Metadata-Version: 2.4
Name: patrowl-intel-mcp
Version: 0.1.0
Summary: MCP server exposing PatrowlIntel vulnerability intelligence (CVEs, EPSS, CISA KEV, public exploits, trending attacks).
Project-URL: Homepage, https://intel.patrowl.io
Project-URL: Repository, https://github.com/Patrowl/PatrowlIntelMCP
Project-URL: Issues, https://github.com/Patrowl/PatrowlIntelMCP/issues
Author-email: Nicolas Mattiocco <nicolas.mattiocco@patrowl.io>
License-Expression: MIT
License-File: LICENSE
Keywords: cisa-kev,cve,epss,mcp,model-context-protocol,patrowl,security,threat-intelligence,vulnerability
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Requires-Python: >=3.10
Requires-Dist: httpx>=0.27
Requires-Dist: mcp>=1.8.0
Description-Content-Type: text/markdown

# patrowl-intel-mcp

An [MCP](https://modelcontextprotocol.io) server that exposes **PatrowlIntel** vulnerability intelligence (CVEs, EPSS, CISA KEV, public exploits, trending attacks) to any MCP client. It is a thin, read-only stdio wrapper over the public PatrowlIntel API.

> **v0** — three tools: `search_cves`, `get_cve`, `list_trending_attacks`.

## Tools

| Tool | Purpose |
|---|---|
| `search_cves` | Filter/rank the CVE feed (risk score, EPSS, KEV, exploited, technology, dates). |
| `get_cve` | Full record for one CVE (CVSS, EPSS, KEV, SSVC, exploits, references). |
| `list_trending_attacks` | Recent trending threats, filterable by severity and date. |

## Configuration (environment)

| Variable | Default | Purpose |
|---|---|---|
| `PATROWL_INTEL_API_BASE` | `https://intel.patrowl.io` | Backend API base URL. |
| `PATROWL_INTEL_WEB_BASE` | = API base | Public site base used for CVE citation links. |
| `PATROWL_INTEL_API_KEY` | _(unset)_ | Reserved for the future authenticated tier. |
| `PATROWL_INTEL_TIMEOUT` | `15` | Per-request timeout (seconds). |
| `PATROWL_INTEL_MCP_TRANSPORT` | `stdio` | `stdio` (local clients) or `streamable-http` (networked service). |
| `PATROWL_INTEL_MCP_HOST` | `127.0.0.1` | Bind host for `streamable-http`. |
| `PATROWL_INTEL_MCP_PORT` | `8790` | Bind port for `streamable-http`. |

## Run

```bash
# stdio (default) — for local MCP clients that launch the process
uv run patrowl-intel-mcp          # or: pip install -e . && patrowl-intel-mcp

# streamable-http — as a networked service (e.g. Docker); serves at /mcp
PATROWL_INTEL_MCP_TRANSPORT=streamable-http PATROWL_INTEL_MCP_HOST=0.0.0.0 \
  uv run patrowl-intel-mcp
```

## Client config

```jsonc
{
  "mcpServers": {
    "patrowl-intel": {
      "command": "uvx",
      "args": ["patrowl-intel-mcp"],
      "env": { "PATROWL_INTEL_API_BASE": "https://<your-intel-host>" }
    }
  }
}
```

During local development, point `command` at your checkout instead:

```jsonc
{ "command": "uv", "args": ["--directory", "/path/to/PatrowlIntelMCP", "run", "patrowl-intel-mcp"] }
```
