Conversation
Add Model Context Protocol (MCP) server that exposes all Analyzer CLI operations as structured tools over stdio JSON-RPC. This enables AI assistants like Claude to manage objects, create scans, browse paginated analysis results, check compliance, download reports/SBOMs, and more. - New src/mcp.rs with 20 MCP tools (objects, scans, results, config) - Add --mcp flag to main CLI, route to MCP server before subcommands - Add rmcp and schemars dependencies - Update README with MCP Server mode docs and Claude Code config - Bump version to 0.2.1 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…g tools - Extract shared AnalysisType::from_api_name() and ComplianceType::from_name() so MCP reuses enum parsing instead of duplicating match arms - Make resolve_analysis_id public, reuse from MCP instead of reimplementing - All scan tools now accept object_id as alternative to scan_id, matching the CLI's --object flag and aligning with ELI's natural interaction model - Remove configure_profile/config_get/config_set (config mutation is out of scope for AI agents); keep whoami for diagnostics - Add [Read]/[Write]/[Critical] classification to tool descriptions, preparing for ELI's Permission Gate - Fix &PathBuf -> &Path (Clippy), trim instructions block Net -145 lines from mcp.rs.
giovannialberto
force-pushed
the
feat/mcp-server
branch
from
3ab7ec1 to
6858078
Compare
Member
|
I cleaned up a few things here and there and changed some things to make sure that it's maintainable and aligned with our future plans. It's all tested and good to go for me. Adding @krsh as final reviewer. |
krsh
reviewed
Mar 13, 2026
| humantime = "2" | ||
| bytes = "1" | ||
| clap_complete = "4" | ||
| rmcp = { version = "0.12", features = ["server", "macros", "transport-io"] } |
Member
There was a problem hiding this comment.
Update to the latest version (1.2.0)
| capabilities, info, symbols (IDF), tasks (IDF), stack-overflow (IDF).\n\ | ||
| \n\ | ||
| ## Exein Rating (Security Score)\n\ | ||
| 0-100 where **lower is better** (0 = no issues, 100 = worst). \ |
Member
There was a problem hiding this comment.
In src/output.rs (format_score), scores >= 80 are colored green and < 50 red. This visually implies to human users that HIGHER IS BETTER.
Invert the color logic (.green(), .yellow(), .red()) in src/output.rs and src/commands/scan.rs
| bytes = "1" | ||
| clap_complete = "4" | ||
| rmcp = { version = "0.12", features = ["server", "macros", "transport-io"] } | ||
| schemars = "1" |
Member
There was a problem hiding this comment.
By enabling the uuid1 feature for schemars, we can directly use Option<Uuid> instead of Option<String> in the structs within src/mcp.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
analyzer --mcp, enabling AI assistants (Claude, etc.) to use all Analyzer operations as structured tools over stdio JSON-RPCsrc/mcp.rswith 20 tools: object management, scan creation/status/score, paginated analysis results browsing, compliance checks, SBOM/report downloads, and configurationrmcpandschemarsdependencies, bump version to 0.2.1MCP Tools
Objects:
list_objects,create_object,delete_objectScans:
create_scan,get_scan_status,get_scan_score,get_scan_types,get_scan_overview,cancel_scan,delete_scanResults:
get_analysis_results(paginated, with search),get_complianceDownloads:
download_sbom,download_report,download_compliance_reportConfig:
configure_profile,config_get,config_set,whoamiTest plan
cargo build --releasecompiles successfullyanalyzer --helpshows--mcpflaganalyzer --mcpstarts MCP server on stdio (verify with MCP inspector)