Metadata-Version: 2.4
Name: intercept-mcp
Version: 0.2.2
Summary: MCP server exposing Intercept supply chain security data to MCP-compatible clients.
Project-URL: Homepage, https://intercept.hijacksecurity.com
Project-URL: Documentation, https://intercept.hijacksecurity.com/docs
Project-URL: Repository, https://github.com/hijacksecurity/Intercept
Author-email: Hijack Security <support@hijacksecurity.com>
License: Proprietary
Keywords: intercept,mcp,model-context-protocol,sast,security
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Requires-Python: >=3.11
Requires-Dist: ftfy>=6.2.0
Requires-Dist: httpx>=0.28.0
Requires-Dist: mcp>=1.27.0
Requires-Dist: pydantic>=2.10.0
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.24.0; extra == 'dev'
Requires-Dist: pytest-cov>=5.0.0; extra == 'dev'
Requires-Dist: pytest-xdist>=3.5.0; extra == 'dev'
Requires-Dist: pytest>=8.3.0; extra == 'dev'
Description-Content-Type: text/markdown

# intercept-mcp

Model Context Protocol (MCP) server that exposes an [Intercept](https://intercept.hijacksecurity.com) tenant's repositories, findings, scans, and resolutions to MCP-compatible AI clients.

## Installation

```bash
uvx intercept-mcp
```

## Configuration

| Variable | Required | Default |
|---|---|---|
| `INTERCEPT_MCP_API_KEY` | yes | — |
| `INTERCEPT_API_URL` | no | `https://intercept.hijacksecurity.com` |

`INTERCEPT_MCP_API_KEY` is a personal-scope API key, generated from the Intercept web UI: **Settings → Integrations → Generate MCP API Key**. The value starts with `hsk_`.

`INTERCEPT_API_URL` defaults to Intercept production. Override with the URL provided by your Intercept administrator for other environments.

## Claude Code configuration

Export the key from your shell profile (`~/.zshrc`, `~/.bashrc`):

```bash
export INTERCEPT_MCP_API_KEY=hsk_xxxxxxxx
```

Then add the server to your MCP client config:

```json
{
  "mcpServers": {
    "intercept": {
      "command": "uvx",
      "args": ["intercept-mcp"]
    }
  }
}
```

Restart the client. Verify with `claude mcp list`.

If you prefer to keep the key in the client config instead of the shell:

```json
{
  "mcpServers": {
    "intercept": {
      "command": "uvx",
      "args": ["intercept-mcp"],
      "env": {
        "INTERCEPT_MCP_API_KEY": "hsk_xxxxxxxx"
      }
    }
  }
}
```

## Tools

| Name | Description |
|---|---|
| `list_repositories` | List repositories in the current tenant. |
| `get_repository` | Get a repository by ID. |
| `get_repository_posture` | Get the posture evaluation for a repository. |
| `list_findings` | List findings by type (sast, secrets, container, iac, pipeline, sbom_vuln), filtered by repository, severity, or open status. |
| `get_sast_finding` | Get a SAST finding by ID. |
| `get_finding` | Deprecated alias for `get_sast_finding`. Prefer `get_sast_finding`. |
| `get_secrets_finding` | Get a secret finding by ID. |
| `get_container_file` | Get a Dockerfile by ID with its nested security findings. |
| `get_iac_file` | Get an IaC file by ID with its nested security findings. |
| `get_pipeline` | Get a CI/CD pipeline by ID with its actions and findings. |
| `get_sbom_vuln_finding` | Get an SBOM vulnerability (dependency) finding by ID. |
| `list_scans` | List scans, optionally filtered by repository. |
| `get_scan` | Get a scan by ID. |
| `list_organizations` | List organizations in the current tenant. |
| `get_organization` | Get an organization by slug. |
| `get_tenant_posture_summary` | Get the tenant-wide posture summary (score, grade, category breakdown). |
| `update_finding_status` | Update the status and optional note on a finding resolution. |
| `bulk_update_finding_status` | Bulk-update the status and optional note on up to 500 finding resolutions. |
| `comment_on_finding` | Attach a note to a finding resolution without changing its status. |
| `trigger_scan` | Trigger a new scan for a repository. |

## License

Proprietary — Hijack Security.
