RAD Security

Instructions

Implementation Reference

• src/operations/cves.ts:33-43 (handler)

  The handler function that implements the core logic of the 'search_cves' tool by querying the CVE search API with vendor and optional product parameters.

  export async function searchCves(vendor: string, product?: string): Promise<any> {
    const url = product
      ? `${BASE_URL}/search/${encodeURIComponent(vendor)}/${encodeURIComponent(product)}`
      : `${BASE_URL}/search/${encodeURIComponent(vendor)}`;
  
    const response = await fetch(url);
    if (!response.ok) {
      throw new Error(`Failed to search CVEs: ${response.statusText}`);
    }
    return response.json();
  }

• src/operations/cves.ts:11-14 (schema)

  Zod input schema defining parameters for the 'search_cves' tool: vendor (required) and product (optional).

  export const searchCvesSchema = z.object({
    vendor: z.string().describe("Vendor name to search for"),
    product: z.string().optional().describe("Product name to search for"),
  });

• src/index.ts:459-464 (registration)

  Registration of the 'search_cves' tool in the list_tools handler, including name, description, and input schema.

  {
    name: "search_cves",
    description:
      "Search CVEs by vendor and optionally product. Source: cve-search.org",
    inputSchema: zodToJsonSchema(cves.searchCvesSchema),
  },

• src/index.ts:1312-1319 (registration)

  Handler dispatch in the call_tool request: parses arguments with schema, calls the searchCves function, and returns JSON response.

  case "search_cves": {
    const args = cves.searchCvesSchema.parse(request.params.arguments);
    const response = await cves.searchCves(args.vendor, args.product);
    return {
      content: [
        { type: "text", text: JSON.stringify(response, null, 2) },
      ],
    };