SbD MCP Server v0.9.0 — Software Bundle (npm package + GitHub source, ICSME 2026)

2026-05-28T15:41:53Z https://b2share.eudat.eu/oai2d

oai:b2share-:2bgbn-k8044 2026-05-23T23:18:28Z community-eudat e9b9792e-79fb-4b07-b6b4-b9c2bd06d095

https://b2share.eudat.eu/records/2bgbn-k8044 10.23728/b2share.2bgbn-k8044 EUDAT SbD MCP Server v0.9.0 — Software Bundle (npm package + GitHub source, ICSME 2026) Farinha, Pedro 2026 B2SHARE Software eng application/gzip text/plain Offline-reproducible software bundle for the SbD MCP Server (v0.9.0), an ontology-grounded retrieval tool that exposes the Security-by-Design Theory-of-Everything (SbD-ToE) knowledge graph to GenAI coding assistants through the Model Context Protocol (MCP). The server grounds model output in a curated, versioned ontology of AppSec Core-typed security requirements rather than relying on parametric memory alone. This item archives the tool itself in two complementary forms — the canonical npm package tarball (runnable) and the full GitHub source bundle (inspectable) — so that the v0.9.0 demonstration state remains reproducible independently of the upstream registries. FILES sbd-toe-mcp-0.9.0.tgz 4,183,175 bytes SHA-256: c0dc7b432007f4d1e0058183f2a85a1d06c4d5cfb640f8d2781dc3d749e912aa Role: canonical npm package tarball (runtime distribution only). Install offline: npm install ./sbd-toe-mcp-0.9.0.tgz Or install from npm registry: npx @shiftleftpt/sbd-toe-mcp sbd-toe-mcp-v0.9.0-bundle.tar.gz 4,376,388 bytes SHA-256: 533d8185d02356e68c06b395b0cc864dd318c176e27d202c45e6d5f82a4d0407 Role: full GitHub repository snapshot at tag v0.9.0, including TypeScript source, tests, build scripts, and CI configuration that are not shipped in the npm tarball. MANIFEST.txt ~4 KB Role: full provenance record — SHA-256 checksums, file sizes, origin URLs, and release metadata for every artefact referenced by this bundle and by the companion Media item. SHASUMS.txt ~270 bytes Role: shasum -c -a 256 compatible checksum file for the two software bundles above. Verify with: shasum -a 256 -c SHASUMS.txt RUNTIME Node.js >= 20.9.0 VERIFICATION After download, all files can be verified in one shot: shasum -a 256 -c SHASUMS.txt Expected output: sbd-toe-mcp-0.9.0.tgz: OK sbd-toe-mcp-v0.9.0-bundle.tar.gz: OK RELATED MATERIALS npm package (live registry, v0.9.0): https://www.npmjs.com/package/@shiftleftpt/sbd-toe-mcp GitHub repository: https://github.com/Shiftleftpt/sbd-toe-mcp-poc GitHub release v0.9.0 (immutable, 2026-05-21): https://github.com/Shiftleftpt/sbd-toe-mcp-poc/releases/tag/v0.9.0 Demonstration screencast (companion Figshare item, type Media — DOI to be added once minted): end-to-end walkthrough of installation, MCP client configuration, and a representative secure-coding session. OSF registration (ICSME 2026 Tool Demonstration — DOI to be added once minted): contains the registered demonstration state including this software bundle and the screencast. Companion paper: ICSME 2026 — Tool Demonstration submission (DOI to be added once accepted). LICENCE Code: Apache-2.0 Content: CC-BY-SA-4.0 AUTHOR Pedro Farinha — Shiftleft - Secure Software Engineering, Lda. ORCID: 0009-0001-0569-9020 Apache License 2.0 8.6 MB 4 files