Support new command (source-mcp) (jfrog#448)

Author: ilya-k-1

cli/docs/mcp/help.go

@@ -0,0 +1,13 @@
+package source_mcp
+
+import (
+	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
+)
+
+func GetDescription() string {
+	return "Runs a local source code analysis as a local MCP server, allowing access to tools which reflect source code analysis"
+}
+
+func GetArguments() []components.Argument {
+	return []components.Argument{{Name: "Source path", Description: `Specifies the local file system path of source code to analyze.`}}
+}

cli/scancommands.go

@@ -3,6 +3,9 @@ package cli
 import (
 	"errors"
 	"fmt"
+	"os"
+	"strings"
+
 	buildInfoUtils "github.com/jfrog/build-info-go/utils"
 	"github.com/jfrog/gofrog/datastructures"
 	"github.com/jfrog/jfrog-cli-core/v2/common/cliutils"
@@ -14,26 +17,28 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
 	coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
-	enrichDocs "github.com/jfrog/jfrog-cli-security/cli/docs/enrich"
-	"github.com/jfrog/jfrog-cli-security/commands/enrich"
-	"github.com/jfrog/jfrog-cli-security/utils/xray"
-	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
-	"github.com/jfrog/jfrog-client-go/utils/log"
-	"github.com/urfave/cli"
-	"os"
-	"strings"
-
 	flags "github.com/jfrog/jfrog-cli-security/cli/docs"
 	auditSpecificDocs "github.com/jfrog/jfrog-cli-security/cli/docs/auditspecific"
+	enrichDocs "github.com/jfrog/jfrog-cli-security/cli/docs/enrich"
+	mcpDocs "github.com/jfrog/jfrog-cli-security/cli/docs/mcp"
 	auditDocs "github.com/jfrog/jfrog-cli-security/cli/docs/scan/audit"
 	buildScanDocs "github.com/jfrog/jfrog-cli-security/cli/docs/scan/buildscan"
 	curationDocs "github.com/jfrog/jfrog-cli-security/cli/docs/scan/curation"
 	dockerScanDocs "github.com/jfrog/jfrog-cli-security/cli/docs/scan/dockerscan"
 	scanDocs "github.com/jfrog/jfrog-cli-security/cli/docs/scan/scan"
+	"github.com/jfrog/jfrog-cli-security/commands/enrich"
+	"github.com/jfrog/jfrog-cli-security/commands/source_mcp"
+	"github.com/jfrog/jfrog-cli-security/jas"
+
+	"github.com/jfrog/jfrog-cli-security/utils/xray"
+	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
+	"github.com/jfrog/jfrog-client-go/utils/log"
+	"github.com/urfave/cli"
 
 	"github.com/jfrog/jfrog-cli-security/commands/audit"
 	"github.com/jfrog/jfrog-cli-security/commands/curation"
 	"github.com/jfrog/jfrog-cli-security/commands/scan"
+
 	"github.com/jfrog/jfrog-cli-security/utils/severityutils"
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	"github.com/jfrog/jfrog-cli-security/utils/xsc"
@@ -101,6 +106,13 @@ func getAuditAndScansCommands() []components.Command {
 			Action:      CurationCmd,
 		},
 
+		{
+			Name:        "source-mcp",
+			Description: mcpDocs.GetDescription(),
+			Action:      SourceMcpCmd,
+			Hidden:      true,
+		},
+
 		// TODO: Deprecated commands (remove at next CLI major version)
 		{
 			Name:        "audit-mvn",
@@ -165,6 +177,28 @@ func getAuditAndScansCommands() []components.Command {
 	}
 }
 
+func SourceMcpCmd(c *components.Context) error {
+
+	serverDetails, err := createServerDetailsWithConfigOffer(c)
+	if err != nil {
+		return err
+	}
+
+	am_env, err := jas.GetAnalyzerManagerEnvVariables(serverDetails)
+	if err != nil {
+		return err
+	}
+
+	mcp_cmd := source_mcp.McpCommand{
+		Env:        am_env,
+		Arguments:  c.Arguments,
+		InputPipe:  os.Stdin,
+		OutputPipe: os.Stdout,
+		ErrorPipe:  os.Stderr,
+	}
+	return mcp_cmd.Run()
+}
+
 func EnrichCmd(c *components.Context) error {
 	if len(c.Arguments) == 0 {
 		return pluginsCommon.PrintHelpAndReturnError("providing a file path argument is mandatory", c)

commands/source_mcp/source_mcp.go

@@ -0,0 +1,123 @@
+package source_mcp
+
+import (
+	"fmt"
+	"io"
+	"os/exec"
+	"time"
+
+	"github.com/jfrog/jfrog-cli-security/jas"
+	"github.com/jfrog/jfrog-cli-security/utils"
+	"github.com/jfrog/jfrog-client-go/utils/log"
+)
+
+type McpCommand struct {
+	Env        map[string]string
+	Arguments  []string
+	InputPipe  io.Reader
+	OutputPipe io.Writer
+	ErrorPipe  io.Writer
+}
+
+func establishPipeToFile(dst io.WriteCloser, src io.Reader) {
+	defer dst.Close()
+	_, err := io.Copy(dst, src)
+	if err != nil {
+		log.Error("Error establishing pipe")
+	}
+}
+
+func establishPipeFromFile(dst io.Writer, src io.ReadCloser) {
+	defer src.Close()
+	_, err := io.Copy(dst, src)
+	if err != nil {
+		log.Error("Error establishing pipe")
+	}
+}
+
+func RunAmMcpWithPipes(env map[string]string, cmd string, input_pipe io.Reader, output_pipe io.Writer, error_pipe io.Writer, timeout int, args ...string) error {
+	am_path, err := jas.GetAnalyzerManagerExecutable()
+	if err != nil {
+		return err
+	}
+
+	allArgs := append([]string{cmd}, args...)
+	log.Info(fmt.Sprintf("Launching: %s; command %s; arguments %v", am_path, cmd, args))
+	command := exec.Command(am_path, allArgs...)
+	command.Env = utils.ToCommandEnvVars(env)
+
+	defer func() {
+		if command != nil && !command.ProcessState.Exited() {
+			if _error := command.Process.Kill(); _error != nil {
+				log.Error(fmt.Sprintf("failed to kill process: %s", _error.Error()))
+			}
+		}
+	}()
+
+	stdin, _error := command.StdinPipe()
+	if _error != nil {
+		log.Error(fmt.Sprintf("Error creating MCPService stdin pipe: %v", _error))
+		return _error
+	}
+	defer stdin.Close()
+
+	stdout, _error := command.StdoutPipe()
+	if _error != nil {
+		log.Error(fmt.Sprintf("Error creating MCPService stdout pipe: %v", _error))
+		return _error
+	}
+	defer stdout.Close()
+
+	stderr, _error := command.StderrPipe()
+	if _error != nil {
+		log.Error(fmt.Sprintf("Error creating MCPService stderr pipe: %v", _error))
+		return _error
+	}
+	defer stderr.Close()
+
+	go establishPipeToFile(stdin, input_pipe)
+	go establishPipeFromFile(error_pipe, stderr)
+	go establishPipeFromFile(output_pipe, stdout)
+
+	if _error := command.Start(); _error != nil {
+		log.Error(fmt.Sprintf("Error starting MCPService subprocess: %v", _error))
+		return _error
+	}
+
+	if timeout > 0 {
+		go func() {
+			time.Sleep(time.Duration(timeout) * time.Second)
+			// closing the pipe required prior to killing the process
+			// according to MCP documentation
+			// https://modelcontextprotocol.io/specification/2025-03-26/basic/lifecycle
+			err := stdin.Close()
+			if err != nil {
+				log.Error(fmt.Sprintf("Error closing MCPService stdin pipe: %v", err))
+			}
+
+			err = command.Process.Kill()
+			if err != nil {
+				log.Error(fmt.Sprintf("Error killing MCPService subprocess: %v", err))
+			}
+		}()
+	}
+
+	if _error := command.Wait(); _error != nil {
+		log.Error(fmt.Sprintf("Error waiting for MCPService subprocess: %v", _error))
+		return _error
+	}
+	return nil
+}
+
+func (mcpCmd *McpCommand) runWithTimeout(timeout int, cmd string) (err error) {
+	err_ := jas.DownloadAnalyzerManagerIfNeeded(0)
+	if err_ != nil {
+		log.Error(fmt.Sprintf("Failed to download Analyzer Manager: %v", err))
+	}
+
+	return RunAmMcpWithPipes(mcpCmd.Env, cmd, mcpCmd.InputPipe, mcpCmd.OutputPipe, mcpCmd.ErrorPipe, timeout, mcpCmd.Arguments...)
+}
+
+func (mcpCmd *McpCommand) Run() (err error) {
+	return mcpCmd.runWithTimeout(0, "mcp-sast")
+}

commands/source_mcp/source_mcp_test.go

@@ -0,0 +1,59 @@
+package source_mcp
+
+import (
+	"bytes"
+	"path/filepath"
+	"testing"
+
+	"github.com/jfrog/jfrog-cli-security/jas"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRunSourceMcpHappyFlow(t *testing.T) {
+	scanner, cleanUp := jas.InitJasTest(t)
+	defer cleanUp()
+	scanned_path := filepath.Join("..", "..", "tests", "testdata", "projects", "jas", "jas")
+	query := "{\"jsonrpc\": \"2.0\",  \"id\": 1, \"method\": \"initialize\", \"params\": {\"protocolVersion\": \"2024-11-05\", \"capabilities\": {}, \"clientInfo\": {\"name\": \"ExampleClient\",  \"version\": \"1.0.0\" }}}"
+	input_buffer := *bytes.NewBufferString(query)
+	output_buffer := *bytes.NewBuffer(make([]byte, 0, 500))
+	error_buffer := *bytes.NewBuffer(make([]byte, 0, 500))
+	am_env, _ := jas.GetAnalyzerManagerEnvVariables(scanner.ServerDetails)
+
+	mcp_cmd := McpCommand{
+		Env:        am_env,
+		Arguments:  []string{scanned_path},
+		InputPipe:  &input_buffer,
+		OutputPipe: &output_buffer,
+		ErrorPipe:  &error_buffer,
+	}
+
+	err := mcp_cmd.runWithTimeout(5, "mcp-sast")
+	assert.Error(t, err) // returns error because it was terminated upon timeout
+	if !assert.Contains(t, error_buffer.String(), "Generated IR") {
+		t.Error(error_buffer.String())
+	}
+
+	if !assert.Contains(t, output_buffer.String(), "\"serverInfo\":{\"name\":\"jfrog_sast\"") {
+		t.Error(output_buffer.String())
+	}
+}
+
+func TestRunSourceMcpScannerError(t *testing.T) {
+	scanner, cleanUp := jas.InitJasTest(t)
+	defer cleanUp()
+	// no such path
+	scanned_path := ""
+	input_buffer := *bytes.NewBufferString("")
+	output_buffer := *bytes.NewBuffer(make([]byte, 0, 500))
+	error_buffer := *bytes.NewBuffer(make([]byte, 0, 500))
+	am_env, _ := jas.GetAnalyzerManagerEnvVariables(scanner.ServerDetails)
+	mcp_cmd := McpCommand{
+		Env:        am_env,
+		Arguments:  []string{scanned_path},
+		InputPipe:  &input_buffer,
+		OutputPipe: &output_buffer,
+		ErrorPipe:  &error_buffer,
+	}
+	err := mcp_cmd.runWithTimeout(0, "mcp-sast1") // no such command
+	assert.ErrorContains(t, err, "exit status 99")
+}