@securityreviewai/security-review-mcp 0.2.12 → 0.2.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -2
- package/dist/api/client.js +3 -0
- package/dist/tools/projectTools.js +14 -7
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -4,7 +4,7 @@ TypeScript MCP server for [SecurityReview.ai](https://securityreview.ai), publis
|
|
|
4
4
|
|
|
5
5
|
- Pure Node runtime (no Python bootstrap)
|
|
6
6
|
- Stdio MCP server compatible with Cursor, Windsurf, Claude Desktop, ChatGPT MCP, and other MCP clients
|
|
7
|
-
-
|
|
7
|
+
- 55 tools for project/document/review/workflow/integration operations
|
|
8
8
|
- 8 built-in security-analysis prompts
|
|
9
9
|
- 4 read-only MCP resources
|
|
10
10
|
|
|
@@ -108,7 +108,7 @@ Compatibility flags (no-op, retained for older configs):
|
|
|
108
108
|
- `--python <path>`
|
|
109
109
|
- `--force-install`
|
|
110
110
|
|
|
111
|
-
## Tool Catalog (
|
|
111
|
+
## Tool Catalog (55)
|
|
112
112
|
|
|
113
113
|
### Projects
|
|
114
114
|
|
|
@@ -130,6 +130,7 @@ Compatibility flags (no-op, retained for older configs):
|
|
|
130
130
|
| `get_project_profile_security_control` | Get one security control by ID |
|
|
131
131
|
| `list_profile_compliance_requirements` | List compliance requirements in project profile |
|
|
132
132
|
| `get_profile_compliance_requirement` | Get one compliance requirement by ID |
|
|
133
|
+
| `get_guardrails` | Get vibe guardrails configured for a vibe review project |
|
|
133
134
|
| `update_vibe_project_profile` | Push/update vibe profile data (architecture notes, tech categories, user groups, compliance requirements, language stacks, description) by project ID |
|
|
134
135
|
|
|
135
136
|
### Documents
|
|
@@ -238,6 +239,7 @@ Compatibility flags (no-op, retained for older configs):
|
|
|
238
239
|
1. `create_project` (or resolve with `find_project_by_name`)
|
|
239
240
|
2. `update_vibe_project_profile` — supply any combination of `architecture_notes`, `tech_categories`, `user_groups`, `compliance_requirements`, `language_stacks`, and `description`
|
|
240
241
|
3. `get_full_project_profile` — verify the updated profile
|
|
242
|
+
4. `get_guardrails` — fetch configured guardrails for vibe review projects
|
|
241
243
|
|
|
242
244
|
### 4) Bring in Jira/Confluence Context
|
|
243
245
|
|
package/dist/api/client.js
CHANGED
|
@@ -178,6 +178,9 @@ export class SraiApiClient {
|
|
|
178
178
|
jsonBody: payload,
|
|
179
179
|
});
|
|
180
180
|
}
|
|
181
|
+
async getGuardrails(projectId) {
|
|
182
|
+
return this.request("GET", `/api/projects/${projectId}/vibe-guardrails/`);
|
|
183
|
+
}
|
|
181
184
|
async listDocuments(projectId) {
|
|
182
185
|
return this.request("GET", `/api/projects/${projectId}/documents`);
|
|
183
186
|
}
|
|
@@ -101,6 +101,12 @@ export function registerProjectTools(server) {
|
|
|
101
101
|
requirement_id: z.number().int(),
|
|
102
102
|
},
|
|
103
103
|
}, async ({ project_id, requirement_id }) => runTool(async () => getApiClient().getProjectProfileComplianceRequirement(project_id, requirement_id)));
|
|
104
|
+
server.registerTool("get_guardrails", {
|
|
105
|
+
description: "Get all vibe guardrails configured for a vibe review project. Returns each guardrail's title, rule type, category, instruction, and source references.",
|
|
106
|
+
inputSchema: {
|
|
107
|
+
project_id: z.number().int(),
|
|
108
|
+
},
|
|
109
|
+
}, async ({ project_id }) => runTool(async () => getApiClient().getGuardrails(project_id)));
|
|
104
110
|
server.registerTool("update_vibe_project_profile", {
|
|
105
111
|
description: "Push/update a project's vibe profile data by project ID. Accepts architecture notes, technology categories, user groups, compliance requirements, and other profile metadata. All fields are optional — only provided fields are sent to the API. Use this to populate or update a project profile in bulk from vibe/AI-generated context.",
|
|
106
112
|
inputSchema: {
|
|
@@ -111,17 +117,15 @@ export function registerProjectTools(server) {
|
|
|
111
117
|
.describe("List of architecture note strings describing the system design."),
|
|
112
118
|
technology_categories: z
|
|
113
119
|
.array(z.object({
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
description: z.string().optional().describe("Description of how this category is used."),
|
|
120
|
+
category_name: z.string().describe("Technology category name (e.g. 'Frontend', 'Database')."),
|
|
121
|
+
items: z.array(z.string()).optional().describe("Tools or technologies within this category."),
|
|
117
122
|
}))
|
|
118
123
|
.optional()
|
|
119
|
-
.describe("Technology categories with optional
|
|
124
|
+
.describe("Technology categories with optional item lists."),
|
|
120
125
|
user_groups: z
|
|
121
126
|
.array(z.object({
|
|
122
127
|
name: z.string().describe("Name of the user group."),
|
|
123
128
|
group_type: z.string().optional().describe("Type of the user group (e.g. 'internal', 'external')."),
|
|
124
|
-
description: z.string().optional().describe("Description of this user group."),
|
|
125
129
|
}))
|
|
126
130
|
.optional()
|
|
127
131
|
.describe("User groups that interact with the project."),
|
|
@@ -131,9 +135,12 @@ export function registerProjectTools(server) {
|
|
|
131
135
|
.describe("Compliance framework names or requirement identifiers (e.g. 'PCI-DSS', 'HIPAA', 'SOC2')."),
|
|
132
136
|
description: z.string().optional().describe("High-level description or purpose of the project profile."),
|
|
133
137
|
language_stacks: z
|
|
134
|
-
.array(z.
|
|
138
|
+
.array(z.object({
|
|
139
|
+
layer: z.string().describe("Stack layer name (e.g. 'frontend', 'backend', 'database')."),
|
|
140
|
+
languages: z.array(z.string()).optional().describe("Languages or frameworks in this layer (e.g. ['TypeScript', 'React'])."),
|
|
141
|
+
}))
|
|
135
142
|
.optional()
|
|
136
|
-
.describe("
|
|
143
|
+
.describe("Language stack nodes, each representing a layer with its languages."),
|
|
137
144
|
},
|
|
138
145
|
}, async ({ project_id, architecture_notes, technology_categories, user_groups, compliance_requirements, description, language_stacks }) => {
|
|
139
146
|
const payload = {};
|