Update python sdk. Added server instructions and automatic vdb download using lifespan

prabhu · prabhu · commit 940c55a7e281 · 2025-02-21T23:19:15.000Z
Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;
diff --git a/packages/mcp-server-vdb/README.md b/packages/mcp-server-vdb/README.md
@@ -36,6 +36,21 @@ Edit the file using VS code or any editor of your choice. `~/Library/Application
 }
 ```
 
+`nerdctl` example.
+
+```json
+{
+  "mcpServers": {
+    "vdb": {
+      "command": "nerdctl",
+      "args": [
+        "run", "-i", "--rm", "-e", "VDB_HOME=/db", "-v", "$HOME/vdb:/db:rw", "ghcr.io/appthreat/mcp-server-vdb:master"
+      ]
+    }
+  }
+}
+```
+
 Restart the Claude Desktop application.
 
 If you get `ENOENT` error, specify the full path to docker. On a mac, `/Applications/Docker.app/Contents/Resources/bin/docker`.
diff --git a/packages/mcp-server-vdb/pyproject.toml b/packages/mcp-server-vdb/pyproject.toml
@@ -24,7 +24,7 @@ classifiers = [
 
 dependencies = [
     "appthreat-vulnerability-db[oras]",
-    "mcp[cli]>=1.2.1",
+    "mcp[cli]>=1.3.0",
 ]
 
 [build-system]
diff --git a/packages/mcp-server-vdb/src/mcp_server_vdb/server.py b/packages/mcp-server-vdb/src/mcp_server_vdb/server.py
@@ -25,8 +25,8 @@
 
 logger = logging.getLogger('mcp_server_vdb')
 
-# Age in days before the database needs refreshing. 5 days
-VDB_AGE_DAYS = os.getenv("VDB_AGE_DAYS", "5")
+# Age in days before the database needs refreshing. 2 days
+VDB_AGE_DAYS = os.getenv("VDB_AGE_DAYS", "2")
 if VDB_AGE_DAYS.isdigit():
     VDB_AGE_DAYS = int(VDB_AGE_DAYS)
 
@@ -42,6 +42,17 @@
     pass
 
 
+SERVER_INSTRUCTIONS = """
+This MCP server allows users to search for vulnerabilities and malware aggregated from sources such as AppThreat vuln-list, OSV, NVD, and GitHub. Vulnerability data is stored in SQLite-based storage with indexes for offline access and efficient searches. The database is downloaded upon the first run and can be refreshed every few days by simply restarting the MCP client, such as Claude Desktop.
+
+## Key Features
+
+- Query vulnerabilities by Package URLs (purl), CPE identifiers, or GitHub repository URLs
+- Retrieve detailed information about specific vulnerabilities using CVE or GHSA IDs
+- Access the latest reported malware information
+"""
+
+
 def print_results(results):
     if not results:
         return "No results found!"
@@ -71,7 +82,7 @@ def print_results(results):
 async def run():
 
     @asynccontextmanager
-    async def lifespan() -> AsyncIterator[dict]:
+    async def server_lifespan(server: Server) -> AsyncIterator[dict]:
         """Manage server startup and shutdown lifecycle."""
         global db_conn, index_conn
         try:
@@ -86,7 +97,7 @@ async def lifespan() -> AsyncIterator[dict]:
                     )
                     download_image(db_url, config.DATA_DIR)
             else:
-                logger.debug(f"Vulnerability database will be loaded from {config.DATA_DIR}")
+                logger.debug("Vulnerability database will be loaded from %s", config.DATA_DIR)
             db_conn, index_conn = db_lib.get()
             yield {"db_conn": db_conn, "index_conn": index_conn}
         finally:
@@ -95,7 +106,7 @@ async def lifespan() -> AsyncIterator[dict]:
             if index_conn:
                 index_conn.close()
 
-    server = Server("appthreat-vulnerability-db", version="1.0.0")
+    server = Server("appthreat-vulnerability-db", version="1.0.0", instructions=SERVER_INSTRUCTIONS, lifespan=server_lifespan)
 
     @server.list_resources()
     async def handle_list_resources() -> list[mtypes.Resource]:
@@ -112,7 +123,7 @@ async def handle_list_resources() -> list[mtypes.Resource]:
     async def handle_read_resource(uri: AnyUrl) -> str:
         if uri.scheme != "cve":
             raise ValueError(f"Unsupported URI scheme: {uri.scheme}")
-        path = str(uri).replace("cve://", "").split("/")[0]
+        path = str(uri).replace("cve://", "").split("/", maxsplit=1)[0]
         if not path:
             raise ValueError(f"Unknown resource path: {path}")
         raw_results = search.search_by_cve(path, with_data=True)
@@ -250,7 +261,7 @@ async def handle_list_tools() -> list[mtypes.Tool]:
         return [
             mtypes.Tool(
                 name="search_by_purl_like",
-                description="Search for vulnerabilities for a purl-like string",
+                description="Search for vulnerabilities for a Package URL purl like string",
                 inputSchema={
                     "type": "object",
                     "properties": {
@@ -283,11 +294,11 @@ async def handle_list_tools() -> list[mtypes.Tool]:
             ),
             mtypes.Tool(
                 name="search_by_cve",
-                description="Search for vulnerabilities for a CVE id",
+                description="Search for vulnerabilities for a CVE or GHSA id",
                 inputSchema={
                     "type": "object",
                     "properties": {
-                        "cve_id": {"type": "string", "description": "CVE id to search"},
+                        "cve_id": {"type": "string", "description": "CVE or GHSA id to search"},
                     },
                     "required": ["cve_id"]
                 }
diff --git a/packages/mcp-server-vdb/uv.lock b/packages/mcp-server-vdb/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ classifiers = [`
`24`	`24`
`25`	`25`	`dependencies = [`
`26`	`26`	`"appthreat-vulnerability-db[oras]",`
`27`		`- "mcp[cli]>=1.2.1",`
	`27`	`+ "mcp[cli]>=1.3.0",`
`28`	`28`	`]`
`29`	`29`
`30`	`30`	`[build-system]`