RAD Security

Instructions

Implementation Reference

• src/operations/cves.ts:25-31 (handler)

  The core handler function that executes the logic for listing CVE products for a given vendor by querying the public CVE search API.
  export async function listCveProducts(vendor: string): Promise<any> { const response = await fetch(`${BASE_URL}/browse/${encodeURIComponent(vendor)}`); if (!response.ok) { throw new Error(`Failed to list products for vendor ${vendor}: ${response.statusText}`); } return response.json(); }
• src/index.ts:1299-1310 (registration)

  Tool dispatch handler in the MCP server that validates input with Zod schema, calls the listCveProducts function, and formats the response.
  case "list_cve_products": { const args = z .object({ vendor: z.string(), }) .parse(request.params.arguments); const response = await cves.listCveProducts(args.vendor); return { content: [ { type: "text", text: JSON.stringify(response, null, 2) }, ], };
• src/index.ts:447-458 (registration)

  Tool registration in the listTools response, including name, description, and input schema definition.
  { name: "list_cve_products", description: "Get a list of all products associated with a vendor in the CVE database. Source: cve-search.org", inputSchema: zodToJsonSchema( z.object({ vendor: z .string() .describe("Vendor name to list products for"), }) ), },
• src/index.ts:452-456 (schema)

  Inline Zod schema defining the input parameters for the list_cve_products tool (vendor string).
  z.object({ vendor: z .string() .describe("Vendor name to list products for"), })
• src/operations/cves.ts:4-4 (helper)

  Base URL constant used by CVE-related functions including listCveProducts.
  const BASE_URL = "https://cve.circl.lu/api";