@securityreviewai/security-review-mcp 0.2.9

package/dist/bin/security-review-mcp.js

@@ -0,0 +1,172 @@
+#!/usr/bin/env node
+import path from "node:path";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { createServer } from "../server.js";
+import { loadDefaultEnvFile, loadEnvFile } from "../utils/env.js";
+function fail(message, code = 1) {
+    process.stderr.write(`${message}\n`);
+    process.exit(code);
+}
+function parseArgs(argv) {
+    const parsed = {};
+    for (let index = 0; index < argv.length; index += 1) {
+        const arg = argv[index];
+        if (!arg) {
+            continue;
+        }
+        if (!arg.startsWith("--")) {
+            continue;
+        }
+        const key = arg.slice(2);
+        if (key === "help") {
+            parsed.help = true;
+            continue;
+        }
+        if (key === "print-config") {
+            parsed.printConfig = true;
+            continue;
+        }
+        if (key === "force-install") {
+            parsed.forceInstall = true;
+            continue;
+        }
+        const value = argv[index + 1];
+        if (!value || value.startsWith("--")) {
+            fail(`Missing value for --${key}`);
+        }
+        switch (key) {
+            case "env-file":
+                parsed.envFile = value;
+                break;
+            case "api-url":
+                parsed.apiUrl = value;
+                break;
+            case "api-token":
+                parsed.apiToken = value;
+                break;
+            case "jira-base-url":
+                parsed.jiraBaseUrl = value;
+                break;
+            case "jira-email":
+                parsed.jiraEmail = value;
+                break;
+            case "jira-api-token":
+                parsed.jiraApiToken = value;
+                break;
+            case "confluence-base-url":
+                parsed.confluenceBaseUrl = value;
+                break;
+            case "confluence-email":
+                parsed.confluenceEmail = value;
+                break;
+            case "confluence-api-token":
+                parsed.confluenceApiToken = value;
+                break;
+            case "python":
+                parsed.python = value;
+                break;
+            default:
+                fail(`Unknown option --${key}`);
+        }
+        index += 1;
+    }
+    return parsed;
+}
+function printHelp() {
+    process.stdout.write([
+        "Security Review MCP server",
+        "",
+        "Usage:",
+        "  security-review-mcp --api-url <url> --api-token <token> [options]",
+        "",
+        "Options:",
+        "  --api-url <url>          API base URL (or use env SECURITY_REVIEW_API_URL)",
+        "  --api-token <token>      API token (or use env SECURITY_REVIEW_API_TOKEN)",
+        "  --env-file <path>        Optional .env file path (default: ./.env if present)",
+        "  --jira-base-url <url>    Optional Jira base URL",
+        "  --jira-email <email>     Optional Jira user email",
+        "  --jira-api-token <token> Optional Jira API token",
+        "  --confluence-base-url <url>    Optional Confluence base URL",
+        "  --confluence-email <email>      Optional Confluence user email",
+        "  --confluence-api-token <token>  Optional Confluence API token",
+        "  --print-config           Print example MCP client config and exit",
+        "  --help                   Show this help message",
+        "",
+        "Deprecated no-op flags (kept for compatibility):",
+        "  --python <path>",
+        "  --force-install",
+        "",
+    ].join("\n"));
+}
+function printConfig() {
+    process.stdout.write(`${JSON.stringify({
+        mcpServers: {
+            "security-review-mcp": {
+                command: "npx",
+                args: ["-y", "security-review-mcp"],
+                env: {
+                    SECURITY_REVIEW_API_URL: "https://api.example.com",
+                    SECURITY_REVIEW_API_TOKEN: "YOUR_TOKEN",
+                },
+            },
+        },
+    }, null, 2)}\n`);
+}
+function applyArgsToEnv(args, env) {
+    if (args.apiUrl) {
+        env.SECURITY_REVIEW_API_URL = args.apiUrl;
+    }
+    if (args.apiToken) {
+        env.SECURITY_REVIEW_API_TOKEN = args.apiToken;
+    }
+    if (args.jiraBaseUrl) {
+        env.JIRA_BASE_URL = args.jiraBaseUrl;
+    }
+    if (args.jiraEmail) {
+        env.JIRA_EMAIL = args.jiraEmail;
+    }
+    if (args.jiraApiToken) {
+        env.JIRA_API_TOKEN = args.jiraApiToken;
+    }
+    if (args.confluenceBaseUrl) {
+        env.CONFLUENCE_BASE_URL = args.confluenceBaseUrl;
+    }
+    if (args.confluenceEmail) {
+        env.CONFLUENCE_EMAIL = args.confluenceEmail;
+    }
+    if (args.confluenceApiToken) {
+        env.CONFLUENCE_API_TOKEN = args.confluenceApiToken;
+    }
+}
+async function main() {
+    const args = parseArgs(process.argv.slice(2));
+    if (args.help) {
+        printHelp();
+        return;
+    }
+    if (args.printConfig) {
+        printConfig();
+        return;
+    }
+    loadDefaultEnvFile(process.cwd(), process.env);
+    if (args.envFile) {
+        loadEnvFile(path.resolve(process.cwd(), args.envFile), process.env);
+    }
+    applyArgsToEnv(args, process.env);
+    const apiUrl = process.env.SECURITY_REVIEW_API_URL || process.env.SRAI_API_URL;
+    const apiToken = process.env.SECURITY_REVIEW_API_TOKEN || process.env.SRAI_API_TOKEN;
+    if (!apiUrl) {
+        fail("Missing API URL. Pass --api-url or set SECURITY_REVIEW_API_URL.");
+    }
+    if (!apiToken) {
+        fail("Missing API token. Pass --api-token or set SECURITY_REVIEW_API_TOKEN.");
+    }
+    process.env.SRAI_API_URL = apiUrl;
+    process.env.SRAI_API_TOKEN = apiToken;
+    const server = createServer();
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch((error) => {
+    fail(`Failed to launch MCP server: ${error instanceof Error ? error.message : String(error)}`);
+});

package/dist/index.js

@@ -0,0 +1 @@
+export { createServer } from "./server.js";

package/dist/integrations/confluenceClient.js

@@ -0,0 +1,161 @@
+export class ConfluenceClient {
+    baseUrl;
+    email;
+    apiToken;
+    constructor(baseUrl, email, apiToken) {
+        let configuredBaseUrl = (baseUrl || process.env.CONFLUENCE_BASE_URL || "").replace(/\/+$/u, "");
+        if (configuredBaseUrl.endsWith("/wiki")) {
+            configuredBaseUrl = configuredBaseUrl.slice(0, -5);
+        }
+        this.baseUrl = configuredBaseUrl;
+        this.email = email || process.env.CONFLUENCE_EMAIL || "";
+        this.apiToken = apiToken || process.env.CONFLUENCE_API_TOKEN || "";
+    }
+    get isConfigured() {
+        return Boolean(this.baseUrl && this.email && this.apiToken);
+    }
+    authHeader() {
+        return `Basic ${Buffer.from(`${this.email}:${this.apiToken}`).toString("base64")}`;
+    }
+    async fetchPage(pageId) {
+        if (!this.isConfigured) {
+            return {
+                error: "Confluence integration not configured. Set CONFLUENCE_BASE_URL, CONFLUENCE_EMAIL, CONFLUENCE_API_TOKEN.",
+            };
+        }
+        const headers = {
+            Accept: "application/json",
+            Authorization: this.authHeader(),
+        };
+        const v2Url = `${this.baseUrl}/wiki/api/v2/pages/${pageId}?body-format=storage`;
+        const v2Resp = await fetch(v2Url, { headers });
+        if (v2Resp.status === 200) {
+            const data = (await v2Resp.json());
+            const body = asRecord(data.body);
+            const storage = asRecord(body.storage);
+            const htmlBody = asString(storage.value) || asString(body.value);
+            return {
+                id: asString(data.id) || pageId,
+                title: asString(data.title),
+                space_id: data.spaceId,
+                content: htmlToText(htmlBody),
+                version: asRecord(data.version).number,
+                url: `${this.baseUrl}/wiki${asString(asRecord(data._links).webui)}`,
+            };
+        }
+        const v1Url = `${this.baseUrl}/wiki/rest/api/content/${pageId}?expand=body.storage,body.view,space,version,ancestors`;
+        const v1Resp = await fetch(v1Url, { headers });
+        if (v1Resp.status !== 200) {
+            return {
+                error: `Confluence API returned v2=${v2Resp.status} and v1=${v1Resp.status}. v1 response: ${await v1Resp.text()}`,
+            };
+        }
+        const data = (await v1Resp.json());
+        const body = asRecord(data.body);
+        const htmlBody = asString(asRecord(body.storage).value) || asString(asRecord(body.view).value);
+        return {
+            id: data.id,
+            title: asString(data.title),
+            space_key: asString(asRecord(data.space).key),
+            space_name: asString(asRecord(data.space).name),
+            content: htmlToText(htmlBody),
+            version: asRecord(data.version).number,
+            url: `${this.baseUrl}/wiki${asString(asRecord(data._links).webui)}`,
+        };
+    }
+    async fetchPageByUrl(pageUrl) {
+        const byQuery = /pageId=(\d+)/u.exec(pageUrl);
+        if (byQuery) {
+            const pageId = byQuery[1];
+            if (pageId) {
+                return this.fetchPage(pageId);
+            }
+        }
+        const byPath = /\/pages\/(\d+)/u.exec(pageUrl);
+        if (byPath) {
+            const pageId = byPath[1];
+            if (pageId) {
+                return this.fetchPage(pageId);
+            }
+        }
+        return { error: `Could not extract page ID from URL: ${pageUrl}` };
+    }
+    async searchPages(cql, limit = 10, includeContent = true) {
+        if (!this.isConfigured) {
+            return {
+                error: "Confluence integration not configured. Set CONFLUENCE_BASE_URL, CONFLUENCE_EMAIL, CONFLUENCE_API_TOKEN.",
+            };
+        }
+        const safeLimit = Math.max(1, Math.min(limit, 25));
+        const query = new URLSearchParams({
+            cql,
+            limit: String(safeLimit),
+            expand: includeContent ? "body.storage,space,version" : "space,version",
+        });
+        const url = `${this.baseUrl}/wiki/rest/api/content/search?${query.toString()}`;
+        const response = await fetch(url, {
+            headers: {
+                Accept: "application/json",
+                Authorization: this.authHeader(),
+            },
+        });
+        if (response.status !== 200) {
+            return {
+                error: `Confluence search API returned ${response.status}: ${await response.text()}`,
+            };
+        }
+        const data = (await response.json());
+        const resultsRaw = Array.isArray(data.results) ? data.results : [];
+        const results = resultsRaw.map((rawItem) => {
+            const item = asRecord(rawItem);
+            const body = asRecord(item.body);
+            const htmlBody = asString(asRecord(asRecord(body.storage)).value);
+            const webui = asString(asRecord(item._links).webui);
+            return {
+                id: item.id,
+                title: asString(item.title),
+                space_key: asString(asRecord(item.space).key),
+                space_name: asString(asRecord(item.space).name),
+                version: asRecord(item.version).number,
+                url: webui ? `${this.baseUrl}/wiki${webui}` : "",
+                content: includeContent ? htmlToText(htmlBody) : "",
+            };
+        });
+        return {
+            cql,
+            count: results.length,
+            results,
+            next: asRecord(data._links).next,
+        };
+    }
+}
+function htmlToText(html) {
+    let text = html;
+    text = text.replace(/<br\s*\/?>/giu, "\n");
+    text = text.replace(/<p[^>]*>/giu, "\n");
+    text = text.replace(/<\/p>/giu, "\n");
+    text = text.replace(/<h[1-6][^>]*>/giu, "\n## ");
+    text = text.replace(/<\/h[1-6]>/giu, "\n");
+    text = text.replace(/<li[^>]*>/giu, "  - ");
+    text = text.replace(/<[^>]+>/giu, "");
+    text = text.replace(/\n{3,}/gu, "\n\n");
+    return decodeHtmlEntities(text).trim();
+}
+function decodeHtmlEntities(value) {
+    return value
+        .replace(/&nbsp;/giu, " ")
+        .replace(/&amp;/giu, "&")
+        .replace(/&lt;/giu, "<")
+        .replace(/&gt;/giu, ">")
+        .replace(/&quot;/giu, "\"")
+        .replace(/&#39;/giu, "'");
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null;
+}
+function asRecord(value) {
+    return isRecord(value) ? value : {};
+}
+function asString(value) {
+    return value === undefined || value === null ? "" : String(value);
+}

package/dist/integrations/jiraClient.js

@@ -0,0 +1,133 @@
+export class JiraClient {
+    baseUrl;
+    email;
+    apiToken;
+    constructor(baseUrl, email, apiToken) {
+        this.baseUrl = (baseUrl || process.env.JIRA_BASE_URL || "").replace(/\/+$/u, "");
+        this.email = email || process.env.JIRA_EMAIL || "";
+        this.apiToken = apiToken || process.env.JIRA_API_TOKEN || "";
+    }
+    get isConfigured() {
+        return Boolean(this.baseUrl && this.email && this.apiToken);
+    }
+    async fetchIssue(issueId) {
+        if (!this.isConfigured) {
+            return {
+                error: "Jira integration not configured. Set JIRA_BASE_URL, JIRA_EMAIL, JIRA_API_TOKEN.",
+            };
+        }
+        const url = `${this.baseUrl}/rest/api/3/issue/${issueId}`;
+        const response = await fetch(url, {
+            headers: {
+                Accept: "application/json",
+                Authorization: `Basic ${Buffer.from(`${this.email}:${this.apiToken}`).toString("base64")}`,
+            },
+        });
+        if (response.status !== 200) {
+            return {
+                error: `Jira API returned ${response.status}: ${await response.text()}`,
+            };
+        }
+        const data = (await response.json());
+        const fields = asRecord(data.fields);
+        const rawDescription = fields.description;
+        const description = isRecord(rawDescription) && Array.isArray(rawDescription.content)
+            ? adfToText(rawDescription)
+            : String(rawDescription ?? "");
+        return {
+            key: asString(data.key),
+            summary: asString(fields.summary),
+            description,
+            status: asString(asRecord(fields.status).name),
+            issue_type: asString(asRecord(fields.issuetype).name),
+            priority: asString(asRecord(fields.priority).name),
+            labels: Array.isArray(fields.labels) ? fields.labels : [],
+            components: Array.isArray(fields.components)
+                ? fields.components.map((component) => asString(asRecord(component).name)).filter(Boolean)
+                : [],
+            acceptance_criteria: extractAcceptanceCriteria(fields),
+            comments: extractComments(fields),
+        };
+    }
+}
+function adfToText(adf) {
+    const parts = [];
+    const content = Array.isArray(adf.content) ? adf.content : [];
+    for (const rawNode of content) {
+        const node = asRecord(rawNode);
+        const type = asString(node.type);
+        if (type === "paragraph") {
+            const inner = Array.isArray(node.content) ? node.content : [];
+            for (const rawItem of inner) {
+                const item = asRecord(rawItem);
+                if (asString(item.type) === "text") {
+                    parts.push(asString(item.text));
+                }
+            }
+            parts.push("\n");
+            continue;
+        }
+        if (type === "heading") {
+            const inner = Array.isArray(node.content) ? node.content : [];
+            for (const rawItem of inner) {
+                const item = asRecord(rawItem);
+                if (asString(item.type) === "text") {
+                    parts.push(`\n## ${asString(item.text)}\n`);
+                }
+            }
+            continue;
+        }
+        if (type === "bulletList") {
+            const listItems = Array.isArray(node.content) ? node.content : [];
+            for (const rawListItem of listItems) {
+                const listItem = asRecord(rawListItem);
+                const paragraphs = Array.isArray(listItem.content) ? listItem.content : [];
+                for (const rawParagraph of paragraphs) {
+                    const paragraph = asRecord(rawParagraph);
+                    const tokens = Array.isArray(paragraph.content) ? paragraph.content : [];
+                    for (const rawToken of tokens) {
+                        const token = asRecord(rawToken);
+                        if (asString(token.type) === "text") {
+                            parts.push(`  - ${asString(token.text)}\n`);
+                        }
+                    }
+                }
+            }
+        }
+    }
+    return parts.join("").trim();
+}
+function extractAcceptanceCriteria(fields) {
+    for (const [key, value] of Object.entries(fields)) {
+        if (!key.toLowerCase().includes("acceptance")) {
+            continue;
+        }
+        if (isRecord(value)) {
+            return adfToText(value);
+        }
+        return value === undefined || value === null ? "" : String(value);
+    }
+    return "";
+}
+function extractComments(fields) {
+    const commentData = asRecord(fields.comment);
+    const rawComments = Array.isArray(commentData.comments) ? commentData.comments.slice(0, 10) : [];
+    return rawComments.map((rawComment) => {
+        const comment = asRecord(rawComment);
+        const body = comment.body;
+        return {
+            author: asString(asRecord(comment.author).displayName) || "Unknown",
+            body: isRecord(body) ? adfToText(body) : asString(body),
+            created: asString(comment.created),
+        };
+    });
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null;
+}
+function asRecord(value) {
+    return isRecord(value) ? value : {};
+}
+function asString(value) {
+    return value === undefined || value === null ? "" : String(value);
+}