Skip to content

feat(web-security): add SecurityContext MCP server#69

Merged
GangGreenTemperTatum merged 1 commit into
mainfrom
ads/add-securitycontext-mcp
Jul 6, 2026
Merged

feat(web-security): add SecurityContext MCP server#69
GangGreenTemperTatum merged 1 commit into
mainfrom
ads/add-securitycontext-mcp

Conversation

@GangGreenTemperTatum

Copy link
Copy Markdown
Contributor

Summary

Adds the SecurityContext MCP server to the web-security capability. SecurityContext mines a repo's commit history and disclosed CVEs to produce a hunting brief, top risks, and ranked variant leads — the context an agent needs before auditing a codebase.

What changed

  • mcp/securitycontext.py — Stdio proxy that handles the Streamable HTTP handshake with securitycontext.dev/mcp and exposes three tools:
    • get_security_context — hunting brief, top risks, variant lead preview
    • create_security_context — build/refresh context for a repo
    • get_vulnerability_leads — full ranked lead backlog with severity/limit filters
  • capability.yaml — New securitycontext MCP server entry (stdio, same pattern as all others). Supports optional SECURITYCONTEXT_API_KEY env var for Neo/private repos.

Why a stdio proxy?

The remote server uses Streamable HTTP transport. The Dreadnode runtime's streamable-http client and SecurityContext disagree on content-type negotiation (application/json vs text/event-stream on initialize). The stdio proxy sidesteps this cleanly and matches the pattern of every other working MCP server in the capability.

Testing

Verified end-to-end in the TUI:

  • /reloadsecuritycontext ✓ connected · stdio · 3 tools
  • get_security_context("vercel/next.js") returns full context (73 fixed issues, 51 CVEs, 1072 variant leads)

Add stdio proxy for the SecurityContext remote MCP service
(https://securitycontext.dev/mcp) which provides repo-level
vulnerability context mined from commit history and CVEs.

Tools exposed:
- get_security_context: hunting brief, top risks, variant leads
- create_security_context: build/refresh context for a repo
- get_vulnerability_leads: ranked lead backlog with severity filter

The proxy handles the Streamable HTTP handshake internally and
exposes tools over stdio, matching the pattern of all other MCP
servers in the capability.
@GangGreenTemperTatum GangGreenTemperTatum merged commit 0bbfd3d into main Jul 6, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant