{"name":"siteintel","version":"1.0.0","description":"SiteIntel — continuous security and compliance posture intelligence for UK SMBs. Use this tool to query scan results, retrieve findings, and analyse compliance posture.","vendor":{"name":"SiteIntel","url":"https://siteintel.uk"},"transports":[{"type":"http+json-rpc","endpoint":"/api/mcp/rpc"}],"capabilities":{"tools":{"listChanged":false},"resources":{"listChanged":false},"prompts":{"listChanged":false}},"tools":[{"name":"siteintel_get_scan","description":"Retrieve a SiteIntel scan by id. Returns full structured intelligence: hero score, sub-scores, findings, budget memo, compliance posture, evidence cascades.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string","description":"SiteIntel scan id (e.g., cmp5...)"}}}},{"name":"siteintel_get_jsonld","description":"Get the Schema.org-style JSON-LD twin of a scan — agent-friendly structured representation.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"}}}},{"name":"siteintel_trigger_scan","description":"Trigger a new Mode 1 (public passive) scan of a domain. Returns scan id; poll siteintel_get_scan for completion. Wall-clock typically 60-120 seconds.","inputSchema":{"type":"object","required":["domain"],"properties":{"domain":{"type":"string","description":"Domain to scan"},"email":{"type":"string","format":"email","description":"Optional notification email"}}}},{"name":"siteintel_top_risks","description":"Summarise the top N risks from a scan with business-language paraphrases. Designed for agent-driven security briefings.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"},"limit":{"type":"integer","minimum":1,"maximum":20,"default":5}}}},{"name":"siteintel_compliance_gaps","description":"Get all compliance control gaps for a scan, optionally filtered by regime.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"},"regime":{"type":"string","enum":["uk-gdpr","pecr","cyber-essentials-basic","cyber-essentials-plus","nhs-dspt","fca-sysc","sra","iso-27001","soc-2"]}}}},{"name":"siteintel_compare_scans","description":"Diff two scans of the same domain to identify what changed.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"},"against":{"type":"string","description":"Optional previous scan id; defaults to most recent prior scan of the same domain"}}}},{"name":"siteintel_adversarial_replay_outcomes","description":"Get the adversarial browser replay outcomes for a scan: 5 probes (CSP enforcement, clickjacking, form-fuzz inventory, visual baseline, exfil-via-image) with per-probe defended/partial/undefended classification + narrative.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"}}}},{"name":"siteintel_explain_challenge_block","description":"When a scan was challenge-blocked by CF/WAF, return the explanation + remediation guidance (suggested wait window, alternative origins, Mode 2 escalation path).","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"}}}},{"name":"siteintel_find_similar_exposures","description":"Vectorize-backed semantic search across the customer corpus. Returns scans with similar exposure patterns (e.g., \"show me other financial-sector customers with KEV-listed npm packages\"). Tenant-scoped — requires tenantId.","inputSchema":{"type":"object","required":["query","tenantId"],"properties":{"query":{"type":"string","description":"Free-text query — describes the exposure pattern to find"},"tenantId":{"type":"string","description":"Tenant id — every query is scoped to this tenant only"},"sector":{"type":"string","description":"Optional sector filter (e.g., financial, healthcare, legal)"},"severity":{"type":"string","enum":["critical","high","medium","low"],"description":"Optional severity filter"},"topK":{"type":"integer","minimum":1,"maximum":50,"default":10}}}},{"name":"siteintel_get_audit_transcript","description":"Cloudflare AI Gateway transcript for a scan — every LLM call (Anthropic / Gemini for paraphrase + synthesis) with full input + output, cost, cache hit status. Closes the audit story for compliance / regulator review.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"}}}},{"name":"siteintel_get_trajectory","description":"Score trajectory for a domain — up to 24 prior completed scans ordered oldest → newest. Used by agents to answer questions like \"is this domain getting better or worse over the last quarter?\"","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"}}}},{"name":"siteintel_get_peer_percentile","description":"Peer percentile rank for a scan within the benchmarking corpus (industry-cohort when available, global fallback otherwise). Returns histogram buckets + the current scan's percentile.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"}}}},{"name":"siteintel_get_sbom_drift","description":"SBOM diff vs the most recent prior scan of the same domain. Lists added / removed / upgraded / downgraded packages plus newly-KEV-listed CVEs. Empty when no prior scan exists.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"}}}},{"name":"siteintel_get_system_health","description":"Live status of every infrastructure dependency: DB, Redis, AI providers, edge worker, R2, Resend, Turnstile. Each check returns ok / configured / missing / failed. Used by agents to verify their tools are operational before relying on them.","inputSchema":{"type":"object","properties":{}}},{"name":"siteintel_get_threat_intel_stats","description":"Threat-intel advisory store summary — total advisories, KEV count, per-source breakdown, recent ingest runs. Shows how fresh the platform's vulnerability corpus is. Internal-auth required.","inputSchema":{"type":"object","properties":{}}},{"name":"siteintel_check_dep_file_exposure","description":"Findings from the dep-file-exposure check for a given scan — which server-side dependency manifests (package.json, composer.json, requirements.txt, etc.) were found publicly accessible on the target.","inputSchema":{"type":"object","required":["scanId"],"properties":{"scanId":{"type":"string"}}}},{"name":"siteintel_apply_fix_propose","description":"Propose (dry-run) an auto-remediation against a vendor (e.g. Cloudflare). Returns the ProposedChange showing the exact before-state and proposed action against the vendor resource — NO mutation occurs. Use this output to render a confirmation dialog before calling siteintel_apply_fix_apply.","inputSchema":{"type":"object","required":["scan_id","finding_code","remediator_key","vendor_connection_id","requester_email"],"properties":{"scan_id":{"type":"string","description":"Scan id that surfaced the finding"},"finding_code":{"type":"string","description":"Finding code to remediate (e.g. dns-dmarc-missing)"},"remediator_key":{"type":"string","description":"Remediator key (e.g. cloudflare-dmarc-publish)"},"vendor_connection_id":{"type":"string","description":"VendorConnection id (encrypted vendor token reference)"},"requester_email":{"type":"string","format":"email","description":"Email of the requester — must match the VendorConnection owner for Mode 1"}}}},{"name":"siteintel_apply_fix_apply","description":"DANGER — MUTATES the user's vendor resource (e.g. creates/modifies a Cloudflare DNS record). The agent MUST FIRST call siteintel_apply_fix_propose, present the returned ProposedChange to the user, and obtain EXPLICIT CONFIRMATION before invoking this tool. Returns the applied result and an application_id for audit / undo.","inputSchema":{"type":"object","required":["scan_id","finding_code","remediator_key","vendor_connection_id","requester_email"],"properties":{"scan_id":{"type":"string"},"finding_code":{"type":"string"},"remediator_key":{"type":"string"},"vendor_connection_id":{"type":"string"},"requester_email":{"type":"string","format":"email"}}}},{"name":"siteintel_list_remediations","description":"List RemediationApplication audit records — every proposed / applied / failed / reverted remediation. Filterable by requester email, scan, vendor, finding code, or status. Falls back to direct DB query because /api/remediations is being built in parallel (Track 2).","inputSchema":{"type":"object","properties":{"email":{"type":"string","format":"email","description":"Filter by appliedByEmail"},"scan_id":{"type":"string"},"vendor":{"type":"string","description":"e.g. cloudflare"},"finding_code":{"type":"string"},"status":{"type":"string","enum":["proposed","applied","failed","reverted"]},"limit":{"type":"integer","minimum":1,"maximum":200,"default":50}}}},{"name":"siteintel_undo_remediation","description":"Revert a previously-applied remediation by application id. Requires requester email + optional reason. NOTE: the /api/remediations/{id}/undo endpoint is being built in parallel (Track 2) — this tool currently returns 503 until that endpoint ships.","inputSchema":{"type":"object","required":["application_id","requester_email"],"properties":{"application_id":{"type":"string"},"requester_email":{"type":"string","format":"email"},"reason":{"type":"string"}}}},{"name":"siteintel_list_vendor_connections","description":"List the active VendorConnection rows owned by a requester email. Returns id, vendor, label, scopeSummary, status — encrypted tokens are NEVER returned. Use the returned id as vendor_connection_id when invoking siteintel_apply_fix_*.","inputSchema":{"type":"object","required":["email"],"properties":{"email":{"type":"string","format":"email"}}}},{"name":"siteintel_get_sector_insights","description":"Sector-prevalence insights for a scan — \"X% of UK <sector> sites have this issue\" with a flag for whether this scan also has it. Powered by the anonymised corpus.","inputSchema":{"type":"object","required":["scan_id"],"properties":{"scan_id":{"type":"string"}}}},{"name":"siteintel_get_composite_signals","description":"Composite-signal patterns mined from the corpus for the scan's sector — co-occurring finding combinations with above-baseline score impact. Flags which patterns THIS scan matches.","inputSchema":{"type":"object","required":["scan_id"],"properties":{"scan_id":{"type":"string"}}}}],"resources":[{"uri":"siteintel://openapi","name":"OpenAPI 3.1 spec","description":"Full HTTP API surface description","mimeType":"application/json"},{"uri":"siteintel://compliance-controls","name":"Compliance control library","description":"Curated mapping of finding codes to compliance controls across 9 UK + international regimes","mimeType":"application/json"},{"uri":"siteintel://sector-insights/{sector}","name":"Sector insights (template)","description":"Top current insights for a sector — substitute {sector} (e.g. legal, financial, healthcare, ecommerce, general).","mimeType":"application/json"},{"uri":"siteintel://remediations/{application_id}","name":"Remediation audit record (template)","description":"Single RemediationApplication audit record by id — beforeState, proposedChange, afterState, vendorApiLog, undoMetadata, status.","mimeType":"application/json"}],"prompts":[{"name":"siteintel-board-briefing","description":"Generate a board-ready briefing from a scan — 3 paragraphs, no jargon, money/customer/regulator framing.","arguments":[{"name":"scanId","description":"Scan id","required":true}]},{"name":"siteintel-procurement-questionnaire","description":"Answer common security-procurement questions (SOC 2, ISO 27001, GDPR) using scan evidence.","arguments":[{"name":"scanId","description":"Scan id","required":true}]}],"documentation":{"gettingStarted":"https://siteintel.uk/docs/mcp","openapi":"/api/openapi","jsonldExample":"/api/scan/{id}/jsonld"}}