2.0.3 - Automatically install MCP

bmeck · bmeck · commit ca3f1a2f40d5 · 2025-08-22T14:13:31.000-05:00
diff --git a/README.md b/README.md
@@ -8,17 +8,9 @@ This extension provides automatic reporting of security concerns from [Socket Se
 
 * Socket detects multiple alternate forms of package imports, including dynamic `import()` or `require` in JavaScript or `importlib.import_module` in Python.
 
-## After Package Installation
+## MCP Server
 
-Workspaces are run against Socket's reporting utilities upon detection of JavaScript or Python dependencies. Note these also run prior to actual installation: presence in `package.json`, `requirements.txt`, or any other supported file is enough.
-
-* Package dependency files like `package.json` and `pyproject.toml` are run against more thorough issue reporting to see exact issues for each dependency. These are listed in the "Problems" tab for easy access.
-
-* You can hover over package imports in JavaScript or Python code to see a summary of their issues.
-
-## Pull Requests
-
-* Simplified GitHub application installation is available as a code lens. It detects your username/organization and sets up the installation workflow automatically with a simple click. These reports are more extensive than the ones provided within the extension and include things such as transitive issue aggregation and diffing from one commit to another. If you want these features, please install [the GitHub app](https://github.com/marketplace/socket-security).
+* This will automatically register the socket MCP server at https://mcp.socket.dev to allow usage of the public MCP server.
 
 # Team Guide
 
diff --git a/package.json b/package.json
@@ -2,7 +2,7 @@
     "name": "vscode-socket-security",
     "displayName": "Socket Security",
     "description": "Editor integration with Socket Security",
-    "version": "2.0.2",
+    "version": "2.0.3",
     "private": true,
     "preview": false,
     "categories": [
@@ -77,6 +77,12 @@
                 "category": "Socket Security",
                 "command": "socket-security.login"
             }
+        ],
+        "mcpServerDefinitionProviders": [
+            {
+                "id": "socket-security.mcp-server",
+                "label": "[Extension] Socket Security"
+            }
         ]
     },
     "bugs": {
@@ -87,7 +93,7 @@
         "vscode:prepublish": "npm run esbuild -- --minify",
         "vscode:uninstall": "node ./src/lifecycle/uninstall.mjs",
         "esbuild-base": "esbuild --bundle --external:tree-sitter-java --external:vscode --loader:.wasm=binary --loader:.go=file --loader:.py=text --outdir=out/ --platform=node --sourcemap",
-        "esbuild": "npm run esbuild-base -- --format=cjs main=src/extension.ts",
+        "esbuild": "npm run esbuild-base -- --format=cjs main=src/extension.ts --define:EXTENSION_VERSION=\"\\\"$npm_package_version\\\"\"",
         "test-compile": "tsc -p ./",
         "lint": "eslint \"src/**/*.ts\"",
         "compile": "npm run esbuild",
diff --git a/src/extension.ts b/src/extension.ts
@@ -1,13 +1,37 @@
 // The module 'vscode' contains the VS Code extensibility API
 // Import the module and reference it with the alias vscode in your code below
 
-import { ExtensionContext } from 'vscode';
+import * as vscode from 'vscode';
 import * as editorConfig from './data/editor-config';
 import * as files from './ui/file'
 import * as auth from './auth'
 
-export async function activate(context: ExtensionContext) {
+// This identifier is replaced at build time by esbuild using --define:EXTENSION_VERSION
+// Keep a `typeof` guard when reading it so runtime is safe if the define wasn't provided.
+declare const EXTENSION_VERSION: string | undefined;
+
+export async function activate(context: vscode.ExtensionContext) {
     editorConfig.activate(context);
     auth.activate(context, context.subscriptions);
     files.activate(context);
+    if (vscode.lm?.registerMcpServerDefinitionProvider) {
+        const definition: vscode.McpHttpServerDefinition = new vscode.McpHttpServerDefinition(
+            '[Extension] Socket Security',
+            vscode.Uri.parse('https://mcp.socket.dev/'),
+            {
+                'user-agent': `Socket Security VSCode Extension/${EXTENSION_VERSION}`,
+            }
+        )
+        const provider: vscode.McpServerDefinitionProvider<vscode.McpHttpServerDefinition> = {
+            provideMcpServerDefinitions(token) {
+                return [
+                    definition
+                ];
+            },
+            resolveMcpServerDefinition(definition, token) {
+                return definition
+            }
+        }
+        vscode.lm.registerMcpServerDefinitionProvider('socket-security.mcp-server', provider);
+    }
 }
