FixWeb

// docs / mcp

Seva MCP

Fakahu FixWeb ki Claude Desktop, Cursor, pe ha client pe 'oku lea 'aki e Model Context Protocol. 'Oku ma'u 'e ho'o AI agent ha typed access ki ho'o scans, findings, mo e templated fix prompts tatau 'oku fakaivia e dashboard Copy fix prompt button.

01

Fa'u ha API token

A'ahi ki /account/api-tokens pea create ha token named, e.g., claude-desktop. Copy e plaintext value — it's shown once.

Tokens ko bearer credentials: anyone with the string can read your scans and start new ones. Store it like a password.

02

Fakahinohino ho'o MCP client ki /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart e client. The fixweb server should appear in its MCP server list.

03

Sivi'i

Ask ho'o agent things like:

  • “List 'eku FixWeb scans fakamuimui 'e 10.”
  • “Faka'ali mai e critical findings 'i he scan fakamuimui taha.”
  • “Kamata ha passive scan ki https://staging.example.com.”
  • “Ma'a e high-severity finding takitaha 'i scan X, tohi ha fix.”
  • “'Oku 'i ai ha open live-threat alerts 'i he'eku domains?”
  • Type /fixweb-fix mo ha finding id ke drop hangatonu e templated remediation prompt ki he chat.

Ngaahi tools

list_scanslau
Returns up to 100 most-recent scans with status + finding counts. Args: limit?: 1..100.
get_scanlau
Scan envelope + per-category severity summary by default. Set include_findings=true for the full report (large for noisy scans — prefer list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingslau
Paginated findings across all your scans. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scantohi
Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertslau
Ngaahi fakatokanga fakatuʻutāmaki moʻui (CT log eseesega, DNS suiga, threat intel ngaahi lisi). ʻOku maʻu pē ʻi he palani Unlimited; ko e ngaahi palani Hobby mo Pro ʻoku nau toe fakafoki mai ha lisi maha. Args: domain_id?, active_only?, limit?: 1..200.
get_alertlau
Single alert with full payload (DNS diff, new certs, listing detail). Args: alert_id (uuid).
dismiss_alerttohi · idempotent
Mark an alert dismissed. Idempotent — re-dismissing is a no-op. Args: alert_id (uuid).

Ngaahi resources

Resources 'oku allow ho'o client ke attach FixWeb data into the conversation directly, instead of the agent re-fetching it on every turn. In Claude Desktop, click the @ menu → fixweb.

fixweb://scan/{scan_id}/reportjson
Full FixWeb scan report 'oku kau ai e check kotoa mo e finding kotoa.
fixweb://finding/{finding_id}json
Finding 'e taha (severity, title, description, evidence, remediation, CWE).

Ngaahi slash commands

/fixweb-fixprompt
Renders a templated remediation prompt for a finding. Detects the codebase framework from the scan's tech-fingerprint and injects framework-specific advice when available; falls back to a generic recipe otherwise. Args: finding_id (uuid). No Claude API call — templated server-side.

→ Quotas, RLS, and severity gating apply identically to MCP and REST calls.

Seva MCP — Docs · FixWeb