Dashboard auth, live events tab, XSS sanitization, store, CI, logging, mypy config

Author: Carlos-Projects

.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          pip install -e ".[dev]"
+
+      - name: Run tests
+        run: python -m pytest -v

.pre-commit-config.yaml

@@ -0,0 +1,30 @@
+repos:
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.11.5
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.15.0
+    hooks:
+      - id: mypy
+        args: [--ignore-missing-imports]
+        additional_dependencies:
+          - fastapi
+          - uvicorn
+          - httpx
+          - jinja2
+          - plotly
+          - pydantic
+          - rich
+        files: ^mcpscope/
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files

CHANGELOG.md

@@ -1,17 +1,28 @@
-# Changelog
+# MCPscop
 
-## [0.1.0] - 2026-05-23
+## [Unreleased]
 
 ### Added
-- Initial release of MCP-Scope
-- Parse and import results from Cisco MCP Scanner, Cisco A2A Scanner, mcp-scan, MCPwn, and SARIF
-- Web dashboard with Plotly charts (severity pie, top tools bar, severity trend)
-- REST API with pagination, filtering, search, and scan diff
-- CLI: `serve`, `scan`, `import`, `report` (json/csv/pdf), `seed`, `prune`, `backup`, `restore`, `config`
-- SQLite storage with scan history and deduplication
-- Webhook and Slack alerts for critical/high findings
-- API key authentication for CI/CD integration
-- Dockerfile and GitHub Actions workflow
-- Auto-refresh, finding detail view, scan comparison (diff)
-- File size validation on import
-- 46 unit and HTTP integration tests
+- Security events API and dashboard views
+- JSON logging output
+- Dashboard authentication
+- MCPGuard event forwarder integration
+
+### Fixed
+- API key validation in REST endpoints
+- CORS headers for cross-origin dashboard access
+- HTML sanitization in scan result display
+
+## [0.1.0] - 2025-08-01
+
+### Added
+- Unified dashboard for MCP/A2A scanner results
+- FastAPI REST API for scan ingestion and querying
+- SQLite storage backends
+- Plotly-based interactive charts and visualizations
+- Support for Cisco MCP/A2A scanner output
+- Support for mcp-scan output
+- Support for MCPwn output
+- SARIF format ingestion
+- Rich CLI output for terminal usage
+- Scan comparison and trend analysis

README.md

@@ -193,6 +193,24 @@ pip install -e ".[dev]"
 pytest
 ```
 
+## Security Events (MCPGuard Integration)
+
+MCP-Scope can receive real-time security events from MCPGuard:
+
+```bash
+# Configure MCPGuard's config.yaml:
+mcpscop_url: http://localhost:8000
+
+# Events appear in the "Live Events" dashboard tab
+```
+
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/api/events` | POST | Ingest a security event |
+| `/api/events` | GET | List events (filters: severity, event_type) |
+| `/api/events/stats` | GET | Event statistics |
+| `/api/events` | DELETE | Clear all events |
+
 ## License
 
 [MIT](LICENSE)