Security Context MCP Server

# Security Context MCP Server An MCP (Model Context Protocol) server that provides instant access to authoritative security documentation from OWASP, NIST, AWS, Google Cloud, SANS, CIS, and other cybersecurity authorities. Think of it as having a security expert at your fingertips. ## Features - **Comprehensive Security Knowledge Base**: Aggregates documentation from multiple authoritative sources - **Semantic Search**: Find relevant security guidance using natural language queries - **Local Caching**: Fast, offline-capable access to indexed documentation - **Multiple Security Domains**: - OWASP Top 10, Cheat Sheets - NIST Cybersecurity Framework, SP 800-53, SP 800-171, Zero Trust - AWS Security Best Practices, Well-Architected Framework - Google Cloud Security, BeyondCorp Zero Trust - SANS/CWE Top 25, CIS Controls - CIS Benchmarks ## Installation ```bash npm install npm run build ``` ## Initial Setup Before using the MCP server, fetch and index the security documentation: ```bash npm run fetch-docs ``` This will: 1. Download documentation from all configured sources 2. Index the content for fast semantic search 3. Cache everything locally in `~/.security-mcp/` The fetch process takes 2-5 minutes depending on your internet connection. You only need to run this once, or periodically to update the documentation. ## Usage ### As an MCP Server Add to your Claude Desktop config (`~/Library/Application Support/Claude/claude_desktop_config.json` on macOS): ```json { "mcpServers": { "security-context": { "command": "node", "args": ["/path/to/security-mcp/dist/index.js"] } } } ``` Or if installed globally: ```json { "mcpServers": { "security-context": { "command": "security-mcp" } } } ``` ### Available Tools Once configured, Claude will have access to these tools: #### 1. `search_security_docs` Search across all security documentation using natural language. **Example queries:** - "How do I prevent SQL injection?" - "What are AWS IAM best practices?" - "Explain zero trust architecture" - "NIST incident response guidelines" **Parameters:** - `query` (required): Your security question or topic - `limit` (optional): Max results (default: 5) - `source` (optional): Filter to specific source (OWASP, NIST, AWS, Google, SANS, CIS) #### 2. `get_security_context` Get comprehensive context on a topic from multiple sources. **Example:** ```json { "topic": "authentication best practices" } ``` Returns aggregated information from all relevant sources. #### 3. `list_security_sources` List all available documentation sources and their categories. #### 4. `get_owasp_top10` Get specific OWASP Top 10 vulnerability information. **Parameters:** - `category` (optional): Specific category like "A01:2021 - Broken Access Control" ## Examples ### Example 1: Finding Security Guidance **User**: "How should I secure my AWS S3 buckets?" **Claude** (using `search_security_docs`): > Found relevant guidance from AWS Security Best Practices: > - Enable S3 Block Public Access by default > - Use IAM roles and policies for access control > - Enable versioning and Object Lock > - Implement bucket encryption > [... detailed results with links ...] ### Example 2: Understanding Frameworks **User**: "What is NIST CSF and how do I use it?" **Claude** (using `get_security_context`): > The NIST Cybersecurity Framework provides structured approach to managing risk... > [Shows information from multiple NIST sources about CSF functions, implementation tiers, and profiles] ### Example 3: Vulnerability Research **User**: "Tell me about the latest OWASP Top 10" **Claude** (using `get_owasp_top10`): > OWASP Top 10 2021 includes: > 1. A01:2021 - Broken Access Control > 2. A02:2021 - Cryptographic Failures > [... detailed information about each category ...] ## Architecture ### Components - **MCP Server** (`src/index.ts`): Main server implementing MCP protocol - **Vector Store** (`src/vector/simple-store.ts`): TF-IDF based search with local caching - **Document Sources** (`src/sources/`): Fetchers for each security authority - **Document Fetcher** (`src/fetcher.ts`): Orchestrates downloading and indexing ### Data Flow 1. **Fetch Phase**: `npm run fetch-docs` downloads documentation from sources 2. **Index Phase**: Content is processed and indexed with TF-IDF for semantic search 3. **Cache Phase**: Indexed documents saved to `~/.security-mcp/documents.json` 4. **Query Phase**: MCP tools search the indexed cache and return relevant results ### Storage Documents are stored in: `~/.security-mcp/documents.json` To update documentation, simply run `npm run fetch-docs` again. ## Customization ### Adding New Sources Create a new source in `src/sources/`: ```typescript import { DocumentSource, SecurityDocument } from "../types.js"; export class CustomSource implements DocumentSource { name = "CustomSource"; async fetchDocuments(): Promise<SecurityDocument[]> { // Fetch and return documents return []; } } ``` Then add it to `src/fetcher.ts`: ```typescript import { CustomSource } from "./sources/custom.js"; const sources = [ // ... existing sources new CustomSource(), ]; ``` ### Upgrading to Vector Embeddings The current implementation uses TF-IDF for simplicity and zero external dependencies. For better semantic search, you can upgrade to proper embeddings: 1. Replace `SimpleVectorStore` with a real vector DB (ChromaDB, Pinecone, Weaviate) 2. Add embedding generation using: - OpenAI embeddings API - Local models via Sentence Transformers - Anthropic's Claude API ## Updating Documentation Security documentation changes frequently. Update your cache periodically: ```bash npm run fetch-docs ``` Consider setting up a cron job to update weekly: ```bash # Run every Sunday at 2am 0 2 * * 0 cd /path/to/security-mcp && npm run fetch-docs ``` ## Technical Details ### Technologies Used - **MCP SDK**: Official Model Context Protocol implementation - **TypeScript**: Type-safe development - **Axios & Cheerio**: Web scraping and HTML parsing - **Natural**: NLP and TF-IDF search - **PDF Parse**: PDF document processing (for future enhancements) ### Performance - Initial fetch: 2-5 minutes - Index size: ~2-5 MB (for all sources) - Search latency: <100ms (local cache) - Memory usage: ~50-100 MB ### Limitations - Web scraping may break if source websites change structure - TF-IDF is simpler than embedding-based search - No automatic update mechanism (manual refresh required) - English language only ## Troubleshooting ### Documents not found Run the fetcher to download documentation: ```bash npm run fetch-docs ``` ### Server not connecting Check your MCP configuration in Claude Desktop and ensure the path is correct. ### Fetch errors Some sources may be temporarily unavailable. The fetcher continues with other sources even if one fails. ### Empty results Try different query phrasings or use `list_security_sources` to see what's available. ## Contributing To add more security sources: 1. Create a new source file in `src/sources/` 2. Implement the `DocumentSource` interface 3. Add the source to `src/fetcher.ts` 4. Submit a pull request Potential sources to add: - Microsoft Security Best Practices - Azure Security - PCI DSS guidelines - HIPAA security rules - ISO 27001/27002 - SOC 2 requirements ## License MIT ## Security & Privacy - All documentation is cached locally - No external API calls during query time - No telemetry or data collection - Open source and auditable ## Support For issues or questions: - File an issue on GitHub - Check the documentation - Review the source code --- **Built with ❤️ for the security community**