FixWeb

// docs / mcp

MCP server

FixWeb’ni Claude Desktop, Cursor yoki Model Context Protocol gapiradigan istalgan clientga ulang. AI agent skanlaringiz, findings va dashboard’dagi Copy fix prompt tugmasini quvvatlaydigan o‘sha templated fix promptlarga typed access oladi.

01

API token yarating

/account/api-tokens ga kiring va masalan claude-desktop nomli token yarating. Plaintext value’ni ko‘chiring — u bir marta ko‘rsatiladi.

Tokens bearer credentials: string kimda bo‘lsa, scans o‘qishi va new ones start qilishi mumkin. Password kabi saqlang.

02

MCP clientni /api/mcp ga yo‘naltiring

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Client’ni restart qiling. fixweb server uning MCP server list’ida ko‘rinishi kerak.

03

Sinab ko‘ring

Agentingizdan shunday narsalarni so‘rang:

  • “Oxirgi 10 ta FixWeb scan’imni ko‘rsat.”
  • “Eng so‘nggi scan’dagi critical findings’ni ko‘rsat.”
  • https://staging.example.com ga passive scan boshlang.”
  • “Scan X’dagi har high-severity finding uchun fix yoz.”
  • “Domenlarimda open live-threat alerts bormi?”
  • Templated remediation prompt’ni to‘g‘ridan-to‘g‘ri chat’ga drop qilish uchun finding id bilan /fixweb-fix yozing.

Tools

list_scansread
Status + finding counts bilan eng so‘nggi 100 scan’gacha qaytaradi. Args: limit?: 1..100.
get_scanread
Default’da scan envelope + per-category severity summary. Full report uchun include_findings=true qo‘ying (noisy scans uchun large — list_findings + filters prefer). Args: scan_id (uuid), include_findings?: boolean.
list_findingsread
Barcha scanlaringiz bo‘yicha paginated findings. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scanwrite
Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertsread
Jonli tahdid xabarnomalari (CT log farqlari, DNS o'zgarishlari, threat intel ro'yxatlari). Faqat Unlimited rejasida mavjud; Hobby va Pro rejalari bo'sh ro'yxat qaytaradi. Args: domain_id?, active_only?, limit?: 1..200.
get_alertread
Full payload bilan single alert (DNS diff, new certs, listing detail). Args: alert_id (uuid).
dismiss_alertwrite · idempotent
Alert’ni dismissed deb belgilang. Idempotent — qayta dismiss qilish no-op. Args: alert_id (uuid).

Resources

Resources client’ga FixWeb data’ni conversation’ga direct attach qilishga imkon beradi, agent har turn’da re-fetch qilmasligi uchun. Claude Desktop’da @ menu → fixweb bosing.

fixweb://scan/{scan_id}/reportjson
Har bir check va har bir finding kirgan to‘liq FixWeb scan report.
fixweb://finding/{finding_id}json
Single finding (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt
Finding uchun templated remediation prompt render qiladi. Scan tech-fingerprint’dan codebase framework detect qiladi va available bo‘lsa framework-specific advice inject qiladi; aks holda generic recipe’ga falls back. Args: finding_id (uuid). Claude API call yo‘q — templated server-side.

→ Quotas, RLS va severity gating MCP hamda REST calls uchun bir xil qo‘llanadi.

MCP server — Docs · FixWeb