Ultra MCP

Instructions

Implementation Reference

• src/handlers/ai-tools.ts:1023-1197 (handler)

  The core handler function `handleSecaudit` in AIToolHandlers class that executes the secaudit tool. It selects an AI provider, constructs detailed system prompts for security auditing (OWASP, compliance, etc.), generates AI response, parses it into structured findings with severity ratings, and returns a comprehensive audit report.
  async handleSecaudit(params: z.infer<typeof SecauditSchema>) { const providerName = params.provider || (await this.providerManager.getPreferredProvider(['openai', 'gemini', 'azure'])); const provider = await this.providerManager.getProvider(providerName); // Build focus-specific system prompt const focusPrompts = { owasp: "Focus on OWASP Top 10 vulnerabilities: injection attacks, broken authentication, sensitive data exposure, XXE, broken access control, security misconfigurations, XSS, insecure deserialization, known vulnerabilities, and insufficient logging.", compliance: "Focus on compliance requirements and regulatory standards. Assess controls, data protection measures, audit trails, and regulatory adherence.", infrastructure: "Focus on infrastructure security, deployment configurations, network security, container security, cloud security settings, and operational security.", dependencies: "Focus on third-party dependencies, library vulnerabilities, supply chain security, outdated packages, and dependency management.", comprehensive: "Provide comprehensive security audit covering OWASP Top 10, authentication/authorization, input validation, cryptography, configuration security, dependency analysis, and compliance considerations.", }; // Build threat level context const threatLevelContext = { low: "Low-risk internal application with limited sensitive data access", medium: "Business application with customer data and moderate security requirements", high: "High-risk application handling sensitive data, financial information, or regulated industry requirements", critical: "Critical application with payment processing, healthcare data, or other highly sensitive information" }; const systemPrompt = `You are an expert security auditor specializing in comprehensive security assessment and vulnerability identification. Your role is to conduct thorough security audits following industry best practices and security frameworks. SECURITY AUDIT FOCUS: ${focusPrompts[params.focus]} THREAT LEVEL: ${threatLevelContext[params.threatLevel]} ${params.securityScope ? `APPLICATION CONTEXT: ${params.securityScope}` : ""} ${params.complianceRequirements && params.complianceRequirements.length > 0 ? `COMPLIANCE REQUIREMENTS: ${params.complianceRequirements.join(", ")}` : ""} AUDIT METHODOLOGY: 1. **Attack Surface Analysis**: Identify entry points, user inputs, and potential attack vectors 2. **Authentication & Authorization**: Review identity management, session handling, and access controls 3. **Input Validation & Output Encoding**: Check for injection vulnerabilities and XSS prevention 4. **Data Protection**: Analyze encryption, sensitive data handling, and privacy protection 5. **Configuration Security**: Review security configurations, default settings, and hardening 6. **Dependency Security**: Assess third-party libraries and supply chain security 7. **Error Handling & Logging**: Evaluate information disclosure and monitoring capabilities 8. **Business Logic Security**: Review workflow security and authorization bypass opportunities VULNERABILITY ASSESSMENT: - **Critical**: Immediate security risk requiring urgent remediation - **High**: Significant security vulnerability that should be fixed promptly - **Medium**: Moderate security concern that should be addressed - **Low**: Minor security improvement or hardening opportunity RESPONSE FORMAT: Provide a structured security audit report including: - **Executive Summary**: Overall security posture and key findings - **Critical Vulnerabilities**: Immediate security risks with specific remediation steps - **Security Findings**: Organized by severity with detailed descriptions and locations - **Compliance Assessment**: Gaps relative to specified compliance requirements - **Recommendations**: Prioritized security improvements with implementation guidance - **Security Score**: Overall security rating and risk assessment`; // Build the audit prompt let prompt = `Security Audit Task: ${params.task}`; // Add file context if provided if (params.files && params.files.length > 0) { prompt += `\n\nFiles to audit: ${params.files.join(", ")}`; } else { prompt += `\n\nPlease conduct comprehensive security analysis of all relevant application files.`; } prompt += `\n\nAudit focus: ${params.focus} Threat level: ${params.threatLevel} Minimum severity to report: ${params.severity}`; if (params.securityScope) { prompt += `\nApplication context: ${params.securityScope}`; } if (params.complianceRequirements && params.complianceRequirements.length > 0) { prompt += `\nCompliance requirements: ${params.complianceRequirements.join(", ")}`; } prompt += `\n\nPlease provide a comprehensive security audit with specific findings, vulnerability assessments, and actionable recommendations for improving the security posture.`; try { const response = await provider.generateText({ prompt, systemPrompt, temperature: 0.3, // Lower temperature for consistent security analysis reasoningEffort: (providerName === "openai" || providerName === "azure" || providerName === "grok") ? "high" : undefined, useSearchGrounding: providerName === "gemini", // Enable search for latest security intelligence toolName: 'secaudit', }); // Build structured response const audit = { task: params.task, focus: params.focus, threat_level: params.threatLevel, security_scope: params.securityScope, compliance_requirements: params.complianceRequirements || [], severity_filter: params.severity, files_audited: params.files || "comprehensive analysis", audit_report: response.text, provider_used: providerName, model_used: response.model, }; // Parse audit report to extract security findings (simplified extraction) const reportText = response.text.toLowerCase(); const hasCriticalVulns = reportText.includes("critical") || reportText.includes("urgent") || reportText.includes("immediate risk"); const hasHighVulns = reportText.includes("high") || reportText.includes("significant") || reportText.includes("major vulnerability"); const hasMediumVulns = reportText.includes("medium") || reportText.includes("moderate") || reportText.includes("should be addressed"); const hasLowVulns = reportText.includes("low") || reportText.includes("minor") || reportText.includes("improvement"); let securityRating = "excellent"; if (hasCriticalVulns) { securityRating = "critical"; } else if (hasHighVulns) { securityRating = "poor"; } else if (hasMediumVulns) { securityRating = "fair"; } else if (hasLowVulns) { securityRating = "good"; } const result = { audit, security_rating: securityRating, has_critical_vulnerabilities: hasCriticalVulns, has_high_vulnerabilities: hasHighVulns, has_medium_vulnerabilities: hasMediumVulns, has_low_vulnerabilities: hasLowVulns, security_recommendation: hasCriticalVulns ? "URGENT: Critical security vulnerabilities found. Immediate remediation required." : hasHighVulns ? "HIGH PRIORITY: Significant security issues found. Prompt remediation recommended." : hasMediumVulns ? "MODERATE PRIORITY: Security improvements needed. Plan remediation in next sprint." : hasLowVulns ? "LOW PRIORITY: Minor security enhancements identified for future improvement." : "Security audit complete. No significant vulnerabilities identified.", remediation_priority: hasCriticalVulns ? "immediate" : hasHighVulns ? "high" : hasMediumVulns ? "medium" : "low", }; return { content: [ { type: "text", text: JSON.stringify(result, null, 2), }, ], metadata: { toolName: "secaudit", focus: params.focus, securityRating: securityRating, threatLevel: params.threatLevel, provider: providerName, model: response.model, severity: params.severity, usage: response.usage, ...response.metadata, }, }; } catch (error) { return { content: [ { type: "text", text: JSON.stringify({ error: "Security audit failed", message: error instanceof Error ? error.message : "Unknown error", task: params.task, focus: params.focus, }, null, 2), }, ], isError: true, }; } }
• src/server.ts:375-382 (registration)

  Registration of the 'secaudit' tool in the MCP server using server.registerTool, specifying title, description, input schema, and handler that delegates to aiHandlers.handleSecaudit.
  server.registerTool("secaudit", { title: "Security Audit", description: "Security audit for code and configurations", inputSchema: SecauditSchema.shape, }, async (args) => { const aiHandlers = await getHandlers(); return await aiHandlers.handleSecaudit(args); });
• src/server.ts:108-117 (schema)

  Zod schema definition SecauditSchema used for input validation of the secaudit tool, defining parameters like task, files, focus (owasp, compliance, etc.), threatLevel, severity, provider.
  const SecauditSchema = z.object({ task: z.string().describe("What to audit for security (e.g., 'comprehensive security audit', 'OWASP Top 10 review', 'authentication security analysis')"), files: z.array(z.string()).optional().describe("Specific files to audit (optional - will analyze all relevant security files)"), focus: z.enum(["owasp", "compliance", "infrastructure", "dependencies", "comprehensive"]).default("comprehensive").describe("Security audit focus area"), threatLevel: z.enum(["low", "medium", "high", "critical"]).default("medium").describe("Threat level assessment based on application context"), complianceRequirements: z.array(z.string()).optional().describe("Compliance frameworks to check (e.g., SOC2, PCI DSS, HIPAA, GDPR)"), securityScope: z.string().optional().describe("Application context (web app, mobile app, API, enterprise system)"), severity: z.enum(["critical", "high", "medium", "low", "all"]).default("all").describe("Minimum severity level to report"), provider: z.enum(["openai", "gemini", "azure", "grok"]).optional().default("gemini").describe("AI provider to use"), });