security-controls-mcp 0.2.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. security_controls_mcp-0.2.0/.gitleaks.toml +38 -0
  2. security_controls_mcp-0.2.0/CHANGELOG.md +76 -0
  3. security_controls_mcp-0.2.0/CI-CD-PIPELINE.md +622 -0
  4. security_controls_mcp-0.2.0/CLAUDE_CODE_SETUP.md +222 -0
  5. security_controls_mcp-0.2.0/DEPLOYMENT_CHECKLIST.md +327 -0
  6. security_controls_mcp-0.2.0/Dockerfile +58 -0
  7. security_controls_mcp-0.2.0/INSTALL.md +165 -0
  8. security_controls_mcp-0.2.0/LEGAL_COMPLIANCE.md +284 -0
  9. security_controls_mcp-0.2.0/LICENSE +17 -0
  10. security_controls_mcp-0.2.0/LICENSE-DATA.md +61 -0
  11. security_controls_mcp-0.2.0/MANIFEST.in +19 -0
  12. security_controls_mcp-0.2.0/PAID_STANDARDS_GUIDE.md +341 -0
  13. security_controls_mcp-0.2.0/PKG-INFO +467 -0
  14. security_controls_mcp-0.2.0/QUICK_START.md +169 -0
  15. security_controls_mcp-0.2.0/README.md +433 -0
  16. security_controls_mcp-0.2.0/SECURITY-TOOLS.md +417 -0
  17. security_controls_mcp-0.2.0/SECURITY.md +167 -0
  18. security_controls_mcp-0.2.0/TESTING.md +229 -0
  19. security_controls_mcp-0.2.0/pyproject.toml +75 -0
  20. security_controls_mcp-0.2.0/quality_test.py +173 -0
  21. security_controls_mcp-0.2.0/scf-extract-starter.py +233 -0
  22. security_controls_mcp-0.2.0/scf-query-tester.py +238 -0
  23. security_controls_mcp-0.2.0/setup.cfg +4 -0
  24. security_controls_mcp-0.2.0/src/security_controls_mcp/__init__.py +3 -0
  25. security_controls_mcp-0.2.0/src/security_controls_mcp/__main__.py +8 -0
  26. security_controls_mcp-0.2.0/src/security_controls_mcp/cli.py +255 -0
  27. security_controls_mcp-0.2.0/src/security_controls_mcp/config.py +145 -0
  28. security_controls_mcp-0.2.0/src/security_controls_mcp/data/framework-to-scf.json +13986 -0
  29. security_controls_mcp-0.2.0/src/security_controls_mcp/data/scf-controls.json +50162 -0
  30. security_controls_mcp-0.2.0/src/security_controls_mcp/data_loader.py +180 -0
  31. security_controls_mcp-0.2.0/src/security_controls_mcp/extractors/__init__.py +5 -0
  32. security_controls_mcp-0.2.0/src/security_controls_mcp/extractors/pdf_extractor.py +248 -0
  33. security_controls_mcp-0.2.0/src/security_controls_mcp/http_server.py +477 -0
  34. security_controls_mcp-0.2.0/src/security_controls_mcp/legal_notice.py +82 -0
  35. security_controls_mcp-0.2.0/src/security_controls_mcp/providers.py +238 -0
  36. security_controls_mcp-0.2.0/src/security_controls_mcp/registry.py +132 -0
  37. security_controls_mcp-0.2.0/src/security_controls_mcp/server.py +613 -0
  38. security_controls_mcp-0.2.0/src/security_controls_mcp.egg-info/PKG-INFO +467 -0
  39. security_controls_mcp-0.2.0/src/security_controls_mcp.egg-info/SOURCES.txt +51 -0
  40. security_controls_mcp-0.2.0/src/security_controls_mcp.egg-info/dependency_links.txt +1 -0
  41. security_controls_mcp-0.2.0/src/security_controls_mcp.egg-info/entry_points.txt +2 -0
  42. security_controls_mcp-0.2.0/src/security_controls_mcp.egg-info/requires.txt +13 -0
  43. security_controls_mcp-0.2.0/src/security_controls_mcp.egg-info/top_level.txt +1 -0
  44. security_controls_mcp-0.2.0/test_server.py +68 -0
  45. security_controls_mcp-0.2.0/tests/README.md +124 -0
  46. security_controls_mcp-0.2.0/tests/__init__.py +1 -0
  47. security_controls_mcp-0.2.0/tests/test_content_quality.py +284 -0
  48. security_controls_mcp-0.2.0/tests/test_data_loader.py +183 -0
  49. security_controls_mcp-0.2.0/tests/test_integration.py +174 -0
  50. security_controls_mcp-0.2.0/tests/test_paid_standards.py +235 -0
  51. security_controls_mcp-0.2.0/tests/test_security.py +322 -0
  52. security_controls_mcp-0.2.0/tests/test_smoke.py +135 -0
  53. security_controls_mcp-0.2.0/verify_production_ready.py +344 -0
security_controls_mcp-0.2.0/.gitleaks.toml ADDED
@@ -0,0 +1,38 @@
1
+ # Gitleaks configuration
2
+ # Customize secret detection rules and allowlists
3
+
4
+ title = "Security Controls MCP - Gitleaks Config"
5
+
6
+ [extend]
7
+ # Use default Gitleaks rules as base
8
+ useDefault = true
9
+
10
+ [allowlist]
11
+ description = "Allowlisted files and patterns"
12
+
13
+ # Allowlist specific paths (e.g., test fixtures, documentation examples)
14
+ paths = [
15
+ # Add paths to ignore, e.g.:
16
+ # '''tests/fixtures/example_secrets\.py''',
17
+ # '''docs/examples/.*'''
18
+ ]
19
+
20
+ # Allowlist specific commit hashes (if secrets were already rotated)
21
+ commits = [
22
+ # Add commit SHAs to ignore, e.g.:
23
+ # "abc123def456",
24
+ ]
25
+
26
+ # Allowlist specific regex patterns
27
+ regexes = [
28
+ # Add regex patterns to ignore, e.g.:
29
+ # '''example\.com''',
30
+ ]
31
+
32
+ # Stop words that indicate a false positive
33
+ stopwords = [
34
+ # Add stop words, e.g.:
35
+ # '''fake''',
36
+ # '''example''',
37
+ # '''test''',
38
+ ]
security_controls_mcp-0.2.0/CHANGELOG.md ADDED
@@ -0,0 +1,76 @@
1
+ # Changelog
2
+
3
+ All notable changes to this project will be documented in this file.
4
+
5
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
+
8
+ ## [0.2.0] - 2025-01-29
9
+
10
+ ### Added
11
+ - **Paid Standards Support** - Import and query purchased security standards (ISO 27001, NIST SP 800-53, etc.)
12
+ - Three new MCP tools:
13
+ - `list_available_standards` - Show all available standards (SCF + imported)
14
+ - `query_standard` - Search within purchased standards
15
+ - `get_clause` - Get full text of specific clauses
16
+ - CLI tool (`scf-mcp`) for importing standards from PDF:
17
+ - `scf-mcp import-standard` - Extract and import PDF standards
18
+ - `scf-mcp list-standards` - List all imported standards
19
+ - Enhanced existing tools with official text from purchased standards:
20
+ - `get_control` now shows official text alongside SCF descriptions
21
+ - `map_frameworks` displays official text from both source and target frameworks
22
+ - User-local storage (`~/.security-controls-mcp/`) - keeps paid content private
23
+ - PDF extraction pipeline with intelligent structure detection
24
+ - Comprehensive documentation: PAID_STANDARDS_GUIDE.md (341 lines)
25
+ - 12 new tests for paid standards functionality (63 total tests)
26
+ - License compliance features: startup warnings, attribution, git safety checks
27
+
28
+ ### Changed
29
+ - Updated README.md with paid standards overview and quick start
30
+ - Enhanced legal notices to show loaded paid standards
31
+ - Tool count increased from 5 to 8
32
+
33
+ ### Technical Details
34
+ - Provider abstraction for extensible standard support
35
+ - Config system for managing imported standards
36
+ - Registry pattern for unified standard access
37
+ - Optional dependencies: `pip install -e '.[import-tools]'` for PDF extraction
38
+
39
+ ### Fixed
40
+ - Git safety check when standards directory is outside repository
41
+
42
+ ## [0.1.0] - 2025-01-29
43
+
44
+ ### Added
45
+ - Initial release of Security Controls MCP Server
46
+ - Support for 16 security frameworks with 1,451 controls mapped from SCF 2025.4
47
+ - Five MCP tools:
48
+ - `get_control` - Retrieve detailed control information
49
+ - `search_controls` - Search controls by keyword
50
+ - `list_frameworks` - List all available frameworks
51
+ - `get_framework_controls` - Get controls for a specific framework
52
+ - `map_frameworks` - Map controls between any two frameworks
53
+ - Comprehensive documentation (README, INSTALL, TESTING)
54
+ - Test suite with MCP protocol integration tests
55
+ - Data files: scf-controls.json (1,451 controls), framework-to-scf.json (reverse mappings)
56
+
57
+ ### Frameworks Supported
58
+ - NIST SP 800-53 R5 (777 controls)
59
+ - SOC 2 TSC (412 controls)
60
+ - PCI DSS v4.0.1 (364 controls)
61
+ - FedRAMP R5 Moderate (343 controls)
62
+ - ISO/IEC 27002:2022 (316 controls)
63
+ - NIST CSF 2.0 (253 controls)
64
+ - CIS CSC v8.1 (234 controls)
65
+ - CMMC 2.0 Level 2 (198 controls)
66
+ - HIPAA Security Rule (136 controls)
67
+ - DORA (103 controls)
68
+ - NIS2 (68 controls)
69
+ - NCSC CAF 4.0 (67 controls)
70
+ - CMMC 2.0 Level 1 (52 controls)
71
+ - ISO/IEC 27001:2022 (51 controls)
72
+ - GDPR (42 controls)
73
+ - UK Cyber Essentials (26 controls)
74
+
75
+ [0.2.0]: https://github.com/Ansvar-Systems/security-controls-mcp/releases/tag/v0.2.0
76
+ [0.1.0]: https://github.com/Ansvar-Systems/security-controls-mcp/releases/tag/v0.1.0