Documentation
¶
Index ¶
- func BuildRecommendationText(dependency output.PackageRef, vulnIDs []string, minSafeVersion string, ...) string
- func NewServer(mcpCtx Context) *server.MCPServer
- type Context
- type DiffRequest
- type ExplainRequest
- type ManifestFixTarget
- type OptionsAdapter
- type ScanRequest
- type VulnFixRequest
- type VulnFixResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildRecommendationText ¶
func BuildRecommendationText( dependency output.PackageRef, vulnIDs []string, minSafeVersion string, targets []ManifestFixTarget, ) string
BuildRecommendationText produces a human-readable summary for an AI agent. vulnIDs lists all vulnerability identifiers being addressed. minSafeVersion is the minimum version that fixes all of them (may be empty if unknown).
Types ¶
type Context ¶
type Context struct {
Adapter OptionsAdapter
Version string
}
Context carries the adapter and version into tool handlers.
type DiffRequest ¶
type DiffRequest struct {
Base string `json:"base"`
Head string `json:"head"`
Path string `json:"path"`
Image string `json:"image"`
Enrich bool `json:"enrich"`
Audit bool `json:"audit"`
Analyze bool `json:"analyze"`
FailOn string `json:"fail_on"`
AllowVulnerabilityIDs string `json:"allow_vulnerability_ids"`
AllowLicenses string `json:"allow_licenses"`
DenyLicenses string `json:"deny_licenses"`
LicenseExemptPackages string `json:"license_exempt_packages"`
DenyPackages string `json:"deny_packages"`
DenyGroups string `json:"deny_groups"`
ProtectedPackages string `json:"protected_packages"`
TyposquatThreshold string `json:"typosquat_threshold"`
TyposquatMode string `json:"typosquat_mode"`
WarnOnly bool `json:"warn_only"`
}
DiffRequest holds per-call overrides for the bomly_diff tool.
type ExplainRequest ¶
type ExplainRequest struct {
Package string `json:"package"`
Path string `json:"path"`
Enrich bool `json:"enrich"`
Audit bool `json:"audit"`
Analyze bool `json:"analyze"`
}
ExplainRequest holds per-call overrides for the bomly_explain tool.
type ManifestFixTarget ¶
type ManifestFixTarget struct {
ManifestPath string `json:"manifest_path"`
ManifestKind string `json:"manifest_kind"`
PackageManager string `json:"package_manager"`
TargetPackage string `json:"target_package"`
CurrentVersion string `json:"current_version"`
RecommendedVersion string `json:"recommended_version"`
ChangeType string `json:"change_type"`
}
ManifestFixTarget describes one actionable change an agent can make to fix a vulnerability.
func BuildManifestFixTargets ¶
func BuildManifestFixTargets( dependency output.PackageRef, paths []output.DependencyPath, minSafeVersion string, manifests []output.ScanManifest, ) []ManifestFixTarget
BuildManifestFixTargets maps dependency paths back to actionable manifest edits. For direct dependencies, the manifest containing the vulnerable package is targeted. For transitive dependencies, the manifest containing the direct ancestor is targeted. minSafeVersion is the minimum version that fixes all matched vulnerabilities; it is used as the RecommendedVersion for direct dependencies (empty string for transitive).
type OptionsAdapter ¶
type OptionsAdapter interface {
RunScan(ctx context.Context, req ScanRequest) (output.ScanResponse, error)
RunExplain(ctx context.Context, req ExplainRequest) (output.ExplainResponse, error)
RunDiff(ctx context.Context, req DiffRequest) (output.DiffResponse, error)
ListPlugins(ctx context.Context) (managedplugin.ListResponse, error)
VulnFixContext(ctx context.Context, req VulnFixRequest) (VulnFixResult, error)
}
OptionsAdapter is implemented by the CLI adapter in internal/cli/mcp_cmd.go. It lives in package cli so it can access unexported pipeline helpers.
type ScanRequest ¶
type ScanRequest struct {
Path string `json:"path"`
Image string `json:"image"`
URL string `json:"url"`
Ref string `json:"ref"`
Enrich bool `json:"enrich"`
Audit bool `json:"audit"`
Analyze bool `json:"analyze"`
FailOn string `json:"fail_on"`
Ecosystems string `json:"ecosystems"`
Scope string `json:"scope"`
}
ScanRequest holds per-call overrides for the bomly_scan tool.
type VulnFixRequest ¶
type VulnFixRequest struct {
Package string `json:"package"`
VulnID string `json:"vuln_id"`
Path string `json:"path"`
}
VulnFixRequest holds per-call overrides for the bomly_vuln_fix_context tool.
type VulnFixResult ¶
type VulnFixResult struct {
Package output.PackageRef `json:"package"`
Vulnerabilities []output.VulnerabilityRef `json:"vulnerabilities"`
MinSafeVersion string `json:"min_safe_version,omitempty"`
AffectedManifests []ManifestFixTarget `json:"affected_manifests"`
Paths []output.DependencyPath `json:"paths"`
Recommendation string `json:"recommendation"`
}
VulnFixResult is returned by the bomly_vuln_fix_context tool. Vulnerabilities holds all matched vulnerabilities (one when vuln_id was specified, all otherwise). MinSafeVersion is the minimum version that addresses every matched vulnerability.