// docs / mcp

Servitore MCP

Plug FixWeb into Claude Desktop, Cursor, o any client that speaks u Model Context Protocol. Your AI agent gets typed access à u vostru scansioni, risultati, è u same templated fix prompts that power u dashboard's Cupià fix prompt button.

Mint an API token

Visit /contu/api-tokens è create a token named, e.g., claude-desktop. Cupià u plaintext value — it's shown once.

Tokens sò bearer credentials: anyone cù u string pò read u vostru scansioni è start novu ones. Store it like a password.

Point u vostru MCP client at /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart u client. The fixweb server should appear in its Servitore MCP list.

Try it out

Ask u vostru agent things like:

“List my last 10 FixWeb scansioni.”
“Show me u critical risultati on u most recent scansione.”
“Start a passive scansione against https://staging.example.com.”
“For each high-severity risultatu on scansione X, write a fix.”
“Are there any open live-threat allarmi on my duminii?”
Type /fixweb-fix cù a risultatu id à drop u templated remediation prompt straight into u chat.

Strumenti

list_scansread: Returns up à 100 most-recent scansioni cù status + risultatu counts. Args: limit?: 1..100.
get_scanread: Scan envelope + per-category severity summary by default. Set include_findings=true per u full raportu (large per noisy scansioni — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread: Paginated risultati across all u vostru scansioni. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite: Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsread: Allarmi di minaccia in diretta (differenze CT log, cambiamenti DNS, listazioni threat intel). Dispunibile solu nant'à u pianu Unlimited; i piani Hobby è Pro restituiscenu una lista viota. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread: Single allarme cù full payload (DNS diff, novu certs, listing detail). Args: alert_id (uuid).
dismiss_alertwrite · idempotent: Mark an allarme dismissed. Idempotent — re-dismissing hè a nò-op. Args: alert_id (uuid).

Risorse

Risorse let u vostru client attach FixWeb dati into u conversation directly, instead of u agent re-fetching it on ogni turn. In Claude Desktop, click u @ menu → fixweb.

fixweb://scan/{scan_id}/reportjson: Full FixWeb scansione raportu including ogni check è ogni risultatu.
fixweb://finding/{finding_id}json: A single risultatu (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt: Renders a templated remediation prompt per a risultatu. Detects u codebase framework da u scansione's tech-fingerprint è injects framework-specific advice quandu available; falls back à a generic recipe otherwise. Args: finding_id (uuid). No Claude API call — templated server-side.

→ Quotas, RLS, è severity gating apply identically à MCP è REST calls.