UNPKG

framework-mcp

Version:

Pure Data Provider architecture serving authentic CIS Controls Framework data via MCP and HTTP API. Empowers LLMs with authoritative safeguards data for analysis. Supports Microsoft Copilot custom connectors and DigitalOcean App Services deployment.

github.com/therealcybermattlee/FrameworkMCP

therealcybermattlee/FrameworkMCP

190 lines (142 loc) 8.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# Migration Guide: Framework MCP v1.4.0 ## Pure Data Provider Architecture Transformation Framework MCP v1.4.0 introduces a **Pure Data Provider architecture** that transforms how vendor capability analysis is performed. This guide helps existing users migrate to the new approach and understand the enhanced capabilities. ## 🎯 Architectural Benefits ### Before v1.4.0: Hardcoded Analysis Engine - **Limited Flexibility**: Fixed analysis logic with preset validation rules - **Rigid Assessment**: Single approach to capability determination - **Complex Configuration**: Multiple analysis parameters and validation settings - **Opaque Processing**: Analysis logic hidden within the tool ### After v1.4.0: Pure Data Provider + LLM Analysis - **Unlimited Flexibility**: LLMs can apply any analysis approach or methodology - **Context-Aware Assessment**: Analysis considers industry, risk profile, and specific requirements - **Simplified Interface**: Clean data provision without analysis complexity - **Transparent Process**: Analysis reasoning fully visible and customizable ## 🔄 Migration Overview **KEY CHANGE**: Framework MCP no longer performs analysis - it provides authoritative CIS Controls data for LLMs to analyze with sophisticated, context-aware intelligence. ### Tools Removed -`analyze_vendor_response` - Analysis logic moved to LLM capability -`validate_vendor_mapping` - Validation logic moved to LLM intelligence ### Tools Retained (Enhanced Data Focus) -`get_safeguard_details` - **Enhanced** with rich, structured CIS data -`list_available_safeguards` - Complete framework coverage ## 📋 Step-by-Step Migration ### Step 1: Update Framework MCP ```bash npm update -g framework-mcp # Or reinstall to ensure latest version npm uninstall -g framework-mcp && npm install -g framework-mcp ``` ### Step 2: Replace Analysis Calls with LLM-Driven Patterns #### OLD v1.3.7 Approach (Hardcoded Analysis) ```bash claude-code "Use analyze_vendor_response with vendor_name 'Microsoft Defender', safeguard_id '5.1', and response_text 'We provide centralized account management with automated provisioning'" ``` #### NEW v1.4.0 Approach (LLM-Driven Analysis) ```bash claude-code "Get safeguard details for 5.1, then analyze this vendor response against those requirements: Microsoft Defender - 'We provide centralized account management with automated provisioning'. Assess capability role considering enterprise context and provide confidence rating." ``` ### Step 3: Leverage Enhanced LLM Capabilities The new approach enables sophisticated analysis patterns: #### Risk-Based Assessment ```bash claude-code "Get details for safeguard 8.2. For a high-risk financial services environment, analyze SentinelOne's response: 'We collect endpoint telemetry and forward logs to SIEM platforms.' Consider regulatory requirements and determine appropriate capability role." ``` #### Comparative Analysis ```bash claude-code "Get safeguard 1.1 details. Compare these vendor capabilities and rank by implementation completeness: 1) Lansweeper: 'Complete network discovery and inventory' 2) ServiceNow: 'CMDB with manual asset entry' 3) Microsoft Intune: 'Managed device tracking only'" ``` #### Multi-Safeguard Assessment ```bash claude-code "Get details for safeguards 5.1, 5.2, and 5.3. Analyze how CyberArk PAM addresses these account management requirements and identify any gaps in coverage." ``` ## 🚀 Advanced LLM Analysis Patterns ### 1. Compliance-Focused Analysis ```bash claude-code "Get safeguard 11.1 details. For SOX compliance requirements, assess Veeam Backup's capability: 'Automated daily backups with 99.9% recovery success rate and quarterly recovery testing.' Focus on governance and validation aspects." ``` ### 2. Technology-Specific Assessment ```bash claude-code "Get details for safeguard 16.3. From a DevSecOps perspective, analyze GitHub Advanced Security: 'Static analysis, dependency scanning, and secret detection in CI/CD pipeline.' Consider modern development workflows." ``` ### 3. Implementation Planning ```bash claude-code "Get safeguard 13.1 details. Our organization uses Splunk SIEM. Analyze how this addresses network monitoring requirements and recommend complementary tools for complete coverage." ``` ## 🎨 Benefits of LLM-Driven Analysis ### Context Awareness - **Industry Considerations**: LLMs understand sector-specific requirements - **Risk Profiles**: Analysis adapts to organizational risk tolerance - **Technology Stack**: Assessment considers existing tool ecosystems ### Analytical Flexibility - **Multiple Methodologies**: Apply different assessment frameworks - **Custom Criteria**: Focus on organization-specific priorities - **Comparative Analysis**: Evaluate multiple vendors simultaneously ### Enhanced Intelligence - **Natural Language**: Complex analysis requests in plain English - **Reasoning Transparency**: Full explanation of assessment logic - **Adaptive Questioning**: LLMs can ask clarifying questions ## 📊 Migration Examples ### Example 1: Basic Capability Assessment **Old Method:** ```bash # Required specific tool call format claude-code "Use analyze_vendor_response..." ``` **New Method:** ```bash claude-code "Get safeguard 6.8 details and assess whether Okta's MFA solution constitutes FULL or FACILITATES capability for this requirement." ``` ### Example 2: Validation Assessment **Old Method:** ```bash # Fixed validation logic claude-code "Use validate_vendor_mapping..." ``` **New Method:** ```bash claude-code "Get safeguard 12.4 details. This vendor claims FULL capability: 'We monitor all network traffic and identify unauthorized devices.' Validate this claim and provide evidence-based assessment." ``` ### Example 3: Multi-Vendor Comparison **Old Method:** ```bash # Required multiple separate calls claude-code "Use analyze_vendor_response..." # Vendor A claude-code "Use analyze_vendor_response..." # Vendor B ``` **New Method:** ```bash claude-code "Get safeguard 2.1 details. Compare these software inventory solutions and recommend the best fit for our 500-employee company: 1) Lansweeper 2) Device42 3) ManageEngine AssetExplorer. Consider deployment complexity and feature completeness." ``` ## 🔧 Technical Changes ### HTTP API Updates - **Removed**: `/api/analyze-vendor-response` endpoint - **Removed**: `/api/validate-vendor-mapping` endpoint - **Enhanced**: Data endpoints optimized for LLM consumption - **Maintained**: Full OpenAPI compatibility for Microsoft Copilot ### MCP Protocol Changes - **Simplified**: 2 core tools instead of 4 complex tools - **Enhanced**: Rich data provision with structured safeguard information - **Optimized**: Performance improvements for data retrieval ## 📚 Common Migration Questions ### Q: Will my existing Copilot connectors work? **A**: Yes, but update to use data endpoints. The enhanced LLM analysis provides better results than hardcoded validation. ### Q: How do I replicate my custom validation logic? **A**: Describe your validation criteria to the LLM along with the safeguard data. LLMs can apply complex, custom logic more effectively than preset rules. ### Q: Can I still get confidence scores? **A**: Yes, LLMs can provide confidence assessments with detailed reasoning - often more nuanced than algorithmic scores. ### Q: What about bulk vendor analysis? **A**: LLMs excel at processing multiple vendors simultaneously. Upload vendor data and request comparative analysis across all entries. ## 🎯 Next Steps 1. **Update Framework MCP** to v1.4.0 2. **Review existing analysis workflows** and identify LLM-driven alternatives 3. **Experiment with enhanced patterns** like comparative analysis and context-aware assessment 4. **Update documentation** and training materials for new approach 5. **Leverage LLM flexibility** to create more sophisticated vendor evaluations ## 📞 Support If you encounter migration challenges: - 📧 **Issues**: [GitHub Issues](https://github.com/therealcybermattlee/FrameworkMCP/issues) - 📖 **Documentation**: [Enhanced Usage Patterns](examples/llm-analysis-patterns.md) - 💬 **Discussions**: [GitHub Discussions](https://github.com/therealcybermattlee/FrameworkMCP/discussions) --- **The Pure Data Provider architecture transforms Framework MCP from a rigid analysis tool into a flexible foundation for sophisticated, LLM-powered vendor capability assessment.**