The content-agent is designed as a layered architecture that exposes ComplianceAsCode/content capabilities through the Model Context Protocol (MCP).
┌─────────────────────────────────────────────┐
│ Claude Desktop / AI Client │
└──────────────────┬──────────────────────────┘
│ MCP Protocol (stdio/HTTP)
┌──────────────────▼──────────────────────────┐
│ MCP Protocol Layer │
│ ┌────────────────────────────────────────┐ │
│ │ Resources │ Tools │ Prompts │ │
│ └────────────────────────────────────────┘ │
└──────────────────┬──────────────────────────┘
┌──────────────────▼──────────────────────────┐
│ Core Business Logic │
│ ┌────────────────────────────────────────┐ │
│ │ Discovery │ Scaffolding │ Build │ Test │ │
│ └────────────────────────────────────────┘ │
└──────────────────┬──────────────────────────┘
┌──────────────────▼──────────────────────────┐
│ Content Repository Integration │
│ ┌────────────────────────────────────────┐ │
│ │ Content Manager │ SSG Modules │ │
│ └────────────────────────────────────────┘ │
└──────────────────┬──────────────────────────┘
┌──────────────────▼──────────────────────────┐
│ ComplianceAsCode/content Repository │
│ SSG modules │ Build system │ Tests │
└─────────────────────────────────────────────┘
Location: src/content_agent/server/
Responsibility: Implements MCP protocol and handles client communication.
Components:
mcp_server.py: Main MCP server implementation using official SDKhandlers/resources.py: Resource (read-only) request handlershandlers/tools.py: Tool (action) request handlershandlers/prompts.py: Prompt request handlers (Phase 4)
Key Features:
- stdio transport for Claude Desktop integration
- HTTP transport for web integrations (Phase 4)
- JSON-based request/response handling
- Async request processing
Location: src/content_agent/core/
Responsibility: Implements domain logic for content operations.
Modules:
products.py: Product listing and detailsrules.py: Rule search and informationprofiles.py: Profile discoverytemplates.py: Template listing and schemascontrols.py: Control framework discovery
Features:
- Efficient rule indexing and search
- Structured data extraction from YAML
- Caching for performance
rule_generator.py: Rule boilerplate generationvalidators.py: YAML validationtemplate_generator.py: Template-based generation (Phase 3)ai_generator.py: AI-assisted generation (Phase 3)
Features:
- Smart directory placement based on rule naming
- Comprehensive validation with helpful errors
- Automatic subdirectory creation
- Build orchestration
- CMake wrapper
- Artifact management
- Automatus integration
- Container backend management
- Test result parsing
Location: src/content_agent/core/integration/
Responsibility: Manages content repository and SSG module access.
Components:
- Managed repository mode (auto-clone/update)
- Existing repository mode
- Git operations
- Python path management
- Safe import wrapper for SSG modules
- Module lifecycle management
- Error handling
Key Features:
- Automatic repository cloning
- Optional auto-updates
- Version detection
- SSG module isolation
Location: src/content_agent/models/
Responsibility: Pydantic models for type safety and validation.
Models:
product.py: Product-related modelsrule.py: Rule and validation modelsprofile.py: Profile and template modelsbuild.py: Build job models (Phase 2)test.py: Test job models (Phase 2)
Features:
- JSON serialization
- Validation
- Documentation via examples
Location: src/content_agent/config/
Responsibility: Configuration management.
Components:
settings.py: Pydantic Settings with env var supportdefaults.yaml: Default configuration
Configuration Sources (priority order):
- Environment variables (
CAC_MCP_*) - Config file (if specified)
- Defaults
Location: src/content_agent/jobs/ (Phase 2)
Responsibility: Async job execution and tracking.
Features:
- Thread pool executor
- SQLite persistence
- Job lifecycle management
- Status polling
Content repository is abstracted behind ContentRepository class, allowing for:
- Different repository modes (managed vs existing)
- Testing with mock repositories
- Future support for multiple repositories
SSG modules wrapped in SSGModules facade to:
- Simplify imports
- Handle initialization
- Provide error handling
- Enable testing without actual SSG modules
Discovery classes instantiate and return appropriate model objects:
- Consistent data structures
- Easy serialization
- Type safety
1. Claude Desktop sends tool call via stdio
↓
2. MCP server receives and deserializes request
↓
3. handlers/tools.py routes to appropriate function
↓
4. Core business logic executes
↓
5. Result serialized to JSON
↓
6. MCP server sends response via stdio
↓
7. Claude Desktop receives and displays result
1. Claude Desktop requests resource (e.g., cac://rules/ssh_idle)
↓
2. MCP server parses URI
↓
3. handlers/resources.py routes to appropriate handler
↓
4. Discovery module fetches data
↓
5. JSON serialized and returned
↓
6. Claude Desktop receives resource content
1. generate_rule_boilerplate tool called
↓
2. RuleGenerator determines directory location
↓
3. Directory structure created
↓
4. rule.yml generated from template
↓
5. Validation performed
↓
6. ScaffoldingResult returned with file paths
- MCP handlers are async (required by SDK)
- Core business logic is synchronous
- Works well for fast operations (discovery, scaffolding)
- Build and test operations run in background
- JobManager tracks async operations
- Clients poll for results
- SQLite persistence for job state
- Protocol Level: MCP server catches all exceptions, returns error responses
- Handler Level: Validation, logging, graceful degradation
- Core Level: Domain-specific errors with context
- Integration Level: Repository and SSG module errors
{
"error": "Brief error message",
"details": "Detailed information",
"suggestions": "How to fix"
}- Input validation (regex, enums, size limits)
- Path traversal prevention
- YAML size limits
- Assumes trusted local environment
- Authentication for HTTP mode
- Authorization (RBAC)
- Audit logging
- Container sandboxing for builds/tests
- Rule index cached after first build
- Product list cached
- Template list cached
- Cache invalidation on repository update
- SSG modules loaded only when needed
- Repository cloned only if managed mode
- Heavy operations deferred to Phase 2 jobs
- Single repository instance (singleton)
- Thread pool for concurrent jobs (Phase 2)
- Connection pooling for HTTP mode (Phase 4)
- Models: Serialization, validation
- Discovery: Search, parsing
- Scaffolding: Generation, validation
- Config: Loading, merging
- MCP protocol compliance
- End-to-end tool calls
- Resource access
- Repository integration
- Sample YAML files
- Mock repositories
- Example configurations
Claude Desktop
↓ spawns process
content-agent (stdio mode)
↓ reads from
ComplianceAsCode/content repo
Web Client
↓ HTTP
content-agent (HTTP mode)
↓ reads from
ComplianceAsCode/content repo
Docker container
├─ content-agent
├─ content repo (volume mount)
└─ build tools
- Async job management
- Build orchestration
- Automatus integration
- Result caching
- Template-based generation
- AI-assisted content creation
- Auto-fixing validation errors
- HTTP transport
- Authentication/authorization
- Comprehensive prompts
- Audit logging
- Multi-repository support
- Collaboration features
- CI/CD integration
- Performance optimization