# @ansvar/automotive-cybersecurity-mcp - Doramagic AI Context Pack

> 定位：安装前体验与判断资产。它帮助宿主 AI 有一个好的开始，但不代表已经安装、执行或验证目标项目。

## 充分原则

- **充分原则，不是压缩原则**：AI Context Pack 应该充分到让宿主 AI 在开工前理解项目价值、能力边界、使用入口、风险和证据来源；它可以分层组织，但不以最短摘要为目标。
- **压缩策略**：只压缩噪声和重复内容，不压缩会影响判断和开工质量的上下文。

## 给宿主 AI 的使用方式

你正在读取 Doramagic 为 @ansvar/automotive-cybersecurity-mcp 编译的 AI Context Pack。请把它当作开工前上下文：帮助用户理解适合谁、能做什么、如何开始、哪些必须安装后验证、风险在哪里。不要声称你已经安装、运行或执行了目标项目。

## Claim 消费规则

- **事实来源**：Repo Evidence + Claim/Evidence Graph；Human Wiki 只提供显著性、术语和叙事结构。
- **事实最低状态**：`supported`
- `supported`：可以作为项目事实使用，但回答中必须引用 claim_id 和证据路径。
- `weak`：只能作为低置信度线索，必须要求用户继续核实。
- `inferred`：只能用于风险提示或待确认问题，不能包装成项目事实。
- `unverified`：不得作为事实使用，应明确说证据不足。
- `contradicted`：必须展示冲突来源，不得替用户强行选择一个版本。

## 它最适合谁

- **正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**：README 或插件配置提到多个宿主 AI。 证据：`README.md` Claim：`clm_0002` supported 0.86

## 它能做什么

- **命令行启动或安装流程**（需要安装后验证）：项目文档中存在可执行命令，真实使用需要在本地或宿主环境中运行这些命令。 证据：`README.md` Claim：`clm_0001` supported 0.86

## 怎么开始

- `claude mcp add ansvar --transport http https://gateway.ansvar.eu/mcp` 证据：`README.md` Claim：`clm_0003` supported 0.86
- `git clone https://github.com/ansvar-ai/automotive-mcp.git` 证据：`README.md` Claim：`clm_0004` supported 0.86
- `npx @modelcontextprotocol/inspector node dist/index.js` 证据：`README.md` Claim：`clm_0005` supported 0.86

## 继续前判断卡

- **当前建议**：先做角色匹配试用
- **为什么**：这个项目更像角色库，核心风险是选错角色或把角色文案当执行能力；先用 Prompt Preview 试角色匹配，再决定是否沙盒导入。

### 30 秒判断

- **现在怎么做**：先做角色匹配试用
- **最小安全下一步**：先用 Prompt Preview 试角色匹配；满意后再隔离导入
- **先别相信**：角色质量和任务匹配不能直接相信。
- **继续会触碰**：角色选择偏差、命令执行、本地环境或项目文件

### 现在可以相信

- **适合人群线索：正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**（supported）：有 supported claim 或项目证据支撑，但仍不等于真实安装效果。 证据：`README.md` Claim：`clm_0002` supported 0.86
- **能力存在：命令行启动或安装流程**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`README.md` Claim：`clm_0001` supported 0.86
- **存在 Quick Start / 安装命令线索**（supported）：可以相信项目文档出现过启动或安装入口；不要因此直接在主力环境运行。 证据：`README.md` Claim：`clm_0003` supported 0.86

### 现在还不能相信

- **角色质量和任务匹配不能直接相信。**（unverified）：角色库证明有很多角色，不证明每个角色都适合你的具体任务，也不证明角色能产生高质量结果。
- **不能把角色文案当成真实执行能力。**（unverified）：安装前只能判断角色描述和任务画像是否匹配，不能证明它能在宿主 AI 里完成任务。
- **真实输出质量不能在安装前相信。**（unverified）：Prompt Preview 只能展示引导方式，不能证明真实项目中的结果质量。
- **宿主 AI 版本兼容性不能在安装前相信。**（unverified）：Claude、Cursor、Codex、Gemini 等宿主加载规则和版本差异必须在真实环境验证。
- **不会污染现有宿主 AI 行为，不能直接相信。**（inferred）：Skill、plugin、AGENTS/CLAUDE/GEMINI 指令可能改变宿主 AI 的默认行为。
- **可安全回滚不能默认相信。**（unverified）：除非项目明确提供卸载和恢复说明，否则必须先在隔离环境验证。
- **真实安装后是否与用户当前宿主 AI 版本兼容？**（unverified）：兼容性只能通过实际宿主环境验证。
- **项目输出质量是否满足用户具体任务？**（unverified）：安装前预览只能展示流程和边界，不能替代真实评测。

### 继续会触碰什么

- **角色选择偏差**：用户对任务应该由哪个专家角色处理的判断。 原因：选错角色会让 AI 从错误专业视角回答，浪费时间或误导决策。
- **命令执行**：包管理器、网络下载、本地插件目录、项目配置或用户主目录。 原因：运行第一条命令就可能产生环境改动；必须先判断是否值得跑。 证据：`README.md`
- **本地环境或项目文件**：安装结果、插件缓存、项目配置或本地依赖目录。 原因：安装前无法证明写入范围和回滚方式，需要隔离验证。 证据：`README.md`
- **宿主 AI 上下文**：AI Context Pack、Prompt Preview、Skill 路由、风险规则和项目事实。 原因：导入上下文会影响宿主 AI 后续判断，必须避免把未验证项包装成事实。

### 最小安全下一步

- **先跑 Prompt Preview**：先用交互式试用验证任务画像和角色匹配，不要先导入整套角色库。（适用：任何项目都适用，尤其是输出质量未知时。）
- **只在隔离目录或测试账号试装**：避免安装命令污染主力宿主 AI、真实项目或用户主目录。（适用：存在命令执行、插件配置或本地写入线索时。）
- **安装后只验证一个最小任务**：先验证加载、兼容、输出质量和回滚，再决定是否深用。（适用：准备从试用进入真实工作流时。）

### 退出方式

- **保留安装前状态**：记录原始宿主配置和项目状态，后续才能判断是否可恢复。
- **保留原始角色选择记录**：如果输出偏题，可以回到任务画像阶段重新选择角色，而不是继续沿着错误角色推进。
- **记录安装命令和写入路径**：没有明确卸载说明时，至少要知道哪些目录或配置需要手动清理。
- **如果没有回滚路径，不进入主力环境**：不可回滚是继续前阻断项，不应靠信任或运气继续。

## 哪些只能预览

- 解释项目适合谁和能做什么
- 基于项目文档演示典型对话流程
- 帮助用户判断是否值得安装或继续研究

## 哪些必须安装后验证

- 真实安装 Skill、插件或 CLI
- 执行脚本、修改本地文件或访问外部服务
- 验证真实输出质量、性能和兼容性

## 边界与风险判断卡

- **把安装前预览误认为真实运行**：用户可能高估项目已经完成的配置、权限和兼容性验证。 处理方式：明确区分 prompt_preview_can_do 与 runtime_required。 Claim：`clm_0006` inferred 0.45
- **命令执行会修改本地环境**：安装命令可能写入用户主目录、宿主插件目录或项目配置。 处理方式：先在隔离环境或测试账号中运行。 证据：`README.md` Claim：`clm_0007` supported 0.86
- **待确认**：真实安装后是否与用户当前宿主 AI 版本兼容？。原因：兼容性只能通过实际宿主环境验证。
- **待确认**：项目输出质量是否满足用户具体任务？。原因：安装前预览只能展示流程和边界，不能替代真实评测。
- **待确认**：安装命令是否需要网络、权限或全局写入？。原因：这影响企业环境和个人环境的安装风险。

## 开工前工作上下文

### 加载顺序

- 先读取 how_to_use.host_ai_instruction，建立安装前判断资产的边界。
- 读取 claim_graph_summary，确认事实来自 Claim/Evidence Graph，而不是 Human Wiki 叙事。
- 再读取 intended_users、capabilities 和 quick_start_candidates，判断用户是否匹配。
- 需要执行具体任务时，优先查 role_skill_index，再查 evidence_index。
- 遇到真实安装、文件修改、网络访问、性能或兼容性问题时，转入 risk_card 和 boundaries.runtime_required。

### 任务路由

- **命令行启动或安装流程**：先说明这是安装后验证能力，再给出安装前检查清单。 边界：必须真实安装或运行后验证。 证据：`README.md` Claim：`clm_0001` supported 0.86

### 上下文规模

- 文件总数：112
- 重要文件覆盖：40/112
- 证据索引条目：77
- 角色 / Skill 条目：23

### 证据不足时的处理

- **missing_evidence**：说明证据不足，要求用户提供目标文件、README 段落或安装后验证记录；不要补全事实。
- **out_of_scope_request**：说明该任务超出当前 AI Context Pack 证据范围，并建议用户先查看 Human Manual 或真实安装后验证。
- **runtime_request**：给出安装前检查清单和命令来源，但不要替用户执行命令或声称已执行。
- **source_conflict**：同时展示冲突来源，标记为待核实，不要强行选择一个版本。

## Prompt Recipes

### 适配判断

- 目标：判断这个项目是否适合用户当前任务。
- 预期输出：适配结论、关键理由、证据引用、安装前可预览内容、必须安装后验证内容、下一步建议。

```text
请基于 @ansvar/automotive-cybersecurity-mcp 的 AI Context Pack，先问我 3 个必要问题，然后判断它是否适合我的任务。回答必须包含：适合谁、能做什么、不能做什么、是否值得安装、证据来自哪里。所有项目事实必须引用 evidence_refs、source_paths 或 claim_id。
```

### 安装前体验

- 目标：让用户在安装前感受核心工作流，同时避免把预览包装成真实能力或营销承诺。
- 预期输出：一段带边界标签的体验剧本、安装后验证清单和谨慎建议；不含真实运行承诺或强营销表述。

```text
请把 @ansvar/automotive-cybersecurity-mcp 当作安装前体验资产，而不是已安装工具或真实运行环境。

请严格输出四段：
1. 先问我 3 个必要问题。
2. 给出一段“体验剧本”：用 [安装前可预览]、[必须安装后验证]、[证据不足] 三种标签展示它可能如何引导工作流。
3. 给出安装后验证清单：列出哪些能力只有真实安装、真实宿主加载、真实项目运行后才能确认。
4. 给出谨慎建议：只能说“值得继续研究/试装”“先补充信息后再判断”或“不建议继续”，不得替项目背书。

硬性边界：
- 不要声称已经安装、运行、执行测试、修改文件或产生真实结果。
- 不要写“自动适配”“确保通过”“完美适配”“强烈建议安装”等承诺性表达。
- 如果描述安装后的工作方式，必须使用“如果安装成功且宿主正确加载 Skill，它可能会……”这种条件句。
- 体验剧本只能写成“示例台词/假设流程”：使用“可能会询问/可能会建议/可能会展示”，不要写“已写入、已生成、已通过、正在运行、正在生成”。
- Prompt Preview 不负责给安装命令；如用户准备试装，只能提示先阅读 Quick Start 和 Risk Card，并在隔离环境验证。
- 所有项目事实必须来自 supported claim、evidence_refs 或 source_paths；inferred/unverified 只能作风险或待确认项。

```

### 角色 / Skill 选择

- 目标：从项目里的角色或 Skill 中挑选最匹配的资产。
- 预期输出：候选角色或 Skill 列表，每项包含适用场景、证据路径、风险边界和是否需要安装后验证。

```text
请读取 role_skill_index，根据我的目标任务推荐 3-5 个最相关的角色或 Skill。每个推荐都要说明适用场景、可能输出、风险边界和 evidence_refs。
```

### 风险预检

- 目标：安装或引入前识别环境、权限、规则冲突和质量风险。
- 预期输出：环境、权限、依赖、许可、宿主冲突、质量风险和未知项的检查清单。

```text
请基于 risk_card、boundaries 和 quick_start_candidates，给我一份安装前风险预检清单。不要替我执行命令，只说明我应该检查什么、为什么检查、失败会有什么影响。
```

### 宿主 AI 开工指令

- 目标：把项目上下文转成一次对话开始前的宿主 AI 指令。
- 预期输出：一段边界明确、证据引用明确、适合复制给宿主 AI 的开工前指令。

```text
请基于 @ansvar/automotive-cybersecurity-mcp 的 AI Context Pack，生成一段我可以粘贴给宿主 AI 的开工前指令。这段指令必须遵守 not_runtime=true，不能声称项目已经安装、运行或产生真实结果。
```


## 角色 / Skill 索引

- 共索引 23 个角色 / Skill / 项目文档条目。

- **Automotive Cybersecurity MCP Server**（project_doc）：Automotive Cybersecurity MCP Server 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`README.md`
- **Contributing to Automotive Cybersecurity MCP**（project_doc）：Contributing to Automotive Cybersecurity MCP 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CONTRIBUTING.md`
- **CI/CD Documentation**（project_doc）：This project uses GitHub Actions for continuous integration and deployment with comprehensive security scanning. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/CI_CD.md`
- **Usage Guide: When & Why to Use the Automotive Cybersecurity MCP**（project_doc）：Usage Guide: When & Why to Use the Automotive Cybersecurity MCP 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/USAGE_GUIDE.md`
- **Automotive Cybersecurity MCP - Design Document**（project_doc）：Automotive Cybersecurity MCP - Design Document 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/plans/2026-01-29-automotive-cybersecurity-mcp-design.md`
- **Automotive Cybersecurity MCP Implementation Plan**（project_doc）：Automotive Cybersecurity MCP Implementation Plan 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/plans/2026-01-29-automotive-mcp-implementation.md`
- **Phase 2: Complete Content Ingestion Implementation Plan**（project_doc）：Phase 2: Complete Content Ingestion Implementation Plan 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/plans/2026-01-29-phase2-content-ingestion.md`
- **Automotive Sector Standards Expansion and Ingestion Plan**（project_doc）：Automotive Sector Standards Expansion and Ingestion Plan 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/plans/2026-02-18-automotive-sector-standards-ingestion-plan.md`
- **Description**（project_doc）：- 🐛 Bug fix non-breaking change which fixes an issue - ✨ New feature non-breaking change which adds functionality - 💥 Breaking change fix or feature that would cause existing functionality to not work as expected - 📝 Documentation update - 🔧 Configuration/Infrastructure change - ♻️ Refactoring no functional changes 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/PULL_REQUEST_TEMPLATE.md`
- **GitHub Actions Security Setup**（project_doc）：This document explains how to configure GitHub Actions secrets for the Automotive Cybersecurity MCP CI/CD pipeline. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/SECURITY-SETUP.md`
- **Changelog**（project_doc）：All notable changes to this project will be documented in this file. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CHANGELOG.md`
- **CRITICAL ISSUE FOUND - Database Not Included in npm Package**（project_doc）：CRITICAL ISSUE FOUND - Database Not Included in npm Package 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CRITICAL_ISSUE_FOUND.md`
- **Deployment Checklist - Automotive Cybersecurity MCP Server**（project_doc）：Deployment Checklist - Automotive Cybersecurity MCP Server 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`DEPLOYMENT_CHECKLIST.md`
- **Disclaimer**（project_doc）：This MCP server provides reference information about Automotive Mcp legislation. Nothing in this server constitutes legal, regulatory, or compliance advice. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`DISCLAIMER.md`
- **Privacy Policy**（project_doc）：This project provides a read-only MCP server for automotive cybersecurity reference data. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`PRIVACY.md`
- **Automotive Cybersecurity MCP Server - Quality Assessment Report**（project_doc）：Automotive Cybersecurity MCP Server - Quality Assessment Report 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`QUALITY_ASSESSMENT_REPORT.md`
- **Quick Start: Automotive Cybersecurity MCP**（project_doc）：Quick Start: Automotive Cybersecurity MCP 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`QUICK_START.md`
- **R155/R156 Content Integration Summary**（project_doc）：R155/R156 Content Integration Summary 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`R155_R156_INTEGRATION_SUMMARY.md`
- **Security Policy**（project_doc）：Version Supported ------- ------------------ 1.0.x :white check mark: 0.1.x :x: 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`SECURITY.md`
- **Quality Assessment Summary - Automotive Cybersecurity MCP Server**（project_doc）：Quality Assessment Summary - Automotive Cybersecurity MCP Server 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`SUMMARY.md`
- **Test Results - Automotive Cybersecurity MCP Server**（project_doc）：Test Results - Automotive Cybersecurity MCP Server 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`TEST_RESULTS.md`
- **Tools — Automotive MCP**（project_doc）：See the MCP server's tool definitions for complete parameter documentation. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`TOOLS.md`
- **✅ Automotive Cybersecurity MCP Server - Verification Complete**（project_doc）：✅ Automotive Cybersecurity MCP Server - Verification Complete 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`VERIFICATION_COMPLETE.md`

## 证据索引

- 共索引 77 条证据。

- **Automotive Cybersecurity MCP Server**（documentation）：Automotive Cybersecurity MCP Server 证据：`README.md`
- **Package**（package_manifest）：{ "name": "@ansvar/automotive-cybersecurity-mcp", "version": "2.0.0", "mcpName": "io.github.Ansvar-Systems/automotive-cybersecurity", "description": "MCP server for automotive cybersecurity regulations, standards, and TARA methodology", "type": "module", "main": "dist/index.js", "bin": { "automotive-cybersecurity-mcp": "./dist/index.js" }, "scripts": { "build": "tsc && chmod +x dist/index.js dist/http-server.js", "build:db": "tsx scripts/build-db.ts", "dev": "tsx watch src/index.ts", "dev:http": "tsx --watch src/http-server.ts", "start:http": "node dist/http-server.js", "test": "vitest run", "test:watch": "vitest", "test:ci": "npm run build:db && npm run build && npm test", "check:source-up… 证据：`package.json`
- **Contributing to Automotive Cybersecurity MCP**（documentation）：Contributing to Automotive Cybersecurity MCP 证据：`CONTRIBUTING.md`
- **License**（source_file）：Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ 证据：`LICENSE`
- **CI/CD Documentation**（documentation）：This project uses GitHub Actions for continuous integration and deployment with comprehensive security scanning. 证据：`docs/CI_CD.md`
- **Usage Guide: When & Why to Use the Automotive Cybersecurity MCP**（documentation）：Usage Guide: When & Why to Use the Automotive Cybersecurity MCP 证据：`docs/USAGE_GUIDE.md`
- **Automotive Cybersecurity MCP - Design Document**（documentation）：Automotive Cybersecurity MCP - Design Document 证据：`docs/plans/2026-01-29-automotive-cybersecurity-mcp-design.md`
- **Automotive Cybersecurity MCP Implementation Plan**（documentation）：Automotive Cybersecurity MCP Implementation Plan 证据：`docs/plans/2026-01-29-automotive-mcp-implementation.md`
- **Phase 2: Complete Content Ingestion Implementation Plan**（documentation）：Phase 2: Complete Content Ingestion Implementation Plan 证据：`docs/plans/2026-01-29-phase2-content-ingestion.md`
- **Automotive Sector Standards Expansion and Ingestion Plan**（documentation）：Automotive Sector Standards Expansion and Ingestion Plan 证据：`docs/plans/2026-02-18-automotive-sector-standards-ingestion-plan.md`
- **Description**（documentation）：- 🐛 Bug fix non-breaking change which fixes an issue - ✨ New feature non-breaking change which adds functionality - 💥 Breaking change fix or feature that would cause existing functionality to not work as expected - 📝 Documentation update - 🔧 Configuration/Infrastructure change - ♻️ Refactoring no functional changes 证据：`.github/PULL_REQUEST_TEMPLATE.md`
- **GitHub Actions Security Setup**（documentation）：This document explains how to configure GitHub Actions secrets for the Automotive Cybersecurity MCP CI/CD pipeline. 证据：`.github/SECURITY-SETUP.md`
- **Changelog**（documentation）：All notable changes to this project will be documented in this file. 证据：`CHANGELOG.md`
- **CRITICAL ISSUE FOUND - Database Not Included in npm Package**（documentation）：CRITICAL ISSUE FOUND - Database Not Included in npm Package 证据：`CRITICAL_ISSUE_FOUND.md`
- **Deployment Checklist - Automotive Cybersecurity MCP Server**（documentation）：Deployment Checklist - Automotive Cybersecurity MCP Server 证据：`DEPLOYMENT_CHECKLIST.md`
- **Disclaimer**（documentation）：This MCP server provides reference information about Automotive Mcp legislation. Nothing in this server constitutes legal, regulatory, or compliance advice. 证据：`DISCLAIMER.md`
- **Privacy Policy**（documentation）：This project provides a read-only MCP server for automotive cybersecurity reference data. 证据：`PRIVACY.md`
- **Automotive Cybersecurity MCP Server - Quality Assessment Report**（documentation）：Automotive Cybersecurity MCP Server - Quality Assessment Report 证据：`QUALITY_ASSESSMENT_REPORT.md`
- **Quick Start: Automotive Cybersecurity MCP**（documentation）：Quick Start: Automotive Cybersecurity MCP 证据：`QUICK_START.md`
- **R155/R156 Content Integration Summary**（documentation）：R155/R156 Content Integration Summary 证据：`R155_R156_INTEGRATION_SUMMARY.md`
- **Security Policy**（documentation）：Version Supported ------- ------------------ 1.0.x :white check mark: 0.1.x :x: 证据：`SECURITY.md`
- **Quality Assessment Summary - Automotive Cybersecurity MCP Server**（documentation）：Quality Assessment Summary - Automotive Cybersecurity MCP Server 证据：`SUMMARY.md`
- **Test Results - Automotive Cybersecurity MCP Server**（documentation）：Test Results - Automotive Cybersecurity MCP Server 证据：`TEST_RESULTS.md`
- **Tools — Automotive MCP**（documentation）：See the MCP server's tool definitions for complete parameter documentation. 证据：`TOOLS.md`
- **✅ Automotive Cybersecurity MCP Server - Verification Complete**（documentation）：✅ Automotive Cybersecurity MCP Server - Verification Complete 证据：`VERIFICATION_COMPLETE.md`
- **.Prettierrc**（structured_config）：{ "semi": true, "trailingComma": "es5", "singleQuote": true, "printWidth": 100, "tabWidth": 2, "useTabs": false, "endOfLine": "lf" } 证据：`.prettierrc.json`
- **Source Updates Report**（structured_config）：{ "generated at": "2026-02-18T17:02:17.531Z", "summary": { "regulations count": 2, "regulation items count": 33, "standards count": 33, "standard clauses count": 559, "pending review count": 19 }, "pending review": { "id": "iso 17978 sovd", "full name": "ISO 17978", "current version": "Multi-part", "reason": "Uses \"Multi-part\" placeholder" }, { "id": "iso 14229", "full name": "ISO 14229", "current version": "Multi-part", "reason": "Uses \"Multi-part\" placeholder" }, { "id": "iso 13209", "full name": "ISO 13209", "current version": "Multi-part", "reason": "Uses \"Multi-part\" placeholder" }, { "id": "iso 22900", "full name": "ISO 22900", "current version": "Multi-part", "reason": "Uses \"… 证据：`data/source-updates-report.json`
- **Golden Hashes**（structured_config）：{ "$schema": "Drift detection hashes for Automotive Cybersecurity MCP", "version": "1.0.0", "description": "SHA-256 hashes of seed data files used to detect upstream data changes. If a hash changes, the data has been modified and golden tests should be re-validated.", "generated": "2026-02-17", "note": "Drift detection metadata for seed data integrity verification.", "files": { "data/seed/regulations.json": { "description": "R155 + R156 regulation content articles + annexes ", "expected record counts": { "regulations": 2, "content": 33 } }, "data/seed/standards.json": { "description": "ISO 21434, TISAX, SAE J3061, AUTOSAR, GB/T standards and clauses", "expected record counts": { "standards"… 证据：`fixtures/golden-hashes.json`
- **Golden Tests**（structured_config）：{ "$schema": "Golden contract tests for Automotive Cybersecurity MCP", "version": "1.0.0", "description": "These tests validate data accuracy by checking specific known data points against expected values. Minimum 10 tests required.", "tests": { "id": "GT-001", "description": "R155 regulation metadata is correct", "tool": "list sources", "input": { "source type": "regulation" }, "assertions": { "path": " 0 .id", "operator": "equals", "expected": "r155" }, { "path": " 0 .version", "operator": "equals", "expected": "Revision 2" }, { "path": " 0 .effective date", "operator": "equals", "expected": "2024-07-07" } }, { "id": "GT-002", "description": "R156 regulation metadata is correct", "tool":… 证据：`fixtures/golden-tests.json`
- **Manifest**（structured_config）：{ "manifest version": "0.3", "name": "automotive-cybersecurity-mcp", "display name": "Automotive Cybersecurity MCP Server", "version": "1.0.1", "description": "MCP server for automotive cybersecurity regulations, standards, and TARA methodology", "author": { "name": "Ansvar Systems", "email": "hello@ansvar.eu", "url": "https://ansvar.eu" }, "license": "Apache-2.0", "repository": { "type": "git", "url": "https://github.com/Ansvar-Systems/Automotive-MCP" }, "homepage": "https://ansvar.eu", "keywords": "mcp", "automotive", "cybersecurity", "unece", "r155", "r156", "iso21434", "tara" , "server": { "type": "node", "entry point": "dist/index.js", "mcp config": { "command": "node", "args": "${ dir… 证据：`manifest.json`
- **Server**（structured_config）：{ "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", "name": "io.github.Ansvar-Systems/automotive-cybersecurity", "description": "Automotive regulations and standards knowledge base: R155/R156, ISO/SAE cybersecurity, diagnostics SOVD/UDS/DoIP , safety, EV charging, and service-data frameworks", "repository": { "url": "https://github.com/Ansvar-Systems/Automotive-MCP", "source": "github" }, "version": "1.0.2", "packages": { "registryType": "npm", "identifier": "@ansvar/automotive-cybersecurity-mcp", "version": "1.0.2", "transport": { "type": "stdio" } } , "tools": { "name": "list sources", "description": "List available automotive cybersecurity regulat… 证据：`server.json`
- **Tsconfig**（structured_config）：{ "compilerOptions": { "target": "ES2022", "module": "Node16", "lib": "ES2022" , "moduleResolution": "Node16", "outDir": "./dist", "rootDir": "./src", "strict": true, "esModuleInterop": true, "skipLibCheck": true, "forceConsistentCasingInFileNames": true, "resolveJsonModule": true, "declaration": true, "declarationMap": true, "sourceMap": true }, "include": "src/ / " , "exclude": "node modules", "dist", "tests" } 证据：`tsconfig.json`
- **Vercel**（structured_config）：{ "$schema": "https://openapi.vercel.sh/vercel.json", "buildCommand": "npm run build", "outputDirectory": ".", "functions": { "api/mcp.ts": { "maxDuration": 30, "memory": 512, "includeFiles": "{data/automotive.db,node modules/ /node-sqlite3-wasm/dist/node-sqlite3-wasm.wasm}" } }, "rewrites": { "source": "/mcp", "destination": "/api/mcp" }, { "source": "/health", "destination": "/api/health" } } 证据：`vercel.json`
- **Architecture Patterns**（structured_config）：{ "patterns": { "id": "split-trust-diagnostic-pki", "name": "Split-Trust Diagnostic PKI", "domain": "diagnostics", "description": "A PKI architecture that separates OEM backend trust from dealer-level diagnostic access by issuing session-scoped, VIN-bound certificates through a centralized backend, preventing stolen or expired dealer tools from gaining unauthorized vehicle access.", "components": "OEM PKI", "Dealer Tool", "Gateway ECU", "Target ECU" , "trust boundaries": "OEM backend ↔ dealer network", "Dealer tool ↔ vehicle gateway", "Gateway ↔ target ECU" , "applicable standards": "iso 21434", "iso 14229", "r155" , "threat mitigations": {"threat": "Stolen dealer tool used for unauthorized… 证据：`data/seed/architecture-patterns.json`
- **Attack Patterns**（structured_config）：{ "patterns": { "id": "ecu-firmware-extraction", "name": "ECU Firmware Extraction via Debug Port", "target component": "ECU", "attack vector": "Physical access to JTAG or SWD debug interface on target ECU to dump firmware for reverse engineering", "stride category": "I", "feasibility": { "elapsed time": "days", "expertise": "proficient", "knowledge": "restricted", "equipment": "specialized", "access": "physical" }, "impact": "Firmware binary exposed, enabling discovery of cryptographic keys, proprietary algorithms, and vulnerabilities for further attacks", "known mitigations": "Disable JTAG/SWD in production fuses", "Use secure boot with encrypted firmware storage", "Implement HSM-backed ke… 证据：`data/seed/attack-patterns.json`
- **Cross Mappings**（structured_config）：{ "mappings": { "source type": "standard", "source id": "iso 21434", "source ref": "5", "target type": "standard", "target id": "autosar", "target ref": "Overview", "relationship": "related", "notes": "Organizational CSMS policy governs AUTOSAR security configuration" }, { "source type": "standard", "source id": "iso 21434", "source ref": "5", "target type": "standard", "target id": "autosar", "target ref": "KeyProvisioning", "relationship": "related", "notes": "Key provisioning lifecycle requires organizational policy" }, { "source type": "standard", "source id": "iso 21434", "source ref": "5", "target type": "standard", "target id": "autosar", "target ref": "KeyM", "relationship": "relate… 证据：`data/seed/cross-mappings.json`
- **Csms Obligations**（structured_config）：{ "obligations": { "id": "csms-dev-tara-maintenance", "lifecycle phase": "development", "obligation": "Maintain threat analysis and risk assessment TARA throughout development", "source regulation": "r155", "source ref": "7.2.2.2 b ", "reporting timeline": null, "evidence required": "TARA document per ISO 21434 clause 15", "Risk treatment decision records", "TARA review meeting minutes", "Change log showing iterative updates" , "guidance": "The TARA must be a living document that evolves as the vehicle architecture matures during development. Start with an initial TARA at concept phase based on the item definition and preliminary architecture. Revisit the analysis at each design milestone:… 证据：`data/seed/csms-obligations.json`
- **Regulations**（structured_config）：{ "regulations": { "id": "r155", "full name": "UN Regulation No. 155", "title": "Cyber Security and Cyber Security Management System", "version": "Revision 2", "effective date": "2024-07-07", "source url": "https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155", "applies to": "M1", "M2", "M3", "N1", "N2", "N3", "O3", "O4" , "regulation type": "unece" }, { "id": "r156", "full name": "UN Regulation No. 156", "title": "Software Update and Software Updates Management System", "version": "Revision 2", "effective date": "2024-07-07", "source url": "https://unece.org/transport/documents/2021/03/standards/un-regulation-no-156", "applies to": "M1", "M2", "M3", "N1", "N2", "N3"… 证据：`data/seed/regulations.json`
- **Standards**（structured_config）：{ "standards": { "id": "iso 21434", "full name": "ISO/SAE 21434:2021", "title": "Road vehicles — Cybersecurity engineering", "version": "2021", "note": "Standard text requires paid license. Clause IDs and expert guidance provided." }, { "id": "tisax", "full name": "VDA ISA / TISAX", "title": "Trusted Information Security Assessment Exchange", "version": "6.0", "note": "VDA Information Security Assessment catalog. Required for German OEM supplier qualification. Assessment levels AL1-AL3." }, { "id": "sae j3061", "full name": "SAE J3061", "title": "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems", "version": "2016", "note": "SAE recommended practice. Predecessor to ISO 21434. Still… 证据：`data/seed/standards.json`
- **Tara Examples**（structured_config）：{ "examples": { "id": "tara-tcu", "system name": "Telematics Control Unit TCU ", "item definition": "The Telematics Control Unit provides cellular connectivity 4G/5G for the vehicle, enabling remote diagnostics, over-the-air updates relay, emergency call eCall , and fleet telemetry. It interfaces with the central gateway ECU via CAN-FD and Ethernet, connects to the OEM backend cloud via TLS-secured cellular links, and stores cryptographic material in a hardware security module HSM . Trust boundaries exist between the cellular modem and application processor, between the TCU and the in-vehicle network, and between the TCU and the OEM cloud backend. The TCU processes personal data including G… 证据：`data/seed/tara-examples.json`
- **Keep npm dependencies up to date**（source_file）：version: 2 updates: Keep npm dependencies up to date - package-ecosystem: "npm" directory: "/" schedule: interval: "weekly" day: "monday" open-pull-requests-limit: 10 reviewers: - "Ansvar-Systems/maintainers" labels: - "dependencies" - "automated" commit-message: prefix: "chore" include: "scope" 证据：`.github/dependabot.yml`
- **Worktrees**（source_file）：Node.js node modules/ dist/ .tsbuildinfo 证据：`.gitignore`
- **Gitleaks configuration for Automotive MCP**（source_file）：Gitleaks configuration for Automotive MCP Prevents accidental commits of secrets, API keys, tokens 证据：`.gitleaks.toml`
- **============================================================================**（source_file）：============================================================================ npm Package Exclusions ============================================================================ This file controls what gets published to npm. CRITICAL: Database file data/automotive.db MUST be included! 证据：`.npmignore`
- **Dockerfile**（source_file）：FROM node:24-alpine AS builder RUN apk add --no-cache python3 make g++ WORKDIR /app COPY package.json package-lock.json ./ RUN npm ci COPY src/ ./src/ COPY scripts/ ./scripts/ COPY data/ ./data/ COPY tsconfig.json ./ RUN npm run build RUN npm run build:db 证据：`Dockerfile`
- **Automotive Cybersecurity MCP Server**（source_file）：Automotive Cybersecurity MCP Server 证据：`README.md-e`
- **Health**（source_file）：import type { VercelRequest, VercelResponse } from '@vercel/node'; import { existsSync, copyFileSync, readFileSync } from 'fs'; import { join } from 'path'; import Database from '@ansvar/mcp-sqlite'; 证据：`api/health.ts`
- **Mcp**（source_file）：import type { VercelRequest, VercelResponse } from '@vercel/node'; import { Server } from '@modelcontextprotocol/sdk/server/index.js'; import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js'; import Database from '@ansvar/mcp-sqlite'; import { join } from 'path'; import { existsSync, copyFileSync, readFileSync } from 'fs'; 证据：`api/mcp.ts`
- **!/usr/bin/env python3**（source_file）：!/usr/bin/env python3 """ Direct database inspection script Queries the automotive.db database to verify contents """ 证据：`inspect-db.py`
- **!/usr/bin/env node**（source_file）：!/usr/bin/env node / Comprehensive quality and edge case testing / 证据：`quality-test.mjs`
- **!/usr/bin/env python3**（source_file）：!/usr/bin/env python3 """Add ISO 21434 normative content to standards.json seed data. 证据：`scripts/add-iso21434-normative.py`
- **!/usr/bin/env tsx**（source_file）：/ Build the automotive.db SQLite database from seed JSON files. Run with: npm run build:db / 证据：`scripts/build-db.ts`
- **!/usr/bin/env tsx**（source_file）：/ Generate a source update review report. This script does not fetch remote content. It scans local seed metadata and flags sources that should be manually reviewed for potential version drift. Run with: npm run check:source-updates / 证据：`scripts/check-source-updates.ts`
- **!/usr/bin/env tsx**（source_file）：/ Split R155/R156 articles into paragraph-level items. Reads existing regulations.json, extracts sub-paragraphs from article text, and writes back to regulations.json with new paragraph-level entries. Run with: npx tsx scripts/split-regulations.ts / 证据：`scripts/split-regulations.ts`
- **!/usr/bin/env node**（source_file）：!/usr/bin/env node / Rewrites all 20 GB/T clauses in standards.json to 300-500 words each. Preserves all non-guidance fields work products, r155 mapping, cal relevant . Does NOT touch tisax, iso 26262, iso 24089, or any other standard. / 证据：`scripts/update-gbt-guidance.mjs`
- **Server**（source_file）：{ "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", "name": "io.github.Ansvar-Systems/automotive-cybersecurity", "description": "Automotive regulations and standards knowledge base: R155/R156, ISO/SAE cybersecurity, diagnostics SOVD/UDS/DoIP , safety, EV charging, and service-data frameworks", "repository": { "url": "https://github.com/Ansvar-Systems/Automotive-MCP", "source": "github" }, "version": "1.0.2", "packages": { "registryType": "npm", "identifier": "@ansvar/automotive-cybersecurity-mcp", "version": "1.0.2", "transport": { "type": "stdio" } } , "tools": { "name": "list sources", "description": "List available automotive cybersecurity regulat… 证据：`server.json-e`
- **Data Source Provenance**（source_file）：Data Source Provenance Automotive Cybersecurity MCP Server Last updated: 2026-02-18 证据：`sources.yml`
- **!/usr/bin/env node**（source_file）：/ HTTP Server entry point for the Automotive Cybersecurity MCP server. Provides StreamableHTTP transport for Docker container deployment. Usage: PORT=3000 node dist/http-server.js AUTOMOTIVE CYBERSEC DB PATH=/path/to/db.sqlite node dist/http-server.js / 证据：`src/http-server.ts`
- **!/usr/bin/env node**（source_file）：import { Server } from '@modelcontextprotocol/sdk/server/index.js'; import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'; import Database from '@ansvar/mcp-sqlite'; import { fileURLToPath } from 'url'; import { dirname, join } from 'path'; import { createHash } from 'crypto'; import { readFileSync, statSync } from 'fs'; import { registerTools } from './tools/registry.js'; import type { AboutContext } from './tools/about.js'; 证据：`src/index.ts`
- **!/usr/bin/env node**（source_file）：/ Simple MCP client to test the server manually This spawns the server and sends test requests / 证据：`test-mcp-client.mjs`
- 其余 17 条证据见 `AI_CONTEXT_PACK.json` 或 `EVIDENCE_INDEX.json`。

## 宿主 AI 必须遵守的规则

- **把本资产当作开工前上下文，而不是运行环境。**：AI Context Pack 只包含证据化项目理解，不包含目标项目的可执行状态。 证据：`README.md`, `package.json`, `CONTRIBUTING.md`
- **回答用户时区分可预览内容与必须安装后才能验证的内容。**：安装前体验的消费者价值来自降低误装和误判，而不是伪装成真实运行。 证据：`README.md`, `package.json`, `CONTRIBUTING.md`

## 用户开工前应该回答的问题

- 你准备在哪个宿主 AI 或本地环境中使用它？
- 你只是想先体验工作流，还是准备真实安装？
- 你最在意的是安装成本、输出质量、还是和现有规则的冲突？

## 验收标准

- 所有能力声明都能回指到 evidence_refs 中的文件路径。
- AI_CONTEXT_PACK.md 没有把预览包装成真实运行。
- 用户能在 3 分钟内看懂适合谁、能做什么、如何开始和风险边界。

---

## Doramagic Context Augmentation

The following material strengthens the Repomix/AI Context Pack body. Human Manual is only a reading skeleton; pitfall logs become hard operating constraints for the host AI.

## Human Manual Skeleton

Usage rule: this is only a reading path and salience signal, not factual authority. Concrete facts must still come from repo evidence / Claim Graph.

Hard rules for the host AI:
- Do not treat page titles, order, summaries, or importance as project facts.
- When explaining the Human Manual skeleton, state that it is only a reading path / salience signal.
- Capability, installation, compatibility, runtime status, and risk judgments must cite repo evidence, source paths, or Claim Graph.

- **Repository Overview**：importance `high`
  - source_paths: Dockerfile, README.md, package.json, api/health.ts, api/mcp.ts
- **Entrypoints and Runtime Surface**：importance `high`
  - source_paths: Dockerfile, README.md, package.json, api/health.ts, api/mcp.ts
- **Architecture Evidence Map**：importance `high`
  - source_paths: Dockerfile, README.md, package.json, api/health.ts, api/mcp.ts
- **Operations and Verification Boundaries**：importance `high`
  - source_paths: Dockerfile, README.md, package.json, api/health.ts, api/mcp.ts

## Repo Inspection Evidence

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `b86564f765657055b37b6e680b0626b9051bece4`
- inspected_files: `pnpm-lock.yaml`, `Dockerfile`, `package.json`, `README.md`, `docs/CI_CD.md`, `docs/USAGE_GUIDE.md`, `docs/plans/2026-01-29-automotive-cybersecurity-mcp-design.md`, `docs/plans/2026-02-18-automotive-sector-standards-ingestion-plan.md`, `docs/plans/2026-01-29-automotive-mcp-implementation.md`, `docs/plans/2026-01-29-phase2-content-ingestion.md`, `src/index.ts`, `src/http-server.ts`, `src/tools/tara-generator.ts`, `src/tools/search.ts`, `src/tools/export.ts`, `src/tools/get.ts`, `src/tools/list.ts`, `src/tools/compliance-path.ts`, `src/tools/csms.ts`, `src/tools/registry.ts`

Hard rules for the host AI:
- Without repo_clone_verified=true, do not claim the source code has been read.
- Without repo_inspection_verified=true, do not turn README/docs/package observations into facts.
- Without quick_start_verified=true, do not claim the Quick Start has been successfully run.

## Doramagic Pitfall Constraints

These rules come from Doramagic discovery, validation, or compilation pitfalls. The host AI must treat them as operating constraints, not general background notes.

### Constraint 1: 仓库名和安装名不一致

- Trigger: 仓库名 `automotive-mcp` 与安装入口 `@ansvar/automotive-cybersecurity-mcp` 不完全一致。
- Host AI rule: 在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。
- Why it matters: 用户照着仓库名搜索包或照着包名找仓库时容易走错入口。
- Evidence: identity.distribution | mcp_registry:io.github.Ansvar-Systems/automotive-cybersecurity:1.0.1 | https://registry.modelcontextprotocol.io/v0.1/servers/io.github.Ansvar-Systems%2Fautomotive-cybersecurity/versions/1.0.1 | repo=automotive-mcp; install=@ansvar/automotive-cybersecurity-mcp
- Hard boundary: do not present this pitfall as solved, verified, or safe to ignore unless later validation evidence explicitly closes it.

### Constraint 2: 能力判断依赖假设

- Trigger: README/documentation is current enough for a first validation pass.
- Host AI rule: 将假设转成下游验证清单。
- Why it matters: 假设不成立时，用户拿不到承诺的能力。
- Evidence: capability.assumptions | mcp_registry:io.github.Ansvar-Systems/automotive-cybersecurity:1.0.1 | https://registry.modelcontextprotocol.io/v0.1/servers/io.github.Ansvar-Systems%2Fautomotive-cybersecurity/versions/1.0.1 | README/documentation is current enough for a first validation pass.
- Hard boundary: do not present this pitfall as solved, verified, or safe to ignore unless later validation evidence explicitly closes it.

### Constraint 3: 维护活跃度未知

- Trigger: 未记录 last_activity_observed。
- Host AI rule: 补 GitHub 最近 commit、release、issue/PR 响应信号。
- Why it matters: 新项目、停更项目和活跃项目会被混在一起，推荐信任度下降。
- Evidence: evidence.maintainer_signals | mcp_registry:io.github.Ansvar-Systems/automotive-cybersecurity:1.0.1 | https://registry.modelcontextprotocol.io/v0.1/servers/io.github.Ansvar-Systems%2Fautomotive-cybersecurity/versions/1.0.1 | last_activity_observed missing
- Hard boundary: do not present this pitfall as solved, verified, or safe to ignore unless later validation evidence explicitly closes it.

### Constraint 4: 下游验证发现风险项

- Trigger: no_demo
- Host AI rule: 进入安全/权限治理复核队列。
- Why it matters: 下游已经要求复核，不能在页面中弱化。
- Evidence: downstream_validation.risk_items | mcp_registry:io.github.Ansvar-Systems/automotive-cybersecurity:1.0.1 | https://registry.modelcontextprotocol.io/v0.1/servers/io.github.Ansvar-Systems%2Fautomotive-cybersecurity/versions/1.0.1 | no_demo; severity=medium
- Hard boundary: do not present this pitfall as solved, verified, or safe to ignore unless later validation evidence explicitly closes it.

### Constraint 5: 存在评分风险

- Trigger: no_demo
- Host AI rule: 把风险写入边界卡，并确认是否需要人工复核。
- Why it matters: 风险会影响是否适合普通用户安装。
- Evidence: risks.scoring_risks | mcp_registry:io.github.Ansvar-Systems/automotive-cybersecurity:1.0.1 | https://registry.modelcontextprotocol.io/v0.1/servers/io.github.Ansvar-Systems%2Fautomotive-cybersecurity/versions/1.0.1 | no_demo; severity=medium
- Hard boundary: do not present this pitfall as solved, verified, or safe to ignore unless later validation evidence explicitly closes it.

### Constraint 6: issue/PR 响应质量未知

- Trigger: issue_or_pr_quality=unknown。
- Host AI rule: 抽样最近 issue/PR，判断是否长期无人处理。
- Why it matters: 用户无法判断遇到问题后是否有人维护。
- Evidence: evidence.maintainer_signals | mcp_registry:io.github.Ansvar-Systems/automotive-cybersecurity:1.0.1 | https://registry.modelcontextprotocol.io/v0.1/servers/io.github.Ansvar-Systems%2Fautomotive-cybersecurity/versions/1.0.1 | issue_or_pr_quality=unknown
- Hard boundary: do not present this pitfall as solved, verified, or safe to ignore unless later validation evidence explicitly closes it.

### Constraint 7: 发布节奏不明确

- Trigger: release_recency=unknown。
- Host AI rule: 确认最近 release/tag 和 README 安装命令是否一致。
- Why it matters: 安装命令和文档可能落后于代码，用户踩坑概率升高。
- Evidence: evidence.maintainer_signals | mcp_registry:io.github.Ansvar-Systems/automotive-cybersecurity:1.0.1 | https://registry.modelcontextprotocol.io/v0.1/servers/io.github.Ansvar-Systems%2Fautomotive-cybersecurity/versions/1.0.1 | release_recency=unknown
- Hard boundary: do not present this pitfall as solved, verified, or safe to ignore unless later validation evidence explicitly closes it.