diff --git a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md index b38e18cc..f3c28e6f 100644 --- a/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md +++ b/rh-basic/skills/red-hat-security-mcp-setup/SKILL.md @@ -1,16 +1,19 @@ --- name: red-hat-security-mcp-setup -description: Add the Red Hat Security MCP server to this project. Configures the HTTP transport endpoint and explains the Red Hat Customer Portal SSO browser login flow. +description: Configure the Red Hat Security MCP server in the current project or user-level MCP config file. license: Apache-2.0 user_invocable: true model: inherit -color: blue allowed-tools: +# allowed-tools is intentionally empty. Populate it with the file read/write +# tool names for your client before use. Claude Code uses Read and Write; +# consult your client's documentation for equivalents in Cursor or Copilot. --- -# Red Hat Security MCP Setup -Add the Red Hat Security MCP server to the current project's `.mcp.json`. +# Setup MCP server for Red Hat security content + +Add the MCP server for Red Hat security content to the current project. ## Prerequisites @@ -20,71 +23,46 @@ A Red Hat account at [console.redhat.com](https://console.redhat.com). When the user wants to add the Red Hat Security MCP server to their project to enable live CVE and advisory lookups. -## Workflow - -1. Locate or create `.mcp.json` at the project root. -2. Merge the `red-hat-security` HTTP server entry without removing existing servers. -3. Explain the browser SSO authentication flow to the user. - -## Dependencies - -- Write access to the project's `.mcp.json`. - -## Step 1 — Locate or create `.mcp.json` - -``` -PROJ=$(git rev-parse --show-toplevel 2>/dev/null || echo "$PWD") -MCP_FILE="$PROJ/.mcp.json" -``` +## Server details -If `.mcp.json` exists: read it and merge in the new server entry. -If it does not exist: create it with the skeleton below. +| Field | Value | +|---|---| +| Key | `red-hat-security` | +| Transport | HTTP | +| URL | `https://security-mcp.api.redhat.com/mcp` | -## Step 2 — Add the server entry +## Instructions -The server key is `red-hat-security`. Use HTTP transport. +1. Determine the MCP configuration file supported by this client. +2. If this client supports project scope, ask the user: + "Install the Red Hat Security MCP server for this project only or globally for all projects?" + Wait for the user's answer before proceeding. + Do not infer scope from context. +3. Add or update the `red-hat-security` server entry with: + - `type: http` + - `url: https://security-mcp.api.redhat.com/mcp` +4. If the config already contains a `red-hat-security` entry, update that entry in place instead of adding a duplicate. +5. Do not add `headers` or `env` auth fields; the server handles authentication itself via browser SSO. +6. If the chosen file cannot be written or the client does not expose a writable MCP config path, stop and report: `Could not write MCP configuration because the client does not support writable MCP config files or the file is not writable.` +7. Report the absolute path to the file you updated. -```json -{ - "mcpServers": { - "red-hat-security": { - "type": "http", - "url": "https://security-mcp.api.redhat.com/mcp" - } - } -} -``` -Merge this entry into the existing `mcpServers` object without removing any other servers already present. - -Write the result back to `$PROJ/.mcp.json`. - -## Step 3 — Explain authentication to the user +## After installation Tell the user: +- Red Hat Security MCP server added to . +- Authentication is required to use: When the MCP server is first loaded, a + browser window will open for you to log in with your Red Hat account. + Complete the SSO login and you will be redirected back to your client. If + the browser does not open automatically or SSO login fails, use the client’s + reconnect button and retry. +- Restart your client or reload MCP servers for the new configuration to take + effect. +- After restart, open your client's MCP server list and enable the Red Hat Security server if it is not already active. -``` -Red Hat Security MCP server added. - -Authentication: Red Hat Customer Portal SSO - -The first time any tool from this server is called, a browser window will -open automatically so you can log in with your Red Hat account. After you -complete login, the session token is stored and subsequent calls proceed -without prompting. - -If the browser does not open automatically, look for an authentication URL -printed in the MCP server output and open it manually. - -Restart the agentic tool (or reload MCP servers) for the new configuration -to take effect. -``` ## Notes -- This server exposes Red Hat security data (CVEs, advisories, errata). It - is the backend used by `/red-hat-cve-explainer` when the `cve-mcp` tool is - available. +- Provided by Red Hat for Red Hat customers and partners. - An active Red Hat subscription is required to access the full dataset. -- Do not add `headers` or `env` auth fields to `.mcp.json` -- the server - handles authentication itself via the browser SSO flow. +- Learn more: https://catalog.redhat.com/en/software/container-stacks/detail/6a0488e942b089e6e3b952b0 \ No newline at end of file