Skip to main content
Glama
NeoTecDigital

MCP Shamash

by NeoTecDigital
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

generate_remediation

Provides actionable remediation guidance for security findings to address vulnerabilities and ensure compliance with industry standards.

Instructions

Generate actionable remediation advice for findings

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
findingIdsNoIDs of findings to generate remediation for

Implementation Reference

  • src/core/server.ts:157-171 (registration)
    Tool registration including name, description, and input schema in the ListTools response.
    {
  name: 'generate_remediation',
  description: 'Generate actionable remediation advice for findings',
  inputSchema: {
    type: 'object',
    properties: {
      findingIds: {
        type: 'array',
        items: { type: 'string' },
        description: 'IDs of findings to generate remediation for'
      },
    },
    required: [],
  },
},
  • src/core/server.ts:528-552 (handler)
    The main handler function for the 'generate_remediation' tool, which delegates to RemediationAdvisor.
    private async handleGenerateRemediation(_args: any): Promise<any> {
  // Get recent scan results or specific findings
  // For demo, we'll generate advice for sample findings
  const sampleFindings = [
    {
      id: 'sample_001',
      type: 'dependency',
      severity: 'high' as const,
      title: 'Vulnerable dependency: lodash@4.17.19',
      description: 'Known security vulnerability CVE-2021-23337',
      location: { file: 'package.json' },
      cve: 'CVE-2021-23337',
    },
  ];

  const plan = await this.remediationAdvisor.generateRemediationPlan(sampleFindings);
  const markdown = this.remediationAdvisor.generateMarkdownReport(plan);

  return {
    status: 'success',
    remediations: plan.remediations.length,
    summary: plan.summary,
    report: markdown,
  };
}
  • src/advisor/remediation-advisor.ts:177-209 (handler)
    Core implementation of remediation plan generation, called by the tool handler.
    async generateRemediationPlan(findings: Finding[]): Promise<RemediationPlan> {
  const remediations: RemediationAdvice[] = [];
  
  for (const finding of findings) {
    const advice = await this.generateRemediationAdvice(finding);
    remediations.push(advice);
  }

  // Categorize by priority
  const prioritizedActions = {
    immediate: remediations.filter(r => r.priority === 'immediate'),
    high: remediations.filter(r => r.priority === 'high'),
    medium: remediations.filter(r => r.priority === 'medium'),
    low: remediations.filter(r => r.priority === 'low'),
  };

  // Calculate summary
  const autoFixable = remediations.filter(r => r.effort === 'trivial').length;
  const immediateActions = prioritizedActions.immediate.length;
  const totalEffort = this.calculateTotalEffort(remediations);

  return {
    findings,
    remediations,
    summary: {
      totalFindings: findings.length,
      autoFixable,
      immediateActions,
      estimatedEffort: totalEffort,
    },
    prioritizedActions,
  };
}
  • src/advisor/remediation-advisor.ts:19-34 (schema)
    Type definition for the RemediationPlan output structure.
    export interface RemediationPlan {
  findings: Finding[];
  remediations: RemediationAdvice[];
  summary: {
    totalFindings: number;
    autoFixable: number;
    immediateActions: number;
    estimatedEffort: string;
  };
  prioritizedActions: {
    immediate: RemediationAdvice[];
    high: RemediationAdvice[];
    medium: RemediationAdvice[];
    low: RemediationAdvice[];
  };
}
  • src/advisor/remediation-advisor.ts:211-251 (helper)
    Helper function that generates detailed remediation advice for individual findings.
    private async generateRemediationAdvice(finding: Finding): Promise<RemediationAdvice> {
  // Determine remediation type based on finding
  const remediationType = this.determineRemediationType(finding);
  const baseRemediation = this.remediationDatabase.get(remediationType);

  // Determine priority based on severity
  const priority = this.determinePriority(finding);

  // Build customized advice
  const advice: RemediationAdvice = {
    findingId: finding.id,
    priority,
    effort: baseRemediation?.effort || this.estimateEffort(finding),
    automaticFix: baseRemediation?.automaticFix,
    manualSteps: baseRemediation?.manualSteps,
    codeExample: baseRemediation?.codeExample,
    references: baseRemediation?.references || this.getDefaultReferences(finding.type),
    estimatedTime: baseRemediation?.estimatedTime || this.estimateTime(finding),
    tools: baseRemediation?.tools,
    preventionTips: this.generatePreventionTips(finding),
  };

  // Customize advice based on specific finding details
  if (finding.type === 'dependency' && finding.cve) {
    advice.automaticFix = `Update to version that patches ${finding.cve}`;
    advice.references = [
      `https://nvd.nist.gov/vuln/detail/${finding.cve}`,
      ...advice.references || [],
    ];
  }

  if (finding.type === 'secret') {
    advice.priority = 'immediate'; // Secrets are always immediate priority
    advice.manualSteps = [
      `Immediately rotate the exposed ${this.identifySecretType(finding.title)}`,
      ...advice.manualSteps || [],
    ];
  }

  return advice;
}
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/NeoTecDigital/mcp_shamash'

If you have feedback or need assistance with the MCP directory API, please join our Discord server