Add MCP server command for poutine analysis tools #314
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,133 @@ | ||
| package cmd | ||
|
|
||
| import ( | ||
| "context" | ||
| "encoding/json" | ||
| "regexp" | ||
| "strconv" | ||
|
|
||
| "github.com/mark3labs/mcp-go/mcp" | ||
| "github.com/mark3labs/mcp-go/server" | ||
| "github.com/spf13/cobra" | ||
| "github.com/spf13/viper" | ||
| ) | ||
|
|
||
| var serveMcpCmd = &cobra.Command{ | ||
| Use: "serve-mcp", | ||
| Short: "Starts the poutine MCP server", | ||
| Long: `Starts the poutine MCP server. | ||
| Example to start the MCP server: poutine serve-mcp --token "$GH_TOKEN"`, | ||
| RunE: func(cmd *cobra.Command, args []string) error { | ||
| Token = viper.GetString("token") | ||
| ctx := cmd.Context() | ||
| s := server.NewMCPServer("poutine", Version) | ||
| analyzer, err := GetAnalyzer(ctx, "") | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| analyzeRepoTool := mcp.NewTool( | ||
| "analyze_repo", | ||
| mcp.WithDescription("Analyzes a remote repository for supply chain vulnerabilities."), | ||
| mcp.WithString("github_repo", mcp.Required(), mcp.Description("The slug of the GitHub repository to analyze (i.e. org/repo).")), | ||
| mcp.WithString("ref", mcp.Description("Defaults to 'HEAD'")), | ||
| ) | ||
|
|
||
| s.AddTool(analyzeRepoTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) { | ||
| repo, err := request.RequireString("github_repo") | ||
| if err != nil { | ||
| return mcp.NewToolResultError(err.Error()), nil | ||
| } | ||
|
|
||
| ref := request.GetString("ref", "HEAD") | ||
|
|
||
| packageInsights, err := analyzer.AnalyzeRepo(ctx, repo, ref) | ||
| if err != nil { | ||
| return mcp.NewToolResultError(err.Error()), nil | ||
| } | ||
| jsonData, err := json.Marshal(packageInsights) | ||
| if err != nil { | ||
| return mcp.NewToolResultError("Failed to marshal result to JSON: " + err.Error()), nil | ||
| } | ||
| return mcp.NewToolResultText(string(jsonData)), nil | ||
| }) | ||
|
|
||
| analyzeOrgTool := mcp.NewTool( | ||
| "analyze_org", | ||
| mcp.WithDescription("Analyzes all repositories in an organization."), | ||
| mcp.WithString("github_org", mcp.Required(), mcp.Description("The slug of the GitHub organization to analyze.")), | ||
| mcp.WithString("threads", mcp.Description("Number of concurrent analyzers to run. Defaults to 4.")), // Define as string | ||
|
There was a problem hiding this comment. Why string can just use an integer? |
||
| ) | ||
|
|
||
| s.AddTool(analyzeOrgTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) { | ||
| org, err := request.RequireString("github_org") | ||
| if err != nil { | ||
| return mcp.NewToolResultError(err.Error()), nil | ||
| } | ||
|
|
||
| threadsStr := request.GetString("threads", "4") | ||
| threads, err := strconv.Atoi(threadsStr) | ||
| if err != nil { | ||
| return mcp.NewToolResultError("Invalid format for threads: must be an integer."), nil | ||
| } | ||
| threadsPtr := &threads | ||
|
|
||
| packageInsightsSlice, err := analyzer.AnalyzeOrg(ctx, org, threadsPtr) | ||
| if err != nil { | ||
| return mcp.NewToolResultError(err.Error()), nil | ||
| } | ||
|
|
||
| jsonResult, err := json.Marshal(packageInsightsSlice) | ||
| if err != nil { | ||
| return mcp.NewToolResultError("Failed to marshal result to JSON: " + err.Error()), nil | ||
| } | ||
| return mcp.NewToolResultText(string(jsonResult)), nil | ||
| }) | ||
|
|
||
| analyzeRepoStaleBranchesTool := mcp.NewTool( | ||
| "analyze_repo_stale_branches", | ||
| mcp.WithDescription("Analyzes a remote repository for stale branches."), | ||
| mcp.WithString("github_repo", mcp.Required(), mcp.Description("The slug of the GitHub repository to analyze (i.e. org/repo).")), // Corrected parameter name | ||
| mcp.WithString("regex", mcp.Description("Regex to match stale branches. Defaults to an empty string, matching all branches.")), | ||
| ) | ||
|
|
||
| s.AddTool(analyzeRepoStaleBranchesTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) { | ||
| repo, err := request.RequireString("github_repo") | ||
| if err != nil { | ||
| return mcp.NewToolResultError(err.Error()), nil | ||
| } | ||
|
|
||
| regexStr := request.GetString("regex", "") | ||
|
|
||
| var compiledRegex *regexp.Regexp | ||
| var errRegex error | ||
| if regexStr != "" { | ||
| compiledRegex, errRegex = regexp.Compile(regexStr) | ||
| if errRegex != nil { | ||
| return mcp.NewToolResultError("Invalid regex: " + errRegex.Error()), nil | ||
| } | ||
| } | ||
|
|
||
| packageInsights, err := analyzer.AnalyzeStaleBranches(ctx, repo, nil, nil, compiledRegex) | ||
| if err != nil { | ||
| return mcp.NewToolResultError(err.Error()), nil | ||
| } | ||
| jsonData, err := json.Marshal(packageInsights) | ||
| if err != nil { | ||
| return mcp.NewToolResultError("Failed to marshal result to JSON: " + err.Error()), nil | ||
| } | ||
| return mcp.NewToolResultText(string(jsonData)), nil | ||
| }) | ||
|
|
||
| return server.ServeStdio(s) | ||
| }, | ||
| } | ||
|
|
||
| func init() { | ||
| RootCmd.AddCommand(serveMcpCmd) | ||
|
|
||
| serveMcpCmd.Flags().StringVarP(&Token, "token", "t", "", "SCM access token (env: GH_TOKEN)") | ||
|
|
||
| viper.BindPFlag("token", serveMcpCmd.Flags().Lookup("token")) | ||
| viper.BindEnv("token", "GH_TOKEN") | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fproulx-boostsecurity yeah initializing poutine this way won't work properly because it looks for vars already assigned in the root cmd to set scm params and stuff, to make it not be hardcoded to just Github we will have to bring all those root params here and have them exposed in the mcp server