Andrea Cosentino created CAMEL-23979:
----------------------------------------

             Summary: camel-jbang-mcp: expose CVE security advisories as MCP 
tool and resources
                 Key: CAMEL-23979
                 URL: https://issues.apache.org/jira/browse/CAMEL-23979
             Project: Camel
          Issue Type: Improvement
          Components: camel-jbang
            Reporter: Andrea Cosentino


The camel-jbang-mcp MCP server already exposes a security surface: the 
camel_harden tool, the SecurityData registry of security-sensitive components, 
and the camel://security/* resources. However it has no knowledge of the 
published Camel CVE security advisories (https://camel.apache.org/security/), 
so an AI agent using the server cannot answer questions like "is my Camel 
4.10.1 project affected by known CVEs?" or flag that a route using 
platform-http plus bean on Camel 4.10.1 is exposed to CVE-2025-27636.

The advisories behind that page are maintained in the apache/camel-website 
repository under content/security/CVE-*.md with structured YAML front matter 
(cve, severity, summary, description, mitigation, credit, affected, fixed, 
date), so the data is machine-consumable without HTML scraping.

h3. Proposal

# New MCP tool {{camel_security_advisories}}: optional args camelVersion, 
component, severity; returns matching published advisories (cve, severity, 
summary, affected, fixed, mitigation, link). Declared with openWorldHint=true 
since it fetches remote data.
# New MCP resources {{camel://security/advisories}} (list) and 
{{camel://security/advisory/\{cve\}}} (detail), following the existing 
SecurityResources pattern.
# Integrate advisory matching into the camel_harden tool context: when route 
analysis identifies components and a camelVersion is provided, include known 
CVEs affecting those components at that version.

h3. Design notes

* Advisory data is fetched at runtime (with a local cache under the user home, 
e.g. ~/.camel-jbang) rather than embedded at build time, because embedded 
snapshots go stale: a server released before a CVE is published would never 
know about it. Runtime downloads are already part of the server's operating 
model (CatalogService resolves version-specific catalogs via Maven).
* Offline behavior must be explicit ("advisory data unavailable"), never a 
silently stale "no CVEs found".
* Only published advisories from the public website/repository are used.
* The {{affected}} field is prose (e.g. "Apache Camel 4.10.0 before 4.10.2 
..."); recent advisories follow a consistent pattern so a best-effort 
affectsGivenVersion flag can be computed, with the prose always returned 
verbatim for the LLM to reason over.
* Component filtering starts as best-effort token matching (camel-<name>) 
against summary/description; a structured components front-matter field could 
be added to new advisories in camel-website as a follow-up.
* Initial data source: the camel-website repository raw content (tree listing 
plus cached per-advisory fetches). As a follow-up, camel-website could publish 
a machine-readable JSON feed (e.g. /security/index.json via a Hugo output 
format) and become the canonical endpoint for this and other tooling.
* Tests use canned advisory fixtures so CI requires no network.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to