use rmcp::{ handler::server::wrapper::Parameters, model::*, tool, tool_handler, tool_router, ServerHandler, }; use crate::database::Database; use crate::tools::{dast, findings, sbom}; pub struct ComplianceMcpServer { db: Database, #[allow(dead_code)] tool_router: rmcp::handler::server::router::tool::ToolRouter, } #[tool_router] impl ComplianceMcpServer { pub fn new(db: Database) -> Self { Self { db, tool_router: Self::tool_router(), } } // ── Findings ────────────────────────────────────────── #[tool( description = "List security findings with optional filters for repo, severity, status, and scan type" )] async fn list_findings( &self, Parameters(params): Parameters, ) -> Result { findings::list_findings(&self.db, params).await } #[tool(description = "Get a single finding by its ID")] async fn get_finding( &self, Parameters(params): Parameters, ) -> Result { findings::get_finding(&self.db, params).await } #[tool(description = "Get a summary of findings counts grouped by severity and status")] async fn findings_summary( &self, Parameters(params): Parameters, ) -> Result { findings::findings_summary(&self.db, params).await } // ── SBOM ────────────────────────────────────────────── #[tool( description = "List SBOM packages with optional filters for repo, vulnerabilities, package manager, and license" )] async fn list_sbom_packages( &self, Parameters(params): Parameters, ) -> Result { sbom::list_sbom_packages(&self.db, params).await } #[tool( description = "Generate a vulnerability report for a repository showing all packages with known CVEs" )] async fn sbom_vuln_report( &self, Parameters(params): Parameters, ) -> Result { sbom::sbom_vuln_report(&self.db, params).await } // ── DAST ────────────────────────────────────────────── #[tool( description = "List DAST findings with optional filters for target, scan run, severity, exploitability, and vulnerability type" )] async fn list_dast_findings( &self, Parameters(params): Parameters, ) -> Result { dast::list_dast_findings(&self.db, params).await } #[tool(description = "Get a summary of recent DAST scan runs and finding counts")] async fn dast_scan_summary( &self, Parameters(params): Parameters, ) -> Result { dast::dast_scan_summary(&self.db, params).await } } #[tool_handler] impl ServerHandler for ComplianceMcpServer { fn get_info(&self) -> ServerInfo { ServerInfo { protocol_version: ProtocolVersion::V_2024_11_05, capabilities: ServerCapabilities::builder() .enable_tools() .build(), server_info: Implementation::from_build_env(), instructions: Some( "Compliance Scanner MCP server. Query security findings, SBOM data, and DAST results." .to_string(), ), } } }