feat: add MCP server for exposing compliance data to LLMs (#5)

New `compliance-mcp` crate providing a Model Context Protocol server with 7 tools: list/get/summarize findings, list SBOM packages, SBOM vulnerability report, list DAST findings, and DAST scan summary. Supports stdio (local dev) and Streamable HTTP (deployment via MCP_PORT). Includes Dockerfile, CI clippy check, and Coolify deploy job. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com> Reviewed-on: #5
2026-03-09 08:21:04 +00:00
parent d13cef94cb
commit 32e5fc21e7
28 changed files with 1847 additions and 224 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -70,6 +70,8 @@ jobs:
        run: cargo clippy -p compliance-dashboard --features server --no-default-features -- -D warnings
      - name: Clippy (dashboard web)
        run: cargo clippy -p compliance-dashboard --features web --no-default-features -- -D warnings
+      - name: Clippy (mcp)
+        run: cargo clippy -p compliance-mcp -- -D warnings
      - name: Show sccache stats
        run: sccache --show-stats
        if: always()
@@ -140,6 +142,7 @@ jobs:
      agent: ${{ steps.changes.outputs.agent }}
      dashboard: ${{ steps.changes.outputs.dashboard }}
      docs: ${{ steps.changes.outputs.docs }}
+      mcp: ${{ steps.changes.outputs.mcp }}
    steps:
      - name: Install git
        run: apk add --no-cache git
@@ -177,6 +180,13 @@ jobs:
            echo "docs=false" >> "$GITHUB_OUTPUT"
          fi

+          # MCP: core libs, mcp code, mcp Dockerfile
+          if echo "$CHANGED" | grep -qE '^(compliance-core/|compliance-mcp/|Dockerfile\.mcp|Cargo\.(toml|lock))'; then
+            echo "mcp=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "mcp=false" >> "$GITHUB_OUTPUT"
+          fi
+
  deploy-agent:
    name: Deploy Agent
    runs-on: docker
@@ -218,3 +228,17 @@ jobs:
          apk add --no-cache curl
          curl -sf "${{ secrets.COOLIFY_WEBHOOK_DOCS }}" \
            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
+
+  deploy-mcp:
+    name: Deploy MCP
+    runs-on: docker
+    needs: [detect-changes]
+    if: needs.detect-changes.outputs.mcp == 'true'
+    container:
+      image: alpine:latest
+    steps:
+      - name: Trigger Coolify deploy
+        run: |
+          apk add --no-cache curl
+          curl -sf "${{ secrets.COOLIFY_WEBHOOK_MCP }}" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"