@securityreviewai/security-review-mcp 0.2.17 → 0.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/tools/workflowTools.js +8 -2
  2. package/package.json +1 -1
package/dist/tools/workflowTools.js CHANGED
@@ -27,6 +27,10 @@ const aiIdeGuardrailAppliedSchema = z.object({
27
27
  satisfied: z.boolean(),
28
28
  notes: z.string().optional(),
29
29
  });
30
+ const aiIdeOwaspTop102025MappingSchema = z.object({
31
+ category_id: z.string().describe("OWASP Top 10 category ID, e.g. A01"),
32
+ category_name: z.string().describe("OWASP Top 10 category name, e.g. Broken Access Control"),
33
+ });
30
34
  function normalizeAiIdeCurrentUser(result) {
31
35
  if (!result || typeof result !== "object") {
32
36
  return result;
@@ -74,7 +78,7 @@ export function registerWorkflowTools(server) {
74
78
  },
75
79
  }, async ({ project_id, name, description }) => runTool(async () => normalizeAiIdeCurrentUser(await getApiClient().createAiIdeWorkflow(project_id, name, description))));
76
80
  server.registerTool("create_ai_ide_event", {
77
- description: "Create an AI IDE event under an existing AI IDE workflow. Include summary, developer details, mitigated threats (each threat must include severity: critical/high/medium/low), best practices, secure snippets, applied guardrails, and optional event metadata.",
81
+ description: "Create an AI IDE event under an existing AI IDE workflow. Include summary, developer details, mitigated threats (each threat must include severity: critical/high/medium/low), best practices, secure snippets, applied guardrails, OWASP Top 10 2025 mappings, and optional event metadata.",
78
82
  inputSchema: {
79
83
  project_id: z.number().int(),
80
84
  workflow_id: z.number().int(),
@@ -87,9 +91,10 @@ export function registerWorkflowTools(server) {
87
91
  best_practices_achieved: z.array(aiIdeBestPracticeSchema),
88
92
  secure_code_snippets: z.array(aiIdeSecureCodeSnippetSchema).default([]),
89
93
  guardrails_applied: z.array(aiIdeGuardrailAppliedSchema).default([]),
94
+ owasp_top_10_2025_mappings: z.array(aiIdeOwaspTop102025MappingSchema).default([]),
90
95
  event_metadata: z.record(z.string(), z.unknown()).optional(),
91
96
  },
92
- }, async ({ project_id, workflow_id, external_id, title, summary, developer_name, developer_email, threats_mitigated, best_practices_achieved, secure_code_snippets, guardrails_applied, event_metadata, }) => runTool(async () => normalizeAiIdeCurrentUser(await getApiClient().createAiIdeEvent(project_id, workflow_id, {
97
+ }, async ({ project_id, workflow_id, external_id, title, summary, developer_name, developer_email, threats_mitigated, best_practices_achieved, secure_code_snippets, guardrails_applied, owasp_top_10_2025_mappings, event_metadata, }) => runTool(async () => normalizeAiIdeCurrentUser(await getApiClient().createAiIdeEvent(project_id, workflow_id, {
93
98
  external_id,
94
99
  title,
95
100
  summary,
@@ -99,6 +104,7 @@ export function registerWorkflowTools(server) {
99
104
  best_practices_achieved,
100
105
  secure_code_snippets,
101
106
  guardrails_applied,
107
+ owasp_top_10_2025_mappings,
102
108
  event_metadata,
103
109
  }))));
104
110
  server.registerTool("start_workflow", {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@securityreviewai/security-review-mcp",
3
- "version": "0.2.17",
3
+ "version": "0.2.18",
4
4
  "description": "Security Review MCP server (pure Node/TypeScript, npx-ready)",
5
5
  "license": "UNLICENSED",
6
6
  "private": false,