FedRAMP Docs MCP Server

Disclaimer: This is an unofficial, community project and is not affiliated with, endorsed by, or associated with FedRAMP or the U.S. federal government. The author is not officially affiliated with FedRAMP. The FedRAMP name and any related marks are property of their respective owners.

Custom Model Context Protocol (MCP) server that makes the FedRAMP/docs repository queryable with FRMR-aware tooling. The server scans FRMR JSON datasets and supporting markdown guidance, exposes structured tools for analysis, and can optionally clone and cache the upstream repository for you.

Demo

See the FedRAMP Docs MCP Server in action with Claude Desktop:

https://github.com/user-attachments/assets/653c3956-0bfb-46c4-9e72-8a6d75e3a80d

Documentation

Additional resources:

• Local Development - Build from source
• Docker Setup - Container deployment
• Security Hardening - Production configurations
• Contributing - How to contribute

Prerequisites

• Node.js 18 or higher
• npm 8 or higher

Features

• Auto-detects all 12 FRMR JSON document types and builds typed metadata.
• Extracts KSI entries, flattened control mappings, and Significant Change references.
• Fast markdown search via an inverted index backed by Lunr with snippets and line numbers.
• Indexes 62+ markdown files from tools/site/content/ (Zensical static site content).
• Structured diffing between FRMR versions, including per-item change detection.
• Health check, version listing, and curated Significant Change guidance aggregator.
• Claude Plugin with slash commands, agent skills, and compliance analyst agent.
• Docker support with security hardening following 2025 best practices.

Supported Document Types

Getting Started

Local Development

1. Install dependencies:

npm install

2. Build the project:

npm run build

3. Run the server:

node dist/index.js

Global Installation

To install globally and use the fedramp-docs-mcp command:

npm install -g .
fedramp-docs-mcp

Note: Global installation is required if you want to use fedramp-docs-mcp as the command in MCP client configurations (Claude Desktop, Goose, etc.). Alternatively, you can use the full path to the built server: node /path/to/fedramp-docs-mcp/dist/index.js

CLI Commands

The package includes helpful CLI commands:

# Show help and usage information
npx fedramp-docs-mcp help

# Install Claude Code plugin
npx fedramp-docs-mcp setup

# Print MCP server configuration for Claude Desktop/Code
npx fedramp-docs-mcp mcp-config

# Start MCP server (used by MCP clients)
npx fedramp-docs-mcp

During startup the server ensures a FedRAMP/docs repository is available, indexes FRMR JSON and markdown content, then begins serving requests on MCP stdio.

Configuration

Environment variables control repository discovery and indexing behaviour:

Set FEDRAMP_DOCS_PATH if you maintain a local clone. Otherwise leave it unset and allow the server to create a shallow cached copy.

Keeping Data Up-to-Date

The server includes automatic update checking to keep the FedRAMP docs current:

Automatic Updates (Default Behavior):

• Every 24 hours (configurable), the server checks if the cached repository needs updating
• If updates are available, they're fetched automatically on server startup
• This ensures you always have recent FedRAMP data without manual intervention

Manual Updates:

• Use the update_repository tool to force an immediate update
• Example query in Claude Desktop: "Update the FedRAMP docs repository"
• Useful when you know new requirements or guidance has been published

Disabling Auto-Update:

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "fedramp-docs-mcp",
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "false"
      }
    }
  }
}

Custom Update Frequency (check every 6 hours):

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "fedramp-docs-mcp",
      "env": {
        "FEDRAMP_DOCS_UPDATE_CHECK_HOURS": "6"
      }
    }
  }
}

Available Tools

The server provides 21 tools organized into categories. All tools follow the error model and respond with JSON payloads.

Document Discovery

KSI (Key Security Indicators)

Control Mapping

Search & Lookup

Analysis

System

Evidence Collection Suggestions

The get_evidence_examples tool provides community-suggested evidence examples for each KSI. These are automation-friendly suggestions showing how to programmatically collect compliance evidence via APIs, CLI commands, and security tools.

Important: These are NOT official FedRAMP guidance. Always verify requirements with official FedRAMP documentation.

What's Included

For each of the 72 KSI indicators, we provide:

• Evidence types: API calls, reports, scans, logs, configurations, documentation
• Automation sources: AWS, Azure, GCP, Okta, Splunk, Terraform, GitHub Actions, etc.
• Example commands: Ready-to-use CLI commands and API endpoints

Example Evidence Sources by Theme

Usage Example

"What evidence do I need for KSI-IAM-01 (Phishing-Resistant MFA)?"
→ Returns suggested API calls, CLI commands, and artifacts to collect

"Get evidence checklist for the CNA theme"
→ Returns automation sources for all Cloud Native Architecture indicators

See src/tools/ for the precise schemas implemented with Zod. Each tool returns either a successful object or an error payload containing code, message, and optional hint.

Usage Examples

When using the MCP server with Claude Desktop or other MCP clients, here are some example queries:

Getting KSI Information:

"List all available FedRAMP documents"
→ Uses list_frmr_documents

"Show me all KSI items for moderate impact systems"
→ Uses filter_by_impact with impact='moderate'

"Give me a summary of the IAM theme requirements"
→ Uses get_theme_summary with theme='IAM'

"What evidence do I need for IAM compliance?"
→ Uses get_evidence_examples with theme='IAM'

Searching Documentation:

"Search for information about continuous monitoring"
→ Uses search_markdown with query 'continuous monitoring'

"What does 'federal customer data' mean in FedRAMP?"
→ Uses search_definitions with term='federal customer data'

"Get the details for requirement KSI-IAM-01"
→ Uses get_requirement_by_id with id='KSI-IAM-01'

Working with Controls:

"What FedRAMP requirements map to control AY-01?"
→ Uses get_control_requirements with control='AY-01'

"Which control families have the most FedRAMP coverage?"
→ Uses analyze_control_coverage

"Find all markdown files that reference AC-2"
→ Uses grep_controls_in_markdown with control='AC-2'

Analyzing Changes:

"What's new in the latest KSI release?"
→ Uses list_versions then diff_frmr to compare versions

"Show significant change guidance"
→ Uses get_significant_change_guidance

Advanced Queries: Dashboard & Architecture Insights

These prompts combine FedRAMP data with Claude's analytical capabilities to help you design compliance dashboards and features:

Dashboard Architecture:

"Using the FedRAMP KSI data, design a compliance dashboard architecture.
What components would I need? How should I structure the data for real-time monitoring?"

"Get all KSI themes and their indicators. Then recommend how to organize
them into a dashboard with drill-down navigation."

Visualization Design:

"Analyze the FedRAMP control coverage data. What would be the best
chart types to visualize control family coverage? Suggest a color
scheme for compliance status."

"List the KSIs filtered by impact level. Design a risk heat map
visualization showing low/moderate/high impact requirements."

Feature Planning:

"Get the evidence checklist from FedRAMP. How would you build a
feature that tracks evidence collection progress with percentage
completion per KSI theme?"

"What are the requirements for AC-2 (Account Management)? Design a
feature that helps users track their implementation status against
these requirements."

Data Modeling:

"Analyze the structure of KSI indicators and their control mappings.
What database schema would you recommend for a compliance tracking app?"

"Get a theme summary for IAM. How would you model the relationship
between KSIs, NIST controls, and evidence in a graph database?"

Executive Reporting:

"Using the control coverage analysis, design an executive summary
dashboard that shows compliance posture at a glance."

"Analyze all high-impact KSI requirements and create a prioritized
remediation roadmap template."

Tool Search & Deferred Loading

With 21 tools, this MCP server is a great candidate for deferred tool loading (also known as tool search). Instead of loading all tools upfront, clients can load a small set of essential tools and discover the rest on demand via the search_tools tool.

The search_tools Tool

The search_tools tool lets clients discover available tools by keyword or category:

"What tools help with KSI compliance?"
→ search_tools(query="ksi compliance")
→ Returns: list_ksi, get_ksi, filter_by_impact, get_theme_summary, get_evidence_examples

"What analysis tools are available?"
→ search_tools(category="Analysis")
→ Returns: diff_frmr, grep_controls_in_markdown, get_significant_change_guidance

Recommended Non-Deferred Tools

When using deferred loading, keep these 5 tools always loaded:

Claude API Configuration with Deferred Loading

When using the Claude API with mcp_toolset, you can configure deferred loading:

import anthropic

client = anthropic.Anthropic()

response = client.messages.create(
    model="claude-sonnet-4-20250514",
    max_tokens=1024,
    mcp_servers=[
        {
            "type": "stdio",
            "command": "fedramp-docs-mcp",
            "name": "fedramp-docs",
        }
    ],
    messages=[{"role": "user", "content": "..."}],
)

The Claude API will use tool annotations (readOnlyHint, destructiveHint, etc.) to make informed decisions about tool selection. All 21 tools include annotations.

MCP Client Configuration

The FedRAMP Docs MCP server works with any MCP-compatible client. Below are setup instructions for the most popular and reliable clients.

Recommended clients:

• Claude Desktop - Most mature MCP integration, excellent tool discovery
• Claude Code CLI - Official Anthropic CLI tool, great for terminal workflows
• Cursor - AI-powered IDE with native MCP support
• VS Code + GitHub Copilot - Native MCP support, no extensions required
• Windsurf - AI-powered IDE with native MCP support
• Codex (OpenAI) - Open-source coding agent with MCP support
• Gemini CLI - Google's command-line AI agent with MCP support
• LM Studio - Native MCP support, works with local models for privacy
• OpenCode - Terminal-based coding agent with MCP support
• Goose - Experimental support, may have tool discovery issues

Claude Desktop

Add the server to your Claude Desktop configuration file:

Location: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows)

Option 1: Using npx (Recommended - no install required)

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "npx",
      "args": ["fedramp-docs-mcp"],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

Option 2: Global installation

npm install -g fedramp-docs-mcp

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "fedramp-docs-mcp",
      "env": {
        "FEDRAMP_DOCS_PATH": "/path/to/FedRAMP/docs"
      }
    }
  }
}

After updating the config, restart Claude Desktop. The FedRAMP Docs tools will appear in your conversations.

Claude Code CLI

Claude Code is Anthropic's official CLI tool with built-in MCP support.

Method 1: Using CLI (Recommended)

# Add the FedRAMP Docs MCP server
claude mcp add --transport stdio fedramp-docs fedramp-docs-mcp

# With full path
claude mcp add --transport stdio fedramp-docs /path/to/node/bin/fedramp-docs-mcp

# List configured servers
claude mcp list

# Remove if needed
claude mcp remove fedramp-docs

Method 2: Configuration File

Claude Code supports three configuration scopes:

1. Project-scoped (recommended for teams): .mcp.json in project root
2. User-scoped: ~/.claude/settings.local.json
3. Project-local: .claude/settings.local.json in project root

Example .mcp.json (project-scoped, can be version-controlled):

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "fedramp-docs-mcp",
      "args": [],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

With environment variable expansion:

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "fedramp-docs-mcp",
      "args": [],
      "env": {
        "FEDRAMP_DOCS_PATH": "${HOME}/fedramp-docs",
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

Testing:

• Restart Claude Code after configuration changes
• Use /mcp command for interactive management
• Use --mcp-debug flag for troubleshooting: claude --mcp-debug
• Verify with: claude mcp list

Note: Project-scoped configurations in .mcp.json enable team collaboration by ensuring all team members have access to the same MCP tools.

LM Studio

LM Studio (v0.3.17+) has native MCP support and works great with local models for privacy-focused workflows.

Setup Instructions

1. Open LM Studio and click the Program tab (terminal icon >_) in the right sidebar
2. Click "Edit mcp.json" under the Install section
3. Add the FedRAMP Docs configuration:

Config file location:

• macOS/Linux: ~/.lmstudio/mcp.json
• Windows: %USERPROFILE%\.lmstudio\mcp.json

Basic configuration:

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "fedramp-docs-mcp",
      "args": [],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

Using full path (recommended if command not found):

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "/path/to/node/bin/fedramp-docs-mcp",
      "args": [],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true",
        "FEDRAMP_DOCS_PATH": "/path/to/FedRAMP/docs"
      }
    }
  }
}

4. Save the file - LM Studio will automatically load the server
5. Start chatting - Open a chat with any local model
6. Test it - Ask: "List all FedRAMP FRMR documents"
7. Approve tool calls - LM Studio will show a confirmation dialog before executing each tool

Note: Requires global installation (npm install -g .) or use the full path to the executable. Find your path with: which fedramp-docs-mcp

OpenCode

OpenCode is a powerful AI coding agent built for the terminal with native MCP support.

Setup Instructions

1. Create or edit your OpenCode configuration file:

Config file location:

• Global: ~/.config/opencode/opencode.json
• Project: opencode.json (in your project root)

2. Add the FedRAMP Docs MCP server:

Basic configuration:

{
  "mcp": {
    "fedramp-docs": {
      "type": "local",
      "command": ["fedramp-docs-mcp"],
      "enabled": true
    }
  }
}

With full path:

{
  "mcp": {
    "fedramp-docs": {
      "type": "local",
      "command": ["/path/to/node/bin/fedramp-docs-mcp"],
      "enabled": true
    }
  }
}

With environment variables:

{
  "mcp": {
    "fedramp-docs": {
      "type": "local",
      "command": ["fedramp-docs-mcp"],
      "enabled": true,
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true",
        "FEDRAMP_DOCS_PATH": "/path/to/FedRAMP/docs"
      }
    }
  }
}

3. Restart OpenCode to load the MCP server
4. Test it - The FedRAMP tools will be automatically available alongside built-in tools

Note: MCP servers add to your context, so enable only the ones you need. Use "enabled": false to temporarily disable a server without removing it.

Goose

Goose is Block's open-source AI agent. You can add the FedRAMP Docs MCP server using any of these methods:

Method 1: Via Goose CLI (Recommended)

goose configure

Then select:

1. Add Extension
2. Command-line Extension
3. Enter the following details:
   • Name: FedRAMP Docs
   • Command: fedramp-docs-mcp
   • Timeout: 300

Method 2: Via Goose Desktop App

1. Open Goose Desktop
2. Click Extensions in the sidebar
3. Click Add custom extension
4. Fill in the form:
   • Extension Name: FedRAMP Docs
   • Type: STDIO
   • Command: fedramp-docs-mcp
   • Timeout: 300
   • Environment Variables: (optional)
     • FEDRAMP_DOCS_PATH: /path/to/FedRAMP/docs
     • FEDRAMP_DOCS_AUTO_UPDATE: true

Method 3: Via Config File

Edit ~/.config/goose/config.yaml (Linux/macOS) or %USERPROFILE%\.config\goose\config.yaml (Windows):

extensions:
  fedramp-docs:
    name: FedRAMP Docs
    cmd: fedramp-docs-mcp
    enabled: true
    type: stdio
    timeout: 300
    envs:
      FEDRAMP_DOCS_PATH: "/path/to/FedRAMP/docs"  # optional
      FEDRAMP_DOCS_AUTO_UPDATE: "true"            # optional

After configuration, restart Goose or reload extensions. You can test by asking: "What FedRAMP tools are available?"

Note: Goose's MCP support is still maturing and may have issues discovering tools from stdio servers. If you experience problems with tool discovery, consider using Claude Desktop, Claude Code CLI, LM Studio, or OpenCode instead.

Kiro

Kiro is AWS's spec-driven IDE with native MCP support.

Setup Instructions

1. Open Kiro MCP settings:

   • Global: ~/.kiro/settings/mcp.json
   • Project: .kiro/settings/mcp.json (takes precedence)

2. Add the FedRAMP Docs configuration:

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "npx",
      "args": ["-y", "fedramp-docs-mcp"],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

With global installation:

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "fedramp-docs-mcp",
      "args": [],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

3. Save the file - Kiro automatically loads MCP servers on config change
4. Test it - Ask Kiro: "List all FedRAMP FRMR documents"

Note: Requires global installation (npm install -g fedramp-docs-mcp) or use npx. Find your path with: which fedramp-docs-mcp

Cursor

Cursor supports MCP servers via project or global configuration.

Config file location: .cursor/mcp.json (project) or ~/.cursor/mcp.json (global)

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "npx",
      "args": ["-y", "fedramp-docs-mcp"],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

Restart Cursor after saving. You can also configure via Cursor Settings > MCP.

VS Code + GitHub Copilot

VS Code has native MCP support through GitHub Copilot (no extensions required).

Config file location: .vscode/mcp.json (workspace-scoped)

Note: VS Code uses servers (not mcpServers) and requires "type": "stdio".

{
  "servers": {
    "fedramp-docs": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "fedramp-docs-mcp"]
    }
  }
}

After saving, Copilot will detect the new server automatically. Manage MCP servers from the Command Palette (Ctrl+Shift+P > "MCP: List Servers").

Windsurf

Windsurf is an AI-powered IDE with native MCP support.

Config file location: ~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "npx",
      "args": ["-y", "fedramp-docs-mcp"],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

Restart Windsurf after saving.

Codex (OpenAI)

Codex is OpenAI's open-source coding agent with MCP support via TOML configuration.

Config file location: ~/.codex/config.toml (global) or .codex/config.toml (project)

[mcp_servers.fedramp-docs]
command = "npx"
args = ["-y", "fedramp-docs-mcp"]

[mcp_servers.fedramp-docs.env]
FEDRAMP_DOCS_AUTO_UPDATE = "true"

You can also manage MCP servers via codex mcp.

Gemini CLI

Gemini CLI is Google's command-line AI agent with MCP support.

Config file location: ~/.gemini/settings.json (global) or .gemini/settings.json (project)

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "npx",
      "args": ["-y", "fedramp-docs-mcp"],
      "env": {
        "FEDRAMP_DOCS_AUTO_UPDATE": "true"
      }
    }
  }
}

Restart Gemini CLI after saving.

MCP Inspector (Debugging)

The MCP Inspector is an official tool for testing and debugging MCP servers. It provides a visual UI to interactively call tools and explore resources.

Requirements: Node.js 22.7.5 or later

Interactive UI:

# Start the inspector with fedramp-docs-mcp
npx @modelcontextprotocol/inspector node dist/index.js

# Or if installed globally
npx @modelcontextprotocol/inspector fedramp-docs-mcp

Open http://localhost:6274 to access the UI, then test tools like:

• health_check - Verify the server is working
• list_frmr_documents - See all indexed FedRAMP documents
• list_ksi - Browse Key Security Indicators

CLI Mode (Quick Testing):

# List all available tools
npx @modelcontextprotocol/inspector --cli node dist/index.js --method tools/list

# Call a specific tool
npx @modelcontextprotocol/inspector --cli node dist/index.js \
  --method tools/call --tool-name health_check

Export Configuration: The Inspector UI includes buttons to copy server configurations for Claude Desktop, Cursor, and other MCP clients.

Claude Plugin

The repository includes a Claude Code plugin that provides slash commands, agent skills, and a specialized compliance analyst agent.

Quick Install

In Claude Code, run:

/plugin marketplace add ethanolivertroy/fedramp-docs-mcp
/plugin install fedramp-docs

That's it! The plugin is ready to use.

# One-command setup
npx fedramp-docs-mcp setup

# Then start Claude Code with the plugin
claude --plugin-dir ~/.fedramp-docs-mcp/plugin

Or add an alias to your shell profile:

alias claude-fedramp='claude --plugin-dir ~/.fedramp-docs-mcp/plugin'

Available Commands

Agent Skills

• frmr-analysis - Automatically invoked when analyzing FRMR documents or control mappings
• control-mapping - Automatically invoked when mapping NIST controls to FedRAMP requirements

See plugin/README.md for full documentation.

Docker

Run the MCP server in a security-hardened Docker container.

Quick Start

# Build the image
docker build -t fedramp-docs-mcp .

# Run interactively (for MCP stdio)
docker run --rm -i \
  --security-opt no-new-privileges:true \
  --cap-drop ALL \
  --read-only \
  --memory 512m \
  -v fedramp-cache:/home/mcpuser/.cache/fedramp-docs \
  fedramp-docs-mcp

Docker Compose

# Start with docker-compose (security hardening included)
docker compose up -d

Claude Desktop with Docker

Configure Claude Desktop to use the Docker container:

{
  "mcpServers": {
    "fedramp-docs": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "--security-opt", "no-new-privileges:true",
        "--cap-drop", "ALL",
        "--read-only",
        "--memory", "512m",
        "-v", "fedramp-cache:/home/mcpuser/.cache/fedramp-docs",
        "fedramp-docs-mcp:latest"
      ]
    }
  }
}

Security Features

The Docker setup follows 2025 MCP security best practices:

• Non-root user: Runs as mcpuser (UID 1001)
• Read-only filesystem: Prevents unauthorized modifications
• Dropped capabilities: --cap-drop ALL removes all Linux capabilities
• No new privileges: Prevents privilege escalation
• Resource limits: Memory and CPU constraints
• Network isolation: Internal network with no external access by default

Development

Running in Development Mode

Use tsx for rapid iteration without building:

npm run dev

This runs the TypeScript source directly, automatically recompiling on changes.

Running Tests

The repository includes Vitest-based unit and contract tests with small fixtures:

npm test

Tests set FEDRAMP_DOCS_PATH to tests/fixtures/repo, ensuring the indexer, search, and diff logic run deterministically without needing the real FedRAMP repo.

Integration tests validate the indexer against the real upstream FedRAMP/docs clone:

npm run test:integration

These tests clone and index the actual upstream repository, verifying that the parser handles current upstream data correctly. Set FEDRAMP_DOCS_PATH to skip the clone and use an existing checkout. When using your own checkout, also set FEDRAMP_DOCS_AUTO_UPDATE=false to prevent the test from modifying it.

Code Structure

The codebase uses:

• TypeScript 5.4+ with strict mode enabled
• ES Modules ("type": "module" in package.json)
• Node.js module resolution (moduleResolution: "NodeNext")
• Zod for runtime schema validation
• MCP SDK v1.24+ for server implementation

Project Structure

src/
  index.ts                 # MCP bootstrap
  repo.ts                  # repo discovery and cloning
  indexer.ts               # FRMR + markdown indexing logic
  frmr.ts                  # FRMR-centric helpers
  search.ts                # markdown search + aggregations
  diff.ts                  # structured FRMR diff engine
  tools/                   # individual MCP tool handlers

Fixtures live under tests/fixtures, while Vitest specs reside in tests/.

Version History

Tracks FedRAMP FRMR v0.9.2-beta documents. See CHANGELOG.md for full details.

Troubleshooting

Build Errors

Error: Cannot find module '@modelcontextprotocol/sdk'

Ensure you have the correct SDK version installed:

npm install @modelcontextprotocol/sdk@^1.20.0

Error: Module not found or import errors

The project uses ES modules with NodeNext resolution. Make sure you're using Node.js 18+ and that your TypeScript configuration matches:

{
  "compilerOptions": {
    "module": "NodeNext",
    "moduleResolution": "NodeNext"
  }
}

Runtime Errors

Error: REPO_CLONE_FAILED

The server couldn't clone the FedRAMP docs repository. Check:

• Network connectivity
• Set FEDRAMP_DOCS_PATH to an existing local clone, or
• Ensure FEDRAMP_DOCS_ALLOW_AUTO_CLONE=true (default)

Server starts but no tools appear

Verify the build completed successfully:

npm run build
ls dist/  # Should contain index.js, tools/, etc.

Development Issues

TypeScript errors about missing types

Install all development dependencies:

npm install

Required type packages:

• @types/node
• @types/fs-extra
• @types/lunr
• @types/glob