # KNOWLEDGE (5 tools)
+    # ============================================================
+    "search_knowledge": {
+        "category": "knowledge",
+        "module": "icdev.tools.mcp.knowledge_server",
+        "handler": "handle_search_knowledge",
+        "description": "Search the ICDEV knowledge base for patterns, solutions, and best practices. Supports keyword search with optional pattern type filtering.",
+        "input_schema": {"type": "object", "properties": {"query": {"type": "string", "description": "Search query (keywords or error message)"}, "pattern_type": {"type": "string", "description": "Filter by pattern type", "enum": ["error", "performance", "security", "compliance", "deployment", "configuration"]}, "limit": {"type": "integer", "description": "Max results to return", "default": 10}}, "required": ["query"]},
+    },
+    "add_pattern": {
+        "category": "knowledge",
+        "module": "icdev.tools.mcp.knowledge_server",
+        "handler": "handle_add_pattern",
+        "description": "Add a new pattern to the knowledge base. Patterns capture common issues and their solutions for future self-healing.",
+        "input_schema": {"type": "object", "properties": {"name": {"type": "string", "description": "Pattern name (short, descriptive)"}, "pattern_type": {"type": "string", "description": "Pattern category", "enum": ["error", "performance", "security", "compliance", "deployment", "configuration"], "default": "error"}, "description": {"type": "string", "description": "Detailed description of the pattern"}, "detection_rule": {"type": "string", "description": "How to detect this pattern (regex, log pattern, metric threshold)"}, "solution": {"type": "string", "description": "How to resolve when this pattern is detected"}, "auto_healable": {"type": "boolean", "description": "Whether this can be auto-remediated", "default": False}, "confidence": {"type": "number", "description": "Confidence score 0.0-1.0", "default": 0.5}}, "required": ["name"]},
+    },
+    "get_recommendations": {
+        "category": "knowledge",
+        "module": "icdev.tools.mcp.knowledge_server",
+        "handler": "handle_get_recommendations",
+        "description": "Get improvement recommendations for a project based on failure history and knowledge base patterns.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project"}}, "required": ["project_id"]},
+    },
+    "analyze_failure": {
+        "category": "knowledge",
+        "module": "icdev.tools.mcp.knowledge_server",
+        "handler": "handle_analyze_failure",
+        "description": "Analyze a failure to determine root cause. Matches against known patterns and uses LLM analysis for unknown issues.",
+        "input_schema": {"type": "object", "properties": {"failure_id": {"type": "string", "description": "ID of a logged failure (from failure_log table)"}, "error_message": {"type": "string", "description": "Error message to analyze (alternative to failure_id)"}, "log_data": {"type": "string", "description": "Raw log data for context"}}},
+    },
+    "self_heal": {
+        "category": "knowledge",
+        "module": "icdev.tools.mcp.knowledge_server",
+        "handler": "handle_self_heal",
+        "description": "Trigger self-healing for a detected issue. Checks confidence threshold (>=0.7 for auto, 0.3-0.7 for suggestion, <0.3 for escalation) and rate limits (max 5/hour).",
+        "input_schema": {"type": "object", "properties": {"pattern_id": {"type": "integer", "description": "ID of the knowledge pattern to apply"}, "project_id": {"type": "string", "description": "UUID of the affected project"}, "context": {"type": "object", "description": "Additional context about the failure"}}, "required": ["pattern_id"]},
+    },
+    # ============================================================
+    # MAINTENANCE (4 tools)
+    # ============================================================
+    "scan_dependencies": {
+        "category": "maintenance",
+        "module": "icdev.tools.mcp.maintenance_server",
+        "handler": "handle_scan_dependencies",
+        "description": "Inventory all project dependencies across detected languages (Python, Node.js, Rust, Go, Java, .NET). Reports current version, latest version, and days stale. Use --offline for air-gapped environments where registry access is unavailable.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project to scan"}, "language": {"type": "string", "description": "Specific language to scan (optional, auto-detects all if omitted)", "enum": ["python", "nodejs", "rust", "go", "java", "dotnet"]}, "offline": {"type": "boolean", "description": "Run in offline/air-gapped mode (skip registry checks)", "default": False}}, "required": ["project_id"]},
+    },
+    "check_vulnerabilities": {
+        "category": "maintenance",
+        "module": "icdev.tools.mcp.maintenance_server",
+        "handler": "handle_check_vulnerabilities",
+        "description": "Check project dependencies against advisory databases (NVD, GitHub Advisories, pip-audit, npm audit, cargo-audit). Maps findings to SLA deadlines: critical=48hr, high=7d, medium=30d, low=90d.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project to check"}}, "required": ["project_id"]},
+    },
+    "run_maintenance_audit": {
+        "category": "maintenance",
+        "module": "icdev.tools.mcp.maintenance_server",
+        "handler": "handle_run_maintenance_audit",
+        "description": "Run a full maintenance audit: dependency inventory, vulnerability check, maintenance score computation (0-100), SLA compliance tracking, trend analysis, and CUI-marked report generation. Gate: score >= 50 required for deployment.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project to audit"}, "offline": {"type": "boolean", "description": "Run in offline/air-gapped mode (skip registry checks)", "default": False}}, "required": ["project_id"]},
+    },
+    "remediate": {
+        "category": "maintenance",
+        "module": "icdev.tools.mcp.maintenance_server",
+        "handler": "handle_remediate",
+        "description": "Auto-implement dependency fixes: update dependency files, create remediation branches, run tests to verify fixes. Medium/low severity auto-fixed; critical/high require manual approval. Use --dry-run to preview changes.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "UUID of the project to remediate"}, "vulnerability_id": {"type": "integer", "description": "Specific vulnerability ID to remediate (optional, remediates all eligible if omitted)"}, "auto": {"type": "boolean", "description": "Enable auto-remediation for medium/low severity vulnerabilities", "default": False}, "dry_run": {"type": "boolean", "description": "Preview remediation actions without applying changes", "default": False}}, "required": ["project_id"]},
+    },
+    # ============================================================
+    # MBSE (10 tools)
+    # ============================================================
+    "import_xmi": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_import_xmi",
+        "description": "Import a Cameo SysML v1.6 XMI model file into the ICDEV database",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "file_path": {"type": "string", "description": "Path to the XMI file exported from Cameo"}}, "required": ["project_id", "file_path"]},
+    },
+    "import_reqif": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_import_reqif",
+        "description": "Import a DOORS NG ReqIF 1.2 requirements file into the ICDEV database",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "file_path": {"type": "string", "description": "Path to the ReqIF file exported from DOORS NG"}}, "required": ["project_id", "file_path"]},
+    },
+    "trace_forward": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_trace_forward",
+        "description": "Trace forward through the digital thread from a source element (requirement → model → code → test → control)",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "source_type": {"type": "string", "enum": ["doors_requirement", "sysml_element", "code_module", "test_file", "nist_control"]}, "source_id": {"type": "string", "description": "ID of the source element"}}, "required": ["project_id", "source_type", "source_id"]},
+    },
+    "trace_backward": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_trace_backward",
+        "description": "Trace backward through the digital thread from a target element (control → test → code → model → requirement)",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "target_type": {"type": "string", "enum": ["doors_requirement", "sysml_element", "code_module", "test_file", "nist_control"]}, "target_id": {"type": "string", "description": "ID of the target element"}}, "required": ["project_id", "target_type", "target_id"]},
+    },
+    "mbse_generate_code": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_generate_code",
+        "description": "Generate code scaffolding from SysML model elements (blocks → classes, activities → functions)",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "language": {"type": "string", "default": "python", "enum": ["python", "java", "go", "rust", "csharp", "typescript"]}, "output_dir": {"type": "string", "description": "Output directory for generated code"}}, "required": ["project_id", "output_dir"]},
+    },
+    "detect_drift": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_detect_drift",
+        "description": "Check synchronization status between SysML model and generated code files",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}}, "required": ["project_id"]},
+    },
+    "sync_model": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_sync_model",
+        "description": "Trigger model-code synchronization in either direction",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "direction": {"type": "string", "default": "model_to_code", "enum": ["model_to_code", "code_to_model"]}, "language": {"type": "string", "default": "python"}, "output_path": {"type": "string", "description": "Output XMI path (for code_to_model)"}}, "required": ["project_id"]},
+    },
+    "des_assess": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_des_assess",
+        "description": "Run DoDI 5000.87 Digital Engineering Strategy compliance assessment",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "project_dir": {"type": "string", "description": "Project directory path"}}, "required": ["project_id", "project_dir"]},
+    },
+    "thread_coverage": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_thread_coverage",
+        "description": "Compute digital thread coverage metrics (requirements → model → code → test → control)",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}}, "required": ["project_id"]},
+    },
+    "model_snapshot": {
+        "category": "mbse",
+        "module": "icdev.tools.mcp.mbse_server",
+        "handler": "handle_model_snapshot",
+        "description": "Create a PI-cadenced model snapshot for SAFe traceability",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "pi_number": {"type": "string", "description": "PI identifier (e.g., PI-25.1)"}, "snapshot_type": {"type": "string", "default": "manual", "enum": ["pi_start", "pi_end", "baseline", "milestone", "manual"]}, "notes": {"type": "string", "description": "Optional notes for this snapshot"}}, "required": ["project_id"]},
+    },
+    # ============================================================
+    # MODERNIZATION (10 tools)
+    # ============================================================
+    "register_legacy_app": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_register_legacy_app",
+        "description": "Register a legacy application for modernization analysis",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "name": {"type": "string", "description": "Application name"}, "source_path": {"type": "string", "description": "Path to legacy source code"}, "description": {"type": "string", "description": "Application description"}}, "required": ["project_id", "name", "source_path"]},
+    },
+    "analyze_legacy": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_analyze_legacy",
+        "description": "Run full legacy code analysis — AST parsing, dependency extraction, framework detection, API discovery, complexity metrics",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "app_id": {"type": "string", "description": "Legacy application ID"}}, "required": ["project_id", "app_id"]},
+    },
+    "extract_architecture": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_extract_architecture",
+        "description": "Reverse-engineer architecture from analyzed legacy code — call graph, component diagram, data flow, service boundaries",
+        "input_schema": {"type": "object", "properties": {"app_id": {"type": "string", "description": "Legacy application ID"}}, "required": ["app_id"]},
+    },
+    "generate_docs": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_generate_docs",
+        "description": "Generate documentation from legacy code analysis — API docs, data dictionary, component docs, dependency map",
+        "input_schema": {"type": "object", "properties": {"app_id": {"type": "string", "description": "Legacy application ID"}, "output_dir": {"type": "string", "description": "Output directory for generated documentation"}}, "required": ["app_id", "output_dir"]},
+    },
+    "assess_seven_r": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_assess_seven_r",
+        "description": "Run 7R migration strategy assessment — scores all 7 Rs (Rehost, Replatform, Refactor, Re-architect, Repurchase, Retire, Retain) with weighted decision matrix",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "app_id": {"type": "string", "description": "Legacy application ID"}, "weights_path": {"type": "string", "description": "Optional path to custom scoring weights JSON"}}, "required": ["project_id", "app_id"]},
+    },
+    "create_migration_plan": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_create_migration_plan",
+        "description": "Create a migration plan with decomposition tasks, timeline, and effort estimates",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "app_id": {"type": "string", "description": "Legacy application ID"}, "strategy": {"type": "string", "enum": ["rehost", "replatform", "refactor", "rearchitect", "repurchase", "retire", "retain"]}, "target_language": {"type": "string", "description": "Target programming language"}, "target_framework": {"type": "string", "description": "Target framework"}, "target_database": {"type": "string", "description": "Target database"}, "target_architecture": {"type": "string", "default": "microservices", "enum": ["microservices", "modular_monolith", "serverless", "event_driven", "layered", "hexagonal"]}, "migration_approach": {"type": "string", "default": "strangler_fig", "enum": ["big_bang", "strangler_fig", "parallel_run", "blue_green", "canary", "phased"]}}, "required": ["project_id", "app_id", "strategy"]},
+    },
+    "track_migration": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_track_migration",
+        "description": "Track migration progress — PI snapshots, velocity, burndown, dashboard",
+        "input_schema": {"type": "object", "properties": {"plan_id": {"type": "string", "description": "Migration plan ID"}, "action": {"type": "string", "default": "dashboard", "enum": ["snapshot", "velocity", "burndown", "dashboard"]}, "pi_number": {"type": "string", "description": "PI identifier (e.g., PI-25.3) \u2014 required for snapshot"}, "snapshot_type": {"type": "string", "default": "manual", "enum": ["pi_start", "pi_end", "milestone", "manual"]}}, "required": ["plan_id"]},
+    },
+    "generate_migration_code": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_generate_migration_code",
+        "description": "Generate migration code — adapters, facades, service scaffolding, data access layers, tests, rollback scripts",
+        "input_schema": {"type": "object", "properties": {"plan_id": {"type": "string", "description": "Migration plan ID"}, "output_dir": {"type": "string", "description": "Output directory for generated code"}}, "required": ["plan_id", "output_dir"]},
+    },
+    "check_compliance_bridge": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_check_compliance_bridge",
+        "description": "Validate ATO compliance coverage during migration — control inheritance, gap analysis, coverage validation",
+        "input_schema": {"type": "object", "properties": {"plan_id": {"type": "string", "description": "Migration plan ID"}, "action": {"type": "string", "default": "validate", "enum": ["validate", "gaps", "dashboard", "report"]}, "output_dir": {"type": "string", "description": "Output directory for reports"}}, "required": ["plan_id"]},
+    },
+    "migrate_version": {
+        "category": "modernization",
+        "module": "icdev.tools.mcp.modernization_server",
+        "handler": "handle_migrate_version",
+        "description": "Run version or framework migration transforms — Python 2→3, Java 8→17, .NET Framework→.NET 8, Struts→Spring, WCF→ASP.NET Core, etc.",
+        "input_schema": {"type": "object", "properties": {"source_path": {"type": "string", "description": "Source code directory"}, "output_path": {"type": "string", "description": "Output directory for transformed code"}, "migration_type": {"type": "string", "default": "version", "enum": ["version", "framework"]}, "language": {"type": "string", "description": "Language (for version migration)", "enum": ["python", "java", "csharp"]}, "from_version": {"type": "string", "description": "Source version (e.g., 2.7, 8, 4.8)"}, "to_version": {"type": "string", "description": "Target version (e.g., 3.11, 17, 8.0)"}, "from_framework": {"type": "string", "description": "Source framework (for framework migration)"}, "to_framework": {"type": "string", "description": "Target framework (for framework migration)"}}, "required": ["source_path", "output_path"]},
+    },
+    # ============================================================
+    # REQUIREMENTS (10 tools)
+    # ============================================================
+    "create_intake_session": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_create_intake_session",
+        "description": "Create a new AI-driven requirements intake session for a project",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "customer_name": {"type": "string", "description": "Customer/stakeholder name"}, "customer_org": {"type": "string", "description": "Customer organization"}, "impact_level": {"type": "string", "default": "IL4", "enum": ["IL2", "IL4", "IL5", "IL6"], "description": "DoD Impact Level"}, "classification": {"type": "string", "default": "CUI", "description": "Classification marking"}}, "required": ["project_id", "customer_name"]},
+    },
+    "resume_intake_session": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_resume_intake_session",
+        "description": "Resume an existing requirements intake session",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "Intake session ID to resume"}}, "required": ["session_id"]},
+    },
+    "get_session_status": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_get_session_status",
+        "description": "Get details and current status of an intake session",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "Intake session ID"}}, "required": ["session_id"]},
+    },
+    "process_intake_turn": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_process_intake_turn",
+        "description": "Process a conversation turn in the AI-driven requirements intake session",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "Intake session ID"}, "message": {"type": "string", "description": "User message or response to intake question"}}, "required": ["session_id", "message"]},
+    },
+    "upload_document": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_upload_document",
+        "description": "Upload a document (SOW, CDD, ConOps, SRD, SRS) for requirement extraction",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "Intake session ID"}, "file_path": {"type": "string", "description": "Path to the document file"}, "document_type": {"type": "string", "default": "other", "enum": ["sow", "cdd", "conops", "srd", "srs", "other"], "description": "Type of document being uploaded"}}, "required": ["session_id", "file_path"]},
+    },
+    "extract_document": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_extract_document",
+        "description": "Extract requirements from a previously uploaded document",
+        "input_schema": {"type": "object", "properties": {"document_id": {"type": "string", "description": "Document ID returned from upload_document"}}, "required": ["document_id"]},
+    },
+    "detect_gaps": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_detect_gaps",
+        "description": "Detect gaps, ambiguities, and missing requirements in the intake session",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "Intake session ID"}, "check_security": {"type": "boolean", "default": True, "description": "Check for missing security requirements"}, "check_compliance": {"type": "boolean", "default": True, "description": "Check for missing compliance requirements"}, "check_testability": {"type": "boolean", "default": True, "description": "Check requirement testability"}, "check_interfaces": {"type": "boolean", "default": False, "description": "Check for missing interface definitions"}, "check_data": {"type": "boolean", "default": False, "description": "Check for missing data requirements"}}, "required": ["session_id"]},
+    },
+    "score_readiness": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_score_readiness",
+        "description": "Score requirement readiness to determine if requirements are complete enough for decomposition",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "Intake session ID"}, "threshold": {"type": "number", "default": 0.7, "description": "Minimum readiness score (0.0-1.0) to pass"}}, "required": ["session_id"]},
+    },
+    "decompose_requirements": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_decompose_requirements",
+        "description": "Decompose requirements into SAFe hierarchy (Epic > Capability > Feature > Story)",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "Intake session ID"}, "target_level": {"type": "string", "default": "story", "enum": ["epic", "capability", "feature", "story"], "description": "Target decomposition level"}, "generate_bdd": {"type": "boolean", "default": False, "description": "Generate BDD acceptance criteria for stories"}, "estimate": {"type": "boolean", "default": True, "description": "Generate story point estimates"}}, "required": ["session_id"]},
+    },
+    "generate_bdd": {
+        "category": "requirements",
+        "module": "icdev.tools.mcp.requirements_server",
+        "handler": "handle_generate_bdd",
+        "description": "Generate BDD (Gherkin) acceptance criteria for all requirements in the session",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "Intake session ID"}}, "required": ["session_id"]},
+    },
+    # ============================================================
+    # SUPPLY_CHAIN (9 tools)
+    # ============================================================
+    "register_ato_system": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_register_ato_system",
+        "description": "Register an existing ATO boundary system for boundary impact analysis",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "system_name": {"type": "string", "description": "Name of the ATO system boundary"}, "ato_status": {"type": "string", "default": "active", "enum": ["active", "conditional", "expired", "pending"], "description": "Current ATO status"}, "boundary_definition": {"type": "string", "description": "JSON string defining the boundary (components, networks, data flows)"}, "baseline_controls": {"type": "string", "description": "JSON string of baseline NIST 800-53 controls implemented"}, "classification": {"type": "string", "default": "CUI", "description": "Classification marking"}, "impact_level": {"type": "string", "default": "IL4", "enum": ["IL2", "IL4", "IL5", "IL6"], "description": "DoD Impact Level"}}, "required": ["project_id", "system_name"]},
+    },
+    "assess_boundary_impact": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_assess_boundary_impact",
+        "description": "Assess a requirement's impact on an ATO boundary — returns GREEN/YELLOW/ORANGE/RED tier classification",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "system_id": {"type": "string", "description": "ATO system boundary ID"}, "requirement_id": {"type": "string", "description": "Requirement ID to assess"}}, "required": ["project_id", "system_id", "requirement_id"]},
+    },
+    "generate_red_alternative": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_generate_red_alternative",
+        "description": "Generate alternative COAs (Courses of Action) for RED-tier requirements that would invalidate ATO",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "assessment_id": {"type": "string", "description": "Boundary impact assessment ID (from assess_boundary_impact)"}}, "required": ["project_id", "assessment_id"]},
+    },
+    "add_vendor": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_add_vendor",
+        "description": "Register a supply chain vendor with SCRM risk tier and Section 889 compliance status",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "vendor_name": {"type": "string", "description": "Vendor or supplier name"}, "vendor_type": {"type": "string", "default": "software", "enum": ["software", "hardware", "cloud_service", "integrator", "open_source"], "description": "Type of vendor"}, "country_of_origin": {"type": "string", "description": "ISO 3166-1 alpha-2 country code (e.g., US, GB, DE)"}, "scrm_risk_tier": {"type": "string", "default": "medium", "enum": ["low", "medium", "high", "critical"], "description": "Initial SCRM risk tier"}, "section_889_status": {"type": "string", "default": "compliant", "enum": ["compliant", "non_compliant", "under_review", "exempt"], "description": "Section 889 compliance status"}}, "required": ["project_id", "vendor_name", "country_of_origin"]},
+    },
+    "build_dependency_graph": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_build_dependency_graph",
+        "description": "Build or query the project supply chain dependency graph — vendors, components, and their relationships",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}}, "required": ["project_id"]},
+    },
+    "propagate_impact": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_propagate_impact",
+        "description": "Propagate a vulnerability or supply chain event through the dependency graph to determine blast radius",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "component": {"type": "string", "description": "Affected component name"}, "impact_type": {"type": "string", "default": "vulnerability", "enum": ["vulnerability", "supply_disruption", "license_change", "eol_notice", "vendor_breach"], "description": "Type of supply chain impact"}, "severity": {"type": "string", "default": "high", "enum": ["critical", "high", "medium", "low"], "description": "Impact severity"}}, "required": ["project_id", "component"]},
+    },
+    "manage_isa": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_manage_isa",
+        "description": "ISA/MOU lifecycle management — list, create, check expiring, or find review-due agreements",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "action": {"type": "string", "enum": ["list", "create", "expiring", "review_due"], "description": "ISA management action"}, "source_system": {"type": "string", "description": "Source system name (required for create)"}, "target_system": {"type": "string", "description": "Target system name (required for create)"}, "data_types_shared": {"type": "string", "description": "Comma-separated data types shared between systems"}, "auth_date": {"type": "string", "description": "Authorization date (YYYY-MM-DD)"}, "expiry_date": {"type": "string", "description": "Expiry date (YYYY-MM-DD)"}, "days_ahead": {"type": "number", "default": 90, "description": "Look-ahead days for expiring check"}}, "required": ["project_id", "action"]},
+    },
+    "assess_scrm": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_assess_scrm",
+        "description": "Run NIST 800-161 Supply Chain Risk Management assessment — per vendor or aggregate project-level",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "vendor_id": {"type": "string", "description": "Vendor ID (required when aggregate is false)"}, "aggregate": {"type": "boolean", "default": False, "description": "If true, assess all vendors for the project"}}, "required": ["project_id"]},
+    },
+    "triage_cve": {
+        "category": "supply_chain",
+        "module": "icdev.tools.mcp.supply_chain_server",
+        "handler": "handle_triage_cve",
+        "description": "Triage a CVE with blast radius analysis through the dependency graph — assigns SLA and escalation timeline",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "cve_id": {"type": "string", "description": "CVE identifier (e.g., CVE-2024-12345)"}, "component": {"type": "string", "description": "Affected component name"}, "cvss_score": {"type": "number", "description": "CVSS v3.1 base score (0.0-10.0)"}, "severity": {"type": "string", "enum": ["critical", "high", "medium", "low"], "description": "CVE severity level"}, "description": {"type": "string", "description": "CVE description for context"}}, "required": ["project_id", "cve_id", "component", "severity"]},
+    },
+    # ============================================================
+    # SIMULATION (8 tools)
+    # ============================================================
+    "create_scenario": {
+        "category": "simulation",
+        "module": "icdev.tools.mcp.simulation_server",
+        "handler": "handle_create_scenario",
+        "description": "Create a what-if scenario for Digital Program Twin simulation",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "scenario_name": {"type": "string", "description": "Human-readable scenario name"}, "scenario_type": {"type": "string", "default": "what_if", "enum": ["what_if", "coa_comparison", "risk_analysis"], "description": "Type of scenario"}, "modifications": {"type": "string", "description": "JSON string describing modifications (add/remove requirements, architecture changes)"}, "base_session_id": {"type": "string", "description": "RICOAS session ID to use as baseline (optional)"}}, "required": ["project_id", "scenario_name"]},
+    },
+    "run_simulation": {
+        "category": "simulation",
+        "module": "icdev.tools.mcp.simulation_server",
+        "handler": "handle_run_simulation",
+        "description": "Run 6-dimension simulation (architecture, compliance, supply chain, schedule, cost, risk)",
+        "input_schema": {"type": "object", "properties": {"scenario_id": {"type": "string", "description": "Scenario ID to simulate"}, "dimensions": {"type": "string", "default": "all", "description": "Comma-separated dimensions or 'all' (architecture,compliance,supply_chain,schedule,cost,risk)"}}, "required": ["scenario_id"]},
+    },
+    "run_monte_carlo": {
+        "category": "simulation",
+        "module": "icdev.tools.mcp.simulation_server",
+        "handler": "handle_run_monte_carlo",
+        "description": "Run Monte Carlo estimation for schedule, cost, or risk with PERT distributions",
+        "input_schema": {"type": "object", "properties": {"scenario_id": {"type": "string", "description": "Scenario ID to estimate"}, "dimension": {"type": "string", "enum": ["schedule", "cost", "risk"], "description": "Dimension to estimate"}, "iterations": {"type": "integer", "default": 10000, "description": "Number of Monte Carlo iterations (recommend >= 1000)"}, "confidence_levels": {"type": "string", "default": "0.10,0.50,0.80,0.90", "description": "Comma-separated confidence levels (e.g. P10, P50, P80, P90)"}}, "required": ["scenario_id", "dimension"]},
+    },
+    "generate_coas": {
+        "category": "simulation",
+        "module": "icdev.tools.mcp.simulation_server",
+        "handler": "handle_generate_coas",
+        "description": "Generate 3 Courses of Action (Speed/Balanced/Comprehensive) for a RICOAS session",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "RICOAS session ID"}, "project_id": {"type": "string", "description": "ICDEV project ID (optional)"}, "simulate": {"type": "boolean", "default": False, "description": "Run 6-dimension simulation on each COA"}}, "required": ["session_id"]},
+    },
+    "generate_alternative_coa": {
+        "category": "simulation",
+        "module": "icdev.tools.mcp.simulation_server",
+        "handler": "handle_generate_alternative_coa",
+        "description": "Generate an alternative COA for a RED-tier requirement that stays within ATO boundary",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "RICOAS session ID"}, "requirement_id": {"type": "string", "description": "ID of the RED requirement"}, "project_id": {"type": "string", "description": "ICDEV project ID (optional)"}}, "required": ["session_id", "requirement_id"]},
+    },
+    "compare_coas": {
+        "category": "simulation",
+        "module": "icdev.tools.mcp.simulation_server",
+        "handler": "handle_compare_coas",
+        "description": "Compare all COAs in a session across 6 simulation dimensions side-by-side",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "RICOAS session ID"}}, "required": ["session_id"]},
+    },
+    "select_coa": {
+        "category": "simulation",
+        "module": "icdev.tools.mcp.simulation_server",
+        "handler": "handle_select_coa",
+        "description": "Select a COA and record the decision with rationale for audit trail",
+        "input_schema": {"type": "object", "properties": {"coa_id": {"type": "string", "description": "ID of the selected COA"}, "selected_by": {"type": "string", "description": "Who selected this COA (name or role)"}, "rationale": {"type": "string", "description": "Rationale for selecting this COA"}}, "required": ["coa_id", "selected_by", "rationale"]},
+    },
+    "manage_scenarios": {
+        "category": "simulation",
+        "module": "icdev.tools.mcp.simulation_server",
+        "handler": "handle_manage_scenarios",
+        "description": "List, fork, archive, export, or summarize simulation scenarios",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID (for list action)"}, "scenario_id": {"type": "string", "description": "Scenario ID (for fork/archive/export/summary)"}, "action": {"type": "string", "enum": ["list", "fork", "archive", "export", "summary"], "description": "Action to perform"}, "new_name": {"type": "string", "description": "New scenario name (for fork action)"}, "output_path": {"type": "string", "description": "Output file path (for export action)"}}, "required": ["action"]},
+    },
+    # ============================================================
+    # INTEGRATION (10 tools)
+    # ============================================================
+    "configure_jira": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_configure_jira",
+        "description": "Configure Jira integration for bidirectional requirement sync",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "instance_url": {"type": "string", "description": "Jira instance URL (e.g., https://org.atlassian.net)"}, "project_key": {"type": "string", "description": "Jira project key (e.g., PROJ)"}, "auth_secret_ref": {"type": "string", "description": "AWS Secrets Manager reference for Jira credentials"}}, "required": ["project_id", "instance_url", "project_key", "auth_secret_ref"]},
+    },
+    "sync_jira": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_sync_jira",
+        "description": "Push decomposed SAFe items to Jira or pull status updates from Jira",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "direction": {"type": "string", "default": "push", "enum": ["push", "pull"], "description": "Sync direction: push to Jira or pull from Jira"}, "session_id": {"type": "string", "description": "RICOAS session ID to scope the sync"}, "dry_run": {"type": "boolean", "default": False, "description": "Preview changes without applying"}}, "required": ["project_id"]},
+    },
+    "configure_servicenow": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_configure_servicenow",
+        "description": "Configure ServiceNow integration for bidirectional requirement sync",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "instance_url": {"type": "string", "description": "ServiceNow instance URL (e.g., https://org.service-now.com)"}, "table_name": {"type": "string", "default": "rm_story", "description": "ServiceNow table name for requirements"}, "auth_secret_ref": {"type": "string", "description": "AWS Secrets Manager reference for ServiceNow credentials"}}, "required": ["project_id", "instance_url", "auth_secret_ref"]},
+    },
+    "sync_servicenow": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_sync_servicenow",
+        "description": "Push decomposed SAFe items to ServiceNow or pull status updates from ServiceNow",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "direction": {"type": "string", "default": "push", "enum": ["push", "pull"], "description": "Sync direction: push to ServiceNow or pull from ServiceNow"}, "session_id": {"type": "string", "description": "RICOAS session ID to scope the sync"}, "dry_run": {"type": "boolean", "default": False, "description": "Preview changes without applying"}}, "required": ["project_id"]},
+    },
+    "configure_gitlab": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_configure_gitlab",
+        "description": "Configure GitLab integration for bidirectional requirement sync",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "instance_url": {"type": "string", "description": "GitLab instance URL (e.g., https://gitlab.example.com)"}, "gitlab_project_id": {"type": "string", "description": "GitLab project ID (numeric or path)"}, "auth_secret_ref": {"type": "string", "description": "AWS Secrets Manager reference for GitLab credentials"}}, "required": ["project_id", "instance_url", "gitlab_project_id", "auth_secret_ref"]},
+    },
+    "sync_gitlab": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_sync_gitlab",
+        "description": "Push decomposed SAFe items to GitLab or pull status updates from GitLab",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "direction": {"type": "string", "default": "push", "enum": ["push", "pull"], "description": "Sync direction: push to GitLab or pull from GitLab"}, "session_id": {"type": "string", "description": "RICOAS session ID to scope the sync"}, "dry_run": {"type": "boolean", "default": False, "description": "Preview changes without applying"}}, "required": ["project_id"]},
+    },
+    "export_reqif": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_export_reqif",
+        "description": "Export requirements as ReqIF 1.2 XML for import into IBM DOORS NG",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "RICOAS session ID containing requirements to export"}, "output_path": {"type": "string", "description": "File path for the generated ReqIF XML output"}, "include_trace": {"type": "boolean", "default": True, "description": "Include traceability links in the export"}}, "required": ["session_id", "output_path"]},
+    },
+    "submit_approval": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_submit_approval",
+        "description": "Submit a requirements package, COA selection, boundary acceptance, or deployment gate for approval",
+        "input_schema": {"type": "object", "properties": {"session_id": {"type": "string", "description": "RICOAS session ID for the approval subject"}, "approval_type": {"type": "string", "enum": ["requirements_package", "coa_selection", "boundary_acceptance", "deployment_gate"], "description": "Type of approval workflow to initiate"}, "submitted_by": {"type": "string", "description": "Identity of the submitter (e.g., agent name or user ID)"}, "reviewers": {"type": "string", "description": "JSON string array of reviewer identities"}}, "required": ["session_id", "approval_type", "submitted_by"]},
+    },
+    "review_approval": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_review_approval",
+        "description": "Record a reviewer decision (approved, rejected, conditional) on a pending approval",
+        "input_schema": {"type": "object", "properties": {"approval_id": {"type": "string", "description": "ID of the approval to review"}, "reviewer": {"type": "string", "description": "Identity of the reviewer"}, "decision": {"type": "string", "enum": ["approved", "rejected", "conditional"], "description": "Reviewer decision"}, "rationale": {"type": "string", "description": "Explanation for the decision"}}, "required": ["approval_id", "reviewer", "decision", "rationale"]},
+    },
+    "build_traceability": {
+        "category": "integration",
+        "module": "icdev.tools.mcp.integration_server",
+        "handler": "handle_build_traceability",
+        "description": "Build a full Requirements Traceability Matrix linking requirement to SysML to code to test to NIST control",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "ICDEV project ID"}, "session_id": {"type": "string", "description": "Optional RICOAS session ID to scope the RTM"}}, "required": ["project_id"]},
+    },
+    # ============================================================
+    # MARKETPLACE (11 tools)
+    # ============================================================
+    "publish_asset": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_publish_asset",
+        "description": "Publish a GOTCHA asset (skill/goal/hardprompt/context/args/compliance) through 7-gate security pipeline",
+        "input_schema": {"type": "object", "properties": {"asset_path": {"type": "string", "description": "Path to asset directory"}, "asset_type": {"type": "string", "enum": ["skill", "goal", "hardprompt", "context", "args", "compliance"]}, "tenant_id": {"type": "string", "description": "Publisher tenant ID"}, "publisher_user": {"type": "string", "description": "Publisher identity"}, "publisher_org": {"type": "string", "description": "Publisher organization"}, "target_tier": {"type": "string", "enum": ["tenant_local", "central_vetted"], "default": "tenant_local"}, "asset_id": {"type": "string", "description": "Existing asset ID (for new version)"}, "new_version": {"type": "string", "description": "Version for update"}, "changelog": {"type": "string"}, "signing_key": {"type": "string", "description": "Path to RSA private key"}}, "required": ["asset_path", "asset_type", "tenant_id"]},
+    },
+    "install_asset": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_install_asset",
+        "description": "Install a marketplace asset to a tenant/project",
+        "input_schema": {"type": "object", "properties": {"asset_id": {"type": "string"}, "version_id": {"type": "string"}, "tenant_id": {"type": "string"}, "project_id": {"type": "string"}, "installed_by": {"type": "string"}, "install_path": {"type": "string"}}, "required": ["asset_id", "tenant_id"]},
+    },
+    "uninstall_asset": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_uninstall_asset",
+        "description": "Uninstall a marketplace asset",
+        "input_schema": {"type": "object", "properties": {"installation_id": {"type": "string"}, "uninstalled_by": {"type": "string"}}, "required": ["installation_id"]},
+    },
+    "search_assets": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_search_assets",
+        "description": "Search marketplace using hybrid keyword + semantic search",
+        "input_schema": {"type": "object", "properties": {"query": {"type": "string", "description": "Search query"}, "asset_type": {"type": "string", "enum": ["skill", "goal", "hardprompt", "context", "args", "compliance"]}, "impact_level": {"type": "string", "enum": ["IL2", "IL4", "IL5", "IL6"]}, "catalog_tier": {"type": "string", "enum": ["tenant_local", "central_vetted"]}, "tenant_id": {"type": "string"}, "limit": {"type": "integer", "default": 20}}, "required": ["query"]},
+    },
+    "list_assets": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_list_assets",
+        "description": "List marketplace assets with optional filters",
+        "input_schema": {"type": "object", "properties": {"asset_type": {"type": "string"}, "tenant_id": {"type": "string"}, "catalog_tier": {"type": "string"}, "status": {"type": "string"}, "impact_level": {"type": "string"}, "limit": {"type": "integer", "default": 50}, "offset": {"type": "integer", "default": 0}}},
+    },
+    "get_asset": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_get_asset",
+        "description": "Get full asset details including versions and scan results",
+        "input_schema": {"type": "object", "properties": {"slug": {"type": "string", "description": "Asset slug (publisher/name)"}, "asset_id": {"type": "string"}}},
+    },
+    "review_asset": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_review_asset",
+        "description": "Complete review decision (approve/reject/conditional) for cross-tenant sharing",
+        "input_schema": {"type": "object", "properties": {"review_id": {"type": "string"}, "reviewer_id": {"type": "string"}, "decision": {"type": "string", "enum": ["approved", "rejected", "conditional"]}, "rationale": {"type": "string"}, "conditions": {"type": "string"}}, "required": ["review_id", "reviewer_id", "decision", "rationale"]},
+    },
+    "list_pending": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_list_pending",
+        "description": "List pending review requests for marketplace assets",
+        "input_schema": {"type": "object", "properties": {"reviewer_id": {"type": "string"}}},
+    },
+    "check_compat": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_check_compat",
+        "description": "Check IL, version, and dependency compatibility for an asset",
+        "input_schema": {"type": "object", "properties": {"asset_id": {"type": "string"}, "consumer_il": {"type": "string", "enum": ["IL2", "IL4", "IL5", "IL6"]}, "tenant_id": {"type": "string"}, "platform_version": {"type": "string"}}, "required": ["asset_id"]},
+    },
+    "sync_status": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_sync_status",
+        "description": "Get federation sync status across all tenants",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "asset_scan": {
+        "category": "marketplace",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_asset_scan",
+        "description": "Run 7-gate security scanning pipeline on a marketplace asset",
+        "input_schema": {"type": "object", "properties": {"asset_id": {"type": "string"}, "version_id": {"type": "string"}, "asset_path": {"type": "string"}, "gates": {"type": "string", "description": "Comma-separated gate names"}, "classification": {"type": "string"}}, "required": ["asset_id", "version_id", "asset_path"]},
+    },
+    # ============================================================
+    # DEVSECOPS (12 tools)
+    # ============================================================
+    "devsecops_profile_create": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_devsecops_profile_create",
+        "description": "Create or update a DevSecOps profile for a project. Sets maturity level and active pipeline security stages.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}, "maturity_level": {"type": "string", "description": "Target maturity level (level_1_initial through level_5_optimized)"}, "stages": {"type": "array", "items": {"type": "string"}, "description": "Explicit list of active stage IDs"}}, "required": ["project_id"]},
+    },
+    "devsecops_profile_get": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_devsecops_profile_get",
+        "description": "Get a project's current DevSecOps profile including maturity level, active stages, and stage configurations.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}}, "required": ["project_id"]},
+    },
+    "devsecops_maturity_assess": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_devsecops_maturity_assess",
+        "description": "Assess DevSecOps maturity level, identify gaps for next level, and provide recommendations.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}}, "required": ["project_id"]},
+    },
+    "zta_maturity_score": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_zta_maturity_score",
+        "description": "Score ZTA maturity across all 7 DoD pillars (User Identity, Device, Network, Application/Workload, Data, Visibility/Analytics, Automation/Orchestration). Returns per-pillar scores and weighted aggregate.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}, "pillar": {"type": "string", "description": "Score a specific pillar (optional \u2014 omit for all 7)"}}, "required": ["project_id"]},
+    },
+    "zta_assess": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_zta_assess",
+        "description": "Run NIST SP 800-207 Zero Trust Architecture assessment. Evaluates ZTA requirements against project artifacts and crosswalks to NIST 800-53.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}, "project_dir": {"type": "string", "description": "Path to project source code for automated checks"}, "gate": {"type": "boolean", "description": "Evaluate gate pass/fail only"}}, "required": ["project_id"]},
+    },
+    "pipeline_security_generate": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_pipeline_security_generate",
+        "description": "Generate GitLab CI security stages based on the project's DevSecOps profile. Only includes stages active in the profile.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}}, "required": ["project_id"]},
+    },
+    "policy_generate": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_policy_generate",
+        "description": "Generate Kyverno or OPA/Gatekeeper admission policies for pod security, image registry restriction, label enforcement, and resource limits.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}, "engine": {"type": "string", "enum": ["kyverno", "opa"], "description": "Policy engine (default: kyverno)"}}, "required": ["project_id"]},
+    },
+    "service_mesh_generate": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_service_mesh_generate",
+        "description": "Generate Istio or Linkerd service mesh configurations including mTLS, authorization policies, traffic routing, and circuit breaking.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}, "mesh": {"type": "string", "enum": ["istio", "linkerd"], "description": "Service mesh type (default: istio)"}}, "required": ["project_id"]},
+    },
+    "network_segmentation_generate": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_network_segmentation_generate",
+        "description": "Generate Kubernetes NetworkPolicy manifests for ZTA micro-segmentation: default-deny per namespace, DNS exceptions, per-service policies.",
+        "input_schema": {"type": "object", "properties": {"project_path": {"type": "string", "description": "Target project directory"}, "namespaces": {"type": "array", "items": {"type": "string"}, "description": "Namespace names for isolation policies"}, "microsegmentation": {"type": "boolean", "description": "Generate per-service micro-segmentation policies"}, "services": {"type": "array", "items": {"type": "string"}, "description": "Service names for micro-segmentation"}}},
+    },
+    "attestation_verify": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_attestation_verify",
+        "description": "Verify image signing and SBOM attestations. Returns verification commands for cosign CLI.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}, "image": {"type": "string", "description": "Container image reference (e.g., registry/app:v1.0)"}}, "required": ["project_id", "image"]},
+    },
+    "zta_posture_check": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_zta_posture_check",
+        "description": "Check ZTA posture for cATO readiness. Returns overall maturity score, per-pillar scores, and whether the project meets minimum ZTA requirements for continuous authorization.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}}, "required": ["project_id"]},
+    },
+    "pdp_config_generate": {
+        "category": "devsecops",
+        "module": "icdev.tools.mcp.devsecops_server",
+        "handler": "handle_pdp_config_generate",
+        "description": "Generate PDP (Policy Decision Point) reference documentation and PEP (Policy Enforcement Point) configs for Istio/Linkerd pointing to external identity/access providers.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project identifier"}, "pdp_type": {"type": "string", "description": "PDP provider type (disa_icam, zscaler, palo_alto_prisma, crowdstrike, microsoft_entra, custom)"}, "pep": {"type": "boolean", "description": "Generate PEP config instead of PDP reference"}, "mesh": {"type": "string", "enum": ["istio", "linkerd"], "description": "Service mesh for PEP generation"}}, "required": ["project_id"]},
+    },
+    # ============================================================
+    # GATEWAY (5 tools)
+    # ============================================================
+    "bind_user": {
+        "category": "gateway",
+        "module": "icdev.tools.mcp.gateway_server",
+        "handler": "handle_bind_user",
+        "description": "Initiate or complete a user binding ceremony for remote command access",
+        "input_schema": {"type": "object", "properties": {"action": {"type": "string", "enum": ["initiate", "verify", "provision"]}, "channel": {"type": "string"}, "channel_user_id": {"type": "string"}, "challenge_code": {"type": "string"}, "icdev_user_id": {"type": "string"}, "tenant_id": {"type": "string"}}},
+    },
+    "list_bindings": {
+        "category": "gateway",
+        "module": "icdev.tools.mcp.gateway_server",
+        "handler": "handle_list_bindings",
+        "description": "List remote user bindings (active, pending, revoked)",
+        "input_schema": {"type": "object", "properties": {"channel": {"type": "string"}, "status": {"type": "string"}}},
+    },
+    "revoke_binding": {
+        "category": "gateway",
+        "module": "icdev.tools.mcp.gateway_server",
+        "handler": "handle_revoke_binding",
+        "description": "Revoke an active remote user binding",
+        "input_schema": {"type": "object", "properties": {"binding_id": {"type": "string"}, "reason": {"type": "string"}}, "required": ["binding_id"]},
+    },
+    "send_command": {
+        "category": "gateway",
+        "module": "icdev.tools.mcp.gateway_server",
+        "handler": "handle_send_command",
+        "description": "Execute an ICDEV command via the remote gateway (for testing/admin)",
+        "input_schema": {"type": "object", "properties": {"command": {"type": "string"}, "project_id": {"type": "string"}, "channel": {"type": "string"}}, "required": ["command"]},
+    },
+    "gateway_status": {
+        "category": "gateway",
+        "module": "icdev.tools.mcp.gateway_server",
+        "handler": "handle_gateway_status",
+        "description": "Show remote gateway status: active channels, environment mode, recent commands",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    # ============================================================
+    # CONTEXT (5 tools)
+    # ============================================================
+    "fetch_docs": {
+        "category": "context",
+        "module": "icdev.tools.mcp.context_server",
+        "handler": "handle_fetch_docs",
+        "description": "Fetch CLAUDE.md section by header name or keyword search",
+        "input_schema": {"type": "object", "properties": {"section": {"type": "string", "description": "Section header name (exact or partial match)"}, "keyword": {"type": "string", "description": "Keyword to search across all sections"}}},
+    },
+    "list_sections": {
+        "category": "context",
+        "module": "icdev.tools.mcp.context_server",
+        "handler": "handle_list_sections",
+        "description": "List all CLAUDE.md sections (table of contents)",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "get_icdev_metadata": {
+        "category": "context",
+        "module": "icdev.tools.mcp.context_server",
+        "handler": "handle_get_icdev_metadata",
+        "description": "Get live system metadata (projects, agents, compliance, events)",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "get_project_context": {
+        "category": "context",
+        "module": "icdev.tools.mcp.context_server",
+        "handler": "handle_get_project_context",
+        "description": "Get project-specific context for agent use",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project ID"}}, "required": ["project_id"]},
+    },
+    "get_agent_context": {
+        "category": "context",
+        "module": "icdev.tools.mcp.context_server",
+        "handler": "handle_get_agent_context",
+        "description": "Get role-tailored CLAUDE.md sections for an agent",
+        "input_schema": {"type": "object", "properties": {"role": {"type": "string", "description": "Agent role (builder, compliance, security, architect, infrastructure, orchestrator)"}}, "required": ["role"]},
+    },
+    # ============================================================
+    # INNOVATION (10 tools)
+    # ============================================================
+    "scan_web": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_scan_web",
+        "description": "Scan web sources (GitHub, NVD, SO, HN) for innovation signals",
+        "input_schema": {"type": "object", "properties": {"source": {"type": "string", "description": "Specific source to scan (github, cve_databases, stackoverflow, hackernews) or omit for all"}}},
+    },
+    "score_signals": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_score_signals",
+        "description": "Score innovation signals with 5-dimension weighted average",
+        "input_schema": {"type": "object", "properties": {"signal_id": {"type": "string", "description": "Specific signal ID to score, or omit to score all new signals"}}},
+    },
+    "triage_signals": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_triage_signals",
+        "description": "Run compliance-first 5-stage triage on scored signals",
+        "input_schema": {"type": "object", "properties": {"signal_id": {"type": "string", "description": "Specific signal ID to triage, or omit to triage all scored"}}},
+    },
+    "detect_trends": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_detect_trends",
+        "description": "Detect emerging trend patterns across innovation signals",
+        "input_schema": {"type": "object", "properties": {"time_window_days": {"type": "integer", "default": 30}, "min_signals": {"type": "integer", "default": 3}}},
+    },
+    "generate_solution": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_generate_solution",
+        "description": "Generate solution specification from an approved innovation signal",
+        "input_schema": {"type": "object", "properties": {"signal_id": {"type": "string", "description": "Signal ID to generate solution for, or omit for all approved"}}},
+    },
+    "run_pipeline": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_run_pipeline",
+        "description": "Run full innovation pipeline: discover \u2192 score \u2192 triage \u2192 generate",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "get_status": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_get_status",
+        "description": "Get innovation engine status overview with signal counts and health",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "introspect": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_introspect",
+        "description": "Run introspective analysis on ICDEV internal telemetry",
+        "input_schema": {"type": "object", "properties": {"type": {"type": "string", "description": "Analysis type: all, failed_self_heals, gate_failures, unused_tools, slow_pipelines, nlq_gaps, knowledge_gaps", "default": "all"}}},
+    },
+    "competitive_scan": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_competitive_scan",
+        "description": "Scan competitors for feature gaps and intelligence",
+        "input_schema": {"type": "object", "properties": {"competitor": {"type": "string", "description": "Specific competitor name or omit for all"}}},
+    },
+    "standards_check": {
+        "category": "innovation",
+        "module": "icdev.tools.mcp.innovation_server",
+        "handler": "handle_standards_check",
+        "description": "Check standards bodies (NIST, CISA, DoD) for compliance updates",
+        "input_schema": {"type": "object", "properties": {"body": {"type": "string", "description": "Standards body: nist, cisa, dod, fedramp, iso, or omit for all"}}},
+    },
+    # ============================================================
+    # OBSERVABILITY (6 tools)
+    # ============================================================
+    "trace_query": {
+        "category": "observability",
+        "module": "icdev.tools.mcp.observability_server",
+        "handler": "trace_query_handler",
+        "description": "Query traces and spans from the distributed tracing system. Filter by trace_id, project_id, or span name.",
+        "input_schema": {"type": "object", "properties": {"trace_id": {"type": "string", "description": "Specific trace ID to query"}, "project_id": {"type": "string", "description": "Filter by project ID"}, "name": {"type": "string", "description": "Filter by span name (e.g., 'mcp.tool_call')"}, "limit": {"type": "integer", "description": "Max results (default 50, max 200)"}}},
+    },
+    "trace_summary": {
+        "category": "observability",
+        "module": "icdev.tools.mcp.observability_server",
+        "handler": "trace_summary_handler",
+        "description": "Get aggregate trace statistics: total spans, traces, MCP tool calls, errors, average duration.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Filter by project ID"}}},
+    },
+    "prov_lineage": {
+        "category": "observability",
+        "module": "icdev.tools.mcp.observability_server",
+        "handler": "prov_lineage_handler",
+        "description": "Query W3C PROV provenance lineage for an entity. Trace backward (what produced this?) or forward (what did this produce?).",
+        "input_schema": {"type": "object", "properties": {"entity_id": {"type": "string", "description": "Entity ID to query lineage for"}, "direction": {"type": "string", "enum": ["backward", "forward"], "description": "Lineage direction"}, "max_depth": {"type": "integer", "description": "Max traversal depth (default 50)"}}, "required": ["entity_id"]},
+    },
+    "prov_export": {
+        "category": "observability",
+        "module": "icdev.tools.mcp.observability_server",
+        "handler": "prov_export_handler",
+        "description": "Export provenance graph as W3C PROV-JSON format for interoperability.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Filter by project ID"}}},
+    },
+    "shap_analyze": {
+        "category": "observability",
+        "module": "icdev.tools.mcp.observability_server",
+        "handler": "shap_analyze_handler",
+        "description": "Run AgentSHAP Monte Carlo Shapley value analysis on a trace to determine tool importance attribution.",
+        "input_schema": {"type": "object", "properties": {"trace_id": {"type": "string", "description": "Trace ID to analyze"}, "iterations": {"type": "integer", "description": "Monte Carlo iterations (default 1000, max 5000)"}}, "required": ["trace_id"]},
+    },
+    "xai_assess": {
+        "category": "observability",
+        "module": "icdev.tools.mcp.observability_server",
+        "handler": "xai_assess_handler",
+        "description": "Run XAI compliance assessment: 10 automated checks covering tracing, provenance, SHAP, and explainability against NIST AI RMF and DoD RAI requirements.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project ID to assess"}}, "required": ["project_id"]},
+    },
+    # ============================================================
+    # TRANSLATION (9 tools)
+    # ============================================================
+    "translate_code": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_translate_code",
+        "description": "Run full cross-language translation pipeline (Extract, Type-Check, Translate, Assemble, Validate+Repair).",
+        "input_schema": {"type": "object", "properties": {"source_path": {"type": "string", "description": "Path to source code directory"}, "source_language": {"type": "string", "description": "Source language"}, "target_language": {"type": "string", "description": "Target language"}, "output_dir": {"type": "string", "description": "Output directory"}, "project_id": {"type": "string"}, "validate": {"type": "boolean", "default": True}, "dry_run": {"type": "boolean", "default": False}}, "required": ["source_path", "source_language", "target_language", "output_dir"]},
+    },
+    "extract_source_ir": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_extract_source_ir",
+        "description": "Extract language-agnostic Intermediate Representation (IR) from source code.",
+        "input_schema": {"type": "object", "properties": {"source_path": {"type": "string"}, "language": {"type": "string"}, "output_ir": {"type": "string"}, "project_id": {"type": "string"}}, "required": ["source_path", "language"]},
+    },
+    "translate_unit": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_translate_unit",
+        "description": "Translate a single code unit from IR to target language with pass@k candidates.",
+        "input_schema": {"type": "object", "properties": {"ir_file": {"type": "string"}, "source_language": {"type": "string"}, "target_language": {"type": "string"}, "output_dir": {"type": "string"}, "candidates": {"type": "integer", "default": 3}}, "required": ["ir_file", "source_language", "target_language", "output_dir"]},
+    },
+    "map_dependencies": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_map_dependencies",
+        "description": "Map source language dependencies to target language equivalents.",
+        "input_schema": {"type": "object", "properties": {"source_language": {"type": "string"}, "target_language": {"type": "string"}, "imports": {"type": "string", "description": "Comma-separated source imports"}}, "required": ["source_language", "target_language", "imports"]},
+    },
+    "check_types": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_check_types",
+        "description": "Run type-compatibility pre-check between source and target type systems.",
+        "input_schema": {"type": "object", "properties": {"ir_file": {"type": "string"}, "source_language": {"type": "string"}, "target_language": {"type": "string"}}, "required": ["ir_file", "source_language", "target_language"]},
+    },
+    "assemble_project": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_assemble_project",
+        "description": "Assemble translated units into a complete target-language project.",
+        "input_schema": {"type": "object", "properties": {"output_dir": {"type": "string"}, "target_language": {"type": "string"}, "project_name": {"type": "string"}}, "required": ["output_dir", "target_language"]},
+    },
+    "validate_translation": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_validate_translation",
+        "description": "Validate translated code (syntax, API surface, round-trip IR consistency).",
+        "input_schema": {"type": "object", "properties": {"source_ir": {"type": "string"}, "output_dir": {"type": "string"}, "target_language": {"type": "string"}}, "required": ["source_ir", "output_dir", "target_language"]},
+    },
+    "translate_tests": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_translate_tests",
+        "description": "Translate test suite from source to target language with framework-specific assertion mapping.",
+        "input_schema": {"type": "object", "properties": {"source_test_dir": {"type": "string"}, "source_language": {"type": "string"}, "target_language": {"type": "string"}, "output_dir": {"type": "string"}, "ir_file": {"type": "string"}}, "required": ["source_test_dir", "source_language", "target_language", "output_dir"]},
+    },
+    "map_features": {
+        "category": "translation",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_map_features",
+        "description": "Map language-specific features between source and target languages.",
+        "input_schema": {"type": "object", "properties": {"source_language": {"type": "string"}, "target_language": {"type": "string"}, "feature_category": {"type": "string"}}, "required": ["source_language", "target_language"]},
+    },
+    # ============================================================
+    # DX (5 tools)
+    # ============================================================
+    "companion_setup": {
+        "category": "dx",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_companion_setup",
+        "description": "Auto-detect AI coding tools and generate all companion configuration files.",
+        "input_schema": {"type": "object", "properties": {"platforms": {"type": "string", "description": "Comma-separated platforms or 'all'"}, "write": {"type": "boolean", "default": True}, "sync": {"type": "boolean", "default": False}}},
+    },
+    "detect_ai_tools": {
+        "category": "dx",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_detect_ai_tools",
+        "description": "Detect installed AI coding tools from environment, config files, and directories.",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "generate_instructions": {
+        "category": "dx",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_generate_instructions",
+        "description": "Generate instruction/rules files for AI coding tools.",
+        "input_schema": {"type": "object", "properties": {"platforms": {"type": "string"}, "write": {"type": "boolean", "default": True}}},
+    },
+    "generate_mcp_configs": {
+        "category": "dx",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_generate_mcp_configs",
+        "description": "Generate MCP configuration files for AI tools that support MCP.",
+        "input_schema": {"type": "object", "properties": {"platforms": {"type": "string"}, "write": {"type": "boolean", "default": True}}},
+    },
+    "translate_skills": {
+        "category": "dx",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_translate_skills",
+        "description": "Translate Claude Code skills to equivalent formats for other AI tools.",
+        "input_schema": {"type": "object", "properties": {"platforms": {"type": "string"}, "write": {"type": "boolean", "default": True}}},
+    },
+    # ============================================================
+    # CLOUD (5 tools)
+    # ============================================================
+    "csp_monitor_scan": {
+        "category": "cloud",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_csp_monitor_scan",
+        "description": "Scan CSPs for service updates, deprecations, and compliance changes.",
+        "input_schema": {"type": "object", "properties": {"csp": {"type": "string"}, "all_csps": {"type": "boolean", "default": True}}},
+    },
+    "csp_changelog": {
+        "category": "cloud",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_csp_changelog",
+        "description": "Generate CSP service changelog with recommendations.",
+        "input_schema": {"type": "object", "properties": {"days": {"type": "integer", "default": 30}, "format": {"type": "string", "enum": ["json", "markdown"], "default": "json"}, "output": {"type": "string"}}},
+    },
+    "validate_region": {
+        "category": "cloud",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_validate_region",
+        "description": "Validate that a CSP region meets required compliance certifications.",
+        "input_schema": {"type": "object", "properties": {"csp": {"type": "string"}, "region": {"type": "string"}, "frameworks": {"type": "string"}, "impact_level": {"type": "string"}}, "required": ["csp", "region"]},
+    },
+    "cloud_mode_status": {
+        "category": "cloud",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_cloud_mode_status",
+        "description": "Get current cloud mode, CSP configuration, and readiness status.",
+        "input_schema": {"type": "object", "properties": {"action": {"type": "string", "enum": ["status", "validate", "eligible", "check_readiness"], "default": "status"}}},
+    },
+    "csp_health_check": {
+        "category": "cloud",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_csp_health_check",
+        "description": "Check health of all configured CSP services.",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    # ============================================================
+    # REGISTRY (9 tools)
+    # ============================================================
+    "register_child": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_register_child",
+        "description": "Register a child application in the evolutionary intelligence registry.",
+        "input_schema": {"type": "object", "properties": {"name": {"type": "string"}, "app_type": {"type": "string"}, "endpoint": {"type": "string"}, "project_id": {"type": "string"}}, "required": ["name", "app_type"]},
+    },
+    "list_children": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_list_children",
+        "description": "List all registered child applications with health status.",
+        "input_schema": {"type": "object", "properties": {"status": {"type": "string"}}},
+    },
+    "get_genome": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_get_genome",
+        "description": "Get the current capability genome version with SHA-256 content hash.",
+        "input_schema": {"type": "object", "properties": {"version": {"type": "string"}, "history": {"type": "boolean", "default": False}}},
+    },
+    "evaluate_capability": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_evaluate_capability",
+        "description": "Evaluate a capability across 6 dimensions (universality, compliance_safety, risk, evidence, novelty, cost).",
+        "input_schema": {"type": "object", "properties": {"capability_data": {"type": "object"}, "child_id": {"type": "string"}}, "required": ["capability_data"]},
+    },
+    "list_staging": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_list_staging",
+        "description": "List staging environments for capability testing.",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "list_propagations": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_list_propagations",
+        "description": "List capability propagation history.",
+        "input_schema": {"type": "object", "properties": {"status": {"type": "string"}}},
+    },
+    "absorption_candidates": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_absorption_candidates",
+        "description": "Get capabilities eligible for genome absorption (passed 72-hour stability window).",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "unevaluated_behaviors": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_unevaluated_behaviors",
+        "description": "Get learned behaviors from children that haven't been evaluated yet.",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "cross_pollination_candidates": {
+        "category": "registry",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_cross_pollination_candidates",
+        "description": "Find capabilities that could be shared between child applications.",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    # ============================================================
+    # SECURITY_AGENTIC (9 tools)
+    # ============================================================
+    "scan_code_patterns": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_scan_code_patterns",
+        "description": "Scan code for dangerous patterns (eval, exec, os.system, SQL injection) across 6 languages.",
+        "input_schema": {"type": "object", "properties": {"project_dir": {"type": "string"}, "language": {"type": "string"}, "gate": {"type": "boolean", "default": False}}, "required": ["project_dir"]},
+    },
+    "validate_tool_chain": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_validate_tool_chain",
+        "description": "Validate MCP tool call sequences against security rules.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "gate": {"type": "boolean", "default": False}}, "required": ["project_id"]},
+    },
+    "validate_agent_output": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_validate_agent_output",
+        "description": "Validate agent output for classification leaks, PII, and credential exposure.",
+        "input_schema": {"type": "object", "properties": {"text": {"type": "string"}, "project_id": {"type": "string"}, "gate": {"type": "boolean", "default": False}}},
+    },
+    "score_agent_trust": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_score_agent_trust",
+        "description": "Compute dynamic trust score for an agent based on behavior history.",
+        "input_schema": {"type": "object", "properties": {"agent_id": {"type": "string"}, "all_agents": {"type": "boolean", "default": False}, "gate": {"type": "boolean", "default": False}, "project_id": {"type": "string"}}},
+    },
+    "check_mcp_authorization": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_check_mcp_authorization",
+        "description": "Check if a role is authorized to use a specific MCP tool.",
+        "input_schema": {"type": "object", "properties": {"role": {"type": "string"}, "tool": {"type": "string"}, "list_permissions": {"type": "boolean", "default": False}, "validate_config": {"type": "boolean", "default": False}}},
+    },
+    "ai_telemetry_summary": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_telemetry_summary",
+        "description": "Get AI telemetry summary including usage stats and anomaly detection.",
+        "input_schema": {"type": "object", "properties": {"action": {"type": "string", "enum": ["summary", "anomalies", "drift"], "default": "summary"}, "window_hours": {"type": "integer", "default": 24}, "agent_id": {"type": "string"}}},
+    },
+    "generate_ai_bom": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_generate_ai_bom",
+        "description": "Generate AI Bill of Materials tracking all AI/ML components.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "project_dir": {"type": "string"}, "gate": {"type": "boolean", "default": False}}, "required": ["project_id"]},
+    },
+    "run_atlas_red_team": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_run_atlas_red_team",
+        "description": "Run MITRE ATLAS red team tests (opt-in only).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "technique": {"type": "string"}, "behavioral": {"type": "boolean", "default": False}, "brt_technique": {"type": "string"}}, "required": ["project_id"]},
+    },
+    "detect_behavioral_drift": {
+        "category": "security_agentic",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_detect_behavioral_drift",
+        "description": "Detect behavioral drift in agent tool usage patterns using z-score baseline.",
+        "input_schema": {"type": "object", "properties": {"agent_id": {"type": "string"}}},
+    },
+    # ============================================================
+    # TESTING (6 tools)
+    # ============================================================
+    "production_audit": {
+        "category": "testing",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_production_audit",
+        "description": "Run production readiness audit (30 checks across 6 categories).",
+        "input_schema": {"type": "object", "properties": {"category": {"type": "string"}, "gate": {"type": "boolean", "default": False}}},
+    },
+    "production_remediate": {
+        "category": "testing",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_production_remediate",
+        "description": "Auto-fix audit blockers with 3-tier confidence model.",
+        "input_schema": {"type": "object", "properties": {"auto": {"type": "boolean", "default": False}, "dry_run": {"type": "boolean", "default": False}, "check_id": {"type": "string"}, "skip_audit": {"type": "boolean", "default": False}}},
+    },
+    "validate_claude_dir": {
+        "category": "testing",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_validate_claude_dir",
+        "description": "Validate .claude directory governance (append-only tables, hooks, routes, deny rules).",
+        "input_schema": {"type": "object", "properties": {"check": {"type": "string"}}},
+    },
+    "health_check": {
+        "category": "testing",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_health_check",
+        "description": "Run full system health check.",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "validate_screenshot": {
+        "category": "testing",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_validate_screenshot",
+        "description": "Validate a screenshot using vision LLM for content verification.",
+        "input_schema": {"type": "object", "properties": {"image": {"type": "string"}, "assertion": {"type": "string"}, "batch_dir": {"type": "string"}, "check": {"type": "boolean", "default": False}}},
+    },
+    "run_e2e_tests": {
+        "category": "testing",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_run_e2e_tests",
+        "description": "Run E2E tests via Playwright MCP.",
+        "input_schema": {"type": "object", "properties": {"test_file": {"type": "string"}, "run_all": {"type": "boolean", "default": False}, "validate_screenshots": {"type": "boolean", "default": False}, "vision_strict": {"type": "boolean", "default": False}}},
+    },
+    # ============================================================
+    # INSTALLER (4 tools)
+    # ============================================================
+    "install_modules": {
+        "category": "installer",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_install_modules",
+        "description": "Install ICDEV modules using profile-based or custom module selection.",
+        "input_schema": {"type": "object", "properties": {"profile": {"type": "string"}, "compliance": {"type": "string"}, "platform": {"type": "string"}, "add_module": {"type": "string"}, "interactive": {"type": "boolean", "default": False}}},
+    },
+    "validate_module_registry": {
+        "category": "installer",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_validate_module_registry",
+        "description": "Validate the ICDEV module registry for dependency consistency.",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "list_compliance_postures": {
+        "category": "installer",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_list_compliance_postures",
+        "description": "List available compliance posture configurations.",
+        "input_schema": {"type": "object", "properties": {}},
+    },
+    "generate_platform_artifacts": {
+        "category": "installer",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_generate_platform_artifacts",
+        "description": "Generate platform-specific deployment artifacts (Docker, K8s, Helm, env).",
+        "input_schema": {"type": "object", "properties": {"platform": {"type": "string"}, "modules": {"type": "string"}}, "required": ["platform"]},
+    },
+    # ============================================================
+    # MISC (8 tools)
+    # ============================================================
+    "register_external_patterns": {
+        "category": "misc",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_register_external_patterns",
+        "description": "Register external framework patterns as innovation signals.",
+        "input_schema": {"type": "object", "properties": {"patterns": {"type": "array"}, "source_framework": {"type": "string"}}, "required": ["patterns", "source_framework"]},
+    },
+    "analyze_legacy_ui": {
+        "category": "misc",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_analyze_legacy_ui",
+        "description": "Analyze legacy UI screenshots for complexity scoring and component extraction.",
+        "input_schema": {"type": "object", "properties": {"image": {"type": "string"}, "image_dir": {"type": "string"}, "app_id": {"type": "string"}, "project_id": {"type": "string"}, "store": {"type": "boolean", "default": False}}},
+    },
+    "generate_profile_md": {
+        "category": "misc",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_generate_profile_md",
+        "description": "Generate PROFILE.md from a development profile.",
+        "input_schema": {"type": "object", "properties": {"scope": {"type": "string", "default": "project"}, "scope_id": {"type": "string"}, "output": {"type": "string"}, "store": {"type": "boolean", "default": False}}, "required": ["scope_id"]},
+    },
+    "generate_claude_md": {
+        "category": "misc",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_generate_claude_md",
+        "description": "Generate dynamic CLAUDE.md for a child application from a blueprint.",
+        "input_schema": {"type": "object", "properties": {"blueprint": {"type": "string"}, "output": {"type": "string"}}, "required": ["blueprint"]},
+    },
+    "version_migrate": {
+        "category": "misc",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_version_migrate",
+        "description": "Run language version migration (e.g., Python 2 to 3, Java 8 to 17).",
+        "input_schema": {"type": "object", "properties": {"source": {"type": "string"}, "output": {"type": "string"}, "language": {"type": "string", "enum": ["python", "java", "csharp"]}, "from_version": {"type": "string"}, "to_version": {"type": "string"}}, "required": ["source", "output", "language", "from_version", "to_version"]},
+    },
+    "framework_migrate": {
+        "category": "misc",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_framework_migrate",
+        "description": "Run framework migration (e.g., Struts to Spring Boot, WCF to ASP.NET Core).",
+        "input_schema": {"type": "object", "properties": {"source": {"type": "string"}, "output": {"type": "string"}, "from_framework": {"type": "string"}, "to_framework": {"type": "string"}}, "required": ["source", "output", "from_framework", "to_framework"]},
+    },
+    "worktree_manage": {
+        "category": "misc",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_worktree_manage",
+        "description": "Manage git worktrees for parallel CI/CD task isolation.",
+        "input_schema": {"type": "object", "properties": {"action": {"type": "string", "enum": ["create", "list", "cleanup", "status"], "default": "list"}, "task_id": {"type": "string"}, "target_dir": {"type": "string"}, "worktree_name": {"type": "string"}}},
+    },
+    "nlq_query": {
+        "category": "misc",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_nlq_query",
+        "description": "Run natural language compliance query (NLQ to SQL).",
+        "input_schema": {"type": "object", "properties": {"query": {"type": "string"}, "project_id": {"type": "string"}}, "required": ["query"]},
+    },
+    # ============================================================
+    # AI TRANSPARENCY & ACCOUNTABILITY (Phase 48, 10 tools)
+    # ============================================================
+    "omb_m25_21_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_omb_m25_21_assess",
+        "description": "Run OMB M-25-21 High-Impact AI assessment. Checks AI inventory, risk classification, oversight plans, and transparency notices.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "project_dir": {"type": "string", "description": "Project directory path (optional)"}}, "required": ["project_id"]},
+    },
+    "omb_m26_04_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_omb_m26_04_assess",
+        "description": "Run OMB M-26-04 Unbiased AI assessment. Checks model cards, system cards, bias testing, fairness metrics, and human review processes.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "project_dir": {"type": "string", "description": "Project directory path (optional)"}}, "required": ["project_id"]},
+    },
+    "nist_ai_600_1_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_nist_ai_600_1_assess",
+        "description": "Run NIST AI 600-1 GenAI Profile assessment. Checks confabulation detection, data privacy, information integrity, CBRN safeguards, and value chain transparency.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "project_dir": {"type": "string", "description": "Project directory path (optional)"}}, "required": ["project_id"]},
+    },
+    "gao_ai_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_gao_ai_assess",
+        "description": "Run GAO-21-519SP AI Accountability assessment. Checks governance, data, performance, and monitoring evidence.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "project_dir": {"type": "string", "description": "Project directory path (optional)"}}, "required": ["project_id"]},
+    },
+    "fedramp_ksi_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_fedramp_ksi_generate",
+        "description": "Generate FedRAMP 20x KSI evidence for continuous authorization. Maps ICDEV evidence to 43 KSIs across 12 NIST families.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "ksi_id": {"type": "string", "description": "Specific KSI ID (optional, generates all if omitted)"}}, "required": ["project_id"]},
+    },
+    "fedramp_authorization_package": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_fedramp_authorization_package",
+        "description": "Bundle FedRAMP 20x authorization package with OSCAL SSP, KSI evidence, and compliance artifacts.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "output_dir": {"type": "string", "description": "Output directory (optional)"}}, "required": ["project_id"]},
+    },
+    "owasp_asi_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_owasp_asi_assess",
+        "description": "Run OWASP ASI01-ASI10 Agentic AI risk assessment. Maps 10 ASI risks to ICDEV controls.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "project_dir": {"type": "string", "description": "Project directory path (optional)"}}, "required": ["project_id"]},
+    },
+    "slsa_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_slsa_generate",
+        "description": "Generate SLSA v1.0 provenance statement from build pipeline evidence (D341).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "target_level": {"type": "integer", "description": "Target SLSA level (0-4, default 3)"}}, "required": ["project_id"]},
+    },
+    "slsa_verify": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_slsa_verify",
+        "description": "Verify project meets target SLSA level with gap analysis and recommendations.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "target_level": {"type": "integer", "description": "Target SLSA level (0-4, default 3)"}}, "required": ["project_id"]},
+    },
+    "swft_bundle": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_swft_bundle",
+        "description": "Bundle DoD SWFT evidence package with SLSA provenance, SBOM, VEX, and compliance artifacts.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "output_dir": {"type": "string", "description": "Output directory (optional)"}}, "required": ["project_id"]},
+    },
+    "vex_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_vex_generate",
+        "description": "Generate VEX (Vulnerability Exploitability eXchange) document from vulnerability data.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}}, "required": ["project_id"]},
+    },
+    "model_card_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_model_card_generate",
+        "description": "Generate a model card per OMB M-26-04 / Google Model Cards format. Pulls data from AI BOM, telemetry, and XAI assessments.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "model_name": {"type": "string", "description": "Name of the AI model"}}, "required": ["project_id", "model_name"]},
+    },
+    "system_card_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_system_card_generate",
+        "description": "Generate a system-level AI card covering the entire AI system (models, tools, agents, data flows, risk profile).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}}, "required": ["project_id"]},
+    },
+    "ai_transparency_audit": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_transparency_audit",
+        "description": "Run cross-framework AI transparency audit across all 4 frameworks (OMB M-25-21, M-26-04, AI 600-1, GAO) with gap analysis.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "project_dir": {"type": "string"}}, "required": ["project_id"]},
+    },
+    "confabulation_check": {
+        "category": "security",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_confabulation_check",
+        "description": "Check text output for confabulation (hallucination) indicators using deterministic methods: citation verification, contradiction detection, confidence calibration.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "text": {"type": "string", "description": "Text to check for confabulation"}}, "required": ["project_id", "text"]},
+    },
+    "ai_inventory_register": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_inventory_register",
+        "description": "Register an AI use case in the OMB M-25-21 inventory. Classifies risk level (minimal, high-impact, safety-impacting).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "name": {"type": "string", "description": "AI component name"}, "purpose": {"type": "string"}, "risk_level": {"type": "string", "enum": ["minimal_risk", "high_impact", "safety_impacting"], "default": "minimal_risk"}}, "required": ["project_id", "name"]},
+    },
+    "fairness_assess": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_fairness_assess",
+        "description": "Assess fairness and bias compliance per OMB M-26-04. Checks documentation evidence for bias testing, fairness metrics, and appeal processes.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "project_dir": {"type": "string"}}, "required": ["project_id"]},
+    },
+    # ============================================================
+    # AI ACCOUNTABILITY (Phase 49, D316-D321, 8 tools)
+    # ============================================================
+    "ai_oversight_plan_create": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_oversight_plan_create",
+        "description": "Register a human oversight plan for an AI system (M25-OVR-1, GAO accountability).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "plan_name": {"type": "string"}, "plan_data": {"type": "string"}, "approved_by": {"type": "string"}}, "required": ["project_id", "plan_name"]},
+    },
+    "ai_caio_designate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_caio_designate",
+        "description": "Designate a Chief AI Officer or responsible AI official for a project (M25-OVR-4).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "official_name": {"type": "string"}, "official_role": {"type": "string", "default": "CAIO"}, "organization": {"type": "string"}}, "required": ["project_id", "official_name"]},
+    },
+    "ai_appeal_file": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_appeal_file",
+        "description": "File an accountability appeal for an AI system decision (M25-OVR-3, M26-REV-2, FAIR-7).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "appellant": {"type": "string"}, "ai_system": {"type": "string"}, "decision_contested": {"type": "string"}}, "required": ["project_id", "appellant", "ai_system"]},
+    },
+    "ai_appeal_resolve": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_appeal_resolve",
+        "description": "Resolve a previously filed AI accountability appeal.",
+        "input_schema": {"type": "object", "properties": {"appeal_id": {"type": "integer"}, "resolution": {"type": "string"}, "resolved_by": {"type": "string"}}, "required": ["appeal_id", "resolution", "resolved_by"]},
+    },
+    "ai_ethics_review_submit": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_ethics_review_submit",
+        "description": "Submit an ethics review for an AI system (GAO-GOV-2/3, M26-REV-3, FAIR-1).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "review_type": {"type": "string"}, "ai_system": {"type": "string"}, "findings": {"type": "string"}, "opt_out_policy": {"type": "boolean", "default": False}, "legal_compliance_matrix": {"type": "boolean", "default": False}, "pre_deployment_review": {"type": "boolean", "default": False}, "reviewer": {"type": "string"}}, "required": ["project_id", "review_type"]},
+    },
+    "ai_incident_log": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_incident_log",
+        "description": "Log an AI-specific incident for tracking and corrective action (M25-RISK-4, GAO-MON-3).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "incident_type": {"type": "string", "enum": ["confabulation", "bias_detected", "unauthorized_access", "model_drift", "data_breach", "safety_violation", "appeal_escalation", "other"]}, "ai_system": {"type": "string"}, "severity": {"type": "string", "enum": ["low", "medium", "high", "critical"], "default": "medium"}, "description": {"type": "string"}, "reported_by": {"type": "string"}}, "required": ["project_id", "incident_type", "description"]},
+    },
+    "ai_reassessment_schedule": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_reassessment_schedule",
+        "description": "Create or update a reassessment schedule for an AI system (M25-INV-3, GAO-MON-4).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "ai_system": {"type": "string"}, "frequency": {"type": "string", "enum": ["monthly", "quarterly", "semi_annual", "annual"], "default": "annual"}, "next_due": {"type": "string", "description": "ISO date for next reassessment"}}, "required": ["project_id", "ai_system"]},
+    },
+    "ai_accountability_audit": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ai_accountability_audit",
+        "description": "Run cross-framework AI accountability audit across all 4 frameworks with gap analysis and remediation guidance (Phase 49).",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}, "project_dir": {"type": "string"}}, "required": ["project_id"]},
+    },
+    # ============================================================
+    # CODE INTELLIGENCE (Phase 52, D331-D337, 3 tools)
+    # ============================================================
+    "code_analyze": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_code_analyze",
+        "description": "Run AST-based code quality analysis on a project directory. Returns per-function metrics: cyclomatic/cognitive complexity, nesting depth, LOC, smells, maintainability score.",
+        "input_schema": {"type": "object", "properties": {"project_dir": {"type": "string", "description": "Directory to analyze"}, "project_id": {"type": "string"}, "store": {"type": "boolean", "description": "Store metrics in DB", "default": False}}, "required": ["project_dir"]},
+    },
+    "code_quality_report": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_code_quality_report",
+        "description": "Get code quality trend report for a project. Shows maintainability over time, complexity distribution, and smell density.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string"}}, "required": ["project_id"]},
+    },
+    # ============================================================
+    # PLATFORM ONE / IRON BANK (Phase 57, D350, 2 tools)
+    # ============================================================
+    "ironbank_generate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ironbank_generate",
+        "description": "Generate Platform One / Iron Bank hardening manifest (hardening_manifest.yaml) and container approval record for DoD Iron Bank submission.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "project_dir": {"type": "string", "description": "Project source directory (optional, for language detection)"}, "output_dir": {"type": "string", "description": "Output directory for artifacts (optional)"}}, "required": ["project_id"]},
+    },
+    "ironbank_validate": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_ironbank_validate",
+        "description": "Validate existing Iron Bank hardening manifest against required fields and Iron Bank submission requirements.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "manifest_path": {"type": "string", "description": "Path to hardening_manifest.yaml (optional)"}}, "required": ["project_id"]},
+    },
+    "eu_ai_act_classify": {
+        "category": "compliance",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_eu_ai_act_classify",
+        "description": "Run EU AI Act (Regulation 2024/1689) risk classification and compliance assessment. Maps 12 high-risk requirements to ICDEV controls via ISO 27001 bridge.",
+        "input_schema": {"type": "object", "properties": {"project_id": {"type": "string", "description": "Project UUID"}, "project_dir": {"type": "string", "description": "Project directory path (optional)"}}, "required": ["project_id"]},
+    },
+    "runtime_feedback_collect": {
+        "category": "builder",
+        "module": "icdev.tools.mcp.gap_handlers",
+        "handler": "handle_runtime_feedback_collect",
+        "description": "Collect runtime feedback from test results. Parses JUnit XML or pytest stdout and correlates test results back to source functions.",
+        "input_schema": {"type": "object", "properties": {"xml_path": {"type": "string", "description": "Path to JUnit XML file"}, "project_id": {"type": "string"}, "run_id": {"type": "string"}}, "required": ["xml_path"]},
+    },
+}
+
+
+RESOURCE_REGISTRY = {
+    "projects://list": {
+        "name": "Project List",
+        "description": "List of all ICDEV projects",
+        "module": "icdev.tools.mcp.core_server",
+        "handler": "handle_resource_projects_list",
+        "mime_type": "application/json",
+    },
+    "projects://{id}/status": {
+        "name": "Project Status",
+        "description": "Detailed status for a specific project",
+        "module": "icdev.tools.mcp.core_server",
+        "handler": "handle_resource_project_status",
+        "mime_type": "application/json",
+    },
+    "marketplace://catalog": {
+        "name": "Marketplace Catalog",
+        "description": "Published marketplace assets",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_catalog_resource",
+        "mime_type": "application/json",
+    },
+    "marketplace://pending-reviews": {
+        "name": "Pending Reviews",
+        "description": "Marketplace assets awaiting review",
+        "module": "icdev.tools.mcp.marketplace_server",
+        "handler": "handle_pending_resource",
+        "mime_type": "application/json",
+    },
+    "observability://config": {
+        "name": "Observability Configuration",
+        "description": "Current observability tracing configuration (backend, sampling, retention, content policy)",
+        "module": "icdev.tools.mcp.observability_server",
+        "handler": "config_resource_handler",
+        "mime_type": "application/json",
+    },
+    "observability://stats": {
+        "name": "Observability Statistics",
+        "description": "Live trace, provenance, and SHAP statistics",
+        "module": "icdev.tools.mcp.observability_server",
+        "handler": "stats_resource_handler",
+        "mime_type": "application/json",
+    },
+}