From 1fc9d3e683f2ca06d6d3f20b2bfd487abd95aef6 Mon Sep 17 00:00:00 2001 From: gziv Date: Sun, 31 May 2026 12:17:03 +0300 Subject: [PATCH 1/2] feat: add red-hat-security-mcp-setup ASE evaluation submission --- .../evals/evals.json | 17 ++++ .../red-hat-security-mcp-setup/metadata.yaml | 5 ++ .../skills/SKILL.md | 87 +++++++++++++++++++ 3 files changed, 109 insertions(+) create mode 100644 submissions/red-hat-security-mcp-setup/evals/evals.json create mode 100644 submissions/red-hat-security-mcp-setup/metadata.yaml create mode 100644 submissions/red-hat-security-mcp-setup/skills/SKILL.md diff --git a/submissions/red-hat-security-mcp-setup/evals/evals.json b/submissions/red-hat-security-mcp-setup/evals/evals.json new file mode 100644 index 0000000..49af0f1 --- /dev/null +++ b/submissions/red-hat-security-mcp-setup/evals/evals.json @@ -0,0 +1,17 @@ +{ + "skill_name": "red-hat-security-mcp-setup", + "evals": [ + { + "id": "red-hat-security-mcp-setup-eval", + "name": "Red Hat Security MCP Setup", + "prompt": "A developer wants to enable live CVE and advisory lookups in their project. They need to add the Red Hat Security MCP server.\n\nDescribe the setup process: what file to modify, what the server configuration looks like, how authentication works, and what happens after setup.", + "expected_output": "A setup guide that adds a red-hat-security HTTP server entry to .mcp.json at the project root, configures the endpoint URL, and explains the Red Hat Customer Portal SSO browser-based authentication flow.", + "assertions": [ + "The output describes adding a server entry to .mcp.json at the project root, with key 'red-hat-security' and type 'http'.", + "The output specifies the MCP endpoint URL as https://security-mcp.api.redhat.com/mcp.", + "The output explains the authentication flow: Red Hat Customer Portal SSO via browser, with automatic browser window opening on first tool call.", + "The output describes merging the new server entry into existing .mcp.json without removing other servers already configured." + ] + } + ] +} diff --git a/submissions/red-hat-security-mcp-setup/metadata.yaml b/submissions/red-hat-security-mcp-setup/metadata.yaml new file mode 100644 index 0000000..6c32cb9 --- /dev/null +++ b/submissions/red-hat-security-mcp-setup/metadata.yaml @@ -0,0 +1,5 @@ +name: red-hat-security-mcp-setup +description: "Add the Red Hat Security MCP server to this project. Configures the HTTP" +persona: rh-sre +version: "1.0.0" +eval_engine: ase diff --git a/submissions/red-hat-security-mcp-setup/skills/SKILL.md b/submissions/red-hat-security-mcp-setup/skills/SKILL.md new file mode 100644 index 0000000..e1e851e --- /dev/null +++ b/submissions/red-hat-security-mcp-setup/skills/SKILL.md @@ -0,0 +1,87 @@ +--- +name: red-hat-security-mcp-setup +description: Add the Red Hat Security MCP server to this project. Configures the HTTP + transport endpoint and explains the Red Hat Customer Portal SSO browser login flow. +license: Apache-2.0 +--- + +# Red Hat Security MCP Setup + +Add the Red Hat Security MCP server to the current project's `.mcp.json`. + +## Prerequisites + +A Red Hat account at [console.redhat.com](https://console.redhat.com). + +## When to Use This Skill + +When the user wants to add the Red Hat Security MCP server to their project to enable live CVE and advisory lookups. + +## Workflow + +1. Locate or create `.mcp.json` at the project root. +2. Merge the `red-hat-security` HTTP server entry without removing existing servers. +3. Explain the browser SSO authentication flow to the user. + +## Dependencies + +- Write access to the project's `.mcp.json`. + +## Step 1 — Locate or create `.mcp.json` + +``` +PROJ=$(git rev-parse --show-toplevel 2>/dev/null || echo "$PWD") +MCP_FILE="$PROJ/.mcp.json" +``` + +If `.mcp.json` exists: read it and merge in the new server entry. +If it does not exist: create it with the skeleton below. + +## Step 2 — Add the server entry + +The server key is `red-hat-security`. Use HTTP transport. + +```json +{ + "mcpServers": { + "red-hat-security": { + "type": "http", + "url": "https://security-mcp.api.redhat.com/mcp" + } + } +} +``` + +Merge this entry into the existing `mcpServers` object without removing any other servers already present. + +Write the result back to `$PROJ/.mcp.json`. + +## Step 3 — Explain authentication to the user + +Tell the user: + +``` +Red Hat Security MCP server added. + +Authentication: Red Hat Customer Portal SSO + +The first time any tool from this server is called, a browser window will +open automatically so you can log in with your Red Hat account. After you +complete login, the session token is stored and subsequent calls proceed +without prompting. + +If the browser does not open automatically, look for an authentication URL +printed in the MCP server output and open it manually. + +Restart the agentic tool (or reload MCP servers) for the new configuration +to take effect. +``` + +## Notes + +- This server exposes Red Hat security data (CVEs, advisories, errata). It + is the backend used by `/red-hat-cve-explainer` when the `cve-mcp` tool is + available. +- An active Red Hat subscription is required to access the full dataset. +- Do not add `headers` or `env` auth fields to `.mcp.json` -- the server + handles authentication itself via the browser SSO flow. From 3ee7a9afcab5b453cfe43a6a5d7e7ba559f46c9c Mon Sep 17 00:00:00 2001 From: gziv Date: Sun, 31 May 2026 14:46:33 +0300 Subject: [PATCH 2/2] retrigger: queue runner parallel