Microsoft 365 Core MCP Server

Instructions

Implementation Reference

• src/handlers/compliance-handler.ts:99-159 (handler)

  Main handler function implementing the core logic for manage_compliance_assessments tool. Handles actions: create, execute, get_results, schedule, cancel. Integrates with Graph API for assessments.
  // Compliance Assessment Handler export async function handleComplianceAssessments( graphClient: Client, args: ComplianceAssessmentArgs ): Promise<{ content: { type: string; text: string }[] }> { let result: any; switch (args.action) { case 'create': // Create new compliance assessment const assessmentId = `assessment-${Date.now()}`; result = { id: assessmentId, framework: args.framework, scope: args.scope, settings: args.settings, status: 'created', createdDate: new Date().toISOString() }; break; case 'execute': if (!args.assessmentId) { throw new McpError(ErrorCode.InvalidParams, 'assessmentId is required for execute action'); } // Execute assessment result = await executeAssessment(graphClient, args.assessmentId, args.framework); break; case 'get_results': if (!args.assessmentId) { throw new McpError(ErrorCode.InvalidParams, 'assessmentId is required for get_results action'); } result = await getAssessmentResults(graphClient, args.assessmentId); break; case 'schedule': result = { assessmentId: args.assessmentId, scheduledDate: args.settings?.scheduledDate, status: 'scheduled', message: 'Assessment scheduled successfully' }; break; case 'cancel': result = { assessmentId: args.assessmentId, status: 'cancelled', message: 'Assessment cancelled successfully' }; break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
• src/tool-definitions.ts:407-413 (schema)

  Zod schema defining input parameters for the manage_compliance_assessments tool.
  export const complianceAssessmentSchema = z.object({ action: z.enum(['create', 'update', 'execute', 'schedule', 'cancel', 'get_results']).describe('Compliance assessment action'), assessmentId: z.string().optional().describe('Assessment ID for tracking'), framework: z.enum(['hitrust', 'iso27001', 'soc2']).describe('Framework to assess against'), scope: z.record(z.string(), z.unknown()).describe('Assessment scope'), settings: z.record(z.string(), z.unknown()).optional().describe('Assessment settings'), });
• src/handlers.ts:46-60 (registration)

  Imports the handleComplianceAssessments handler function and ComplianceAssessmentArgs type, indicating registration for the manage_compliance_assessments tool.
  // Import compliance handlers and types import { handleComplianceFrameworks, handleComplianceAssessments, handleComplianceMonitoring, handleEvidenceCollection, handleGapAnalysis } from './handlers/compliance-handler.js'; import { ComplianceFrameworkArgs, ComplianceAssessmentArgs, ComplianceMonitoringArgs, EvidenceCollectionArgs, GapAnalysisArgs } from './types/compliance-types.js';
• src/tool-metadata.ts:176-179 (schema)

  Tool metadata providing description, title, and annotations for manage_compliance_assessments.
  manage_compliance_assessments: { description: "Conduct compliance assessments and generate detailed reports on regulatory adherence and security controls.", title: "Compliance Assessment Tool", annotations: { title: "Compliance Assessment Tool", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true }
• src/handlers/compliance-handler.ts:317-332 (helper)

  Helper function executeAssessment called by the main handler for executing compliance assessments.
  async function executeAssessment(graphClient: Client, assessmentId: string, framework: string) { // Execute compliance assessment return { assessmentId, framework, status: 'completed', completedDate: new Date().toISOString(), results: { overallScore: 85, controlsAssessed: 114, controlsPassed: 97, controlsFailed: 17, recommendations: 12 } }; }