FixWeb

// docs / mcp

MCP server

Uključite FixWeb u Claude Desktop, Cursor ili bilo koji client koji govori Model Context Protocol. Vaš AI agent dobija tipiziran pristup vašim scans, findings i istim templated fix prompts koji pokreću dashboard dugme Copy fix prompt.

01

Izdajte API token

Posjetite /account/api-tokens i kreirajte token nazvan, npr., claude-desktop. Kopirajte plaintext value — prikazuje se jednom.

Tokens su bearer credentials: svako sa string može čitati vaše scans i pokretati nove. Čuvajte ga kao password.

02

Usmjerite MCP client na /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restartujte client. Server fixweb treba se pojaviti u njegovoj MCP server list.

03

Isprobajte

Pitajte agent stvari poput:

  • “Prikaži mojih zadnjih 10 FixWeb scans.”
  • “Pokaži mi critical findings na najnovijem scan.”
  • “Pokreni passive scan protiv https://staging.example.com.”
  • “Za svaki high-severity finding na scan X napiši fix.”
  • “Ima li otvorenih live-threat alerts na mojim domains?”
  • Upišite /fixweb-fix s finding id da drop templated remediation prompt direktno u chat.

Tools

list_scansčitanje
Vraća do 100 most-recent scans sa status + finding counts. Args: limit?: 1..100.
get_scančitanje
Scan envelope + per-category severity summary by default. Set include_findings=true za full report (large for noisy scans — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsčitanje
Paginated findings kroz sve vaše scans. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanpisanje
Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsčitanje
Upozorenja na prijetnje uživo (razlike CT logova, promjene DNS-a, listinzi threat intela). Dostupno samo na planu Unlimited; planovi Hobby i Pro vraćaju praznu listu. Args: domain_id?, active_only?, limit?: 1..200.
get_alertčitanje
Jedan alert s full payload (DNS diff, new certs, listing detail). Args: alert_id (uuid).
dismiss_alertpisanje · idempotent
Označi alert kao dismissed. Idempotent — re-dismissing je no-op. Args: alert_id (uuid).

Resources

Resources omogućavaju vašem client da attach FixWeb data direktno u conversation, umjesto da agent re-fetch na svaki turn. U Claude Desktop kliknite @ menu → fixweb.

fixweb://scan/{scan_id}/reportjson
Puni FixWeb scan report uključujući svaki check i svaki finding.
fixweb://finding/{finding_id}json
Jedan finding (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt
Renders templated remediation prompt za finding. Detects codebase framework iz scan's tech-fingerprint i injects framework-specific advice kada available; falls back to generic recipe otherwise. Args: finding_id (uuid). Nema Claude API call — templated server-side.

→ Quotas, RLS i severity gating primjenjuju se identično na MCP i REST calls.

MCP server — Docs · FixWeb