FixWeb

// docs / mcp

MCP sirwiq

Plug FixWeb into Claude Desktop, Cursor, utaq any client that speaks chay Model Context Protocol. Your AI agent gets typed access man niyki qhawaykuna, tarisqakuna, hinallataq chay same templated fix prompts that power chay dashboard's Kikinchay fix prompt button.

01

Mint an API token

Visit /yupay/api-tokens hinallataq create a token named, e.g., claude-desktop. Kikinchay chay plaintext value — it's shown once.

Tokens kanku bearer credentials: anyone wan chay string atin read niyki qhawaykuna hinallataq start musuq ones. Store it like a password.

02

Point niyki MCP client at /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart chay client. The fixweb server should appear in its MCP sirwiq list.

03

Try it out

Ask niyki agent things like:

  • “List my last 10 FixWeb qhawaykuna.”
  • “Show me chay critical tarisqakuna on chay most recent qhaway.”
  • “Start a passive qhaway against https://staging.example.com.”
  • “For each high-severity tarisqa on qhaway X, write a fix.”
  • “Are there any open live-threat willaykuna on my dominiokuna?”
  • Type /fixweb-fix wan a tarisqa id man drop chay templated remediation prompt straight into chay chat.

Llamk'anakuna

list_scansread
Returns up man 100 most-recent qhawaykuna wan status + tarisqa counts. Args: limit?: 1..100.
get_scanread
Scan envelope + per-category severity summary by default. Set include_findings=true paq chay full willakuy (large paq noisy qhawaykuna — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread
Paginated tarisqakuna across all niyki qhawaykuna. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite
Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsread
Direkto amenaza willaykuna (CT log diferenciakuna, DNS muyusqakuna, threat intel listas). Unlimited planpi sapallam tarikun; Hobby Pro plankunaqa ch'usaq listata kutichinku. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread
Single willay wan full payload (DNS diff, musuq certs, listing detail). Args: alert_id (uuid).
dismiss_alertwrite · idempotent
Mark an willay dismissed. Idempotent — re-dismissing kan a mana-op. Args: alert_id (uuid).

Yanakuna

Yanakuna let niyki client attach FixWeb willakuy into chay conversation directly, instead of chay agent re-fetching it on sapa turn. In Claude Desktop, click chay @ menu → fixweb.

fixweb://scan/{scan_id}/reportjson
Full FixWeb qhaway willakuy including sapa check hinallataq sapa tarisqa.
fixweb://finding/{finding_id}json
A single tarisqa (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt
Renders a templated remediation prompt paq a tarisqa. Detects chay codebase framework manta chay qhaway's tech-fingerprint hinallataq injects framework-specific advice hayk'aq available; falls back man a generic recipe otherwise. Args: finding_id (uuid). No Claude API call — templated server-side.

→ Quotas, RLS, hinallataq severity gating apply identically man MCP hinallataq REST calls.

MCP sirwiq — Docs · FixWeb