// docs / mcp

MCP सेवकः

Plug FixWeb into Claude Desktop, Cursor, वा any client that speaks तत् Model Context Protocol. Your AI agent gets typed access प्रति तव scans, findings, च तत् same templated fix prompts that power तत् dashboard's प्रतिलिपि fix prompt button.

Mint an API token

Visit /लेखा/api-tokens च create a token named, e.g., claude-desktop. प्रतिलिपि तत् plaintext value — it's shown once.

Tokens सन्ति bearer credentials: anyone सह तत् string शक्नोति read तव scans च start नूतनम् ones. Store it like a password.

Point तव MCP client at /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart तत् client. The fixweb server should appear in its MCP सेवकः list.

Try it out

Ask तव agent things like:

“List my last 10 FixWeb scans.”
“Show me तत् critical findings on तत् most recent scan.”
“Start a passive scan against https://staging.example.com.”
“For each high-severity finding on scan X, write a fix.”
“Are there any open live-threat alerts on my domains?”
Type /fixweb-fix सह a finding id प्रति drop तत् templated remediation prompt straight into तत् chat.

उपकरणानि

list_scansread: Returns up प्रति 100 most-recent scans सह status + finding counts. Args: limit?: 1..100.
get_scanread: Scan envelope + per-category severity summary by default. Set include_findings=true कृते तत् full वृत्तान्तः (large कृते noisy scans — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread: Paginated findings across all तव scans. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite: Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsread: जीवन्त-भयसूचनाः (CT log भेदाः, DNS परिवर्तनानि, threat intel सूचयः)। केवलम् Unlimited योजनायाम् उपलब्धम्; Hobby Pro योजनाः रिक्त-सूचीं प्रत्यर्पयन्ति। Args: domain_id?, active_only?, limit?: 1..200.
get_alertread: Single alert सह full payload (DNS diff, नूतनम् certs, listing detail). Args: alert_id (uuid).
dismiss_alertwrite · idempotent: Mark an alert dismissed. Idempotent — re-dismissing अस्ति a न-op. Args: alert_id (uuid).

साधनानि

साधनानि let तव client attach FixWeb दत्तांशः into तत् conversation directly, instead of तत् agent re-fetching it on प्रत्येकम् turn. In Claude Desktop, click तत् @ menu → fixweb.

fixweb://scan/{scan_id}/reportjson: Full FixWeb scan वृत्तान्तः including प्रत्येकम् check च प्रत्येकम् finding.
fixweb://finding/{finding_id}json: A single finding (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt: Renders a templated remediation prompt कृते a finding. Detects तत् codebase framework तः तत् scan's tech-fingerprint च injects framework-specific advice यदा available; falls back प्रति a generic recipe otherwise. Args: finding_id (uuid). No Claude API call — templated server-side.

→ Quotas, RLS, च severity gating apply identically प्रति MCP च REST calls.