// docs / mcp

MCP server

So FixWeb mọ Claude Desktop, Cursor, tàbí client eyikeyi tó ń sọ Model Context Protocol. AI agent rẹ gba access tí a ti typed sí scans rẹ, findings rẹ, àti prompts ìtúnṣe template kan náà tó ń ṣiṣẹ́ fún bọ́tìnì Copy fix prompt lórí dashboard.

Dá API token sílẹ̀

Ṣàbẹ̀wò sí /account/api-tokens kí o dá token kan tí a pè ní, fún àpẹẹrẹ, claude-desktop. Daakọ plaintext value náà — ó hàn lẹ́ẹ̀kan.

Tokens jẹ́ bearer credentials: ẹnikẹ́ni tó ní string náà lè ka scans rẹ kí ó sì bẹ̀rẹ̀ tuntun. Fi pamọ́ bí password.

Darí MCP client rẹ sí /api/mcp

Claude Desktop / Cursor / Continue / Zed:

{
  "mcpServers": {
    "fixweb": {
      "transport": "streamable-http",
      "url": "https://fixweb.app/api/mcp",
      "headers": {
        "Authorization": "Bearer fxw_YOUR_TOKEN_HERE"
      }
    }
  }
}

Tun client náà bẹ̀rẹ̀. Server fixweb yẹ kí ó hàn nínú àtòjọ MCP server rẹ.

Dán an wò

Béèrè lọ́wọ́ agent rẹ àwọn nkan bí:

“Ṣe àtòjọ àwọn scan FixWeb 10 mi tó kẹ́yìn.”
“Fi findings critical lórí scan tuntun jù lọ hàn mí.”
“Bẹ̀rẹ̀ passive scan sí https://staging.example.com.”
“Fún finding high-severity kọ̀ọ̀kan lórí scan X, kọ fix kan.”
“Ṣé open live-threat alerts wà lórí domains mi?”
Tẹ /fixweb-fix pẹ̀lú finding id láti ju prompt ìtúnṣe template sínú chat taara.

Tools

list_scanskà: Ó dá scans tó ṣẹ̀ṣẹ̀ ṣẹlẹ̀ tó 100 padà pẹ̀lú status + iye findings. Args: limit?: 1..100.
get_scankà: Scan envelope + severity summary fún category kọ̀ọ̀kan ní default. Ṣètò include_findings=true fún full report (ó tóbi fún scans aláriwo — fẹ́ list_findings + filters). Args: scan_id (uuid), include_findings?: boolean.
list_findingskà: Findings paginated kọjá gbogbo scans rẹ. Args: severity?: list, check_id?, since? (ISO 8601), limit?: 1..200.
start_scankọ: Enqueues a passive scan. Returns an id with status queued; poll get_scan to await completion. Owner-depth mode is gated behind on-site attestation and not exposed via MCP. Args: target (URL or hostname).
list_alertskà: Awọn iwifunni irokeke laaye (awọn iyatọ CT log, awọn iyipada DNS, awọn akojọ threat intel). Wa nikan lori eto Unlimited; awọn eto Hobby ati Pro da akojọ ofifo pada. Args: domain_id?, active_only?, limit?: 1..200.
get_alertkà: Alert kan ṣoṣo pẹ̀lú full payload (DNS diff, new certs, listing detail). Args: alert_id (uuid).
dismiss_alertkọ · idempotent: Samisi alert kan gẹ́gẹ́ bí dismissed. Idempotent — dismiss lẹ́ẹ̀kansi jẹ́ no-op. Args: alert_id (uuid).

Resources

Resources jẹ́ kí client rẹ so data FixWeb mọ ìjíròrò taara, dípò kí agent tún fetch rẹ ní gbogbo turn. Nínú Claude Desktop, tẹ menu @ → fixweb.

fixweb://scan/{scan_id}/reportjson: Full FixWeb scan report pẹ̀lú gbogbo check àti gbogbo finding.
fixweb://finding/{finding_id}json: Finding kan ṣoṣo (severity, title, description, evidence, remediation, CWE).

Slash commands

/fixweb-fixprompt: Ó render prompt ìtúnṣe template fún finding kan. Ó rí framework codebase láti tech-fingerprint scan, ó sì inject ìmọ̀ràn pàtó sí framework nígbà tí ó bá wà; bí bẹ́ẹ̀ kọ́, ó fallback sí recipe gbogbogbo. Args: finding_id (uuid). Kò sí Claude API call — template ni server-side.

→ Quotas, RLS, àti severity gating ń ṣiṣẹ́ bákan náà fún MCP àti calls REST.