@aegis-scan/mcp-server 0.14.0 → 0.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +90 -0
- package/package.json +3 -3
package/README.md
ADDED
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
# @aegis-scan/mcp-server
|
|
2
|
+
|
|
3
|
+
MCP (Model Context Protocol) server that exposes the AEGIS security-scanner
|
|
4
|
+
as callable tools for Claude-compatible agents: Claude Desktop, Claude Code,
|
|
5
|
+
Cursor, Continue, Zed, and any other MCP-compatible client.
|
|
6
|
+
|
|
7
|
+
Part of the [AEGIS](https://github.com/RideMatch1/a.e.g.i.s) suite — a
|
|
8
|
+
paranoid SAST scanner purpose-built for Next.js + Supabase projects. The MCP
|
|
9
|
+
server wraps the same scanner the `aegis` CLI drives, so an agent can run
|
|
10
|
+
scans, inspect findings, ask for fix-suggestions, and check compliance
|
|
11
|
+
coverage — all without leaving the chat loop.
|
|
12
|
+
|
|
13
|
+
## What it exposes
|
|
14
|
+
|
|
15
|
+
Five tools, all name-prefixed `aegis_`:
|
|
16
|
+
|
|
17
|
+
| Tool | Purpose |
|
|
18
|
+
|---|---|
|
|
19
|
+
| `aegis_scan` | Run a scan on a project directory. Modes: `scan` (fast — security, deps, quality, compliance, i18n) or `audit` (all scanners incl. DAST / accessibility / perf). |
|
|
20
|
+
| `aegis_findings` | List findings from the most recent scan. Filter by severity, scanner, or file. |
|
|
21
|
+
| `aegis_score` | Get the 0-1000 score, grade (S/A/B/C/D/F), and badge (`FORTRESS`/`HARDENED`/...) for the last scan. |
|
|
22
|
+
| `aegis_compliance` | Map findings to a compliance framework (GDPR / SOC 2 / ISO 27001 / PCI-DSS) and report per-control coverage. |
|
|
23
|
+
| `aegis_fix_suggestion` | Return an actionable fix suggestion for a specific finding-ID. |
|
|
24
|
+
|
|
25
|
+
State is per-process: `aegis_findings` / `aegis_score` / etc. operate on the
|
|
26
|
+
result of the most recent `aegis_scan` in the same MCP session.
|
|
27
|
+
|
|
28
|
+
## Install
|
|
29
|
+
|
|
30
|
+
```sh
|
|
31
|
+
# One-shot via npx (recommended for initial-try):
|
|
32
|
+
npx -y -p @aegis-scan/mcp-server aegis-mcp
|
|
33
|
+
|
|
34
|
+
# Or install globally:
|
|
35
|
+
npm install -g @aegis-scan/mcp-server
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
Node 20+ required. The server reads from stdin / writes to stdout using the
|
|
39
|
+
standard MCP stdio transport.
|
|
40
|
+
|
|
41
|
+
## Connect from Claude Desktop
|
|
42
|
+
|
|
43
|
+
Add to your `claude_desktop_config.json` (macOS:
|
|
44
|
+
`~/Library/Application Support/Claude/claude_desktop_config.json`):
|
|
45
|
+
|
|
46
|
+
```json
|
|
47
|
+
{
|
|
48
|
+
"mcpServers": {
|
|
49
|
+
"aegis": {
|
|
50
|
+
"command": "npx",
|
|
51
|
+
"args": ["-y", "-p", "@aegis-scan/mcp-server", "aegis-mcp"]
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Restart Claude Desktop. The five `aegis_*` tools appear under the
|
|
58
|
+
server name "aegis" — Claude will call them when a prompt asks for a
|
|
59
|
+
security scan, audit, or compliance check on a local repo.
|
|
60
|
+
|
|
61
|
+
## Connect from other MCP clients
|
|
62
|
+
|
|
63
|
+
- **Claude Code:** add via `claude mcp add aegis -- npx -y -p @aegis-scan/mcp-server aegis-mcp`
|
|
64
|
+
- **Cursor / Continue / Zed:** register `aegis-mcp` as an stdio server per
|
|
65
|
+
the client's MCP-config docs. Command and args match the Claude Desktop
|
|
66
|
+
snippet above.
|
|
67
|
+
|
|
68
|
+
## Scope boundary
|
|
69
|
+
|
|
70
|
+
The MCP server is a **thin wrapper** — every tool delegates to the
|
|
71
|
+
`@aegis-scan/core` + `@aegis-scan/scanners` packages. The scan-logic, the
|
|
72
|
+
scoring-rubric, and the suppression-pipeline all live in those packages.
|
|
73
|
+
For stack-specific scanner behavior (custom role-guards, boundary-column
|
|
74
|
+
aliases, CSRF middleware overrides, `criticalDeps`, etc.) configure via
|
|
75
|
+
`aegis.config.json` in the project being scanned — the MCP server reads
|
|
76
|
+
the same config the CLI does.
|
|
77
|
+
|
|
78
|
+
For a `--verbose` or non-Claude workflow, prefer the `aegis` CLI directly
|
|
79
|
+
(`npm install -g @aegis-scan/cli`).
|
|
80
|
+
|
|
81
|
+
## Links
|
|
82
|
+
|
|
83
|
+
- **Main repo + CLI:** https://github.com/RideMatch1/a.e.g.i.s
|
|
84
|
+
- **CLI on npm:** https://www.npmjs.com/package/@aegis-scan/cli
|
|
85
|
+
- **CHANGELOG:** https://github.com/RideMatch1/a.e.g.i.s/blob/main/CHANGELOG.md
|
|
86
|
+
- **MCP protocol:** https://modelcontextprotocol.io/
|
|
87
|
+
|
|
88
|
+
## License
|
|
89
|
+
|
|
90
|
+
MIT — see [LICENSE](./LICENSE) in this package.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aegis-scan/mcp-server",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.15.1",
|
|
4
4
|
"description": "AEGIS MCP server — exposes scan / findings / score / compliance / fix-suggestion tools to any Model Context Protocol agent (Claude Code, Cursor, Continue, Zed). Five registered tools: aegis_scan, aegis_findings, aegis_score, aegis_compliance, aegis_fix_suggestion.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",
|
|
@@ -45,8 +45,8 @@
|
|
|
45
45
|
"dependencies": {
|
|
46
46
|
"@modelcontextprotocol/sdk": "^1.0.0",
|
|
47
47
|
"zod": "^3.23.0",
|
|
48
|
-
"@aegis-scan/
|
|
49
|
-
"@aegis-scan/
|
|
48
|
+
"@aegis-scan/core": "0.15.1",
|
|
49
|
+
"@aegis-scan/scanners": "0.15.1"
|
|
50
50
|
},
|
|
51
51
|
"devDependencies": {
|
|
52
52
|
"@types/node": "^22.0.0",
|