Skip to content

Erik-Koning/Vulnerability-Resolution-Agent

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.cursor
.cursor
 
 
.vscode
.vscode
 
 
convex
convex
 
 
infra
infra
 
 
k8
k8
 
 
packages
packages
 
 
public
public
 
 
tmp
tmp
 
 
vuln-scraper
vuln-scraper
 
 
.env
.env
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.json
.prettierrc.json
 
 
.test_payload.json
.test_payload.json
 
 
HMAC_SETUP.md
HMAC_SETUP.md
 
 
README.md
README.md
 
 
SLACK_INTEGRATION.md
SLACK_INTEGRATION.md
 
 
biome.json
biome.json
 
 
eslint.config.mjs
eslint.config.mjs
 
 
fastMCP_server.py
fastMCP_server.py
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
pnpm-workspace.yaml
pnpm-workspace.yaml
 
 
report.txt
report.txt
 
 
requirements.txt
requirements.txt
 
 
test_hmac.py
test_hmac.py
 
 
webhook_server.py
webhook_server.py
 
 

Repository files navigation

Vulnerability-Resolution-Agent

Canada DevOps Community of Practice Hackathon Toronto - Team 8

Project Name - Vulnerability Resolution Agent

Team Mentor -

Participant Names -

 Team Lead - Erik Koning
 Team Members - Sourabh Khuntia, Owen Lu, Alex Bajenaru

Real-Time Vulnerability Remediation Server

This project is a Python-based server that bridges GitHub's Dependabot vulnerability alerts directly into your Cursor IDE. It allows for real-time notifications and AI-assisted remediation of security vulnerabilities the moment they are detected.

The server uses FastAPI to handle webhooks, ngrok to expose the local server to the internet, and a custom Model Context Protocol (MCP) server to integrate seamlessly with the Cursor IDE.

Features

  • Webhook Receiver: Listens for dependabot_alert webhooks from GitHub repositories.
  • Slack Notifications: Automatically sends formatted, color-coded vulnerability alerts to Slack with detailed information and quick action links. See SLACK_INTEGRATION.md for setup instructions.
  • Real-Time Prompts: As soon as a vulnerability alert is received, the server pushes a notification directly to connected Cursor clients, prompting the AI to apply the recommended fix.
  • On-Demand Tools: Provides two custom MCP tools within the Cursor IDE:
    • get_latest_vulnerability: Fetches the details of the most recent vulnerability alert.
    • suggest_vulnerability_fix: Provides a detailed suggestion for how to patch the vulnerability.
  • Clean & Extendable: Uses the fastapi-mcp library for a clean, decorator-based approach to defining MCP tools, making it easy to add more in the future.

How It Works

  1. A GitHub repository is configured to send a Dependabot alert webhook to this server's public ngrok URL.
  2. The FastAPI application receives the webhook at the /webhook endpoint, validates the payload, and stores the alert details.
  3. The server immediately constructs a detailed prompt to fix the vulnerability and sends it over a Server-Sent Events (SSE) connection to all connected Cursor clients.
  4. Cursor receives this server-initiated prompt and uses its AI to suggest or apply the code change (e.g., updating a package version in requirements.txt).
  5. Additionally, developers can manually query the server from within Cursor using the provided MCP tools.

Architecture

The lightweight webhook server is separate from the mcp server Ingestion Service (FastAPI): Its only job is to receive incoming webhooks, validate them, and pass the information along. It should be fast, stateless, and simple. MCP Service (FastMCP): Its job is to manage the state of vulnerabilities, maintain persistent connections (SSE) with IDE clients, and serve tools. This is a more stateful, long-running process.

Requirements

  • Python 3.12 (The project's dependencies are not compatible with newer versions like Python 3.14).
  • A Cursor IDE installation.
  • An ngrok account and auth token (for creating a stable public URL).

Setup and Installation

1. Clone the Repository:

git clone <your-repo-url>
cd <your-repo-name>

2. Create a Virtual Environment: It is highly recommended to use a virtual environment. Ensure you are using Python 3.12.

python3.12 -m venv venv
source venv/bin/activate

3. Install Dependencies:

pip install -r requirements.txt

4. Configure Ngrok (Optional but Recommended): For a stable URL, add your ngrok authtoken. You only need to do this once.

ngrok config add-authtoken <your_ngrok_auth_token>

Running the Server

To start the server, run the main.py script from the root of the project directory:

python main.py

When the server starts, it will print a public ngrok URL to the console. This is the URL you will use to configure the GitHub webhook.

Using the MCP Server

Configure cursor via a .cursor/mcp.json file

{
  "mcpServers": {
    "vulnerability-server": {
      "url": "http://localhost:8001/mcp"
    }
  }
}

For Cline, use the following settings, note the command needs to be configured to use your own virtual env python3, eg. "/Documents/Projects/Vulnerability-Resolution-Agent/venv/bin/python3"

{
  "mcpServers": {
    "vulnerability-mcp": {
      "command": "/Documents/Projects/Vulnerability-Resolution-Agent/venv/bin/python3",
      "args": ["-u", "-m", "fastMCP_server"], 
      "cwd": "/Documents/Projects/Vulnerability-Resolution-Agent",
      "env": {
        "PYTHONUNBUFFERED": "1"
      }
    }
  }
}

About

Canada DevOps Community of Practice - Toronto Hackathon Series - Team 8- Project Name - Vulnerability Resolution Agent

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 96.7%
  • Python 2.0%
  • Other 1.3%