feat: add MCP server for exposing compliance data to LLMs (#5)

New `compliance-mcp` crate providing a Model Context Protocol server with 7 tools: list/get/summarize findings, list SBOM packages, SBOM vulnerability report, list DAST findings, and DAST scan summary. Supports stdio (local dev) and Streamable HTTP (deployment via MCP_PORT). Includes Dockerfile, CI clippy check, and Coolify deploy job. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com> Reviewed-on: #5
2026-03-09 08:21:04 +00:00
parent d13cef94cb
commit 32e5fc21e7
28 changed files with 1847 additions and 224 deletions
--- a/compliance-core/src/models/mcp.rs
+++ b/compliance-core/src/models/mcp.rs
@@ -0,0 +1,67 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+
+/// Transport mode for MCP server
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+pub enum McpTransport {
+    Stdio,
+    Http,
+}
+
+impl std::fmt::Display for McpTransport {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Self::Stdio => write!(f, "stdio"),
+            Self::Http => write!(f, "http"),
+        }
+    }
+}
+
+/// Status of a running MCP server
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+pub enum McpServerStatus {
+    Running,
+    Stopped,
+    Error,
+}
+
+impl std::fmt::Display for McpServerStatus {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Self::Running => write!(f, "running"),
+            Self::Stopped => write!(f, "stopped"),
+            Self::Error => write!(f, "error"),
+        }
+    }
+}
+
+/// Configuration for a registered MCP server instance
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct McpServerConfig {
+    #[serde(rename = "_id", skip_serializing_if = "Option::is_none")]
+    pub id: Option<bson::oid::ObjectId>,
+    /// Display name for this MCP server
+    pub name: String,
+    /// Endpoint URL (e.g. https://mcp.example.com/mcp)
+    pub endpoint_url: String,
+    /// Transport type
+    pub transport: McpTransport,
+    /// Port number (for HTTP transport)
+    pub port: Option<u16>,
+    /// Current status
+    pub status: McpServerStatus,
+    /// Bearer access token for authentication
+    pub access_token: String,
+    /// Which tools are enabled on this server
+    pub tools_enabled: Vec<String>,
+    /// Optional description / notes
+    pub description: Option<String>,
+    /// MongoDB URI this server connects to
+    pub mongodb_uri: Option<String>,
+    /// Database name
+    pub mongodb_database: Option<String>,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+}
--- a/compliance-core/src/models/mod.rs
+++ b/compliance-core/src/models/mod.rs
@@ -6,6 +6,7 @@ pub mod embedding;
 pub mod finding;
 pub mod graph;
 pub mod issue;
+pub mod mcp;
 pub mod repository;
 pub mod sbom;
 pub mod scan;
@@ -23,6 +24,7 @@ pub use graph::{
    CodeEdge, CodeEdgeKind, CodeNode, CodeNodeKind, GraphBuildRun, GraphBuildStatus, ImpactAnalysis,
 };
 pub use issue::{IssueStatus, TrackerIssue, TrackerType};
+pub use mcp::{McpServerConfig, McpServerStatus, McpTransport};
 pub use repository::{ScanTrigger, TrackedRepository};
 pub use sbom::{SbomEntry, VulnRef};
 pub use scan::{ScanPhase, ScanRun, ScanRunStatus, ScanType};