Skip to content

MCP server for attackmate #239

Description

@thorinaboenke

Context
implement an MCP server so that LLMs can interact with AttackMate

Alternatives

  1. MCP server wraps the REST API (thin client)
    The MCP server is a thin layer that translates LLM tool calls into HTTP requests to attackmate-api-server. AttackMate never runs in-process.

  2. MCP server imports AttackMate directly (same pattern as api-server)
    The MCP server instantiates AttackMate, calls run_command() / main() directly, same as commands.py and playbooks.py do now.

-> Choosing option 1 for less code duplication.

why not use "just" fast api and llms interact with that?
The REST API exposes AttackMate over the network but is not directly usable by LLMs, has no structured tool definitions.
The MCP server will act as a thin translation layer: it wraps the REST API, and exposes each operation as a typed tool (with schemas auto-generated from the Pydantic models), and serves the existing RST resources.
--> makes AttackMate directly drivable from MCP-compatible clients like Cursor or Claude Desktop without any changes to the API server itself.
TLDR:
fastAPI spec: describes only what endpoinds exist
whereas The MCP tools and docstrings and resource URIs embed behavioural guidance for an LLM

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions