SbD MCP Server v0.9.0 — Software Bundle (npm package + GitHub source, ICSME 2026) - Dataset

Dataset

SbD MCP Server v0.9.0 — Software Bundle (npm package + GitHub source, ICSME 2026)

DOI

Offline-reproducible software bundle for the SbD MCP Server (v0.9.0), an ontology-grounded retrieval tool that exposes the Security-by-Design Theory-of-Everything (SbD-ToE) knowledge graph to GenAI coding assistants through the Model Context Protocol (MCP). The server grounds model output in a curated, versioned ontology of AppSec Core-typed security requirements rather than relying on parametric memory alone.

This item archives the tool itself in two complementary forms — the canonical npm package tarball (runnable) and the full GitHub source bundle (inspectable) — so that the v0.9.0 demonstration state remains reproducible independently of the upstream registries.

FILES

sbd-toe-mcp-0.9.0.tgz 4,183,175 bytes SHA-256: c0dc7b432007f4d1e0058183f2a85a1d06c4d5cfb640f8d2781dc3d749e912aa Role: canonical npm package tarball (runtime distribution only). Install offline: npm install ./sbd-toe-mcp-0.9.0.tgz Or install from npm registry: npx @shiftleftpt/sbd-toe-mcp sbd-toe-mcp-v0.9.0-bundle.tar.gz 4,376,388 bytes SHA-256: 533d8185d02356e68c06b395b0cc864dd318c176e27d202c45e6d5f82a4d0407 Role: full GitHub repository snapshot at tag v0.9.0, including TypeScript source, tests, build scripts, and CI configuration that are not shipped in the npm tarball.

MANIFEST.txt ~4 KB Role: full provenance record — SHA-256 checksums, file sizes, origin URLs, and release metadata for every artefact referenced by this bundle and by the companion Media item.

SHASUMS.txt ~270 bytes Role: shasum -c -a 256 compatible checksum file for the two software bundles above. Verify with: shasum -a 256 -c SHASUMS.txt

RUNTIME

Node.js >= 20.9.0

VERIFICATION

After download, all files can be verified in one shot: shasum -a 256 -c SHASUMS.txt Expected output: sbd-toe-mcp-0.9.0.tgz: OK sbd-toe-mcp-v0.9.0-bundle.tar.gz: OK

RELATED MATERIALS

npm package (live registry, v0.9.0): https://www.npmjs.com/package/@shiftleftpt/sbd-toe-mcp

GitHub repository: https://github.com/Shiftleftpt/sbd-toe-mcp-poc

GitHub release v0.9.0 (immutable, 2026-05-21): https://github.com/Shiftleftpt/sbd-toe-mcp-poc/releases/tag/v0.9.0

Demonstration screencast (companion Figshare item, type Media — DOI to be added once minted): end-to-end walkthrough of installation, MCP client configuration, and a representative secure-coding session.

OSF registration (ICSME 2026 Tool Demonstration — DOI to be added once minted): contains the registered demonstration state including this software bundle and the screencast.

Companion paper: ICSME 2026 — Tool Demonstration submission (DOI to be added once accepted).

LICENCE

Code: Apache-2.0 Content: CC-BY-SA-4.0

AUTHOR

Pedro Farinha — Shiftleft - Secure Software Engineering, Lda. ORCID: 0009-0001-0569-9020

Identifier
DOI	https://doi.org/10.23728/b2share.2bgbn-k8044
Source	https://b2share.eudat.eu/records/2bgbn-k8044
Metadata Access	https://b2share.eudat.eu/oai2d?verb=GetRecord&metadataPrefix=eudatcore&identifier=oai:b2share-:2bgbn-k8044

Provenance
Creator	Farinha, Pedro
Publisher	B2SHARE
Publication Year	2026
Rights	Apache License 2.0
OpenAccess	true

Representation
Language	English
Resource Type	Software
Format	application/gzip; text/plain
Size	8.6 MB; 4 files
Discipline	Other