MCP Trust Score #10
Open
MCP Trust Score #10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Replaced custom MCP implementation with rmcp framework - Simplified architecture to use stdio transport only - Implemented WazuhToolsServer with #[tool(tool_box)] attribute - Added get_wazuh_alert_summary tool with proper parameter schema - Removed HTTP transport and axum dependencies - Updated README with new installation and usage instructions - Maintained compatibility with existing Wazuh Indexer client - Simplified error handling by removing axum-specific code
- Aligned initialize response with actual rmcp server output - Updated tools/list response to match real JSON schema format - Corrected tool name from 'wazuhAlerts' to 'get_wazuh_alert_summary' - Added proper MCP content format with text type responses - Included error response examples for connection failures - Updated tool call examples with correct parameter structure - Removed outdated outputSchema references (not used in rmcp) - Added proper JSON schema format with draft-07 specification
* Implemented unit and e2e testing * Other fixes and enhancements
- Replace custom WazuhIndexerClient with wazuh-client crate - Remove ~150 lines of duplicate code from src/wazuh/ directory - Add get_wazuh_rules_summary tool with filtering by level/group/filename - Implement factory pattern for consistent client creation - Add support for separate WAZUH_API_PORT and WAZUH_INDEXER_PORT - Maintain backward compatibility with existing environment variables - Enable access to comprehensive Wazuh API clients (agents, rules, config, etc.) - Add compliance framework mappings (GDPR, HIPAA, PCI DSS, NIST 800-53) - All tests passing (19/19) with clean compilation
…security operations Major enhancements: - Added Docker image building and publishing to GitHub Container Registry with multi-platform support (linux/amd64, linux/arm64) - Expanded from basic alert retrieval to comprehensive security operations with 14 MCP tools covering: * Vulnerability management (agent vulnerability summaries, critical vulnerabilities) * Agent monitoring (running agents, processes, network ports) * System statistics (weekly stats, remoted stats, log collector stats) * Log analysis (manager logs, error logs with search capabilities) * Cluster management (health checks, node listing) - Updated environment configuration to support both Wazuh Manager API and Wazuh Indexer with proper SSL handling - Enhanced documentation with detailed use cases, Docker deployment options, and comprehensive tool descriptions - Upgraded wazuh-client dependency to v0.1.1 for expanded API capabilities - Added agent ID formatting and validation for consistent three-digit zero-padded identifiers This transforms the server from a simple alert fetcher into a full-featured security operations platform for AI-assisted Wazuh management.
…ction and parametrization.
module leaving the main MCP server entrypoint as just a dispatcher of the former.
This commit introduces a major refactoring of the tool implementation by splitting the tools into separate modules based on their domain (agents, alerts, rules, stats, vulnerabilities). This improves modularity and maintainability. Key changes: - Upgraded wazuh-client to version 0.1.7 to leverage the new builder pattern for client instantiation. - Refactored the main WazuhToolsServer to delegate tool calls to the new domain-specific tool modules. - Created a tools module with submodules for each domain, each containing the relevant tool implementations and parameter structs. - Updated the default limit for most tools from 100 to 300, while the vulnerability summary limit is set to 10,000 to ensure comprehensive scans. - Removed a problematic manual test from the test script that was causing it to hang.
gbrigandi
force-pushed
the
main
branch
2 times, most recently
from
3eb5bbd to
50f2fc9
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi!
This PR adds the "Trust Score" badge from our new Open Source MCP catalog.
Our catalog evaluates MCP servers based on technical quality—like protocol feature implementation and dependency health—rather than vanity metrics like GitHub stars.
The scoring process is fully transparent and reproducible:
The badge is designed to be respectful to the structure of your readme, example:
Projects like Grafana MCP (https://github.com/grafana/mcp-grafana) are already participating.
We believe that transparent and truly open source MCP catalog should help the community to identify great MCP servers like yours 😊
We'd appreciate your support by merging this PR!