@securityreviewai/security-review-mcp 0.2.9 → 0.2.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -3
- package/dist/api/client.js +5 -0
- package/dist/tools/projectTools.js +50 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -4,7 +4,7 @@ TypeScript MCP server for [SecurityReview.ai](https://securityreview.ai), publis
|
|
|
4
4
|
|
|
5
5
|
- Pure Node runtime (no Python bootstrap)
|
|
6
6
|
- Stdio MCP server compatible with Cursor, Windsurf, Claude Desktop, ChatGPT MCP, and other MCP clients
|
|
7
|
-
-
|
|
7
|
+
- 54 tools for project/document/review/workflow/integration operations
|
|
8
8
|
- 8 built-in security-analysis prompts
|
|
9
9
|
- 4 read-only MCP resources
|
|
10
10
|
|
|
@@ -108,7 +108,7 @@ Compatibility flags (no-op, retained for older configs):
|
|
|
108
108
|
- `--python <path>`
|
|
109
109
|
- `--force-install`
|
|
110
110
|
|
|
111
|
-
## Tool Catalog (
|
|
111
|
+
## Tool Catalog (54)
|
|
112
112
|
|
|
113
113
|
### Projects
|
|
114
114
|
|
|
@@ -130,6 +130,7 @@ Compatibility flags (no-op, retained for older configs):
|
|
|
130
130
|
| `get_project_profile_security_control` | Get one security control by ID |
|
|
131
131
|
| `list_profile_compliance_requirements` | List compliance requirements in project profile |
|
|
132
132
|
| `get_profile_compliance_requirement` | Get one compliance requirement by ID |
|
|
133
|
+
| `update_vibe_project_profile` | Push/update vibe profile data (architecture notes, tech categories, user groups, compliance requirements, language stacks, description) by project ID |
|
|
133
134
|
|
|
134
135
|
### Documents
|
|
135
136
|
|
|
@@ -232,7 +233,13 @@ Compatibility flags (no-op, retained for older configs):
|
|
|
232
233
|
4. `start_workflow`
|
|
233
234
|
5. `get_workflow_status`
|
|
234
235
|
|
|
235
|
-
### 3)
|
|
236
|
+
### 3) Populate a Project Profile from Vibe/AI Context
|
|
237
|
+
|
|
238
|
+
1. `create_project` (or resolve with `find_project_by_name`)
|
|
239
|
+
2. `update_vibe_project_profile` — supply any combination of `architecture_notes`, `tech_categories`, `user_groups`, `compliance_requirements`, `language_stacks`, and `description`
|
|
240
|
+
3. `get_full_project_profile` — verify the updated profile
|
|
241
|
+
|
|
242
|
+
### 4) Bring in Jira/Confluence Context
|
|
236
243
|
|
|
237
244
|
1. `fetch_jira_issue` or `fetch_confluence_page`
|
|
238
245
|
2. `link_external_document` or `fetch_and_link_to_srai`
|
package/dist/api/client.js
CHANGED
|
@@ -173,6 +173,11 @@ export class SraiApiClient {
|
|
|
173
173
|
async getProjectProfileComplianceRequirement(projectId, requirementId) {
|
|
174
174
|
return this.request("GET", `/api/projects/${projectId}/profile/compliance-requirements/${requirementId}`);
|
|
175
175
|
}
|
|
176
|
+
async updateVibeProjectProfile(projectId, payload) {
|
|
177
|
+
return this.request("PATCH", `/api/projects/${projectId}/profile`, {
|
|
178
|
+
jsonBody: payload,
|
|
179
|
+
});
|
|
180
|
+
}
|
|
176
181
|
async listDocuments(projectId) {
|
|
177
182
|
return this.request("GET", `/api/projects/${projectId}/documents`);
|
|
178
183
|
}
|
|
@@ -101,4 +101,54 @@ export function registerProjectTools(server) {
|
|
|
101
101
|
requirement_id: z.number().int(),
|
|
102
102
|
},
|
|
103
103
|
}, async ({ project_id, requirement_id }) => runTool(async () => getApiClient().getProjectProfileComplianceRequirement(project_id, requirement_id)));
|
|
104
|
+
server.registerTool("update_vibe_project_profile", {
|
|
105
|
+
description: "Push/update a project's vibe profile data by project ID. Accepts architecture notes, technology categories, user groups, compliance requirements, and other profile metadata. All fields are optional — only provided fields are sent to the API. Use this to populate or update a project profile in bulk from vibe/AI-generated context.",
|
|
106
|
+
inputSchema: {
|
|
107
|
+
project_id: z.number().int().describe("The ID of the project whose profile should be updated."),
|
|
108
|
+
architecture_notes: z
|
|
109
|
+
.array(z.string())
|
|
110
|
+
.optional()
|
|
111
|
+
.describe("List of architecture note strings describing the system design."),
|
|
112
|
+
tech_categories: z
|
|
113
|
+
.array(z.object({
|
|
114
|
+
name: z.string().describe("Technology category name (e.g. 'Frontend', 'Database')."),
|
|
115
|
+
tools: z.array(z.string()).optional().describe("Tools or technologies within this category."),
|
|
116
|
+
description: z.string().optional().describe("Description of how this category is used."),
|
|
117
|
+
}))
|
|
118
|
+
.optional()
|
|
119
|
+
.describe("Technology categories with optional tools and descriptions."),
|
|
120
|
+
user_groups: z
|
|
121
|
+
.array(z.object({
|
|
122
|
+
name: z.string().describe("Name of the user group."),
|
|
123
|
+
group_type: z.string().optional().describe("Type of the user group (e.g. 'internal', 'external')."),
|
|
124
|
+
description: z.string().optional().describe("Description of this user group."),
|
|
125
|
+
}))
|
|
126
|
+
.optional()
|
|
127
|
+
.describe("User groups that interact with the project."),
|
|
128
|
+
compliance_requirements: z
|
|
129
|
+
.array(z.string())
|
|
130
|
+
.optional()
|
|
131
|
+
.describe("Compliance framework names or requirement identifiers (e.g. 'PCI-DSS', 'HIPAA', 'SOC2')."),
|
|
132
|
+
description: z.string().optional().describe("High-level description or purpose of the project profile."),
|
|
133
|
+
language_stacks: z
|
|
134
|
+
.array(z.string())
|
|
135
|
+
.optional()
|
|
136
|
+
.describe("Programming languages and frameworks used (e.g. 'Python/Django', 'TypeScript/React')."),
|
|
137
|
+
},
|
|
138
|
+
}, async ({ project_id, architecture_notes, tech_categories, user_groups, compliance_requirements, description, language_stacks }) => {
|
|
139
|
+
const payload = {};
|
|
140
|
+
if (architecture_notes !== undefined)
|
|
141
|
+
payload.architecture_notes = architecture_notes;
|
|
142
|
+
if (tech_categories !== undefined)
|
|
143
|
+
payload.tech_categories = tech_categories;
|
|
144
|
+
if (user_groups !== undefined)
|
|
145
|
+
payload.user_groups = user_groups;
|
|
146
|
+
if (compliance_requirements !== undefined)
|
|
147
|
+
payload.compliance_requirements = compliance_requirements;
|
|
148
|
+
if (description !== undefined)
|
|
149
|
+
payload.description = description;
|
|
150
|
+
if (language_stacks !== undefined)
|
|
151
|
+
payload.language_stacks = language_stacks;
|
|
152
|
+
return runTool(async () => getApiClient().updateVibeProjectProfile(project_id, payload));
|
|
153
|
+
});
|
|
104
154
|
}
|