MCP Cloud Services Server

Instructions

Implementation Reference

• src/tools/security.ts:92-124 (handler)

  Core handler logic for the 'scan_security_issues' tool. Generates mock security findings based on provider and optional resourceId, then formats the output.
  case 'scan_security_issues': { const resourceId = params.resourceId as string | undefined; // Simplified security scanning const findings: SecurityFinding[] = [ { id: '1', severity: 'medium', title: 'Public S3 Bucket Detected', description: 'Some S3 buckets may be publicly accessible', resourceId: resourceId || 'all', resourceType: 'storage', provider, recommendation: 'Review bucket policies and ensure proper access controls', detectedAt: new Date(), category: 'access-control', }, { id: '2', severity: 'high', title: 'Unencrypted Storage', description: 'Storage resources without encryption detected', resourceId: resourceId || 'all', resourceType: 'storage', provider, recommendation: 'Enable encryption at rest for all storage resources', detectedAt: new Date(), category: 'encryption', }, ]; return Formatters.formatSecurityFindings(findings); }
• src/tools/security.ts:6-24 (schema)

  Tool schema definition including name, description, and inputSchema for validation.
  { name: 'scan_security_issues', description: 'Scan cloud resources for security issues', inputSchema: { type: 'object', properties: { provider: { type: 'string', enum: ['aws', 'azure', 'gcp'], description: 'Cloud provider', }, resourceId: { type: 'string', description: 'Specific resource ID to scan (optional)', }, }, required: ['provider'], }, },
• src/server.ts:19-27 (registration)

  Registration of securityTools (containing scan_security_issues) into the combined allTools list used for tool listing.
  const allTools = [ ...awsTools, ...azureTools, ...gcpTools, ...resourceManagementTools, ...costAnalysisTools, ...monitoringTools, ...securityTools, ];
• src/server.ts:76-78 (registration)

  Dispatch registration: routes calls to tools in securityTools (including scan_security_issues) to the handleSecurityTool function.
  } else if (securityTools.some((t) => t.name === name)) { result = await handleSecurityTool(name, args || {}); } else {
• src/utils/formatters.ts:43-84 (helper)

  Helper function used by the handler to format security findings into a markdown report.
  static formatSecurityFindings(findings: SecurityFinding[]): string { let output = `# Security Findings\n\n`; output += `**Total Findings:** ${findings.length}\n\n`; const bySeverity = { critical: findings.filter((f) => f.severity === 'critical'), high: findings.filter((f) => f.severity === 'high'), medium: findings.filter((f) => f.severity === 'medium'), low: findings.filter((f) => f.severity === 'low'), }; output += `- Critical: ${bySeverity.critical.length}\n`; output += `- High: ${bySeverity.high.length}\n`; output += `- Medium: ${bySeverity.medium.length}\n`; output += `- Low: ${bySeverity.low.length}\n\n`; if (findings.length > 0) { output += '## Findings\n\n'; for (const finding of findings.slice(0, 20)) { const severityIcon = { critical: '🔴', high: '🟠', medium: '🟡', low: '🟢', }[finding.severity]; output += `### ${severityIcon} ${finding.title}\n\n`; output += `- **Severity:** ${finding.severity}\n`; output += `- **Provider:** ${finding.provider.toUpperCase()}\n`; output += `- **Resource:** ${finding.resourceId}\n`; output += `- **Type:** ${finding.resourceType}\n`; output += `- **Description:** ${finding.description}\n`; output += `- **Recommendation:** ${finding.recommendation}\n`; output += `- **Detected:** ${finding.detectedAt.toISOString()}\n\n`; } if (findings.length > 20) { output += `\n... and ${findings.length - 20} more findings\n`; } } return output; }