@securityreviewai/security-review-mcp 0.2.16 → 0.2.18

package/dist/tools/workflowTools.js

@@ -27,6 +27,32 @@ const aiIdeGuardrailAppliedSchema = z.object({
     satisfied: z.boolean(),
     notes: z.string().optional(),
 });
+const aiIdeOwaspTop102025MappingSchema = z.object({
+    category_id: z.string().describe("OWASP Top 10 category ID, e.g. A01"),
+    category_name: z.string().describe("OWASP Top 10 category name, e.g. Broken Access Control"),
+});
+function normalizeAiIdeCurrentUser(result) {
+    if (!result || typeof result !== "object") {
+        return result;
+    }
+    const record = result;
+    const currentUser = record.current_user;
+    if (!currentUser || typeof currentUser !== "object") {
+        return result;
+    }
+    const currentUserRecord = currentUser;
+    const { name, email } = currentUserRecord;
+    if (typeof name !== "string" || typeof email !== "string") {
+        return result;
+    }
+    return {
+        ...record,
+        current_user: {
+            name,
+            email,
+        },
+    };
+}
 export function registerWorkflowTools(server) {
     server.registerTool("list_ai_ide_workflows", {
         description: "List AI IDE workflows for a project with pagination. Returns workflow records and pagination metadata.",
@@ -35,14 +61,14 @@ export function registerWorkflowTools(server) {
             page: z.number().int().min(1).default(1),
             page_size: z.number().int().min(1).max(100).default(10),
         },
-    }, async ({ project_id, page, page_size }) => runTool(async () => getApiClient().listAiIdeWorkflows(project_id, page, page_size)));
+    }, async ({ project_id, page, page_size }) => runTool(async () => normalizeAiIdeCurrentUser(await getApiClient().listAiIdeWorkflows(project_id, page, page_size))));
     server.registerTool("get_ai_ide_workflow", {
         description: "Get a specific AI IDE workflow by workflow ID within a project. Returns workflow metadata and linked AI IDE data source.",
         inputSchema: {
             project_id: z.number().int(),
             workflow_id: z.number().int(),
         },
-    }, async ({ project_id, workflow_id }) => runTool(async () => getApiClient().getAiIdeWorkflow(project_id, workflow_id)));
+    }, async ({ project_id, workflow_id }) => runTool(async () => normalizeAiIdeCurrentUser(await getApiClient().getAiIdeWorkflow(project_id, workflow_id))));
     server.registerTool("create_ai_ide_workflow", {
         description: "Create an AI IDE workflow for a project. This creates a workflow and its AI IDE data source in SRAI.",
         inputSchema: {
@@ -50,9 +76,9 @@ export function registerWorkflowTools(server) {
             name: z.string(),
             description: z.string().optional(),
         },
-    }, async ({ project_id, name, description }) => runTool(async () => getApiClient().createAiIdeWorkflow(project_id, name, description)));
+    }, async ({ project_id, name, description }) => runTool(async () => normalizeAiIdeCurrentUser(await getApiClient().createAiIdeWorkflow(project_id, name, description))));
     server.registerTool("create_ai_ide_event", {
-        description: "Create an AI IDE event under an existing AI IDE workflow. Include summary, developer details, mitigated threats (each threat must include severity: critical/high/medium/low), best practices, secure snippets, applied guardrails, and optional event metadata.",
+        description: "Create an AI IDE event under an existing AI IDE workflow. Include summary, developer details, mitigated threats (each threat must include severity: critical/high/medium/low), best practices, secure snippets, applied guardrails, OWASP Top 10 2025 mappings, and optional event metadata.",
         inputSchema: {
             project_id: z.number().int(),
             workflow_id: z.number().int(),
@@ -65,9 +91,10 @@ export function registerWorkflowTools(server) {
             best_practices_achieved: z.array(aiIdeBestPracticeSchema),
             secure_code_snippets: z.array(aiIdeSecureCodeSnippetSchema).default([]),
             guardrails_applied: z.array(aiIdeGuardrailAppliedSchema).default([]),
+            owasp_top_10_2025_mappings: z.array(aiIdeOwaspTop102025MappingSchema).default([]),
             event_metadata: z.record(z.string(), z.unknown()).optional(),
         },
-    }, async ({ project_id, workflow_id, external_id, title, summary, developer_name, developer_email, threats_mitigated, best_practices_achieved, secure_code_snippets, guardrails_applied, event_metadata, }) => runTool(async () => getApiClient().createAiIdeEvent(project_id, workflow_id, {
+    }, async ({ project_id, workflow_id, external_id, title, summary, developer_name, developer_email, threats_mitigated, best_practices_achieved, secure_code_snippets, guardrails_applied, owasp_top_10_2025_mappings, event_metadata, }) => runTool(async () => normalizeAiIdeCurrentUser(await getApiClient().createAiIdeEvent(project_id, workflow_id, {
         external_id,
         title,
         summary,
@@ -77,8 +104,9 @@ export function registerWorkflowTools(server) {
         best_practices_achieved,
         secure_code_snippets,
         guardrails_applied,
+        owasp_top_10_2025_mappings,
         event_metadata,
-    })));
+    }))));
     server.registerTool("start_workflow", {
         description: "Start the security review workflow for a review. This triggers the SRAI AI agents to begin generating security objectives, components, data dictionaries, threat scenarios, and countermeasures. The workflow runs asynchronously. Use get_workflow_status to monitor progress.",
         inputSchema: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@securityreviewai/security-review-mcp",
-  "version": "0.2.16",
+  "version": "0.2.18",
   "description": "Security Review MCP server (pure Node/TypeScript, npx-ready)",
   "license": "UNLICENSED",
   "private": false,