FixWeb

// docs / mcp

MCP sirwiri

Plug FixWeb into Claude Desktop, Cursor, jan ukax any client that speaks uka Model Context Protocol. Your AI agent gets typed access ru ma scannaka, jikxatawinaka, ukat uka same templated fix prompts that power uka dashboard's Apaqaña fix prompt button.

01

Mint an API token

Visit /cuenta/api-tokens ukat create a token named, e.g., claude-desktop. Apaqaña uka plaintext value — it's shown once.

Tokens pxiwa bearer credentials: anyone ukampi uka string spawa read ma scannaka ukat start machaq ones. Store it like a password.

02

Point ma MCP client at /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart uka client. The fixweb server should appear in its MCP sirwiri list.

03

Try it out

Ask ma agent things like:

  • “List my last 10 FixWeb scannaka.”
  • “Show me uka critical jikxatawinaka on uka most recent scan.”
  • “Start a passive scan against https://staging.example.com.”
  • “For each high-severity jikxatawi on scan X, write a fix.”
  • “Are there any open live-threat alertanaka on my dominiona?”
  • Type /fixweb-fix ukampi a jikxatawi id ru drop uka templated remediation prompt straight into uka chat.

Yänaka

list_scansread
Returns up ru 100 most-recent scannaka ukampi status + jikxatawi counts. Args: limit?: 1..100.
get_scanread
Scan envelope + per-category severity summary by default. Set include_findings=true tak uka full yatiyaw (large tak noisy scannaka — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread
Paginated jikxatawinaka across all ma scannaka. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite
Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsread
Live amenaza alertanaka (CT log mayjaña, DNS muytayañ, threat intel listas). Unlimited planallanx jikxatas; Hobby ukat Pro planax ch'usa lista kuttʼayi. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread
Single alerta ukampi full payload (DNS diff, machaq certs, listing detail). Args: alert_id (uuid).
dismiss_alertwrite · idempotent
Mark an alerta dismissed. Idempotent — re-dismissing wa a janiwa-op. Args: alert_id (uuid).

Recursos

Recursos let ma client attach FixWeb yatiyawi into uka conversation directly, instead of uka agent re-fetching it on sapa turn. In Claude Desktop, click uka @ menu → fixweb.

fixweb://scan/{scan_id}/reportjson
Full FixWeb scan yatiyaw including sapa check ukat sapa jikxatawi.
fixweb://finding/{finding_id}json
A single jikxatawi (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt
Renders a templated remediation prompt tak a jikxatawi. Detects uka codebase framework ukat uka scan's tech-fingerprint ukat injects framework-specific advice kunapacha available; falls back ru a generic recipe otherwise. Args: finding_id (uuid). No Claude API call — templated server-side.

→ Quotas, RLS, ukat severity gating apply identically ru MCP ukat REST calls.

MCP sirwiri — Docs · FixWeb