// docs / mcp

Freastalaí MCP

Plugáil FixWeb isteach i Claude Desktop, Cursor, nó aon client a labhraíonn an Model Context Protocol. Faigheann d'agent AI rochtain typed ar do scans, findings, agus na prompts deisiúcháin teimpléadaithe céanna a chumhachtaíonn cnaipe Copy fix prompt an dashboard.

Cruthaigh API token

Tabhair cuairt ar /account/api-tokens agus cruthaigh token darb ainm, m.sh., claude-desktop. Cóipeáil an luach plaintext — taispeántar uair amháin é.

Is bearer credentials iad tokens: is féidir le haon duine leis an string do scans a léamh agus cinn nua a thosú. Stóráil é mar password.

Dírigh do MCP client ar /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Atosaigh an client. Ba cheart don fhreastalaí fixweb a bheith le feiceáil ina liosta freastalaithe MCP.

Bain triail as

Cuir ceisteanna ar d'agent mar:

“Liostaigh mo 10 scanadh FixWeb deireanacha.”
“Taispeáin dom na critical findings ar an scanadh is déanaí.”
“Tosaigh scanadh éighníomhach i gcoinne https://staging.example.com.”
“Do gach high-severity finding ar scanadh X, scríobh fix.”
“An bhfuil aon open live-threat alerts ar mo domains?”
Clóscríobh /fixweb-fix le finding id chun an prompt leigheasaithe teimpléadaithe a chur díreach isteach sa chat.

Uirlisí

list_scansread: Filleann suas le 100 scanadh is déanaí le status + finding counts. Args: limit?: 1..100.
get_scanread: Scan envelope + summary severity in aghaidh category de réir default. Socraigh include_findings=true don tuairisc iomlán (mór do scans noisy — b'fhearr list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread: Findings paginated ar fud do scans go léir. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite: Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsread: Foláirimh bagartha beo (difríochtaí CT log, athruithe DNS, liostaí threat intel). Ar fáil ar an bplean Unlimited amháin; tugann pleananna Hobby agus Pro liosta folamh ar ais. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread: Alert aonair le payload iomlán (DNS diff, certs nua, listing detail). Args: alert_id (uuid).
dismiss_alertwrite · idempotent: Marcáil alert mar dismissed. Idempotent — is no-op é re-dismissing. Args: alert_id (uuid).

Acmhainní

Ligeann resources do do client sonraí FixWeb a cheangal isteach sa conversation go díreach, in ionad don agent iad a re-fetch ar gach turn. I Claude Desktop, cliceáil an menu @ → fixweb.

fixweb://scan/{scan_id}/reportjson: Tuairisc scanadh FixWeb iomlán lena n-áirítear gach check agus gach finding.
fixweb://finding/{finding_id}json: Finding aonair (severity, title, description, evidence, remediation, CWE).

Orduithe slash

/fixweb-fixprompt: Renders prompt leigheasaithe teimpléadaithe do finding. Detects framework an codebase ó tech-fingerprint an scanadh agus injects comhairle framework-specific nuair atá sí ar fáil; falls back chuig generic recipe murach sin. Args: finding_id (uuid). Gan Claude API call — templated server-side.

→ Baineann cuótaí, RLS, agus severity gating go comhionann le glaonna MCP agus REST.