Documentation Search MCP Server

snyk_license_check

Check license compliance for project dependencies using Snyk to assess risks and ensure adherence to selected policies.

Instructions

Check license compliance for project dependencies using Snyk.

Args:
    project_path: Path to the project directory
    policy: License policy to apply ("permissive", "copyleft-limited", "strict")

Returns:
    License compliance report with risk assessment

Input Schema

TableJSON Schema

Name	Required	Description	Default
`project_path`	No		.
`policy`	No		permissive

Implementation Reference

src/documentation_search_enhanced/main.py:1998-2108 (handler)

Main handler function decorated with @mcp.tool() that implements the snyk_license_check tool. It scans project dependencies, uses Snyk integration for license compliance checking, applies customizable policies, and generates a risk assessment report.

async def snyk_license_check(project_path: str = ".", policy: str = "permissive"):
    """
    Check license compliance for project dependencies using Snyk.

    Args:
        project_path: Path to the project directory
        policy: License policy to apply ("permissive", "copyleft-limited", "strict")

    Returns:
        License compliance report with risk assessment
    """
    from .snyk_integration import snyk_integration
    from .project_scanner import find_and_parse_dependencies

    try:
        # Find project dependencies
        dep_result = find_and_parse_dependencies(project_path)
        if not dep_result:
            return {"error": "No supported dependency files found"}

        filename, ecosystem, dependencies = dep_result

        # Convert dependencies to list of tuples
        packages = [(name, version) for name, version in dependencies.items()]

        # Get license compliance report
        compliance_report = await snyk_integration.get_license_compliance(
            packages, ecosystem
        )

        # Apply policy-specific analysis
        policy_rules = {
            "permissive": {
                "allowed": {"MIT", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "ISC"},
                "restricted": {
                    "GPL-2.0",
                    "GPL-3.0",
                    "LGPL-2.1",
                    "LGPL-3.0",
                    "AGPL-3.0",
                },
                "name": "Permissive Policy",
            },
            "copyleft-limited": {
                "allowed": {
                    "MIT",
                    "Apache-2.0",
                    "BSD-2-Clause",
                    "BSD-3-Clause",
                    "ISC",
                    "LGPL-2.1",
                    "LGPL-3.0",
                },
                "restricted": {"GPL-2.0", "GPL-3.0", "AGPL-3.0"},
                "name": "Limited Copyleft Policy",
            },
            "strict": {
                "allowed": {"MIT", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause"},
                "restricted": {
                    "GPL-2.0",
                    "GPL-3.0",
                    "LGPL-2.1",
                    "LGPL-3.0",
                    "AGPL-3.0",
                },
                "name": "Strict Policy",
            },
        }

        selected_policy = policy_rules.get(policy, policy_rules["permissive"])

        # Risk assessment
        risk_assessment = {
            "policy_applied": selected_policy["name"],
            "overall_compliance": (
                "compliant"
                if compliance_report["non_compliant_packages"] == 0
                else "non-compliant"
            ),
            "risk_level": (
                "low"
                if compliance_report["non_compliant_packages"] == 0
                else (
                    "high"
                    if compliance_report["non_compliant_packages"] > 5
                    else "medium"
                )
            ),
            "action_required": compliance_report["non_compliant_packages"] > 0,
        }

        return {
            "project_path": project_path,
            "policy": selected_policy["name"],
            "scan_timestamp": datetime.now().isoformat(),
            "compliance_summary": compliance_report,
            "risk_assessment": risk_assessment,
            "recommendations": [
                "📋 Review all non-compliant packages",
                "🔄 Find alternative packages with compatible licenses",
                "⚖️ Consult legal team for high-risk licenses",
                "📝 Document license decisions for audit trail",
            ],
        }

    except Exception as e:
        return {
            "error": f"License check failed: {str(e)}",
            "project_path": project_path,
        }

src/documentation_search_enhanced/snyk_integration.py:298-371 (helper)

Core helper function in SnykIntegration class that scans multiple packages for licenses using Snyk API, categorizes them as compliant/non-compliant based on predefined allowed/restricted lists, and generates compliance statistics.

    self, packages: List[Tuple[str, str]], ecosystem: str = "pypi"
) -> Dict[str, Any]:
    """Check license compliance for multiple packages"""
    compliance_results = {
        "total_packages": len(packages),
        "compliant_packages": 0,
        "non_compliant_packages": 0,
        "unknown_licenses": 0,
        "license_summary": {},
        "compliance_details": [],
    }

    # Define license policies (configurable)
    allowed_licenses = {
        "MIT",
        "Apache-2.0",
        "BSD-2-Clause",
        "BSD-3-Clause",
        "ISC",
        "Unlicense",
        "WTFPL",
    }

    restricted_licenses = {
        "GPL-2.0",
        "GPL-3.0",
        "LGPL-2.1",
        "LGPL-3.0",
        "AGPL-3.0",
        "SSPL-1.0",
    }

    for package_name, version in packages:
        try:
            package_info = await self.scan_package(package_name, version, ecosystem)

            package_compliance = {
                "package": package_name,
                "version": version,
                "licenses": [license.name for license in package_info.licenses],
                "compliance_status": "unknown",
                "risk_level": "unknown",
            }

            if package_info.licenses:
                license_names = {license.name for license in package_info.licenses}

                if license_names.intersection(restricted_licenses):
                    package_compliance["compliance_status"] = "non-compliant"
                    package_compliance["risk_level"] = "high"
                    compliance_results["non_compliant_packages"] += 1
                elif license_names.intersection(allowed_licenses):
                    package_compliance["compliance_status"] = "compliant"
                    package_compliance["risk_level"] = "low"
                    compliance_results["compliant_packages"] += 1
                else:
                    package_compliance["compliance_status"] = "review_required"
                    package_compliance["risk_level"] = "medium"
                    compliance_results["unknown_licenses"] += 1
            else:
                compliance_results["unknown_licenses"] += 1

            compliance_results["compliance_details"].append(package_compliance)

            # Update license summary
            for license in package_info.licenses:
                if license.name not in compliance_results["license_summary"]:
                    compliance_results["license_summary"][license.name] = 0
                compliance_results["license_summary"][license.name] += 1

        except Exception as e:
            print(f"License check error for {package_name}: {e}", file=sys.stderr)

    return compliance_results

src/documentation_search_enhanced/snyk_integration.py:72-82 (helper)

Dataclass defining the structure for Snyk license information, used in license compliance checking.

class SnykLicense:
    """License information from Snyk"""

    id: str
    name: str
    spdx_id: Optional[str]
    type: str  # "copyleft", "permissive", "proprietary", etc.
    url: Optional[str]
    is_deprecated: bool
    instructions: str

src/documentation_search_enhanced/main.py:1998-2009 (registration)

Import statement registering the global snyk_integration instance used by the tool.

async def snyk_license_check(project_path: str = ".", policy: str = "permissive"):
    """
    Check license compliance for project dependencies using Snyk.

    Args:
        project_path: Path to the project directory
        policy: License policy to apply ("permissive", "copyleft-limited", "strict")

    Returns:
        License compliance report with risk assessment
    """
    from .snyk_integration import snyk_integration

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It states the tool performs a 'check' and returns a 'report with risk assessment', which implies a read-only operation, but doesn't disclose other traits like authentication needs, rate limits, side effects, or error handling. For a tool with no annotations, this leaves significant gaps in understanding its behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded: the first sentence states the core purpose, followed by structured sections for 'Args' and 'Returns'. Each sentence earns its place by providing essential information without redundancy. Minor improvements could include more explicit usage guidelines.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (2 parameters, no annotations, no output schema), the description is adequate but incomplete. It covers the purpose and parameters well, but lacks usage guidelines and behavioral details. Without an output schema, it hints at the return value ('License compliance report with risk assessment') but doesn't fully describe the output format or structure.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds meaningful context for both parameters: it explains that 'project_path' is a 'Path to the project directory' and 'policy' is a 'License policy to apply' with examples ('permissive', 'copyleft-limited', 'strict'). Since schema description coverage is 0% (titles only provide basic labels like 'Project Path'), this compensates well by clarifying the semantics beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Check license compliance for project dependencies using Snyk.' It specifies the verb ('Check'), resource ('license compliance for project dependencies'), and technology ('using Snyk'). However, it doesn't explicitly differentiate from sibling tools like 'snyk_scan_project' or 'snyk_scan_library', which might also involve Snyk scanning but for different purposes.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention sibling tools like 'snyk_scan_project' or 'scan_project_dependencies', nor does it specify prerequisites, exclusions, or contextual triggers for license checking. The usage is implied but not explicitly defined.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/gemini2026/documentation-search-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server