MCP Agent Access

Let autonomous agents trigger TrustSee scans using MCP-compatible tools and API endpoints.

MCP Endpoints

JSON-RPC endpoint: POST /api/mcp

Direct scan endpoint: POST /api/mcp/scan

Scan status endpoint: GET /api/scan-status?scanId=<id>

Tool: scan_repo(owner, name)

Example JSON-RPC call:

{
  "jsonrpc": "2.0",
  "id": "1",
  "method": "tools/call",
  "params": {
    "name": "scan_repo",
    "arguments": { "owner": "tinyfish-io", "name": "tinyfish-cookbook" }
  }
}

Response includes requestId, scanId, status, baseline_cves, and poll_url.

Open Access Guardrails

IP-based rate limiting

Owner/repo input validation

Structured log observability