PatchProof MCP
A focused four-tool MCP server for reproducible npm supply-chain inspection. The public deployment runs against a safe bundled fixture.
Live MCP endpoint
POST /api/mcp using the official stateless Streamable HTTP transport.
scan_repositoryBounded repository statistics.
generate_sbomDeterministic CycloneDX-shaped SBOM.
audit_dependenciesOffline vulnerability fixture audit.
generate_evidence_reportJSON and self-contained HTML evidence.
Verify the deployment
These controls call the deployed MCP endpoint directly against its bundled fixture.
Select an action to inspect the live JSON-RPC response.
Command-line check
curl -X POST https://YOUR-DEPLOYMENT.vercel.app/api/mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
Source and CyOps evidence: GitHub repository.