Updating app.py

README.md

@@ -10,3 +10,102 @@ pinned: false
 ---
 
 Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+
+# Vulnerability Scanner MCP Server
+
+This repository contains a small Gradio-based MCP server that provides three tools to inspect GitHub repositories using the GitHub REST API:
+
+- Get basic repository information
+- Retrieve the decoded content of a single file
+- Scan a repository for source code files with specific extensions (returns a list of file paths)
+
+The application is implemented in `app.py` and exposes a Gradio TabbedInterface with three API endpoints: `get_repository_info`, `get_file_content`, and `scan_repository`.
+
+## Requirements
+
+The project uses Python and the dependencies listed in `requirements.txt`. Key requirements used by the app are:
+
+- gradio (with mcp support)
+- requests
+- python-dotenv
+
+On Windows with PowerShell, create a virtual environment and install requirements:
+
+```powershell
+python -m venv .venv; .\.venv\Scripts\Activate.ps1; pip install -r requirements.txt
+```
+
+If you prefer cmd.exe use:
+
+```cmd
+python -m venv .venv && .\.venv\Scripts\activate.bat && pip install -r requirements.txt
+```
+
+## Environment variables
+
+The application requires a GitHub personal access token to access the GitHub API. Create a `.env` file in the project root with the following variable:
+
+```
+GITHUB_TOKEN=ghp_...your_token_here
+```
+
+The token must have permission to read the repositories you want to inspect (public repos are readable with a token that has no special scopes; private repos require appropriate scopes).
+
+## Running the server
+
+Start the app directly with Python. The Gradio interface will launch and expose the MCP API endpoints:
+
+```powershell
+python app.py
+```
+
+When run, the app prints startup information and launches Gradio in MCP server mode. By default Gradio will open a local web UI and also expose the MCP API endpoints used by other MCP clients.
+
+## Endpoints and usage
+
+The Gradio interface exposes three tools (functions) via the MCP server and also as interactive UI tabs:
+
+1) get_repository_info
+
+Inputs:
+- Repository Owner (e.g. `octocat`)
+- Repository Name (e.g. `Hello-World`)
+
+Output: A JSON-like text block containing repository metadata (name, full_name, description, primary_language, size_kb, stars, forks, default_branch, created_date, last_updated, is_private, clone_url).
+
+2) get_file_content
+
+Inputs:
+- Repository Owner
+- Repository Name
+- File Path (e.g. `README.md`)
+
+Output: Decoded file contents as plain text. If the file is binary or cannot be decoded, an error message is returned.
+
+3) scan_repository
+
+Inputs:
+- Repository Owner
+- Repository Name
+- File Extensions (comma-separated, default: `.py,.js,.ts,.php,.java`)
+
+Output: A list of file paths (limited to the first 50 matching files) found in the repository with the given extensions.
+
+Notes and edge-cases:
+
+- The code uses the GitHub REST API and will return HTTP error messages when repositories or files are not found or when the token lacks permissions.
+- `get_file_content` decodes base64 file content returned by the GitHub API and will return an error string for binary files.
+- `scan_repository` recursively traverses directories and limits results to avoid returning extremely large listings.
+
+## Example
+
+After starting the server, open the Gradio UI. From the UI you can call the three tools. Example programmatic calls are possible via the Gradio API endpoints; however this README focuses on interactive use through the launched UI (the functions are registered with `api_name` values matching their function names).
+
+## Development notes
+
+- The GitHub token is mandatory; the application raises ValueError if `GITHUB_TOKEN` is not present in the environment.
+- The app limits recursion results to avoid deep scans; adjust `_scan_directory_sync` if you need more files or different limits.
+
+## License
+
+This project does not include a license file in the repository. Add a LICENSE if you plan to publish or share this code.

app.py

@@ -0,0 +1,176 @@
+import json
+import os
+import base64
+from typing import Dict, List, Any
+import requests
+import gradio as gr
+from dotenv import load_dotenv
+
+# Load environment variables
+load_dotenv()
+
+class GitHubMCPServer:
+    """GitHub MCP Server for repository scanning and file access"""
+    
+    def __init__(self):
+        self.github_token = os.getenv("GITHUB_TOKEN")
+        if not self.github_token:
+            raise ValueError("GITHUB_TOKEN environment variable is required")
+        
+        self.headers = {
+            "Authorization": f"token {self.github_token}",
+            "Accept": "application/vnd.github.v3+json"
+        }
+    
+    def get_repository_info(self, owner: str, repo: str) -> dict:
+        """Get basic repository information"""
+        try:
+            url = f"https://api.github.com/repos/{owner}/{repo}"
+            response = requests.get(url, headers=self.headers)
+            
+            if response.status_code == 200:
+                data = response.json()
+                return {
+                    "success": True,
+                    "repository_name": data["name"],
+                    "full_name": data["full_name"],
+                    "description": data.get("description", "No description available"),
+                    "primary_language": data.get("language", "Unknown"),
+                    "size_kb": data["size"],
+                    "stars": data["stargazers_count"],
+                    "forks": data["forks_count"],
+                    "default_branch": data["default_branch"],
+                    "created_date": data["created_at"][:10],
+                    "last_updated": data["updated_at"][:10],
+                    "is_private": data["private"],
+                    "clone_url": data["clone_url"]
+                }
+            else:
+                return {
+                    "success": False,
+                    "error": f"Repository not found or inaccessible (HTTP {response.status_code})",
+                    "status_code": response.status_code
+                }
+            
+        except Exception as e:
+            return {
+                "success": False,
+                "error": f"Failed to fetch repository information: {str(e)}"
+            }
+    
+    def get_file_content(self, owner: str, repo: str, path: str) -> str:
+        """Get content of a specific file - returns just the file content as string"""
+        try:
+            url = f"https://api.github.com/repos/{owner}/{repo}/contents/{path}"
+            response = requests.get(url, headers=self.headers)
+            
+            if response.status_code == 200:
+                data = response.json()
+                if data["type"] == "file" and "content" in data:
+                    # Decode base64 content
+                    try:
+                        content = base64.b64decode(data["content"]).decode('utf-8')
+                        return content
+                    except UnicodeDecodeError:
+                        return f"ERROR: File '{path}' contains binary data that cannot be decoded as text"
+                else:
+                    return f"ERROR: Path '{path}' is not a file or content is not available"
+            else:
+                return f"ERROR: File '{path}' not found or inaccessible (HTTP {response.status_code})"
+            
+        except Exception as e:
+            return f"ERROR: Failed to fetch file content for '{path}': {str(e)}"
+    
+    def scan_repository(self, owner: str, repo: str, extensions: str = ".py,.js,.ts,.php,.java") -> list:
+        """Scan repository for code files - returns simple list of file paths"""
+        try:
+            ext_list = [ext.strip() for ext in extensions.split(",") if ext.strip()]
+            all_files = []
+            self._scan_directory_sync(owner, repo, "", ext_list, all_files)
+            
+            # Return simple list of file paths for easier processing by CodeAgent
+            file_paths = [file_info.get('path', '') for file_info in all_files[:50]]  # Limit to 50 files
+            return file_paths
+            
+        except Exception as e:
+            return [f"ERROR: Failed to scan repository: {str(e)}"]
+    
+    def _scan_directory_sync(self, owner: str, repo: str, path: str, extensions: List[str], all_files: List[Dict]):
+        """Recursively scan directory for files"""
+        try:
+            url = f"https://api.github.com/repos/{owner}/{repo}/contents/{path}"
+            response = requests.get(url, headers=self.headers)
+            
+            if response.status_code == 200:
+                data = response.json()
+                for item in data:
+                    if item["type"] == "file":
+                        if any(item["name"].endswith(ext) for ext in extensions):
+                            all_files.append({
+                                "name": item["name"],
+                                "path": item["path"],
+                                "type": item["type"],
+                                "size": item.get("size", 0),
+                                "sha": item["sha"]
+                            })
+                    elif item["type"] == "dir" and len(all_files) < 100:
+                        self._scan_directory_sync(owner, repo, item["path"], extensions, all_files)
+        except Exception:
+            pass
+
+# Initialize the GitHub MCP server
+github_server = GitHubMCPServer()
+
+# Create Gradio interfaces for MCP
+demo = gr.TabbedInterface(
+    [
+        gr.Interface(
+            fn=github_server.get_repository_info,
+            inputs=[
+                gr.Textbox(label="Repository Owner", placeholder="octocat"),
+                gr.Textbox(label="Repository Name", placeholder="Hello-World")
+            ],
+            outputs=gr.Textbox(label="Repository Information", lines=15),
+            title="Get Repository Information",
+            description="Get basic information about a GitHub repository",
+            api_name="get_repository_info"
+        ),
+        gr.Interface(
+            fn=github_server.get_file_content,
+            inputs=[
+                gr.Textbox(label="Repository Owner", placeholder="octocat"),
+                gr.Textbox(label="Repository Name", placeholder="Hello-World"),
+                gr.Textbox(label="File Path", placeholder="README.md")
+            ],
+            outputs=gr.Textbox(label="File Content", lines=20),
+            title="Get File Content",
+            description="Get the content of a specific file from a GitHub repository",
+            api_name="get_file_content"
+        ),
+        gr.Interface(
+            fn=github_server.scan_repository,
+            inputs=[
+                gr.Textbox(label="Repository Owner", placeholder="octocat"),
+                gr.Textbox(label="Repository Name", placeholder="Hello-World"),
+                gr.Textbox(label="File Extensions", value=".py,.js,.ts,.php,.java", placeholder=".py,.js,.ts,.php,.java")
+            ],
+            outputs=gr.Textbox(label="Scan Results", lines=20),
+            title="Scan Repository for Code Files",
+            description="Scan a GitHub repository for code files with specified extensions",
+            api_name="scan_repository"
+        )
+    ],
+    [
+        "Repository Info",
+        "File Content", 
+        "Repository Scanner"
+    ],
+    title="🐙 GitHub MCP Server"
+)
+
+if __name__ == "__main__":
+    print("🚀 Starting GitHub MCP Server with Gradio...")
+    print("📡 Server will provide GitHub repository access via MCP")
+    print("🛠️ Available tools: repository info, file content, repository scanner")
+    
+    demo.launch(mcp_server=True)

requirements.txt

@@ -0,0 +1,9 @@
+gradio[oauth,mcp]==5.45.0
+fastapi==0.115.2
+uvicorn==0.24.0
+mcp==1.10.1
+smolagents>=0.1.0
+requests>=2.28.0
+python-dotenv>=1.0.0
+pydantic>=2.11,<2.12
+smolagents[mcp]>=0.1.0