JUHE API Marketplace
ZeroPathAI avatar
MCP Server

ZeroPath MCP Server

Allows developers to query security findings (SAST issues, secrets, patches) using natural language within AI-assisted tools like Claude Desktop, Cursor, and other MCP-compatible environments.

8
GitHub Stars
3/10/2026
Last Updated
MCP Server Configuration
1{
2 "name": "zeropath",
3 "command": "uvx",
4 "args": [
5 "--from",
6 "git+https://github.com/ZeroPathAI/zeropath-mcp-server",
7 "zeropath-mcp-server"
8 ],
9 "env": {
10 "ZEROPATH_BASE_URL": "https://zeropath.com",
11 "ZEROPATH_TOKEN_ID": "your_token_id",
12 "ZEROPATH_TOKEN_SECRET": "your_token_secret",
13 "ZEROPATH_ORG_ID": "your_org_id"
14 }
15}
JSON15 lines
  1. Home
  3. MCP Servers
  5. zeropath-mcp-server

README Documentation

ZeroPath MCP Server

Interact with ZeroPath security findings via MCP-compatible tools.

This MCP server calls ZeroPath tRPC V2 procedures directly (no REST wrappers) and returns structured JSON responses suitable for agent consumption.

Blog Post

Learn more about why we built this and how it fits into the evolving AI development ecosystem:

Chat With Your AppSec Scans: Introducing the ZeroPath MCP Server

Installation

Quick Install (Recommended)

Install directly from GitHub:

# Using pip
pip install git+https://github.com/ZeroPathAI/zeropath-mcp-server.git

# Using uvx (run without installing)
uvx --from git+https://github.com/ZeroPathAI/zeropath-mcp-server zeropath-mcp-server

You can also pin to a specific version:

# Specific version tag
pip install git+https://github.com/ZeroPathAI/zeropath-mcp-server.git@v0.1.0

# Latest from main branch
uvx --from "git+https://github.com/ZeroPathAI/zeropath-mcp-server@main" zeropath-mcp-server

From Source

git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git
cd zeropath-mcp-server
uv sync

From PyPI (Optional)

If the package is published to PyPI, you can also install via:

pip install zeropath-mcp-server

Setup

1. Generate API Key

Generate a user-scoped or admin API key from ZeroPath Settings.

2. Configure Environment Variables

export ZEROPATH_BASE_URL="https://zeropath.com"  # optional (defaults to https://zeropath.com)
export ZEROPATH_TOKEN_ID=your_token_id
export ZEROPATH_TOKEN_SECRET=your_token_secret
export ZEROPATH_ORG_ID=your_org_id

Use ZEROPATH_BASE_URL to target staging or another environment, for example:

export ZEROPATH_BASE_URL="https://staging.branch.zeropath.com"

Configuration

Add the following to your MCP config file (Claude Desktop, Cursor, etc.):

Using GitHub URL (Recommended)

{
  "mcpServers": {
    "zeropath": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/ZeroPathAI/zeropath-mcp-server",
        "zeropath-mcp-server"
      ],
      "env": {
        "ZEROPATH_BASE_URL": "https://zeropath.com",
        "ZEROPATH_TOKEN_ID": "your_token_id",
        "ZEROPATH_TOKEN_SECRET": "your_token_secret",
        "ZEROPATH_ORG_ID": "your_org_id"
      }
    }
  }
}

Using source install

{
  "mcpServers": {
    "zeropath": {
      "command": "uv",
      "args": [
        "run",
        "--project",
        "/path/to/zeropath-mcp-server",
        "python",
        "-m",
        "zeropath_mcp_server"
      ],
      "env": {
        "ZEROPATH_BASE_URL": "https://zeropath.com",
        "ZEROPATH_TOKEN_ID": "your_token_id",
        "ZEROPATH_TOKEN_SECRET": "your_token_secret",
        "ZEROPATH_ORG_ID": "your_org_id"
      }
    }
  }
}

Using PyPI install (Optional)

{
  "mcpServers": {
    "zeropath": {
      "command": "zeropath-mcp-server",
      "env": {
        "ZEROPATH_BASE_URL": "https://zeropath.com",
        "ZEROPATH_TOKEN_ID": "your_token_id",
        "ZEROPATH_TOKEN_SECRET": "your_token_secret",
        "ZEROPATH_ORG_ID": "your_org_id"
      }
    }
  }
}

Tool Surface (tRPC V2)

Tools are loaded dynamically from the ZeroPath frontend's MCP manifest at startup.

All tool calls use tRPC V2 procedures directly using tRPC v10 HTTP conventions:

  • Queries: GET /trpc/<procedure>?input=<url-encoded-json>
  • Mutations: POST /trpc/<procedure> with the raw JSON input object as the body (not wrapped).

Successful responses are returned as structured JSON with the { "result": { "data": ... } } wrapper removed. Errors return the tRPC error object directly.

The server also performs best-effort client-side input validation using each tool's inputSchema from the manifest and returns a BAD_REQUEST error before calling tRPC when inputs are invalid. If a schema uses unsupported JSON Schema features, client-side validation is skipped for that call (server-side validation remains authoritative).

Example Calls

List issues:

{
  "tool": "issues.list",
  "input": {
    "page": 1,
    "pageSize": 25,
    "statuses": ["PENDING_REVIEW"],
    "sortBy": "score",
    "sortOrder": "desc"
  }
}

Archive issues:

{
  "tool": "issues.archive",
  "input": {
    "issueIds": ["issue_123", "issue_456"],
    "reason": "Confirmed duplicate"
  }
}

Create a rule:

{
  "tool": "rules.create",
  "input": {
    "name": "Detect unsafe eval",
    "rule": "Detect any use of eval() on user input",
    "globPattern": "**/*.js",
    "sourceTypes": ["FILE_HANDLER"],
    "repositoryIds": ["repo_123"]
  }
}

Fetch stats summary:

{
  "tool": "stats.summary",
  "input": {
    "organizationId": "org_123"
  }
}

Development

Running Tests

uv run pytest tests/ -v

Building the Package

uv build

Publishing to PyPI (Optional)

uv publish

Contributing

We welcome contributions from the security, AI, and developer tools communities.

  • Found a bug? Open an issue
  • Want to improve a tool or add a new one? Submit a pull request
  • Have feedback or questions? Join us on Discord

License

MIT License - see LICENSE for details.

Quick Install

Quick Actions

View on GitHubView All Servers

Key Features

Model Context Protocol
Secure Communication
Real-time Updates
Open Source

Boost your projects with Wisdom Gate LLM API

Supporting GPT-5, Claude-4, DeepSeek v3, Gemini and more.

Enjoy a free trial and save 20%+ compared to official pricing.

Learn More
JUHE API Marketplace

Accelerate development, innovate faster, and transform your business with our comprehensive API ecosystem.

JUHE API VS

  • vs. RapidAPI
  • vs. API Layer
  • API Platforms 2025
  • API Marketplaces 2025
  • Best Alternatives to RapidAPI

For Developers

  • Console
  • Collections
  • Documentation
  • MCP Servers
  • Free APIs
  • Temp Mail Demo

Product

  • Browse APIs
  • Suggest an API
  • Wisdom Gate LLM
  • Global SMS Messaging
  • Temp Mail API

Company

  • What's New
  • Welcome
  • About Us
  • Contact Support
  • Terms of Service
  • Privacy Policy
Featured on Startup FameFeatured on Twelve ToolsFazier badgeJuheAPI Marketplace - Connect smarter, beyond APIs | Product Huntai tools code.marketDang.aiFeatured on ShowMeBestAI
Copyright © 2026 JUHEDATA HK LIMITED - All rights reserved