Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: core RPC scanning #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Aug 2, 2025
Merged

feat: core RPC scanning #87

merged 14 commits into from
Aug 2, 2025

Conversation

brandonspark
Copy link
Collaborator

@brandonspark brandonspark commented Jul 29, 2025
edited by liukatkat
Loading

What:

This PR adds the ability to invoke a command across RPC to semgrep mcp to scan a file, rather than spinning up a whole CLI.

Why:

It's hella faster.

How:

We used the logic that we built out in #80 and added a new command, scanFiles, which allows us to scan some files.

Test plan:

vid.mov

@flaper87
Copy link
Collaborator

Is this ready for review?

@liukatkat liukatkat changed the base branch from brandon/semgrep-mcp-core to graphite-base/87 July 31, 2025 16:59
@liukatkat liukatkat changed the base branch from graphite-base/87 to main July 31, 2025 16:59
@liukatkat Graphite App
Copy link
Collaborator

liukatkat commented Jul 31, 2025
edited by brandonspark
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@liukatkat liukatkat mentioned this pull request Jul 31, 2025
Merged
semgrep-zcs-prod-semgrep[bot]
semgrep-zcs-prod-semgrep bot reviewed Jul 31, 2025
View reviewed changes
@liukatkat liukatkat mentioned this pull request Aug 1, 2025
Closed
@flaper87
Copy link
Collaborator

flaper87 commented Aug 1, 2025

See https://semgrepinc.slack.com/archives/C096Y2VR8BG/p1753807150948719

@brandonspark I'd suggest we don't link Slack conversations here since this repo is public and people may not want to sign up for slack to see this.

@liukatkat liukatkat mentioned this pull request Aug 1, 2025
Merged
@liukatkat
Copy link
Collaborator

liukatkat commented Aug 1, 2025
edited
Loading

I was about to review and merge this PR now that Semgrep 1.131.0 is out. However, after making a small change (capitalizing the global constants per the discussion in #80), I realized that CI started breaking. I made the following changes to make CI pass:

  1. I pinned the version of mcp to 1.12.2. This is because of a non-backwards compatible breaking change that affect the way we can use the FastMcp constructor. We can, alternatively, just update how we use the constructor.
  2. Now that we are adding semgrep-interfaces as a submodule to the repo, I made some changes to the workflows and excluded the submodule from the pyright scan.

Since I have made some additional changes, I feel like I can't just merge the change right now, and would love if someone could take a look at this before I merge it to main!

@liukatkat
Copy link
Collaborator

See https://semgrepinc.slack.com/archives/C096Y2VR8BG/p1753807150948719

@brandonspark I'd suggest we don't link Slack conversations here since this repo is public and people may not want to sign up for slack to see this.

Updated to a video instead!

@liukatkat liukatkat merged commit 0440ce9 into main Aug 2, 2025
14 checks passed
@liukatkat liukatkat deleted the brandon/mcp-scan branch August 2, 2025 00:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@semgrep-zcs-prod-semgrep semgrep-zcs-prod-semgrep[bot] semgrep-zcs-prod-semgrep[bot] left review comments

@DrewDennison DrewDennison DrewDennison approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@brandonspark @flaper87 @liukatkat @DrewDennison