npm - echelongraph-mcp - Versions diffs - 1.0.0 - Mend

echelongraph-mcp 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,77 @@
+# EchelonGraph MCP server
+Real-time **CVE & internet-exposure intelligence** for Claude, Cursor, Cline, and any
+[MCP](https://modelcontextprotocol.io) client — straight from
+[EchelonGraph](https://echelongraph.io)'s free public feed.
+It exposes EchelonGraph's CVE Pulse (NVD + MITRE-CNA *pre-NVD* + CISA-KEV + EPSS + GitHub
+GHSA, fused into one score) **plus the one thing no other CVE source has: the live
+internet-exposure footprint of a CVE** — how many internet-exposed hosts are running an
+affected version *right now*.
+No API key. No auth. Read-only.
+## Tools
+| Tool | What it does |
+|---|---|
+| `cve_summary` | Live counts of active CVEs by severity + feed freshness. |
+| `search_cves` | Search/filter CVEs (severity, min CVSS, text, sort) with EchelonGraph scores. |
+| `get_cve` | Full detail for one CVE (CVSS v3/v4, EG score, EPSS, KEV+ransomware, GHSA, CWE, references). |
+| `cve_exposure` | **Unique:** live internet-exposure footprint for a CVE — exposed host count + country/product breakdown. |
+| `exposure_radar` | Live totals across the exposure radars (shadow AI, KEV-exploited hosts, open databases, leaked creds). |
+## Install
+Add it to your MCP client's config. It runs via `npx` — no global install needed.
+### Claude Desktop
+`claude_desktop_config.json` → `mcpServers`:
+```json
+{
+  "mcpServers": {
+    "echelongraph": {
+      "command": "npx",
+      "args": ["-y", "echelongraph-mcp"]
+    }
+  }
+}
+```
+### Cursor / Cline / Windsurf
+`~/.cursor/mcp.json` (or the client's MCP settings):
+```json
+{
+  "mcpServers": {
+    "echelongraph": {
+      "command": "npx",
+      "args": ["-y", "echelongraph-mcp"]
+    }
+  }
+}
+```
+Restart the client, then ask: *"Is CVE-2023-44487 actively exploited, and how exposed is
+the internet to it?"*
+## Configuration
+| Env var | Default | Purpose |
+|---|---|---|
+| `ECHELONGRAPH_API_BASE` | `https://app.echelongraph.io` | Override the API base (self-host / proxy). |
+## Develop
+```bash
+npm install
+npm run build      # tsc → dist/
+npm run smoke      # spawn the server + call cve_exposure against the live API
+```
+## License
+MIT · Data © EchelonGraph, served under the CVE Pulse free-access terms.

package/dist/index.js ADDED Viewed

@@ -0,0 +1,99 @@
+#!/usr/bin/env node
+// EchelonGraph CVE & internet-exposure MCP server.
+// Exposes EchelonGraph's free public CVE/exposure intelligence as MCP tools so Claude,
+// Cursor, Cline, and any MCP client can query real-time vulnerability data — including the
+// one thing no other CVE source has: the LIVE internet-exposure footprint per CVE.
+// stdio transport; no auth required; read-only.
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+const BASE = (process.env.ECHELONGRAPH_API_BASE || "https://app.echelongraph.io").replace(/\/+$/, "");
+const UA = "echelongraph-mcp/1.0 (+https://echelongraph.io/pulse/mcp)";
+async function api(path) {
+    const ctrl = new AbortController();
+    const t = setTimeout(() => ctrl.abort(), 15000);
+    try {
+        const res = await fetch(`${BASE}${path}`, {
+            headers: { "User-Agent": UA, Accept: "application/json" },
+            signal: ctrl.signal,
+        });
+        if (!res.ok)
+            throw new Error(`EchelonGraph API returned HTTP ${res.status} for ${path}`);
+        return await res.json();
+    }
+    finally {
+        clearTimeout(t);
+    }
+}
+const ok = (data) => ({ content: [{ type: "text", text: JSON.stringify(data, null, 2) }] });
+const fail = (e) => ({
+    content: [{ type: "text", text: `Error querying EchelonGraph: ${e instanceof Error ? e.message : String(e)}` }],
+    isError: true,
+});
+const server = new McpServer({ name: "echelongraph-cve", version: "1.0.0" });
+server.tool("cve_summary", "Live summary of EchelonGraph's CVE Pulse feed: total active CVEs and counts by severity (critical/high/medium/low/none), plus feed freshness. Use to gauge the current vulnerability landscape.", {}, async () => {
+    try {
+        return ok(await api("/api/v1/public/cves/summary"));
+    }
+    catch (e) {
+        return fail(e);
+    }
+});
+server.tool("search_cves", "Search/list CVEs from EchelonGraph's real-time feed (NVD + MITRE-CNA pre-NVD + CISA-KEV + EPSS + GitHub GHSA). Filter by severity, minimum CVSS, free text, and sort. Returns CVEs with the EchelonGraph multi-source score, severity, CVSS, EPSS, and KEV status.", {
+    search: z.string().optional().describe("free-text search (product, vendor, or keyword, e.g. 'tomcat')"),
+    severity: z.enum(["CRITICAL", "HIGH", "MEDIUM", "LOW"]).optional().describe("filter to one severity"),
+    min_cvss: z.number().min(0).max(10).optional().describe("minimum CVSS score"),
+    sort: z.enum(["published", "modified", "nvd", "echelongraph", "epss"]).optional().describe("sort order (default: published)"),
+    limit: z.number().int().min(1).max(50).optional().describe("page size (default 20, max 50)"),
+}, async (a) => {
+    try {
+        const q = new URLSearchParams();
+        if (a.search)
+            q.set("search", a.search);
+        if (a.severity)
+            q.set("severity", a.severity);
+        if (a.min_cvss !== undefined)
+            q.set("min_cvss", String(a.min_cvss));
+        if (a.sort)
+            q.set("sort", a.sort);
+        q.set("limit", String(a.limit ?? 20));
+        return ok(await api(`/api/v1/public/cves?${q.toString()}`));
+    }
+    catch (e) {
+        return fail(e);
+    }
+});
+server.tool("get_cve", "Full detail for one CVE: description, NVD CVSS v3/v4, the EchelonGraph multi-source score + confidence, EPSS, CISA-KEV status (including ransomware-campaign use), GitHub GHSA, CWE, and references. Pass a CVE ID like CVE-2023-44487.", { cve_id: z.string().describe("a CVE ID, e.g. CVE-2023-44487") }, async ({ cve_id }) => {
+    try {
+        return ok(await api(`/api/v1/public/cves/${encodeURIComponent(cve_id.trim())}`));
+    }
+    catch (e) {
+        return fail(e);
+    }
+});
+server.tool("cve_exposure", "UNIQUE to EchelonGraph: the LIVE internet-exposure footprint for a CVE — how many internet-exposed hosts our passive radar currently sees running an affected version, with a country/product breakdown and a ransomware flag. Aggregate and host-redacted. No other CVE source has this. Returns exposed_hosts=0 for CVEs the radar doesn't track (it focuses on actively-exploited / high-EPSS CVEs).", { cve_id: z.string().describe("a CVE ID, e.g. CVE-2023-44487") }, async ({ cve_id }) => {
+    try {
+        return ok(await api(`/api/v1/public/kev-exposure/cve/${encodeURIComponent(cve_id.trim())}`));
+    }
+    catch (e) {
+        return fail(e);
+    }
+});
+server.tool("exposure_radar", "Live totals from EchelonGraph's passive internet-exposure radars: exposed AI services, hosts running actively-exploited (CISA-KEV) CVEs (plus ransomware-linked), unauthenticated databases, and leaked credentials. The current state of internet exposure EchelonGraph maps passively.", {}, async () => {
+    try {
+        const [kev, db, leaked, shadow] = await Promise.all([
+            api("/api/v1/public/kev-exposure/stats").catch(() => null),
+            api("/api/v1/public/exposed-databases/stats").catch(() => null),
+            api("/api/v1/public/leaked-credentials/stats").catch(() => null),
+            api("/api/v1/public/shadow-ai-radar/stats").catch(() => null),
+        ]);
+        return ok({ kev_exposure: kev, exposed_databases: db, leaked_credentials: leaked, shadow_ai: shadow });
+    }
+    catch (e) {
+        return fail(e);
+    }
+});
+const transport = new StdioServerTransport();
+await server.connect(transport);
+// MCP uses stdout for the protocol — diagnostics go to stderr.
+console.error(`EchelonGraph CVE MCP server running (API: ${BASE})`);

package/package.json ADDED Viewed

@@ -0,0 +1,49 @@
+{
+  "name": "echelongraph-mcp",
+  "version": "1.0.0",
+  "description": "EchelonGraph CVE & internet-exposure intelligence as an MCP server — real-time CVEs, EchelonGraph multi-source scores, CISA-KEV/EPSS, and the unique LIVE internet-exposure footprint per CVE — for Claude, Cursor, and any MCP client.",
+  "type": "module",
+  "bin": {
+    "echelongraph-mcp": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "smoke": "node test/smoke.mjs"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "cve",
+    "vulnerability",
+    "security",
+    "kev",
+    "epss",
+    "exposure",
+    "echelongraph",
+    "claude",
+    "cursor"
+  ],
+  "author": "EchelonGraph",
+  "license": "MIT",
+  "homepage": "https://echelongraph.io/pulse/mcp",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/AkshayDubey29/EchelonGraph.git"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.10.0",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/node": "^20.14.0",
+    "typescript": "^5.4.5"
+  }
+}