update scanner tool descriptions and asset create-tool

Signed-off-by: rafi <refaei.shikho@hotmail.com>

Author: refoo0

README.md

@@ -106,19 +106,26 @@ Add the server to your project or user config via the Claude Code CLI:
 claude mcp add devguard /path/to/devguard-mcp -e DEVGUARD_PAT=your-pat-here
 ```
 
-Or add it to `.claude/settings.json` manually:
+Or add it manually to `~/.claude.json` in your user directory:
 
 ```json
 {
   "mcpServers": {
     "devguard": {
-      "command": "/path/to/devguard-mcp-*"
+      "command": "/path/to/devguard-mcp-*",
       "env": {
-        "DEVGUARD_PAT": "your-pat-here"
+        "DEVGUARD_PAT": "your-pat-here",
+        "DEVGUARD_API_URL": "https://your-self-hosted-instance/api/v1"
       }
     }
   }
 }
 ```
 
-The tools will be available in your next Claude Code session.
+To verify the server was added successfully, run:
+
+```bash
+claude mcp list
+```
+
+You should see `devguard` listed. The tools will be available in your next Claude Code session.

go.mod

@@ -28,4 +28,5 @@ require (
 	golang.org/x/crypto v0.43.0 // indirect
 	golang.org/x/oauth2 v0.35.0 // indirect
 	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.30.0 // indirect
 )

go.sum

@@ -55,5 +55,9 @@ golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
 golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
 golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
+golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
+golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
+golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/tool/asset/tools.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-
 	"github.com/modelcontextprotocol/go-sdk/mcp"
 
 	"mcp-server/internal/api"
@@ -70,17 +69,23 @@ func listAssetVersions(client api.Client) registry.Handler {
 func createAsset(client api.Client) registry.Handler {
 	return func(ctx context.Context, req *mcp.CallToolRequest) (*mcp.CallToolResult, error) {
 		var args struct {
-			Organization string `json:"organization"`
-			Project      string `json:"project"`
-			Name         string `json:"name"`
-			Description  string `json:"description"`
+			Organization               string `json:"organization"`
+			Project                    string `json:"project"`
+			Name                       string `json:"name"`
+			Description                string `json:"description"`
+			ConfidentialityRequirement string `json:"confidentialityRequirement"`
+			IntegrityRequirement       string `json:"integrityRequirement"`
+			AvailabilityRequirement    string `json:"availabilityRequirement"`
 		}
 		if err := json.Unmarshal(req.Params.Arguments, &args); err != nil {
 			return helpers.Errorf("invalid arguments"), nil
 		}
 		body := map[string]any{
-			"name":        args.Name,
-			"description": args.Description,
+			"name":                       args.Name,
+			"description":                args.Description,
+			"confidentialityRequirement": args.ConfidentialityRequirement,
+			"integrityRequirement":       args.IntegrityRequirement,
+			"availabilityRequirement":    args.AvailabilityRequirement,
 		}
 		a, err := api.Post[api.AssetResponse](ctx, client, fmt.Sprintf("/organizations/%s/projects/%s/assets", args.Organization, args.Project), body)
 		if err != nil {

internal/tool/scanner/tools.go

@@ -58,13 +58,13 @@ func Register(r *registry.Registry, _ api.Client) {
 
 	r.Add(&mcp.Tool{
 		Name:        "run_sca",
-		Description: "Run Software Composition Analysis (dependency vulnerability scan) on a project directory or container image",
+		Description: "Run Software Composition Analysis (dependency vulnerability scan) on a project directory or container image.\n\nAfter the scan completes successfully, ask the user whether they want to call get_vuln_details for each discovered vulnerability to get full details and apply assessment logic.",
 		InputSchema: json.RawMessage(fmt.Sprintf(`{"type":"object","properties":{%s,%s,"path":{"type":"string","description":"Path to project directory or tar file"}},"required":["assetName","path"]}`, commonProps(), sbomProps)),
 	}, runSCA)
 
 	r.Add(&mcp.Tool{
 		Name:        "run_container_scanning",
-		Description: "Run vulnerability scan on an OCI container image",
+		Description: "Run vulnerability scan on an OCI container image.\n\nAfter the scan completes successfully, ask the user whether they want to call get_vuln_details for each discovered vulnerability to get full details and apply assessment logic.",
 		InputSchema: json.RawMessage(fmt.Sprintf(`{"type":"object","properties":{%s,%s,"image":{"type":"string","description":"OCI image reference, e.g. ghcr.io/org/image:tag"},"path":{"type":"string","description":"Path to a tar file or directory"},"ignoreUpstreamAttestations":{"type":"boolean","description":"Ignore attestations from the scanned image"}},"required":["assetName","path"]}`, commonProps(), sbomProps)),
 	}, runContainerScanning)