"NGINX" matching MCP tools:

• get_fix_recommendations

  SiteGuardian

  Returns copy-paste-ready fix recommendations (nginx, Apache, DNS, shell) for the issues found on a domain the caller has already paid for — either an active Monitor/Compliance subscription covering the domain, OR a purchased one-off Report for the domain. Each recommendation carries a stable issue_id, a priority (high/medium/low), a title, prose instructions, one or more config snippets with the target domain already interpolated, a verify command, and a category tag. Use this when the user asks how to fix an issue, wants the exact config to apply, or needs to verify a fix worked. Pass the optional issue_id to scope the response to one specific finding. The response is read-only — this tool NEVER triggers a fresh scan; fixes are computed from the most recent stored scan (including the Report-included re-scan if that was used). Do NOT use this for domains the caller hasn't purchased coverage for — you'll get an upgrade_required error that links to the pricing page. Do NOT use this to run or trigger a scan; call scan_domain for anonymous checks. Requires a valid API key.

  Connector

• calls_wait

  DialogBrain

  Block until a voice call ends (status changes from 'active') or timeout elapses. Returns ended=true with final state when the call has ended; ended=false on timeout (re-issue to keep waiting). The returned state includes `outcome` so callers can branch on pickup vs. no-answer (answered/no_answer/busy/declined/failed/unknown). Default timeout 90s; cap 110s — bounded by nginx proxy_read_timeout 120s on /mcp.

  Connector

• audit_stack

  Exploit Intelligence Platform — CVE, Vulnerability and Exploit Database

  Audit a technology stack for exploitable vulnerabilities. Accepts a comma-separated list of technologies (max 5) and searches for critical/ high severity CVEs with public exploits for each one, sorted by EPSS exploitation probability. Use this when a user describes their infrastructure and wants to know what to patch first. Example: technologies='nginx, postgresql, node.js' returns a risk-sorted list of exploitable CVEs grouped by technology. Rate-limit cost: each technology requires up to 2 API calls; 5 technologies counts as up to 10 calls toward your rate limit.

  Connector

• calls_wait

  dialogbrain

  Block until a voice call ends (status changes from 'active') or timeout elapses. Returns ended=true with final state when the call has ended; ended=false on timeout (re-issue to keep waiting). The returned state includes `outcome` so callers can branch on pickup vs. no-answer (answered/no_answer/busy/declined/failed/unknown). Default timeout 90s; cap 110s — bounded by nginx proxy_read_timeout 120s on /mcp.

  Connector

• add_firewall_rule

  BorealHost

  Add an IP firewall rule (allow or deny) and reload Nginx. Supports IPv4, IPv6, and CIDR notation. Max 100 rules per site. If a rule already exists for the IP, the action is updated. Requires: API key with write scope. Args: slug: Site identifier ip: IP address or CIDR (e.g. "1.2.3.4", "10.0.0.0/8", "2001:db8::/32") action: "deny" (block) or "allow" (whitelist). Default: "deny" Returns: {"added": true, "ip": "1.2.3.4", "action": "deny"}

  Connector

• get_logs

  BorealHost

  Retrieve container logs (error, access, or PHP). Requires: API key with read scope. Args: slug: Site identifier log_type: "error" (Nginx/Apache errors), "access" (HTTP request log), or "php" (PHP-FPM errors, WordPress sites only) lines: Number of lines to retrieve (1–500, default: 100) search: Optional keyword filter — only lines containing this string Returns: {"log_type": "error", "lines": ["2024-01-15 ... error ...", ...], "count": 42, "truncated": false} Errors: NOT_FOUND: Unknown slug VALIDATION_ERROR: Invalid log_type or lines out of range

  Connector

• cve_search

  ContrastAPI

  Search CVE database with filters: product/vendor, severity, published date range, EPSS score, CWE, CVSS range, CISA KEV status. Default response is SLIM per-result (cve_id, summary, severity, cvss_v3, cwe_id, epss, kev, total_products, published, modified, sources) — pass include='full' for description, cvss_breakdown, affected_products, references, first_seen_*. Verdict (sources_queried, falsifiable_fields, completeness, data_age) is at the response root — applies to the whole batch, not per-row. Product/vendor filters are EXACT NVD-canonical-token matches (not the common name — e.g. nginx is 'nginx_open_source'/'nginx_plus', vendor 'f5'); a low/zero count for a well-known product means the token differs, so for dependency/package lists use check_dependencies and for a domain's whole stack tech_stack_cve_audit (both auto-normalize tokens). Use for vulnerability discovery by criteria; pass cwe_id (e.g. CWE-79) to enumerate every CVE in our database mapped to a weakness — pair with cwe_lookup for the category description and mitigations. Use cve_lookup for single CVE by ID, kev_detail when kev=true filtering and the agent needs federal patch deadlines per result. Response carries a global hint pointing at cve_lookup — drill into any returned cve_id for full detail and chained pivots (exploit_lookup, kev_detail, cwe_lookup). Free: 30/hr, Pro: 500/hr. Returns {count, total, truncated, offset, summary, results, query_echo, next_offset, verdict, hint}.

  Connector

• remove_firewall_rule

  BorealHost

  Remove an IP firewall rule and reload Nginx. Requires: API key with write scope. Args: slug: Site identifier ip: IP address or CIDR to remove (must match exactly) Returns: {"removed": true, "ip": "1.2.3.4"}

  Connector

• scrape_dockerhub

  GoCreative Agent API

  Scrape Docker Hub image page with tag history, dockerfile signals. Heavier than lookup/dockerhub. Use for supply-chain audits. Example call: {"image": "library/nginx"} Cost: $0.005–$0.05 USDC on Base per call.

  Connector

• list_firewall_rules

  BorealHost

  List IP allow/deny firewall rules for a site. Rules are implemented as Nginx allow/deny directives per container. Requires: API key with read scope. Args: slug: Site identifier Returns: {"rules": [{"ip": "1.2.3.4", "action": "deny"}, {"ip": "10.0.0.0/8", "action": "allow"}]}

  Connector

• get_stack_info

  BorealHost

  Get detailed system stack information (OS, PHP, DB, web server versions). Requires: API key with read scope. Args: slug: Site identifier Returns: {"os": "Debian 12", "kernel": "6.1.0", "php": "8.3.4", "mysql": "10.11.6-MariaDB", "nginx": "1.24.0", "wordpress": "6.5"}

  Connector

• security_headers_check

  IA-QA — 130+ QA & Dev Tools for AI Agents

  Analyse the HTTP security headers of any public URL. Grades each header (A–F) for: Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-XSS-Protection, Cross-Origin-Opener-Policy, Cross-Origin-Resource-Policy, and Cross-Origin-Embedder-Policy. Returns an overall score (0–100), per-header grades, missing headers, and fix snippets for Express, Nginx, and Apache. Use this to audit any website's HTTP hardening posture.

  Connector