refactor: move MCP implementation from ls

.github/workflows/build.yml

@@ -0,0 +1,92 @@
+name: Build
+on:
+  workflow_dispatch:
+  pull_request:
+
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prepare git
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.longpaths true
+
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Setup tools
+        run: make tools
+
+      - name: Run go generate commands
+        run: make generate
+
+      - name: Verify generated files match committed versions
+        run: |
+          if ! git status --porcelain=v1 | wc -l | grep -qE '^ *0 *$'; then
+            echo "❌ Generated files have changed. Please run 'make generate' locally and commit the changes."
+            git status --porcelain=v1
+            exit 1
+          fi
+
+      - name: Lint source code
+        run: make lint
+
+  unit-tests:
+    name: unit tests
+    needs: [lint]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prepare git
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.longpaths true
+
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Setup tools
+        run: make tools
+
+      - name: Run tests
+        run: make clean test
+
+  check-licenses:
+    name: check licenses
+    needs: [unit-tests]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prepare git
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.longpaths true
+
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Setup tools (`make tools`)
+        run: make tools
+
+      - name: update licenses
+        run: make license-update
+
+      - name: Verify license files match committed versions
+        run: |
+          if ! git status --porcelain=v1 | wc -l | grep -qE '^ *0 *$'; then
+            echo "❌ License files have changed. Please run 'make license-update' locally and commit the changes."
+            git status --porcelain=v1
+            exit 1
+          fi

.gitignore

@@ -1 +1,48 @@
-.idea
+#################################
+# Compiled source               #
+#################################
+build/
+out/
+output/
+
+#################################
+# Golang files (with tooling)   #
+#################################
+.bin
+.dccache
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.test
+*.out
+
+#################################
+# IDE generated files           #
+#################################
+.settings/
+.classpath
+.project
+.idea/
+*.iml
+*.ipr
+*.iws
+
+#################################
+# Logs and temp files           #
+#################################
+*.log
+*.tmp
+*~
+
+#################################
+# OS generated files            #
+#################################
+Thumbs.db
+.directory
+.DS_Store
+._*
+webidentity.json
+
+.qodo

Makefile

@@ -0,0 +1,127 @@
+# Copyright 2022 Snyk Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# project variables
+PROJECT_NAME := studio-mcp
+
+# build variables
+.DEFAULT_GOAL = test
+BUILD_DIR := build
+DEV_GOARCH := $(shell go env GOARCH)
+DEV_GOOS := $(shell go env GOOS)
+GOPATH := $(shell go env GOPATH)
+GOROOT := $(shell go env GOROOT)
+VERSION := $(shell git show -s --format=%cd --date=format:%Y%m%d.%H%M%S)
+COMMIT := $(shell git show -s --format=%h)
+LDFLAGS_DEV := "-X 'github.com/snyk/studio-mcp/application/config.Development=true' -X 'github.com/snyk/studio-mcp/application/config.Version=v$(VERSION)-SNAPSHOT-$(COMMIT)'"
+
+TOOLS_BIN := $(shell pwd)/.bin
+
+OVERRIDE_GOCI_LINT_V := v2.6.1
+GOLICENSES_V := v1.6.0
+PACT_V := 2.4.2
+
+TIMEOUT := "-timeout=45m"
+
+
+## tools: Install required tooling.
+.PHONY: tools
+tools: $(TOOLS_BIN)/go-licenses $(TOOLS_BIN)/golangci-lint
+
+$(TOOLS_BIN)/go-licenses:
+	@echo "==> Installing go-licenses"
+	@GOBIN=$(TOOLS_BIN) go install github.com/google/go-licenses@$(GOLICENSES_V)
+
+$(TOOLS_BIN)/golangci-lint:
+	@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/$(OVERRIDE_GOCI_LINT_V)/install.sh | sh -s -- -b $(TOOLS_BIN)/ $(OVERRIDE_GOCI_LINT_V)
+
+## clean: Delete the build directory
+.PHONY: clean
+clean:
+	@echo "==> Removing '$(BUILD_DIR)' directory..."
+	@rm -rf $(BUILD_DIR)
+
+## lint: Lint code with golangci-lint.
+.PHONY: lint
+lint: $(TOOLS_BIN)/golangci-lint
+	@echo "==> Linting code with 'golangci-lint'..."
+	@$(TOOLS_BIN)/golangci-lint run ./...
+
+## lint: Lint code with golangci-lint.
+.PHONY: lint-fix
+lint-fix: $(TOOLS_BIN)/golangci-lint
+	@echo "==> Linting and fixing code with 'golangci-lint'..."
+	@$(TOOLS_BIN)/golangci-lint run --fix ./...
+
+
+
+## test: Run all tests.
+.PHONY: test
+test:
+	@echo "==> Running unit tests..."
+	@mkdir -p $(BUILD_DIR)
+	go test $(TIMEOUT) -failfast -cover -coverprofile=$(BUILD_DIR)/coverage.out ./...
+
+## generate: Regenerate generated files (e.g. mocks).
+.PHONY: generate
+generate:
+	@echo "==> Generating generated files..."
+	@go generate ./...
+
+## build: Build binary for default local system's OS and architecture.
+.PHONY: build
+build:
+	@echo "==> Building binary..."
+	@echo "    running go build for GOOS=$(DEV_GOOS) GOARCH=$(DEV_GOARCH)"
+# workaround for missing .exe extension on Windows
+ifeq ($(OS),Windows_NT)
+	@go build -o $(BUILD_DIR)/$(PROJECT_NAME).$(DEV_GOOS).$(DEV_GOARCH).exe \
+		-ldflags=$(LDFLAGS_DEV)
+else
+	@go build -o $(BUILD_DIR)/$(PROJECT_NAME).$(DEV_GOOS).$(DEV_GOARCH) \
+		-ldflags=$(LDFLAGS_DEV)
+endif
+
+## build-debug: Build binary for debugging
+.PHONY: build-debug
+build-debug:
+	@make clean
+	@echo "==> Building binary..."
+	@echo "    running go build with debug flags"
+
+ifeq ($(OS),Windows_NT)
+	@go build -o $(BUILD_DIR)/$(PROJECT_NAME).exe \
+		-ldflags=$(LDFLAGS_DEV) \
+		-gcflags="all=-N -l"
+else
+	@go build -o $(BUILD_DIR)/$(PROJECT_NAME) \
+		-ldflags=$(LDFLAGS_DEV)
+		-gcflags="all=-N -l"
+endif
+
+.PHONY: license-update
+license-update: $(TOOLS_BIN)/go-licenses
+	@echo "==> Updating license information..."
+	@rm -rf 'licenses'
+	@GOROOT=$(GOROOT) $(TOOLS_BIN)/go-licenses save ./pkg/mcp --save_path="licenses" --ignore "github.com/snyk/studio-mcp"
+
+.PHONY: licenses
+licenses: $(TOOLS_BIN)/go-licenses
+	@GOROOT=$(GOROOT) $(TOOLS_BIN)/go-licenses report ./pkg/mcp --ignore github.com/snyk/studio-mcp
+
+help: Makefile
+	@echo "Usage: make <command>"
+	@echo ""
+	@echo "Commands:"
+	@sed -n 's/^##//p' $< | column -t -s ':' | sed -e 's/^/ /'

README.md

@@ -1 +1,38 @@
-# TBD
+# Snyk Studio MCP
+
+MCP (Model Context Protocol) is an open protocol that standardizes how applications share context with large language models.
+
+MCP can provide AI systems with additional information needed to generate accurate and relevant responses for use cases where the AI systems do not have the context, by integrating the AI systems with tools and platforms that have specific capabilities. 
+
+You can integrate Snyk MCP into MCP-supporting tools to provide Snyk security context.
+
+Snyk is introducing an MCP server as part of the Snyk CLI. This allows MCP-enabled agentic tools to integrate Snyk security scanning capabilities directly, thus bridging the gap between security scanning and AI-assisted workflows.
+
+In environments or applications that use MCP, you can use the `snyk mcp` CLI command to:
+
+* Invoke Snyk scans:\
+  Trigger CLI security scans for code, dependencies, or configurations in your codebase in your current MCP context.
+* Retrieve results:\
+  Obtain Snyk security findings directly in your MCP-enabled tool or environment.
+
+ The Snyk MCP server supports integrating the following Snyk security tools into an AI system:
+
+* `snyk_sca_scan` (Open Source scan)
+* `snyk_code_scan` (Code scan)
+* `snyk_iac_scan` (IaC scan)
+* `snyk_container_scan` (IaC scan)
+* `snyk_sbom_scan` (SBOM file scan)
+* `snyk_aibom` (Create AIBOM)
+* `snyk_trust` (Trust a given folder before running a scan)
+* `snyk_auth` (authentication)
+* `snyk_logout` (logout)
+* `snyk_auth_status` (authentication status check)
+* `snyk_version` (version information)
+
+
+Running `snyk_sca_scan` may execute third-party ecosystem tools (for example, Gradle or Maven) on your machine to fetch the project's dependency tree.
+
+
+For more details, see the [Snyk MCP installation, configuration and startup](https://docs.snyk.io/integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio) and [Troubleshooting for the Snyk MCP server](https://docs.snyk.io/integrations/snyk-studio-agentic-integrations/troubleshooting) pages.
+
+**This repository is closed to public contributions.**