mcp

package
v0.11.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 11, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildRecommendationText

func BuildRecommendationText(
	dependency output.PackageRef,
	vulnIDs []string,
	minSafeVersion string,
	targets []ManifestFixTarget,
) string

BuildRecommendationText produces a human-readable summary for an AI agent. vulnIDs lists all vulnerability identifiers being addressed. minSafeVersion is the minimum version that fixes all of them (may be empty if unknown).

func NewServer

func NewServer(mcpCtx Context) *server.MCPServer

NewServer creates a configured MCP server with all bomly tools registered.

Types

type Context

type Context struct {
	Adapter OptionsAdapter
	Version string
}

Context carries the adapter and version into tool handlers.

type DiffRequest

type DiffRequest struct {
	Base                  string `json:"base"`
	Head                  string `json:"head"`
	Path                  string `json:"path"`
	Container             string `json:"container"`
	Enrich                bool   `json:"enrich"`
	Audit                 bool   `json:"audit"`
	Analyze               bool   `json:"analyze"`
	FailOn                string `json:"fail_on"`
	AllowVulnerabilityIDs string `json:"allow_vulnerability_ids"`
	AllowLicenses         string `json:"allow_licenses"`
	DenyLicenses          string `json:"deny_licenses"`
	LicenseExemptPackages string `json:"license_exempt_packages"`
	DenyPackages          string `json:"deny_packages"`
	DenyGroups            string `json:"deny_groups"`
	ProtectedPackages     string `json:"protected_packages"`
	TyposquatThreshold    string `json:"typosquat_threshold"`
	TyposquatMode         string `json:"typosquat_mode"`
	WarnOnly              bool   `json:"warn_only"`
}

DiffRequest holds per-call overrides for the bomly_diff tool.

type ExplainRequest

type ExplainRequest struct {
	Package string `json:"package"`
	Path    string `json:"path"`
	Enrich  bool   `json:"enrich"`
	Audit   bool   `json:"audit"`
	Analyze bool   `json:"analyze"`
}

ExplainRequest holds per-call overrides for the bomly_explain tool.

type ManifestFixTarget

type ManifestFixTarget struct {
	ManifestPath       string `json:"manifest_path"`
	ManifestKind       string `json:"manifest_kind"`
	PackageManager     string `json:"package_manager"`
	TargetPackage      string `json:"target_package"`
	CurrentVersion     string `json:"current_version"`
	RecommendedVersion string `json:"recommended_version"`
	ChangeType         string `json:"change_type"`
}

ManifestFixTarget describes one actionable change an agent can make to fix a vulnerability.

func BuildManifestFixTargets

func BuildManifestFixTargets(
	dependency output.PackageRef,
	paths []output.DependencyPath,
	minSafeVersion string,
	manifests []output.ScanManifest,
) []ManifestFixTarget

BuildManifestFixTargets maps dependency paths back to actionable manifest edits. For direct dependencies, the manifest containing the vulnerable package is targeted. For transitive dependencies, the manifest containing the direct ancestor is targeted. minSafeVersion is the minimum version that fixes all matched vulnerabilities; it is used as the RecommendedVersion for direct dependencies (empty string for transitive).

type OptionsAdapter

type OptionsAdapter interface {
	RunScan(ctx context.Context, req ScanRequest) (output.ScanResponse, error)
	RunExplain(ctx context.Context, req ExplainRequest) (output.ExplainResponse, error)
	RunDiff(ctx context.Context, req DiffRequest) (output.DiffResponse, error)
	ListPlugins(ctx context.Context) (managedplugin.ListResponse, error)
	VulnFixContext(ctx context.Context, req VulnFixRequest) (VulnFixResult, error)
}

OptionsAdapter is implemented by the CLI adapter in internal/cli/mcp_cmd.go. It lives in package cli so it can access unexported pipeline helpers.

type ScanRequest

type ScanRequest struct {
	Path       string `json:"path"`
	Container  string `json:"container"`
	URL        string `json:"url"`
	Ref        string `json:"ref"`
	Enrich     bool   `json:"enrich"`
	Audit      bool   `json:"audit"`
	Analyze    bool   `json:"analyze"`
	FailOn     string `json:"fail_on"`
	Ecosystems string `json:"ecosystems"`
	Scope      string `json:"scope"`
}

ScanRequest holds per-call overrides for the bomly_scan tool.

type VulnFixRequest

type VulnFixRequest struct {
	Package string `json:"package"`
	VulnID  string `json:"vuln_id"`
	Path    string `json:"path"`
}

VulnFixRequest holds per-call overrides for the bomly_vuln_fix_context tool.

type VulnFixResult

type VulnFixResult struct {
	Package           output.PackageRef         `json:"package"`
	Vulnerabilities   []output.VulnerabilityRef `json:"vulnerabilities"`
	MinSafeVersion    string                    `json:"min_safe_version,omitempty"`
	AffectedManifests []ManifestFixTarget       `json:"affected_manifests"`
	Paths             []output.DependencyPath   `json:"paths"`
	Recommendation    string                    `json:"recommendation"`
}

VulnFixResult is returned by the bomly_vuln_fix_context tool. Vulnerabilities holds all matched vulnerabilities (one when vuln_id was specified, all otherwise). MinSafeVersion is the minimum version that addresses every matched vulnerability.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL