audited-mcp 1.0.0

package/README.md

@@ -0,0 +1,46 @@
+# audited-mcp
+
+MCP server for [audited.xyz](https://audited.xyz) — AI-powered security audits.
+
+## Tools
+
+| Tool | Description | Auth required |
+|---|---|---|
+| `list_reports` | List public audit reports (filter by project type) | No |
+| `get_report` | Get full markdown report by slug | No |
+| `get_findings` | Get findings with severity, description, and fixes | No |
+| `start_audit` | Start a new audit from a GitHub URL | Yes |
+| `check_status` | Check audit generation progress | Yes |
+
+## Setup
+
+### Claude Desktop
+
+Add to `~/Library/Application Support/Claude/claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "audited": {
+      "command": "npx",
+      "args": ["-y", "audited-mcp"],
+      "env": {
+        "AUDITED_API_KEY": "your-api-key"
+      }
+    }
+  }
+}
+```
+
+### Claude Code
+
+```bash
+claude mcp add audited npx audited-mcp
+```
+
+## Environment Variables
+
+| Variable | Required | Description |
+|---|---|---|
+| `AUDITED_API_KEY` | For `start_audit` | API key from audited.xyz |
+| `AUDITED_URL` | No | Override base URL (default: `https://audited.xyz`) |

package/build/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/build/index.js

@@ -0,0 +1,236 @@
+#!/usr/bin/env node
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { ListToolsRequestSchema, CallToolRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+const BASE_URL = process.env.AUDITED_URL || "https://audited.xyz";
+const API_KEY = process.env.AUDITED_API_KEY || "";
+// --- API helpers ---
+async function apiGet(path) {
+    const headers = {
+        "Accept": "application/json",
+    };
+    if (API_KEY)
+        headers["Authorization"] = `Bearer ${API_KEY}`;
+    const res = await fetch(`${BASE_URL}${path}`, { headers });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`API ${res.status}: ${body}`);
+    }
+    return res.json();
+}
+async function apiPost(path, body) {
+    const headers = {
+        "Content-Type": "application/json",
+        "Accept": "application/json",
+    };
+    if (API_KEY)
+        headers["Authorization"] = `Bearer ${API_KEY}`;
+    const res = await fetch(`${BASE_URL}${path}`, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(body),
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`API ${res.status}: ${text}`);
+    }
+    return res.json();
+}
+// --- Tools ---
+const tools = [
+    {
+        name: "list_reports",
+        description: "List public audit reports on audited.xyz. Returns project names, slugs, findings counts, and project types.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                type: {
+                    type: "string",
+                    description: "Filter by project type (solidity, rust, go, c, javascript, python, rails, java, etc.)",
+                },
+            },
+        },
+    },
+    {
+        name: "get_report",
+        description: "Get a full audit report by slug. Returns the markdown report content, findings, and metadata.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                slug: {
+                    type: "string",
+                    description: "The audit report slug (e.g., 'curl', 'redis', 'uniswap-v4')",
+                },
+            },
+            required: ["slug"],
+        },
+    },
+    {
+        name: "get_findings",
+        description: "Get findings for a specific audit report. Returns severity, title, description, location, and recommended fix for each finding.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                slug: {
+                    type: "string",
+                    description: "The audit report slug",
+                },
+            },
+            required: ["slug"],
+        },
+    },
+    {
+        name: "start_audit",
+        description: "Start a new security audit on audited.xyz. Requires a GitHub repository URL. Returns the audit ID for status polling. Requires an API key.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                github_url: {
+                    type: "string",
+                    description: "GitHub repository URL to audit (e.g., 'https://github.com/owner/repo')",
+                },
+                project_name: {
+                    type: "string",
+                    description: "Name for the audit (optional, auto-detected from URL)",
+                },
+            },
+            required: ["github_url"],
+        },
+    },
+    {
+        name: "check_status",
+        description: "Check the status of an ongoing audit. Returns status (generating, completed, failed) and progress details.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                audit_id: {
+                    type: "string",
+                    description: "The audit ID or slug to check",
+                },
+            },
+            required: ["audit_id"],
+        },
+    },
+];
+// --- Tool handlers ---
+async function handleListReports(args) {
+    const params = args.type ? `?type=${encodeURIComponent(args.type)}` : "";
+    const data = await apiGet(`/api/v1/audits/public_list${params}`);
+    if (!data.audits || data.audits.length === 0) {
+        return "No public audit reports found.";
+    }
+    const lines = data.audits.map((a) => {
+        const findings = a.findings_summary || {};
+        const parts = Object.entries(findings)
+            .filter(([_, count]) => count > 0)
+            .map(([sev, count]) => `${count} ${sev}`)
+            .join(", ");
+        return `- **${a.project_name}** (${a.slug}) — ${a.project_type || "unknown"} — ${parts || "no findings"} — https://audited.xyz/report/${a.slug}`;
+    });
+    return `## Public Audit Reports (${data.audits.length})\n\n${lines.join("\n")}`;
+}
+async function handleGetReport(args) {
+    const data = await apiGet(`/api/v1/audits/${encodeURIComponent(args.slug)}/report`);
+    if (!data.report) {
+        return `No report found for slug: ${args.slug}`;
+    }
+    return data.report;
+}
+async function handleGetFindings(args) {
+    const data = await apiGet(`/api/v1/audits/${encodeURIComponent(args.slug)}/findings`);
+    if (!data.findings || data.findings.length === 0) {
+        return `No findings for ${args.slug}.`;
+    }
+    const lines = data.findings.map((f) => {
+        return `### ${f.finding_id} [${f.severity.toUpperCase()}] ${f.title}\n**Location:** ${f.location}\n**Description:** ${f.description}\n**Impact:** ${f.impact || "N/A"}\n**Recommendation:** ${f.recommendation || "N/A"}\n${f.suggested_fix ? `**Fix:**\n\`\`\`\n${f.suggested_fix}\n\`\`\`` : ""}`;
+    });
+    return `## Findings for ${args.slug} (${data.findings.length})\n\n${lines.join("\n\n---\n\n")}`;
+}
+async function handleStartAudit(args) {
+    if (!API_KEY) {
+        return "Error: AUDITED_API_KEY environment variable is required to start audits. Get one at https://audited.xyz/api/docs";
+    }
+    const body = { github_url: args.github_url };
+    if (args.project_name)
+        body.name = args.project_name;
+    const data = await apiPost("/api/v1/audits", body);
+    return `Audit started!\n- **ID:** ${data.id}\n- **Slug:** ${data.slug}\n- **Status:** ${data.status}\n\nPoll status with: check_status("${data.slug}")`;
+}
+async function handleCheckStatus(args) {
+    const data = await apiGet(`/api/v1/audits/${encodeURIComponent(args.audit_id)}`);
+    let result = `## Audit Status: ${data.project_name || args.audit_id}\n\n`;
+    result += `- **Status:** ${data.status}\n`;
+    result += `- **Slug:** ${data.slug}\n`;
+    if (data.status === "completed") {
+        result += `- **Findings:** ${data.findings_count || 0}\n`;
+        result += `- **Report:** https://audited.xyz/report/${data.slug}\n`;
+    }
+    else if (data.status === "failed") {
+        result += `- **Error:** ${data.error || "Unknown error"}\n`;
+    }
+    else {
+        result += `- **Progress:** Audit is being generated. Check back in a few minutes.\n`;
+    }
+    return result;
+}
+// --- Server setup ---
+const server = new Server({ name: "audited", version: "1.0.0" }, { capabilities: { tools: {}, resources: {} } });
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+    tools,
+}));
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: args } = request.params;
+    try {
+        let result;
+        switch (name) {
+            case "list_reports":
+                result = await handleListReports(args);
+                break;
+            case "get_report":
+                result = await handleGetReport(args);
+                break;
+            case "get_findings":
+                result = await handleGetFindings(args);
+                break;
+            case "start_audit":
+                result = await handleStartAudit(args);
+                break;
+            case "check_status":
+                result = await handleCheckStatus(args);
+                break;
+            default:
+                throw new Error(`Unknown tool: ${name}`);
+        }
+        return { content: [{ type: "text", text: result }] };
+    }
+    catch (error) {
+        return {
+            content: [{ type: "text", text: `Error: ${error.message}` }],
+            isError: true,
+        };
+    }
+});
+// Resources: expose the llms.txt and public report list
+server.setRequestHandler(ListResourcesRequestSchema, async () => ({
+    resources: [
+        {
+            uri: "audited://info",
+            name: "audited.xyz overview",
+            description: "Overview of audited.xyz platform, features, and public reports",
+            mimeType: "text/plain",
+        },
+    ],
+}));
+server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+    if (request.params.uri === "audited://info") {
+        const res = await fetch(`${BASE_URL}/llms.txt`);
+        const text = await res.text();
+        return {
+            contents: [{ uri: "audited://info", text, mimeType: "text/plain" }],
+        };
+    }
+    throw new Error(`Unknown resource: ${request.params.uri}`);
+});
+// Start
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "audited-mcp",
+  "version": "1.0.0",
+  "description": "MCP server for audited.xyz — AI-powered security audits",
+  "type": "module",
+  "bin": {
+    "audited-mcp": "./build/index.js"
+  },
+  "main": "./build/index.js",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc && node build/index.js",
+    "prepublishOnly": "tsc"
+  },
+  "files": [
+    "build"
+  ],
+  "keywords": [
+    "mcp",
+    "security",
+    "audit",
+    "smart-contracts",
+    "audited"
+  ],
+  "author": "zack.eth",
+  "license": "MIT",
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "zod": "^3.22.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.0",
+    "@types/node": "^20.0.0"
+  }
+}