Skip to content
This repository was archived by the owner on Oct 28, 2025. It is now read-only.

feat: core RPC scanning #87

Merged
merged 14 commits into from
Aug 2, 2025
Merged

feat: core RPC scanning #87

merged 14 commits into from
Aug 2, 2025

Conversation

@brandonspark
Copy link
Collaborator

@brandonspark brandonspark commented Jul 29, 2025
edited by liukatkat
Loading

What:

This PR adds the ability to invoke a command across RPC to semgrep mcp to scan a file, rather than spinning up a whole CLI.

Why:

It's hella faster.

How:

We used the logic that we built out in #80 and added a new command, scanFiles, which allows us to scan some files.

Test plan:

vid.mov

@flaper87
Copy link
Collaborator

Is this ready for review?

@liukatkat liukatkat changed the base branch from brandon/semgrep-mcp-core to graphite-base/87 July 31, 2025 16:59
@liukatkat liukatkat changed the base branch from graphite-base/87 to main July 31, 2025 16:59
@liukatkat Graphite App
Copy link
Collaborator

liukatkat commented Jul 31, 2025
edited by brandonspark
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@liukatkat liukatkat mentioned this pull request Jul 31, 2025
Merged
semgrep-zcs-prod-semgrep[bot]
semgrep-zcs-prod-semgrep bot reviewed Jul 31, 2025
View reviewed changes
@liukatkat liukatkat mentioned this pull request Aug 1, 2025
Closed
@flaper87
Copy link
Collaborator

flaper87 commented Aug 1, 2025

See https://semgrepinc.slack.com/archives/C096Y2VR8BG/p1753807150948719

@brandonspark I'd suggest we don't link Slack conversations here since this repo is public and people may not want to sign up for slack to see this.

@liukatkat liukatkat mentioned this pull request Aug 1, 2025
Merged
@liukatkat
Copy link
Collaborator

liukatkat commented Aug 1, 2025
edited
Loading

I was about to review and merge this PR now that Semgrep 1.131.0 is out. However, after making a small change (capitalizing the global constants per the discussion in #80), I realized that CI started breaking. I made the following changes to make CI pass:

  1. I pinned the version of mcp to 1.12.2. This is because of a non-backwards compatible breaking change that affect the way we can use the FastMcp constructor. We can, alternatively, just update how we use the constructor.
  2. Now that we are adding semgrep-interfaces as a submodule to the repo, I made some changes to the workflows and excluded the submodule from the pyright scan.

Since I have made some additional changes, I feel like I can't just merge the change right now, and would love if someone could take a look at this before I merge it to main!

@liukatkat
Copy link
Collaborator

See https://semgrepinc.slack.com/archives/C096Y2VR8BG/p1753807150948719

@brandonspark I'd suggest we don't link Slack conversations here since this repo is public and people may not want to sign up for slack to see this.

Updated to a video instead!

@liukatkat liukatkat merged commit 0440ce9 into main Aug 2, 2025
14 checks passed
@liukatkat liukatkat deleted the brandon/mcp-scan branch August 2, 2025 00:00
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@semgrep-zcs-prod-semgrep semgrep-zcs-prod-semgrep[bot] semgrep-zcs-prod-semgrep[bot] left review comments

@DrewDennison DrewDennison DrewDennison approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@brandonspark @flaper87 @liukatkat @DrewDennison