FixWeb

// docs / mcp

Sèvè MCP

Plug FixWeb into Claude Desktop, Cursor, oswa any client that speaks la Model Context Protocol. Your AI agent gets typed access pou ou eskan, konklizyon yo, ak la same templated fix prompts that power la dashboard's Kopye fix prompt button.

01

Mint an API token

Visit /kont/api-tokens ak create a token named, e.g., claude-desktop. Kopye la plaintext value — it's shown once.

Tokens yo bearer credentials: anyone ak la string ka read ou eskan ak start nouvo ones. Store it like a password.

02

Point ou MCP client at /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart la client. The fixweb server should appear in its Sèvè MCP list.

03

Try it out

Ask ou agent things like:

  • “List my last 10 FixWeb eskan.”
  • “Show me la critical konklizyon yo on la most recent eskan.”
  • “Start a passive eskan against https://staging.example.com.”
  • “For each high-severity konklizyon on eskan X, write a fix.”
  • “Are there any open live-threat alèt on my domèn?”
  • Type /fixweb-fix ak a konklizyon id pou drop la templated remediation prompt straight into la chat.

Zouti

list_scansread
Returns up pou 100 most-recent eskan ak status + konklizyon counts. Args: limit?: 1..100.
get_scanread
Scan envelope + per-category severity summary by default. Set include_findings=true pou la full rapò (large pou noisy eskan — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread
Paginated konklizyon yo across all ou eskan. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite
Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsread
Alèt menas an direk (diferans CT log, chanjman DNS, lis threat intel). Disponib sèlman nan plan Unlimited la; plan Hobby ak Pro retounen yon lis vid. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread
Single alèt ak full payload (DNS diff, nouvo certs, listing detail). Args: alert_id (uuid).
dismiss_alertwrite · idempotent
Mark an alèt dismissed. Idempotent — re-dismissing se a non-op. Args: alert_id (uuid).

Resous

Resous let ou client attach FixWeb done into la conversation directly, instead of la agent re-fetching it on chak turn. In Claude Desktop, click la @ menu → fixweb.

fixweb://scan/{scan_id}/reportjson
Full FixWeb eskan rapò including chak check ak chak konklizyon.
fixweb://finding/{finding_id}json
A single konklizyon (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt
Renders a templated remediation prompt pou a konklizyon. Detects la codebase framework soti nan la eskan's tech-fingerprint ak injects framework-specific advice lè available; falls back pou a generic recipe otherwise. Args: finding_id (uuid). No Claude API call — templated server-side.

→ Quotas, RLS, ak severity gating apply identically pou MCP ak REST calls.

Sèvè MCP — Docs · FixWeb