FixWeb

// docs / mcp

MCP server

FixWeb-i Claude Desktop, Cursor ýa-da Model Context Protocol gepleýän islendik client bilen baglaň. AI agent-iňiz scans, findings we dashboard-daky Copy fix prompt düwmesini işledýän şol bir templated fix prompts-a typed access alýar.

01

API token dörediň

/account/api-tokens sahypasyna giriň we meselem claude-desktop atly token dörediň. Plaintext value göçüriň — ol bir gezek görkezilýär.

Tokens bearer credentials: string kimde bolsa scans-yňyzy okap we täzelerini başlap biler. Ony password ýaly saklaň.

02

MCP client-iňizi /api/mcp salgysyna gönükdiriň

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Client-i restart ediň. fixweb server onuň MCP server list içinde görünmeli.

03

Synap görüň

Agent-iňizden şular ýaly soraň:

  • “Soňky 10 FixWeb scan-ymy sanawla.”
  • “Iň soňky scan-daky critical findings-i görkez.”
  • https://staging.example.com garşy passive scan başlat.”
  • “Scan X-daky her high-severity finding üçin fix ýaz.”
  • “Domenlerimde açyk live-threat alerts barmy?”
  • Templated remediation prompt-y göni chat içine düşürmek üçin finding id bilen /fixweb-fix ýazyň.

Tools

list_scansread
Status + finding counts bilen iň soňky 100 scan-a çenli gaýtarýar. Args: limit?: 1..100.
get_scanread
Default boýunça scan envelope + per-category severity summary. Full report üçin include_findings=true goýuň (noisy scans üçin uly — list_findings + filters has gowy). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread
Ähli scans-yňyz boýunça paginated findings. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite
Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsread
Göni howp duýduryşlary (CT log tapawutlary, DNS üýtgemeleri, threat intel sanawlary). Diňe Unlimited meýilnamasynda elýeterli; Hobby we Pro meýilnamalary boş sanaw gaýtaryp berýär. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread
Full payload bolan ýeke alert (DNS diff, new certs, listing detail). Args: alert_id (uuid).
dismiss_alertwrite · idempotent
Alert-i dismissed diýip belläň. Idempotent — gaýtadan dismiss etmek no-op. Args: alert_id (uuid).

Resources

Resources client-iňize FixWeb data-ny göni conversation içine attach etmäge mümkinçilik berýär, agent her turn ony re-fetch etmegiň ýerine. Claude Desktop-da @ menu → fixweb basyň.

fixweb://scan/{scan_id}/reportjson
Her check we her finding bilen doly FixWeb scan report.
fixweb://finding/{finding_id}json
Ýeke finding (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt
Finding üçin templated remediation prompt render edýär. Codebase framework-i scan-yň tech-fingerprint-den detect edýär we bar bolsa framework-specific advice inject edýär; bolmasa generic recipe-e fallback edýär. Args: finding_id (uuid). No Claude API call — templated server-side.

→ Quotas, RLS we severity gating MCP we REST calls üçin birmeňzeş apply bolýar.

MCP server — Docs · FixWeb