MCP Project Orchestrator

# OpenSSL Tools Orchestration System ## Overview The OpenSSL Tools Orchestration System is a comprehensive, Skills-enabled automation platform designed specifically for the `sparesparrow/openssl-tools` repository. It integrates Agent Skills capabilities with Model Context Protocol (MCP) to provide intelligent, automated project management, CI/CD orchestration, and FIPS compliance validation. ## Key Features ### 🔧 Skills-Enabled Orchestration - **Automatic Skill Discovery**: Intelligently discovers and composes relevant Skills based on project context - **Progressive Disclosure**: Loads only necessary Skills to optimize token usage and performance - **Dynamic Composition**: Runtime skill composition based on project requirements and constraints ### 🏗️ Multi-Platform Build Management - **Cross-Platform Support**: Linux (GCC 11), Windows (MSVC 193), macOS (ARM64/x86_64) - **Automated Build Configuration**: Generates platform-specific build configurations - **Parallel Build Execution**: Concurrent builds across multiple platforms ### 🔒 FIPS Compliance Framework - **FIPS 140-3 Validation**: Comprehensive compliance checking for cryptographic code - **Algorithm Validation**: Ensures only FIPS-approved algorithms are used - **Self-Test Implementation**: Validates required FIPS self-tests are present - **Side-Channel Analysis**: Detects timing and power analysis vulnerabilities ### ⚙️ CI/CD Automation - **GitHub Actions Integration**: Automated workflow generation and management - **Multi-Trigger Support**: Push, Pull Request, Workflow Dispatch, Schedule, Release, Tag - **Automated Testing**: Comprehensive test suite execution across platforms - **Release Management**: Automated artifact creation, signing, and publishing ### 🧪 Comprehensive Testing Framework - **Unit Testing**: pytest-based unit test framework - **Integration Testing**: End-to-end integration test suites - **FIPS Testing**: Specialized FIPS compliance test cases - **Security Testing**: Static and dynamic security analysis - **Performance Testing**: Benchmarking and load testing capabilities ## Architecture ### Core Components ``` OpenSSL Tools Orchestration System ├── Skills Registry & Discovery Engine │ ├── Skill Metadata Management │ ├── Context-Aware Discovery │ ├── Dynamic Composition │ └── Progressive Disclosure ├── MCP Server with 2025 Capabilities │ ├── Elicitation Support │ ├── Sampling Integration │ ├── Roots Access Control │ └── Progressive Scoping ├── Cursor CLI Integration │ ├── Headless Execution │ ├── Skills Deployment │ ├── Session Management │ └── Autonomous Orchestration ├── FIPS Compliance Framework │ ├── Algorithm Validation │ ├── Self-Test Verification │ ├── Key Management Validation │ └── Side-Channel Analysis └── OpenSSL-Specific Orchestration ├── Build Management ├── Release Management ├── Workflow Generation └── Testing Framework ``` ### Skills Integration The system includes specialized OpenSSL Skills: 1. **OpenSSL Build Orchestration** (`openssl-build-orchestration`) - Triggers: `openssl`, `build`, `compile`, `make` - Manages multi-platform builds and configurations 2. **FIPS Compliance Validation** (`openssl-fips-validation`) - Triggers: `fips`, `openssl`, `crypto`, `validation`, `compliance` - Ensures FIPS 140-3 compliance 3. **CI/CD Pipeline Management** (`openssl-ci-cd-pipeline`) - Triggers: `ci`, `cd`, `pipeline`, `github-actions`, `automation` - Manages GitHub Actions workflows 4. **Testing Framework** (`openssl-testing-framework`) - Triggers: `test`, `testing`, `openssl`, `validation`, `quality` - Comprehensive testing capabilities 5. **Release Management** (`openssl-release-management`) - Triggers: `release`, `version`, `openssl`, `publish`, `deploy` - Automated release and versioning ## Usage ### Basic Orchestration ```python from mcp_project_orchestrator.openssl_orchestration_main import OpenSSLOrchestrationMain from mcp_project_orchestrator.openssl_tools_orchestration import ( OpenSSLProjectContext, OpenSSLProjectType, BuildPlatform ) # Initialize orchestration orchestration = OpenSSLOrchestrationMain() # Create project context context = OpenSSLProjectContext( project_type=OpenSSLProjectType.OPENSSL_TOOLS, repository_url="https://github.com/sparesparrow/openssl-tools", target_platforms=[BuildPlatform.LINUX_GCC11, BuildPlatform.MACOS_ARM64], fips_required=True, ci_cd_enabled=True, testing_framework="pytest" ) # Execute orchestration result = await orchestration.orchestrate_openssl_tools_project(context) ``` ### FIPS Compliance Validation ```python # Validate cryptographic code against FIPS requirements fips_result = await orchestration.mcp_server.tools["validate_openssl_fips_compliance"]( code_changes=[ "def encrypt_data(data: bytes, key: bytes) -> bytes:", " cipher = Cipher(algorithms.AES(key), modes.GCM(nonce))", " return encryptor.update(data) + encryptor.finalize()" ], fips_context={ "file_path": "src/crypto/encryption.py", "module_type": "cryptographic", "fips_required": True } ) print(f"FIPS Compliant: {fips_result['compliant']}") print(f"Violations: {len(fips_result['violations'])}") ``` ### Multi-Platform Build ```python # Build OpenSSL for multiple platforms build_result = await orchestration.mcp_server.tools["build_openssl_for_platforms"]( platforms=["linux-gcc11", "windows-msvc193", "macos-arm64"], fips_enabled=True ) for result in build_result['build_results']: print(f"{result['platform']}: {'Success' if result['success'] else 'Failed'}") print(f" Build Time: {result['build_time']:.2f}s") print(f" Artifacts: {', '.join(result['artifacts'])}") ``` ### CI/CD Workflow Generation ```python # Create GitHub Actions CI workflow workflow_result = await orchestration.mcp_server.tools["create_openssl_ci_workflow"]( project_name="openssl-tools", platforms=["linux-gcc11", "windows-msvc193", "macos-arm64"], fips_enabled=True, triggers=["push", "pull_request", "workflow_dispatch"] ) # Save workflow YAML with open(".github/workflows/ci.yml", "w") as f: f.write(workflow_result['workflow_yaml']) ``` ## Configuration ### Project Context Configuration ```python OpenSSLProjectContext( project_type=OpenSSLProjectType.OPENSSL_TOOLS, repository_url="https://github.com/sparesparrow/openssl-tools", target_platforms=[ BuildPlatform.LINUX_GCC11, BuildPlatform.WINDOWS_MSVC193, BuildPlatform.MACOS_ARM64, BuildPlatform.MACOS_X86_64 ], fips_required=True, ci_cd_enabled=True, testing_framework="pytest", build_tools=["cmake", "make", "gcc", "clang"], dependencies=["openssl", "zlib", "libssl-dev"], security_level="high", compliance_requirements=["FIPS-140-3", "SOC2"] ) ``` ### Skills Configuration Skills are automatically discovered and composed based on project context. The system supports: - **Progressive Disclosure**: Skills are loaded only when needed - **Context-Aware Activation**: Skills activate based on project requirements - **Dynamic Composition**: Skills are composed at runtime based on constraints - **Verification Loops**: Skills include built-in verification and validation ### FIPS Compliance Configuration ```python FIPSRequirements( approved_algorithms={ "AES", "SHA-256", "SHA-384", "SHA-512", "SHA-3", "RSA", "ECDSA", "ECDH", "HMAC", "PBKDF2", "HKDF" }, forbidden_algorithms={ "MD5", "SHA-1", "RC4", "DES", "3DES", "Blowfish" }, required_self_tests={ "algorithm_known_answer_tests", "continuous_random_number_generator_tests", "software_integrity_tests", "critical_functions_tests" } ) ``` ## Generated Artifacts The orchestration system generates comprehensive project artifacts: ### Project Structure ``` openssl-tools-project/ ├── .github/ │ └── workflows/ │ ├── ci-cd.yml │ ├── fips-validation.yml │ └── release.yml ├── scripts/ │ ├── build.sh │ ├── test.sh │ ├── fips_validation.sh │ └── release.sh ├── configs/ │ ├── linux-gcc11.json │ ├── windows-msvc193.json │ └── macos-arm64.json ├── tests/ │ ├── unit/ │ ├── integration/ │ ├── fips/ │ └── security/ ├── fips/ │ ├── validation/ │ ├── self_tests/ │ └── compliance/ ├── docs/ │ ├── BUILD_GUIDE.md │ ├── TESTING_GUIDE.md │ ├── FIPS_COMPLIANCE.md │ └── CI_CD_GUIDE.md └── .cursor/ ├── config.json └── skills/ ├── openssl-build-orchestration/ ├── openssl-fips-validation/ ├── openssl-ci-cd-pipeline/ ├── openssl-testing-framework/ └── openssl-release-management/ ``` ### GitHub Actions Workflows The system generates comprehensive CI/CD workflows with: - **Multi-platform builds** across Linux, Windows, and macOS - **FIPS compliance validation** for cryptographic code - **Security scanning** and vulnerability assessment - **Automated testing** with coverage reporting - **Release management** with artifact signing - **Matrix strategies** for different Python versions and platforms ### Build Configurations Platform-specific build configurations include: - **Compiler settings** optimized for each platform - **FIPS mode configuration** when required - **Dependency management** for platform-specific libraries - **Build flags** for security and optimization - **Cross-compilation support** for embedded targets ## Security Features ### FIPS 140-3 Compliance - **Algorithm Validation**: Ensures only FIPS-approved algorithms are used - **Self-Test Implementation**: Validates required self-tests are present - **Key Management**: Validates secure key generation, storage, and transport - **Side-Channel Protection**: Detects timing and power analysis vulnerabilities ### Security Scanning - **Static Analysis**: Bandit, Safety, Semgrep integration - **Dynamic Analysis**: Valgrind, sanitizers for runtime analysis - **Vulnerability Scanning**: Trivy, Grype for dependency scanning - **Code Quality**: Automated code quality checks and formatting ### Input Validation - **Trust Boundary Validation**: Comprehensive input validation at all boundaries - **Error Handling**: Secure error handling without information leakage - **Memory Management**: Secure memory handling for sensitive data ## Performance Optimization ### Token Management - **Progressive Loading**: Skills loaded only when needed - **Context Optimization**: Intelligent context pruning and summarization - **Caching Strategy**: Multi-level caching for frequently used Skills - **Parallel Execution**: Concurrent skill activation where possible ### Build Optimization - **Parallel Builds**: Concurrent builds across platforms - **Incremental Builds**: Only rebuild changed components - **Caching**: Build artifact caching for faster subsequent builds - **Resource Management**: Efficient CPU and memory utilization ## Monitoring and Observability ### Execution Metrics - **Build Times**: Per-platform build performance tracking - **Test Coverage**: Comprehensive test coverage reporting - **FIPS Compliance**: Real-time compliance status monitoring - **Security Metrics**: Security scan results and vulnerability tracking ### Logging and Debugging - **Structured Logging**: Comprehensive logging with context - **Error Tracking**: Detailed error reporting and debugging information - **Performance Profiling**: Build and execution performance analysis - **Audit Trails**: Complete audit trails for compliance and debugging ## Integration Points ### MCP Server Integration - **Tool Registration**: All orchestration capabilities exposed as MCP tools - **Protocol Compliance**: Full MCP 2025 protocol support - **Client Integration**: Seamless integration with Claude Desktop and Cursor ### Cursor IDE Integration - **Skills Deployment**: Automatic Skills deployment to Cursor configuration - **Headless Execution**: Autonomous project execution capabilities - **Session Management**: Persistent session management for long-running operations ### GitHub Integration - **Workflow Generation**: Automated GitHub Actions workflow creation - **Repository Dispatch**: Cross-repository workflow triggering - **Artifact Management**: Automated artifact upload and management ## Examples See the `examples/` directory for comprehensive usage examples: - `openssl_tools_orchestration_example.py`: Complete orchestration example - `fips_compliance_example.py`: FIPS validation examples - `multi_platform_build_example.py`: Build automation examples - `ci_cd_workflow_example.py`: CI/CD workflow generation examples ## Contributing ### Development Setup 1. **Clone the repository**: ```bash git clone https://github.com/sparesparrow/mcp-project-orchestrator cd mcp-project-orchestrator ``` 2. **Install dependencies**: ```bash pip install -r requirements.txt pip install -e . ``` 3. **Run tests**: ```bash pytest tests/ -v ``` 4. **Run examples**: ```bash python examples/openssl_tools_orchestration_example.py ``` ### Adding New Skills 1. **Define Skill Metadata**: ```python skill = SkillMetadata( skill_id="custom-openssl-skill", name="Custom OpenSSL Skill", description="Description of the skill", skill_type=SkillType.ORCHESTRATION, priority=SkillPriority.HIGH, triggers=["custom", "openssl", "skill"], tags=["openssl", "custom", "automation"] ) ``` 2. **Register with Skills Registry**: ```python skills_registry.skill_index[skill.skill_id] = skill ``` 3. **Implement Skill Logic**: ```python async def execute_custom_skill(context, project_path): # Implement skill logic pass ``` ## License This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. ## Support For support and questions: - **Issues**: [GitHub Issues](https://github.com/sparesparrow/mcp-project-orchestrator/issues) - **Discussions**: [GitHub Discussions](https://github.com/sparesparrow/mcp-project-orchestrator/discussions) - **Documentation**: [Project Documentation](https://github.com/sparesparrow/mcp-project-orchestrator/docs) ## Acknowledgments - **OpenSSL Project**: For the foundational cryptographic library - **Claude AI**: For Agent Skills capabilities and MCP protocol - **GitHub Actions**: For CI/CD automation platform - **Community**: For contributions and feedback