Documentation
¶
Overview ¶
Package tools holds the MCP tool implementations that wrap sfw's analysis library. Each file owns one tool: a New<Name>Tool constructor returning (mcp.Tool, server.ToolHandlerFunc) so the registry can attach the pair atomically.
Index ¶
- func All() []server.ServerTool
- func NewCheckTool() (mcp.Tool, server.ToolHandlerFunc)
- func NewDiffTool() (mcp.Tool, server.ToolHandlerFunc)
- func NewScanTool() (mcp.Tool, server.ToolHandlerFunc)
- func NewStatsTool() (mcp.Tool, server.ToolHandlerFunc)
- func NewTopologyTool() (mcp.Tool, server.ToolHandlerFunc)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func All ¶
func All() []server.ServerTool
All returns every sfw tool the package ships, paired with its handler. Both surfaces consume this list:
- server.registerTools iterates it to attach the tools to the MCP server boot path.
- agent.Loop iterates it to build the provider-side ToolSpec list and to dispatch tool_use blocks received from the LLM.
Keeping a single registry means a new tool becomes available on the MCP serve surface and the in-process agent simultaneously -- the agent can never drift behind the published tool list.
func NewCheckTool ¶
func NewCheckTool() (mcp.Tool, server.ToolHandlerFunc)
NewCheckTool returns the sfw_check tool definition and handler.
sfw_check fingerprints a Go file or directory and returns the per- function canonical-IR fingerprints. When db_path is set it also scans every function's topology against the signature database in the same pass, attaching matching ScanResult entries to the FileOutput. This is the read-only equivalent of `sfw check` (with or without --scan).
func NewDiffTool ¶
func NewDiffTool() (mcp.Tool, server.ToolHandlerFunc)
NewDiffTool returns the sfw_diff tool definition and handler.
sfw_diff compares two Go source files and returns the semantic delta: preserved/modified/added/removed functions, topology changes, risk scores, and per-function fingerprints. It is the read-only equivalent of the `sfw diff` CLI subcommand.
func NewScanTool ¶
func NewScanTool() (mcp.Tool, server.ToolHandlerFunc)
NewScanTool returns the sfw_scan tool definition and handler.
sfw_scan walks the target (file or directory), fingerprints every non-test Go source, and scans each function's topology against the signature database. Returns a models.ScanOutput with aggregated alerts sorted by severity, plus a per-severity summary that mirrors what `sfw scan` printed in v3.
Dependency scanning (--deps in v3) is intentionally out of scope for the read-only v4 surface: it needs `go/packages` loading which reaches outside the immediate target tree and complicates the security story.
func NewStatsTool ¶
func NewStatsTool() (mcp.Tool, server.ToolHandlerFunc)
NewStatsTool returns the sfw_stats tool definition and handler.
sfw_stats opens a signature database (PebbleDB directory or JSON file) read-only and reports the metadata an agent needs to decide whether scanning against that DB will be useful: backend, signature count, index sizes, on-disk footprint.
func NewTopologyTool ¶
func NewTopologyTool() (mcp.Tool, server.ToolHandlerFunc)
NewTopologyTool returns the sfw_topology tool definition and handler.
Two modes:
- file_path only: list every function in the file with a slim per-function digest (name, line, fingerprint, key control-flow counts and flags, entropy score).
- file_path + function_name: return the full FunctionTopology struct -- call signatures, instruction counts, string literals, entropy profile, the lot -- for the matched function.
Function matching uses ShortFunctionName, so "main", "(*Server).Run", and "pkg.helper" all work without needing the fully-qualified SSA name the engine emits internally.
Types ¶
This section is empty.
Source Files