Merge pull request #15 from VantaInc/showzeb/AI-769

showzeb110 · web-flow · commit 32883cdef94e · 2025-06-03T17:26:00.000-04:00
Remove deactivate_test_entity and upload_document tools
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Vanta MCP Server
 
-A <a href="https://modelcontextprotocol.com/"> Model Context Protocol </a> server that provides access to Vanta's automated security compliance platform. Vanta helps organizations achieve and maintain compliance with security frameworks like SOC 2, ISO 27001, HIPAA, GDPR, and others through automated monitoring, evidence collection, and continuous security testing. This MCP server enables AI assistants to interact with Vanta's API to retrieve compliance test results, manage security findings, access framework requirements, and handle compliance documentation.
+A <a href="https://modelcontextprotocol.com/"> Model Context Protocol </a> server that provides access to Vanta's automated security compliance platform. Vanta helps organizations achieve and maintain compliance with security frameworks like SOC 2, ISO 27001, HIPAA, GDPR, and others through automated monitoring, evidence collection, and continuous security testing. This MCP server enables AI assistants to interact with Vanta's API to retrieve compliance test results, manage security findings, and access framework requirements.
 
 > **⚠️ Important Disclaimer:** This server provides AI assistants with access to your Vanta compliance data. Always verify the accuracy and appropriateness of AI-generated responses before taking any compliance or security actions. Users are responsible for reviewing all outputs and ensuring they meet their organization's security and compliance requirements.
 
@@ -11,7 +11,6 @@ A <a href="https://modelcontextprotocol.com/"> Model Context Protocol </a> serve
 - Access Vanta's 1,200+ automated security tests that run continuously to monitor compliance
 - Retrieve test results with filtering by status (passing/failing), cloud provider (AWS/Azure/GCP), or compliance framework
 - Get detailed information about failing resources (test entities) that need remediation
-- Temporarily deactivate specific test entities during planned maintenance or remediation work
 
 ### Compliance Framework Operations
 
@@ -38,12 +37,10 @@ A <a href="https://modelcontextprotocol.com/"> Model Context Protocol </a> serve
 | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | `get_tests`              | Retrieve Vanta's automated security and compliance tests. Filter by status (OK, NEEDS_ATTENTION, DEACTIVATED), cloud integration (aws, azure, gcp), or compliance framework (soc2, iso27001, hipaa). Returns test results showing which security controls are passing or failing across your infrastructure. |
 | `get_test_entities`      | Get specific resources (entities) that are failing a particular security test. For example, if an AWS security group test is failing, this returns the actual security group IDs and details about what's wrong. Essential for understanding exactly which infrastructure components need remediation.       |
-| `deactivate_test_entity` | Temporarily suppress alerts for a specific failing resource during planned maintenance, system updates, or while remediation is in progress. Requires a business justification and end date. Helps manage security alerts during planned operational activities without compromising audit trails.           |
 | `get_frameworks`         | List all compliance frameworks available in your Vanta account (SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, PCI, etc.) along with completion status and progress metrics. Shows which frameworks you're actively pursuing and their current compliance state.                                                    |
 | `get_framework_controls` | Get detailed security control requirements for a specific compliance framework. Returns the specific controls, their descriptions, implementation guidance, and current compliance status. Essential for understanding what security measures are required for each compliance standard.                     |
 | `get_controls`           | List all security controls across all frameworks in your Vanta account. Returns control names, descriptions, framework mappings, and current implementation status. Use this to see all available controls or to find a specific control ID for use with other tools.                                        |
 | `get_control_tests`      | Get all automated tests that validate a specific security control. Use this when you know a control ID and want to see which specific tests monitor compliance for that control. Returns test details, current status, and any failing entities for the control's tests.                                     |
-| `upload_document`        | Upload compliance documentation and evidence files to Vanta. Used for policy documents, procedures, audit evidence, and proof of security control implementation. Supports the documentation requirements needed for compliance audits and framework certification.                                          |
 
 ## Configuration
 
diff --git a/src/eval/eval.ts b/src/eval/eval.ts
@@ -1,10 +1,6 @@
 import OpenAI from "openai";
 import { zodToJsonSchema } from "zod-to-json-schema";
-import {
-  GetTestsTool,
-  GetTestEntitiesTool,
-  DeactivateTestEntityTool,
-} from "../operations/tests.js";
+import { GetTestsTool, GetTestEntitiesTool } from "../operations/tests.js";
 import {
   GetFrameworksTool,
   GetFrameworkControlsTool,
@@ -32,14 +28,6 @@ const tools = [
       parameters: zodToJsonSchema(GetTestEntitiesTool.parameters),
     },
   },
-  {
-    type: "function" as const,
-    function: {
-      name: DeactivateTestEntityTool.name,
-      description: DeactivateTestEntityTool.description,
-      parameters: zodToJsonSchema(DeactivateTestEntityTool.parameters),
-    },
-  },
   {
     type: "function" as const,
     function: {
@@ -109,18 +97,6 @@ const testCases: TestCase[] = [
     expectedParams: { testId: "aws-security-groups-open-to-world" },
     description: "Should call get_test_entities for specific test details",
   },
-  {
-    prompt:
-      "Deactivate entity sg-12345 for test aws-security-groups-open-to-world until 2024-02-15T10:00:00Z due to scheduled maintenance",
-    expectedTool: "deactivate_test_entity",
-    expectedParams: {
-      entityId: "sg-12345",
-      testId: "aws-security-groups-open-to-world",
-      deactivateReason: "scheduled maintenance",
-      deactivateUntil: "2024-02-15T10:00:00Z",
-    },
-    description: "Should call deactivate_test_entity for maintenance",
-  },
   {
     prompt: "What compliance frameworks are we tracking?",
     expectedTool: "get_frameworks",
diff --git a/src/index.ts b/src/index.ts
@@ -1,8 +1,6 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import {
-  deactivateTestEntity,
-  DeactivateTestEntityTool,
   getTestEntities,
   GetTestEntitiesTool,
   getTests,
@@ -14,7 +12,6 @@ import {
   getFrameworkControls,
   getFrameworks,
 } from "./operations/frameworks.js";
-import { UploadDocumentTool, uploadDocument } from "./operations/documents.js";
 import {
   GetControlsTool,
   GetControlTestsTool,
@@ -27,7 +24,7 @@ const server = new McpServer({
   name: "vanta-mcp",
   version: "1.0.0",
   description:
-    "Model Context Protocol server for Vanta's automated security compliance platform. Provides access to security tests, compliance frameworks, and documentation management for SOC 2, ISO 27001, HIPAA, GDPR and other standards.",
+    "Model Context Protocol server for Vanta's automated security compliance platform. Provides access to security tests, compliance frameworks, and security controls for SOC 2, ISO 27001, HIPAA, GDPR and other standards.",
 });
 
 server.tool(
@@ -44,13 +41,6 @@ server.tool(
   getTestEntities,
 );
 
-server.tool(
-  DeactivateTestEntityTool.name,
-  DeactivateTestEntityTool.description,
-  DeactivateTestEntityTool.parameters.shape,
-  deactivateTestEntity,
-);
-
 server.tool(
   GetFrameworksTool.name,
   GetFrameworksTool.description,
@@ -79,13 +69,6 @@ server.tool(
   getControlTests,
 );
 
-server.tool(
-  UploadDocumentTool.name,
-  UploadDocumentTool.description,
-  UploadDocumentTool.parameters.shape,
-  uploadDocument,
-);
-
 async function main() {
   try {
     await initializeToken();
diff --git a/src/operations/documents.ts b/src/operations/documents.ts
diff --git a/src/operations/tests.ts b/src/operations/tests.ts
@@ -79,42 +79,6 @@ export async function getTestEntities(
   };
 }
 
-export async function deactivateTestEntity(
-  args: z.infer<typeof DeactivateTestEntityInput>,
-): Promise<CallToolResult> {
-  const url = new URL(
-    `/v1/tests/${args.testId}/entities/${args.entityId}/deactivate`,
-    baseApiUrl(),
-  );
-  const response = await makeAuthenticatedRequest(url.toString(), {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      deactivateUntil: args.deactivateUntil,
-      reason: args.deactivateReason,
-    }),
-  });
-
-  if (!response.ok) {
-    return {
-      content: [
-        {
-          type: "text" as const,
-          text: `Url: ${url.toString()}, Error: ${response.statusText}`,
-        },
-      ],
-    };
-  }
-
-  return {
-    content: [
-      { type: "text" as const, text: JSON.stringify(await response.json()) },
-    ],
-  };
-}
-
 const TOOL_DESCRIPTION = `Retrieve Vanta's automated security and compliance tests. Vanta runs 1,200+ automated tests continuously to monitor compliance across your infrastructure. Filter by status (OK, NEEDS_ATTENTION, DEACTIVATED), cloud integration (aws, azure, gcp), or compliance framework (soc2, iso27001, hipaa). Returns test results showing which security controls are passing or failing across your infrastructure. Tests that are NOT_APPLICABLE to your resources are included by default - use statusFilter=NEEDS_ATTENTION to retrieve only actionable failing tests.`;
 
 const TEST_STATUS_FILTER_DESCRIPTION = `Filter tests by their status.
@@ -170,33 +134,3 @@ export const GetTestEntitiesTool: Tool<typeof GetTestEntitiesInput> = {
   description: `Get the specific failing resources (entities) for a known test ID. Use this when you already know the test name/ID and need to see which specific infrastructure resources are failing that test. For example, if you know "aws-security-groups-open-to-world" test is failing, this returns the actual security group IDs that are failing. Requires a specific testId parameter. Do NOT use this for general test discovery - use get_tests for that.`,
   parameters: GetTestEntitiesInput,
 };
-
-export const DeactivateTestEntityInput = z.object({
-  testId: z
-    .string()
-    .describe(
-      "Test ID in lowercase with hyphens, e.g. 'aws-security-groups-open-to-world'",
-    ),
-  entityId: z
-    .string()
-    .describe(
-      "Entity ID of the specific resource to deactivate, e.g. 'sg-12345'",
-    ),
-  deactivateReason: z
-    .string()
-    .describe(
-      "Business reason for deactivation, e.g. 'Scheduled maintenance' or 'Emergency patching'",
-    ),
-  deactivateUntil: z
-    .string()
-    .describe(
-      "End date/time in ISO format YYYY-MM-DDTHH:MM:SSZ, e.g. '2024-02-15T10:00:00Z'",
-    ),
-});
-
-export const DeactivateTestEntityTool: Tool<typeof DeactivateTestEntityInput> =
-  {
-    name: "deactivate_test_entity",
-    description: `DEACTIVATE/SUPPRESS alerts for a specific failing resource. Use this ONLY when you need to temporarily silence/disable/mute alerts for a specific entity during maintenance, patching, or remediation work. Requires both testId and entityId parameters, plus a reason and end date. This is for SUPPRESSING existing alerts, not for viewing them.`,
-    parameters: DeactivateTestEntityInput,
-  };
