| name | documentation-standards |
| description | Clear technical documentation with JSDoc, READMEs, Mermaid diagrams, ISMS policy references, and comprehensive code examples |
| license | MIT |
Documentation Standards Skill
Context
This skill applies when:
- Writing or updating README files
- Documenting APIs, functions, or MCP tools
- Creating architecture or design documentation
- Adding JSDoc comments to TypeScript code
- Creating diagrams for system architecture or flows
- Documenting security policies and compliance
- Writing user guides or integration tutorials
- Creating contribution guidelines
Rules
- Document Security Context: All security-related code must reference ISMS policies in documentation
- Use JSDoc for Public APIs: All exported functions, classes, and interfaces must have JSDoc comments
- Include Type Information: JSDoc comments must include
@param and @returns with TypeScript types
- Provide Examples: All public APIs must include code examples showing correct usage
- Document Exceptions: Use
@throws to document all possible exceptions and error conditions
- Use Mermaid for Diagrams: Create flowcharts, sequence diagrams, and architecture diagrams using Mermaid
- Keep READMEs Current: Update README.md when adding features, changing setup, or modifying architecture
- Write for Beginners: Assume readers are unfamiliar with the codebase - explain context and rationale
- Link to External Docs: Reference official documentation for MCP protocol, European Parliament APIs, and standards
- Document Decisions: Use Architecture Decision Records (ADRs) for significant technical decisions
- Security First: Document threat models, security controls, and compliance requirements
- Show Anti-Patterns: Include examples of incorrect usage to prevent common mistakes
- Maintain Changelog: Keep CHANGELOG.md updated following Keep a Changelog format
- Version Documentation: Clearly state which version of the code the documentation applies to
- Accessibility: Use semantic markdown, descriptive link text, and alt text for images
Examples
✅ Good Pattern: Comprehensive JSDoc for MCP Tool
export async function searchDocuments(
query: SearchQuery,
options?: SearchOptions
): Promise<SearchResult> {
}
✅ Good Pattern: README with Security Context
# European Parliament MCP Server
> Model Context Protocol server providing access to European Parliament open data
[](https://github.com/Hack23/European-Parliament-MCP-Server/actions)
[](LICENSE.md)
[](https://codecov.io/gh/Hack23/European-Parliament-MCP-Server)
## 🔒 Security & Compliance
This project implements security controls aligned with [Hack23 AB's ISMS](https://github.com/Hack23/ISMS-PUBLIC):
- **ISO 27001:2022** - Information security management
- **NIST CSF 2.0** - Cybersecurity framework
- **CIS Controls v8.1** - Security best practices
- **OWASP API Security Top 10** - API security
For detailed security information, see [SECURITY.md](SECURITY.md).
## 🚀 Quick Start
### Prerequisites
- Node.js 20.x or later
- npm 10.x or later
- MCP-compatible client (Claude Desktop, VS Code with MCP extension)
### Installation
\`\`\`bash
# Clone repository
git clone https://github.com/Hack23/European-Parliament-MCP-Server.git
cd European-Parliament-MCP-Server
# Install dependencies
npm install
# Build the project
npm run build
# Run tests
npm test
\`\`\`
### Configuration
Create a configuration file for your MCP client:
\`\`\`json
{
"mcpServers": {
"european-parliament": {
"command": "node",
"args": ["path/to/build/index.js"],
"env": {
"LOG_LEVEL": "info"
}
}
}
}
\`\`\`
## 📦 Available Scripts
| Script | Description | ISMS Policy |
|--------|-------------|-------------|
| `npm run build` | Production build | SC-001 |
| `npm run dev` | Development mode with watch | - |
| `npm run lint` | Run ESLint | SC-002 |
| `npm test` | Run unit tests | SC-002 |
| `npm run test:integration` | Run integration tests | SC-002 |
| `npm run coverage` | Generate coverage report | SC-002 |
| `npm audit` | Check dependencies for vulnerabilities | SC-003 |
## 🏗️ Architecture
\`\`\`mermaid
graph TB
A[MCP Client] -->|Request| B[MCP Server]
B -->|Parse| C[Request Handler]
C -->|Validate| D[Input Validator]
D -->|Query| E[European Parliament API]
E -->|Response| F[Data Transformer]
F -->|Format| G[MCP Response]
G -->|Return| A
C -->|Log| H[Audit Logger]
C -->|Check| I[Rate Limiter]
style B fill:#4A90E2
style D fill:#E8A631
style H fill:#50C878
style I fill:#E85D75
\`\`\`
## 🔧 MCP Tools
### search_documents
Search European Parliament documents by keywords and filters.
\`\`\`typescript
const result = await client.callTool('search_documents', {
keywords: 'climate change',
documentType: 'REPORT',
limit: 10
});
\`\`\`
### get_document
Retrieve a specific document by ID.
\`\`\`typescript
const document = await client.callTool('get_document', {
documentId: 'EP-1234567'
});
\`\`\`
See [API Documentation](docs/API.md) for complete tool reference.
## 🧪 Testing
We maintain 80%+ code coverage with three testing layers:
1. **Unit Tests** (Vitest) - Individual function testing
2. **Integration Tests** (Vitest) - API integration testing
3. **E2E Tests** - Full MCP protocol flow testing
\`\`\`bash
# Run all tests with coverage
npm run coverage
# Run specific test file
npm test -- search.test.ts
# Run tests in watch mode
npm test -- --watch
\`\`\`
## 📊 Code Quality
| Metric | Target | Current |
|--------|--------|---------|
| Code Coverage | ≥ 80% | 85% |
| TypeScript Strict | ✅ Enabled | ✅ |
| Security Headers | ✅ All | ✅ |
| API Response Time | < 500ms | 350ms |
## 🔐 Security
### Reporting Vulnerabilities
See [SECURITY.md](SECURITY.md) for vulnerability reporting process.
### Security Features
- ✅ Input validation and sanitization
- ✅ Rate limiting (100 requests per 15 minutes)
- ✅ Audit logging for all operations
- ✅ Dependency scanning (npm audit)
- ✅ License compliance checking
## 📝 License
MIT License - see [LICENSE.md](LICENSE.md) file for details.
## 🤝 Contributing
See [CONTRIBUTING.md](CONTRIBUTING.md) for contribution guidelines.
## 📚 Documentation
- [API Reference](docs/API.md)
- [MCP Protocol Guide](docs/MCP_PROTOCOL.md)
- [Architecture Decision Records](docs/adr/)
- [Security Documentation](SECURITY.md)
✅ Good Pattern: Mermaid Diagram for MCP Flow
## MCP Request Flow
\`\`\`mermaid
sequenceDiagram
participant C as MCP Client
participant S as MCP Server
participant V as Validator
participant A as EP API
participant L as Logger
C->>S: search_documents request
S->>V: Validate input
alt Invalid Input
V-->>S: ValidationError
S-->>C: Error response
else Valid Input
V-->>S: Validated query
S->>A: HTTP GET /documents
A-->>S: JSON response
S->>L: Log request
S-->>C: MCP response
end
Note over L: ISMS Policy AC-001<br/>Audit logging
Note over A: Rate limit: 100/15min
\`\`\`
✅ Good Pattern: Architecture Decision Record
# ADR-001: Use MCP Protocol for European Parliament Data Access
## Status
Accepted
## Context
We need to provide structured access to European Parliament open data for AI applications. Options considered:
1. REST API wrapper
2. GraphQL API
3. Model Context Protocol (MCP) server
## Decision
We will use MCP protocol to expose European Parliament data.
## Rationale
### Pros
- **AI-First Design**: MCP is designed specifically for AI assistants
- **Standardization**: Industry-standard protocol (Anthropic, et al.)
- **Type Safety**: Built-in schema validation and TypeScript support
- **Extensibility**: Easy to add new tools and capabilities
- **Security**: Built-in authentication and rate limiting support
### Cons
- **Newer Protocol**: Less established than REST/GraphQL
- **Limited Tooling**: Fewer debugging tools available
- **Client Support**: Requires MCP-compatible clients
## Security Implications
- MCP protocol provides structured security boundaries
- Input validation enforced by protocol schema
- ISMS Policy SC-001 (Secure Configuration) compliance maintained
- Rate limiting prevents abuse per ISMS Policy AC-002
## Consequences
- Developers must learn MCP protocol patterns
- Testing strategy includes MCP-specific integration tests
- Documentation must cover both MCP concepts and European Parliament APIs
- Client applications must support MCP protocol
## References
- [MCP Protocol Specification](https://modelcontextprotocol.io/)
- [European Parliament Open Data](https://data.europarl.europa.eu/)
- [ISMS Information Security Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Information_Security_Policy.md)
- [ISMS Secure Development Policy](https://github.com/Hack23/ISMS-PUBLIC/blob/main/Secure_Development_Policy.md)
## Date
2025-01-08
## Author
Development Team
❌ Bad Pattern: Missing Context
function search(query: any): any {
}
❌ Bad Pattern: No Examples
export async function queryParliamentaryDocuments(
keywords: string,
documentTypes: string[],
dateRange: DateRange,
pagination: PaginationOptions,
filters: DocumentFilters
): Promise<QueryResult> {
}
❌ Bad Pattern: Outdated README
# European Parliament MCP Server
Run `npm start` to start. <!-- Wrong command! -->
## Features
- Document search <!-- Actually implemented -->
- Member voting records <!-- Not implemented yet -->
- Real-time plenary sessions <!-- Removed 6 months ago -->
❌ Bad Pattern: No Security Documentation
export function validateApiKey(key: string): boolean {
return checkKey(key);
}
References
Documentation Standards
Diagram Tools
Markdown
Architecture
MCP Protocol
Remember
- Security Context: Always reference ISMS policies in security-related documentation
- Code Examples: Every public API needs working code examples
- Keep Current: Documentation should be updated with code changes
- Mermaid Diagrams: Use Mermaid for visual documentation - it's version-controlled and maintainable
- JSDoc Everything: All exported functions, classes, and interfaces need JSDoc
- Write for Beginners: Assume readers are new to the codebase
- Link to Policies: Reference external ISMS policies and compliance frameworks
- Show Anti-Patterns: Document what NOT to do to prevent mistakes
- Accessibility: Use semantic markdown and descriptive text
- ADRs for Decisions: Document significant architectural decisions
- Changelog: Maintain CHANGELOG.md following Keep a Changelog format
- Version Docs: Clearly state which version documentation applies to
- Examples Over Words: Show don't tell - code examples are more valuable than prose
- Test Documentation: Verify code examples actually work
- MCP Protocol: Document MCP-specific patterns and tool schemas
- European Parliament Context: Reference official EP API documentation