getSecureCodingChecklist
Generate secure coding checklists to help developers implement HIPAA-compliant practices when building healthcare applications that handle protected health information.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| schema | Yes |
Implementation Reference
- server.ts:239-257 (handler)The async handler function for the 'getSecureCodingChecklist' tool, which returns a static markdown checklist for HIPAA-compliant secure coding practices.async () => { return { content: [{ type: 'text', text: ` # HIPAA Secure SDLC Checklist 1. **Data Minimization:** Does this feature only collect the minimum necessary PHI to function? 2. **Input Validation:** Are all inputs that could potentially contain PHI (e.g., text fields, file uploads) properly validated and sanitized to prevent injection attacks? 3. **Authentication & Authorization:** Is every endpoint that touches PHI protected with authentication? Does the code check if the authenticated user is authorized to access the specific record they are requesting? 4. **Secure Data Transmission:** Is all data, especially PHI, transmitted using strong, modern TLS (1.2+)? 5. **Secure Data Storage:** Is sensitive data encrypted at rest? Are you using platform-recommended secure storage APIs for tokens and keys? 6. **Audit Logging:** Does the code generate a detailed, immutable audit log for any action that creates, reads, updates, or deletes PHI? The log must include user ID, timestamp, and action taken. 7. **Error Handling & Information Disclosure:** Do error messages avoid revealing sensitive information (e.g., "User 'john.doe@email.com' not found" is a disclosure; "Invalid username or password" is not). 8. **Dependency Scanning:** Are you regularly scanning third-party libraries for known vulnerabilities? ` }] }; }
- server.ts:233-258 (registration)The registration of the 'getSecureCodingChecklist' tool using server.tool(), including schema (empty input) and inline handler.server.tool( 'getSecureCodingChecklist', { description: 'Provides a checklist for developers to ensure HIPAA compliance throughout the Software Development Lifecycle (SDLC).', schema: z.object({}), }, async () => { return { content: [{ type: 'text', text: ` # HIPAA Secure SDLC Checklist 1. **Data Minimization:** Does this feature only collect the minimum necessary PHI to function? 2. **Input Validation:** Are all inputs that could potentially contain PHI (e.g., text fields, file uploads) properly validated and sanitized to prevent injection attacks? 3. **Authentication & Authorization:** Is every endpoint that touches PHI protected with authentication? Does the code check if the authenticated user is authorized to access the specific record they are requesting? 4. **Secure Data Transmission:** Is all data, especially PHI, transmitted using strong, modern TLS (1.2+)? 5. **Secure Data Storage:** Is sensitive data encrypted at rest? Are you using platform-recommended secure storage APIs for tokens and keys? 6. **Audit Logging:** Does the code generate a detailed, immutable audit log for any action that creates, reads, updates, or deletes PHI? The log must include user ID, timestamp, and action taken. 7. **Error Handling & Information Disclosure:** Do error messages avoid revealing sensitive information (e.g., "User 'john.doe@email.com' not found" is a disclosure; "Invalid username or password" is not). 8. **Dependency Scanning:** Are you regularly scanning third-party libraries for known vulnerabilities? ` }] }; } );
- server.ts:237-237 (schema)The Zod schema for the tool, which accepts no input parameters.schema: z.object({}),