feat(cloud-guard): add problems mcp server

Author: cboffa13

.gitignore

@@ -19,5 +19,8 @@ uv.lock
 # Mac files
 .DS_Store
 
+#IDE
+.idea
+
 # test environments
 .env

src/oci-cloud-guard-mcp-server/.python-version

@@ -0,0 +1 @@
+3.13

src/oci-cloud-guard-mcp-server/LICENSE.txt

@@ -0,0 +1,35 @@
+Copyright (c) 2025 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

src/oci-cloud-guard-mcp-server/README.md

@@ -0,0 +1,39 @@
+# OCI Cloud Guard MCP Server
+
+## Overview
+
+This package implements certain functions of the [OCI Cloud Guard Service](https://docs.oracle.com/en-us/iaas/Content/cloud-guard/home.htm).
+It includes tools to help with managing cloud guard problems.
+
+## Running the server
+
+```sh
+uv run oracle.oci-cloud-guard-mcp-server
+```
+
+## Tools
+
+| Tool Name             | Description                               |
+|-----------------------|-------------------------------------------|
+| list_problems         | List the problems in a given compartment  |
+| get_problem_details   | Get the problem details with a given OCID |
+| update_problem_status | Updates the status of a problem           |
+
+⚠️ **NOTE**: All actions are performed with the permissions of the configured OCI CLI profile. We advise least-privilege IAM setup, secure credential management, safe network practices, secure logging, and warn against exposing secrets.
+
+## Third-Party APIs
+
+Developers choosing to distribute a binary implementation of this project are responsible for obtaining and providing all required licenses and copyright notices for the third-party code used in order to ensure compliance with their respective open source licenses.
+
+## Disclaimer
+
+Users are responsible for their local environment and credential safety. Different language model selections may yield different results and performance.
+
+## License
+
+Copyright (c) 2025 Oracle and/or its affiliates.
+
+Released under the Universal Permissive License v1.0 as shown at  
+<https://oss.oracle.com/licenses/upl/>.
+
+

src/oci-cloud-guard-mcp-server/oracle/__init__.py

@@ -0,0 +1,5 @@
+"""
+Copyright (c) 2025, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v1.0 as shown at
+https://oss.oracle.com/licenses/upl.
+"""

src/oci-cloud-guard-mcp-server/oracle/oci_cloud_guard_mcp_server/__init__.py

@@ -0,0 +1,8 @@
+"""
+Copyright (c) 2025, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v1.0 as shown at
+https://oss.oracle.com/licenses/upl.
+"""
+
+__project__ = "oracle.oci-cloud-guard-mcp-server"
+__version__ = "1.0.0"

src/oci-cloud-guard-mcp-server/oracle/oci_cloud_guard_mcp_server/server.py

@@ -0,0 +1,201 @@
+"""
+Copyright (c) 2025, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v1.0 as shown at
+https://oss.oracle.com/licenses/upl.
+"""
+
+import os
+from datetime import datetime, timedelta, timezone
+from logging import Logger
+from typing import Annotated, Any, Dict, List, Optional
+
+import oci
+from fastmcp import FastMCP
+from oci.cloud_guard import CloudGuardClient
+
+from . import __project__, __version__
+
+logger = Logger(__name__, level="INFO")
+
+mcp = FastMCP(name=__project__)
+
+
+def get_cloud_guard_client():
+    config = oci.config.from_file(
+        profile_name=os.getenv("OCI_CONFIG_PROFILE", oci.config.DEFAULT_PROFILE)
+    )
+
+    user_agent_name = __project__.split("oracle.", 1)[1].split("-server", 1)[0]
+    config["additional_user_agent"] = f"{user_agent_name}/{__version__}"
+
+    private_key = oci.signer.load_private_key_from_file(config["key_file"])
+    token_file = config["security_token_file"]
+    token = None
+    with open(token_file, "r") as f:
+        token = f.read()
+    signer = oci.auth.signers.SecurityTokenSigner(token, private_key)
+    return CloudGuardClient(config, signer=signer)
+
+
+@mcp.tool(
+    name="list_problems",
+    description="Returns a list of all Problems identified by Cloud Guard.",
+)
+def list_problems(
+    compartment_id: Annotated[
+        Optional[str], "The OCID of the compartment in which to list resources."
+    ] = None,
+    risk_level: Annotated[Optional[str], "Risk level of the problem"] = None,
+    lifecycle_state: Annotated[
+        Optional[str],
+        "The field lifecycle state. Only one state can be provided. Default value for state is active.",
+    ] = "ACTIVE",
+    detector_rule_ids: Annotated[
+        Optional[list[str]],
+        "Comma seperated list of detector rule IDs to be passed in to match against Problems.",
+    ] = None,
+    time_range_days: Annotated[
+        Optional[int], "Number of days to look back for problems"
+    ] = 30,
+    limit: Annotated[int, "The number of problems to return"] = 10,
+) -> List[Dict[str, Any]]:
+    time_filter = (
+        datetime.now(timezone.utc) - timedelta(days=time_range_days)
+    ).isoformat()
+
+    kwargs = {
+        "compartment_id": compartment_id,
+        "time_last_detected_greater_than_or_equal_to": time_filter,
+        "limit": limit,
+    }
+
+    if risk_level:
+        kwargs["risk_level"] = risk_level
+    if lifecycle_state:
+        kwargs["lifecycle_state"] = lifecycle_state
+    if detector_rule_ids:
+        kwargs["detector_rule_id_list"] = detector_rule_ids
+
+    response = get_cloud_guard_client().list_problems(**kwargs).data.items
+    return [
+        {
+            "id": problem.id,
+            "status": problem.lifecycle_detail,
+            "detector_rule_id": problem.detector_rule_id,
+            "risk_level": problem.risk_level,
+            "risk_score": problem.risk_score,
+            "resource_name": problem.resource_name,
+            "resource_type": problem.resource_type,
+            "lifecycle_state": problem.lifecycle_state,
+            "time_first_detected": (
+                problem.time_first_detected.isoformat()
+                if problem.time_first_detected
+                else None
+            ),
+            "time_last_detected": (
+                problem.time_last_detected.isoformat()
+                if problem.time_last_detected
+                else None
+            ),
+            "region": problem.region,
+            "labels": problem.labels,
+            "compartment_id": problem.compartment_id,
+        }
+        for problem in response
+    ]
+
+
+@mcp.tool(
+    name="get_problem_details",
+    description="Get the details for a Problem identified by problemId.",
+)
+def get_problem_details(
+    problem_id: Annotated[str, "The OCID of the problem"],
+):
+    response = get_cloud_guard_client().get_problem(problem_id=problem_id)
+    problem = response.data
+
+    return {
+        "id": problem.id,
+        "detector_rule_id": problem.detector_rule_id,
+        "detector_id": problem.detector_id,
+        "risk_level": problem.risk_level,
+        "risk_score": problem.risk_score,
+        "resource_id": problem.resource_id,
+        "resource_name": problem.resource_name,
+        "resource_type": problem.resource_type,
+        "lifecycle_state": problem.lifecycle_state,
+        "lifecycle_detail": problem.lifecycle_detail,
+        "time_first_detected": (
+            problem.time_first_detected.isoformat()
+            if problem.time_first_detected
+            else None
+        ),
+        "time_last_detected": (
+            problem.time_last_detected.isoformat()
+            if problem.time_last_detected
+            else None
+        ),
+        "description": problem.description,
+        "recommendation": problem.recommendation,
+        "additional_details": problem.additional_details,
+        "comment": problem.comment,
+    }
+
+
+@mcp.tool(
+    name="update_problem_status",
+    description="Changes the current status of the problem, identified by problemId, to the status "
+    "specified in the UpdateProblemStatusDetails resource that you pass.",
+)
+def update_problem_status(
+    problem_id: Annotated[str, "OCID of the problem"],
+    status: Annotated[
+        str,
+        "Action taken by user. Allowed values are: OPEN, RESOLVED, DISMISSED, CLOSED",
+    ],
+    comment: Annotated[Optional[str], "A comment from the user"] = None,
+):
+    updated_problem_status = oci.cloud_guard.models.UpdateProblemStatusDetails(
+        status=status, comment=comment
+    )
+    response = get_cloud_guard_client().update_problem_status(
+        problem_id=problem_id,
+        update_problem_status_details=updated_problem_status,
+    )
+    problem = response.data
+
+    return {
+        "id": problem.id,
+        "detector_rule_id": problem.detector_rule_id,
+        "detector_id": problem.detector_id,
+        "risk_level": problem.risk_level,
+        "risk_score": problem.risk_score,
+        "resource_id": problem.resource_id,
+        "resource_name": problem.resource_name,
+        "resource_type": problem.resource_type,
+        "lifecycle_state": problem.lifecycle_state,
+        "lifecycle_detail": problem.lifecycle_detail,
+        "time_first_detected": (
+            problem.time_first_detected.isoformat()
+            if problem.time_first_detected
+            else None
+        ),
+        "time_last_detected": (
+            problem.time_last_detected.isoformat()
+            if problem.time_last_detected
+            else None
+        ),
+        "description": problem.description,
+        "recommendation": problem.recommendation,
+        "additional_details": problem.additional_details,
+        "comment": problem.comment,
+    }
+
+
+def main():
+    mcp.run()
+
+
+if __name__ == "__main__":
+    main()