FixWeb

// docs / mcp

MCP server

Faapipi'i FixWeb i Claude Desktop, Cursor, po o so o se client e tautala i le Model Context Protocol. E maua e lau AI agent typed access i au scans, findings, ma templated fix prompts lava e tasi e faaaoga e le dashboard Copy fix prompt button.

01

Fausia se API token

Asiasi i /account/api-tokens ma create se token e igoa, e.g., claude-desktop. Kopi le plaintext value — e faaalia faatasi.

Tokens o bearer credentials: so o se tasi e iai le string e mafai ona read au scans ma start new ones. Teu pei o se password.

02

Faasino lau MCP client i /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart le client. E tatau ona aliali le fixweb server i lana MCP server list.

03

Faataitai

Fesili i lau agent mea pei o:

  • “Lisi mai a'u FixWeb scans mulimuli e 10.”
  • “Faaali mai critical findings i le scan sili ona lata mai.”
  • “Start se passive scan faasaga i https://staging.example.com.”
  • “Mo finding taitasi high-severity i scan X, tusia se fix.”
  • “E iai ni open live-threat alerts i a'u domains?”
  • Type /fixweb-fix ma se finding id e drop sa'o ai le templated remediation prompt i le chat.

Tools

list_scansfaitau
Returns up to 100 most-recent scans ma status + finding counts. Args: limit?: 1..100.
get_scanfaitau
Scan envelope + per-category severity summary by default. Set include_findings=true mo le full report (large for noisy scans — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingsfaitau
Paginated findings across all your scans. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scantusi
Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsfaitau
Lapata'iga faamatatasi ola (CT log eseesega, DNS suiga, threat intel lisi). E maua i le polokalama Unlimited; o polokalama Hobby ma Pro e toe fa'afo'i mai se lisi gaogao. Args: domain_id?, active_only?, limit?: 1..200.
get_alertfaitau
Single alert ma full payload (DNS diff, new certs, listing detail). Args: alert_id (uuid).
dismiss_alerttusi · idempotent
Mark an alert dismissed. Idempotent — re-dismissing is a no-op. Args: alert_id (uuid).

Resources

Resources e mafai ai e lau client ona attach FixWeb data i le conversation directly, nai lo le re-fetch e le agent i turn taitasi. I Claude Desktop, click le @ menu → fixweb.

fixweb://scan/{scan_id}/reportjson
Full FixWeb scan report including every check and every finding.
fixweb://finding/{finding_id}json
A single finding (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt
Renders se templated remediation prompt mo se finding. Detects le codebase framework mai le tech-fingerprint a le scan ma inject framework-specific advice pe a available; falls back i generic recipe otherwise. Args: finding_id (uuid). No Claude API call — templated server-side.

→ Quotas, RLS, ma severity gating e apply tutusa i MCP ma REST calls.

MCP server — Docs · FixWeb