mcp

The Apiiro Guardian Agent MCP Server bridges AI coding assistants with Apiiro's security analysis platform. It exposes a set of MCP tools that let you write secure code guidance into your workflow, query security risks across repositories, trigger differential scans on code changes, analyze a repository's security posture, and manage security findings directly from your AI assistant. To use it, point your MCP-enabled tool or extension to the server endpoint provided by your deployment (for example, the Cursor plugin or Gemini extension configuration). Once connected, you can invoke actions like requesting a secure coding guidance pass, running a repository security risk query, starting a diff scan on recent commits, or retrieving current findings for remediation guidance. The server handles communication with Apiiro’s API and returns actionable insights that you can present within your AI assistant’s responses.

Prerequisites:

• Node.js (LTS) installed on the host
• npm or yarn available
• Access to Apiiro API (account and optional API token)

1. Install dependencies (example for a typical Node.js project):

   npm install

2. Configure environment variables (adjust as needed):

   export APIIRO_API_TOKEN=<your_api_token> # Optional if using OAuth externally

3. Run the MCP server locally:

   node server.js

4. Verify the MCP endpoint is reachable from your MCP client (e.g., Cursor or Gemini extension) using the configured URL, such as http://localhost:PORT/mcp (adjust port in your server.js as configured).

5. (Optional) Run in a container:

   docker run -i apiiro-mcp-server:latest

6. If deploying to a cloud or CI environment, ensure the API token and any other necessary environment variables are set in your deployment configuration.

Tips and considerations:

• If your environment requires OAuth-based authentication, you can omit API_TOKEN or provide it as needed by your integration; the MCP server supports either method depending on configuration.
• Ensure network egress to Apiiro’s API endpoints is allowed from the deployment environment.
• When using the Gemini extension or Cursor plugin, configure the MCP server URL exactly as provided by your deployment and refresh tokens if you rotate credentials.
• For debugging, check the server logs for authentication errors, connectivity to Apiiro, or MCP tool invocation errors. Typical issues include misconfigured endpoints, missing environment variables, or insufficient permissions on the Apiiro account.
• The server exposes capabilities to trigger diff scans, query risks across repositories, and manage findings; ensure you have the appropriate Apiiro plan and API access to perform these actions.