Server Configuration
Describes the environment variables required to run the server.
Name | Required | Description | Default |
---|---|---|---|
No arguments |
Schema
Prompts
Interactive templates invoked by user choice
Name | Description |
---|---|
No prompts |
Resources
Contextual data attached and managed by the client
Name | Description |
---|---|
No resources |
Tools
Functions exposed to the LLM to take actions
Name | Description |
---|---|
fetch_graphql_docs | Copy Fetch GraphQL documentation for a given API element within the H3 GraphQL schema.
This tool provides documentation about GraphQL types, queries, mutations, fields, and enums.
Use it to explore the H3 GraphQL API and understand available queries and their parameters.
Args:
id (str): The API element ID to fetch documentation for. This can be:
- A type name (e.g., "Query", "Mutation", "Weakness")
- A field path (e.g., "Query.pentests_page", "Mutation.run_pentest")
- An enum type (e.g., "AuthzRole", "PortalOpState")
- An enum value (e.g., "AuthzRole.ORG_ADMIN", "PortalOpState.running")
Returns:
Dict with command output and status. The output field contains the
documentation from the GraphQL server. The GraphQL type of the result
is GQLAPIDoc.
Examples:
To explore all available queries:
fetch_graphql_docs("Query")
To get details about a specific query:
fetch_graphql_docs("Query.pentests_page")
To learn about a specific type:
fetch_graphql_docs("Weakness")
To explore available enum values:
fetch_graphql_docs("PortalOpState")
Tips:
1. Start with "Query" or "Mutation" to discover available operations
2. When you find a query of interest, get its detailed docs using "Query.<query_name>"
3. For any type mentioned in responses, get its details using the type name directly |
run_graphql_request | Copy Run a GraphQL request with the given query and variables.
Args:
graphql_query (str): The GraphQL query to execute. This should be a valid GraphQL query string.
variables (str, optional): A JSON string containing variables for the GraphQL query. If provided, this must be a valid JSON string.
Example (as a string):
'{"pageInput": {"page_num": 1, "page_size": 5}, "op_id": "abc123"}'
Example (for a query with variables):
query weaknesses_page($pageInput: PageInput, $op_id: String!) {
weaknesses_page(pageInput: $pageInput, op_id: $op_id) {
weaknesses { id title severity }
}
}
Pass variables as:
'{"pageInput": {"page_num": 1, "page_size": 10}, "op_id": "abc123"}'
Returns:
Dict with output and status. The output field contains the GraphQL response.
Notes:
- If variables cannot be passed as a separate parameter due to MCP limitations, you can embed them directly in your query using variable definitions.
- If the variables parameter is not a valid JSON string, a clear error message will be returned. |
run_h3_command | Copy Execute an H3 CLI command with optional arguments.
This tool allows direct execution of any h3-cli command, providing flexible access
to all H3 API capabilities from the command line interface.
Args:
command (str): The H3 command to execute without the 'h3' prefix.
Common commands include 'whoami', 'pentests', 'pentest',
'hello-world', and 'help'.
args (List[str], optional): A list of string arguments for the command.
These will be passed directly to the command.
Returns:
Dict with command output and status. The output field contains the
command's response, either as parsed JSON or raw text.
Examples:
Check the current user identity:
run_h3_command("whoami")
View a specific pentest by ID:
run_h3_command("pentest", ["abc123"])
List all pentests with pagination:
run_h3_command("pentests", ["--page-size", "10", "--page", "1"])
Get help for a specific command:
run_h3_command("help", ["pentest"])
Run a new pentest using a template:
run_h3_command("run-pentest", ["my-template-name"])
Notes:
- To see all available commands, use run_h3_command("help")
- For command-specific help, use run_h3_command("help", ["command_name"])
- Command execution is synchronous and will block until completion |
health_check | Copy Check the health of the MCP server and h3-cli installation.
This tool verifies that:
1. The h3-cli tool is properly installed and in the system PATH
2. The H3 API connection is working (by running the 'hello-world' test)
Use this tool to diagnose connectivity issues or confirm proper setup
before running other operations.
Args:
None
Returns:
Dict containing:
- status: "ok" if everything is working, "error" if there's a problem
- details: A human-readable message describing the status
- output: Raw output from the h3 hello-world command (if available)
Examples:
Basic health check:
health_check()
Expected successful response:
{
"status": "ok",
"details": "h3-cli is installed and API is reachable.",
"output": "{ "data": { "hello": "world!" } }"
}
Notes:
- If the h3-cli tool is not installed, the status will be "error"
- If the API key is invalid or there are connection issues, the status will be "error"
- This tool is useful for troubleshooting MCP server configuration problems |