Merge pull request #24 from trendmicro/feat_custom_rules_beta

feat: Add beta Custom Rules endpoints and tools

Author: Shreda

.github/pull_request_template.md

@@ -27,6 +27,12 @@ List the changes made in this PR:
 
 Steps to manually test this PR:
 
+1. `git checkout <branch-name>`
+2. `make mcpserver`
+3. Move the `v1-mcp-server` binary onto `$PATH`
+4. Configure the server with your AI tooling (differs depending on tool used)
+5. _Describe specific test steps here..._
+
 ---
 
 ## Screenshots / Demos (if applicable)

.github/workflows/lint.yml

@@ -13,11 +13,11 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
+      - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
         with:
-          go-version: stable
+          go-version: 1.26.0
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20
         with:
-          version: v2.1
+          version: v2.9

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.24.3-alpine AS build
+FROM golang:1.26.0-alpine AS build
 ARG VERSION="dev"
 
 # Set the working directory

README.md

@@ -88,16 +88,22 @@ Alternatively, copy the following into your `settings.json`.
 
 ## Tools
 
-### Cloud Posture
+### Cloud Posture (Beta)
 
 | Tool | Description | Mode |
 | ---- | ----------- | ---- |
-| `cloud_posture_accounts_list` | List CSPM Accounts. | `read` |
-| `cloud_posture_account_checks_list` | List the checks of an account. | `read` |
-| `cloud_posture_account_scan` | Start scanning Cloud Posture account. | `write` |
-| `cloud_posture_account_scan_settings_get` | Get the scan settings for an account. | `read` |
-| `cloud_posture_account_scan_settings_update` | Update an account's scan settings. | `write` |
-| `cloud_posture_template_scanner_run` | Scan an infrastructure as code template using the cloud posture template scanner. | `read` |
+| `cloud_posture_accounts_list` | (Beta) List CSPM Accounts. | `read` |
+| `cloud_posture_account_checks_list` | (Beta) List the checks of an account. | `read` |
+| `cloud_posture_account_scan` | (Beta) Start scanning Cloud Posture account. | `write` |
+| `cloud_posture_account_scan_settings_get` | (Beta) Get the scan settings for an account. | `read` |
+| `cloud_posture_account_scan_settings_update` | (Beta) Update an account's scan settings. | `write` |
+| `cloud_posture_template_scanner_run` | (Beta) Scan an infrastructure as code template using the cloud posture template scanner. | `read` |
+| `cloud_posture_custom_rules_list` | (Beta) Displays the custom rules of your company in a paginated list. | `read` |
+| `cloud_posture_custom_rule_get` | (Beta) Returns the configuration of the specified custom rule. | `read` |
+| `cloud_posture_custom_rule_create` | (Beta) Creates a custom rule for your company. Requires Master Administrator role. | `write` |
+| `cloud_posture_custom_rule_update` | (Beta) Updates the specified custom rule. Requires Master Administrator role. | `write` |
+| `cloud_posture_custom_rule_delete` | (Beta) Deletes the specified custom rule permanently. Requires Master Administrator role. | `write` |
+| `cloud_posture_custom_rule_test` | (Beta) Tests the provided custom rule configuration against an account or mock resource data. Requires Master Administrator role. | `read` |
 
 ### Identity and Access Management (IAM)
 

go.mod

@@ -1,6 +1,6 @@
 module github.com/trendmicro/vision-one-mcp-server
 
-go 1.23.0
+go 1.26.0
 
 require (
 	github.com/google/go-querystring v1.2.0

internal/v1client/aisecurity.go

@@ -1,8 +1,6 @@
 package v1client
 
 import (
-	"bytes"
-	"encoding/json"
 	"net/http"
 )
 
@@ -66,23 +64,11 @@ type AISecurityApplyGuardrailsOptions struct {
 
 // AISecurityApplyGuardrails evaluates prompts against AI guard policies.
 func (c *V1ApiClient) AISecurityApplyGuardrails(input AISecurityApplyGuardrailsInput, opts AISecurityApplyGuardrailsOptions) (*http.Response, error) {
-	b, err := json.Marshal(&input)
-	if err != nil {
-		return nil, err
-	}
-
-	r, err := c.newRequest(
-		http.MethodPost,
+	return c.genericJSONPost(
 		"v3.0/aiSecurity/applyGuardrails",
-		bytes.NewReader(b),
-		withContentTypeJSON(),
+		input,
 		withHeader("TMV1-Application-Name", opts.ApplicationName),
 		withHeader("TMV1-Request-Type", opts.RequestType),
 		withHeader("Prefer", opts.Prefer),
 	)
-	if err != nil {
-		return nil, err
-	}
-
-	return c.client.Do(r)
 }

internal/v1client/cloudposture.go

@@ -1,97 +1,32 @@
 package v1client
 
 import (
-	"bytes"
-	"encoding/json"
 	"fmt"
 	"net/http"
-
-	"github.com/google/go-querystring/query"
 )
 
 func (c *V1ApiClient) CloudPostureListAccounts(queryParams QueryParameters) (*http.Response, error) {
-	p, err := query.Values(queryParams)
-	if err != nil {
-		return nil, err
-	}
-	r, err := c.newRequest(
-		http.MethodGet,
-		"beta/cloudPosture/accounts",
-		http.NoBody,
-		withUrlParameters(p),
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	return c.client.Do(r)
+	return c.searchAndFilter("beta/cloudPosture/accounts", "", queryParams)
 }
 
 func (c *V1ApiClient) CloudPostureListAccountChecks(filter string, qp QueryParameters) (*http.Response, error) {
-	p, err := query.Values(qp)
-	if err != nil {
-		return nil, err
-	}
-	r, err := c.newRequest(
-		http.MethodGet,
-		"beta/cloudPosture/checks",
-		http.NoBody,
-		withFilter(filter),
-		withUrlParameters(p),
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	return c.client.Do(r)
+	return c.searchAndFilter("beta/cloudPosture/checks", filter, qp)
 }
 
 func (c *V1ApiClient) CloudPostureScanTemplate(content string, templateType string) (*http.Response, error) {
-	jsonInput := map[string]any{
+	body := map[string]any{
 		"content": content,
 		"type":    templateType,
 	}
-	b, err := json.Marshal(jsonInput)
-	if err != nil {
-		return nil, err
-	}
-
-	r, err := c.newRequest(
-		http.MethodPost,
-		"beta/cloudPosture/scanTemplate",
-		bytes.NewReader(b),
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	contentTypeJSON(r)
-
-	return c.client.Do(r)
+	return c.genericJSONPost("beta/cloudPosture/scanTemplate", body)
 }
 
 func (c *V1ApiClient) CloudPostureScanAccount(accountId string) (*http.Response, error) {
-	r, err := c.newRequest(
-		http.MethodPost,
-		fmt.Sprintf("beta/cloudPosture/accounts/%s/scan", accountId),
-		http.NoBody,
-	)
-	if err != nil {
-		return nil, err
-	}
-	return c.client.Do(r)
+	return c.genericPost(fmt.Sprintf("beta/cloudPosture/accounts/%s/scan", accountId))
 }
 
 func (c *V1ApiClient) CloudPostureGetAccountScanSettings(accountId string) (*http.Response, error) {
-	r, err := c.newRequest(
-		http.MethodGet,
-		fmt.Sprintf("beta/cloudPosture/accounts/%s/scanSetting", accountId),
-		http.NoBody,
-	)
-	if err != nil {
-		return nil, err
-	}
-	return c.client.Do(r)
+	return c.genericGet(fmt.Sprintf("beta/cloudPosture/accounts/%s/scanSetting", accountId))
 }
 
 type UpdateAccountScanSettings struct {
@@ -104,24 +39,70 @@ func (c *V1ApiClient) CloudPostureUpdateAccountScanSettings(
 	enabled *bool,
 	interval int,
 ) (*http.Response, error) {
-	apiInput := UpdateAccountScanSettings{
+	body := UpdateAccountScanSettings{
 		Enabled:  enabled,
 		Interval: interval,
 	}
-	b, err := json.Marshal(apiInput)
-	if err != nil {
-		return nil, err
-	}
-	r, err := c.newRequest(
-		http.MethodPatch,
-		fmt.Sprintf("beta/cloudPosture/accounts/%s/scanSetting", accountId),
-		bytes.NewReader(b),
-	)
-	if err != nil {
-		return nil, err
-	}
+	return c.genericJSONPatch(fmt.Sprintf("beta/cloudPosture/accounts/%s/scanSetting", accountId), body)
+}
+
+func (c *V1ApiClient) CloudPostureListCustomRules(queryParams QueryParameters) (*http.Response, error) {
+	return c.searchAndFilter("beta/cloudPosture/customRules", "", queryParams)
+}
+
+func (c *V1ApiClient) CloudPostureGetCustomRule(ruleId string) (*http.Response, error) {
+	return c.genericGet(fmt.Sprintf("beta/cloudPosture/customRules/%s", ruleId))
+}
+
+type CustomRuleInput struct {
+	Name                    string   `json:"name"`
+	Description             string   `json:"description,omitempty"`
+	Categories              []string `json:"categories"`
+	RiskLevel               string   `json:"riskLevel"`
+	Provider                string   `json:"provider"`
+	ResolutionReferenceLink string   `json:"resolutionReferenceLink,omitempty"`
+	RemediationNote         string   `json:"remediationNote,omitempty"`
+	Enabled                 bool     `json:"enabled"`
+	Service                 string   `json:"service"`
+	ResourceType            string   `json:"resourceType"`
+	Attributes              []any    `json:"attributes"`
+	EventRules              []any    `json:"eventRules"`
+	Slug                    string   `json:"slug,omitempty"`
+}
+
+func (c *V1ApiClient) CloudPostureCreateCustomRule(input CustomRuleInput) (*http.Response, error) {
+	return c.genericJSONPost("beta/cloudPosture/customRules", input)
+}
+
+type CustomRuleUpdateInput struct {
+	Name                    string   `json:"name,omitempty"`
+	Description             string   `json:"description,omitempty"`
+	Categories              []string `json:"categories,omitempty"`
+	RiskLevel               string   `json:"riskLevel,omitempty"`
+	Provider                string   `json:"provider,omitempty"`
+	ResolutionReferenceLink string   `json:"resolutionReferenceLink,omitempty"`
+	RemediationNote         string   `json:"remediationNote,omitempty"`
+	Enabled                 *bool    `json:"enabled,omitempty"`
+	Service                 string   `json:"service,omitempty"`
+	ResourceType            string   `json:"resourceType,omitempty"`
+	Attributes              []any    `json:"attributes,omitempty"`
+	EventRules              []any    `json:"eventRules,omitempty"`
+}
+
+func (c *V1ApiClient) CloudPostureUpdateCustomRule(ruleId string, input CustomRuleUpdateInput) (*http.Response, error) {
+	return c.genericJSONPatch(fmt.Sprintf("beta/cloudPosture/customRules/%s", ruleId), input)
+}
+
+func (c *V1ApiClient) CloudPostureDeleteCustomRule(ruleId string) (*http.Response, error) {
+	return c.genericDelete(fmt.Sprintf("beta/cloudPosture/customRules/%s", ruleId))
+}
 
-	contentTypeJSON(r)
+type CustomRuleTestInput struct {
+	AccountId     string `json:"accountId,omitempty"`
+	Configuration any    `json:"configuration"`
+	Resource      any    `json:"resource,omitempty"`
+}
 
-	return c.client.Do(r)
+func (c *V1ApiClient) CloudPostureTestCustomRule(input CustomRuleTestInput) (*http.Response, error) {
+	return c.genericJSONPost("beta/cloudPosture/customRules/test", input)
 }