Context
implement an MCP server so that LLMs can interact with AttackMate
Alternatives
-
MCP server wraps the REST API (thin client)
The MCP server is a thin layer that translates LLM tool calls into HTTP requests to attackmate-api-server. AttackMate never runs in-process.
-
MCP server imports AttackMate directly (same pattern as api-server)
The MCP server instantiates AttackMate, calls run_command() / main() directly, same as commands.py and playbooks.py do now.
-> Choosing option 1 for less code duplication.
why not use "just" fast api and llms interact with that?
The REST API exposes AttackMate over the network but is not directly usable by LLMs, has no structured tool definitions.
The MCP server will act as a thin translation layer: it wraps the REST API, and exposes each operation as a typed tool (with schemas auto-generated from the Pydantic models), and serves the existing RST resources.
--> makes AttackMate directly drivable from MCP-compatible clients like Cursor or Claude Desktop without any changes to the API server itself.
TLDR:
fastAPI spec: describes only what endpoinds exist
whereas The MCP tools and docstrings and resource URIs embed behavioural guidance for an LLM
Context
implement an MCP server so that LLMs can interact with AttackMate
Alternatives
MCP server wraps the REST API (thin client)
The MCP server is a thin layer that translates LLM tool calls into HTTP requests to attackmate-api-server. AttackMate never runs in-process.
MCP server imports AttackMate directly (same pattern as api-server)
The MCP server instantiates AttackMate, calls run_command() / main() directly, same as commands.py and playbooks.py do now.
-> Choosing option 1 for less code duplication.
why not use "just" fast api and llms interact with that?
The REST API exposes AttackMate over the network but is not directly usable by LLMs, has no structured tool definitions.
The MCP server will act as a thin translation layer: it wraps the REST API, and exposes each operation as a typed tool (with schemas auto-generated from the Pydantic models), and serves the existing RST resources.
--> makes AttackMate directly drivable from MCP-compatible clients like Cursor or Claude Desktop without any changes to the API server itself.
TLDR:
fastAPI spec: describes only what endpoinds exist
whereas The MCP tools and docstrings and resource URIs embed behavioural guidance for an LLM